Make our e-borders safe

[DeathInvader]

Hypothetical scenarios of the state of the nation in the event of a cyber attack, but no less real for that. Just days ago, the Indian
authorities were shaken by news that hackers in China had managed to infiltrate computers and classified government documents, as well as private computers in 103 countries. The Indian embassy's computers in Washington had been hacked as well as the Dalai Lama's computers.

It's not yet known whether any sensitive data was lost, but it did bring an ugly truth to light. Namely, there are gaping holes in our cyber security. This wasn't the first time that hackers had cracked our official network. Early this year, several computers, including those on the Pakistan desk of Delhi's ministry of external affairs were infected by spyware. That's a bug that gets into the computer and takes control of the user's actions. This was the second such intrusion in less than six months.

The exact number of intrusions is not known, but officials agree they are increasingly frequent. Data from the Computer Emergency Response Team (CERT), India's apex body to deal with unauthorized intrusions, says about 300 computers are compromised every day. CERT also says that at any given point of time, about 6,000 Indian computers are infected.

What are the implications? If a computer were infected with bots, the worst-case scenario would see the terminal used as a launch pad for further cyber attacks. Bots are software applications
that run automated tasks over the internet; they can turn infected machines into 'zombies', which can be commandeered by a hacker thousands of miles away. These computers can bring a system down by sending thousands of emails to a target simultaneously. Gulshan Rai, director general of CERT, says there is a danger of bots being used in cyber terrorist attacks on India.

CERT does what it can to spread the word. It has a dedicated team of 100 people, on a 24x7 watch-and-warning schedule to detect cyber attacks. It sends out roughly 70 letters a day to various agencies about cyber intrusions. But not every intrusion gets detected. Experts say the problem lies in the modest scale of our operations. "India urgently needs to crank up the scale of its watch and warning programme. For a country as large as ours, we need massive numbers of skills and talents to safeguard our e-borders," says security analyst Commodore (retd) C Uday Bhaskar. He says that for the time being, our sensitive networks are fairly well guarded. "India had the awareness to put systems in place almost a decade ago but a lot still needs to be done at the state level. We need experts in intelligence agencies, which can examine the various vulnerabilities in the system," says Bhaskar.

Experts agree that we are basically wrong to have a reactive rather than proactive policy. "We take action after the intrusion has happened even though we have the manpower and the skill to create more secure systems," says Bhaskar. CERT's Rai adds that e-security is most threatened for known vulnerabilities; "problems arise when people don't follow basic safety norms. Computers in government departments are rarely upgraded, making them more vulnerable to attacks".

E-security is clearly the next battlefront for terrorists.

 

[DeathInvader]

he rising threat of terrorism has led to unprecedented levels of security at Indian airports, railway stations, hotels, ports etc. But the government does not seem to see the bigger threat, which will not come from AK-47s, bombs and rifles. The next big attack will be come from terrorists in the cyber world.

We live in a technologically interconnected world. Most of us cannot imagine even a single day without our cell phones, internet and ATMs. There is hardly any distinction between where our bodies end and technology begins. Would it be surprising then, if terrorists choose to attack India via the internet?

Let me share some facts about how real and damaging that threat can be If a terrorist group were to attack our stock market and financial infrastructure, it would cause widespread panic and losses to millions of people and organizations. Imagine yourself running helplessly from one ATM to another, trying to withdraw money from your account, only to find that the attack has forced banks to suspend online transactions.

Likewise, our telecom infrastructure. If it were flooded with malicious data, business and personal life would grind to a standstill. Terrorists could also target India's top businesses, hacking into their systems, stealing valuable intellectual property, sensitive information and company secrets. Even military networks can be targeted.

These scenarios are not from a Bollywood flick, but tangible threats that loom large. In May 2007, Estonia — a small but technologically sophisticated Baltic country — fell victim to a cyber attack. The unidentified terrorists bombarded the country's network with data traffic, clogging it and rendering major services unusable. People were not able to access financial utilities, communications and data services for several hours and some, for days together. What stops cyber terrorists from launching similar attacks in India?

Very little because, despite being an infotech power, India lags on cyber security. Neither the government, nor the private sector is adequately prepared to face a cyber attack. We have the necessary laws in place, but they are futile in the absence of trained security experts and police officials to enforce them. Recently, I was at a conference in the Capital, attended by numerous Delhi Police officials. During the question-answer session, one police official asked me: "All this is fine Mr Ankit, but yeh internet ki building kidhar hai?" According to him, the internet was a huge building and, in order to protect it from cyber terrorists, the police had simply to stand all around it, holding rifles and lathis to fight off viruses, worms and criminals! If this is the state of affairs in the police department of the national capital, one can't even begin to imagine the way it is in other cities.

The fact that few engineering colleges in India offer courses on cyber security is a major reason for the lack of cyber experts. The result is that when a private company website gets hacked, the incident is brushed under the carpet lest its brand image is tarnished. Worse, it's considered normal for most Indian government websites to get hacked regularly.

But the lack of trained professionals and a lax attitude are the least of India's concerns. The internet has no boundaries and allows cyber terrorists to hide behind geographic, political and diplomatic clouds. It is easy for a criminal to hide behind proxy servers and bounce off systems in unfriendly countries to stop security agencies from tracing the culprits. The dynamic nature of cyber security, coupled with the obsolete techniques used by the Indian forces, means it is a losing battle for India.

Let's not wait for a cyber 26/11 to happen. A willingness to make changes, a proactive approach with some nimble execution can fix the chinks in India's cyber security and drastically improve our preparedness to fight a cyber war.

 

[DeathInvader]

TORONTO: A vast electronic spying operation from China has infiltrated computers and stolen documents from hundreds of government and private
offices around the world, including those of the Indian embassy in the US and the Dalai Lama's organization, Canadian researchers have concluded.

In a report to be issued shortly, the researchers said that the system was being controlled from computers based almost exclusively in China, but that they could not say conclusively that the Chinese government was involved.

The researchers, based at the Munk Center for International Studies at the University of Toronto, had been asked by the office of the Dalai Lama in India to examine its computers for signs of malicious software, or malware.

Their sleuthing opened a window into a broader operation that, in less than two years, has infiltrated at least 1,295 computers in 103 countries, including many belonging to Indian embassies as well as the Dalai Lama's Tibetan exile centres in India, Brussels, London and New York.

The group did not identify the Indian embassies which were targeted.

The researchers believed that the system, which they called GhostNet, had hacked into the computer systems at embassies of countries like Pakistan, Germany, Indonesia, Thailand and South Korea. The researchers found networks at foreign ministries of Bhutan, Bangladesh, Latvia, Indonesia, Iran and the Philippines, had been similarly hacked.

The spying operation is by far the largest to come to light in terms of countries affected. This is also believed to be the first time researchers have been able to expose the workings of a computer system used in an intrusion of this magnitude.

Still going strong, the operation continues to invade and monitor more than a dozen new computers a week, the researchers said in their report, Tracking GhostNet: Investigating a Cyber Espionage Network. They said they had found no evidence that United States government offices had been infiltrated, although a NATO computer was monitored by the spies for half a day and computers of the Indian Embassy in Washington were infiltrated.

The malware is remarkable both for its sweep in computer jargon ^ it has not been merely `phishing' for random consumers information but `whaling' for particular important targets ^ and for its big brother-style capacities. It can, for example, turn on the camera and audio-recording functions of an infected computer, enabling monitors to see and hear what goes on in a room. The investigators say they do not know if this facet has been employed.

The researchers were able to monitor the commands given to infected computers and to see the names of documents retrieved by the spies, but in most cases the contents of the stolen files have not been determined. Working with the Tibetans, however, the researchers found that specific correspondence had been stolen and that the intruders had gained control of the electronic mail server computers of the Dalai Lama's organization.

The electronic spy game has had at least some real-world impact, they said. For example, they said, after an email invitation was sent by the Dalai Lama's office to a foreign diplomat, the Chinese government made a call to the diplomat discouraging a visit. And a woman working for a group making internet contacts between Tibetan exiles and Chinese citizens was stopped by Chinese intelligence officers on her way back to Tibet, shown transcripts of her online conversations and warned to stop her political activities.

The Toronto researchers said they had notified international law enforcement agencies of the spying operation, which in their view exposed basic shortcomings in the legal structure of cyberspace. The FBI declined to comment on the operation.

Although the Canadian researchers said that most of the computers behind the spying were in China, they cautioned against concluding that China's government was involved. The spying could be a non-state, for-profit operation, for example, or one run by private citizens in China known as patriotic hackers.

"We're a bit more careful about it, knowing the nuance of what happens in the subterranean realms," said Ronald J Deibert, a member of the research group and an associate professor of political science at Munk. "This could well be the CIA or the Russians. It's a murky realm that we're lifting the lid on."

A spokesman for the Chinese consulate in New York dismissed the idea that China was involved. "These are old stories and they are nonsense," the spokesman, Wenqi Gao, said. "The Chinese government is opposed to and strictly forbids any cybercrime."

The Toronto researchers are publishing their findings in Information Warfare Monitor, an online publication associated with the Munk Center.

At the same time, two computer researchers at Cambridge University in Britain who worked on the part of the investigation related to Tibetans, are releasing an independent report. They do fault China, and warned that other hackers could adopt the tactics used in the malware operation.

"What Chinese spooks did in 2008, Russian crooks will do in 2010 and even low-budget criminals from less developed countries will follow in due course," the Cambridge researchers, Shishir Nagaraja and Ross Anderson, wrote in their report, The Snooping Dragon: Social Malware Surveillance of the Tibetan Movement.

In any case, it was suspicions of Chinese interference that led to the discovery of the spy operation. Last summer, the office of the Dalai Lama invited two specialists to India to audit computers used by the Dalai Lama's organization. The specialists, Greg Walton, the editor of Information Warfare Monitor, and Nagaraja, a network security expert, found that the computers had indeed been infected and that intruders had stolen files from personal computers serving several Tibetan exile groups.

Back in Toronto, Walton shared data with colleagues at the Munk Center's computer lab.

One of them was Nart Villeneuve, 34, a graduate student and self-taught white hat hacker with dazzling technical skills.

Last year, Villeneuve linked the Chinese version of the Skype communications service to a Chinese government operation that was systematically eavesdropping on users’ instant-messaging sessions.

Early this month, Villeneuve noticed an odd string of 22 characters embedded in files created by the malicious software and searched for it with Google. It led him to a group of computers on Hainan Island, off China, and to a website that would prove to be critically important.

In a puzzling security lapse, the web page that Villeneuve found was not protected by a password, while much of the rest of the system uses encryption.

Villeneuve and his colleagues figured out how the operation worked by commanding it to infect a system in their computer lab in Toronto. On March 12, the spies took their own bait. Villeneuve watched a brief series of commands flicker on his computer screen as someone presumably in China rummaged through the files. Finding nothing of interest, the intruder soon disappeared.

Through trial and error, the researchers learned to use the system's Chinese-language dashboard ^ a control panel reachable with a standard web browser by which one could manipulate the more than 1,200 computers worldwide that had by then been infected.

Infection happens two ways. In one method, a user's clicking on a document attached to an email message lets the system covertly install software deep in the target operating system. Alternatively, a user clicks on a web link in an email message and is taken directly to a poisoned website.

The researchers said they avoided breaking any laws during three weeks of monitoring and extensively experimenting with the systems unprotected software control panel. They provided, among other information, a log of compromised computers dating to May 22, 2007.

They found that three of the four control servers were in different provinces in China ^ Hainan, Guangdong and Sichuan ^ while the fourth was discovered to be at a web-hosting company based in southern California.

Beyond that, said Rafal A Rohozinski, one of the investigators, attribution is difficult because there is no agreed upon international legal framework for being able to pursue investigations down to their logical conclusion, which is highly local.