The Sunday Tribune

Web of terror

Terrorism in cyberspace has become a matter of global concern. Cyber espionage, web vandalism, hacking IT infrastructure and terror e-mails are the new means of warfare. It is time to take steps to make the world wide web safe, writes Subimal Bhattacharjee

EVENTS in cyberspace are becoming more scary. Just five minutes before the serial blasts in Delhi on September 13, a terror e-mail was sent as a challenge to the security forces. This was of a piece with a similar e-mail sent before the serial blasts in Ahmedabad in July.

And, this is not cyber warfare or cyber terrorism, which is much more frightening. The cyber attack that shook the world occurred last month when Georgian networks collapsed under the onslaught of a massive cyber offensive just preceding and during the Russian military invasion of its neighbour.

These incidents were not the first of their kind. Despite the geographical distance, they carried the same message: the use of cyberspace by terrorists and for terrorism and war.

As cyberspace grows, the possibilities of its misuse also multiply. Will it be wise to ignore the dangers lurking in the cyberspace and keep it unfettered as envisaged by its founders?

The answers are debatable despite strong arguments by votaries on both sides. The terror email about the Delhi blasts was sent through an Internet Protocol address registered in the name of a Mumbai-based private company. The e-mail ID used to send the mail was created just a few hours before the blasts in the Capital on September 13. The e-mail warning about the Ahmedabad blasts in July, too, had been sent in a similar manner by misusing the Wi-Fi Internet connection of an American citizen living in Navi Mumbai. The act was executed in such a manner that the actual sender might not be nabbed despite technology trails and the country's legal infrastructure.

However, this aspect of the terror act is very critical in understanding the psyche of the actual perpetrators of the crime. One has to take note of the meticulous planning that went into delivering these e-mail threats — both were sent just five minutes before the event leaving no scope for the security apparatus to react effectively and pre-empt the attack. Also, their confidence was so strong that the terror mastermind knew that even after a gap of more than a month, the capability of the security forces would be the same — unable to pre-empt the attacks. The mails actually taunt the security agencies for failing to trace the origin of e-mails.

Five terror e-mails have been sent till now and as many as three of these had PDF files attached to them. The mails are sent with a chilling accuracy to the IDs of all major media houses in the country. These mails were sent by hacking the unsecure Wi-Fi networks across Mumbai from accounts of professionals who figured nowhere on the radar of the security agencies. At the same time, the question whether a terrorist himself was at the keyboard or had been able to motivate a band of people to execute 'orders' is not known. The Gujarat Police's revelation that a former Wipro techie was involved in the whole episode makes the situation even more worrisome.

Govt not ready

With terror blasts taking place almost every other month in major cities across the country and leaving an e-mail trail, this should have been a top priority area for the government because cyberspace would have offered the best opportunity to gather information and help in many forensic efforts. But all one gets is the same old reactive approach. The blame game continues and no efforts are being made to bolster the cyber infrastructure in the country. In less than three weeks, another Wi-Fi misused e-mail threat was sent from a college in Mumbai, while the rush of e-mails and hoax calls to various police stations and media houses continued. A terrorist outfit sent a threat e-mail to the adviser of the North-East Students Forum in Assam towards the end of August.

Questions are now being raised about the nation’s readiness to deal with the threats as well as the measures required to counter the nuisance at various levels and forums. This has put a question mark over the government’s willingness to bring in a strong terror-fighting regime and apparatus in the country. We are far from having a national cyber security policy and hence don’t have a ready plan to address these sorts of e-mail threats. So rather than acting, the government just reacts after an attack occurs and the implications are forgotten with investigations dragging and media scrutiny dwindling over time.

Need for policy

The National Technical Research Organisation (NTRO) was set up in the wake of Kargil attacks for providing technical intelligence. But it has achieved virtually nothing since its inception in 2004 and is instead embroiled in turf war with the other intelligence agencies as well as with CERT (Computer Emergency Response Team) India about what role it should have in terms of addressing cyber security concerns.

The government has to define this clearly and set the ball rolling for an effective policy. The amendments to the Information Technology Act, 2000, should be passed by Parliament in its next session so that the much-needed reforms can be put in place immediately. The amendments have been drafted after a thorough review and scrutiny — first by an expert committee and then by the Parliamentary Standing Committee.

However, it remains to be seen if these amendments can really address the issues related to cyber security, particularly those related to the national security.

Even law enforcement agencies across the country have failed to keep up with the hectic pace at which technology is growing and is being suavely misused by criminals and terrorists. One of the most important aspects of the national cyber security plan is to address the issue of whether the existing forces should be trained and oriented to the cyberspace or a healthy police-industry working relationship be devised whereby the cyber security-related issues are outsourced to the competent private industry.

Attack on Georgia

The attacks on Georgian networks have drawn global attention. Though not very sophisticated, these attacks were indicative of the impact of cyberspace on conflicts that happen in the physical world. Russia is not being accused here for the first time — the needle of suspicion was on it when Estonian networks were severely bruised in May last. With Estonia being one of the most digitally advanced nations compared to a much sparsely networked country like Georgia, there were severe disruptions and damages to government networks and functioning of banks and airlines. The incident raised serious global concern and many nations, particularly Nato countries, stepped in to address the issue of network security and the impact of cyber warfare. Russia has denied such attempts but linkages to the distributed denial-of-service

attacks have been traced to Russian networks. Also there have been other incidents in cyberspace across the world in political flashpoints like the Israel-Palestine conflict. Even global terrorist organisations have set their eyes on the impact of attacks via cyberspace. Suddenly there are more fears among nations that cyber warfare will be more pronounced that expected. China is usually referred to as a major threat in cyberspace with already a few attacks orchestrated by it on western networks. But, there are many nations that are gearing up not only for cyber defence but also for cyber warfare and see it as a major strategic weapon.

Virtual war

That draws us to touch on the common inference from both these incidents, the most striking feature being that both were directed against the state but were executed by non-state actors, with or without state support. This asymmetric warfare is the war that will be fought in the future and even outsourced cyber warfare is a real possibility.

With no physical harm threatening the "fighters" and the advantage of hitting targets and crippling critical systems, there is not enough time left to wait to be attacked and then plan to fight the war.

Before the 9/11 attacks, the possibility of such an event was considered to be remote — cyberspace is more difficult as the enemy is ‘hidden’. It is difficult to find out whether he is the next-door neighbour or someone staying miles away. This is scary and needs to be addressed with a proper security policy and fought with a well-laid out strategy and army.

Intelligence gathering and snooping technologies have become a force enabler via cyberspace and so the enemies also know about the network readiness of nations and entities. Hence network surveillance is also something that cannot be ignored anymore.

While a lot of awareness has been created in India, there has been little effort to realise the impact of misuse of cyberspace on national security. The pace of modernisation of warfare technologies and strategies is slow; the realisation of the digital battlefield is still very superficial.

Along with this the drive to utilise the opportunity of the Indian global brand in information technology for orienting the nation for defence and security arenas is missing.

Not only is there a need for the cyber defensive policy, it is highly imperative that we have a cyber offensive policy to counter our enemies’ designs. Cyber attacks from Pakistani and Chinese networks are not uncommon. With more and more anti-national forces gaining sufficient striking knowledge of cyber warfare, need for a well-thought out strategy has increased all the more.

If this is not done soon enough then the nation will witness bigger catastrophes. Not only is there a pressing need for law enforcement and legal infrastructure to deal with cyber attacks, there is also a bigger need for an institutional mechanism to address cyber security issues. Apart from the authority issue, there has to be a matching national infrastructure that monitors the critical infrastructure and devise the national alert and response mechanism. Such entities exist in most of the advanced nations today and many of our officers were privy to those in the US. Unfortunately, efforts with the USA stopped in the backdrop of the alleged spying incident involving two employees of the National Security Council a couple of years back.

One of the most important things that the government needs to focus on is to play a leading role in the global cyber security efforts that are just beginning to attract more attention. Though the fact that transnational attacks are possible via cyberspace has attracted global attention, yet it has not made the nations come to some form of an arrangement by which they are able to bring the perpetrators to the book.

The buck does not stop here. Technology is moving ahead full steam, the asymmetric fighters are also honing their skills and so our network defence has to be dynamic and evolving. It has to outsmart the hackers and crackers who are constantly on the look out for targets and new areas. Cyberspace is just getting more critical in this global march towards Net-centric warfare.

Subimal Bhattacharjee writes on issues on cyberspace and security.

The big strikes

August, 2008: After the outbreak of the Georgia-Russia conflict, the Georgian Internet became the target of a coordinated cyber attack, which compromised several government websites with defacement and denial-of-service, crippling the country’s IT infrastructure.

October, 2007: Hackers attacked the website of Ukrainian President Viktor Yushchenko, for which a radical Russian nationalist youth group, the Eurasian Youth Movement, claimed responsibility.

May, 2007: Mass distributed denial-of-service attacks in Estonia in the wake of the removal of a Russian World War II war memorial, in which nearly all Estonian government ministry networks as well as two major Estonian bank networks were knocked offline.

April, 2005: Pakistani hackers attacked and defaced a few sensitive Indian installations and research networks.

May, 2003: There have been a series of attacks on critical US networks from Chinese networks called ‘Titan Rain’.

May, 2001: There were attacks from Chinese networks on US installations surrounding the downing of a US spyplane after collision with a Chinese jet. There were also retaliatory US attacks and Chinese websites were defaced.

1999: Hackers protesting against the Nato bombings in Kosovo, attacked Nato computers flooding them with e-mail and hit them with distributed denial-of-service attacks.

Forms of attack

Cyber espionage: It is an act or practice of obtaining secrets (sensitive, proprietary of classified information) from individuals, competitors, rivals, groups, governments and enemies for military, political, or economic advantage using illegal exploitation methods on Internet, networks, software and or computers.

Web vandalism: Attacks that deface web pages, or denial-of-service attacks.

Gathering data: Classified information that is not handled securely can be intercepted and even modified, making espionage possible from the other side of the world.

Distributed denial-of-service (DoS) attacks: Large number of computers in one country launch a DoS attack against systems in another country.

Equipment disruption: Military activities that use computers and satellites for coordination are at risk from this type of attack. Orders and communications can be intercepted or replaced, putting soldiers at risk.

Attacks on critical infrastructure: Power, water, fuel, communications, commercial and transportation are all vulnerable to a cyber attack.

Compromised counterfeit hardware: Common hardware used in computers and networks that have malicious software hidden inside the software, firmware or even the microprocessors.

HOME