Cyber attacks on Indian government sites have been rising over the years despite several layers of security measures in place to protect from unwanted intrusion.
Earlier this year, officials from NIC reported a significant increase in cyber attacks on government sites between 24 and 26 January, aimed at password hacking and subsequent spread of malicious content using attachments in emails.
The dates are crucial since this was the time when the US President Barack Obama was on an official visit to India and was the Chief Guest of Honour at the Republic Day celebrations. NIC officials noted a 20% increase in ‘brute force’ attacks, a method used by hackers to constantly attack vulnerabilities in the target computer and gain access to password.
Once entry into the target computer has been achieved, the hacker then uses the victim’s email to spread malicious content aimed at taking over, retrieving or corrupting data on other mail recipients’ computers.
Which Ministries are Targeted?
Ministries that were major targets for such attacks included the PMO, Home, Finance and External Affairs. Although the government only confirmed attempts at hacking, it is widely believed that hackers were successful in pulling down some pages within sites, as also redirecting visitors to other unrelated sites. The Defence Ministry, too, has been witnessing regular attempts at gaining access to its network.
Chinese Hackers Suspected
Several years back, Bhabha Atomic Research Centre website was reported to have been hacked. Similar incidents have been recorded at various other sensitive installations, although these have been mostly restricted to website-level hacking and content defacing rather than any serious breach of sensitive data.
What confirms this trend is a recent report released in 2016 by Russian origin IT Security company – Kaspersky – which states that several computers used by senior government officials in sensitive departments such as Cabinet Secretariat, Ministry of Information and Technology and External Affairs were targeted by Chinese hackers between February and March this year.
As per the report, the suspected group behind these attacks is a faceless Chinese espionage group known as Dantis Network. Dantis is known to focus on diplomatic and commercial intelligence gathering. Kaspersky suspects that several Indian government computers may have already been compromised.
The report has specifically named a Deputy Secretary in the Department of Administrative Reforms and Public Grievances whose computer was hacked and whose email ID was used to circulate emails along with attachment containing malicious content. Since most recipients of the mails were senior government officials, it can be concluded that their systems, too, may have been compromised.
Kaspersky has been tracking the activities of Dantis and has announced that the group had exploited a vulnerability in CVE -2015-2545 of Microsoft Office in February this year. Thus, several emails with attached docx were uploaded to VirusTotal.
Cyber Attacks on Indian Embassies Abroad
Dantis, apparently, targeted Indian missions in Denmark, Colombia and Hungary. It created several fake emails with real signature and contact details of senior officials in the IT ministry and sent these to the Indian mission in Hungary.
The moment these emails were opened, the virus took control of the target computer and then was able to spread the virus to other computers via email to other target recipients.
Fortunately, these were discovered in time and further damage was restricted.
Cyber attacks are not restricted to India alone
Compared to many other countries, India has witnessed far less attacks and the consequent damage done has been more or less restricted.
As per Kaspersky, the maximum number of cyber attacks were launched on targets in the US, followed by China and South Korea, in that order.
In the first quarter of 2016, 74 countries were victims of DDOS attacks, of which over 93.6% were focused on just 10 countries. France and Germany came under increased attacks and were included in the Top 10 countries for the first time. The longest single attack recorded lasted 197 hours or 8.2 days.
Besides espionage hackers attempting to steal government information and private commercial data, cyber criminals too have been very active in developing technical skills to penetrate the most secure IT infrastructures.
$81 million stolen from Federal Bank in Bangladesh
In March 2016, the Federal Bank in Bangladesh fell victim to cyber criminals who broke through security layers and diverted around $81 million, through a series of transactions to fraudulent accounts that were later traced to the Philippines and Sri Lanka.
The criminals, apparently, succeeded in installing a malware that is believed to be some kind of Remote Access Trojan (RAT), into the Federal Bank’s main computer and then managed to use SWIFT to enable a series of transfers to fraudulent accounts without being immediately detected.
Kaspersky estimates that between 2013 and 2014, over 100 banks and financial institutions had been hacked and over $1 billion stolen by cyber criminals operating out of Russia, China and Ukraine. The worst-hit countries were USA, Russia, Germany, Canada, China and Ukraine.
Common Types of Cyber Attacks
Distributed Denial of Service (DDOS) is the most common form of cyber attack and usually has a large footprint. A DDOS attack is launched from several computers and IP addresses spread globally and aimed at one single target computer. Botnets flood the target computer’s ports and penetrates the target computer using any opening or vulnerability.
DDOS comprises three types of attacks:
- Traffic centric: Large volumes of ICPM, TCP or UDP packets are sent to the target computer which gets overwhelmed by sheer volume and unable to distinguish fake from genuine packets, thereby opening itself to a malware.
- Application centric: Application resources of the target computer gets severely depleted by application layer data messages that result in denial of service.
- Bandwidth centric: Target computer is flooded with large volume of junk messages that take up all bandwidth thereby resulting in denial of service.
CERT and NIC on their toes
Computer Emergency Response Team (CERT) and National Informatics Centre (NIC) are both entrusted with the responsibility of securing the Indian government’s IT infrastructure.
Ever since its inception in January 2004, CERT has been busy setting up the IT Security Policy Framework, vulnerability assessment and threat analysis for the Indian government, based on emerging cyber threat scenario.
With cyber attacks growing more sophisticated and frequent, CERT, along with NIC, has had its hands full trying to keep the government’s IT infrastructure secure.