By Vijay Mohan
Tribune News Service
February 11, 2010
Computer networks at sensitive establishments have experienced a second
wave of cyber attacks from foreign-based hackers. Sources in the
intelligence reveal that fresh attacks began on January 28 and about 25
computers were targeted.
Computers used by individuals associated with the National Security
Council (NSC) Secretariat and the National Security Advisory Board
(NSAB) were the target of the new attacks, according to sources at the
National Technical Research Organisation (NTRO).
While NSC is the apex agency looking into the political, economic,
energy and strategic security concerns, the NSAB consists of persons of
eminence outside the government, with expertise in security matters,
foreign affairs, armed forces, internal security, science and economics.
Earlier attacks were experienced on January 15, when hackers hit
computers being used by top government functionaries. This included the
Prime Minister.s Office, intelligence agencies and the armed forces. In
fact, the Cabinet Secretary, who is also reported to be a victim of
these attacks, had scheduled a hi-level meeting of security and cyber
war experts this week to work out modalities to deal with such
Sources at NTRO, a relatively new highly specialised intelligence
gathering agency concerned with satellite, terrestrial and internet
monitoring as well as cyber warfare, have pegged the number of computers
to have been hit in these attacks at 450.
Initial investigations revealed that 30 computers, including eight from
the PMO, were compromised. This also involved two persons not on the
regular posted strength of the PMO, prompting intelligence agencies to
believe that the cyber attacks were backed by a high level of human
intelligence, providing the whereabouts of key individuals and their
portfolios and e-mail addresses. Others who came under attack from cyber
space included chairman of the Joint Intelligence Committee, chief of
the Naval Staff, deputy chief of Naval Staff, PM.s special envoy, the
three military intelligence services and establishments of the BSF and
CRPF in Jammu and Kashmir.
Monitoring the flow of information from these computers led to the
identity of other computers that were compromised. Experts feel that the
number could be more if the net was cast wider.
NTRO claims that the e-mail IPs of a couple of top mediapersons were
also the target of these attacks. A MS-Word file titled National
Security Document, containing a complex spyware was sent to the targeted
addresses, which resulted in the computers being compromised once the
document was downloaded. Earlier a malicious PDF file was also
circulated. An e-mail address with a.nic.in suffix, said to be a dormant
address hacked by the attackers, was reportedly used to send the mails.
Sources said that cyber experts at NTRO used .reverse hacking.
methodology to trace the origins of the servers used in the malicious
attacks. It is strongly believed that the servers were traced to
mainland China, the exact physical location could not be established due
to the complex nature of the attacks. .Our technical corroborations and
results from other similar investigations reveal that the command and
control architecture of these attacks have a Chinese signature,. a
Under its Informationalisation Doctrine, China lays a huge emphasis on
cyber war and it has a well set-up infrastructure for the same. Chinese
believe cyber war to be the first element of surprise in a conventional
war, to be used to cripple enemy civilian and military networks before
going in for a physical offensive.
Some time ago NTRO had formed a rapid reaction team to deal with such
exigencies and sources claim that their reaction time to the attacks was
about an hour-and-a-half. NTRO is also known to have developed an
offensive cyber warfare capability designed to penetrate computer
networks and remote servers.
Did a friend send you this? From now on, be the
first to find out! Subscribe to InfoSec News