Hack Baby! – This is information Warfare
By Sathya Prasad K

“Hacking” is one word which piques the interest of everyone in the tech industry.  The dictionary meaning of hack is more innocent and means “someone has to write programming code or add a code to an existing program to solve the problem, because there is no pre-written software that does it”.  The ground realities are that countries like China are launching relentless hacking attacks on other countries.

In today’s world most of the hackers are not even worthy of the original meaning of the term. A lot of malicious acts are performed by people with limited knowledge who gain unauthorized entrance into computers to steal data.

In recent years, there have been many such incidents around the world and in most of these cases Chinese IP address and Servers were traced and held responsible. It is said that a group of Chinese computer enthusiasts, known as the Honkers Union of China, led by a leader known as "Lion" along with another shadowy hackers' group called the Chinese Red Guest Network Security Technology are involved in these attacks.

Their methods are likely to include attempts to overload computer systems with meaningless data, tampering with websites and e-mailing computer viruses to various Government Officials. In recent years attacks were made on U.S., U.K and other Developing country’s Govt. and Corp. Websites and computers.

Experts say there have been a numerous number of attacks on computer systems worldwide in the last year. A number of countries have accused China of trying to hack into their systems. It is also believed that many major developed nations engage in similar behavior.

Not surprisingly India is also on the list of hacked countries. Though, India is a neighboring country to China, through security sources it is clear that India was also targeted in their Hit list of Cyber Attacks. After the two initial attacks on Bank of India on 31st August 2007 and Monster.com on 19th November 2007, now it was a secretive hacking attack on few Govt. and Corp. computers of India.

On 1st Week of January 2008, as the whole country was in a happy mood celebrating New Year 2008 and planning their schedules for the rest of the year, these cyber attacks started targeting India. But, surprisingly, the weapon used in these attacks was .doc files.

All of these vulnerabilities were sent in doc files (with embedded buffer overflow exploit in it with Trojan exe inside them). Here the Trojan was acting as an agent in downloading and uploading data from the computer and sends it to a remote host in China. A number of targeted attempts were made to gain technical and sensitive information from these computers.

On 2nd January 2008, a team of Indian Cyber Security experts were alerted to these Cyber attacks, and they found that Malware embedded in Word Doc files was posting data to a URL by calling CGIs on the server.

As the investigations continued it was found that all the attacks were specifically targeted and apparently hitting some Indian Govt. and Corp. Computers and all the sending IPs, location of the malware etc. was in China. It had all the symptoms of a spying exercise. 

Security experts started work on this issue after having collected the evidence and preparing an analysis report.  A few NRI’s working in US in the field of Cyber Security also joined hands and were successful in tracing the main culprit behind these attacks. His e-mail id and IP were immediately frozen on 12th January 2008.

Slowly, the experts working abroad on this issue worked out a pattern, as similar attacks were made on US as well.

Three IPs were used for this attack, among which first two IPs were used to send Trojans to download and upload data.  The third IP was used by the culprit to check his e-mails and for using internet.

By 15th January 2008, the reports were ready. All of them were doc files which exploit vulnerability CVE-2003-0820 and CVE-2006-5994. Further, digging by the experts resulted in sourcing the hacker’s personal information, credit card info to verify his identity. A couple of e-mails were received from the culprit asking why his account was locked which were also followed by requests to unlock his account. Though, initially there was an idea to Blacklist these IPs, they were let go.  Some lines were kept open as the security experts wanted to understand the mind and motives behind the attacks.  Though, now things are under control, americanunfinished.com left them with few more question.  The report was also submitted to the CBI (prosecution agency) in India.

“This attack is in a way different from other attacks, since most of data is stored on desktops. This attack comes through email id and is an office file attachment. During time of this attack most antivirus, personal firewall was not designed to stop attacks like this (where an exploit is hidden inside a doc, xls, ppt files). Almost 90% of today’s defenses can be penetrated with this type attack. Our company monitors threats from around globe; we need special security tools which can filter exploits (like this). Further antivirus can work on white list along with blacklist (particularly Govt. and Corp.  computers).” says Mr. J Prasanna, CEO, AVS LABS.

In the earlier attacks made by Hackers to penetrate Bank of India and Monster.com, it is said that Bank of India, a Government-operated site with more than 2,000 branches and was having a large customer data (the number was not revealed) and Monster had more than 73 million CVs in its database and the hackers got away with names, addresses, phone numbers and e-mail addresses of Monster.com users.

These hackers are believed to be based in the southern Chinese province of Guangdong, and are thought to have stolen U.S. military secrets, including aviation specifications and flight-planning software and as per the research and analysis by experts, it is said that the Chinese Government will pay anything to these hackers to get a control on other Govt. and Corp. computers.

"Even with the most secure setup, properly administered and maintained, there will always be some dangers. Users are always the weakest link - these attacks tend to rely on tricking someone within the company into opening an attachment, such as a .doc or .PDF with an exploit inside. Even if you're confident your security software can detect such exploits, and your data is well protected and encrypted, it is wise to ensure your users are well-educated on the dangers. Doc and PDF files over emails should always rouse suspicion." Says Mr. John Hawes, Technical Consultant, Virus Bulletin.

China’s leaders reckon that it can achieve hegemony in Asia only by integrating information warfare into its geopolitical strategies. China is quickly integrating the latest information warfare techniques into its Peoples War concept. This development has been ignored by the West but will have far-reaching strategic and operational implications.

Most experts believe that -

First, China will not attack military or political targets in these countries but would target their financial, banking, electrical supply, water & sewage and telecommunications networks.

Second, Chinese companies will establish business links with private companies in these countries. After carrying on legitimate business for some time, they would insert malicious computer codes and viruses over commercial e-mail services.

Third, the viruses and malicious codes would be sent through computers to third countries so that they could not be traced back to China.

Fourth, the attacks would be launched when the political leadership of the target countries is preoccupied with election campaigns or Festival Celebrations.

“The Chinese hackers trying to invade computer networks of most of the developed countries and developing countries. That is absolutely true and it is happening. You are quiet right that we need to ask ourselves that is India ready to withstand the cyber attack from China or from any country for that matter. The answer is no. The reason I feel that we are not ready for such an attack on our networks is just because the security standard or the awareness level in general is quite low among all the concern people. We may need to raise the bar by increasing the awareness which is a huge task. What I feel is awareness is the only thing that will help secure our networks. It’s like - the tools, products, know how needed to protect the networks are readily available. What is missing is the expertise to understand what is happening what can happen and what is to be done. This cannot be achieved very easily; computer security as such has to be embedded as a part of education in all the faculties of computer education. At each level there is something about computer security/network security or IT Security as such that needs to be made compulsory in training. So from schools, colleges, institutes, private institutes every one has a role to play to raise the standards of awareness among all the computer users in a”. Says Mr. Sanjay Katkar, Chief Technology Officer & Technical Director at Quick Heal Technologies.

The Peoples Liberation Army (PLA) has conducted several field exercises recently. An Informaticised Peoples Warfare Network Simulation Exercise was conducted in Echeng district of Hubei province. Five hundred soldiers simulated cyber attacks on the telecommunications, electricity, finance and television sectors of Taiwan, India, Japan and South Korea.

The Chinese Government has responded to speculation saying hacking was against Chinese law and The Chinese police will deal with hacking and other activities disturbing social order in accordance with law.

Now, the question asked by millions of Indians is that can India really withstand a Chinese Cyber Attack? The sensational episodes of online warfare raise many critical questions about the preparedness, or the lack of systems in India to withstand a cyber attack by China.

The matter assumes more importance because China has been steadily strengthening its ability to wage electronic warfare along modernization of its military. Just how catastrophic can a cyber attack get? Experts say that the effects generated by the disruption and chaos caused by a cyber attack could be in the magnitude of a weapon of mass destruction. But, how prepared is India for such a "war”?

(For feedback, contact me at sathya@journalist.com)