Tip:
Highlight text to annotate it
X
China Hacks, India Ignores
Around 2008, the Tibetian Government in Exile grew suspicious that its computers had been
hacked by the Chinese.
They approached Researchers at the University of Toronto who were able to confirm, that
indeed was the case. But that, they alone were not the victims, there were many others,
including in India and Embassies and so on.
The manner of the attack was quite simple. People got attachments in the mail. And if
you clicked on them, a virus was loaded onto your computer.
Embedded in the virus were certain domain names and
what the virus would do was to check the hard drive of the computer for any new documents
and forward them to these addresses, to these domain names on the Internet.
When this information was made public, there was a huge hue and cry. And very quickly these
domain names were no longer being registered by the Chinese.
So, these domain names became available. The Canadians registered these domain names
themselves. And now, they sat back and watch. As computers from all over the world started
contacting their servers offering to upload documents to them.
The hacked computers were in 31 countries. But, almost half of the computers that were
sending documents to the Canadians were from India.
The Researchers at the University of Toronto were shocked to find in their possession -
-- Secret security situation assessments in Assam, Manipur etc. concerning naxalites and
maoists. -- Information relating to visa applications
from different embassies of India. -- There were journalists and academics who
were also looked at. -- The National Security Council Secretariat.
-- Embassies at Kabul and Moscow. -- Military Educational Institutions.
-- Institute for Defence Studies and Analysis. -- Various defence oriented publications.
and even some big corporations in India found themselves sending information without their
knowledge and without their consent.
This information was published by the Information Warfare Monitor and the Shadowserver Foundation
under the Heading "Shadows in the Cloud: Investigating Cyber Espionage 2.0" on the sixth of April
2010.
I sought to find out from the Ministry of Communication and Information Technology,
whether the Government is also thinking along these line and whether the authority that
was investigating this matter was also cognisant of this.
So. I sent them a letter under the Right to Information on the 13th of April 2010 asking
if this hacking by the Chinese had been investigated. How one might get in touch with them and how
many computers that they had found had been hacked.
I was amazed to get in reply a copy of an Indian Today article.
So, I then, tried contacting them personally and that did not have much effect.
And so on the 2nd of December 2010, I sent the exact same questions once again to the
Ministry of Information Technology. This time again they sent me a copy of this
"Shadows in the Cloud" Report, that was already available on the Internet anyway.
But, they did not seem to have any information of their own on the subject at all.
We persisted and on the 28th of March 2011, we sent the same questions again hoping that
by now the matter might have been investigated and there might be some information available
on the subject.
This time the Ministry forwarded the request to the concerned agency and said that the
"information was awaited". Reminders were sent by the Appellate Authority
in the Ministry to the Information Officer on the 31st of May, on the 14th of June, on
the 1st of July and on the 23rd of August. And they didn’t get any information on the
subject.
This is not a small matter. This is an attack on the country, which is no less serious,
let us say, than Kargil.
So we than took up the matter with the Home Ministry.
On the 26th of May 2011 we asked them, if any agency has been authorized by the Home
Ministry to investigate the matter. The Home Ministry transferred this to the
Department of Information Technology, saying "requested information does not fall totally
under the jurisdiction of the Ministry of Home Affairs".
And when we pursued the matter further, the Home Ministry informed us that "they are neither
concerned with the subject matter, nor have any information to furnish."
Since computers of the External Affairs Ministry had been hacked, we asked the External Affairs
Ministry on the 24th of June 2011, if they had conducted any investigation into the matter.
And what they said was that they "did not conduct a separate investigation" in the matter
and that this investigation was "carried out by the National Technical Research Organization",
which we could not find nor contacted anyway.
We asked the Cabinet Secretariat, which agency in the country was responsible for investigating
cyber attacks. Once again the mail was forwarded first to the Department of Telecom and then,
that was forwarded to, guess who, the Department of Information technology.
We don,t in this country which agency is responsible for investigating cyber attacks, for protecting
us from cyber attacks. And when such a matter is brought into attention of the concerned
ministries, all they do is forward mail to each other and then, sit back.
And when bush comes shove, they take refuge behind the cloak of secrecy to protect the
fact that they have done absolutely nothing.
It is vitally important that we re-examine our cyber security priorities, because clearly
the attention of our security agencies is in the wrong place.
This is Arun Mehta. Thank you for your attention.