Friday, December 4, 2009

Is India prepared to face cyber warfare?



 March 2008: An IP address originating from China intrudes into secured Indian cyber territory. The hackers attacked the ministry of external affairs website, managed by servers located in the national capital. They are believed to have stolen login identities and passwords of a host of Indian diplomats and sneaked away with ‘top secret’ state information, though the government has officially denied this.

April 2007: Estonian government removes the Bronze war memorial of a Soviet Soldier and war graves from Talinn. The removal is met with large-scale protests by ethnic Russians. About 1,300 people are arrested, 100 injured, and one dies.

In the days that follow, Russian hackers start mounting massive DDOS (distributed denial of service) attacks on websites of Estonian government ministries, major banks, news organizations, the Estonian presidency, parliament and major political parties. The whole cyber infrastructure of the government crumbles and banks suffer huge losses.

And the future...

Circa 2010: Commonwealth Games are in full swing in New Delhi and the Delhi Metro Rail is running on full capacity. On the third day of the Games, in the midst of a morning rush, the servers of DMRC crash thus cutting off power and halting the trains underground in the dark.

About 50,000 people are stuck underground. And two trains just miss a headon collision. TV stations blank out. The BSES Rajdhani’s automated servers stop working thus shutting down power in half of Delhi. The Air Traffic Control servers are taken in control by a foreign command centre.

Many flights miss collisions. All flights are cancelled and so are the 2010 Commonwealth Games. The BSE and NSE servers in Mumbai crash thus eroding all stock value to zilch. Mobile networks and internet is down. India is under attack. But the perpetrators are not known. 
This might well be what you read in newspapers in October 2010 if India does not pay heed. Cyber warfare is for real, as it happened in India in March this year and in Estonia in April 2007, and Indian establishments are under threat.

But India does not have a national strategy on countering insurgency in the cyberspace. “The draft amendments to IT Act 2000 do not have a single clause related to cyber terrorism or cyber war which compromise the national security, sovereignty and integrity of India,” says noted cyber lawyer Pavan Duggal.

The parliamentary standing committee has also criticised the government for not including clauses relating to cyber terrorism in the IT Act.

Sources say that the threat to India’s IT systems is very high and the threat perception will obviously reach a new high as the Commonwealth Games come closer. In the long term there is no policy on cyber warfare except for some localised attempts by intelligence agencies. In fact often there’s little understanding of what is cyber war.

What is a cyber war?

Cyber warfare can be defined as use of IT equipment like computers, mobile phones or other IP enabled equipment to conduct a war via the internet. Cyber warfare is part of information warfare which involves collection of tactical information, spreading of propaganda or misinformation to demoralise the enemy and using information to overpower enemy systems, servers thus bringing normal life to a standstill. Various methods like DDOS, phishing, cyber vandalism, espionage, destroying critical utilities, and equipment failure come under cyber war.  

A Brief History

Titan Rain: It is a term given to a series of coordinated attacks on US computer systems since 2003. Titan Rain hackers gained access to Lockheed Martin, Sandia National Laboratories, Redstone Arsenal, and NASA.

Moonlight Maze: It is the U.S. government's designation given to a series of alleged coordinated attacks on American computer systems in 1999. The attacks were traced to a main frame computer in Moscow.

Estonia Debacle: On May 17, 2007 Estonia came under cyber attack. The Estonian parliament, ministries, banks, and media were targeted bringing down the whole cyber infrastructure in Estonia on a standstill.

The Chinese threat: Around Sep 5, 2007, the Pentagon alongwith various French, German and British government computers were attacked by hackers of Chinese origin. China denies any involvement.

Estonia counter attacks: On Dec 14 2007 the website of the Kyrgyz Central Election Commission and ISPs were attacked during election. The message on the website read "This site has been hacked by Dream of Estonian organization".

Indian MEA attacked: In the second week of April, 2008, IP addresses originating from China attacked the Indian MEA computers. The hackers are believed to have gotten away with sensitive data, though the government denies.
According to government’s own data, the past 12 months have witnessed almost 400 registered attacks on Indian sites, owned by government departments or private institutions. That makes for more than one major government site being attacked on a daily basis. In the private sector, about 51% sites attacked belonged to the e-commerce sector, 47% belonged to the financial services sector.

Stages in cyber war

A full-fledged cyber attack on a nation may involve three steps. first, bring down the transportation and control systems. Second, bring down the financial systems (the stock markets and banks) and third, take control of the nations’ utilities.

A full-scale cyber attack can cause panic among people. It can trigger alarm systems in all major establishments, be it Parliament, Rashtrapati Bhavan, major hospitals, schools or colleges. A hack into the traffic light systems can cause havoc on roads in terms of accidents.

A break into the IT systems controlling the metro rail services can cause disasters. A break into your bank’s system or tax department can fish out your pan number, your salary, the investments you have made, the assets you possess to the cars you own.

A hack into your demat account can hurt you financially. One can know everything from details of your parents to the number of children you have. A hack into your personal computer can reveal all the searches you have made in the past to all the chat windows.

Imagine what chaos can prevail if the IT networks which control our power plants and nuclear plants fall into the hands of a rival nation. Imagine what can happen if one is able to break into the communication links of the defence ministry.

One can make an army or air force self destruct itself in a war. But the fact is that such talent (to prevent or control the attacks) is hard to acquire. In India too only a few hundred computer hackers exist. And the real top quality talent will always be in shortage.

According to strategists, before the beginning of a full-scale armed conflict and cyber conflict, the real challenge for a rival military organisation will be to eliminate this talent. This is because only a few computer geniuses will be able to prevent or bring the disrupted systems to normalcy.

But in the event of a full-fledged attack which brings down servers of critical public utilities or hands over their control to a rival party, recovery may take many days. For instance, restoring the Estonian critical utilities took a long time. A NATO team was dispatched to help the government in the cyber war but which could not prevent a barrage of DDOS attacks.

The CIA has also conformed that hackers had attacked IT systems last year causing a multi-city power failure. “We have information that cyber attacks have been used to disrupt power equipment in several regions outside the US. In at least one case, the disruption caused a power outage affecting multiple cities. We do not know who executed these attacks,” Tom Donahue, a CIA senior analyst said at a conference in the US.

The US conducts various kinds of cyber War games on a regular basis. In March this year, at Cyber Storm II, (annual cyber war game) the focus was simulated attacks on IT, communications, airlines and energy sectors.
Companies like Microsoft, Cisco, McAfee, Dow Chemicals participated in the war game which included US defence and intelligence agencies as well. The exercise cost about $6 million. No such large scale cyber war games happen in India. But private companies including telcos and ISPs do conduct such drills.

Various kinds of attacks

Denial of Service (DoS) attacks are most commonly used in a cyber war. A DoS attack is an attempt to make a computer resource unavailable to its intended users. DOS attacks paralyse IT systems. There are various types of DOS attacks:

Nuke: In Nuking, large amounts of corrupt data is repeatedly sent to a user by using the ping facility. It’s also known as Ping flood. The user’s computer is unable to handle this data and gives up displaying the Blue Screen of Death, very common in Windows Vista, XP and other versions.

Reflected Attack: In this a victim’s computer is made to send out large amount of forged request to a large number of computers that reply to the requests. The replies flood the victim’s computer and crash it.

DDOS: The most lethal of all is the Distributed DoS attacks. In a DDOS attack, thousands of compromised systems flood the bandwidth or resources of a targeted system, usually one or more web servers. They keep on multiplying themselves by attacking other systems and creating a Botnet.

“DDOS attackers can be as sinister as Cold War agents or as mercenary as professional blackmailers. We ourselves conduct such drills and offer DDoS Detection and Mitigation security services. VSNL gets a large number of DDOS attacks every day. Our offerings include real-time application-layer analysis of the IP traffic traversing Tata Communications’ global IP backbone.

The services monitor and analyze traffic on a 24x7x365 basis,” says a Tata Communications spokesperson. An Airtel official also said that they get hundreds of DoS attacks everyday but thankfully the company has a strong IT infrastructure to avert them.

China is believed to possess an army of specialized hackers who hack into systems of other countries and test their vulnerabilities. They are trained in the art of counter aggressive cyber warfare. India, however, is far behind. Though some departments are taking precautions.

Says Amulik Bijral, country manager RSA Security, “Many departments in the ministry of finance and ministry of defence have started using two factor identification for logging in their systems.” Two factor tokens involve a normal password plus a token which generates pin codes in real time to be carried by the user.

To login to a system the user will have to enter both the password and pin. In the South Block (ministry of defence and army HQs), laptops are not allowed and only a few computers are connected to the internet. These computers obviously don’t have access to the defence intranet.

“Despite a real threat, India is not a signatory to the 45-nation international convention on cyber crimes which has the US, EU, South Africa etc as its members. There is a lack of political will,” adds Mr Duggal.

India needs classified experts in intelligence agencies which can examine the various vulnerabilities in the IT systems. Though Computer Emergency Response System exists, it acts after the damage has been done.

Future tense

Though India is touted widely as the IT superpower of the world, the Indian government, especially the cyber crime cells of Delhi Police and Ministry of IT, still doesn’t have adequate talent to intercept the communication of terrorists via the internet. Lack of ability to attract good talent is an issue. The pay scales are not attractive enough for top end IT talent to look at joining government run cyber security cells. 
The Signals Core of the Indian Army also has professionals working on information warfare. But not many individuals are keen to join them as the salary levels are very low compared to what one gets in an IT company. The basic salary of an Indian Army or Navy officer ranges between Rs 8,500 per month to Rs 26,000 per month.

On the other hand, the US Navy pays its Information warfare officers salaries which start from $2000 per month (Rs 80,000) and go up to $6,300 (Rs 2.5 lakh) per month. On the other hand, many private IT training institutes conduct courses in operating systems and ethical hacking.

Salaries for a fresh ethical hacker can start around Rs 4 lakh per annum. Experienced hackers just work from home and earn far higher salaries in private companies. Clearly the government needs to think of its compensation policy if it wants to attract good IT talent.

Attracting high-end talent is a must as government and other agencies need professionals who can simulate all kinds of disaster scenarios, build the right kind of cyber security walls and stay on top of developments.

“Though the government has made arrangements to counter cyber warfare threats, a lot still needs to be done. For example, there are certain ways and means which one can use when e-mailing to avoid getting into the system and being tapped. There are certain brands of satellite phones which are difficult to tap,” says Rajat Khare, director of Appin Networks, a network security firm which maintains security for major establishments like the DMRC, Rashtrapati Bhawan etc.

Here, hiring the best talent can help. In a bid to counter cyber warfare the government has made a cyber warfare cell comprising 40 IITians. However, this is just a small step in building capability to counter cyber attacks.

According to Shamshad Ahmed, regional director, India & Saarc, Lumension Security (a network security provider), the third world war may be fought, if not entirely, then at least significantly, in the cyberspace.

Apart from hostility on the ground, the enemy cyber warriors can bring down defense computer systems, all important government systems, they may blacken off data at the nuclear plants and introduce dangerous contaminants or malware which can destroy all communication links. India definitely needs an army of cyber warriors to confront the threat.
Glossary

C2W: Command-and-control warfare. The integrated use of operations security, military deception, psychological operations, electronic warfare, and physical destruction, mutually supported by intelligence, to destroy adversary command

Cracking: Illegally gaining entry to a computer or computer network in order to do harm.

Zero-day attack: It is a computer threat that tries to exploit unknown, undisclosed or unpatched computer application vulnerabilities.

DNS spoofing: Assuming the DNS name of another system by either corrupting the name service cache of a victim system, or by compromising a domain name server for a valid domain.

Firewall: A system or combination of systems that enforces a boundary between two or more networks.

Logic bomb: Unauthorized computer code, sometimes delivered by email, which, when executed triggers the perpetration of an unauthorized, usually destructive, act.

Phreaking: "Hacking" the public phone network.

Virus: A self-replicating program that is hidden in another piece of computer code, such as an email.
 

No comments:

Post a Comment

LinkShare_468x60v2


I am a Seeking a Ages to
Country
Click to FriendSearch.com; Top Singles, Dating and Love Personals
 
http://www.pankaj-nitb.blogspot.com Submit Sitemap Directory 2009 Quality directory Free Link Exchange

Free Links from links room .com Sign up for FREE and start trading links today