On June 30, Chinese hackers broke into sensitive naval computer systems in and around Visakhapatnam, the headquarters of the Eastern Naval Command (ENC), and planted bugs that relayed confidential data to IP addresses in China. The naval computers were found infected with a virus that secretly collected and transmitted confidential files and documents to Chinese IP addresses.
The ENC plans operations and deployments in the South China Sea — the theatre of recent muscle-flexing by Beijing — and beyond. India’s first nuclear missile submarine, INS Arihant, is currently undergoing trials at the ENC.
The cyber espionage came to light sometime in January-February. Besides naval resources, other cyber forensic agencies were involved in tracing the hackers, sources said. China has been accused earlier of using ‘cyber battalions’ — specially trained military staff — to break into sensitive computer systems across the world.
In the past three months, 112 websites of the Indian government have been hacked by a Pakistan-based group known as H4tr ck. India was left red-faced when the high profile website of the Central Bureau of Investigation (CBI) was hacked in 2010. The country should take note of serious implications of cyber warfare, not only because of its historically contentious relationship with China, but also because of China’s undeniably close ties with Pakistan, which continues to sponsor terror across India.
China has a staggering $55 million annual budget pumped into the devious science of strategic hacking and India is clearly its biggest enemy. Nothing is sacred to Chinese hackers because hacking is institutionalised in the country.
Interestingly, virus writing is taught in Chinese military schools. The art of hacking is a part of training imparted to a growing army of about 10,000 cyber soldiers. They are trained in the use of malware, spyware, key loggers, Trojans, bots and malicious code generators to break into Indian computers, copy documents, ex-filtrate sensitive material and bug classified correspondence.
The Red Hackers Alliance, the fifth largest hacker group in the world, is known to render services directly to the Chinese government. With the alliance at its disposal, Beijing stays at the cutting edge of hacking techniques. The renowned virus-hunter Mikko Hypponen told a news website: “We’ve traced most of the cases of hacking against India not to Pakistan, not to Russia, not to anywhere else, but to China.”
Prominent security expert Dmitri Alperovitch, who leads McAfee’s Internet Threat Analysis Group and has worked with the Indian government, told the same website: “A State-funded terrorist group, perhaps pushed by some elements of a government, could be a danger. For the foreseeable future the threat from Stuxnet-like attacks will come from nation-states. India is definitely at risk, as it is in a very unstable part of the world with a constant threat of war. India should assume that it will be compromised, and ask how to make sure that it doesn’t break the country or the economy, or damage national security.”
In 2009, US President Barack Obama declared America’s digital infrastructure to be a “strategic national asset,” and in May 2010 Pentagon set up a US Cyber Command (USCYBERCOM), headed by General Keith B Alexander, director of the National Security Agency (NSA). This is being used to defend American military networks and attack other countries’ systems. Similarly, the EU has the European Network Information Security Agency (ENISA), and Britain has the Cyber Security and Operations Centre (CSOC) under their respective Chiefs of Staff in the armed forces.
Despite efforts to ramp up a cyber army, the Indian government’s cyber defences are only as strong as their weakest link. The National Technical Research Organisation (NTRO), the apex group under the Prime Minister’s Office tasked with India’s cyber-security, responds to an attack and neutralises it but usually not before discovering that some of the websites have been under hostile control.
Without a dedicated cyber-security organisation, India will remain a sitting duck. Hence, India has to have a Cyber Command like the US under the Chief of Defence Staff. Despite recommendations by the Kargil Review Committee (2001) and the Naresh Chandra Committee (May 2012) on National Security, it is yet to be installed. The chief reason behind the delay is bureaucratic high-handedness. The need of the hour is for the government to wake up before it is too late.
PK Vasudeva is defence analyst and commentator
The views expressed by the author are personal