New Delhi, April 2 (IANS) In early March, suspected Chinese hackers breached the computers of India’s top military organisation, the Defence Research and Development Organisation (DRDO), in what was touted to be amongst the biggest such security breaches in the country’s history.
Defence Minister A.K. Antony ordered a probe into the matter, though an official statement denied any sensitive file had been compromised.
India has seen many such attacks on its critical installations and the misuse of social media and Internet has brought home the threat of cyber-terrorism, which cyber security experts say the country is poorly equipped to handle.
Experts believe the country is vulnerable to such cyber-terrorism attacks with some countries and vested interest groups bent on espionage and destruction.
According to Supreme Court lawyer and leading cyber law expert Pavan Duggal, while the threat of cyber attacks remains “imminent”, the country lacks an institutionalised mechanism of a cyber army to deal with the threat.
“The recent DRDO breach was a classical case of cyber war attack rather than mere hacking. It was an attack on India’s critical information infrastructure. Cyber warfare as a phenomenon is not covered under the Indian cyber law. Clearly, the country’s cyber security is not in sync with the requirements of the times,” Duggal told IANS.
Over the past few years, India has witnessed a growing number of cyber assaults, with government departments, particularly defence establishments, coming under attack.
Last year, hacker group ‘Anonymous’ carried out a series of Distributed Denial of Service (DDoS) attacks against a number of government websites, in retaliation against the alleged Internet censorship.
Hackers from Algeria also carried out an attack on websites run by the DRDO, the Prime Minister’s Office and various other government departments last year. A group called ‘Pakistan Cyber Army’ had also hacked into several Indian websites.
“The threat landscape remains very threatening,” said cyber law and cyber security expert Prashant Mali.
“India is awakening to the global threat of cyber warfare now. Our cyber security is still ineffective as mass awakening towards it is missing or inadequate. Even though NTRO and DRDO are mandated with cyber offensive work, only time will show effectiveness of these organisations,” Mali told IANS.
Usually, cyber attacks follow the same modus operandi. An email is sent to an individual, or small group, within an organisation. Efforts are made to make the email look legitimate, that is, it will appear as though it was sent by somebody the recipient trusts and the content of the mail will often be related to the recipient’s area of interest.
In order to install the malware, the user is tricked into either clicking a malicious link or launching a malicious attachment. In the more sophisticated attacks, the attacker will use a new “zero day vulnerability”, in which attackers send email attachments which when opened exploit vulnerabilities in the Web browsers.
According to CERT-In (the Indian Computer Emergency Response Team), which is a government-mandated information technology security organization, an estimated 14,392 websites in the country were hacked in 2012 (till October).
In 2011, as many as 14,232 were hacked, while the number of websites hacked in 2009 stood at 9,180. About 16,126 websites were hacked in 2010.
With cyber security impacting the country’s security, Shivshankar Menon, the national security adviser, announced last month that the government is putting in place a national cyber security architecture to prevent sabotage, espionage and other forms of cyber threats.
“The past few years have witnessed a dramatic shift in the threat landscape. The motivation of attackers has moved from fame to financial gain and malware has become a successful criminal business model with billions of dollars in play. We have now entered a third significant shift in the threat landscape, one of cyber-espionage and cyber-sabotage,” Shantanu Ghosh, vice president at India Product Operations-Symantec corporation, which developed Norton AntiVirus, told IANS.
Ghosh said cyber security questions are no longer an exotic topic focussing primarily on spam messages and personal computers but have started to impact on the national security and defence capability of a country.
Rikshit Tandon, consultant at Internet and Mobile Association of India (IAMAI) and advisor to the Cyber Crime Unit of the Uttar Pradesh Police, said: “Cyber terrorism is a grave threat not only to India but to the world.”
“It can come to any country and, yes, proactive measures by government and consortium of countries needs to be taken as a collective effort and policy since internet has no geographical boundaries,” Tandon told IANS.
Experts say the country spends a small amount of money on cyber security. The budget allocation towards cyber security was Rs.42.2 crore ($7.76 million) for 2012-13, as against Rs.35.45 crore in 2010-11.
In comparison, the US spends several billion dollars through the National Security Agency, $658 million through the Department of Homeland Security and $93 million through US-CERT in 2013.
(Haris Zargar can be reached at [email protected])