[ISN] Fresh wave of cyber attacks hits India

From: InfoSec News <alerts_at_private>
Date: Mon, 15 Feb 2010 00:48:18 -0600 (CST)

By Vijay Mohan
Tribune News Service
February 11, 2010

Computer networks at sensitive establishments have experienced a second 
wave of cyber attacks from foreign-based hackers. Sources in the 
intelligence reveal that fresh attacks began on January 28 and about 25 
computers were targeted.

Computers used by individuals associated with the National Security 
Council (NSC) Secretariat and the National Security Advisory Board 
(NSAB) were the target of the new attacks, according to sources at the 
National Technical Research Organisation (NTRO).

While NSC is the apex agency looking into the political, economic, 
energy and strategic security concerns, the NSAB consists of persons of 
eminence outside the government, with expertise in security matters, 
foreign affairs, armed forces, internal security, science and economics.

Earlier attacks were experienced on January 15, when hackers hit 
computers being used by top government functionaries. This included the 
Prime Minister.s Office, intelligence agencies and the armed forces. In 
fact, the Cabinet Secretary, who is also reported to be a victim of 
these attacks, had scheduled a hi-level meeting of security and cyber 
war experts this week to work out modalities to deal with such 

Sources at NTRO, a relatively new highly specialised intelligence 
gathering agency concerned with satellite, terrestrial and internet 
monitoring as well as cyber warfare, have pegged the number of computers 
to have been hit in these attacks at 450.

Initial investigations revealed that 30 computers, including eight from 
the PMO, were compromised. This also involved two persons not on the 
regular posted strength of the PMO, prompting intelligence agencies to 
believe that the cyber attacks were backed by a high level of human 
intelligence, providing the whereabouts of key individuals and their 
portfolios and e-mail addresses. Others who came under attack from cyber 
space included chairman of the Joint Intelligence Committee, chief of 
the Naval Staff, deputy chief of Naval Staff, PM.s special envoy, the 
three military intelligence services and establishments of the BSF and 
CRPF in Jammu and Kashmir.

Monitoring the flow of information from these computers led to the 
identity of other computers that were compromised. Experts feel that the 
number could be more if the net was cast wider.

NTRO claims that the e-mail IPs of a couple of top mediapersons were 
also the target of these attacks. A MS-Word file titled National 
Security Document, containing a complex spyware was sent to the targeted 
addresses, which resulted in the computers being compromised once the 
document was downloaded. Earlier a malicious PDF file was also 
circulated. An e-mail address with a.nic.in suffix, said to be a dormant 
address hacked by the attackers, was reportedly used to send the mails.

Sources said that cyber experts at NTRO used .reverse hacking. 
methodology to trace the origins of the servers used in the malicious 
attacks. It is strongly believed that the servers were traced to 
mainland China, the exact physical location could not be established due 
to the complex nature of the attacks. .Our technical corroborations and 
results from other similar investigations reveal that the command and 
control architecture of these attacks have a Chinese signature,. a 
source claimed.

Under its Informationalisation Doctrine, China lays a huge emphasis on 
cyber war and it has a well set-up infrastructure for the same. Chinese 
believe cyber war to be the first element of surprise in a conventional 
war, to be used to cripple enemy civilian and military networks before 
going in for a physical offensive.

Some time ago NTRO had formed a rapid reaction team to deal with such 
exigencies and sources claim that their reaction time to the attacks was 
about an hour-and-a-half. NTRO is also known to have developed an 
offensive cyber warfare capability designed to penetrate computer 
networks and remote servers.

Did a friend send you this? From now on, be the 
first to find out! Subscribe to InfoSec News 
Received on Sun Feb 14 2010 - 22:48:18 PST

This archive was generated by hypermail 2.2.0 : Sun Feb 14 2010 - 22:55:28 PST