Join our Mailing List

"As long as human rights are violated, there can be no foundation for peace. How can peace grow where speaking the truth is itself a crime?"

Cyber attacks on government websites: India goes on offensive against cyber rogues

December 6, 2011

Joji Thomas Philip & Harsimran Julka, ET Bureau Dec 3, 2011, 03.27am IST

Tags: Symantec India|National Security Council


NEW DELHI: A barrage of cyber attacks on government websites is
compelling the government to develop a counter strategy to deal with
countries that are behind these assaults. Government officials suspect
Pakistani and Chinese hackers for being responsible for most of these
attacks, and have asked security agencies to jointly map out the cyber
infrastructure of neighbouring countries as part of a 'cyber
preparedness' strategy.

These agencies have been asked to study the web security layout of
'suspect countries', as knowledge of security standards, as well as
software and encryption capabilities is required for unleashing a
counter attack. The mapping of cyber systems of other countries,
including their internet gateways, routers, IT system layouts, and web
routing patterns, was discussed at a meeting of top intelligence
officials held last month.

Hackers are individuals who generally act in their personal capacity.
But IT security experts believe that most of the recent attacks on
official websites are state sponsored. "The most significant new
element in the recent cyber threat landscape is the emergence of
highly targeted, long-term, international espionage and sabotage
campaigns by covert state actors," says Shantanu Ghosh, VP and MD, at
Symantec India, a leading IT security firm.

The Indian government has already created a National Security
Database, a verified list of credible and trustworthy 'ethical'
hackers in the country who will come to its rescue to counter cyber
aggression from abroad. ET spoke to two such hackers who said they
figured in the database but did not wish to be named.

India has been on the receiving end of cyber strikes of late. Last
month, investigators found details of hackers infiltrating Indian
government servers and using them to attack computer networks of third
countries. Just prior to that, computer systems of the ministries of
home and external affairs, National Security Council and other
government departments were attacked in a coordinated fashion.

In July, hackers from abroad targeted the Delhi airport, resulting in
check-in counters of all airlines becoming non-operational for hours.
Other recent victims include PSUs Oil and Natural Gas Corp and Bharat
Sanchar Nigam Ltd, and telecom regulator Trai.

Security company McAfee in August said it had uncovered the 'biggest
ever cyber attacks to date' where hackers in a five-year campaign
stole information from governments and companies located in the US,
Taiwan, India, South Korea, Vietnam and Canada among others.


The Citizen Lab at the University of Toronto, in a report last year,
said a clique of hackers based in China had conducted extensive spying
operations in India, pilfering confidential documents from the defence

"The ramification of cyber attacks launched by an unknown adversary or
individual has necessitated a relook at the planning and security of
command and control infrastructure at the highest levels of national
governance," Union minister of state for defence MM Pallam Raju said
at a recent function of Signal Corps, the communications branch of the
Indian army.

Borrowing a page from China, the government over the last couple of
months has put in place a system that is allegedly manned by a small
army of software professionals to spy on the classified data of
hostile nations by hacking into their computer systems.

An internal government document reviewed by ET said IT workers and
ethical hackers who sign up for the ambitious project would be
protected by law, without divulging additional details. This document
also states that the expertise of these professionals will be used to
go on the offensive or preempt strikes by breaching the security walls
of enemy systems.

Government officials say in the event of a cyber war, the country's
offensive strengths should include the ability to create a scenario of
misinformation and denial of information. All security agencies have
been tasked with putting in place backup continuity and disaster
recovery plans.

They have also been asked to assess the devices that are originating
from neighbouring and 'other countries of concern' and were being used
globally in cyber space, as well as examine potential threats
emanating from them for India's information systems.

In addition, they have been directed to collect information about
network devices and domain name servers, of other countries, including
details of security vendors they use.

CTC National Office 1425 René-Lévesque Blvd West, 3rd Floor, Montréal, Québec, Canada, H3G 1T7
T: (514) 487-0665
Developed by plank