Indian Defence Review

Cyber warfare refers to politically motivated hacking to conduct sabotage and espionage. It is a form of information warfare sometimes seen as analogous to conventional warfare although this analogy is controversial for both its accuracy and its political motivation1.

U.S. Government security expert Richard A. Clarke, in his book Cyber War (May 2010), defines “cyberwarfare” as “actions by a nation-state to penetrate another nation’s computers or networks for the purposes of causing damage or disruption.” The Economist describes cyberspace as “the fifth domain of warfare,” and William J. Lynn, U.S. Deputy Secretary of Defence, states that “as a doctrinal matter, the Pentagon has formally recognized cyberspace as a new domain in warfare . . . [which] has become just as critical to military operations as land, sea, air, and space.”2

In 2009, President Barack Obama declared America’s digital infrastructure to be a “strategic national asset,” and in May 2010 the Pentagon set up its new U.S. Cyber Command (USCYBERCOM), headed by General Keith B. Alexander, director of the National Security Agency (NSA), to defend American military networks and attack other countries’ systems. The EU has set up European Network and Information Security Agency (ENISA), which is headed by Prof. Udo Helmbrecht, and there are now further plans to significantly expand ENISA’s capabilities. The United Kingdom has also set up a cyber-security and “operations centre” based in Government Communications Headquarters (GCHQ), the British equivalent of the NSA.

In the U.S. however, Cyber Command is only set up to protect the military, whereas the government and corporate infrastructures are primarily the responsibility respectively of the Department of Homeland Security and private companies.

In February 2010, top American lawmakers warned that the “threat of a crippling attack on telecommunications and computer networks was sharply on the rise.” According to The Lipman Report, numerous key sectors of the U.S. economy along with that of other nations, are currently at risk, including cyber threats to public and private facilities, banking and finance, transportation, manufacturing, medical, education and government, all of which are now dependent on computers for daily operations.3

The Economist writes that China has plans of “winning informationised wars by the mid-21st century”. They note that other countries are likewise organizing for cyberwar, among them Russia, Israel and North Korea. Iran boasts of having the world’s second-largest cyber-army. James Gosler, a government cybersecurity specialist, worries that the U.S. has a severe shortage of computer security specialists, estimating that there are only about 1,000 qualified people in the country today, but needs a force of 20,000 to 30,000 skilled experts. At the July 2010 Black Hat computer security conference, Michael Hayden, former deputy director of national intelligence, challenged thousands of attendees to help devise ways to “reshape the Internet’s security architecture”, explaining, “You guys made the cyberworld look like the north German plain.”4

An undeclared war in cyberspace is now being fought between two broad groups, reminiscent of the cold war years. On the one side are the perceived victims, who are mostly Western nations. South Korea, Israel, Saudi Arabia and India are also fellow-victims because of their close relations with the West, especially the U.S. arrayed against them are Russia, China, and North Korea.

Iran is a recent entrant to the club, and is said to be slowly acquiring the prowess to cause damage to Israeli networks. Its might was revealed in an attack last year against what is described as the world’s largest oil producer Saudi Aramco, when data on 30,000 computers was erased and substituted with the image of a burning American flag.5

Reports of hacking of several Israeli government websites fit in with the analysis that the country’s sworn enemies will continue to target its installations, both on land and in cyberspace. Pakistan is one of the lesser members of this infamous club. Its main objective is to annoy India. Because of its limited knowledge and resources its impact in this game has been minimal.

Chinese hand in every cyber transgression

Dominant in the global cyber conflict scenario is the overwhelming suspicion against China. The latter has vehemently denied any involvement in episodes in which investigation by experts in cyber security had traced back sources of attack to Internet Protocol (IP) addresses belonging to some Chinese cities, especially Shanghai.6

The White House, paranoid about the Chinese hand in every cyber transgression, has gone to the extent of providing a list of suspect addresses in that country to Internet Service Providers (ISPs) in the U.S. Some information culled out from intensive research has actually pointed fingers at the People’s Liberation Army (PLA). Information is so specific that a Unit 61398 of the PLA located in Shanghai’s Pudong district is mentioned as the culprit.7

Canadian researchers mentioned a Chinese network, GhostNet, a few years ago as having been behind the compromise of some Indian networks. The Pakistani hand in the defacement of some Indian official websites from time to time has been rightly dismissed as an amateurish attempt to cause discomfiture to us. Nevertheless, we need to keep a close watch.8

Significant is the fact that it is not government machinery alone that is the target. Private commercial establishments, especially leading banks, have suffered great dislocation and loss of reputation in the past few years. Last month there was a calculated offensive against the American Express computer network that lasted two hours, during which access to its lawful customers was denied. Known as the Denial of Service (DoS) attacks this has become the most favourite weapon to disrupt commercial routine on any busy day.9

Cyber counterintelligence

Cyber counter-intelligence are measures to identify, penetrate, or neutralize foreign operations that use cyber means as the primary tradecraft methodology, as well as foreign intelligence service collection efforts that use traditional methods to gauge cyber capabilities and intentions.10

On 7 April 2009, The Pentagon announced they spent more than $100 million in the last six months responding to and repairing damage from cyber attacks and other computer network problems.

On 1 April 2009, U.S. lawmakers pushed for the appointment of a White House cyber security “czar” to dramatically escalate U.S. defenses against cyber attacks, crafting proposals that would empower the government to set and enforce security standards for private industry for the first time.

On 9 February 2009, the White House announced that it will conduct a review of the nation’s cyber security to ensure that the Federal government of the United States cyber security initiatives are appropriately integrated, resourced and coordinated with the United States Congress and the private sector.

In the wake of the cyberwar of 2007 waged against Estonia, NATO established the Cooperative Cyber Defence Centre of Excellence (CCD CoE) in Tallinn, Estonia, in order to enhance the organization’s cyber defence capability. The centre was formally established on 14 May 2008, and it received full accreditation by NATO and attained the status of International Military Organization on 28 October 2008. Since Estonia has led international efforts to fight cybercrime, the United States Federal Bureau of Investigation says it will permanently base a computer crime expert in Estonia in 2009 to help fight international threats against computer systems.

One of the hardest issues in cyber counterintelligence is the problem of “Attribution”. Unlike conventional warfare, figuring out who is behind an attack can be very difficult. However former Defence Secretary Leon Panetta had claimed that the United States has the capability to trace attacks back to their sources and hold the attackers “accountable.”

Incidents of Cyber Hacking

On 21 November 2011, it was widely reported in the U.S. media that a hacker had destroyed a water pump at the Curran-Gardner Township Public Water District in Illinois. However, it later turned out that this information was not only false, but had been inappropriately leaked from the Illinois Statewide Terrorism and Intelligence Centre.11

On 6 October 2011, it was announced that Creech AFB’s drone and Predator fleet’s command and control data stream has been keylogged, resisting all attempts to reverse the exploit, for the past two weeks. The Air Force issued a statement that the virus had “posed no threat to our operational mission”.12

In July 2011, the South Korean company SK Communications was hacked, resulting in the theft of the personal details (including names, phone numbers, home and email addresses and resident registration numbers) of up to 35 million people. A trojaned software update was used to gain access to the SK Communications network. Links exist between this hack and other malicious activity and it is believed to be part of a broader, concerted hacking effort.13

Operation Shady RAT is an ongoing series of cyber attacks starting mid-2006, reported by Internet security company McAfee in August 2011. The attacks have hit at least 72 organizations including governments and defence contractors.14

On 4 December 2010, a group calling itself the Pakistan Cyber Army hacked the website of India’s top investigating agency, the Central Bureau of Investigation (CBI). The National Informatics Centre (NIC) has begun an inquiry.

On 26 November 2010, a group calling itself the Indian Cyber Army hacked the websites belonging to the Pakistan Army and the others belong to different ministries, including the Ministry of Foreign Affairs, Ministry of Education, Ministry of Finance, Pakistan Computer Bureau, Council of Islamic Ideology, etc. The attack was done as a revenge for the Mumbai terrorist attacks.15

In October 2010, Iain Lobban the director of the Government Communications Headquarters (GCHQ), said Britain faces a “real and credible” threat from cyber attacks by hostile states and criminals and government systems are targeted 1,000 times each month, such attacks threatened Britain’s economic future, and some countries were already using cyber assaults to put pressure on other nations.16

In September 2010, the Stuxnet worm, thought to specifically target its Natanz nuclear enrichment facility, attacked Iran. The worm is said to be the most advanced piece of malware ever discovered and significantly increases the profile of cyberwarfare.

In July 2009, there were a series of coordinated denial of service attacks against major government, news media, and financial websites in South Korea and the United States. While many thought the attack was directed by North Korea, one researcher traced the attacks to the United Kingdom.

Russia, South Ossetian, Georgian and Azerbaijani sites were attacked by hackers during the 2008 South Ossetia War.17

In 2007 the website of the Krygyz Central Election Commission was defaced during its election. The message left on the website read, “This site has been hacked by Dream of Estonian organization”. During the election campaigns and riots preceding the election, there were cases of Denial-of-service attacks against the Kyrgyz.18

In September 2007, Israel carried out an airstrike on Syria dubbed Operation Orchard. U.S. industry and military sources speculated that the Israelis might have used cyberwarfare to allow their planes to pass undetected by radar into Syria.

In the 2006 war against Hezbollah, Israel alleges that cyber-warfare was part of the conflict, where the Israel Defence Forces (IDF) intelligence estimates several countries in the Middle East used Russian hackers and scientists to operate on their behalf. As a result, Israel attached growing importance to cyber-tactics, and became, along with the U.S, France and a couple of other nations, involved in cyber-war planning. Many international high-tech companies are now locating research and development operations in Israel, where local hires are often veterans of the IDF’s elite computer units.  Richard AS. Clarke adds, “Our Israeli friends have learned a thing or two from the programs we have been working on for more than two decades.”

Indian scenario

A government-private sector plan being overseen by National Security Advisor (NSA) Shivshankar Menon began in October 2012, and intends to beef up India’s cyber security capabilities in the light of a group of experts findings that India faces a 4.7-lakh shortfall of such experts despite the country’s reputation of being an IT and software powerhouse.19

On July 12, 2012, several high-level officials experienced a major cyber attack. This included officials from the Ministry of External Affairs, Ministry of Home Affairs, Defence Research and Development Organisation (DRDO), and the Indo-Tibetan Border Police (ITBP). It is reported that several pieces of sensitive information had been compromised and there was also a breach in the main National Informatics Centre email server, which links all the departments in the Indian government. An investigation put the total number of accounts affected at roughly 12,000. The responsibility of preventing cyber attacks had fallen under the jurisdiction of the Indian Computer Emergency Response Team (CERT-In), which was established in 2004 as a subsidiary of the Department of Information Technology. The number of reported cyber security breaches has grown from 23 in 2004 to 13,301 in 2011.20

In July 2012, the government split CERT-In in order to better distribute serious threats and minor issues. ‘CERT-In now protects cyber assets in non-critical areas while a new body called the National Critical Information Infrastructure Protection Centre (NCIIPC) protects assets in sensitive sectors such as energy, transport, banking, telecom, defence and space.’

Information Technology Secretary J. Satyanarayana admits that more work needs to be done in research and development; however, he states that the NCIIPC department is in the final stages of completing the national cyber security policy. The policy proposes an increase in the production of domestic security solutions rather than depending on of foreign technology and products. ‘The government also plans to appoint a National Cyber Security Coordinator in the National Security Council to coordinate with all agencies dealing with cyber security.’ As an added measure M.S. Vijayaraghavan, an adviser to the National Technical Research Organisation, states that all cyber security agencies are working in isolation. “If there is a synchronised attack on multiple critical infrastructure facilities, they are not in a position to join the dots and respond in a well-coordinated way.”

Overall, India has not suffered any significant economic or physical damage from cyber attacks; however, the government owned Nuclear Power Corporation of India is at constant risk of security breach. “The company faces up to 10 targeted attacks a day but manages to block them all,” says Executive Director S.P. Dharne.

On 30th June last, India woke up to Chinese hackers having broken into sensitive naval computer systems in and around Visakhapatnam, the Eastern Naval Command’s headquarters. Worse, they planted bugs (virus) that secretly collected and transmitted confidential files and documents to Chinese IP addresses.

This is significant given the fact that the Eastern Naval Command plans operations and deployments in the South China Sea, the theatre of recent muscle flexing by Beijing, and beyond. Also, India’s first nuclear missile submarine, INS Arihant, is currently undergoing trials at the Command.19

Undeniably, it has used its expertise as a cyber-power to access highly confidential information relating to national security of other countries, including India. In fact, New Delhi should take note of this, not only because of its historically contentious relationship with Beijing but also due to China’s “all weather friendship” with Pakistan. Especially against the backdrop of Islamabad continuing sponsorship of terror across Indian borders especially Jammu and Kashmir.

Pertinently, just as armies fight on land, navies at sea, and air forces in air, national cyber-forces now fight in the online world. Indeed, cyber warfare is the new emerging battlefront. Sadly, it is a battle that India is ill equipped to wage. Resulting in the country being under-defended against sustained, damaging State-level cyber attacks.

Asserted renowned virus hunter Mikko Hypponen to India Site: “We’ve traced most of the cases of hacking against India not to Pakistan, or Russia, nor anywhere else, but to China.”

In fact, there is nothing to stop China, unless India develops its own tools for cyber warfare, warns the National Technical Research Organisation (NTRO), the agency principally involved in investigating the damage caused by Chinese hackers. This outfit is directly under the Prime Minister.

Notwithstanding, New Delhi and Beijing might be talking peace, but it still has to address and grapple with how it will counter this full-blown cyberspace war. A TV media channel recently presented a frightening scenario. Showcasing how Chinese hackers targeted Indian computers with their deadly digital arsenal.

Significantly, with a staggering $55 million annual budget pumped into its devious science of strategic hacking, nothing is sacred for Chinese hackers. Given that Beijing views India as its biggest enemy. According to Toronto University’s Munk Centre for International Studies, Chinese hackers are known to function as a covert arm of the Chinese navy. And like Pakistani jihadis, the Chinese Government denies their existence.

Furthermore, hacking is institutionalised in China wherein virus writing is taught in Chinese military schools. Along side, the art of hacking is very much a part of the training imparted to a growing army of nearly 10,000 cyber soldiers.

In addition, the Red Hackers Alliance, the fifth largest hacker group in the world, is known to render services directly to the Chinese Government. With the Alliance at its disposal, Beijing enjoys supremacy in hacking techniques.

The Chinese hacking force uses malware, spyware, key loggers, Trojans, bots and malicious code generators to break into Indian computers, copy documents, ex-filtrate sensitive material and bug classified correspondence. Basically, without a dedicated Indian cyber-security organisation, the country will remain a sitting duck.20

Adding, “India is definitely at risk as it is in a very unstable part of the world with a constant threat of war. It should assume that it will be compromised, and ask how to ensure that it doesn’t break the country, economy or damage national security.”

As it stands, in the last three months, 112 websites of the Government have been hacked by a Pakistan-based group known as H4tr ck. whereby, the authorities have finally woken up to the fact that India is facing a major cyber threat that might continue unabated for sometime.

All in all, despite efforts to ramp up a cyber army, the Government’s cyber defences are only as strong as their weakest link.  The NTRO, the apex group under the Prime Minister’s Office tasked with India’s cyber-security, responds to the attack and neutralizes it. But not before discovering that some of its machines have been under hostile control for over two years.21

Therefore, India needs to urgently install a Cyber Command like the US under the Chief of the Defence Staff (CDS)/Chairman Chiefs of Staff Committee till CDS is appointed. The Government needs to wake up before it is too late.