India?s cyberspace is fast becoming a volatile place to be in. Much to the despise of the Indian Computer Emergency Response Team (CERT-In), a ministry of communications & IT body entrusted with the task of responding to computer security incidents as and when they occur, hackers, also known as ?script kiddies? in the tech world, have literally played havoc in recent months. They have defaced 1,981 websites in the first three months of the year. While in January, the number of websites defaced stood at 570, the trend showed a marginal dip in February when the number came down to 510, estimates CERT-In. But much to their dismay, the defacement trend headed north-wards in March when an alarming number of 901 websites were ravaged.
Alarm bells are ringing as the Web presence of government establishments, private enterprises and individuals have been intruded. Hackers are keen to hit amongst the private sector websites, especially those among them websites which are doing the maximum ecommerce or e-governance related activities. In addition to website defacement, hacking, distributed denial-of-service (DDOS) attacks, phishing, spamming and identity-theft are some common forms of cyber attacks taking place. Financially motivated attacks like extortion and theft of service too are widespread.
To make matters worse, there have been reports of cyber intruders descending up on the IT establishments of sensitive government departments, such as the defence ministry and various Indian missions around the world, and pilfered classified and restricted documents. Though spoken in hushed whispers, security analysts feel that pranksters from neighbouring countries, specifically China and Pakistan are behind the recent incidents of cyber attacks.
Pavan Duggal, advocate, Supreme Court of India, says, ?India has been the target of cyber warfare for quite some time now. There are reports in the public domain that government-backed hackers from neighbouring countries are encouraged to launch cyber attacks on Indian establishments. In fact, we hear the existence of a cyber army in China.?
The recent attack on Indian defence websites is one of the most recent examples of a cyber attack on critical infrastructure. According to Ramsunder P, director of enterprise sales?India, McAfee, there is a report on the recent cyber attacks on India called Shadows in the Cloud.
The report analyses the malware ecosystem employed by the
Shadows? attackers, which leveraged multiple redundant cloud computing systems, social networking platforms, and free Web hosting services in order to maintain persistent control while operating core servers located in China.
In the same vein, security analysts also lament that in cyberspace, it is a kid?s play to fake electronic identities and disguise electronic pathways. Therefore, to find definite proof of cyber warfare is impossible. But what is known is that the costs of the downtime associated with a major attack would cost an enterprise $6.3 million, estimates McAfee, an enterprise security firm. Apart from cost, the most widely feared loss from attacks is damage to the reputation, followed by the loss of personal information about customers. A McAfee report reveals that networks and control systems are under repeated cyber attack, often from high-level adversaries like foreign nation-states.
Vishal Dhupar, managing director, Symantec India, says, ?By general logic, the popularity of a website can make it a potential target of defacement attacks. Today, an increasing number of Indians are going online. In fact in the last one year, India has witnessed a growth of 20% in the number of internet users. Also a large number of Indian websites are enjoying good traffic. In such cases, the websites can come under the scanner of pranksters.?
As the sophistication of the hackers is rising and their cyber espionage expanding, several questions arise: what can be the possible reasons for the alarming increase in cyber attacks and instances of website defacements in recent months? Who can be behind such attacks? And the question foremost on the minds of chief information officers (CIOs) is this: how to improve security in an age of cyberwar?
Ramsunder says, ?Over the years, news about website defacement and hacking of varying degrees of notoriety has consistently been cropping up. Somehow in the past few months, we have seen a tremendous increase in the number of cyber attacks especially on government websites globally and India is no exception.? According to him, Indian sites have become a hacker?s delight and because of which, this is fast assuming gigantic proportions. Since India has emerged as a software power, the threat to its cyber world has increased greatly.
?The defacements of websites are not isolated but demonstrate a distinct pattern,? says Duggal. Today IT is playing a major role in the lives of the government, society and nations. In this context when websites belonging to or related to the government or related to .in go down, somewhere down the line the idea is to put a question mark on the inherent ability of the country to keep secure its websites.
Gone are the days when the website defacements were happening for demonstrating the technological superiority of hackers. In today?s age of professional hackers, these defacements are being done for the purpose. The idea is to somehow create instability in the minds of the users and the netizen community that websites of India are not safe and secure. Another reason for these defacements also could be potential corporate intelligence and rivalry aspects. ?Today, a large number of corporates are hiring private hackers to hack into the websites of their professional rivals so as to either put it down or somehow create disturbances in their day-to-day business,? says Duggal.
A typical website defacement cyber attack takes place with the sole objective of prejudicially impacting the working, stability and infrastructure of the website as also diminishing its inherent value and utility. There are no crystal clear formulae of what constitutes defacements. Sometimes defacements take the case of content being defaced.
Other instances pertain to the defacements leading to specific corruption of databases and data resident on websites. Still other cases relate to instances where the computer contaminants or virus are introduced into the website or somehow actions are taken which tend to paralyse, slow down or extremely bring to a grinding halt the existing vibrant ecommerce or electronic governance or information related activities of the concerned website.
According to Dhupar, a hacker can use various vulnerabilities in the system to get to the Web server machine of the organisation. These could be vulnerabilities in the Web server, in the internet server or even in the operating system. In general, most hackers deface websites after gaining privilege rights. With this, the hacker gets administrator privileges to the website that allows him full access to all system resources to make necessary alterations.
The net effect of such website defacements cyber attack has a debilitating impact upon the website. It either goes down or it becomes so incredibly slow and it is impossible to do any transaction on the website or even access to various contents of the same. With the result, legitimate, genuine bonafide, internet traffic coming to the website is thereby frustrated from accessing the contents of the website. In case, if it is an ecommerce related website it leads to direct loss of revenues in terms of lost ecommerce transactions and other related assets.
Good news is that a lot of things can be done to protect enterprises against such cyber attacks. First and foremost, enterprises need to concentrate on cyber security. Further, a lot of awareness needs to be generated among the Indian cyber community about the need for protecting their sites from potential defacements by cyber warriors, cyber criminals or cyber terrorists. ?India needs to have in place a comprehensive cyber security national plan which will detail the various aspects pertaining to Indian response relating to cyber security,? says Duggal.
Further, relevant stakeholders need to beef up the gaps in the security of their websites. They need to have in place the adequate appropriate anti-virus programs and firewalls installed at the appropriate places. They need to constantly have backups of their websites and have also mirror sites in place, should the original site go down.
In a nutshell, a lot of work needs to be done to protect and preserve the IT networks of the country. It will be interesting to see how the developments occur in this important field.