Security News > 2010 > February > Fresh wave of cyber attacks hits India
http://www.tribuneindia.com/2010/20100212/main7.htm By Vijay Mohan Tribune News Service February 11, 2010 Computer networks at sensitive establishments have experienced a second wave of cyber attacks from foreign-based hackers. Sources in the intelligence reveal that fresh attacks began on January 28 and about 25 computers were targeted. Computers used by individuals associated with the National Security Council (NSC) Secretariat and the National Security Advisory Board (NSAB) were the target of the new attacks, according to sources at the National Technical Research Organisation (NTRO). While NSC is the apex agency looking into the political, economic, energy and strategic security concerns, the NSAB consists of persons of eminence outside the government, with expertise in security matters, foreign affairs, armed forces, internal security, science and economics. Earlier attacks were experienced on January 15, when hackers hit computers being used by top government functionaries. This included the Prime Minister.s Office, intelligence agencies and the armed forces. In fact, the Cabinet Secretary, who is also reported to be a victim of these attacks, had scheduled a hi-level meeting of security and cyber war experts this week to work out modalities to deal with such incidents. Sources at NTRO, a relatively new highly specialised intelligence gathering agency concerned with satellite, terrestrial and internet monitoring as well as cyber warfare, have pegged the number of computers to have been hit in these attacks at 450. Initial investigations revealed that 30 computers, including eight from the PMO, were compromised. This also involved two persons not on the regular posted strength of the PMO, prompting intelligence agencies to believe that the cyber attacks were backed by a high level of human intelligence, providing the whereabouts of key individuals and their portfolios and e-mail addresses. Others who came under attack from cyber space included chairman of the Joint Intelligence Committee, chief of the Naval Staff, deputy chief of Naval Staff, PM.s special envoy, the three military intelligence services and establishments of the BSF and CRPF in Jammu and Kashmir. Monitoring the flow of information from these computers led to the identity of other computers that were compromised. Experts feel that the number could be more if the net was cast wider. NTRO claims that the e-mail IPs of a couple of top mediapersons were also the target of these attacks. A MS-Word file titled National Security Document, containing a complex spyware was sent to the targeted addresses, which resulted in the computers being compromised once the document was downloaded. Earlier a malicious PDF file was also circulated. An e-mail address with a.nic.in suffix, said to be a dormant address hacked by the attackers, was reportedly used to send the mails. Sources said that cyber experts at NTRO used .reverse hacking. methodology to trace the origins of the servers used in the malicious attacks. It is strongly believed that the servers were traced to mainland China, the exact physical location could not be established due to the complex nature of the attacks. .Our technical corroborations and results from other similar investigations reveal that the command and control architecture of these attacks have a Chinese signature,. a source claimed. Under its Informationalisation Doctrine, China lays a huge emphasis on cyber war and it has a well set-up infrastructure for the same. Chinese believe cyber war to be the first element of surprise in a conventional war, to be used to cripple enemy civilian and military networks before going in for a physical offensive. Some time ago NTRO had formed a rapid reaction team to deal with such exigencies and sources claim that their reaction time to the attacks was about an hour-and-a-half. NTRO is also known to have developed an offensive cyber warfare capability designed to penetrate computer networks and remote servers. ________________________________________ Did a friend send you this? From now on, be the first to find out! Subscribe to InfoSec News http://www.infosecnews.org