Another enormous online spy network, dubbed Shadow Network, has been revealed by those wonky Canadian online cowboys of the Munk School of Global Affairs. Shadow Network’s targets included the Dalai Lama (who was targeted last year by another spy network, the Ghost Net), but they were interested primarily in India.
According to the report by the researchers, “Shadows in the Cloud”, the documents pilfered through the Shadow Network included sensitive and confidential embassy documents about India’s relationships with Russia and nations in West Africa and the Middle East, and “secret assessments of India’s security situation in the states of Assam, Manipur, Nagaland and Tripura, as well as concerning the Naxalites and Maoists,” two political opposition groups. The spies also stole documents from the United Nations Economic and Social Commission for Asia and the Pacific.
The intruders obtained reports on several Indian missile systems as well as documents related to the travel of NATO forces in Afghanistan. There is evidence that computers at Indian embassies in Kabul, Moscow and Dubai, United Arab Emirates, and at the High Commission of India in Abuja, Nigeria, had been compromised, including ones that process visa applications.
Visa applications, eh? You might just want to check those folks again.
Unlike Ghost Net, which seemed to operate from the Chinese island of Hainan, Shadow Network appears to hail from Sichuan.
Team Red rides again!
This highlights a point I wish more people outside the infosec cloister (of which I'm a part) got:
"The intruders even stole documents related to the travel of NATO forces in Afghanistan, illustrating that even though the Indian government was the primary target of the attacks, one chink in computer security can leave many nations exposed.
“It’s not only that you’re only secure as the weakest link in your network,” said Rafal Rohozinski, a member of the Toronto team. “But in an interconnected world, you’re only as secure as the weakest link in the global chain of information.” "
It doesn't matter how secure you make your system, if you share data with someone that hasn't secured theirs.
Comments on this entry are closed.