Cyber Feature Cover Security

India’s cyber trauma

R By Sarosh Bana APSM Correspondent

48 | Chief IT

ecently, India’s Defence and other ministries were placed on high alert following concerted cyber attacks on the country’s government and commercial organisations by the Chinese People’s Liberation Army’s (PLA’s) Western Theatre Command that faces India all along its northern Himalayan borders. The Ministry of Defence (MoD) issued an alert to the army, navy and air force that a Chinese Advanced Persistent Threat (APT) group called Suckfly, based in Chengdu region where the Command is located, is targeting Indian agencies, with the defence establishment as its prime target. Suckfly, which carries out cyber espionage through a malware called Nidiran, camouflaged its attacks with certificates stolen from legitimate software developing firms in South Korea. “This cyber espionage was undertaken by infecting computers of both government and commercial houses involved in e-commerce, finance, healthcare, shipping and technology,” the MoD alert cautioned. “Sensitive information from targeted computers and networks is being used to undermine national security and economic capabilities.” An APT is a network attack in which someone gains unauthorised access and stays there undetected for long, the intention being to steal data instead of causing damage to the network or organisation.

These mounting cyber onslaughts against India’s defence establishments have reaffirmed a proposal for the setting up of a dedicated tri-services command for cyber security. A proposal for such a command had indeed been drafted following a 2012 cyber attack by Chinese hackers, who managed to penetrate the commuter systems of the Indian Navy’s Eastern Command, where the country’s first indigenous nuclear submarine was constructed and is based. More recently, a strange email was received by senior executives of the Mumbai-headquartered Tata Group (US$103 billion revenue last year) from chairman Cyrus Mistry asking them to transfer US$4,500 to a specified bank account. “We are coming up with a project of Tata Group; kindly deposit US$4,500 in a/c no. xxxx,” the email mentioned. “This project should not get stopped due to financial crunch.” Appropriately, it was the Group’s chief ethics officer, Dr Mukund Rajan, who caught the lie, recognising the hoax. He informed Mistry of the online impersonation, and a police inquiry is now under way to identify the perpetrator. A similarly fake email ID of Mistry had been created last year by a former Tata employee, subsequently arrested, who had sent emails from this account to officials of the Group company of Jaguar Land Rover ( JLR), asking them to