Another anniversary of one of the world’s worst terrorist attacks (9/11) went by bringing into sharp focus the still looming threat that countries of the world face as the tools of the terrorism trade continue to evolve.
Even though explosives and jet-planes are not things of the past just yet when it comes to causing damage to enemy states, cyber warfare is a serious enough threat to be pegged as the number 3 priority in the Federal Bureau of Investigation (FBI)’s list even way back in 2002.
Indian authorities, however, just don’t seem to get the seriousness of the situation, deploying far less than what is required to combat cyber-attacks, said independent cybersecurity consultant Ankit Fadia in Kolkata.
Fadia came to the MCKV Institute of Engineering (MCKVIE) in Liluah, near Kolkata, on Sept 11 to address the students about the growing menace and to ‘try to excite them and create an interest in ethical hacking’.
“According to Nasscom, India needs about 77,000 ethical hackers every year to fix the situation and we are not even producing half of them,” says Fadia, addressing the media after his session with the students.
Fadia claims that there are cells where the Chinese government actually trains and operates cyber mercenaries who incessantly keep attacking Indian, American and Japanese websites mostly belonging to the governments and some even to the corporates.
“China is actually doing a great job when it comes to cybersecurity. They are far better prepared and equipped than our authorities are,” he says.
He shares an anecdote from when he was in Delhi holding a seminar for security officials and after his intense lectures on cybercrime and the level of threat it poses, one officer apparently asked Fadia, “Woh sab toh theek hai, par yeh Internet ka building kahaan hai?” (That’s fine, but where’s this Internet building we are supposed to protect?).
“We have very good cyber laws in our country. The only thing that’s terrible is the training that our personnel get. Cybersecurity is just not taken seriously enough. We have people from all over getting transferred to cyber security [departments] without formal training,” he says.
Fadia says defacing websites is a fast growing sector in cybercrime. This ‘hacktivism’, or activism through hacking, is where hackers from not-so-friendly states deface important websites of another country to cause everything from diplomatic embarrassment to real damage to sensitive data.
“Hackers from Pakistan deface anything between 40 to 50 government and corporate websites every day. Indian hackers in response manage to hack in to only about 10 to 15,” the 24-year-old Stanford student claims.
He says this might be because there are fewer Pakistani sites to hack, but the fact remains that India is woefully ill-equipped to meet the kind of aggression that the country faces from its not-so-friendly nuclear-armed neighbour.
So what exactly are ‘real threats’ a nation can face from cybercrime and terrorism? Apart from spies, hired cyber mercenaries, and criminal syndicates worming their way into government networks, attempting to steal a nation’s most sensitive secrets, there’s ‘Wikipedia-terrorism’.
With the blindingly rapid growth of social media making it difficult to monitor content posted online, scheming terrorists are actually posting videos on how to build everything from backpack bombs to bio-weapons says the FBI.
Add to that identity-thefts, email spoofing, among other ‘magic tricks’ that Fadia wooed the students of the engineering varsity with and the situation indeed looks foreboding.
In a recent keynote address FBI Director Robert Mueller underlining the gravity of the situation, said that the threat of cyber terror is “real and rapidly expanding,” including the rise of extremist websites that recruit, radicalise, and incite violence.
While the FBI maintains cyber squads in each of its field offices nationwide, with over 1,000 specially trained agents, analysts, and digital forensic examiners who run complex undercover operations apart from 60 overseas offices and Mobile Cyber Action Teams, India’s cyber defence has no ‘concrete framework’, according to Fadia.
“The Indian government doesn’t spend enough on cyber security. And all that the corporate sector spends is merely reactive. They don’t want to pay for anything that doesn't boost the revenue,” he says.
Fadia along with other experts of the field have frequently voiced concerns of the unpreparedness of India’s online interface and the top priorities right now seem to be dish out better training to India’s personnel and also meet the demands of ‘white hat hackers’ by introducing proper courses and degrees.
“Last year the U.S. suffered a loss of $3 trillion due to cybercrimes. Now we are not even close to experiencing that kind of damage, but we really are headed in that direction,” Fadia says.
By WBRi IBNS