An Exclusive Interview with The Hacker News‘s group editor Unix Root
1.) There is a call for all Indian hackers to unite? What has prompted such a call?
To defend the country's IT infrastructure from internal cyber crimes and external attacks now India should unite all hackers. Most powerful countries like USA, China having their own special cyber army's to fight against such attacks. Now its time for India to all call all hackers for fighting against cyber terrorism and crimes. According to facts, there are 98% of cyber crime cases are unreported in India, thats only because people are not aware of cyber laws and not satisfy with the current cyber laws. India should now work on flexible cyber laws and should appreciate the Hero's of computer revolution ie. Hackers.
2.) How grave is the threat of cyber crime in India?
Security is a major concern these days—not only in physical space but also in the cyber space. Computer, The most favorite weapon for terrorists in 4th generation. No physical attack, No life loss .. But this one weapon can destroy the whole infrastructure on any country. In India, as technology is developing, on the other hand the misuse of same technology also occurs. Computer/Internet become the most revolution inventions of 20's. But here we have lots of cyber crime issues also using these inventions. Terrorist who just have mentality to destroy the world are now using this way of crimes. In India now mostly every child now involved in cyber crime. Children are not aware about the result of cyber crimes, but for them this is just fun.Without your realising it, within a matter of minutes, a single computer intrusion is capable of causing losses amounting to millions of dollars.
3.) Is the threat more serious to civil or military targets in India?
The threat more serious to both, civil and military. The real hackers works on military targets where as other small scale hackers do hacking of civil targets. Civil targets are just for showoff by hackers that they are also exist in this world. Whereas the military hacks are very serious , because will affects the whole IT infrastructure, Defense department, Economics and Information Security and lots of other serious issues.This problem is 1,000 times worse than civil hacking.
4.) How do you view India’s progress in countering cyber terrorism?
Countering cyber terrorism ! I think before concentrating on Counter attacks on other country ,India should concentrate on the internal cyber security. Unite Hackers does not mean that we should also do terror attacks on other countries. The purpose of unite hackers should be to use the knowledge of hackers for making own self secure. So that no external attacks can affect the Indian property. The process to securing every network,website and servers may be a long and slow process, But this will be the best stable solution for Security.One more important thing here that Indian Govt. should guide and help such ambitious Indian hacker, who are still students and don't have enough support to stand against cyber terrorism for serving their knowledge and life for the country.
5.) There is talk about penetration of malware into military and defence systems. Are terrorist organizations capable of doing the same? Do they really have such capabilities as pointed out by the intelligence services?
Serious threat exists when military, scientific or bank servers are hacked by so called computer viruses also called malicious software or malware. This term signifies the penetration of individual or institutional computer systems by viruses with malicious intent. Here the entire operations of these organisations whose servers have been hacked are at risk. Sometimes the danger is more acute as the systems are completely disturbed or destroyed.The targets of malware on computer systems can be civil or military. Civilian targets could be gas or oil refineries, disruption of banking and stock exchange operations, jamming communication networks such as telephones, disabling websites and disruption of online reservation systems of air and rail.Military warfare hacking computers and introduction of malware is often called cyber-war. Terrorist organizations are equipped with highly trained units for cyber crime. Mapping the Pentagon's Networks, Taj Hotel - Mumbai, Indian parliament are all done with the help of such criminal hackers.
6.) There was an issue with regard to the Stuxnet worm recently. Could you explain to us about the worm and also the effects it could have on India and where it has originated from?
The Siemens-targeting Stuxnet worm created by Israel's military was also behind the destruction of an Indian broadcasting satellite. While Stuxnet had made its way to the Iran's first nuclear power plant, but ISRO, which utilized the flaw Siemens devices, had also fallen prey to the Stuxnet worm.Around half of the transponders on the Indian satellite INSAT-4B closed down suddenly because of a solar panel failure on 9 July 2010. The Siemens software, which is used in ISRO's Liquid Propulsion Systems Centre, is S7-400 PLC and SIMATIC WinCC, both of which would trigger on the Stuxnet worm.The Stuxnet worm was first revealed in June 2010, a month prior to the unexpected power failure at the INSAT-4B that led to its breakdown. Since then there have been numerous theories about the origin of the Stuxnet worm, which has caused an extensive destruction around the world especially in Indonesia, Iran, and India.
7.) The capabilities of our security agencies appear not to be up to the mark while dealing with cyber terrorism? What suggestions do you have for them?
Cyber terrorism is a catastrophic phenomenon that has not yet attracted the attention of the Indian Legislature. The law for Cyber Terrorism is not sufficient and this problem can be tackled either by making a separate law or by making suitable amendments in the already existing Information Technology Act, 2000.
However some of the basic steps that are needed to protect the country from this type of cyber attack -
a.) Training of relevant computer and military experts, including the young generation Hackers.
b.) Design of computer security architecture to prevent infection of computer systems from malware viruses.
c.) Setting up of a joint command directly under the Prime Minister or the National Security Agency.
d.) Unite all hackers , provide them best resources, authorities under some required rules and regulations.
e.) Re-design the whole study pattern for Cyber security. According to me "cyber security" should be a subject in school and colleges to provide knowledge to students from beginning of their professional life.
f.) One of the most important point, This one also my dream ... making a "Hacker University" in India. Like oracle university is doing research on oracle databases, RedHat University working on developing best and secure linux os. Same way,India should have 1st "Hacker University" to research & investigating on Hacking and Cyber Crimes.
8.) Speaking of the law are you satisfied with the existing laws available to deal with cyber terrorism?
No, we are not satisfied with the current cyber laws in INDIA. Cyber terrorism has been defined as an offence in section 66F— one who causes denial of access to computer resources, or has unauthorized access to a computer resource, or introduces a virus, with the intent to threaten the unity, integrity, security or sovereignty of India or to strike terror in any section of the people is deemed to be committing cyber terrorism. If a person has unauthorized access to a computer resource with the intent to breach the security of the state, its sovereignty and integrity, and friendly relations with foreign states, then also he is deemed to be committing cyber terrorism.
Here we have thousands of Hacker in India who Pentest the security of various websites and servers at their own level just to test their skills, to inform the owner of website/servers that their security is weak and more positive reasons. These are mostly students who are ambitious to learn new skillls. Their purpose is not to harm anyone, But they also comes under "Criminals" according to current laws. I want to also clear that Defacing a website either of own country or of other country is crime and it should remains under criminal acts. Access to a server/website just to check the security should not be crime. But if someone do any changes on it, then it will be considered as crime.
9.) If at all a full fledged cyber war is launched then what would be its impact in India?
According to current conditions, I can say that definitely India have to face lots of problems if sudden any Cyber War starts, Because we are not prepared for that. Cyber War does not mean to deface websites or accessing civil servers, Its actually to collect secret data/information of other countries and for this India still don't have proper required army. Obviously, Now Indian govt. has to think about it. We know that its late, but late is better than never.
10.) The USA says that if a full fledged cyber war is launched then it could result in a break down of systems such as oil refineries, air traffic control systems and also our satellite system. Do you see this happening?
Yes, this is right. If a full fledged cyber war is launched then it could result in a break down of systems such as oil refineries, air traffic control systems and also our satellite system. One of the big example is Stuxnet Worm which Responsible for Destroying Indian Satellite and Iran admitted to 30,000 computers having been affected by Stuxnet.These events would lead further to other breakdowns of transportation of food supplies and other essential commodities. The impact could be as devastating as that of a nuclear war.
11.) Are organizations such as ISRO doing enough to protect their satellites from attacks from threats such as the Stuxnet bomb?
Never, ISRO having experts of satellite programming, They are basically developers without hacking skills. Systems can be secured when a hacker is developing it, thats because he know that how it can be hacked, so obviously he will take care of all security measure regarding Hacking also. India need a research center on Hacking technologies also, the experts their will take care about all such security measures. So, ISRO is not enough to protect their satellites from attacks from threats such as the Stuxnet bomb.
12.) Are our nuclear installations guarded from such threats?
From the recent attacks, India should learn that anything can be hacked in this modern world of hackers and computers.Stuxnet Malware Is ‘Weapon’ Out To Destroy Iran’s Bushehr Nuclear Plant. In modern world every technology is based on computer, servers and nothing is secured here. Hacker (External) are the one who are challenge for our National Security and Hackers(Indian) are the one who can save Country from such threats.
13.) It is clear that our police force cannot do much by itself on this issue. Are you happy with the manner in which India uses ethical hackers to wade away such threats?
Fighting against such attacks is not possible for normal police. For this India should have best trained cyber force in future. Currently Hackers of India also doing 2-3% of help at their own level to fight against cyber terrorism. But this can be 100% if govt. of India will support such Hackers. Supporting the hackers does not mean to give them License to hack anything. This support should be in manned way with some strict rules and regulations. So that no-one can misuse their rights.
14.) How would you compare the hacking scene in India when compared to Pakistan?
No doubt, Some Indian and Pakistan hacker are good from heart. For them humanity is most important, I will not say that all Pakistan hackers are criminal or all Indian hackers are not criminals. We having good hackers and bad hackers on both sides, But environment affects the usage of skills. Mostly Pakistan hacker are involved in terror activities, because they don't have right way to use their skill in their country. In India, the environment is much better and open for everyone. So hackers of India working for good cause. Here i also want to mention that some Indian Hackers are involved in spreading wrong myths about cyber war like hot cakes to gain importance.
At the last I just want to say that "Fight against Cyber terror should be stable" Here stability means, it may take long time to secure every system on India, to aware people about it,but atleast this will remains stable forever. Cyber war will be the fastest way to fight against terror, but unstable solution, suppose cyber army will defeat 100 cyber terrorists, on the next day there will be 1000 more terrorist will stand and this process will go so on... So better to follow slow and stable solutions.
Source : http://cattechie.blogspot.com/2010/11/exclusive-interview-with-unixroot-s.html