Sunday, August 23, 2009

Indian defence establishment gears up to thwart cyber threat - - 23 Aug 09

Officials working in South Block, where the Indian defence ministry is located, have been receiving mails from fake email identities (IDs) on a regular basis that is aimed at hacking into its computer systems.

'We regularly receive emails from fake IDs like from Chief of Army Staff Secretariat, director media, media cell etc. We know that it is from a fake ID so we do not open it lest it bugs our systems,' a senior Indian Army official working in the defence ministry official told IANS. He wished to remain anonymous as he was not authorised to speak to the media.

Recently, mediapersons covering defence related matters received an email from the DPR (Defence Press Relations) ID outlining plans of the Pakistan Army against India. The defence ministry immediately took note of the email and swung into action.

'The email ID on Yahoo was used by the defence public relations office earlier. However, when an ID was created on gmail it was abandoned. Somebody apparently hacked the ID and sent the mail,' a defence ministry official said.

'The password of the abandoned email was immediately restored. The matter is currently being looked into,' the official added.

There have been attempts in the past where Chinese hackers have broken into the computer network of the Ministry of External Affairs (MEA), prompting the government to fortify their systems.

Earlier this year a number of computers were reportedly found to be compromised with a malicious spyware that had been sending copies of internal e-mail messages to a rogue address.

During last year's Army Commanders' Conference it was decided to boost the 'cyber-security' of its information networks right down to the level of divisions, which are field formations with over 15,000 troops.

Apart from creating cyber-security organisations down to the division-level to guard against cyber warfare and data thefts, the army top brass also underlined the urgent need for 'periodic cyber-security audits' by the Army Cyber Security

'We have our cyber experts conducting cyber audit on our systems from time-to-time to check against possible bugs,' said an armed forces official.

During the cyber audits, the experts check the password strength of the accounts.

'We are being advised to give an alpha-numeric password with characters in upper and lower case,' the official added.

Generally the armed forces refrain from finding the sender's identity as it involves a long procedure of writing to the Google headquarters with proper authorisation. However, the Indian armed forces have also issued a set of 'do's and dont's' to contain the menace of cyber crime.

'We have been instructed to work on stand-alone computers with no internet connections. Moreover, we cannot keep any confidential data in our hard disks. Nobody is allowed to use a pen drive inside the South Block and the rule is strictly adhered to,' said another Indian Army official.

Also the Indian Army had issued circular to its officials asking them not to post work-related information like ranks, place of posting etc on social networking sites like Orkut and Facebook. The circular had asked soldiers to remove such information from their networking profiles in case they had already posted it.

The armed forces have also undertaken various measures to sensitise its officials on cyber usage.

No comments: