The office of the Dalai Lama has been targeted before
A "complex cyber-espionage" network that penetrated various organisations including the Office of the Dalai Lama, has been uncovered by researchers.
The shadow network targeted government, business, and academic computers at the United Nations and the Embassy of Pakistan in the US, among others.
It was used to steal at least 1,500 emails from the Office of the Dalai Lama, the researchers said.
The attacks were thought to originate in the city of Chengdu in China.
Specifically, the researchers, from the Information Warfare Monitor and the Shadowserver Foundation, said they had evidence of "links between the Shadow network and two individuals living in Chengdu".
Information Warfare Monitor comprises researchers from Ottawa-based think tank SecDev Group and the University of Toronto's Munk Centre for International Studies.
The individuals were identified by e-mail addresses and are thought to be part of China's "underground hacking community".
The network was outlined in a report called Shadows in the Cloud.
"The social media clouds of cyberspace we rely upon today have a dark, hidden core," said Professor Ron Diebert, director of the Citizen Lab at the University of Toronto's Munk Centre, launching the report.
"There is a vast, subterranean ecosystem to cyberspace within which criminal and espionage networks thrive."
He said the network had reached into the "upper echelons of the Indian security establishment" and should act as a "wake up call" to governments to co-operate on cybersecurity.
The team said its eight-month investigation showed no "hard evidence" of the involvement of the government of the People's Republic of China,
"An important question to be entertained is whether the PRC will take action to shut the Shadow network down," the report said.
China's Foreign Ministry spokeswoman Jiang Yu told a press conference that the country was "firmly opposed" to hacking
"We have from time to time heard this kind of news. I don't know the purpose of stirring up these issues," she said.
She added the researchers have not formally contacted China, although the researchers said they had contacted the country's Computer Emergency Response Team (Cert).
"We would expect that kind of statement," said Professor Diebert.
"Have a look at that report and make up your mind whether you think it is groundless."
The researchers said that the network - known as a botnet - exploited social networking and cloud computing platforms, "including Google, Baidu, Yahoo, and Twitter" to infect computers with malicious software, or malware.
This allowed hackers to take control of the PCs of several foreign ministries and embassies across the world.
A more complex network of "command and control" computers was used to control the infect computers.
In 2009, the team previously exposed GhostNet, a massive network that was found to have infiltrated 1,295 computers in 103 countries. That investigation had started at the request of the Dalai Lama, Tibet's spiritual leader.
The new investigation showed that his office had been targeted again, with more than 1,500 letters sent from the Dalai Lama's office between January and November 2009 recovered by the team.
The researchers said that they had also recovered a number of documents that were in the possession of the Indian government, including two documents marked "secret", six as "restricted", and five as "confidential".
Recovered documents included Canadian visa applications.
The team said they had no direct evidence that they had been stolen form Indian Government computers. Instead, they said, the documents may have been stolen after being copied onto personal computers.
In addition, the researchers found evidence that the hackers had targeted the United Nations Economic and Social Commission for Asia and the Pacifc (UNESCAP).
However the team said the hackers had been largely "indiscriminate in what they took".
"The attackers disproportionately took sensitive information but also took financial and personal information," the team said at launch.
The team said the investigation is ongoing.