Garima Goswamy, Co-Founder & CEO, DridhG Security International Pvt. Ltd.
Cyber Attacks
As technology has become an integral part of everyone’s life, threats have moved from the physical space to the virtual space. Within a week in August 2023, the websites of two educational institutes in NOIDA were hacked. We are all aware that in November 2022, Delhi’s All India Institute of Medical Sciences (AIIMS) faced a ransomware attack. Such an attack denies a user or an organization to access its files. In this attack, outpatient and research data were wiped out from AIIMS’ primary and back up servers. The database of the Unique Identification Authority of India (UIDAI) too suffered from intrusion from hacking groups in June and July 2021. Forget singular institutes, the city of Mumbai faced a blackout in October 2020 for 10 to 12 hours. It impacted business continuity, halted local transport, and even was responsible to shut down the stock market. It, too, is believed to be a possible result of a cyber-attack. One thing all these attacks have in common is that these were apparently orchestrated by foreign national cyber criminals, who might be sponsored by India’s neighbouring nation states including China, Pakistan, Bangladesh, to name a few.
Associated Geopolitical Tussle Between India & Its Neighbours
Just as terrorists from other nations, who may or may not have the backing of their countries, there is an army of cyber terrorists whose mission is to attack India. The ban of several Chinese apps by India’s Ministry of Electronics and Information Technology since the India-Chinese face-off along the Line of Actual Control in 2020 is not a coincidence. India’s Foreign Secretary Vinay Mohan Kwatra did state that the reason to ban some Chinese applications pertaining to betting and loans was to stop the spread of misinformation, the spread of disinformation and fake information. Many might not be privy to the speculation that in April 2022, Chinese attackers strategically targeted as many as seven Indian centers in Ladakh which help in electrical dispatch and grid control near India-China border. There are reports which suggest that the cyber-attack at AIIMS was also orchestrated by the Chinese government aimed to gather data of Very Important Persons (VIPs) of India and Indian celebrities. Similarly, Chinese hackers may be behind the Unique Identification Authority of India (UIDAI) 3 attack, for as per a report, the breaches were doctored through a malware named Winnti, deployed by Chinese Advanced Persistent Threat (APT) groups, known to be state sponsored. Recorded Future, a US based cyber security company, claims that the Mumbai 2020 blackout was the work of multiple malwares deployed by another Chinese group RedEcho.
While the Chinese government denies their role in these attacks, there are some foreign national groups of cyber criminals who are very vocal about their involvement of hacking India’s websites as they are motivated by political hate towards our nation. Upon hacking a school website on 10 August 2023, they identified themselves as ‘Muslim Hackers from Bangladesh’ who believe they are freedom fighters as their message read “When liberty is at risk, expect us.” These might be rogue elements from Bangladesh and supposedly became increasingly active since an incident when a Bhartiya Janata Party leader Nupur Sharma had allegedly made some derogatory remarks against the Prophet Muhammad. These are different from cyber criminals who engage in ransomware attacks which strategically attack another nation’s critical infrastructure. Hacktivists are mainly motivated by religion and politics and want to publicize themselves and deface websites to show the loopholes in the targeted country’s cyber security.
“Just as terrorists from other nations, who may or may not have the backing of their countries, there is an army of cyber terrorists whose mission is to attack India. The ban of several Chinese apps by India’s Ministry of Electronics and Information Technology since the IndiaChinese face-off along the Line of Actual Control in 2020 is not a coincidence. India’s Foreign Secretary Vinay Mohan Kwatra did state that the reason to ban some Chinese applications pertaining to betting and loans was to stop the spread of misinformation, the spread of disinformation and fake information”
Game Changer – Geopolitical Cyberwar
A prominent hacktivist group which has carried out several Distributed Denial of service (DDoS) attacks since June 2022 is called ‘Mysterious Team Bangladesh.’ Here hackers flood a website with so much of traffic that legitimate users cannot access it. As per a report published by Group IB, MTB is associated with 750 DDoS attacks and as many as 70 cases of website defacement mainly targeting India’s government, financial and transportation sectors. They also target Israel and other countries. While this particular group might not be state sponsored, an increase in activity by state sponsored hackers is related to the Russia-Ukraine conflict where at least 19 state sponsored groups from Ukraine, Russia, China, Belarus, North Korea and Iran carried out attacks in relation to the conflict. This probably influenced state sponsored groups from other countries not directly involved with the Russia-Ukraine conflict to conduct cyber espionage in their neighbouring countries. In fact, it is noteworthy that now ‘camps’ exist! There is a collaboration between India and Nepal Hacktivists on one side and Pakistan, Bangladesh, Malaysia and Indonesia on the other side. Unlike international ransomware groups which may have targets on occasional events, hacktivists work on a daily basis to weaken their adversaries.
Let’s have a look at what are these online hackers from these two camps doing?
- Defacing websites: Indian Cyber Force defaced the website of Pakistan’s Regional Forensic Science Laboratory Swat.
- Distributed Denial of Service (DDoS) Attacks: Indonesian GANOSEC targeted Indian sites: kerala.gov.in; incometax.gov.in, and rajpolice. gov.in
- Data leaks: MTB managed to release internal login information of All India Council of Technical Education (AICTE). Indian Cyber Force and Black Dragon Sec leaked several passport and other government identification information of Pakistani nationals.
What should be done?
- To be aware of such daily attacks is pertinent for government and organizations, so that they can prioritize investing in adequate cyber security measures to protect critical infrastructure (in particular) from such persistent threats.
- As cyber criminals have collaborated; countries too must collaborate. In fact, in 2022, Bangladesh and India extended their bilateral partnership to include Artificial Intelligence (AI) and cyber security besides strengthening links in transport and cross border river management sectors.
- Adopting proactive cyber security measures. It is saddening to know that only after the AIIMS cyber-attack, a new Standard Operating Procedure (SOP) on cyber breaches came into existence. This was a reactive measure. It is best to adopt preventive measures proactively.
Geopolitical Analysis
Cyberwar, whether it is state sponsored, or by rouge elements plays an important role in showcasing a country’s cyber security apparatus. And while the hackers aim to weaken the target country, they unintentionally also enable their adversary, as all countries are taking or plan to take measures to protect themselves from such attacks. Moreover, we at Dridhg Security International Private Limited, opine that Indian Army is one of the finest armies in the world, as they are trained on diverse terrains, and as such cannot be defeated easily in a conventional war. So, adversaries try to adopt different platforms to attack India, and cyber space is one such platform.
Philosophical Analysis
One of the reasons why leaders like Mohandas Karamchand Gandhi and Pandit Jawaharlal Nehru were instrumental in getting India its independence was because they penetrated the British system, gained an understanding on the ideologies of enlightenment namely justice, liberty and equality, and adopted another tool instead of war – nonviolence and dialogue. (We at Dridhg Security International Private Limited would like to give credit to Prof. Bindu Puri for this viewpoint). At that time, it would be difficult to beat the British military. Now, it is difficult to defeat the Indian Army in armed combat. Here too the hacktivists and other threat actors have changed the rules of the game. They have penetrated India via cyber space, got a comprehensive understanding of our cyber security mechanism and are using this as a tool to attack India.
Conclusion
Cyberwar is the new tool which can be used by foreign national threats to attack other countries. It is pertinent then to ensure that our cyber security measures are as stringent as physical security measures.
*Views expressed in the article are solely of the Author
