How a warning about ShadowPad, Red Echo saved the national power grid from being hacked

New Delhi, Mar 02: CERT-In, India’s cyber security agency had in November detected ShadowPad malware, one of the largest supply chain attacks. The agency had alerted the national power grid operator and its regional units on November 19 about the malware and attempts being made to hack.

The National Critical Information Infrastructure Protection Centre had on February 12 warned about Red Echo, which is a Chinese state sponsored actor group. The warning stated that the group is trying to break into the grid control systems. It was further learnt that the IPs in Red Echo and ShadowPad instances matched, following which list of the IPs and domains were sent out. 

Read more

Naval command hacking-the probe

Pic: hackitparadise.in

Defence Minister,Naval command hacking-the probe recently told the Lok Sabha that steps had been taken to strengthen the security of the network at the Eastern Naval Command at Vishakapatanam in the wake of intelligence inputs regarding possible hacking. He also said in a written reply that the matter has been investigated and steps have been taken.
The first signs of this very important network being hacked came to light in the month of November 2011 when Indian Intelligence agencies suggested that there were attempts being made to hack into this network which contains sensitive information. Following this input a Board of Inquiry comprising experts was set up and it had been found that some of the systems in the naval command had been bugged by hacker groups.

During the inquiry it was found that some Chinese hackers had managed to bug the systems, but it was also discovered that not much damage had taken place and no sensitive information had gone out. The bigger worry for India was that the incident took place at the Eastern Naval Command which houses the nuclear submarine, INS Arihant.

The Defence Minister made his statements in the Lok Sabha based on the inquiry conducted by the Board of Inquiry which found that very little data had been lost as a result of the bugs.

This is however the second time that there has been an incident of this nature being reported in the Indian navy. The first time around it was found that some officers had deliberately leaked some information and action had been recommended against them. This time around it appeared to be a bit more serious and had the Indian agencies not reacted soon, then the data that could have been leaked could have become a serious problem.

During the inquiry it was also found that the main culprits behind the latest incident was a group from China. They had managed to break into some of the systems, plant bugs in it and get the information relayed to an IP address in China.

Although there is strong proof of a foreign hand being involved in this incident, the bigger problem that Indian agencies found was that some persons within the base could have also played a role in this. During the inquiry, 5 officers (mid level) were questioned. Although their role in this issue cannot be attributed directly, it was found that there were some procedural lapses which led to such an incident in the first place. It was found that some of these officers had carried with them their pen drives. It was the virus from these pen drives which helped the hackers enter into the systems. These officers are under scrutiny and action is being proposed against them. Whether it was a mere procedure lapse or was there more to it is something that further inquiry will reveal.

The inquiry also found that the virus that was on the pen drives managed to collect data and transmit data which was later found on a Chinese IP address. The virus which infected the systems created folders which were hidden and collected documents.

Sources say that the biggest threats to our networks in India come from China and Pakistan. Although Pakistan has been found to hack into government sites, when it comes to secret defence related information it is the Chinese who are the cause for worry. According to Cyber Forensic agencies involved in this probe, China has been creating cyber battalions who are specifically trained to break into networks. They hack into the networks with the help of the various kinds of virus that they create and they wait for some procedural lapses within the system to attack.

The National Technical Research Organisation had recently warned that India will need to create a stronger system in order to counter this threat. China has probably one of the biggest cyber armies and their dominance over the internet space is not a secret. China has an annual budget of 60 million dollars for such activities and it is said that there are nearly 10000 people who comprise the horrific cyber battalion. It is almost state funded terrorism against India says an official. The Chinese over the years have improvised a great deal in hacking and they use everything right from bots, malicious codes, key loggers and Trojans to gain access to Indian systems.

Today the Chinese have found the social network to be a useful tool to further their goals. With the advent of the social media, many officers have been creating accounts on sites such as Facebook and Twitter. The updates that they post with their location has been a source of great information for the Chinese hackers. They are constantly pulling out the lists of names and keep a track on these officers. Although the officers do not post sensitive information on these sites, the hackers still manage to gain access to their location and other personal details. These hackers also look for detailed information on social networking sites such as political affiliation or religious beliefs of these officials and based on that they at times have tried to approach them and enter into a conversation with them. India would now like to ensure that officials working at such sensitive installations dealing with defence should not be on social networking sites as they are being monitored and watched for very different reasons.

The NTRO which is under the Prime Minister of the country has its job cut out. Although it has managed to neutralize scores of such attacks, there have been cases where it has also found that the system in question has been under the control of a foreign agency for quite some time. This leads to the debate of setting up a full fledged cyber command and also enhancing the strength of India’s cyber army. However the general complaint is that India is not yet ready to hire the services of ethical hackers. Many such ethical hackers have backed out since they feel that the government does not spend enough on them an there is hardly a line of protection. Hacking is still considered as a very bad word in India and unless the importance of ethical hacking is considered seriously, India has its task cut out.

Apart from China, India also faces a great deal of risk from the Pakistan cyber army. Some 112 Indian sites have been hacked and defaced in the past couple of years and it was found that a large part of it happened thanks to Pakistan. The cyber war between Indian and Pakistan began in the year 1998 when the latter hacked into the website of the Bhabha Atomic Research centre. This was done more to establish technological supremacy and from then onwards it has become a game for these people.

Experts say that the threat from the Chinese is however much greater when compared to Pakistan. The Chinese are only looking to dish out important information from our defence mechanisam while Pakistan is more about defacing websites to show supremacy.