Select your localized edition:

Close ×

More Ways to Connect

Discover one of our 28 local entrepreneurial communities »

Be the first to know as we launch in new countries and markets around the globe.

Interested in bringing MIT Technology Review to your local market?

MIT Technology ReviewMIT Technology Review - logo


Unsupported browser: Your browser does not meet modern web standards. See how it scores »

{ action.text }

Classified documents were stolen from high levels of the Indian government by hackers over the course of several months, according to a report released on Monday night by researchers from the University of Toronto.

The researchers, from the Citizen Lab at the Munk Centre for International Studies, traced the botnet (a network of compromised computers) used in the attacks to hackers based in China, but say there isn’t any evidence linking the activity to the Chinese government. Their report reveals how the hackers made sophisticated use of social media sites to control their botnet, making it much harder to trace and shut down.

The compromised documents included confidential assessments of India’s international relations with West Africa and the Middle East, visa applications, and personal information concerning a member of the Directorate General of Military Intelligence. The attackers also broke into systems belonging to academics, journalists, and the offices of the Dalai Lama–they were able to obtain a year’s worth of the Dalai Lama’s e-mail, and academic reports on several Indian missile systems.

Many of the techniques used by the attackers have been employed by other spy networks, including GhostNet, which was revealed by the same researchers last year, and the recent attacks on Google. As before, the attackers stole data by sending malware targeted to specific individuals within an organization. The malware then connected compromised computers to a botnet commanded by the attackers that issued instructions and funneled the stolen data to servers where attackers could access it. “Antivirus systems are not terribly effective against these targeted attacks,” says Greg Walton, a SecDev Fellow at the Citizen Lab who researched the attacks.

However, this time attackers also used cloud-based websites to make it harder to shut down their botnet’s command-and-control infrastructure. Ron Deibert, director of the Citizen Lab, said in a press conference that the way that attackers use social media sites to shield their malicious activity reveals the “dark, hidden core” of cloud services.

After a computer was infected with malware, it would check in with the botnet for orders. Usually that would mean contacting a server controlled by the attackers. But in this case, infected computers were programmed to access social sites including Twitter, Baidu blogs, and Google Groups, where they were directed to the URL of a control server. Using the social sites allowed attackers to move their operations whenever part of their infrastructure was shut down, explained Nart Villeneuve, who is a senior SecDev research fellow at Citizen Lab, at the press conference. It also kept network administrators from becoming suspicious.

8 comments. Share your thoughts »

Tagged: Computing, Web, China, social networks, malware, cyber attacks, India, botnets, espionage

Reprints and Permissions | Send feedback to the editor

From the Archives


Introducing MIT Technology Review Insider.

Already a Magazine subscriber?

You're automatically an Insider. It's easy to activate or upgrade your account.

Activate Your Account

Become an Insider

It's the new way to subscribe. Get even more of the tech news, research, and discoveries you crave.

Sign Up

Learn More

Find out why MIT Technology Review Insider is for you and explore your options.

Show Me