[ISN] China mounts cyber attacks on Indian sites

From: InfoSec News (alerts@private)
Date: Tue May 06 2008 - 01:37:41 PDT


By Indrani Bagchi
5 May 2008

NEW DELHI: China’s cyber warfare army is marching on, and India is 
suffering silently. Over the past one and a half years, officials said, 
China has mounted almost daily attacks on Indian computer networks, both 
government and private, showing its intent and capability. (Watch: 
‘China's cyber intrusion a threat’ [1])

The sustained assault almost coincides with the history of the present 
political disquiet between the two countries.

According to senior government officials, these attacks are not isolated 
incidents of something so generic or basic as "hacking" — they are far 
more sophisticated and complete — and there is a method behind the 

Publicly, senior government officials, when questioned, take refuge 
under the argument that "hacking" is a routine activity and happens from 
many areas around the world. But privately, they acknowledge that the 
cyber warfare threat from China is more real than from other countries.

The core of the assault is that the Chinese are constantly scanning and 
mapping India’s official networks. This gives them a very good idea of 
not only the content but also of how to disable the networks or distract 
them during a conflict.

This, officials say, is China’s way of gaining "an asymmetrical 
advantage" over a potential adversary.

The big attacks that were sourced to China over the last few months 
included an attack on NIC (National Infomatics Centre), which was aimed 
at the National Security Council, and on the MEA.

Other government networks, said sources, are routinely targeted though 
they haven’t been disabled. A quiet effort is under way to set up 
defence mechanisms, but cyber warfare is yet to become a big component 
of India’s security doctrine. Dedicated teams of officials — all 
underpaid, of course — are involved in a daily deflection of attacks. 
But the real gap is that a retaliatory offensive system is yet to be 

And it’s not difficult, said sources. Chinese networks are very porous — 
and India is an acknowledged IT giant!

There are three main weapons in use against Indian networks — BOTS, key 
loggers and mapping of networks. According to sources in the government, 
Chinese hackers are acknowledged experts in setting up BOTS. A BOT is a 
parasite program embedded in a network, which hijacks the network and 
makes other computers act according to its wishes, which, in turn, are 
controlled by "external" forces.

The controlled computers are known as "zombies" in the colourful 
language of cyber security, and are a key aspect in cyber warfare. 
According to official sources, there are close to 50,000 BOTS in India 
at present — and these are "operational" figures.

What is the danger? Simply put, the danger is that at the appointed 
time, these "external" controllers of BOTNETS will command the networks, 
through the zombies, to move them at will.

Exactly a year ago, Indian computer security experts got a glimpse of 
what could happen when a targeted attack against Estonia shut that 
country down — it was done by one million computers from different parts 
of the world — and many of them were from India! That, officials said, 
was executed by cyber terrorists from Russia, who are deemed to be more 

The point that officials are making is that there are internal networks 
in India that are controlled from outside — a sort of cyberspace fifth 
column. Hence, the need for a more aggressive strategy.

Key loggers is software that scans computers and their processes and 
data the moment you hit a key on the keyboard.

This information is immediately carried over to an external controller — 
so they know even when you change your password. Mapping or scanning 
networks is done as a prerequisite to modern cyber warfare tactics. MEA 
has a three-layered system of computer and network usage — only the most 
open communication is sent on something called "e-grams".

The more classified stuff uses old-economy methods — ironically, 
probably the most secure though a lot more time-consuming. The same is 
true of other critical areas of the government. But the real gap inside 
the national security establishment is one of understanding the true 
nature of the threat.

National security adviser M K Narayanan set up the National Technology 
Research Organization, which is also involved in assessing cyber 
security threats. But the cyber security forum of the National Security 
Council has become defunct after the US spy incident. This has scarred 
the Indian establishment so badly that it’s now frozen in its 
indecision. This has seriously hampered India’s decision-making process 
in cyber warfare.

[1] http://broadband.indiatimes.com/videoshow/3010795.cms

Attend Black Hat USA, August 2-7 in Las Vegas, 
the world's premier technical event for ICT security experts.
Featuring 40 hands-on training courses and 80 Briefings 
presentations with lots of new content and new tools.
Network with 4,000 delegates from 50 nations.  
Visit product displays by 30 top sponsors in 
a relaxed setting. http://www.blackhat.com

This archive was generated by hypermail 2.1.3 : Tue May 06 2008 - 01:57:04 PDT