China-based hackers who stole data on India's missile systems, private correspondence of the Dalai Lama and Canadian visa applications appear not to be linked to the Chinese government, Canadian researchers say.
"I don’t doubt that some of the sensitive information that was acquired might eventually find its way to elements within the Chinese government that may find it useful," said Nart Villeneuve, one of the University of Toronto researchers who took part in the investigation that uncovered the hackers.
"But I don't think that there's any direct connection between the attackers and the government, at least at this time."
Villeneuve said it's "very unclear what the relationship is between any of these particular hacking groups and any specific element of the Chinese government."
He said that so far, no hard evidence has been uncovered that links the attacks to the Chinese government. He also pointed out that the hacking community is not monolithic.
"There are a lot of different groups with membership that focus on different types of activities," Villeneuve said.
He added: "In fact, we have had very healthy co-operation with the Chinese CERT (Computer Emergency Response Team), who are actively working to understand what we've uncovered. It’s been a very encouraging development for us."
The discovery was made by security researchers at the University of Toronto's Citizen Lab who worked for eight months with the Ottawa-based think-tank SecDev Group and U.S. researchers from the Shadowserver Foundation.
The team describes its findings in a report called Shadows in the Cloud: An investigation into Cyber Espionage 2.0, which was released Tuesday.
Ron Deibert, the Citizen Lab director, said researchers tracked the use of computer servers and discovered that someone had been stealing secret documents from the Indian government, the offices of the Dalai Lama, the United Nations and several other countries.
"Most of them are highly sensitive documents that have come from the Indian national security establishment," Deibert said, noting that some of the documents are marked "top secret" or "restricted."
"Some contain information that is definitely sensitive about troop movements and military procurement," he said.
Deibert said the researchers tracked servers used by the spies back to the city of Chengdu, China.
Villeneuve said there has been a growing trend that blurs the boundaries between cyber crime and cyber espionage as criminal networks are increasingly stealing sensitive information in addition to the typical things like credit card numbers and bank account numbers.
"In this particular case, the attackers disproportionately took sensitive information, but they also took financial information and personal information. They were somewhat indiscriminate in terms of the information that they stole from the compromised computers," he said.
A handful of Canadians were also victims.
When the cyber-spies hacked the Indian Embassy in Kabul's computers, they also stole confidential visa information on Canadians applying to travel from Kabul, Afghanistan, to New Delhi. Deibert said the network stole more than 700 documents.
Last March, researchers at the Citizen Lab released a report on a spy network they dubbed GhostNet. Researchers said it had infiltrated at least 1,295 computers, including 103 belonging to embassies, foreign ministries and other government offices around the world.
The GhostNet investigation began after members of the Tibetan exile community asked the authors to look into allegations that the Chinese were hacking into their computer systems.
The researchers eventually found a wider network of infected computers. In a report, researchers said three out of the four servers in the network were based in China while a fourth was in the United States.
China's government dismissed the GhostNet report, saying it was full of "lies" designed to hurt the country's image abroad.