The Dark Visitor

Well, we now know why the Indian Ministry of External Affairs sent out the directive to stay off the internet.  An investigation has determined that over 600 of the ministry’s computers were infected by spyware that “can track or take control over user’s actions” and send duplicate emails to another email ID.

Sources noted that some of the compromised computers included the “sensitive” Pakistan section and the offices of “senior Secretaries” and “Joint Secretaries.” The initial investigation suggested that the server involved in this breach was located in China.

Over the last eight months, the Indian Ministry of External Affairs has been armor coating the country’s cyber security system.  As part of the security layering process, Indian diplomats are prohibited from: logging into social networking sites such as Facebook, Orkut and Ibibo; downloading peer-to-peer music; sharing photos through Flickr and Picasa; writing a blog; and using G-mail, Yahoo! or Hotmail for official communication.

The following section led me to believe China had a lot to do with the new directive…and the fact that they were the only country mentioned by name:

Apart from their offices within the country, cyber security officials are also fortifying Indian embassies abroad with the first such team visiting the Indian embassy in Beijing late last year.

In 2008, nearly 100 Internet addresses were blocked, several of them at Chengdu in China, after these were found to be the source of a swarm of attacks on the network.

‘An attack could be just a simple mail, which activates a programme to leak data from that computer to another address on the net,’ the ministry official said, adding new intrusions were more geographically dispersed.

‘We had some intrusions which were traced to Houston, but we know that Chinese hackers were behind it,’ the official said. ‘It’s a daily defensive war that we are engaged in.’

Very informative article from Cyber Crime Updates on Chinese InfoTech espionage:

BANGALORE: A few months ago, a major Bangalore-based infotech company lost out on a $8 million contract. The company was expecting a business delegation to visit India before signing the contract, but 15 days before the date set for the deal, the meeting was abruptly called off.

The same team went to China instead. When the Indian firm investigated the matter, it discovered a gaping hole in its security. The computers of several of its top executives had been compromised by Chinese hackers and privileged information leaked to a Chinese competitor, who walked away with the deal by quoting a lesser price.

Since when is it a good idea to use G-mail for official communications? The Prime Minister says, “never!”

The Prime Minister’s Office (PMO) has instructed its officials not to use Google mail for official communication after Chinese hackers accessed the PMO’s internal networking systems.

The Chinese also hacked the Ministry of External Affairs’ internal communications network, and the National Informatics Centre (NIC) also fell victim to an attack supposedly aimed at the National Security Council.

The Chinese hacked the communication networks of officials and accessed emails used by the officials to communicate policy and decisions to other ministries and sectors of the government. The cyber attacks are believed to have been launched from dial-up internet connections in China. Up to four cyber attacks by Chinese hackers are reported on Indian servers daily.

The NIC traced the IP addresses used for attacking the PMO’s communication networks to China. They found that Google mail or Gmail was the main target of the Chinese hackers. Following this, the PMO has instructed its officers and staff to refrain from using Gmail for official communication.

India considers attacks on its information network by Chinese hackers a threat to national security:

(f) Cyber War and Cyber Terrorism in India

India is also suffering from the menaces of cyber war and cyber terrorism. Nobody cares about any these threats in India. Far more citizens were concerned of the Amarnath issue than by potential risks of nuclear conflict, or near-breakdowns in Net and mobile security.[2] China’s intensified cyber warfare against India is becoming a serious threat to national security. In October 2007, Chinese hackers defaced over 143 Indian websites. In April 2008, Indian intelligence agencies detected Chinese hackers breaking into the computer network of the Ministry of External Affairs forcing the government to think about devising a new strategy to fortify the system. As a countermeasure, the Indian armed forces are trying to enhance their C4ISR capabilities, so that the country can launch its own cyber offensive if the need arises.[3] Similarly, Pakistan is taking steps to intensify its cyber war propaganda against India with the help of its intelligence outfit, the ISI by carrying reports of alleged communal fissures taking place on the Indian side of Kashmir.[4] Issues like these have to be resolved as well.

This is a very good summary of Chinese hacker attacks on India, to include speculation on mapping of their information infrastructure:

China’s intensified cyber warfare against India is becoming a serious threat to national security. The desire to possess ‘electronic dominance’ over India has compelled Chinese hackers to attack many crucial Indian websites and over the past one and a half years, they have mounted almost daily attacks on Indian computer networks – both government and private.

In October 2007, for example, Chinese hackers defaced over 143 Indian websites. Phishing is a term derived from fishing, and is a fraudulent activity on the Internet to acquire personal information. In phishing, the hackers use spoofed e-mails to lure innocent Internet users and get their personal information like bank account number, credit card details, and password and so on.

Read more here…

Routine business:

NEW DELHI: Hackers have struck again with nearly 10 websites belonging to various ministries and departments of the government of India coming under attack in the last 24 hours. The hackers are suspected to be from China, though there was no official confirmation.

Confirming the cyber attack, a senior IT ministry official told DNA, “Low to medium intensity cyber intrusions into web servers maintained by the Indian government have been reported.”

New Delhi…just shrugs.

Someone passed on an article on the Times of India website this morning regarding ongoing attacks from the PRC to various government and private entities in India.  From the article:

There are three main weapons in use against Indian networks — BOTS, key loggers and mapping of networks. According to sources in the government, Chinese hackers are acknowledged experts in setting up BOTS.

The article is short on technical details but is interesting anyway.  Comments (especially from Indian readers) welcome.

Article link.