The recent hacking of the Central Bureau of Investigation's (CBI) website by a group called the 'Pakistani Cyber Army' has raised concerns about the security measures of servers maintained by the National Informatics Centre (NIC). The NIC is responsible for government server maintenance.
While the NIC remains silent on the issue, sources in the security establishment suggest that the NIC's safety mechanisms were inadequate. Several reminders had been sent to NIC, urging them to upgrade their hardware. The CBI's official website was hacked on the night of December 3rd to 4th. The CBI has registered a case against unknown individuals in connection with the hacking.
A report titled "Shadows in the Cloud" by a Canadian think-tank, comprising the "Information Warfare Monitor" and "Shadows Server," earlier this year indicated evidence of a cyber-espionage network. This network compromised government, business, and academic computer systems in India, particularly the office of the Dalai Lama.
According to the Canadian firm investigating the Dalai Lama's computer hacking, twelve NIC computers were targeted by Chinese hackers. The report revealed that the exfiltrated data included encrypted diplomatic correspondence, documents marked as "Secret," "Restricted," and "Confidential," identified as belonging to the Indian government.
The report stated, "We do not have direct evidence that these documents were stolen from Indian government computers. They may have been compromised as a result of being copied onto personal computers." Additionally, 1,500 letters sent from the Dalai Lama's office between January and November 2009 were recovered. The profile of the recovered documents suggests targeted attacks on specific systems and users.
Sources indicate that beyond well-established think-tank reports, various key ministries received urgent notes about potential intrusions by hackers, primarily based in China or Pakistan. Agencies also warned against connecting official computers and laptops to unsecured internet connections, as some bureaucrats had compromised security.
With Chinese hackers active and deeply entrenched in cyberspace, security agencies urged all ministries, especially defense, external affairs, home, and the Prime Minister's Office (PMO), to separate official computers from those with internet access. Despite these recommendations, they were not strictly followed, as they were only advisory in nature.
The National Technical and Research Organisation (NTRO) recently circulated a list of do's and don'ts to key ministries after noticing hacker attempts. Concerns over securing crucial official websites led to continuous warnings from security agencies about using multitasking BlackBerry devices in sensitive ministries, including the PMO.
A random check revealed that some PMO officials were using BlackBerry services and linked their official emails to the handsets, which is not permitted. The persistent use of official computers in key ministries despite warnings not to connect them to the internet remains problematic.
The Ministry of External Affairs had its security compromised, prompting a security audit and the segregation of virus-affected machines. The Ministry of Home Affairs uses a separate server for its computers and has faced no hacking attempts, as it has another server with internet access. Surprise checks on all computers are conducted regularly.
The Canadian think-tank's report highlighted "evidence" linking the Shadow network to two individuals in Chengdu, China, and the underground hacking community. The GhostNet system directs infected computers to download a Trojan, known as Ghost RAT, allowing attackers complete, real-time control. These Ghost RAT instances are controlled from commercial internet accounts in Hainan, China.
"Our investigation reveals that GhostNet can take full control of infected computers, search and download specific files, and covertly operate attached devices like microphones and webcams," the report stated. "China is actively developing operational capacity in cyberspace, identifying it as a domain where it can achieve strategic parity or superiority over the military establishments of the United States and its allies."