BANGALORE: Putting up a brave face against the alleged espionage by Chinese hackers against Indian defence and shipping companies, a report filed by Trend Micro, a global computer security group has nailed Gu Kaiyuan, a graduate from the Sichuan University in Chengdu, China.
Not only has this report sent ripples of fear across the country’s defence wings, but also pointed out the obvious vulnerability of the untrained defence personnel, who might be accessing sensitive information through emails and the internet. After the report was released by Trend Micro on Friday, investigations revealed that the project LuckyCat was the brainchild of this graduate Gu Kaiyuan, who received government financing for research in computer network defence. Now, the graduate is also said to be an employee at Tencent, China’s leading Internet portal company. Researchers have further pointed at a possible state-sponsored campaign.
“This was a systematic attack on around 233 personal computers and the victims spanned across Asia. The victims in India included officials from the Indian military research organisations, shipping companies, aerospace and energy companies. The LuckyCat campaign has been active since at least June 2011. The campaign has been linked to 90 attacks against these industries. The threat actors behind the campaign used a unique campaign code to track victims of specific attacks,” revealed Baburaj Varma, Head, Technical Services (India & SAARC), Trend Micro.
The report further shows that they traced the attacks to an email address used to register one of the command-and-control servers that directed the attacks. “The address was mapped to a number which is equivalent of China’s online instant messaging screen name that led us to an online alias ‘scuhkr’ or Sichuan University Hacker. Investigations conducted in the USA traced the online alias ‘scuhkr’ to Gu Kaiyuan, who wrote articles on hacking under the same name while in Sichuan University from 2003 to 2006. “The hacker had sent out emails to the victims with a subject line that read ‘Indian Ballistic Military Defence Program’ (in detail inside information). Once the mail is opened, a malware is directly installed to the person’s computer and their communication, emails and other files can then be accessed by the hacker. From the start, this did not seem like a simple cyber crime, it is a spying activity. We have alerted the victims,” explained Varma.