Hackers in China may have gained unprecedented access to privileged information stored on the official computers of top functionaries in the Prime Minister's Office (PMO) and the ministry of external affairs (MEA), reports Mail Today.
The newspaper quoting sources reported that the computers of cabinet secretary K. M. Chandrasekhar, national security adviser ( NSA) M. K. Narayanan, the Prime Minister's special envoy on climate change Shyam Saran, deputy NSA Shekhar Dutt and 26 other senior officials in the PMO and MEA were targeted by a malicious e- mail sent on December 15, 2009.
There are fears that confidential information on government networks may have been compromised by the action from the hackers.
Quoting “top sources” the report said experts at the National Technical Research Organisation ( NTRO) leading the investigation are trying to determine the extent of the breach caused by what is seen as a cyber- espionage bid.
The newspaper quoting sources in the PMO said, “ It was an open e-mail (account), not one where classified information goes. It is the e- mail address on my card. Such (hacking) attempts are (often) made. To think they are not made is wrong. The internet or intranet should not be used for official purposes.”
Officer on Special Duty in PMO K. Muthu Kumar said, “These are routine attempts to hack into various systems. The PMO has its own system in place to protect (email accounts) against such attempts. There has been no security breach.”
Sources said that the NSA is keeping himself informed about the investigation considering its dangerous implication on national security.
The sources said that a top investigating officer of the NTRO is reporting directly to the NSA and providing him with details of the investigations. Codenamed ‘ Operation Vande Mataram', the probe is being led by a senior director in the organisation.
The e- mail which facilitated the breach is said to have contained an Adobe Acrobat 9 document as attachment. When opened, it installed a hidden code, known as Trojan. This code basically facilitated remote access for the hacker to the target computer through the unauthorised creation of an electronic back door channel.
Apart from providing the hacker access to files and data on the target computer, the code also created a parallel network. This allowed access to computers connected in a network to the target computer. In this fashion, as many as eight parallel networks are understood to have been established by the malicious e- mail code.
Investigations began after one of the officers who received the malicious spyware reported that his e- mail account had possibly been compromised or hacked into.
Since all electronic access through e- mail or the internet is identified through an internet protocol ( IP) address, investigators pieced together the route taken by the e- mail.
According to sources, the e- mail arrived on Indian government computers from a server in California. The mail was generated from Russia, routed through what are called BOTNET servers based in Russia, before arriving in India through a California- based gateway. However, the investigators were shocked when they discovered that the e- mail account of deputy NSA Shekhar Dutt was accessed from a location in China — this was established after tracking the IP address used to access the account remotely.
Apart from the deputy NSA, email accounts and computers of two other senior officials in the MHA have also been compromised, according to highly placed sources.
The timing of the e- mail — December 15, 2009, just two days before Prime Minister Manmohan Singh left for the Copenhagen summit — has led investigators to consider the possibility that Chinese hackers may have been hunting for documents that would indicate India's stand on climate change as would be articulated just days later in Denmark.
However, investigators are still trying to gauge the damage the breach may have caused, especially since the spyware also managed to set up as many as eight parallel networks in different ministries, thus gaining access to multiple computers in different government departments.
Said former director, Intelligence Bureau Ajit Doval: “In view of known Chinese capabilities and intentions to indulge in cyberspace offensive, India needs to take urgent counter- measures to protect its critical infrastructure. As Chinese- made chips, vended and marketed under various brand names globally, are used in many electronic devices, including a few used by security establishments, the need for a thorough systemic sanitisation of Indian technical systems is necessary. National security can be highly compromised if urgent and effective measures are not taken to this critical threat.”
Security analyst Brahma Chellaney says: “The cyber issue vis- à- vis China is a really serious one because computers of National Informatics Centre, National Security Council and the external affairs ministry have been targeted. The Chinese have been launching cyber attacks on Indian targets now and then, and it has been going on for a long time. It amounts to China stepping up military pressure on India during peace time. There is a clear message from them — that in war situations, China has the capability to cripple Indian systems. Developing counter- capability is very important.”