Thursday, April 8, 2010

Shadows in the Cloud- India under cyber attack

April 8, 2010
Neelam Mathews

Volunteer security professionals of Canada working with the Shadowserver Foundation and Information Warfare Monitor have exposed (suspected) Chinese cyber offensive against India, the Dalai Lama, United Nations, and several other countries.

Investigators have found that hackers of the so-called `Shadow Network' stole secrets files of India's missile projects, troop deployments and military schools, in a report released (April 6) -'Shadows in the Cloud – Investigating Cyber Espionage 2.0'.

A host of military computers had been compromised as well as think tanks. Recovered documents related to the Pechora Missile System - an anti-aircraft surface-to-air missile system, Iron Dome Missile System - a mobile missile defense system, Project Shakti - the Indian Army’s command and control system for artillery.Documents relating to network centricity and network-centric warfare were exfiltrated, along with plans for intelligence fusion and technologies for monitoring and analyzing network data (Defense Research and Development Organization 2009).

Other casualties include-
* Personal details such as banking information, scans of identification documents, legal documents and information about ongoing court cases. Personal email communication, investigators say, can be leveraged for future attacks.
* Computer at the National Security Council Secretariat of India that includes the Joint Intelligence Committee headed by the Prime Minister of India responsible for strategic planning in the area of national security. Secret assessments of India’s security situation in the states of Assam, Manipur, Nagaland and Tripura, as well as concerning the Naxalites and Maoists, were hacked. In addition, they contained confidential information taken from Indian embassies regarding India’s international relations with and assessments of activities in West Africa, Russia/Commonwealth of Independent States and the Middle East, as well as diplomatic correspondence.
* Seventy eight documents of the Military Engineer Services, a government construction agency that provides services to the Indian Army, Navy and Air Force. These documents contained information concerning the financing and scheduling of specific engineering projects.
* Computers at YKK India, DLF Limited, and TATA.These documents included a presentation on roadmap and financial status, and an annual plan for a business partnership.
* Computers at the National Maritime Foundation and the Gujarat Chemical Port Terminal. They included a summary of a seminar as well as documents relating to specific shipping schedules, financial matters and personal medical information.
* A portion of the recovered data included visa applications submitted to Indian diplomatic missions in Afghanistan. In a context like Afghanistan, this finding points to the complex nature of the information security challenge where risks to individuals (or operational security) can occur as a result of a data compromise on secure systems operated by trusted partners.

“Forewarned is forearmed.The question now is what can you do. It is important to improve awareness within the government…unfortunately, the army has an outdated system that has no data capability. It is not network-centric. They are still thinking about it..A framework needs to be put in place,” said Cherien Samuel with think-tank Institute for Defense Studies and Analyzes said.

The investigation employed a fusion methodology, combining technical interrogation techniques, data analysis, and field research, to track and uncover the Shadow cyber espionage network.

Interestingly, while the documents were identified as belonging to the Indian government, “However, we do not have direct evidence that they were stolen from Indian government computers and they may have been compromised as a result of being copied onto personal computers,” says the Report.

“It has also emerged because of poor security practices of users, from individuals to large organizations….. Governments around the world are engaged in a rapid race to militarize cyber space, to develop tools and methods to fight and win wars in this domain. This arms race creates an opportunity structure ripe for crime and espionage to flourish. In the absence of norms, principles and rules of mutual restraint at a global level, a vacuum exists for subterranean exploits to fill,” said the investigators in the foreward of the Report.

Attempts to get India’s ministry of defense and Defense Research Organization to comment, were unsuccessful.

No comments:

Post a Comment