Vicky Nanjappa - March 19, 2012 12:55 IST
Given the extent of damage a cyber attack can unleash, accessing and then tampering with a key website has the potential to destabilise an entire nation, warns Vicky Nanjappa
In the last three months, 112 websites of the Indian government have been hacked by a Pakistan-based group known as H4tr ck. Indian authorities have finally woken up to the fact that we are facing a major cyber threat that may continue unabated for a while.
The website of Bharat Sanchar Nigam Limited was among those which were hacked. Websites of state governments, the human resources development ministry, the finance ministry and educational sites were also targeted.
India was left red-faced a couple of months ago when the high-profile website of the Central Bureau of Investigation was hacked. According to sources, crucial data on the CBI website was either lost or deleted due to the attack.
They point out that a website like BSNL will have hundreds of listed phone numbers. If spy agencies in Pakistan get hold of these numbers, they can be misused for subversive activities.
Online security safeguards in India are nothing short of pathetic. Most of these websites run on single servers which make them very vulnerable. In case they are hacked and the data deleted, the first thing that the authorities do is restore the deleted data from the back-up servers.
The BSNL case is a typical example of when such a recovery process was undertaken, prompting the hackers to target the site again.
Pakistan has been engaged in a cyber war with India since 1998, but such warfare was not taken very seriously back then.
A group that called itself Milworm hacked into the website of the Bhabha Atomic Research Centre. But no data was stolen at that time and instead, some hate messages were posted. India treated the incident as a hate campaign by Pakistan in retaliation to the Pokhran nuclear tests.
Years later, when Pakistan hacked into the website of the CBI, it had to be shut down for nearly 15 days, causing great inconvenience to investigators across India.
There was no access to the list of most wanted criminals by the Interpol, which is available on the CBI website. The website of liquor baron Vijay Mallya was also hacked, along with that of Andhra Pradesh police's criminal investigation department.
The hackers also managed to bring down the defences of the website of ONGC, the Indian Institute of Remote Sensing and the Centre for Transportation Research and Management.
The US Federal Bureau of Investigation has categorically stated that the biggest warfare is set to be waged in cyber space. But despite bearing the brunt of cyber attacks, India doesn't seem to be fully equipped to fight this menace. Pakistani agencies have unleashed a relentless stream of hacker groups who target Indian websites.
The armyinkashmir, the Pakistan G Force and the Pakistan Cyber Army are some of these groups. An elite group of hackers known as the Pakistan Hackers Club had also been set up under the patronage of the Inter Services Intelligence.
These groups have targeted as many as 500 websites in India and Israel over the past ten years. They continue to remain the same but keep resurfacing with a different name. Today, they are carrying out cyber attacks under the banner of a group called H4tr ck.
According to an expert in online security measures, "Securing our servers is not the only solution. While that ought to be the primary focus, we cannot function with single servers. We need a dedicated force to counter such actions. India did set up the Patriotic Indians group to counter such attacks. But such groups are called in only after an cyber attack, and they cannot dedicate all their time to this job due to prior commitments. In Pakistan, hacking experts are provided full-time jobs and handsome salaries, along with full-fledged protection. The numbers are self-explanatory; India has managed to hit back only 30 times as compared to the 300-odd times the Pakistanis have managed to hit us in cyber space".
He added, "Pakistani agencies enjoy the patronage of their security establishment but that is not the case in India. In India, there is no job security and too much red tape is involved in such assignments. Proper fund allocation is needed so that these hackers are protected, to make them willing to take such huge risks".
Given the extent of damage a cyber attack can unleash, accessing and then tampering with a key website has the potential to destabilise the nation. Hacking into crucial websites of public service utilities like electricity firms, educational systems, telephone systems and water networks could cause a great deal of damage.
India has been toying with the idea of setting up a National Cyber Coordination Centre. Such an agency will deal with interception but may not help much in securing our servers that are hacked by elements from across the borders. Though the biggest cyber threat is posed by Pakistan, China may also join the online battle to make the situation worse for India.
India needs to set up a dedicated cyber army by handpicking the sharpest people in our massive information technology sector and using them to protect our system.
There is a need to take cyber attacks like cross site scripting and SQL injection seriously and protect our websites against them.