|File pick of weekly world news|
Monday, November 15, 2010
ARE WE PREPARED FOR CYBER WAR?
Looking at the growing menace and to ‘try to excite student and create an interest in ethical hacking , Ankit fadiya a self proclaimed ethical hacker always speak about dearth of hackers in India. This claims remains till attracting students to his hacking seminars and classes. Irony is that so called branded hackers of my country are aware of the fact that According to Nasscom, India needs about 77,000 ethical hackers every year to fix the situation and we are not even producing half of them. There are cells where the Chinese government actually trains and operates cyber mercenaries who incessantly keep attacking Indian, American and Japanese websites mostly belonging to the governments and some even to the corporate. The question is here Including Mr fadia and Waghela and so many such ethical hacking classes are producing at least thousands hackers per year. Here I am specifically talking about the so called hackers trained from classes by paying thousand of rupees for learn hacking courses. Lakhs of Untrained but truly professional hackers are lured in unwanted activities due to lack of opportunities. Why government never thought of providing them job opportunities by testing their skills. Why Fadia or whghelas never tried bringing in to government’s notice. If the undercover hackers start getting cover and jobs from Indian government I am sure the so called ethical hacking coaching may take back seat. They are producing craze, fancy and nothing but the noobs at the end. Young guys those who have done spending so many amounts such classes are not trained to find vulnerability; they are not even taught the basics of cyber security. I might have hundreds of such kids in my face book friends list, who seek help for over small issues like finding vulnerability, forget about patching or securing.
Another anniversary of one of the world’s worst terrorist attacks (9/11) went by bringing into sharp focus the still looming threat that countries of the world face as the tools of the terrorism trade continue to evolve. Even though explosives and jet-planes are not things of the past just yet when it comes to causing damage to enemy states, cyber warfare is a serious enough threat to be pegged as the number 3 priority in the Federal Bureau of Investigation (FBI)’s list even way back in 2002.Indian authorities, however, just don’t seem to get the seriousness of the situation, deploying far less than what is required to combat cyber-attacks. China is actually doing a great job when it comes to cyber security. They are far better prepared and equipped than our authorities are. We have very good cyber laws in our country. The only thing that’s terrible is the training that our personnel get. Cyber security is just not taken seriously enough. We have people from all over getting transferred to cyber security [departments] without formal training or with outdated knowledge. Defacing websites is a fast growing sector in cybercrime. This ‘hacktivism’, or activism through hacking, is where hackers from not-so-friendly states deface important websites of another country to cause everything from diplomatic embarrassment to real damage to sensitive data. Hackers from Pakistan deface anything between 40 to 50 government and corporate websites every day. Indian hackers in response manage to hack in to be almost same. The fact remains that India is woefully ill-equipped to meet the kind of aggression that the country faces from its not-so-friendly nuclear-armed neighbors what exactly are ‘real threats’ a nation can face from cybercrime and terrorism? Apart from spies, hired cyber mercenaries, and criminal syndicates worming their way into government networks, are attempting to steal a nation’s most sensitive secrets. With the blindingly rapid growth of social media making it difficult to monitor content posted online, scheming terrorists are actually posting videos on how to build everything from backpack bombs to bio-weapons in addition to that identity-thefts, email spoofing, face book account hacking, sim card cloning, call spoofing, real and rapidly expanding, including the rise of extremist websites that recruit, radicalise, and incite violence. India’s provisions to deter cyber-attacks are woefully inadequate. Last year the U.S. suffered a loss of $3 trillion due to cybercrimes. At least we are not even close to experiencing that kind of damage, but we really are headed in that direction. Security breach has become small time game.
Second anniversary of one of the India’s worst terrorist attacks 26/11 yet remained unsolved. If we go little deep in history On June 12, 2009, US and Italian investigators arrested some persons on a charge of stealing phone services from phone companies around the world and using the illegal profits thus earned for funding terrorism.
2. They were accused of hacking phone lines and selling the phone services thus illegally obtained through call centers and via phone cards. It was stated by the investigators that many of the phone calls were made over lines owned by the AT&T Corp. While the AT&T was not hacked, 12 million minutes of its phone services valued at $55 million were allegedly stolen by the arrested persons.
3. The three hackers, who were indicted by a grand jury of New Jersey in the US on June 12, 2009, were residents of the Philippines. They were accused by the investigators of helping the Madina Trading Company of Brescia, Italy, in obtaining stolen phone lines for providing stolen phone services to the customers of the company in India, Pakistan, Afghanistan, Saudi Arabia and Egypt. The "Wall Street Journal" reported on June 13, 2009, that the Madina Trading Company, which paid the three hackers, also 'financed the communications of the terrorists" in the Mumbai 26/11 attacks.
4. According to the U.S. indictment, Mahmoud Nusier, 40, Paul Michael Kwan, 27, and Nancy Gomez, 24, residing in the Philippines, conspired to break into the phone systems of 2,500 entities in the U.S., Canada, Australia and Europe. The three hackers were arrested by the Philippines Police last year, but were released on bail. On getting information of their hacking into the phone systems of American companies, US authorities took up the investigation and have sought their extradition from the Filippino authorities. It is not known what action has been taken by the Filippino authorities on the extradition request from their US counterparts. the Filippino authorities alleged that Nusier, a Jordanian national, had links with Al Qaeda.
5. The Italian Police arrested on June 12, 2009, five Pakistani nationals during raids on 10 call centers suspected of involvement in the alleged conspiracy. Among those arrested were a husband-and-wife team who managed call centers in Brescia, Italy -- Mohammad Zamir, 40 years old, and Shabina Kanwal, 38. The indictment filed in the New Jersey court alleged that the Madina Trading Company is owned by one of the call-center operators involved in the alleged conspiracy. However, the owner of the company was not named.
6. Two employees of the same Madina Trading Company in Brescia ---- 60-year-old Mohammad Yaqub Janijua and his son 31-year-old Aamer Yaqub Janijua----- who were managing the company were arrested by the Italian authorities on November 21, 2009, on a charge of aiding and abetting international terrorism as well as illegal financial activity.
7. According to Stefano Fonzi, the head of the anti-terrorism police of Brescia, on November 25, 2008, they sent money using a stolen identity to a U.S. company to activate an Internet phone account used by the terrorists involved in the 26/11 terrorist attacks in Mumbai. The funds were transferred under the identity of another Pakistani who had never been to Italy and was not involved in the attacks, Fonzi said. His identity was probably stolen when he used another money transfer agency in Pakistan. The order to open the account that allowed the attackers to communicate during the attack came from two men in Pakistan. The Italian Police said the identities of these Pakistanis had been intimated to the Pakistani authorities.
8. The transfer of the money by the Mumbai conspirators through the Madina Trading Company had come to the notice of the Federal Bureau of Investigation and the Indian authorities shortly after the 26/11 attacks, but the manager of the company and his son could not be arrested immediately by the Italian authorities as they had fled Italy----reportedly to Pakistan. They were arrested when they returned to Italy. If it is correct that they had fled to Pakistan, it is not clear why they were not arrested by the Pakistani authorities.
9.The investigation into the activities of the Madina Trading Company bring out the involvement of members of the Pakistani diasporas in the West in the sale of stolen phone services and the use of such companies by terrorist organizations based in Pakistan such as the Lashkar-e-Toiba (LET). These organisations seem to have an up-to-date database of Pakistani-owned or run companies which could be used for facilitating terrorist attacks. Another example is India and Pakistan engaging in a cyber protest caused by national and ethnic difference. After a cease-fire in the Kashmir Valley hackers took it upon themselves to continue the hostilities. In 2000, pro-Pakistan hackers defaced more than 500 Indian web sites. Conversely, only one known Pakistani site was hacked by the Indians. ... The group G-Force Pakistan was the most active group claiming involvement in the events. This still continues, every day hundred of websites of both the countries are hacked (defaced) by hackers. God knows the fate of 26/11, there are peace talks going on in hacker’s forums, but nothing is predictable. So the future isn't just about physical attacks on the infrastructure but it’s also matter of concern on security threat to nation. The problem isn't just restricted to terrorism. There are a variety of attackers that can attack the networks including criminals and hackers. Attacks are getting more sophisticated, costly, and greater in number and the numbers of attacks are going up significantly. Attacks can come through a number of different sectors of the economy, before they reach national defence systems. That requires the office to identify the vulnerabilities in critical systems not just on defence, but in banking or finance and in other sectors too. We should not just look at industries and government sectors, but also home users and small businesses, because of the "always on" phenomena. It’s high time we need a quick response system which includes contingency planning and information sharing, as well as continuity and recovery. No country can stand alone on cyberspace security because of globalisation of markets and telecomms systems worldwide.
(The views expressed by the author in the blog are her own, but deffinately not imposed on anyone if you do not agree pleas feel free to leave your openion, in comments )