A high-profile government meeting last month involving video chat via satellite was compromised by Chinese hackers. The link was in the control of hackers for almost 4-5 minutes before a counter-offensive was launched to neutralise it, sources said.
The Chinese link was traced by an Indian cyber patrolling team. It is yet to be ascertained whether a group of state actors were involved or a gang of cybercriminals carried out the operation.
“The message from the hackers was clear: they could turn the tap anytime they want due to our lax cybersecurity apparatus. The way Chinese hackers hooked up to the most sophisticated and secret link is shocking and shows they could easily exploit vulnerabilities and disrupt critical infrastructure,” the sources told Express.
This newspaper accessed the note from the Intelligence Bureau (IB), India’s domestic spy agency, which has warned the government against increasing instances of cyber espionage. “There is no let-up in targeting of a large number of Indian computers for data pilferage. Whereas government has taken several steps to address security concerns emanating from cyberspace, sources of threats to Indian cyberspace have become varied and unrelenting,” the IB note said.
Digital governance vulnerable
According to a Prime Minister Office note, all benefits and subsidy payments by the Centre and states should be routed through the JAM platform (Jan Dhan Accounts, Aadhaar Identification and Mobile) by the end of 2018.
Around 4,000 e-services are being offered by the Centre and states; nearly 60 crore e-services are being delivered per month. A senior government officer said over 8,000 portals and websites of Central ministries and state governments and data collected by an organisation are increasing phenomenally, attracting attention of adversaries and attackers.
Notwithstanding, government departments plan to have over 2,000 mobile apps by 2018 to transact data and services. In meetings with stakeholders, concerns have been raised that a plethora of apps and opening so many channels of communication may become a security nightmare.
“Security threats are becoming more organised and targeted, and state and non-state actors are reaping benefits of data compromises. The departments handling these websites and even our security architecture are not ready to effectively counter targeted attacks,” the officer said.
In an internal confidential communication accessed by Express, the Ministry of Electronics & Information Technology admitted that a comprehensive approach to secure information infrastructure is missing.
The ministry has directed government agencies to prepare a detailed contingency plan for dealing with crises arising out of cyber attacks and get auditing done by empanelled cyber experts for infrastructure, web applications and websites.
Mock drill to test Centre’s preparedness
On Dec 8, around seven ministries — Law, Labour, HRD, MEA, Heavy Industries and Public enterprises — will participate in a mock drill to test the security net on their critical assets.
New Indian Express