Crapaganda.com

Canadian researchers have uncovered a vast “Shadow Network” of online espionage based in China that used seemingly harmless means such as e-mail and Twitter to extract highly sensitive data from computers around the world.

Stolen documents recovered in a year-long investigation show the hackers have breached the servers of dozens of countries and organizations, taking everything from top-secret files on missile systems in India to confidential visa applications, including those of Canadians travelling abroad.

The findings, which are part of a report that will be made public today in Toronto, will expose one of the biggest online spy rings ever cracked. Written by researchers at the University of Toronto’s Munk Centre for International Studies, the Ottawa-based security firm SecDev Group and a U.S. cyber sleuthing organization known as the Shadowserver Foundation, the report is expected to be controversial.

The researchers have found a global network of “botnets,” computers controlled remotely and made to report to servers in China. Along with those servers, the investigators located where the hackers stashed their stolen files, allowing a glimpse into what the spy ring is looking for.

“Essentially we went behind the backs of the attackers and picked their pockets,” said Ron Deibert, director of the Citizen Lab at the Munk School of Global Affairs, which investigated the spy ring.

The report, titled Shadows in the Cloud, comes one year after the same team discovered a spy ring with links to China that it dubbed GhostNet. Using information gleaned from that investigation, investigators followed a trail of websites that led to a much larger operation, also with links to China.

“Is the buyer paying the thief to go after this stuff, or is the thief doing it themselves because they know they can find a buyer? ”— Rafal Rohozinski, co-author of the report

The report is careful not to conclude the Chinese government is behind the operation, since it is difficult to tell who is orchestrating the attacks. Last year, the Chinese government denied any involvement in GhostNet after the researchers uncovered nearly 1,300 infected computers in 103 countries linked to servers in China.

But computers belonging to exiled Tibetan leader, the Dalai Lama, who is denounced by China, have been the most compromised.

Almost every e-mail sent to or from the Dalai Lama’s offices in 2009 has shown up in the files, the report says. Nearby India has also taken the brunt of the cyber attacks, with numerous secret government documents recovered by the Canadian researchers. They include 78 documents related to the financing of military projects in India, details of live fire exercises and missile projects, and two documents marked “secret” belonging to the national security council.

Sensitive data from 16 countries, such as visa applications by Canadian citizens, were also recovered. It is believed the hackers accessed those files through computers at India’s embassies in Kabul, Dubai, Nigeria and Moscow, which were corrupted.

Rafal Rohozinski, a principal of the SecDev Group and a principal investigator and co-author of the report, said such a collection of sensitive information represents a new era in online spying. A decade ago, hackers generally looked for quick paydays – for example, by blocking access to a gambling site and demanding a ransom. But the Shadow Network operation exposes much bigger game: information that, if it isn’t being collected by governments, could be sold to the state.

“It’s like the world of art theft, where you steal things that have a very high value, so long as you can find a buyer,” Mr. Rohozinski said.

“So the question of course is, who’s the buyer? Is the buyer paying the thief to go after this stuff, or is the thief doing it themselves because they know they can find a buyer? That’s one of those things that we don’t really have a good answer for.”

A small number of computers at the University of Western Ontario were also found to be connected to the network, and potentially used to surrender files, although it is not clear how they were affected. Similarly, computers at New York University and Kaunas University of Technology in Lithuania were also linked to the infected network.

The Shadow Network structure was ingenious for its simplicity. Command servers, which are used to issue instructions to computers – such as “send me all of your documents” – connected to victims through a variety of seemingly innocent networks such as Google groups, Yahoo e-mail and Twitter accounts. Those intermediaries were used to relay links or files to a recipient in a target organization. Once the user clicks on the link or opens an attachment in an infected e-mail, the computer relays a beacon to the command server, which instructs it to start sending files to a dump zone.

The revelations are a warning to governments, Mr. Deibert said, since countries are only as strong as their weakest link in a global data network. So while files may be safe in paper form in a locked cabinet, as soon as nations begin exchanging data electronically, cracks can be exploited, as they appear to have been with India.

“Unfortunately, Canada has no cyber security strategy, although one’s been promised for many years,” Mr. Deibert said. “We have no foreign policy for cyberspace either, which is mind boggling, considering how important this domain is for us.”

Source: The Globe and Mail

It came as a surprise this month to Wang Jianwei, a graduate engineering student in Liaoning, China, that he had been described as a potential cyberwarrior before the United States Congress.

Larry M. Wortzel, a military strategist and China specialist, told the House Foreign Affairs Committee on March 10 that it should be concerned because “Chinese researchers at the Institute of Systems Engineering of Dalian University of Technology published a paper on how to attack a small U.S. power grid sub-network in a way that would cause a cascading failure of the entire U.S.”

When reached by telephone, Mr. Wang said he and his professor had indeed published “Cascade-Based Attack Vulnerability on the U.S. Power Grid” in an international journal called Safety Science last spring. But Mr. Wang said he had simply been trying to find ways to enhance the stability of power grids by exploring potential vulnerabilities.

“We usually say ‘attack’ so you can see what would happen,” he said. “My emphasis is on how you can protect this. My goal is to find a solution to make the network safer and better protected.” And independent American scientists who read his paper said it was true: Mr. Wang’s work was a conventional technical exercise that in no way could be used to take down a power grid.

The difference between Mr. Wang’s explanation and Mr. Wortzel’s conclusion is of more than academic interest. It shows that in an atmosphere already charged with hostility between the United States and China over cybersecurity issues, including large-scale attacks on computer networks, even a misunderstanding has the potential to escalate tension and set off an overreaction.

“Already people are interpreting this as demonstrating some kind of interest that China would have in disrupting the U.S. power grid,” said Nart Villeneuve, a researcher with the SecDev Group, an Ottawa-based cybersecurity research and consulting group. “Once you start interpreting every move that a country makes as hostile, it builds paranoia into the system.”

Mr. Wortzel’s presentation at the House hearing got a particularly strong reaction from Representative Ed Royce, Republican of California, who called the flagging of the Wang paper “one thing I think jumps out to all of these Californians here today, or should.”

He was alluding to concerns that arose in 2001 when The Los Angeles Times reported that intrusions into the network that controlled the electrical grid were traced to someone in Guangdong Province, China. Later reports of other attacks often included allegations that the break-ins were orchestrated by the Chinese, although no proof has been produced.

In an interview last week about the Wang paper and his testimony, Mr. Wortzel said that the intention of these particular researchers almost did not matter.

“My point is that now that vulnerability is out there all over China for anybody to take advantage of,” he said.

But specialists in the field of network science, which explores the stability of networks like power grids and the Internet, said that was not the case.

“Neither the authors of this article, nor any other prior article, has had information on the identity of the power grid components represented as nodes of the network,” Reka Albert, a University of Pennsylvania physicist who has conducted similar studies, said in an e-mail interview. “Thus no practical scenarios of an attack on the real power grid can be derived from such work.”

Read the rest of the story at: Academic Paper in China Sets Off Alarms in U.S. (NY Times)

The United States would lose a cyberwar if it fought one today, a former US intelligence chief has warned.

Michael McConnell, a retired US Navy vice admiral who served as ex-president George W. Bush’s director of national intelligence, also compared the danger of cyberwar to the nuclear threat posed by the Soviet Union during the Cold War.

“If we went to war today in a cyberwar, we would lose,” McConnell told a hearing Tuesday on cybersecurity held by the Senate Committee on Commerce, Science and Transportation.

“We’re the most vulnerable, we’re the most connected, we have the most to lose.

“We will not mitigate this risk,” added McConnell, now an executive vice president for consulting firm Booz Allen Hamilton’s national security business. “And as a consequence of not mitigating this risk, we are going to have a catastrophic event.”

Tuesday’s hearing came a little over a month after Internet giant Google revealed that it and other US companies had been the target of a series of sophisticated cyberattacks originating in China.

“National security and our economic security are at stake,” said Democratic Senator Jay Rockefeller, the panel’s chairman and a co-sponsor of a bill seeking to bolster public and private sector cybersecurity cooperation.

“A major cyberattack could shut down our nation’s most critical infrastructure — our power grid, telecommunications, financial services.”

James Lewis, a cybersecurity expert at the Center for Strategic and International Studies, said that government intervention would probably be needed to crack down on the “Wild West” the Internet has become.

Read more »

On a Monday morning earlier this month, top Pentagon leaders gathered to simulate how they would respond to a sophisticated cyberattack aimed at paralyzing the nation’s power grids, its communications systems or its financial networks.

The results were dispiriting. The enemy had all the advantages: stealth, anonymity and unpredictability. No one could pinpoint the country from which the attack came, so there was no effective way to deter further damage by threatening retaliation. What’s more, the military commanders noted that they even lacked the legal authority to respond — especially because it was never clear if the attack was an act of vandalism, an attempt at commercial theft or a state-sponsored effort to cripple the United States, perhaps as a prelude to a conventional war.

What some participants in the simulation knew — and others did not — was that a version of their nightmare had just played out in real life, not at the Pentagon where they were meeting, but in the far less formal war rooms at Google Inc. Computers at Google and more than 30 other companies had been penetrated, and Google’s software engineers quickly tracked the source of the attack to seven servers in Taiwan, with footprints back to the Chinese mainland.

More at:  In Digital Combat, U.S. Finds No Easy Deterrent (NY Times)

Clinton Condemns Cyber Attacks (Reuters)