Cyber-spies used social sites to trick Dalai Lama’s office: US expertMarch 30th, 2009 - 8:13 pm ICT by IANS
By Arun Kumar
Washington, March 30 (IANS) A Chinese cyber-espionage network used sophisticated social and computer engineering techniques to trick the Dalai Lama’s office into downloading malicious software, according to a cyber security expert.
Researchers, based at the Munk Center for International Studies at the University of Toronto in Canada, Sunday reported that the spy ring had infiltrated computers and stolen documents from hundreds of government and private offices around the world, including those of the Indian embassy in Washington.
The software was attached to e-mails that purported to come from colleagues or contacts in the Tibetan movement, according to researcher Ross Anderson, professor of security engineering at the University of Cambridge Computer Laboratory, cited by the Washington Times Monday.
The software stole passwords and other information, which in turn gave the hackers access to the office’s e-mail system and documents stored on computers there.
“The intelligent and highly coordinated use of social engineering and [malicious software] techniques is extraordinarily effective,” Anderson told the Times, warning that the techniques involved could easily be used by cybercriminals to victimise major companies.
“It is only a matter of time before we see [these techniques] used by cybercriminals,” he said. “The existing accounting systems of Fortune 500 companies are designed to withstand one crooked person… or one compromised computer at a time,” he added, noting that the techniques employed against the Dalai Lama’s office enable hackers to compromise entire departments’ computer networks.
After analysing the software, Anderson and his colleagues turned their data over to researchers at the Munk Center, which published its findings Sunday.
“There is no doubt that this is a Chinese state actor at work,” Anderson said. “There is a lot of concurrence between what we found on the ground and what is known about Chinese information-warfare capabilities and doctrine… The targets are a very good fit with Chinese strategic intelligence priorities.”
The Toronto researchers declined to be so definite about who was behind the attacks.
Former senior US cybersecurity official Greg Garcia was similarly cautious, telling the Times that “attribution is a hall of mirrors”.
“There are a whole range of complex technical and other questions that have to be resolved… before you start pointing fingers,” said Garcia, who was assistant secretary for cybersecurity and communications at the Department of Homeland Security from October 2006 to last December.
He said it was the prevalence of such threats “from all over the world” that led the Bush administration to launch the Comprehensive National Cyber Initiative last year. “Congress and the Obama administration need to use that momentum and accelerate funding and implementation,” he said. “This is a race being run on internet time.”
- To bust Chinese hackers, NATO sees an ally in India - Sep 09, 2011
- China denies hacking Indian Defence Ministry computers - Apr 07, 2010
- Chinese cyber espionage on India exposed - Apr 07, 2010
- Cyber espionage: Chinese hackers steal India's secret files (Lead) - Apr 07, 2010
- Unprecedented cyber attack on Canada linked to China - Feb 17, 2011
- Chinese city of Shaoxing named world's top hacker hub - Mar 28, 2010
- Canadian researchers reveal how they cracked Chinese spy scam on Dalai Lama - Mar 30, 2009
- 'Foreign hackers operate via Chinese internet links' - Aug 06, 2010
- Overseas hackers using Chinese IPs to launch cyber attacks: Experts - Aug 06, 2010
- Why can't India have its own 'patriotic hackers'? (Comment) - Apr 11, 2010
- Over 100 countries hit by electronic spying operation (Lead) - Mar 29, 2009
- Beware of attack tool kits from malicious websites: Symantec - Jan 25, 2011
- Canadian, US researchers reveal India-focused spy ring based in China - Apr 06, 2010
- Chinese used 'flaws' in Microsoft explorer to hack Google - Jan 16, 2010
- Dalai Lama's office admits computers have been hacked - Mar 30, 2009
Tags: accounting systems, anderson professor, arun kumar, cambridge computer laboratory, chinese state, cybercriminals, dalai lama, e mail system, espionage network, fortune 500 companies, indian embassy in washington, ross anderson, security engineering, software techniques, spy ring, state actor, tibetan movement, university of cambridge, university of toronto, washington times