Indian embassies affected by cyber espionage
Report says computers at the Consulate General of India in Dubai have been compromised
Sensitive information about India's relations with the Middle East has been stolen and computers at the Consulate General of India in Dubai compromised in a cyber espionage attack blamed on people in China, according to a report by researchers from the Munk Centre for International Studies at the University of Toronto.
The Shadows in the Cloud report details a cyber espionage attack that involves Indian national security information being stolen along with 1,500 e-mails from the Dalai Lama's office and other sensitive documents that were marked ‘secret' and ‘confidential'.
Researchers, who have been monitoring the hacking for the last eight months, said the attack was traced back to servers in China and specifically to people based in the city of Chengdu, but that there was no evidence the Chinese government was involved.
Aside from the Joint Intelligence Committee in India and corporations such as Tata being affected, diplomatic missions including the Consulate General of India in Dubai have fallen prey to the widespread attack.
"We assess that computers at the Embassy of India, Kabul, the Embassy of India, Moscow, the Consulate General of India, Dubai, and the High Commission of India in Abuja, Nigeria were compromised based on the documents exfiltrated by the attackers," reads the Shadows in the Cloud report.
Their research found that confidential documents, diplomatic correspondence , documents containing personal, financial and travel information on embassy and diplomatic staff, as well as "numerous" visa applications were stolen in the attack.
"In addition, they [documents] contain confidential information taken from Indian embassies regarding India's international relations with assessment of activities in West Africa, Russia/Commonwealth of Independent States and the Middle East...," the report adds.
According to Rob Deibert, director of the Citizen Lab at the University of Toronto, the Indian government was notified of the breach of security in February and is said to be looking into the matter.
The attack was carried out using free web services including Twitter, Yahoo! Mail, Google Groups, Blogspot, Baidu blogs and Blog.com to access infected computers and direct them to communicate with command and control servers in China. Malware samples used by the hackers were primarily PDF documents that exploited vulnerabilities in Adobe Acrobat and Adobe Reader, but also included files with .DOC, .PPT and .EXE extensions.
Shadows in the Cloud is a continuation of the Tracking GhostNet report published last year by the same group of researchers that uncovered a cyber espionage network targeting the Tibetan exile community.