rediff.com
News APP

NewsApp (Free)

Read news as it happens
Download NewsApp

Available on  gplay

Rediff.com  » News » Why hacking of the CBI website is worrying
This article was first published 14 years ago

Why hacking of the CBI website is worrying

Last updated on: December 6, 2010 07:43 IST


The recent hacking of Central Bureau of Investigation's website by a group called 'Pakistani Cyber Army' has raised questions over the safety regulations of servers provided by National Informatics Centre, the organisation responsible for maintaining government servers.

While the NIC maintains a studied silence over the entire issue, sources in the security establishment say that the safety mechanism of the NIC was not up to the mark and several reminders were being sent to them for upgrading their hardware.

The official website of the CBI was hacked by the 'Pakistani Cyber Army' on the intervening night of December 3 and 4. The CBI had on Saturday registered a case against unknown persons in this connection.

...


Why hacking of the CBI website is worrying


A report "Shadows in the Cloud" by a Canadian think-tank comprising "Information Warfare Monitor" and "Shadows Server" earlier this year said there was evidence of a cyber espionage network that compromised government, business and academic computer systems in India, especially the office of the Dalai Lama.

According to a Canadian firm, which investigated the hacking of the Dalai Lama's computer, as many as 12 computers of NIC had been hit by the Chinese hackers.

The report said the recovery and analysis of ex-filtrated data, including one that appears to be encrypted diplomatic correspondence, two documents marked "Secret", six as "Restricted", and five as "Confidential". These documents are identified as belonging to the Indian government.

"However, we do not have direct evidence that they were stolen from Indian government computers and they may have been compromised as a result of being copied onto personal computers.



Why hacking of the CBI website is worrying


"The recovered documents also include 1,500 letters sent from the Dalai Lama's office between January and November 2009. The profile of documents recovered suggests that the attackers targeted specific systems and profiles of users," the report said.

The sources said besides reports by well-established think-tanks, there were several notes drawing urgent attention of various key ministries about possible intrusion by hackers either based in China or Pakistan trying to infiltrate into the computers.

Agencies have also cautioned against the practice of connecting official computers and laptops with unsecured Internet connections by some bureaucrats thus compromising security.



Why hacking of the CBI website is worrying


With hackers mainly from China very active and having penetrated deep into the cyber space, the security agencies had asked all ministries especially the Defence, External, Home and the PMO to separate their official computers with those with Internet facility.

The recommendations of the central security agencies seem to have gone unheeded as an official maintained that their suggestion was only recommendatory in nature.

The National Technical and Research Organisation (NTRO) also circulated a do's and don'ts to key ministries recently after attempts from hackers were noticed. Against the backdrop of concerns over checking of crucial official websites, security agencies have been continuously warning the government about the use of multitasking BlackBerry instruments by some of the officials working in sensitive ministries including the Prime Minister's office.

A quick random check was carried out earlier during which it was found that some of the officials in the Prime Minister's Office were using BlackBerry services and had linked their official emails on the handset, which is not allowed.

Why hacking of the CBI website is worrying


The problem dogging the cyber space in the country is constant use of official computers by officials in key ministries despite a warning from security agencies not to link them with the Internet.

Security of many of the computers in the Ministry of External Affairs and its missions abroad was compromised with forcing a security audit of the machines and segregating the virus affected ones out of the system.

The Ministry of Home Affairs has a separate server for its computers and there have been no attempts to hack its system since it has another server with Internet facility. A surprise check of all the computers is being carried at regular intervals.

The Canadian think tank, in its report, clearly pointed out that there was "evidence" of links between the Shadow network and two individuals living Chengdu in People's Republic of China to the underground hacking community.

Giving details, the report said the GhostNet system directs infected computers to download a Trojan, known as ghost RAT that allows attackers to gain complete, real-time control.

Why hacking of the CBI website is worrying


These instances of ghost RAT are consistently controlled from commercial Internet access accounts located on the island of Hainan, People's Republic of China.

"Our investigation reveals that GhostNet is capable of taking full control of infected computers, including searching and downloading specific files, and covertly operating attached devices, including microphones and web cameras.

"China is actively developing an operational capacity in cyberspace, correctly identifying it as the domain in which it can achieve strategic parity, if not superiority, over the military establishments of the United States and its allies.

The report said: "Chinese cyber warfare doctrine is well developed, and significant resources have been invested by the People's Liberation Army and security services in developing defensive and offensive capabilities."

According to them, an email message arrives in the target's inbox carrying the malware in an attachment or web link.

Why hacking of the CBI website is worrying


The attackers' objective is to get the target to open the attachment or malicious link so that the malicious code can execute, it said.

About the Chinese hackers' incursion in the cyber space, the Canadian company cited an example saying, "during the course of our research, we were informed of the following incident.

A member of Drewla, a young woman, decided to return to her family village in Tibet after working for two years for Drewla.

"She was arrested at the Nepalese-Tibetan border and taken to a detention facility, where she was held incommunicado for two months.

Why hacking of the CBI website is worrying


"She was interrogated by Chinese intelligence personnel about her employment in Dharamsala. She denied having been politically active and insisted that she had gone to Dharamsala for studies," the report claimed.

"In response to this, the intelligence officers pulled out a dossier on her activities and presented her with full transcripts of her Internet chats over the years.

"They indicated that they were fully aware of, and were monitoring, the Drewla outreach initiative and that her colleagues were not welcome to return to Tibet. They then released her and she returned to her village," the report claimed.