Aasis Vinayak wears many hats. Author, hacker, researcher and free software activist. He is also the developer of V Language, a programming language which employs Artificial Intelligence. In this exclusive column for Sify.com, he argues that even as India and Pakistan reiterate that war is not really an option, the cyberwar between the two nations began long ago, and that India seems less than prepared to fight it.
This is the transcript of the conversation between two hackers (I prefer the word cracker) after successfully hacking the server of Bhabha Atomic Research Centre (BARC) way back in 1998. The two geeks were chatting about their spare time activities in an IRC channel.
Joey (who used the nick name t3k-9), was just a 15 year old 10th grade student. On that afternoon, he pointed his browser to the old search engine, Infoseek, and queried “.in atomic”. One of the first sites to come up was that of BARC.
He then used the John the Ripper DES Encryption Cracker software to crack the login password. In fact, this software does the simple dictionary operation by exploiting a phoney login mechanism. The cruncher tried many probable mishmash of characters – ranging from a, b, aa, bb, cc to complex combinations. To this, he added many other special customised wordlists that he downloaded from the Net, for better results.
It took him just 45 seconds to break into the BARC server. He looked at the password: ANSI – a simple and elegant one. Now he had to log into the system. Joey decided to try his luck by using the same password, and stuck pay dirt. Without wasting any time, he downloaded all login names and passwords. He then created a back door through which which he could login to the system even if the password was changed.
His next target was the Web server. He went there, read some emails and opened the attached files. But reams of matter about particle physics didn’t interest him. So he backed out, of course after erasing his fingerprints in the site log.
It was only after this incident that India started taking network security issues seriously.
Ratko (IronLogik) , who was then 18, showed the government that its classified and semi-classified data was anything but secure. The two youngsters claimed to have acquired many classified documents pertaining to the nuclear test conducted in May 1998. Using a hacked Internet account, Ratko migrated to different US/ European servers and finally picked an IP, assigned to a Los Alamos-based system. These made it extremely hard to track the original system. Once he got in, he erased the administrator logs.
While most experts described this incident as a mere prank, it brutally exposed the vulnerabilities in Indian network security. The leakage of information on key strategic issues poses a major security threat, as hackers can effortlessly read unencrypted emails and attachments and electronically eavesdrop on mail conversations. The hackers/crackers can also relocate all the data stored in the system, delete data or send unauthorised mails to others that may tarnish the image of the country. And by a logical extension, they can control any strategic defence device attached to the network and exercise it against the nation.
The BARC event heralded a new era of warfare, and the first phase lasted from late 1997 to 2002. Hacker clubs owing allegiance to either India or Pakistan formed networks. Pakistan’s ISI quickly started ‘recruiting’ these hackers to attack many Indian sites. Infact, PHC (Pakistan Hackers Club) and Gforce fought for Pakistan in the war.
Soon, in the third-quarter of 2002, the official website of the Andhra Pradesh Crime Investigation Department (CID) - was reportedly hacked by pro-Pakistan hackers (the website was again targeted on November 26, 2008). A self-proclaimed Indian hacker group HMG, or ‘Guards of Hindustan’ fought on the ‘Indian’ side. These groups ‘fought for websites’ to demonstrate their skills and establish themselves. Finally it was reported that the Pakistani Groups settled issues with NEO, an Indian hacker, and they decided to put an end to the five-year-long-warfare.
But the war was restarted soon after, and continues to this day. Pakistan's Oil & Gas Regulatory Authority's (OGRA) website was hacked by HMG’s ‘Indian script kiddie’ (November 17, 2008) A Pakistani Group called PCA (Pakistan Cyber Army) struck back by hacking into India’s Oil and Natural Gas Corporation (ONGC) website . These ‘black hat’ hackers also vandalised four more Indian sites including the data site of the Indian Institute of Remote Sensing www.iirs.gov.in (that handles emails) and the Indian Railway's data site but thankfully they couldn’t do much damage to the IIRS site. They also attacked the Kendriya Vidyalaya (in Ratlam) site. Pakistan groups even targeted general websites like (which now carries a message posted byCyberSpy 5 – the hacking agent) After gaining control over the Kendriya Vidyalaya website, the HMG posted an ‘advice' asking the site administrator to fix the flaws. “Ur site was hacked by Pakistani hackers, now ur site is in our Indian hackers' control,” was their message.
The Pakistani group also infiltrated into the server of the Bank of Baroda and Eastern Railway (www.eastern), and used it to ‘officially’ declare war.
“Cyber war has been declared on Indian cyberspace by Whackerz- Pakistan (24 Dec-2008),” read the message. This was followed by another note: “Indians hit hard by Zaid Hamid.”
But it is not just hackers from Pakistan that India has to contend with. The website of The Bank of India, for instance, was hacked and seeded with a wide array of malware that in turn attacked visitors to the site. Tracing the source of an attack is a headache. This may sound strange given reports of the police tracking down the person who had sent intimidating emails to the President, or the person who had sent abusive mail to a celebrity.
But the perpetrators are dissimilar. Professional hackers know the tracing tools used by authorities and hence, use effective countermeasures and opt for ‘the safest route’. When the Eastern Railway website was attacked by planting a Trojan virus in the site (which was done in retaliation to the alleged violation of Pakistani airspace by Indian aircraft), ER officials tried to trace the route. After numerous top-brass meetings, they could to only up Toronto in Canada before reaching a dead end.
There are also many ‘local hackers’ who intrude into high security zones “for fun” or to expose their vulnerabilities. But this may aid foreign agents to attack our servers.
Though many government sites have add-on firewalls and cyber security certificates (ER has a certificate issue by US-based Thawte consultation company), the attackers continue to get through. It was not long before when Greek black hat hackers broke into the high security zone of the CERN laboratory and vandalised the website of Large Hadron Collider – LHC.
Apart from the dictionary attack mode, hackers can also use a SQL (Structured Query Language) injection method where pages with active content (like contact forms) are used. This is the most preferred technique of Chinese hackers. For over two years (which lasted till the first half of 2008), China mounted daily attacks on Indian computer networks, both government and private. The methods adopted are so sophisticated and varied that it is difficult to categorize them under a generic head. Some of the major attacks whose roots were traced to China targeted the NIC (National Informatics Centre), the National Security Council, and the Ministry of External Affairs.
According to security experts, Chinese hackers are the acknowledged experts in setting up BOTs - a parasite program embedded in a network, which hijacks the networks and control the systems in the network- which in turn are controlled by external agents.
As per official estimates, there are at least operational 50,000 BOTs in Indian networks. The infiltrator usually also embeds some ‘mines’ which are essentially ‘key loggers’ capable of scanning devices and processes. So the moment you hit a key on the keyboard, it will be communicated to the ‘external agent’. They also use mapping (or scanning networks) as a prerequisite.
Faced with this new threat, India's Research and Analysis Wing, as well the Intelligence Bureau, took this new form of warfare seriously and created a body to monitor network activity. In Pakistan, they use a central routing device (a Cisco router) to monitor the traffic. But in India, our mechanisms are multifaceted.
Anyone using computers is familiar with the words malware and spyware. But hardly anyone discusses hackware that poses a far serious threat to an increasingly networked world. A group of security experts reviewed the networking tools after crackers broke into the Bank of India server (August 30, 2007). In their report (a segment of which is available here), they exposed the serious threats and the vulnerabilities in the network security.
This is not just true for India. The entire world's commercial and financial markets are intricately networked. The 2008 financial meltdown is a prime example of how quickly a domestic economic crisis can impact the entire world.
Much has been said about the War on terror. But are we prepared to deal with cyber-terror where faceless entities sitting in another corner of the world can bring down or seriously compromise a nation's security?
Those who believe that nations like Pakistan lack the technical know-how to initiate such acts, should read a recent article in Tehelka by Harinder Baweja. According to Baweja, who was taken on a conducted tour of the madrasa at Muridke, Pakistan, the headquarters of the Jamaat-ud-Dawa and believed to be the headquarters of the Lashkar-e- Taiba, “The students who enroll in the school pay a fee while those who study in the madarsa and pass out as masters in Islamic studies can come for free. Learning English and Arabic from class one is compulsory, as is a course in computers.”
The Chinese cyber attack on the Pentagon in June 2007 is another prime example.
Even as I was writing this piece, I learnt that the site http://iirs.gov.in/ had been attacked again, with visitors being redirected to a commercial website.
So, while India and Pakistan officially maintain that neither side wants a war, the cyber war has been officially declared open.
Are we ready for it?
The author can be reached at email@example.com
The views expressed in the article are the author’s and not sify.com.