Dear India and Cyber Wars

The First Worm

The Morris worm or Internet worm of November 2, 1988 was one of the first computer worms distributed via the Internet. According to its creator, the Morris worm was not written to cause damage, but to gauge the size of the Internet. The worm was released from MIT in the hope of suggesting that its creator studied there, which Morris did not (though Morris later became a tenured professor at MIT in 2006). A supposedly unintended consequence of the code, however, caused it to be more damaging: a computer could be infected multiple times and each additional process would slow the machine down, eventually to the point of being unusable.

Robert Morris was tried and convicted of violating United States Code. After appeals he was sentenced to three years probation, 400 hours of community service, a fine of $10,050 plus the costs of his supervision. The Morris worm has sometimes been referred to as the “Great Worm”, because of the devastating effect it had on the Internet at that time, both in overall system downtime and in psychological impact on the perception of security and reliability of the Internet.

“I think my directive to my national security team is, don’t worry as much yet about machines taking over the world. Worry about the capacity of either non state actors or hostile actors to penetrate system” – Barack Obama [source]

The Indian Shadow

India has been in a major spot of bother with respect to the shocking financial hack on many of it’s major banks compromising 3.2 million debit cards in October, 2016. Several victims reported unauthorized transactions in China, out of which 2.6 million cards were on the Mastercard/Visa platform, whereas 600,000 were on RuPay. Computer Emergency Response Team, the Indian government’s cyber watchdog had already warned banks to be on alert about two weeks before, and had also sent warnings in July and August.

There have been a number of attacks on various Indian websites after the Indian army’s recent  ‘surgical strikes’ in Pakistan occupied Kashmir. 7,000 attacks by Pakistani hackers reportedly. In a possible cyber war, are India’s systems ‘fully exposed’?

What is CERT?

Computer emergency response teams (CERT) are expert groups that handle computer security incidents across the world.  The Indian CERT team is the Government organisation under Ministry of Electronics and Information Technology.

 

History of Cyber Attacks

One of the largest cyber attacks in India occurred in the year 2012 wherein almost 12,000 military and government emails were hacked.

“In early July last year (2012), a staffer at the secretive National Technical Research Organisation (NTRO) noticed odd “signals” on his monitoring system. Using complex algorithms that NTRO had been developing since 2010, he categorised these signals as a precursor to a major cyber attack. The agency, run under the Prime Minister’s Office, immediately sent a warning up the chain of command. Inexplicably, the warning went unheeded. That mistake would result in the single-largest cyber attack ever carried out against India.

On July 12, several high-level officials reported their emails had been hacked into. This included officials from the Ministry of External Affairs, Ministry of Home Affairs, Defence Research and Development Organisation (DRDO), and the Indo-Tibetan Border Police (ITBP), the paramilitary unit deployed along much of the country’s 3,500 km border with China. The hackers even breached the main National Informatics Centre email server, which serves all government departments. An investigation put the total number of hacked accounts at roughly 12,000.”

Read more: http://www.businesstoday.in/magazine/features/india-cyber-security-at-risk/story/191786.html

When the World Went Dark

Friday October 21st, was a day when many websites based in the USA (some term it as half the internet) were disrupted.  The list includes Twitter, Netflix, Reddit, Spotify, GitHub, PayPal, DropBox, even Amazon! There were at least two major DDOS attacks affecting millions of users around the world.

What is DDOS attack?

Distributed Denial of Service is a deadlier form of Denial of Service attack, wherein the victim (the web server) is attacked by hundreds or thousands of different sources with useless traffic.

The attacker sends garbage data to the web server, the server as a result is overwhelmed and begins to slow down and ultimately crash.

The web server affected in this case was one the best – Dyn, which would require a lot more than a standard hardware! Exact details of how the attack happened remain vague, but what is certain is that the internet is scaringly fragile against sophisticated attacks.

 

“Part of the reason why cyber security continues to be so hard is because the threat is not a bunch of tanks rolling at you but a whole bunch of systems that may be vulnerable to a worm getting in there.” – Barack Obama

The Age of Cyber Wars-  Is India doing enough?

Countries are at a constant state of cyber war with adversaries as well as allies. Some time back, a bunch of hackers from North Korea hacked Sony in a response to a spoof film being made on its leader Kim Jong Yun. North Korea was left in the dark by another team of US hackers in retaliation.

More details can be read here North Korea Web Outage was response to Sony Hack.

“India isn’t spending enough on cyber security and several projects aimed at increasing India’s cyber preparedness such as the National Cyber Coordination Centre are yet to be started even after getting Cabinet approval.” – Sivarama Krishnan, executive director of audit and consultancy firm PwC

Read more at:

CERT-In had instructed banks on October 7 to stay alert in wake of surgical strikes

At the same time, India’s reliance on foreign intelligence software has increased tenfolds after western intelligence agencies were partnered with after terrorists attacks in India in the previous decade. While I cannot get into details but a Google search would reveal meetings with India’s top officials and western intelligence heads, buying of software, skills and what not.

While the use of foreign intelligence and apparatus by political parties for spying on political rivals has been leaked on occasions and isn’t new, the politics of it all within the nation has opened up the security apparatus to intelligence agencies and hackers working on their behest. In the wake of such cyber attacks, India stands not only vulnerable but also defensive. It needs a show of power and an aggressive stance in the digital security world. A limit on the reliance on foreign software for critical functions in all sectors which put the nation’s functioning at risk. An arm which works completely independent of the ruling political group. Independence from intelligence wings of supposed ‘allies’.

Dark Side of the IT Boom

The IT boom as we call it happened around 1997. The widening application of computers in a broad range of fields required huge staff, the USA welcomed IT professionals from India, and this led to a the growth of a very large number of engineering colleges in India focused on producing IT ready professionals. The lure of international migration and associated lifestyle perks took the sheen away from traditional science and mathematics courses. India became the largest base of IT ‘application users’. A limited focus on application ( created by foreign computer innovation giants) meant that the growth of computers in other fields in India such as agriculture, educational institutes, government, natural resource development, which would lead to an overall balanced growth never happened.

This is in contrast to western countries which had a balance of IT application and scientific education , which utilized a combination of these skills to enhance development in agriculture, bio-medicine, mining etc. A penetration which India is still far from capturing.

Now these educational institutes are clueless about the future courses of development in technology. The few good ones we have such as IIT, produce a very small percentage of graduates, many of whom leave the country soon after graduation day parade. So in such a situation, wherein a country is dependent of technology provided by foreign countries, and knowing what Wikileaks and the likes of Edward Snowden have revealed about how intelligence agencies control and manipulate these tech giants, can we ever imagine of being digitally secure?

 

Regards,

Kashif Saiyed

Email: rizkashifs@gmail.com

Twitter: @rizkashif

Linkedin: www.linkedin.com/in/kashifsaiyed

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s