A group of researchers has linked a huge, China-based cyber espionage ring to the theft of thousands of documents — including classified information, visa applications, and personal identities — from "politically sensitive targets" around the world.

The command-and-control infrastructure of this so-called Shadow Network used platforms such as Twitter, Google Groups, Blogspot, Baidu Blogs, blog.com and Yahoo Mail to maintain persistent control of infected computers. They also used Tor, a system designed to grant online anonymity to political protesters, crime victims, journalists and others. The network then attacked targets ranging from the offices of the Dalai Lama to the United Nations as well as Indian and Pakistani government officials. Not all of the attacked organizations can be positively identified, but researchers are confident that India was the primary target.

This graphic shows the relationship of social sites (red), web domains (blue) and servers (green) in the hackers' network:

Of the documents the researchers were able to recover, one was "encrypted diplomatic correspondence," two were marked “SECRET," six were “RESTRICTED” and five were designated “CONFIDENTIAL." They also discovered the hackers had accessed a year's worth of the Dalai Lama's personal email.

According to the researchers' report, "The profile of documents recovered suggests that the attackers targeted specific systems and profiles of users." As one member of the team told the New York Times, “I’ve not seen anything remotely close to the depth and the sensitivity of the documents that we’ve recovered.”

The Shadow Network is not linked to earlier attacks uncovered this year by Google and also based in China, nor is it related to GhostNet, a network who targeted the community of Tibetan exiles and identified by the same researchers.

However, this new network is linked to two individuals and a core of stable servers in Chengdu, People's Republic of China. Chinese officials have repeatedly denied any government connection to these cyber espionage activities.

Image courtesy of iStockphoto, bunhill