India's secrets are in Guangdong

India's secrets are in Guangdong
Published: Wednesday, Mar 13, 2013, 6:15 IST | Updated: Tuesday, Mar 12, 2013, 23:25 IST
By Saikat Datta | Place: New Delhi | Agency: DNA
Uday Deb | DNA

A successful Chinese hacking attack has caused what is arguably the biggest security breach in India with systems of hundreds of key DRDO and other security officials being compromised and leading to the leak of sensitive files related to the cabinet committee on security (CCS), the highest decision-making body for security issues of the government of India. The other stolen files recovered so far belong to the governments of the United States, Russia, and South Korea.

The leak was detected in the first week of March as officials from India’s technical intelligence wing, National Technical Research Organisation (NTRO), working with private Indian cyber security experts cracked open a file called “army cyber policy”. The file had been attached to hacked email accounts of senior DRDO officials that quickly spread through the system in a matter of seconds.

As Indian security experts began to track its origin they discovered, for the first time, that all the sensitive files stolen from the infected systems were being uploaded on a server in the Guangdong province of China.

So far, Indian intelligence has never been able to pinpoint a hacking attack with such accuracy.
As they continued to trace the breach, they discovered thousands of top secret CCS files, and other documents related to surface-to-air missile and radar programmes from DRDL, a DRDO laboratory based in Hyderabad, among many other establishments.

Even the e-tickets of the scientists who had travelled to Delhi in the last week of February were found on the server.

The intelligence officials also discovered documents of deals struck between DRDO and Bharat Dynamics Ltd, a defence PSU which manufactures strategic missiles and components. Some other recovered files were related to price negotiations with MBDA, a French missile manufacturing company.

But the shocking part was the extent of the hacking by the Chinese, believed to be officially sponsored.

The officials began to find files related to the Russian military as well as files that belonged to CSRDC (Centre for Security Research & Development Center) which comes under the United States department of Homeland Security’s Science and Technology directorate.
Some files from NASA too have been recovered so far. All this was discovered after cyber security

officials of the Information Dominance Group (IDG) and private Indian cyber security officials began to track down the “NetTraveler Trojan and Key logger” that had infected Indian systems. The other files recovered belong to South Korea, Russia, and the United States.

For a server of its size and capacity, believed to be worth almost Rs150 crore in the open market, it hosted just six domains. This is highly unusual because a server of this size usually has over 10,000 domains.

This meant that this was being used for a specific purpose. Initially, it took time to decipher the files since they were all encrypted. But after the key was found, the decryption of the files began and to their horror, Indian intelligence officials discovered this massive breach of security.

Traced to server:
*Systems of hundreds of key DRDO and other security officials compromised

*Sensitive files related to the cabinet committee on security (CCS) leaked

*Thousands of top secret CCS files and documents related to surface-to-air missile and radar programmes from defence research & development lab discovered

*All sensitive files stolen from infected systems uploaded on a server in China’s Guangdong province.
 

China hacks into sensitive DRDO computers
PTI Posted online: Wed Mar 13 2013, 17:46 hrs
New Delhi : The computers of highly-sensitive Defence Research and Development Organisation (DRDO) have reportedly been hacked.
The hacking is suspected to have been carried out by Chinese hackers and there are fears that some sensitive information could have been compromised.

When asked about it, Defence Minister A K Antony said, “Intelligence agencies are investigating the matter at this stage and I do not want to say anything else.”

The minister was asked if the DRDO computer networks containing sensitive information were hacked and if information was compromised.

Commenting on the issue, DRDO spokesperson Ravi Gupta said, “As per our information, no computer or network of the DRDO has been compromised.”

In the past also, such incidents have occurred and the Defence Ministry has taken several actions to stop the hacking of sensitive information pertaining to armed forces.

Recently, the Navy had to take action against some of its officers in the Eastern Command after their networks were hacked as they did not follow the standard operating procedures.
https://mail.google.com/mail/u/0/images/cleardot.gif

Comments

Popular posts from this blog

MIsuse of Section 197, Code of Criminal Procedure

Questionable and illegal UIDAI completes four years

Journalists Demand for Third Press Commission, Indian National Congress Reluctant