Hackers' Haven

Image: Vivek L. Shinde

You work for Drewla?” The Chinese spook asked the young Tibetan girl from Dharamshala. She had been arrested on the China-Nepal border barely hours earlier.

“No.”

“LIAR! You come here to make trouble,” the angry Chinese persisted. “You are DREWLA; online network of Tibetan people who know Chinese language. You talk to innocent Chinese people to get information! SPY!”

“No. I am a student. I just wanted to see Lhasa, the land of my ancestors. I wanted to come back,” said the girl.

“READ!” said the Chinese and pushed a dossier across to her. One look and the girl knew the charade was pointless. The dossier contained transcripts of her chats with Chinese people over many years.

“We watch you all the time. We know who you are. We know what you do. Don’t ever come back to Tibet — tell your friends in Dharamshala too,” said the spook.

The Office of His Holiness The Dalai Lama, the leader of the Tibetan Government-in-Exile in India at Dharamshala, is trained to resist most temptations, but the routine email is difficult to avoid. If an email from a known fellow Tibetan with an attachment ‘Translation of Freedom Movement ID Book for Tibetans in Exile.doc’ arrives, there is no way The Dalai Lama’s staff isn’t going to open it. They clicked on the attachment, opened a Pandora’s box and brought plague upon themselves.

One of the monks working in the office realised something was amiss. He saw Microsoft Outlook Express open automatically on his machine, attach a few documents to a new email and send it to an address he didn’t recognise. Soon, the Tibetan Government-in-Exile found the Chinese in the know of The Dalai Lama’s negotiating position on various matters. Its Drewla members were being identified by the Chinese Intelligence. They realised they needed help.

When Greg Walton reached Dharamshala in June 2008, the place was ripe with humidity and tourists. For him, this was no pleasure trip though.  The Dalai Lama’s Office had called him in. The Tibetan Government-in-Exile had a feeling that the Chinese were watching them.

Walton and his colleague Shishir Nagaraja, who would join him in Dharamshala in September, were both researchers and part of a project headed by Ron Deibert, an amiable Canadian with wavy hair, salt-n-pepper goatee and a Ph.D. Deibert is part professor of political science and part highly respected security researcher heading the Citizen Lab, a Toronto-based research centre.

Walton began interviewing the staff, especially the monk who had the blissful revelation of seeing his email software unfold and send emails on its own.

It didn’t take him long to understand that most computers of the Tibetan Government-in-Exile were ‘double agents’; functioning normally, but every now and then ferreting sensitive information out to their ‘command and control’ computers, most of which were in China.

It had all started the moment one of the monks clicked on a file, allowing a slimy software code to install itself on his computer and establish connections with computers in China.  This malicious software — malware — would first locate important documents on the infected computer and upload them to its controllers, then try to spread itself further by sending infected emails to the contacts stored on the machine.

More dangerous was the fact that this malware had spread to 103 countries; 1,295 computers were infected, including those in nine Indian embassies. Deibert’s team thought their investigation, which ended in March 2009, would close the ring down.  But in August 2009, they were called again to Dharamshala.

They found all the Tibetan computers infected with an even-more slimy software and were again sending information to servers in China. This time they managed to recover some of the stolen documents, 44 in all. Thirty-five were Indian.  Among them, were National Security Council (NSC) assessments of India’s security situation in the North-East and intelligence about Naxalites and Maoists; reports on India’s activities in Africa, Russia and the Middle-East; the Indian Army’s artillery command and control system; and documents from private companies like DLF and the Tata Group.

Infograpics: Sameer Pawar

That’s when Deibert decided to call the Indian government.

For hackers, India today represents one of the lowest hanging fruits on the Internet, always vulnerable, always fruitful. Because within our borders they find the ideal combination of the cybercrime trifecta — plum targets, abundant vectors and lazy defences.

Tens of millions of our citizens are taking to e-commerce and Internet banking in a big way; our businesses, private and public sector, are expanding their footprint across the world even while they fight foreign competitors at home; and finally our government is attempting to play a more assertive role globally, one that is in sync with the rising importance of our economy. The payoff from attacking any of those can be immense.

Like a country filled with Trojan horses, within India also lay the tools with which to attack it. Every second computer in India is likely to have been infected with a virus in the past three months.

India is the world’s third largest source of spam three years in a row. And though it accounts for only 3 percent of Internet users in the world, India is home to 17 percent of infected ‘zombie’ computers on the Internet that can be hijacked by criminals to do their bidding.

Our security agencies and government are woefully unprepared to fight against a new class of enemies who are mostly distributed, often state-less and always resourceful.

This is why whenever a new virus or malware is discovered, India is right up there on the infections’ charts. When it comes to presence of malicious code on computers, the United States leads the world. Guess who comes second? India!  

Single Page View Page 1 of 4 » Next Page

+ Comment now

Email Print