04 October 2011

Is India Hackers' Refuge?

India is a coveted and trouble-free board for cyber criminals, and if it does not do something safe and sound, its calculated assets could be compromised.

India might be on the edge to turn out to be a software superpower by 2020, but it emerged as one of the top three breeding grounds for web-based attacks.

The country stands next to the U.S. and Brazil where such malevolent attacks originated, revealed a Symantec's Internet Security Threat report. India figured 13th on the list the previous year.


Being one of the lowest hanging fruits on the Internet, India is always vulnerable and fruitful for hackers. Inside our boundaries they discover the perfect grouping of the cybercrime targets, plentiful vectors and lethargic barricades.

Indians are now taking e-commerce and Internet banking in a huge way. As our business in public and private sector is expanding, the payoff from attacking any one of those can be huge. Every second a computer in India is likely to have been infected with a virus in the past three months.

A country that accounts for only 3 percent of Internet users in the world, India has been referred as the world's third largest source of spam three years in a row. India is also home to 17 percent of infected computers on the Internet that can be hijacked by criminals to do their command.

Our security agencies are mournfully ill-equipped to battle next to a new class of enemies who are typically dispersed, often state-less and always quick-witted.


So whenever a new virus or malware is exposed; India is right up there on the charts. And talking about presence of malicious code on computers, the United States leads the world closely followed by India.
Lately, a lethal Stuxnet virus spread across the world roughly wrecking the Iranian nuclear program and India was up there at number three with 10 percent of all infections.

According to a report by Forbes, Indian banks and government agencies are attacked with fearsome incidence and in many cases successfully. Sharad Sanghi, CEO of Netmagic feels, "The numbers of hacking attempts or incidents have gone up sharply in the past 12 months," reports Forbes. According to Symantec, the world's largest security software company, hacker attacks increased 93 percent over 2009-2010.

"Hacker", this word at once brings to our mind a radiant software programmer with a craving to save mankind. There are a few varieties to the list like Grey Hat, White Hat, Black Hat, Mules Herders etc.

A White Hat gets into networks with authorization, a Grey Hat works as a White Hat but may get into networks without permission for fun or profit, and a Black Hat enters networks without permission and is frequently paid. Script Kiddies are those starting out in the information security world, and Mules are recruited by Herders to acknowledge money looted during online frauds.


Topping the list are the hackers with political belief. Anonymous, is the most famous of such that uses hacker attacks to control governments and corporations to become more transparent. It was Anonymous that attacked the Web sites of Visa and MasterCard when they stopped accepting donations meant for Wikileaks' Julian Assange.

Hardly a year ago, Anonymous got into a scrap with an Indian company called Aiplex, specialising in anti-piracy operations. The company is hired by a variety of entertainment companies to go after sites from which you could download music or movies illegitimately.

The Office of His Holiness The Dalai Lama, the leader of the Tibetan Government-in-Exile in India at Dharamshala, is taught to resist most temptations, but the routine email is difficult to avoid. If an email from a known fellow Tibetan with an attachment "Translation of Freedom Movement ID Book for Tibetans in Exile.doc" arrives, there is no way The Dalai Lama's staff is not going to open it. They clicked on the attachment, opened it and brought plague upon themselves. It didn't take long to understand that most computers of the Tibetan Government-in-Exile were 'double agents'; functioning normally, but every now and then ferreting sensitive information out to their 'command and control' computers, most of which were in China. It all started the moment one of the monks clicked on a file, allowing a slimy software code to install itself on his computer and establish connections with computers in China. This malicious software malware would first locate important documents on the infected computer and upload them to its controllers, then try to spread itself further by sending infected emails to the contacts stored on the machine.

Kaspersky says, "Unfortunately, every system can be hacked. It is all about how many resources an attacker is willing to allocate for the attack, how many attackers are interested in attacking this victim. The level of risk is how interesting you are". High-grade, attacks have become mass market products.

The solution to it is breach disclosure laws that force companies to inform consumers or partners when their data is even assumed to be stolen, like in most states in the U.S. Failure to do so, frequently leads to a criminal investigation. The European Union too is close to bringing in a similar law.

pg 4

In India, while Section 70 of the Information Technology Act makes CERT-IN, the nodal authority to receive reports of breaches, there is no pressure on companies to report breaches.

Shantanu Ghosh, head of Symantec India says, "We definitely need a breach law. Because only when you publicize breaches will companies take security seriously,"

But don't look forward to such parameter to go off up overnight. Because if it happens, the government itself could win the doubtful distinction of being the most-breached organization as there have been numerous attacks on government and public sector organizations.