Research & Development World

  • R&D World Home
  • Topics
    • Aerospace
    • Automotive
    • Biotech
    • Careers
    • Chemistry
    • Environment
    • Energy
    • Life Science
    • Material Science
    • R&D Management
    • Physics
  • Technology
    • 3D Printing
    • A.I./Robotics
    • Software
    • Battery Technology
    • Controlled Environments
      • Cleanrooms
      • Graphene
      • Lasers
      • Regulations/Standards
      • Sensors
    • Imaging
    • Nanotechnology
    • Scientific Computing
      • Big Data
      • HPC/Supercomputing
      • Informatics
      • Security
    • Semiconductors
  • R&D Market Pulse
  • R&D 100
    • Call for Nominations: The 2025 R&D 100 Awards
    • R&D 100 Awards Event
    • R&D 100 Submissions
    • Winner Archive
    • Explore the 2024 R&D 100 award winners and finalists
  • Resources
    • Research Reports
    • Digital Issues
    • R&D Index
    • Subscribe
    • Video
    • Webinars
  • Global Funding Forecast
  • Top Labs
  • Advertise
  • SUBSCRIBE

Groundbreaking Cyber Espionage Report Released

By R&D Editors | April 6, 2010

Groundbreaking Cyber Espionage Report Released 

A cyber espionage report titled Shadows in the Cloud: An investigation into cyber espionage 2.0 documents a complex ecosystem that systematically targeted and compromised computer systems in India, the Offices of the Dalai Lama, the United Nations, and several other countries. Jointly released by The Information Warfare Monitor (Citizen Lab, Munk School of Global Affairs, University of Toronto and the SecDev Group, Ottawa) and the Shadowserver Foundation, members of the research team held a news conference April 6, 2010, to discuss their latest findings.

The report analyzes the malware ecosystem employed by the Shadows’ attackers. The system leveraged multiple redundant cloud computing systems, social networking platforms and free Web hosting services in order to maintain persistent control while operating core servers located in the People’s Republic of China (PRC). Although the identity and motivation of the attackers remain unknown, the report provides evidence that the attackers operated or staged their operations from Chengdu, PRC.

The investigation recovered a large quantity of stolen documents — including sensitive and classified materials — belonging to government, business, academic and other computer network systems and other politically sensitive targets. These include documents from agencies of the Indian national security establishment and the Offices of the Dalai Lama. The stolen data included information voluntarily provided to Indian embassies and consulates by third-party nationals, including Canadian visa applications, as well as those belonging to citizens of other countries. Additionally, sensitive personal, financial, and business information belonging to Indian officials was systematically harvested and exfiltated by the attackers.

Main findings

• Complex cyber espionage network — Documented evidence of a cyber espionage network that compromised government, business and academic computer systems in India, the Office of the Dalai Lama, and the United Nations. Numerous other institutions, including the Embassy of Pakistan in the United States, also were compromised. Some of these institutions can be positively identified, while others cannot.

• Theft of classified and sensitive documents — Recovery and analysis of exfiltrated data, including one document that appears to be encrypted diplomatic correspondence, two documents marked “SECRET,” six as “RESTRICTED” and five as “CONFIDENTIAL.” These documents are identified as belonging to the Indian government. However, the researchers do not have direct evidence that they were stolen from Indian government computers, and they may have been compromised as a result of being copied by Indian officials onto personal computers. The recovered documents also include 1,500 letters sent from the Dalai Lama’s office between January and November 2009. The profile of documents recovered suggests that the attackers targeted specific systems and profiles of users.

• Evidence of Collateral Compromise — A portion of the recovered data included visa applications submitted to Indian diplomatic missions in Afghanistan. This data was voluntarily provided to the Indian missions by nationals of 13 countries as part of the regular visa application process. In a context like Afghanistan, this finding points to the complex nature of the information security challenge where risks to individuals (or operational security) can occur as a result of a data compromise on secure systems operated by trusted partners.

• Command-and-control infrastructure that leverages cloud-based social media services — Documentation of a complex and tiered command and control infrastructure, designed to maintain persistence. The infrastructure made use of freely available social media systems that include Twitter, Google Groups, Blogspot, Baidu Blogs, blog.com and Yahoo! Mail. This top layer directed compromised computers to accounts on free Web hosting services and, as the free hosting servers were disabled, to a stable core of command and control servers located in the PRC.

• Links to Chinese hacking community — Evidence of links between the Shadow network and two individuals living in Chengdu, PRC to the underground hacking community in the PRC.

This investigation is a result of a collaboration between the Information Warfare Monitor and the Shadowserver Foundation. The Information Warfare Monitor is a joint activity of the Citizen Lab, Munk School of Global Affairs, University of Toronto, and the SecDev Group, an operational consultancy based in Ottawa specializing in evidence-based research in countries and regions under threat of insecurity and violence. The Shadowserver Foundation was established in 2004 and is comprised of volunteer security professionals who investigate and monitor malware, botnets and malicious attacks. Both the Information Warfare Monitor and the Shadowserver Foundation aim to inform the field of cyber security through accurate, evidence-based assessments and investigations.

Principal Investigators

• Steven Adair is a security researcher with the Shadowserver Foundation. He frequently analyzes malware, tracks botnets and deals with cyber attacks of all kinds with a special emphasis on those linked to cyber espionage.

• Ron Deibert is Director of the Citizen Lab at the Munk School of Global Affairs, University of Toronto. He is a co-founder and principal investigator of the OpenNet Initiative and Information Warfare Monitor. He is Vice President, Policy and Outreach, Psiphon, and a principal with the SecDev Group.

• Rafal Rohozinski is CEO of the SecDev Group and Psiphon. He is a co-founder and principal investigator of the OpenNet Initiative and Information Warfare Monitor, and a senior research advisor at the Citizen Lab, Munk School of Global Affairs, University of Toronto.

• Nart Villeneuve is the Chief Security Officer at the SecDev Group, Director of Operations of Psiphon and a senior SecDev research fellow at the Citizen Lab at the Munk School of Global Affairs, University of Toronto where he focuses on electronic surveillance, targeted malware and politically motivated digital attacks.

• Greg Walton conducted and coordinated the primary field-based research for the Shadow investigation in His Holiness The Dalai Lama’s Office and the Tibetan Government-in-Exile in Dharamsala, India. Greg is a SecDev Group associate and editor of the Information Warfare Monitor Web site. He is the SecDev Fellow at the Citizen Lab at the Munk School of Global Affairs, University of Toronto.

Related Articles Read More >

R&D 100 winner of the day: Electromagnetic spectrum management system (ESMS)
Claude computer use
AI agents could begin transforming how we work in 2025
refinery
AI takes center stage in Honeywell-Chevron collaboration
Firefly blurred lines between a human and machine researcher 72875
Copyleaks CEO: OpenAI’s o1 emergence could blur the lines between human researcher and AI assistant
rd newsletter
EXPAND YOUR KNOWLEDGE AND STAY CONNECTED
Get the latest info on technologies, trends, and strategies in Research & Development.
RD 25 Power Index

R&D World Digital Issues

Fall 2024 issue

Browse the most current issue of R&D World and back issues in an easy to use high quality format. Clip, share and download with the leading R&D magazine today.

Research & Development World
  • Subscribe to R&D World Magazine
  • Enews Sign Up
  • Contact Us
  • About Us
  • Drug Discovery & Development
  • Pharmaceutical Processing
  • Global Funding Forecast

Copyright © 2025 WTWH Media LLC. All Rights Reserved. The material on this site may not be reproduced, distributed, transmitted, cached or otherwise used, except with the prior written permission of WTWH Media
Privacy Policy | Advertising | About Us

Search R&D World

  • R&D World Home
  • Topics
    • Aerospace
    • Automotive
    • Biotech
    • Careers
    • Chemistry
    • Environment
    • Energy
    • Life Science
    • Material Science
    • R&D Management
    • Physics
  • Technology
    • 3D Printing
    • A.I./Robotics
    • Software
    • Battery Technology
    • Controlled Environments
      • Cleanrooms
      • Graphene
      • Lasers
      • Regulations/Standards
      • Sensors
    • Imaging
    • Nanotechnology
    • Scientific Computing
      • Big Data
      • HPC/Supercomputing
      • Informatics
      • Security
    • Semiconductors
  • R&D Market Pulse
  • R&D 100
    • Call for Nominations: The 2025 R&D 100 Awards
    • R&D 100 Awards Event
    • R&D 100 Submissions
    • Winner Archive
    • Explore the 2024 R&D 100 award winners and finalists
  • Resources
    • Research Reports
    • Digital Issues
    • R&D Index
    • Subscribe
    • Video
    • Webinars
  • Global Funding Forecast
  • Top Labs
  • Advertise
  • SUBSCRIBE