Against the backdrop of concerns over hacking of crucial official websites, central security agencies have again warned the government about the use of multi-tasking blackberry instruments by some of the officials working in sensitive ministries including the Prime Minister’s office.
Agencies have also cautioned against the practice of connecting official computers and laptops with unsecured internet connections by some bureaucrats thus compromising security.
With hackers mainly from China very active and having penetrated deep into the cyber space, the security agencies had asked all ministries especially the Defence, External, Home and the PMO to separate their official computers with those used for internet connection.
The recommendations of the central security agencies seem to have gone unheeded. An official maintained that their suggestion was only recommendatory in nature. The National Technical and Research Organisation (NTRO) also circulated the Do’s and Don’ts to key ministries recently after attempts from hackers were noticed.
A quick random check was carried out during which it was found that some of the officials in the Prime Minister’s Office were using Blackberry services and had linked their official emails on the handset, which is not allowed.
A PMO official said there were routine attempts to hack various systems. The PMO has its own system in place to protect against such attempts, the official said, adding, there has been no security breach.
Intense negotiations were held prior to the starting the Blackberry services in India and finally the Department of Telecom in 2008 decided to side-step the opposition of the intelligence agencies and permit the services, being operated by Canadian-firm Research-In-Motion (RIM).
Another problem dogging the cyber space in the country was constant use of official computers by the officials in key ministries despite a warning from security agencies not to link them with the internet.
Security of many of the computers in the Ministry of External Affairs and its Missions abroad was compromised with forcing a security audit of the machines and segregating the virus-affected ones out of the system.
The Ministry of Home Affairs has a separate server for its computers and there have been no attempts to hack its system since it has another server with internet facility. A surprise check of all the computers was being carried at regular intervals.
The National Informatics Centre, the organisation responsible for maintaining government servers and providing internet and intranet facilities to various key ministries, had also faced hacking problem. According to a Canadian firm SecDev Group, which investigated the hacking of the Dalai Lama's computer in late 2008, as many as 12 computers of NIC had been affected by the Chinese hackers.
The group also surprised the government when it mentioned that computers in nine Indian Missions abroad which included key countries like the US and the UK had been affected by the Chinese hackers.
Giving details, the report said the GhostNet system directs infected computers to download a Trojan, known as ghost RAT, which allows attackers to gain complete, real-time control. These instances of ghost RAT are consistently controlled from commercial internet access accounts located on the island of Hainan, People's Republic of China.
"Our investigation reveals that GhostNet is capable of taking full control of infected computers, including searching and downloading specific files, and covertly operating attached devices, including microphones and web cameras.
“China is actively developing an operational capacity in cyberspace, correctly identifying it as the domain in which it can achieve strategic parity, if not superiority, over the military establishments of the United States and its allies.
“Chinese cyber warfare doctrine is well developed, and significant resources have been invested by the People's Liberation Army and security services in developing defensive and offensive capabilities," the report said.
According to them, an email message arrives in the target's inbox carrying the malware in an attachment or web link. The attackers' objective is to get the target to open the attachment or malicious link so that the malicious code can be executed, it said.
