A virtual war on terror

Font Size

Print

Feedback

Email

Discuss

Related Articles

Web addresses to get more leewayYahoo board to discuss Microsoft offerFoundation behind Wikipedia hires a felon as COOMicrosoft, Google, Yahoo to settle gambling claims

The bad guys are at it again and with increasing ferocity, attacking anything and everything. So far, Chinese hackers have been constantly waging an all-out warfare against the government and defence networks of western countries, the US in particular. Be it in terms of volume, proficiency or sophistication, the conflict has reached the level of a campaign-style, force-on-force engagement. The motives of Chinese hackers include technology theft, intelligence gathering and the creation of dormant presences in the computer networks for future action.

The recent attacks from China have brought the ugly face of cyber terrorism out in open and have opened a Pandora box of questions. Online warfare and our defence capabilities in the virtual world have suddenly come into limelight.

Chinese hackers broke into the computer network of the ministry of external affairs (MEA) recently, prompting the government to think about fortifying the system. Fortunately, no sensitive information was accessed during the hacking, which was detected during regular checks by the intelligence agencies. “The hackers attempted to hack in, but were not successful,” says BN Shetty, head of the informatics division at the ministry of external affairs.

Though the government does not specifically know who the hackers were, the IP addresses left behind suggested Chinese involvement. The next obvious question is what is the real motive. Were the hackers trying to sniff into the Tibet policy-related data in the MEA servers? Without disturbing anything they quietly came and left. But, what were the hackers looking for?

Initially, the government was not forthright in mentioning the name of China into the hacking incidents but there were oblique hints. It sought to play down the development, saying it was an ongoing effort by hackers from China, Europe or countries elsewhere to break into the computer networks of ministry of external affairs.

However, this is not the first time that hackers have attempted to break into the computer networks of various ministries and military establishments. For quite some time now, hackers have been trying to hack into sensitive information, such as military data and also emails of key government personnel here. According to National Informatics Centre (NIC) officials, they have been getting reports regarding this and are doing everything to secure the system.

Interestingly, Chinese hackers have been sending deceptive mass email messages to lure users into clicking on a malicious URL. Hackers are also using more traditional hacking methods, such as Trojan horse viruses and worms, but in innovative ways.

In the recent incident, NIC officials say that they had managed to track down the IP addresses of the hackers and preliminary investigations revealed that it could be the handiwork of some Chinese people. The cyber attacks mainly targeted the emails of senior ministers and top army officials.

Officials say that the information that the hackers were trying to target concerned defence deals that India was entering into with other countries. This includes the purchase of weapons, future plans and also its military strategy. However, only the minor deals and details have been targeted while the major ones remain secure, officials say.

Government officials say that hacking is not a big thing now. There are systems in place and often, only the very sensitive sites or servers are attacked. “Officials involved in sensitive projects are not allowed to work on the computer network. In fact, the computers installed on the network do not even have pen drives or backups. In case a machine needs to be disposed, it does not go to the vendor. We dispose it off safely at our end,” inform officials.

Typically, each official in the MEA has a backup computer and all sensitive information is present in the offline computer. The official MEA site is hosted at NIC headquarters and is covered by a three-layered security system with impregnable firewalls. “The possibility of it being hacked are extremely remote,” says Shetty. In case a site has been hacked, there are ways of recovering the lost data from NIC’s disaster recovery centre in

Hyderabad.

A site anywhere in the world can be technically hacked when an unauthorised access is made into the main server on which the site is hosted. Once in, the hacker can do two things—either he can disable the website so that it would not be seen by the world or he may put some propaganda material on the server so that whoever clicks on the site will see the planted material and not the official site.

Several government agencies within the US department of homeland security admit they are regular victims of computer break-ins at home and overseas by hackers finding their way into the departments. More than 800 security incidents plagued the department over the past two years, including viruses, password-stealing programs and ‘Trojans’ or hacker tunnels found on some workstations. Problems have cropped up at defence networks, the transportation security agency, the Coast Guard and other agencies.

In case a site does get hacked, the usual measures that can be taken include changing the servers as soon as possible. This may typically take a few hours to a few days. The users are then redirected to the new location of the site. Chinese hackers gained notoriety in the United States when a series of devastating intrusions, beginning in 2003, were traced to a team of researchers in Guangdong Province. The programme, which the US department of defence (DOD) called Titan Rain, was first reported in August 2005. Following that incident, DoD renamed the programme and then classified the new name.

US government sources have claimed that Chinese hackers, backed by all or part of the People’s Liberation Army, had breached a network in the office of the secretary of defence in June last year. In fact, the US-based SANS Institute has uncovered what they have termed a ‘rare gem’ as far as computer security investigations go that sheds new light on how up to 20,000 websites have been hacked since January 2007. They found a sneaky software tool that uses Google’s search engine to hunt for websites running certain kinds of vulnerable applications. When the tool finds a site that is vulnerable, it kicks into action.

New reports of Chinese-sponsored attacks have also surfaced in the UK. “China is engaged in hostile intelligence activities, and instead of using the old-fashioned methods—recruiting agents and stealing blueprints—they are focusing on electronic means to hack into systems to discover Britain’s defence and foreign policy secrets,” according to sources. “And they are technologically pretty advanced and adept at it.” In the past, Britain’s security service MI5 has warned the government that it faces the greatest danger of a cyber attack from China and Russia.

Web defacements are sometimes accompanied by damaging activity. In June 1998, a group of international hackers calling themselves Milworm hacked the website of Bhabha Atomic Research Centre (BARC) and put up a spoofed web page showing a mushroom cloud with a text, “If a nuclear war does start, you will be the first to scream.” The hackers were protesting against India’s nuclear weapons tests, although they admitted they did it mostly for thrills. The six hackers hailed from the United States, England, the Netherlands, and New Zealand.