Hacking of CBI website raises question over safety regulations

The recent hacking of CBI`s website by a group called `Pakistani Cyber Army` has raised questions over the safety regulations of servers provided by National Informatics Centre.

New Delhi: The recent hacking of CBI`s
website by a group called `Pakistani Cyber Army` has raised
questions over the safety regulations of servers provided by
National Informatics Centre, the organisation responsible for
maintaining government servers.

While the NIC maintains a studied silence over the
entire issue, sources in the security establishment say that
the safety mechanism of the NIC was not up to the mark and
several reminders were being sent to them for upgrading their

The official website of the CBI was hacked by the
`Pakistani Cyber Army` on the intervening night of December 3
and 4. The CBI had yesterday registered a case against unknown
persons in this connection.

A report "Shadows in the Cloud" by a Canadian think-
tank comprising "Information Warfare Monitor" and "Shadows
Server" earlier this year said there was evidence of a cyber
espionage network that compromised government, business and
academic computer systems in India, especially the office of
the Dalai Lama.

According to a Canadian firm, which investigated the
hacking of the Dalai Lama`s computer, as many as 12 computers
of NIC had been hit by the Chinese hackers.

The report said the recovery and analysis of
ex-filtrated data, including one that appears to be encrypted
diplomatic correspondence, two documents marked "Secret", six
as "Restricted", and five as "Confidential". These documents
are identified as belonging to the Indian government.

"However, we do not have direct evidence that they
were stolen from Indian government computers and they may have
been compromised as a result of being copied onto personal

"The recovered documents also include 1,500 letters
sent from the Dalai Lama`s office between January and November
2009. The profile of documents recovered suggests that the
attackers targeted specific systems and profiles of users,"
the report said.

The sources said besides reports by well-established
think-tanks, there were several notes drawing urgent attention
of various key ministries about possible intrusion by hackers
either based in China or Pakistan trying to infiltrate into
the computers.

Agencies have also cautioned against the practice of
connecting official computers and laptops with unsecured
Internet connections by some bureaucrats thus compromising

With hackers mainly from China very active and having
penetrated deep into the cyber space, the security agencies
had asked all ministries especially the Defence, External,
Home and the PMO to separate their official computers with
those with Internet facility.

The recommendations of the central security agencies
seem to have gone unheeded as an official maintained that
their suggestion was only recommendatory in nature.

The National Technical and Research Organisation
(NTRO) also circulated a do`s and don`ts to key ministries
recently after attempts from hackers were noticed.

Against the backdrop of concerns over checking of
crucial official websites, security agencies have been
continuously warning the government about the use of
multitasking BlackBerry instruments by some of the officials
working in sensitive ministries including the Prime Minister`s

A quick random check was carried out earlier during
which it was found that some of the officials in the Prime
Minister`s Office were using BlackBerry services and had
linked their official emails on the handset, which is not

The problem dogging the cyber space in the country is
constant use of official computers by officials in key
ministries despite a warning from security agencies not to
link them with the Internet.

Security of many of the computers in the Ministry of
External Affairs and its missions abroad was compromised with
forcing a security audit of the machines and segregating the
virus affected ones out of the system.

The Ministry of Home Affairs has a separate server for
its computers and there have been no attempts to hack its
system since it has another server with Internet facility. A
surprise check of all the computers is being carried at
regular intervals.

The Canadian think tank, in its report, clearly
pointed out that there was "evidence" of links between the
Shadow network and two individuals living Chengdu in People`s
Republic of China to the underground hacking community.

Giving details, the report said the the GhostNet
system directs infected computers to download a Trojan, known
as ghost RAT, that allows attackers to gain complete,
real-time control.

These instances of ghost RAT are consistently
controlled from commercial Internet access accounts located on
the island of Hainan, People`s Republic of China.

"Our investigation reveals that GhostNet is capable of
taking full control of infected computers, including searching
and downloading specific files, and covertly operating
attached devices, including microphones and web cameras.

"China is actively developing an operational capacity
in cyberspace, correctly identifying it as the domain in which
it can achieve strategic parity, if not superiority, over the
military establishments of the United States and its allies.

The report said: "Chinese cyber warfare doctrine is
well developed, and significant resources have been invested
by the People`s Liberation Army and security services in
developing defensive and offensive capabilities."

According to them, an email message arrives in the
target`s inbox carrying the malware in an attachment or web

The attackers` objective is to get the target to open
the attachment or malicious link so that the malicious code
can execute, it said.

About the Chinese hackers` incursion in the cyber
space, the Canadian company cited an example saying "during
the course of our research, we were informed of the following

A member of Drewla, a young woman, decided to return
to her family village in Tibet after working for two years for

"She was arrested at the Nepalese-Tibetan border and
taken to a detention facility, where she was held
incommunicado for two months.

"She was interrogated by Chinese intelligence
personnel about her employment in Dharamsala. She denied
having been politically active and insisted that she had gone
to Dharamsala for studies," the report claimed.
"In response to this, the intelligence officers pulled
out a dossier on her activities and presented her with full
transcripts of her Internet chats over the years.

"They indicated that they were fully aware of, and
were monitoring, the Drewla outreach initiative and that her
colleagues were not welcome to return to Tibet. They then
released her and she returned to her village," the report