China’s cyber warfare army is marching on, and India is suffering silently
May 2008 by Frédéric Donnette, Global Security Mag
Over the past one and a half years, officials said, China has mounted almost daily attacks on Indian computer networks, both government and private, showing its intent and capability. ( Watch: ‘China’s cyber intrusion a threat’ ).
The sustained assault almost coincides with the history of the present political disquiet between the two countries.
According to senior government officials, these attacks are not isolated incidents of something so generic or basic as "hacking" — they are far more sophisticated and complete — and there is a method behind the madness.
Publicly, senior government officials, when questioned, take refuge under the argument that "hacking" is a routine activity and happens from many areas around the world. But privately, they acknowledge that the cyber warfare threat from China is more real than from other countries.
The core of the assault is that the Chinese are constantly scanning and mapping India’s official networks. This gives them a very good idea of not only the content but also of how to disable the networks or distract them during a conflict.
This, officials say, is China’s way of gaining "an asymmetrical advantage" over a potential adversary.
The big attacks that were sourced to China over the last few months included an attack on NIC (National Infomatics Centre), which was aimed at the National Security Council, and on the MEA.
Other government networks, said sources, are routinely targeted though they haven’t been disabled. A quiet effort is under way to set up defence mechanisms, but cyber warfare is yet to become a big component of India’s security doctrine. Dedicated teams of officials — all underpaid, of course — are involved in a daily deflection of attacks. But the real gap is that a retaliatory offensive system is yet to be created.
And it’s not difficult, said sources. Chinese networks are very porous — and India is an acknowledged IT giant!
There are three main weapons in use against Indian networks — BOTS, key loggers and mapping of networks. According to sources in the government, Chinese hackers are acknowledged experts in setting up BOTS. A BOT is a parasite program embedded in a network, which hijacks the network and makes other computers act according to its wishes, which, in turn, are controlled by "external" forces.
The controlled computers are known as "zombies" in the colourful language of cyber security, and are a key aspect in cyber warfare. According to official sources, there are close to 50,000 BOTS in India at present — and these are "operational" figures.
What is the danger? Simply put, the danger is that at the appointed time, these "external" controllers of BOTNETS will command the networks, through the zombies, to move them at will.
Exactly a year ago, Indian computer security experts got a glimpse of what could happen when a targeted attack against Estonia shut that country down — it was done by one million computers from different parts of the world — and many of them were from India! That, officials said, was executed by cyber terrorists from Russia, who are deemed to be more deadlier.
The point that officials are making is that there are internal networks in India that are controlled from outside — a sort of cyberspace fifth column. Hence, the need for a more aggressive strategy.
Key loggers is software that scans computers and their processes and data the moment you hit a key on the keyboard.
This information is immediately carried over to an external controller — so they know even when you change your password. Mapping or scanning networks is done as a prerequisite to modern cyber warfare tactics. MEA has a three-layered system of computer and network usage — only the most open communication is sent on something called "e-grams".
The more classified stuff uses old-economy methods — ironically, probably the most secure though a lot more time-consuming. The same is true of other critical areas of the government. But the real gap inside the national security establishment is one of understanding the true nature of the threat.
National security adviser M K Narayanan set up the National Technology Research Organization, which is also involved in assessing cyber security threats. But the cyber security forum of the National Security Council has become defunct after the US spy incident. This has scarred the Indian establishment so badly that it’s now frozen in its indecision. This has seriously hampered India’s decision-making process in cyber warfare.