The home ministry has asked officials to stay off social networking sites such as Facebook on their official computers after security agencies detected a “cyber espionage attack” targeting a senior government official.
The directive to stay away from social networking sites at work came as part of security guidelines issued by Nirmaljeet Singh Kalsi, the home ministry’s chief information security officer.
“Reports have been received about recent cyber espionage attack on various installations of Government of India including MHA,” Kalsi said in his circular that also barred officers from keeping sensitive official information even at a draft or conceptual stage on their personal computers.
The security guidelines also prohibits officers from accessing their personal emails and any website not connected to their official work, on an official computer as “this could be the source of malicious code, virus, Trojan or Keyloggers having high security threat not only for that system but the entire MHA network.”
“Social networking sites such as Google+, facebook etc and sites of online games shall not be accessed from an official computer.”
The immediate provocation for the directive was a cyber espionage attack last month that saw cyber attackers sending a document to targeted officials. Once the file was opened, the file ran malicious scripts enabling the attacker to steal information and passwords from the officer’s computer.
In this case, Kalsi warned in his circular, the attackers had used Facebook and other social networking web portals to identify “critical individuals” in the government.
After tracking the online activities of their target, they prepared a maliciously crafted a Microsoft word, excel or PDF document with the title of interest to the targeted entity. In this case believed to have taken place in the second week of July, the attackers had named the file, “Daily Electronic Media Report”.
Once opened, the file executed malicious scripts and downloaded a second level of codes from the internet. These codes would act at the command of the attacker enabling him to steal information and passwords.
It was not clear if the authorities had been able to track down the attackers in the recent case. Last year, some computers at the Prime Minister’s Office had been attacked with a Trojan virus traced to China.