India must wake up to cyber terrorism

        NEW DELHI: In early March, suspected Chinese hackers breached the computers of India's top military organisation, the Defense Research and Development Organisation (DRDO), in what was touted to be among the biggest such security breaches in the country's history. Defense minister AK Antony ordered a probe into the matter, though an official statement denied any sensitive file had been compromised. India has seen many such attacks on its critical installations and the misuse of social media and internet has brought home the threat of cyber terrorism, which cyber security experts say the country is poorly equipped to handle.

Experts believe the country is vulnerable to such cyberterrorism attacks with some countries and vested interest groups bent on espionage and destruction. According to Supreme Court lawyer and leading cyberlaw expert Pavan Duggal, while the threat of cyberattacks remains "imminent," the country lacks an institutionalised mechanism of a cyberarmy to deal with the threat. "The recent DRDO breach was a classical case of cyberwar attack rather than mere hacking. It was an attack on India's critical information infrastructure. Cyberwarfare as a phenomenon is not covered under the Indian cyberlaw. Clearly, the country's cybersecurity is not in sync with the requirements of the times," Duggal told IANS.

Over the past few years, India has witnessed a growing number of cyberassaults, with government departments, particularly defence establishments, coming under attack. Last year, hacker group Anonymous carried out a series of Distributed Denial of Service (DDoS) attacks against a number of government websites, in retaliation against the alleged internet censorship. Hackers from Algeria also carried out an attack on websites run by the DRDO, the Prime Minister's Office and various other government departments last year. A group called Pakistan Cyber Army had also hacked into several Indian websites. "The threat landscape remains very threatening," said cyberlaw and cybersecurity expert Prashant Mali.

"India is awakening to the global threat of cyberwarfare now. Our cybersecurity is still ineffective as mass awakening towards it is missing or inadequate. Even though NTRO and DRDO are mandated with cyberoffensive work, only time will show effectiveness of these organisations," Mali told IANS. Usually, cyberattacks follow the same modus operandi. An email is sent to an individual, or small group, within an organisation. Efforts are made to make the email look legitimate, that is, it will appear as though it was sent by somebody the recipient trusts and the content of the mail will often be related to the recipient's area of interest. In order to install the malware, the user is tricked into either clicking a malicious link or launching a malicious attachment. In the more sophisticated attacks, the attacker will use a new "zero day vulnerability", in which attackers send email attachments which when opened exploit vulnerabilities in web browsers.

According to CERT-In (the Indian Computer Emergency Response Team), which is a government-mandated information technology security organisation, an estimated 14,392 websites in the country were hacked in 2012 (till October). In 2011, as many as 14,232 were hacked, while the number of websites hacked in 2009 stood at 9,180. About 16,126 websites were hacked in 2010. With cybersecurity impacting the country's security, Shivshankar Menon, the national security adviser, announced last month that the government is putting in place a national cyber security architecture to prevent sabotage, espionage and other forms of cyberthreats. "The past few years have witnessed a dramatic shift in the threat landscape. The motivation of attackers has moved from fame to financial gain and malware has become a successful criminal business model with billions of dollars in play. We have now entered a third significant shift in the threat landscape, one of cyberespionage and cybersabotage," Shantanu Ghosh, vice president at India Product Operations - Symantec corporation, which develops Norton AntiVirus, told IANS.

Ghosh said cyber security questions are no longer an exotic topic focusing primarily on spam messages and personal computers but have started to impact on the national security and defense capability of a country. Rikshit Tandon, consultant at Internet and Mobile Association of India (IAMAI) and advisor to the Cyber Crime Unit of the Uttar Pradesh Police, said: "Cyber terrorism is a grave threat not only to India but to the world.". "It can come to any country and, yes, proactive measures by government and consortium of countries needs to be taken as a collective effort and policy since internet has no geographical boundaries," Tandon told IANS. Experts say the country spends a small amount of money on cyber security  The budget allocation towards cyber security was Rs 42.2 crore ($7.76 million) for 2012-13, as against Rs 35.45 crore in 2010-11. In comparison, the US spends several billion dollars through the National Security Agency, $658 million through the Department of Homeland Security and $93 million through US-CERT in 2013.

Follow us Twitter | Follow us Linkedin | Friends us Facebook
Share This on Facebook | Share This on Twitter | Share This on Linkedin

China "resolutely opposes" US curbs on IT imports - state media

          China expressed "resolute opposition" and "strong dissatisfaction" with a new U.S. cyber-espionage rule limiting imports of Chinese-made IT products, state media reported on Saturday. The remarks underscore growing tension between the world's top two economies after the United States accused China of backing a string of hacking attacks on U.S. companies and government agencies.  China says the accusation lacks proof and that it is also a victim of hacking attacks, more than half of which originate from the US.

The new provision, tucked into a funding bill signed into law on Thursday, requires NASA, as well as the Justice and Commerce Departments, to seek approval from federal law enforcement officials before buying information technology systems from China. The United States imports about $129 billion worth of "advanced technology products" from China, according to a May 2012 report by the U.S. Congressional Research Service.

State media including Xinhua, the China Daily and the People's Daily, quoted a spokesman for the Ministry of Commerce as saying the U.S. bill "sends a very wrong signal". "This will directly impact partnerships of Chinese enterprises and American business as they conduct regular trade," said Shen Danyang, the commerce ministry spokesman. "This abuse of so-called national security measures is unfair to Chinese enterprises, and extends the discriminatory practice of presumption of guilt," the article in the official People's Daily said, quoting Shen. "This severely damages mutual trust between the U.S. and China."

The United States should eliminate the law, Shen said. Technology security lawyer Stewart Baker wrote in a blog post this week that China could claim that the United States is violating World Trade Organization rules.

However, because Beijing hasn't signed a WTO agreement setting international rules for government procurement, it may not be successful in its challenge, Baker said. Chinese foreign ministry spokesman Hong Lei also urged the U.S. to abandon the law at a news conference on Thursday. "This bill uses Internet security as an excuse to take discriminatory steps against Chinese companies," he said.

Follow us twitter | Follow us Linkedin | Friends us Facebook

Share This on Facebook | Share This on Twitter | Share This on Linkedin

By 2017 Cyber-security market may reach $870 million

           Global market for cyber-security solutions may grow to USD 870 million by 2017, says research firm IDC. Cyber-criminals use thousands of networked computers (botnets) to 'jam' a website by directing excessive traffic to it, causing it to crash. Such attacks are often termed as Distributed Denial of Service (DDoS). According to IDC, there was a sharp increase in frequency, volume and orientation of such attacks on websites of leading financial firms and other organisations last year. "As attacks surged in prevalence and sophistication, organisations were often caught unaware. Embedded capabilities were quickly overwhelmed and outages were readily apparent on the Web," IDC Vice President (Security Products and Services research) Christian Christiansen said in a statement. This is driving the demand for proactive solutions. "The worldwide market for DDoS prevention solutions will grow by a compound annual growth rate (CAGR) of 18.2 percent from 2012 through 2017 and reach USD 870 million," it added.

Expansion of cloud services and mobile networks could create additional targets for DDoS attacks. While firewalls, intrusion protection and other devices can mitigate low-level attacks, large volumetric attacks can be an issue as these may be unable to separate legitimate from illegitimate traffic. According to security solutions provider Symantec, in the late 1990s, networks of zombie machines were used to knock websites offline, making them unusable for customers - often preventing e-commerce. In 2007, Internet in Estonia was shut down due to attacks through botnet. Georgia was severely disabled by botnets in 2008. Networks of 'zombie' computers are flourishing across the world, and India is one of the most-infected countries. 

About 25 percent of bot-infected computers in India were located in tier-II cities, according to last year's Symantec Internet Security Threat Report XVII. While organisations need to engage with their Internet Service Provider (ISP) and invest in solutions, consumers also need to ensure that their security solution is updated to prevent such attacks, Symantec said.

Follow us Twitter | Follow us Linkedin | Friends us Facebook

Share This on Facebook | Share This on Twitter | Share This on Linkedin