China-based hackers stole Indian national security information, 1,500 e-mails from the Dalai Lama's office and other sensitive documents, a new report said Tuesday.
BEIJING – Researchers at the University of Toronto said they were able to observe the hacking and trace it to core servers located in China and to people based in the southwestern city of Chengdu. The researchers said they monitored the hacking for the past eight months.
The report said it has no evidence of involvement by the Chinese government, but it again put Beijing on the defensive. Separate reports earlier this year said security investigators had traced attacks on Google and other companies to China-based computers.
"We have from time to time heard this kind of news. I don't know the purpose of stirring up these issues," Foreign Ministry spokeswoman Jiang Yu told a regular press conference in response to questions about the report.
"We are firmly opposed to various kinds of hacking activities through the Internet," Jiang said. She said China will fight cybercrime according to law.
She added the researchers have not formally contacted China.
The report describes a hacking operation called the "Shadow network" that researchers were able to observe as it broke into computers and took information, including computers at Indian diplomatic offices in Kabul, Moscow and elsewhere.
The report said the researchers were able to recover Indian national security documents marked "secret" and "confidential," including ones referring to security in India's far northeast, which borders China. Others related to India's relationships in the Middle East, Africa and Russia.
Researchers also recovered 1,500 e-mails sent from the Dalai Lama's office between January and November 2009, the report said.
A map in the report showed computers were compromised on every continent except Australia and Antarctica. One was a United Nations computer, at the U.N.'s Economic and Social Commission for Asia and the Pacific.
"In addition we found personal banking information, scans of identification documents, job (and other) applications, legal documents and information about ongoing court cases," the report said.
The identity and motivation of the hackers remain unknown, the report said.
"We have no evidence in this report of the involvement of the People's Republic of China," it added. "But an important question to be entertained is whether the PRC will take action to shut the Shadow network down."
There was no immediate comment Tuesday from the government in India, China's massive neighbor to the south with which it has a growing military rivalry and lingering territorial disputes.
Rob Deibert, director of the Citizen Lab at the University of Toronto, said the Indian government was notified in February.
"Their reaction was that they were very grateful. They were going to look into it further and they asked for continued dialogue and cooperation between us," Deibert said in a telephone interview.
"A small portion of it contained very very sensitive information, some of it market secret, some of it marked confidential, some of marked restricted," he said. "It was a major compromise across all aspects of the Indian national security state."
Foreign Minister S.M. Krishna is visiting China this week to take part in celebrations to mark the 60th anniversary of diplomatic relations between the countries.
The office of the Dalai Lama was aware of new hacking report.
"These things are not new," said Tenzin Takhlha, a spokesman for the office of the Dalai Lama, the Tibetan spiritual leader accused by China of supporting independence for Tibet. He said the office is working closely with the researchers to secure its computer systems.
A Canadian research group involved in Tuesday's report, the Information Warfare Monitor, released a similar report a year ago that said a cyberspy network, based mainly in China, hacked into classified documents from government and private organizations in 103 countries, including the computers of the Dalai Lama and Tibetan exiles.