[Infowarrior] - China mounts cyber attacks on Indian sites

Richard Forno rforno at infowarrior.org
Mon May 5 13:08:34 UTC 2008 

China mounts cyber attacks on Indian sites
5 May 2008, 0116 hrs IST,Indrani Bagchi,TNN

http://timesofindia.indiatimes.com/articleshow/msid-3010288,prtpage-1.cms

NEW DELHI: China’s cyber warfare army is marching on, and India is  
suffering silently. Over the past one and a half years, officials  
said, China has mounted almost daily attacks on Indian computer  
networks, both government and private, showing its intent and  
capability. ( Watch: ‘China's cyber intrusion a threat’ )

The sustained assault almost coincides with the history of the present  
political disquiet between the two countries.

According to senior government officials, these attacks are not  
isolated incidents of something so generic or basic as "hacking" —  
they are far more sophisticated and complete — and there is a method  
behind the madness.

Publicly, senior government officials, when questioned, take refuge  
under the argument that "hacking" is a routine activity and happens  
from many areas around the world. But privately, they acknowledge that  
the cyber warfare threat from China is more real than from other  
countries.

The core of the assault is that the Chinese are constantly scanning  
and mapping India’s official networks. This gives them a very good  
idea of not only the content but also of how to disable the networks  
or distract them during a conflict.

This, officials say, is China’s way of gaining "an asymmetrical  
advantage" over a potential adversary.

The big attacks that were sourced to China over the last few months  
included an attack on NIC (National Infomatics Centre), which was  
aimed at the National Security Council, and on the MEA.

Other government networks, said sources, are routinely targeted though  
they haven’t been disabled. A quiet effort is under way to set up  
defence mechanisms, but cyber warfare is yet to become a big component  
of India’s security doctrine. Dedicated teams of officials — all  
underpaid, of course — are involved in a daily deflection of attacks.  
But the real gap is that a retaliatory offensive system is yet to be  
created.

And it’s not difficult, said sources. Chinese networks are very porous  
— and India is an acknowledged IT giant!

There are three main weapons in use against Indian networks — BOTS,  
key loggers and mapping of networks. According to sources in the  
government, Chinese hackers are acknowledged experts in setting up  
BOTS. A BOT is a parasite program embedded in a network, which hijacks  
the network and makes other computers act according to its wishes,  
which, in turn, are controlled by "external" forces.

The controlled computers are known as "zombies" in the colourful  
language of cyber security, and are a key aspect in cyber warfare.  
According to official sources, there are close to 50,000 BOTS in India  
at present — and these are "operational" figures.

What is the danger? Simply put, the danger is that at the appointed  
time, these "external" controllers of BOTNETS will command the  
networks, through the zombies, to move them at will.

Exactly a year ago, Indian computer security experts got a glimpse of  
what could happen when a targeted attack against Estonia shut that  
country down — it was done by one million computers from different  
parts of the world — and many of them were from India! That, officials  
said, was executed by cyber terrorists from Russia, who are deemed to  
be more deadlier.

The point that officials are making is that there are internal  
networks in India that are controlled from outside — a sort of  
cyberspace fifth column. Hence, the need for a more aggressive strategy.

Key loggers is software that scans computers and their processes and  
data the moment you hit a key on the keyboard.

This information is immediately carried over to an external controller  
— so they know even when you change your password. Mapping or scanning  
networks is done as a prerequisite to modern cyber warfare tactics.  
MEA has a three-layered system of computer and network usage — only  
the most open communication is sent on something called "e-grams".

The more classified stuff uses old-economy methods — ironically,  
probably the most secure though a lot more time-consuming. The same is  
true of other critical areas of the government. But the real gap  
inside the national security establishment is one of understanding the  
true nature of the threat.

National security adviser M K Narayanan set up the National Technology  
Research Organization, which is also involved in assessing cyber  
security threats. But the cyber security forum of the National  
Security Council has become defunct after the US spy incident. This  
has scarred the Indian establishment so badly that it’s now frozen in  
its indecision. This has seriously hampered India’s decision-making  
process in cyber warfare.

More information about the Infowarrior mailing list