SPY EYES

India’s military preparedness and the possibility of defense breaches has dominated the news after Army chief V.K.. Singh’s letter to Prime Minister Manmohan Singh surfaced recently calling India’s weapons “obsolete.”

Amid a raging debate about who should be blamed for leaking the letter, India’s cyber security is actually under attack, from a Chinese former graduate student who now works for Tencent, China’s leading internet portal company.

Trend Micro, a computer security firm, “describes systematic attacks on at least 233 personal computers,” Nicole Perlroth writes in The New York Times. “The victims include Indian military research organizations and shipping companies; aerospace, energy and engineering companies in Japan; and at least 30 computer systems of Tibetan advocacy groups, according to both the report and interviews with experts connected to the research. The espionage has been going on for at least 10 months and is continuing, the report says.”

The e-mail “bait” the hackers used to get access to computers is chilling:


Each attack began, as is often the case, with an e-mail intended to lure victims into opening an attachment. Indian victims were sent an e-mail about India’s ballistic missile defense program. Tibetan advocates received e-mails about self-immolation or, in one case, a job opening at the Tibet Fund, a nonprofit based in New York City. After Japan’s earthquake and nuclear disaster, victims in Japan received an e-mail about radiation measurements.

Each e-mail contained an attachment that, when clicked, automatically created a backdoor from the victim’s computer to the attackers’ servers. To do this, the hackers exploited security holes in Microsoft Office and Adobe software. Almost immediately, they uploaded a directory of the victims’ machines to their servers. If the files looked enticing, hackers installed a remote-access tool, or rat, which gave them real-time control of their target’s machine. As long as a victim’s computer was connected to the Internet, attackers had the ability to record their keystrokes and passwords, grab screenshots and even crawl from that machine to other computers in the victim’s network.