Recently discovered cyber espionage against India’s Eastern Naval Command by suspected Chinese hackers could pose a serious threat to India’s first domestically built nuclear capable submarine, the INS Arihant, as well as India’s overall naval strategy in the South China Sea. While the full scope of the cyber attack is not yet known, the sophistication of this attack on a closed computer network has global security implications.
India’s political and military leadership has not officially accused China of being behind this espionage effort, but unnamed senior government officials are squarely pointing the finger at Beijing, which has the means, a clear motive, and the technical know-how to execute such a major cyber espionage effort.
Background
India’s Eastern Naval Command has responsibility for the nation’s eastern seaboard maritime interests and for operating in the volatile South China Sea. It is also responsible for India’s indigenous nuclear submarine efforts.
The discovery that Indian navy classified computers were penetrated by foreign hackers was reportedly initially unearthed early this year but the incident has received greater attention lately because of a Board of Inquiry established to investigate the matter. Senior ranking Indian officials with knowledge of the ongoing investigation have stated that malicious software was most likely introduced into a computer on the network via an infected thumb drive, according to the Mumbai-based Indian Expressnewspaper on July 1.
The malware was found to be capturing sensitive files on classified military computer systems at an Indian naval station. According to a July 3 article in the British paper, The Register, the malware would detect and locate documents of interest by using a keyword search. Once the keywords were identified in a document, the infected thumb drive would save the files. Since the navy’s computers were not connected to the Internet directly, the stash of pilfered classified documents would remain on the infected thumb drives until it was connected again to the Internet, then relay a copy of those documents to a server in China.
The use of thumb drives at the Eastern Naval Command had been prohibited for some time, but apparently internal security protocols were not properly followed or were perhaps ignored, as reported byInfosecurity Magazine on July 3.
A spokesperson for India’s Navy told the Indian Express on July 1, that “An inquiry has been convened and findings of the report are awaited . . . there is a constant threat in the cyber domain from inimical hackers worldwide.” Unidentified senior Indian officials also declined to comment on the seriousness of the cyber intrusion, stating that it was “premature at this stage” to assess the gravity of the security breach.
The Indian Express indicated that several Indian Naval officers have reportedly been indicted over the incident; however, it is not clear whether the charges stem from overt complicity or simple carelessness in failing to follow established guidelines for classified computer systems.
China’s state-run media outlet, China Daily, on July 2 decried accusations that the Chinese government was responsible for the cyber attack. The paper made the case that accusations of Chinese government involvement were not substantiated just because a receiving server address was located in China. A spokesman with the China Institute of Contemporary International Relations, explained, “Hackers’ IP addresses can change, and it is difficult to precisely trace their original countries.”
While the use of cyber tactics for espionage provides a certain amount of plausible deniability to China, this is not an isolated instance. In 2010, the University of Toronto in Canada issued a report about a global Chinese hacking effort known as the “Shadow Network,” which specifically targeted Indian military installations and embassies around the world. China denied any involvement, but in response to such reports, Chinese telecommunication companies were banned from operating in or importing to India. India cited national security concerns as the reason.
Analysis
Installing malware to conduct successful, remote cyber espionage of classified materials on supposedly “closed” computer networks that are neither connected to the Internet nor supposed to have external thumb drive capabilities, is no small feat. If true, this incident raises significant security questions for classified U.S. intelligence and military computer systems which are also closed networks.
Considerable resources, planning, and human intelligence efforts were necessary to conduct this cyber attack. There are only a handful of states capable of achieving such a trifecta. Given China’s rivalry with India and concerns about the South China Sea, it is the principal suspect of a cyber attack on the Indian navy.
China is probably deeply concerned about the capabilities and the implications of India’s first indigenously built nuclear missile submarine, the INS Arihant, currently undergoing sea trials. Successfully stealing information about the submarine could also provide China with technological advances developed by India.
Specific information about India’s new submarine was probably not the only target, however. Because India’s Eastern Naval Command is tasked with overseeing naval deployments in the South China Sea, China would likely be intensely interested in understanding India’s perception, intelligence capabilities, deployment cycles, operating areas, and overall naval strategy for the region.
Conclusion
This incident is probably another example of China’s expanded cyber warfare efforts. The details of exactly how the cyber attack was implemented remain unclear, with the possibility of insider participation a real possibility. The possibility that a thumb drive was used to introduce Chinese malware into the naval computer system demonstrates the importance of strict security rules for classified computer systems and the extreme damage that a single person who does not follow these rules can do. This incident also suggests that Beijing has not just targeted the United States and Europe for cyber attacks but has a wide global focus for its army of computer hackers. The likelihood of similar attacks on India and other targets is high.
Posts
0 comments:
Post a Comment