Rivals UpdateChina´s Cyber Warfare
M Shamsur Rabb Khan
China´s intensified cyber warfare against India is becoming a serious threat to national security. The desire to possess ´electronic dominance´ over India has compelled Chinese hackers to attack many crucial Indian websites and over the past one and a half years, they have mounted almost daily attacks on Indian computer networks - both government and private. In October 2007, for example, Chinese hackers defaced over 143 Indian websites. A recent attack on a website called www.cabsec.gov.in, which is the nerve centre of the country´s administration, was particularly hostile, due to which the site remained defaced for hours.
Web defacement is the term applied to the unauthorized modification of a website. In its place, other terms, such as web jacking, vandalism, cyber graffiti are also used. Phishing, on the other hand, is a term derived from fishing, and is a fraudulent activity on the Internet to acquire personal information. As in fishing, where the fisherman uses a bait to catch fish, in phishing, the hackers use spoofed e-mails to lure innocent Internet users and get their personal information like bank account number, credit card details, password and so on. According to the Gartner Survey, financial losses due to phishing attacks have risen to more than US$3.2 billion in the year 2007 alone.
In April 2008, Indian intelligence agencies detected Chinese hackers breaking into the computer network of the Ministry of External Affairs forcing the government to think about devising a new strategy to fortify the system. Though the intelligence agencies failed to get the identity of the hackers, the IP addresses left behind suggested Chinese hands. While hacking is a normal practice around the world, the cyber warfare threat from China has serious implications. At the core of the assault is the fact that the Chinese are constantly scanning and mapping India´s official networks.
According to India´s Computer Emergency Response Team (CERT-In), in the year 2006, a total of 5,211 Indian websites were defaced, on an average of about 14 websites per day. Of the total number of sites that were hacked and defaced, an overwhelming majority were in the .com domain (90 cases) followed by 26 in the .in domain. As many as 11 defacement incidents were also recorded in the .org domain. Of all hacking incidents in October, about 61 per cent related to phishing, 27 per cent to unauthorized scanning and 8 per cent to viruses/worms under the malicious code category. India, like the western countries, has been witnessing a massive rise in phishing attacks with incidents in 2006 180 per cent higher than in 2005, and the trend carrying through into 2007.
Though the maximum defacements have been recorded during August (when India celebrates its Independence Day), in 2007, February and March recorded the highest such cases with 858 and 738 websites defaced respectively. August, by contrast, saw only 345 websites defaced. While other countries treat Chinese cyber attacks as security breaches, India considers these intrusions as the equivalent of Internet-based terrorist attacks. An Indian Army commanders´ conference held in New Delhi on 26 April 2008, voiced concern over mounting attacks on the country´s networks.
In the US, in June 2007, the Pentagon´s computers were shut down for a week as a result of hacking. At the frequency and aggressiveness of cyber attacks President Bush, without referring directly to Beijing, had said last year that "a lot of our systems are vulnerable to attack." The Chinese military hacked into the US Defence Secretary´s computer system in June 2007 and regularly penetrated computers in at least ten of the UK´s Whitehall departments, accessing also military files. German Chancellor, Angela Merkel, too has complained to Chinese Premier, Wen Jiabao, over suspected hacks of its government systems.
Although Beijing vehemently denies all allegations of state-controlled cyber snooping and hacking, the Chinese government as well as its society hails the practice of hacking for the national cause. The formation of Honker Union in China in 1999, in retaliation to the US bombing of the Chinese embassy in Belgrade, was aimed at widespread hacking under the guise of patriotism and nationalism, mostly of government-related websites around the world.
Unless India takes adequate steps to protect itself from external cyber threats, the world famous IT giant could be facing a grim situation. Cyber attacks are dangerous for India because of the growing reliance on networks and technology to control critical systems that run power plants and transportation systems. Cyber attacks on banks, stock markets and other financial institutions could likewise have a devastating effect on a nation´s economy.
As a countermeasure, the Indian armed forces are trying to enhance their C4ISR (command, control, communications, computers, intelligence, surveillance and reconnaissance) capabilities, so that the country can launch its own cyber offensive if the need arises. Given Chinese cyber attacks, there is need for the army to fight digital battles as well. According to Indian Army Chief, Gen. Deepak Kapoor, the army has already ramped up the security of its information networks right down to the division level, while the Army Cyber Security Establishment has started conducting periodic cyber-security audits as well. However, the question remains: is this enough to stop Chinese cyber attacks?
Back to Updates