Thursday, January 08, 2009

Online Armies

The internet’s grown, and so has cyber-crime: it’s a national security problem now

A lot happened while you were sleeping last night, and much of it won’t be reported in the news today. Silently but with great precision, hackers around the world have been attacking various websites — it’s the new frontier of politics. And unless we understand the many layers of the web, we’ll be caught up in it.

Paint me a picture, you ask. Here goes: The Eastern Railway website was hacked into last month, its scroll changed to read “Cyber war has been declared on Indian cyberspace by Whackerz-Pakistan”, apparently in revenge for Indian violation of Pakistani air space. An Israeli news website, Debka, blamed cyber terrorism for its site shutting down following the Gaza attacks. And Jane’s Intelligence Group (UK) just reported that Al Qaeda has been using online gaming websites to launder money to finance its activities.

Online crimes come in various sizes. There are some against persons, such as child pornography. There are some against property — corporate espionage, banking fraud, defacing websites. Hackers; those who “destroy or delete or alter any information residing in a computer resource, or diminish its value or utility, or affect it injuriously”, according to the Indian Information Technology Act, 2000, have also taken to social networking sites with great enthusiasm. Group discussions tend to turn rowdy, and in the end, resemble a drunken bar fight. Facebook has been caught up in a virtual war. A group formed to collect 500,000 online signatures in support of Palestine was hacked into by the Jewish Internet Defence Force, which closed the group, signing off with ‘Israel forever’. The Palestinian hackers, not to be outdone, reacted by taking back their group and posting a cartoon of Calvin urinating on the Israeli flag.

But a more sinister avatar has surfaced as crimes against the State. Organized hackers go into government websites to collect information. Last December, reports emerged that the prime minister’s email had been hacked -- and traced back to China. In the same month, the internal communication network of the Ministry of External Affairs was hacked into, as was the website of the State Bank of India. Even the German Chancellery and Pentagon have been victims.

This isn’t science-fiction, and books like Scott J. Henderson’s The Dark Horse, are very real. Henderson explores what Military Review magazine has termed China’s “active offence” online, and reveals that the Chinese government supports hackers who travel the internet in search of information crucial to other countries. India is one such favoured destination. As a response, the US, Russia and even China, employ ‘ethical hackers’ to hack into their systems to reveal any vulnerabilities that the malicious hacker could exploit. One of the worlds leading ethical hackers, Ankit Faria, has stressed the need for India to wake up, but even as late as December 2008 National Security Advisor M.K. Narayanan stated that India had “limited resources” in this regard. The fallout of this can be lethal -- imagine state secrets in the hands of the enemy.

We are all too familiar with hearing news of terror emails being ‘traced back’ to some location, but it is not enough. Cert-In (Indian Computer Emergency Response Team) set up by the Department of Information Technology, has been pushing for a national cyber security policy that will require government offices to keep updated with the latest security developments and also come up with a crisis management plan. Whats more, new amendments to the IT Act, 2000, have removed all references to ‘hacking’ (which was earlier said to be a crime based on intent and knowledge) and limited it to an activity that requires ‘permission’. Further, the Act makes no reference to the multi-jurisdictional issues involved when the attack is from another country, and makes all cyber crimes bailable offences, allowing our illustrious hacker to go home to delete all evidence of his crimes. “A toothless tiger,” is what Pawan Duggal, a cyberlaw expert calls it.

We need more bite for our byte.

http://www.indianexpress.com/news/online-armies/408052/0

6 comments:

egg style said...

Okay, so hackers get bolder by the day. The question that any policy to contain the problem must answer is this: does it help or hinder the informational empowerment of netizens? Now, jurisprudence has imperfect processes, we all know. A tough cyberlaw would rather have the odd innocent thrown in the slammer than let hackers slip away, while a liberal cyberlaw would rather let the occasional hacker escape than have innocent lives wrecked. It’s a dilemma. But in e-fields that are susceptible to digital fabrication, frame-ups are relatively easy. This, given the social context and related need to offer equal internet access to all without deterring the disadvantaged, enjoins me to take a liberal stance on cyberlaw.

The objective of informational empowerment (which involves closing the digital divide) is served far better by legal systems that make it harder for any malafide intent (real or perceived) to gain the force of a de facto threat (the infamous ‘danda’ method of subjection). Of course, police reform is a matter of urgency too.

Should this benefit-of-doubt approach be taken to the Satyam case as well? Yes. Need the accused be ‘proven guilty beyond reasonable doubt’? Yes again, with emphasis on those five operative words. My suspicions of the company’s strange notion of finance were activated late in 1999, when it bought IndiaWorld, a 20-employee dotcom with Rs 25 lakh profit on revenues of Rs 1.3 crore, for an absurd Rs 500 crore (http://www.rediff.com/computer/1999/nov/29satyam.htm)
That’s about $100 million, curiously just enough to make US news and portray itself as a hot internet play from emerging India, just ahead of its grand NYSE listing, a move that would give it direct access to global capital at one level and allow it to use its inflated stock as currency in the M&A arena. As a portal IndiaWorld had little to offer other than such gimmicky gags (best left to Rushdie) as a prefab posthumous interview of Emperor Akbar (http://sify.com/itihaas/fullstory.php?id=13231825) on its itihaas site, which was sketchily done despite the detailed documentation available on the Mughal era (a Shireen Moosvi book published by NBT even has the words of the sermon made by the emperor at Fatehpur Sikri on July 11, 1579… imagine that).

Granted, a net play is about open routes and alternate pathways, the exaltable truth being beyond clickable reach. Yet there was no justification for the valuation even from that kaleidoscopic perspective. Satyam Inc plainly seemed to be in the game of false posturing, neither information nor logic. But in the absence of evidence (which differs from evidence of absence), Eggstyle expressed this opinion only to colleagues at the time. Am glad -- on principle.

Linq said...

hi i saw your post on our site www.linq.in which featured in the top 10 recently added blogs. We at linq locate the best of indian blog posts and list them in order of popularity.To know your blog statistics please Click here.

There are various tools offered by us to popularize blogs and make monetary benefits out of it.

Alpesh
alpesh@linq.in

ЦMΛПG...! said...

I want to follow ur blog how can I follow it pls suggest me...!

mahima said...

Eggstyle, you do have a point because the most dangerous of the cyber crimes is really cyber terrorism, but again, a lot of times the perpetrators are not Indian and so our laws don't apply... what we need (if we do keep a liberal law) is to have highly skilled teams that diligently scan the net looking for people trying to get into government/defense websites and servers. Ultimately, we need to get as tech savvy (more!) as the people out to destroy us.

egg style said...

Wasn't trying to make a sharp point, though it's all kinda linked up in some spooky way (it's the networked world after all). Agreed, the challenge is to outsmart those hellbent on wreaking cyber (or any) mayhem. It requires all-round intellectual cooperation as opposed to a policy of largescale alienation, and can most likely be done if the team effort is genuinely humanitarian (non-Huntingtonian and non-Hitchensesque) in primary motivation. Particularly unhelpful at this point are "bad software" analogies to describe what on closer examination are preconceived notions of the inner workings of the other's mind, or worse, in the context of current brick-and-mortar horrors, juvenile Hollywood style analogies of a Matrix-like 'defence of Zion', immensely popular though the trilogy was with geeky types who really wouldnt want to put innocent human beings to any form of unremitting subjection under any pretext (it entertained, but didn't maybe-just-maybe enlighten).

InExile said...

so they put so much effort into hacking and shit and call themselves "whackers" ?? funny !