Second cyber attack in 4 months hits government
Even as India is trying to figure out the extent of damage caused by the ‘Red October’ cyber espionage programme detected in March, another attack has been detected. Sanjib Kr Baruah reports.india Updated: Jun 09, 2013 10:10 IST
Even as India is trying to figure out the extent of damage caused by the ‘Red October’ cyber espionage programme detected in March, another attack has been detected.
The recent hacking attack, till now, has stolen at least 22 GB of data, including secret documents from high-profile Indian establishments. And what’s worse — the attack might still be on.
Exposing India as increasingly vulnerable to cyber attacks, a malicious programme called NetTraveler a.k.a Travnet has been infecting its cyber systems since 2004.
The victims number at least 40 and include ministries, embassies, military and scientific institutes, aerospace research, IT companies, financial organisations, media organisations, and even small private companies.
The attack was detected by Russian cyber security laboratory Kaspersky which was one of the entities to have closely collaborated with India’s technical intelligence wing National Technical Research Organisation (NTRO) and private cyber security experts in detecting the ‘Red October’ attack.
“Attackers have been able to steal about 22 GB of documents (in India). But it is really a tip of the iceberg. The real data may be many times bigger,” a Kaspersky representative told HT.
The biggest number of attacks took place in Mongolia followed by Russia and then India. Globally, at least 350 NetTraveler attacks across 40 countries have taken place although the number of victims is expected to exceed 1000, including even activists.
The largest number of attacks took place from 2010 to 2013.
From sketchy details that the authorities pieced together, it seems that the command and control centres of the hacking group are concentrated in Hong Kong, China and the US.
Although nothing is conclusive at this point of time, it is believed that the attackers belong to a Chinese hacking group. “We don’t know the details, who might be behind this. The objective is to steal documents and then sift through to find the useful intelligence…probably to sell in the black market,” the representative said.
An interesting aspect is that in several cases, the NetTraveler attacks overlapped with the attacks by the ‘Red October’ programme which had, among others, targeted the Defence Research and Development Organisation (DRDO) and hacked e-mail accounts of its senior scientists and stolen top secret military data.
“...We estimate the (hackers’) group size to about 50 individuals, most of whom speak Chinese natively and has knowledge of English language.”