Friday, August 27, 2010
India needs to strengthen cyber security
India stands nowhere in terms of counter offensive against the attacker's networks, the online crime is on rise. Hackers are next generation online terrors. The government should employ hackers to do network penetration testing regularly to check whether networks and applications are vulnerable to the latest exploits or not. The hackers deface websites or download sensitive information (credit cards, databases) from vulnerable websites and put their own page in place of index page of victim. Though Indian hackers say cyber laws in the country are good, they also believe that awareness and preparedness of the Indian government to face and fight cyber crime and cyber terrorism is quite low. The problem is that police officials who are supposed to enforce the cyber laws have not been trained properly. Look at engineering colleges across the country. There are no courses on computer security. This is the primary reason for lack of experts in the country. Recently I interviewed Mumbai cyber crime expert Vijay Mukhi unfortunately he was not aware of Indian hackers; he believes hackers are only from Pakistan. We need to make our cyber systems as secure and as non-porous as possible. At the same time we need to focus on Indian hackers too. There are many online websites now a day teaches how to hack face book account password. 40 percent of Indian youth, qualified IT professionals got in these traits. Unemployed and adventurous youth are evolved into such activities and due to over enthusiasm they landed doing wrong by sabotaging our own countries online security system.The hacking group in question is likely to choose web servers based on a particular server operating system, as seen in over 95 per cent of all their previous exploits dating back to 2006. ‘Mass defacers' usually target blocks of Internet addresses to find vulnerable systems and then proceed to exploit the vulnerabilities, in this case with defacements. Such attackers are purely opportunistic, and tend to target operating systems or web servers that they are technically well-versed with or use attack tools to assist them in their exploits. Whilst this hacker group defaced four websites in the UAE around the same time, it is interesting to note that there have been over 30 publicly known defacements of websites in the UAE since the start of the year. Such attacks against organisations anywhere in the world - regardless of whether they are painted under the veil of hacktivism, extortion or political activism - are, at the end of the day, just cyber crimes perpetrated by cyber criminals. Globally, organisations can do little to control or mitigate an attacker's motivations; in depth security assessments, testing and sound security practices, and an increased 24x7 security vigilance are the essential prerequisites to thwarting these and other similar attacks in future. Although there is a lot of speculation on various forums, etc about this incident; people should not read more into this incident other than it was simply an opportunistic attack. It in no way indicates state sponsored cyber attacks of any kind, and more interestingly the vast majority of this hacker group's previous website defacements targeted countries as far and wide as Brazil, Norway, China, the US and other countries all with defacement messages stating their affection for Iran and Azerbaijan. The global need for improved, more stringent web application security design, and effective patch management are vital to the continued uninterrupted delivery of services by Internet-facing organisations in the era of Web 2.0 and the ever evolving risks that organisations will continue to face. India has to step up on its cyber offensive to match Chinese and Pakistani hackers breaching the Indian cyber networks, the man who made his name as India's youngest and first certified ethical hacker. The Indian intelligence and military agencies regularly use Indian hackers to carry out counter offensives. However, the quantum of such work being carried out here is a lot less than it is in countries such as China and Pakistan. A few Canadian and American cyber-security researchers had claimed that China-based online espionage gangs have accessed classified documents from several Indian defense and security establishments.