Tuesday, January 13, 2009

The other Indo-Pak war. Are we Ready?

I read this article at, found it important. So sharing with you all...

Aasis Vinayak wears many hats. Author,
hacker, researcher and free software activist. He is also the developer
of V Language, a programming language which employs Artificial
Intelligence. In this exclusive column for, he argues that
even as India and Pakistan reiterate that war is not really an option,
the cyberwar between the two nations began long ago, and that India
seems less than prepared to fight it.

IronLogik> what's the address yer working on?

 t3k-9> hehehe. i'll probably get on or cnn.

IronLogik> just give me the url, I'm bored.


IronLogik> india? kewl.

t3k-9> yep. just use IRIX cgi-bin exploit.

IronLogik> irix? sweet.

t3k-9> hehehe. I already controlled the by way of backdoors now.

IronLogik> and that is? this a *nuclear* facility?

 t3k-9> yep.

IronLogik> double the pain :>)

t3k-9> it has top secret #@$%. I have the pw file, it has like 800 passwords.

IronLogik> thanks. i'll be there soon.

t3k-9> if you haxor it put like stop nuke testing and stuff.

IronLogik> on the web site? no problem.

t3k-9> bye got to go eat...

IronLogik> later.

is the transcript of the conversation between two hackers (I prefer the
word cracker) after successfully hacking the server of Bhabha Atomic
Research Centre (BARC) way back in 1998.  The two geeks were chatting
about their spare time activities in an IRC channel.

Joey (who
used the nick name t3k-9), was just a 15 year old 10th grade student.
On that afternoon, he pointed his browser to the old search engine,
Infoseek, and queried “.in atomic”.  One of the first sites to come up
was that of BARC.

`Time for offensive action`

He then used the John the Ripper DES Encryption Cracker software to
crack the login password. In fact, this software does the simple
dictionary operation by exploiting a phoney login mechanism. The
cruncher tried many probable mishmash of characters – ranging from a,
b, aa, bb, cc to complex combinations. To this, he added many other
special customised wordlists that he downloaded from the Net, for
better results.  

It took him just 45 seconds to break into the BARC server.  He looked
at the password: ANSI – a simple and elegant one. Now he had to log
into the system. Joey decided to try his luck by using the same
password, and stuck pay dirt.  Without wasting any time, he downloaded
all login names and passwords. He then created a back door through
which which he could login to the system even if the password was

His next target was the Web server. He went there, read some emails and
opened the attached files. But reams of matter about particle physics
didn’t interest him.  So he backed out, of course after erasing his
fingerprints in the site log.

It was only after this incident that India started taking network security issues seriously.

Why is Pakistan Indo-centric?

Ratko (IronLogik) , who was then 18, showed the government that its
classified and semi-classified data was anything but secure. The two
youngsters claimed to have acquired many classified documents
pertaining to the nuclear test conducted in May 1998.  Using a hacked
Internet account, Ratko migrated to different US/ European servers and
finally picked an IP, assigned to a Los Alamos-based system. These made
it extremely hard to track the original system. Once he got in, he
erased the administrator logs.

While most experts described this incident as a mere prank, it brutally
exposed the vulnerabilities in Indian network security. The leakage of
information on key strategic issues poses a major security threat, as
hackers can effortlessly read unencrypted emails and attachments and
electronically eavesdrop on mail conversations. The hackers/crackers
can also relocate all the data stored in the system, delete data or
send unauthorised mails to others that may tarnish the image of the
country. And by a logical extension, they can control any strategic
defence device attached to the network and exercise it against the

The BARC event heralded a new era of warfare, and the first phase
lasted from late 1997 to 2002. Hacker clubs owing allegiance to
either India or Pakistan formed networks. Pakistan’s ISI quickly
started ‘recruiting’ these hackers to attack many Indian sites. Infact,
PHC (Pakistan Hackers Club) and Gforce fought for Pakistan in the war.

Soon, in the third-quarter of 2002, the official website of the Andhra Pradesh Crime Investigation Department
(CID) - was reportedly hacked by pro-Pakistan hackers (the website was
again targeted on November 26, 2008). A self-proclaimed Indian hacker
group HMG, or ‘Guards of Hindustan’ fought on the ‘Indian’ side. These
groups ‘fought for websites’ to demonstrate their skills and establish
themselves. Finally it was reported that the Pakistani Groups settled
issues with NEO, an Indian hacker, and they decided to put an end to
the five-year-long-warfare.

Our military mess

But the war was restarted soon after, and continues to this day. Pakistan's
Oil & Gas Regulatory Authority's (OGRA) website was hacked by HMG’s
 ‘Indian script kiddie’ (November 17, 2008) A Pakistani Group
called PCA (Pakistan Cyber Army) struck back by hacking into 
India’s Oil
and Natural Gas Corporation
 (ONGC) website . These ‘black
hat’ hackers also vandalised four more Indian sites including the data
site of the Indian Institute of Remote Sensing
(that handles emails) and the Indian
Railway's data site
but thankfully they couldn’t do much damage
to the IIRS site.
They also attacked the Kendriya
(in Ratlam) site. Pakistan groups even targeted general
websites like  (which now carries a message posted byCyberSpy 5
– the hacking agent) After gaining control over the Kendriya Vidyalaya
website, the HMG posted an ‘advice' asking the site administrator to fix
the flaws. “Ur site was hacked by Pakistani hackers, now ur site is in
our Indian hackers' control,” was their message.

The Pakistani group also infiltrated into the server of the Bank of Baroda and Eastern Railway (www.eastern), and used it to ‘officially’ declare war.

“Cyber war has been declared on Indian cyberspace
by Whackerz- Pakistan (24 Dec-2008),” read the message. This was
followed by another note: “Indians hit hard by Zaid Hamid.”

Izzat and lessons unlearnt

But it is not just hackers from Pakistan that India has to
contend with. The website of The Bank of India, for instance, was
hacked and seeded with a wide array of malware that in turn attacked
visitors to the site. Tracing the source of an attack is a headache.
This may sound strange given reports of the police tracking down the
person who had sent intimidating emails to the President, or the person
who had sent abusive mail to a celebrity.

But the perpetrators are dissimilar. Professional hackers know the
tracing tools used by authorities and hence, use effective
countermeasures and opt for ‘the safest route’. When the Eastern
Railway website was attacked by planting a Trojan virus in the site
(which was done in retaliation to the alleged violation of Pakistani
airspace by Indian aircraft), ER officials tried to trace the route.
After numerous top-brass meetings, they could to only up
Toronto in Canada  before reaching a dead end.

There are also many ‘local hackers’ who intrude into high security
zones “for fun” or to expose their vulnerabilities. But this may aid
foreign agents to attack our servers.

Take the war to the enemy

Though many government sites have add-on firewalls and cyber security
certificates (ER has a certificate issue by US-based Thawte
consultation company), the attackers continue to get through. It was
not long before when Greek black hat hackers broke into the high
security zone of the CERN laboratory and vandalised the website of
Large Hadron Collider – LHC.

Apart from the dictionary attack mode, hackers can also use a SQL
(Structured Query Language) injection method where pages with active
content (like contact forms) are used. This is the most preferred
technique of Chinese hackers. For over two years (which lasted till the
first half of 2008), China mounted daily attacks on Indian computer
networks, both government and private. The methods adopted are so
sophisticated and varied that it is difficult to categorize them under
a generic head. Some of the major attacks whose roots were traced
to China targeted the NIC (National Informatics Centre), the National
Security Council, and the Ministry of External Affairs.

Pakistan: Thus far and no further

According to security experts, Chinese hackers are the acknowledged
experts in setting up BOTs - a parasite program embedded in a network,
which hijacks the networks and control the systems in the network-
which in turn are controlled by external agents.

As per official estimates, there are at least operational 50,000 BOTs
in Indian networks. The infiltrator usually also embeds some ‘mines’
which are essentially ‘key loggers’ capable of scanning devices and
processes. So the moment you hit a key on the keyboard, it will be
communicated to the ‘external agent’. They also use mapping (or
scanning networks) as a prerequisite.

Faced with this new threat, India's Research and Analysis Wing, as well
the Intelligence Bureau, took this new form of warfare seriously and
created a body to monitor network activity. In Pakistan, they use a
central routing device (a Cisco router) to monitor the traffic. But
in India, our mechanisms are multifaceted.

Why terrorists can relax in India

Anyone using computers is familiar with the words
malware and spyware. But hardly anyone discusses hackware that poses a
far serious threat to an increasingly networked world. A group of
security experts reviewed the networking tools after crackers broke
into the Bank of India server
(August 30, 2007).  In their report (a segment of which is available
here), they exposed the serious threats and the vulnerabilities in the
network security.

This is not just true for India. The entire world's
commercial and financial markets are intricately networked. The 2008
financial meltdown is a prime example of how quickly a domestic
economic crisis can impact the entire world.   

Much has been said about the War on terror.  But are we prepared to
deal with cyber-terror where faceless entities sitting in another
corner of the world can bring down or seriously compromise a nation's

Those who believe that nations like Pakistan lack the technical
know-how to initiate such acts, should read a recent article in Tehelka 
by Harinder Baweja. According to Baweja, who was taken on a conducted
tour of the madrasa at Muridke, Pakistan, the headquarters of the
Jamaat-ud-Dawa and believed to be the headquarters of the Lashkar-e-
Taiba, “The students who enroll in the school pay a fee while those who
study in the madarsa and pass out as masters in Islamic studies can
come for free. Learning English and Arabic from class one is
compulsory, as is a course in computers.”

The Chinese cyber attack on the Pentagon in June 2007 is another prime example.

Even as I was writing this piece, I learnt that the site had been attacked again, with visitors being redirected to a commercial website.

So, while India and Pakistan officially maintain that neither side
wants a war, the cyber war has been officially declared open.

Are we ready for it?

The author can be reached at 

The views expressed in the article are the author’s and not

, , , , , , , , , , , ,

No comments: