Alarming rise in cross-border ‘hack-tivism’

Prashant Bakshi

The reverberations of the World Trade Centre terrorist attacks are being felt on Indian cyberspace, too, with a conspicuous spurt in web site defacements. In recent times, Indian web sites have come under fire by a number of Pakistani hacker groups — GForce Pakistan, Dr Nuker and Silverlords being the prominent ones.

According to Attrition.org, a web-based company that monitors web site intrusions, there have been approximately 162 Indian sites that have been hacked this year by various Pakistani groups. Considering that the number of Indian web sites is growing exponentially (as per last year estimates the jump was from 10,000 to 80,0000), one can only expect further escalation in such attacks.

India’s first exposure to hack-tivism (the term has been coined referring to the convergence between web site hacking and activism) came soon after the 1998 nuclear tests, when an anti-nuclear group called ‘Milw0rm’ hacked into the BARC (Bhaba Atomic Research Centre) web site and put up a spoofed page displaying a mushroom cloud and a message “When there is a nuclear war, you will be the first to run!” Since then, Pakistani hacker groups have upped the ante and a host of academia, media and government web sites have been targeted and defaced.

It is also suspected that the temporary disruption of the armyinkashmir.org web site during Kargil was the handiwork of Pakistani intelligence operators. The web site was installed in August 1998 to cover events at Kashmir and counter the Pakistani misinformation campaign.

What is more alarming is the ease with which these attacks are being orchestrated. The ubiquitous World Wide Web (www) boasts over 30,000 hacking-related web sites offering free tools like password crackers, domain scanners and sniffer programmes. No wonder, hacking is no longer a task assigned to professionals and one often hears of teenagers committing a security breach.

While the misdeeds of young deviants can be ascribed to a high sense of curiosity and challenge, ideologically motivated hackers have a singular objective — activism. That that this can be carried out remotely and anonymously, with assured media coverage makes it an effective tool of coercion.

Hacking is a largely civilian dominated activity. The global reach of the Internet empowers the civil society to garner public support and fight for a cause. While the cause could be political or socio-economic, major violations in cyberspace have generally occurred in conflict situations. For instance, the accidental bombing of the Chinese embassy in Serbia during the Kosovo Crisis resulted in irate Chinese attacking NATO and US department of defence web sites. And later, the EP-3 spy-plane scandal further aggravated the situation with Chinese hackers protesting US action by hacking into their government web sites and leaving behind a trail of anti-American messages.

Likewise, the war against terror has led to a spate of hacking attacks by both pro- and anti-American groups. However, a new twist has been added by the formation of YIHAT (Young Intelligent Hackers against Terror). A group of hackers led by Kim Schmitz (former hacker turned infotech entrepreneur) are devoting their efforts in targeting the financial network of terrorist groups. Apparently, the team has passed vital information, regarding the accounts of Al Qaeda at the Sudanese Alshamal Islamic bank to the FBI.

As far as the military dimension of hacking or ‘hacker warfare’ is concerned, it falls under the larger purview of ‘Information Warfare’. It was the Gulf War of 1991, which heralded the concept of information superiority and ever since militaries have been concentrating on a wide range of operations covering the information spectrum. Covert hacking and disruption of vital information networks can seriously curtail the war-fighting capability of a nation.

Advanced countries like the US — where approximately 40 per cent of the world’s computers reside — rely extensively on information-based networks and are, therefore, all the more vulnerable to cyber-attacks by adversaries. Alvin Toffler, the renowned futurist, has cited information warfare (IW) as an ideal weapon for waging asymmetric war against an adversary whose conventional strength cannot be matched. There are indications that Pakistan is developing an offensive IW capability; a case in point is the origin of ‘Brain Virus’ authored by the Lahore-based Amjad brothers which was one of the deadliest computer viruses to have stalked the Internet in the 1980s.

An international hacking watch-list includes Pakistan as a fast emerging hacking hotbed — engaged in subversive hacking and international virus propagation. Besides, there is a strong possibility that various hacker groups thriving in Pakistan get official patronage from the government or the ISI.

In addition to the military and civilian hackers, it is the mercenary hackers employed by terrorist groups who pose a far more potent threat in the future. Today, most terrorist groups are highly IT-savvy, operating their own web sites and communicating via e-mail and satellite phones. The day is not far when keyboard and mouse-yielding cyber-terrorists would threaten to bring down the information infrastructure of a nation. The infamous ‘e-mail bombing’ of the Sri Lankan embassy by the LTTE in 1998 is one such case of cyber-terrorism where Tamil guerrillas electronically bombed the Sri Lankan embassy with 800 e-mails a day in a period of two weeks. The e-mail bombing crashed the embassy’s computer systems and also made front-page news worldwide.

There is no denying that the hacker threat looms large and information security, complicated as it may be, is an extremely important issue. Despite having the best protection in place, computer systems of NASA, Pentagon, the US department of defence and in recent times even Microsoft have been compromised by determined hackers. The panacea for a 100 per cent foolproof computer system probably still does not exist.

Nonetheless, technology in the form of firewalls, encryption software, intrusion detection devices and biometric authentication is easily available and does provide a fairly good level of protection. More importantly, there is a greater need to embrace innovation to stymie the non-conventional threat that arises from hackers. ‘Ethical hacking’ i.e., employing own hackers to assess network security is one such example which is gaining consensus.

NASSCOM (National Association of Software Services and Companies) had earlier this year announced a team of ethical hackers (all teenagers) to test security standards of Indian networks. Then, there are ‘honey-pot’s (decoy servers), ‘tracers’ (surveillance algorithms), and specialised software for tracking and profiling web users. Being innovative and not toeing the predictable line may just put hackers off track. Also, being reactive always may not be the right thing and there would be occasions when a pro-active approach may be more appropriate.

The persistent disruption of Indian web sites by the Pakistani hackers in the recent past has shown that Indo-Pak peace even in the realms of cyberspace seems highly unlikely. Probably it may then be best to beat them in their own game.

(The writer is a defence analyst and can be contacted at p _bakshi98@yahoo.com)