There appears to be a “strong correlation” between the cyber espionage attacks on India and those on Google during the middle of December 2009, according to an expert who did field research in India for two reports that exposed the Indian establishment’s vulnerability to hacking emanating from China.
Greg Walton, who worked on the two highly publicised reports, GhostNet, released in March 2009, and Shadows in the Cloud, in April this year, said that the “temporal evidence” around that question showed the “very strong correlation”.
Walton said that the fourth wave of attacks on India occurred on the night of December 15 and continued through December 16 last year, while the attacks on Google’s infrastructure were on December 16 and 17.
“It seems that there’s some sort of connection between the attacks on Google and others corporations in the (Silicon) Valley and the attacks on India. They, more or less, took place at the same time and they came from the same state,” Walton said in New York.
Those attacks on Google (and on 20 other companies) led it to issue a statement through a post on its official blog stating it would “review the feasibility” of its business operations in China while Google also decided to no longer censor search results on Google.cn.
England-born Walton, who has a background in international relations and security studies, is planning to head to India by the end of May to offer his “services and advice” to the Indian government on securing its cyber infrastructure.
He is expected to coordinate with the office of the National Security Adviser Shiv Shanker Menon. That office may serve as a nodal point for linking work in this sphere that is being conducted by various government agencies like the Research and Analysis Wing’s Bangalore-based National Technical Research Organisation, the Intelligence Bureau cyber security unit, the National Informatics Centre and the New Delhi-based Computer Emergency Response Team.
While the two reports revealed the extent to which some areas of the government’s national security establishment’s networks may have been compromised, this remains an ever-present threat, according to analysts in this field.
For instance, there is evidence that the network details like login IDs and passwords for organisations tasked with servicing and securing the cyber infrastructure is being sold online by the Russian cyber mafia.
Walton said, “Criminals are trading information about accounts of many governments all over the Internet.”
While governments across the world are vulnerable, India is more so because of its seesawing relationship with China and the presence of the Dalai Lama in this country.
Walton, however, said the investigation could not establish the direct involvement of Chinese government agencies in the hacking.