Presentation on theme: "Information (&) Warfare Countering Threats to National Security Pratap Reddy IPS, Additional Director General, Directorate of Fire and Emergency Services,"— Presentation transcript:
Information (&) Warfare Countering Threats to National Security Pratap Reddy IPS, Additional Director General, Directorate of Fire and Emergency Services, Karnataka
Doomsday Scenarios Die Hard 4 – not in reel life but, in real life!!? Mid-air collision of aircrafts Train accidents due to signal malfunctioning Power Grid failure leading to power outage in major cities Breakdown of stock markets impacting millions of traders and investors Failure of Banking infrastructure halting electronic transactions Non-availability of telecom services
Some Major Incidents
STUXNET A Computer Worm which infects Windows OS Thousands of Computers in Iran, India and Indonesia affected Espionage & Destruction Damaged Centrifuges by infecting computers controlling PLC of Siemens made ICS in Iranian Nuclear Reactors Used USB drives for propagation 4
26/11 – The Mumbai Attack Seizures included, Mobile Handsets and GPS Trackers No of SIM Cards Used and also a Satellite Phone Created Bogus Identity Cards – One address was: Samir Dinesh Chaudhari, 254 Teachers Colony, Nagarabhavi, Bangalore A total number of 41 calls (8834 seconds) were made from Taj Mahal Hotel, 62 calls (15,705 seconds) were made from Oberoi/Trident and 181 calls (35, 172 seconds) were made from Nariman House
The Terror Connections Numbers were connected to an account created with CALLPHONEX, a VoIP service provider based in New Jersey, USA Payments to Callphonex – via MoneyGram - Paracha International Exchange located at Road Anarkali Fayazuddin in Lahore Western Union Money Transfer agent Madina Trading, located in Brescia, Italy by Mr.Iqbal with Pakistani passport number KC Accused, while communicating with Callphonex used ID yahoo.com. This ID was accessed from atleast ten IP addresses.
yahoo.com – accessed from atleast ten IP addresses
s and GPS A threatening from gmail.com was sent to a News Channel on 27 Nov The was sent from IP address This IP address belongs XXXX GASCOM 4a Lenina Str., Koroliov, Moscow region, Russia.
Delhi Airport CUPPS failure- Cyber attack? Disgruntled employees target CUPPS (Common Use Passengers Processing System ) at IGI Delhi Airport. Over 50 flights were delayed for several hours causing a major embarrassment and loss to the management. CBI registered a criminal case under ITAA employees were arrested Usage of logic bomb suspected.
How Well Organized are the Cyber Criminals?
Child Pornography Phishing Rogue Name Servers Malware C&C Malware Infection Server Malware Drop Site Money Mule Sites Spam Content Servers Pharmaceutical Fraud Sites Rogue Payment Processor Sites Botnet C&C Sites Bank Account Intrusion Sites Fast Flux Sites DDOS Sites Carding Forum Sites Criminal IRC Sites Courtesy: NCFTA / FBI
An Attack and An Accidental Detection
DDoS attacks on: The Estonian presidency and its parliament Almost all of the country's government ministries Political parties Three of the country's six big news organisations Two of the biggest banks; and firms specializing in communications Source: Estonian Cyber Attacks
Oplan Bojinka Oplan Bojinka was a 1995 plan by Al-Qaeda to simultaneously destroy 11 passenger aircraft over the Pacific Ocean. If the operation had been successful, Al-Qaeda would have murdered thousands of airline passengers.
Oplan Bojinka The plot was discovered after a fire broke out in the Philippines apartment of Ramzi Yousef, a Kuwaiti of Pakistani extraction and member of Al-Qaeda. Yousef was involved in the first World Trade Center bombing in 1993.
And a Complete Compromise A breach allowed the intruder to trick DigiNotar ’s system into issuing him more than 500 fraudulent digital certificates for top internet companies like Google, Mozilla, and Skype. This meant that users who went to a supposedly secure page such as https://google.com were at risk of having a malicious third party who possessed the Google certificate pose as the legitimate site and trick the user into entering his username and password into the impostor site
Why should we be concerned?
India’s expanding Cyber Space source: DSCI
Cyber attacks- Levels source: CERT-India
Cyber Terrorism- FBI’s Definition “Cyber Terrorism is the premeditated, politically motivated attack against information/computer systems, computer programs, and data that result in violence against noncombatant targets by sub national groups or clandestine agents.”
Interesting facts- Cyber Terrorism In 1997, Barry Collin(author) coined the term “Cyber Terrorism”. Terrorists organizations while revamping their outfits, are giving due importance to technology. Terrorists first make a simulated test of the computer attack- to avoid detection of their preparation Seized computers belonging to Al-Qaeda indicate their familiarity with hacking tools. (Richard Clarke “Vulnerability: What are Al-Qaeda’s Capabilities”, PBS frontline)
Written reply of Minister of state for communications and IT to Lok Sabha in connection with 117 websites defaced within 6 months(Jan- June 2011) The specific steps taken by Government towards ensuring cyber security are: i. All the new Government websites and applications are to be audited with respect to cyber security prior to their hosting. The auditing of the websites and applications will be conducted on a regular basis after hosting also. ii. National Informatics Centre (NIC) has been directed not to host web sites which are not audited with respect to cyber security. iii. National Informatics Centre (NIC) which hosts the government websites is continuously engaged in upgrading and improving the security posture of its hosting infrastructure. iv. All the Ministries/ Departments of Central Government and State Governments are implementing the Crisis Management Plan to counter cyber attacks and cyber terrorism. v. The Indian Computer Emergency Response Team (CERT-In) issues alerts and advisories regarding latest cyber threats and countermeasures on regular basis. The existing Government websites are periodically audited from security perspective and vulnerabilities found are plugged
Countering Cyber terrorism Legal Response International cooperation Governmental response Technological response Capacity building
Understanding the Threat Landscape TECHNOLOGY
Key Gap Areas – Traditional Sectors Legacy systems Capacity existed within External assistance minimal Jurisdiction bound Traditional Legacy employees But, modern technology Lack of capacity within Larger role of external agencies / private Black-box solutions / vendor driven Boundary-less Now
Legal Response- INDIA Amendments to Information Technology Act, 2000 – Section 66F Punishment for cyber terrorism – Section 70 Protected System – Section 43 Unauthorized access – Section 70A National nodal agency – Section 70B Indian computer emergency response team.
Section 66F Punishment for Cyber Terrorism Threaten the – Unity, – Integrity, – Security or sovereignty of India or to strike terror in the people or any section of the people by – (i)Denial of access to computer or (ii)Attempting to penetrate or access a computer resource without authorisation or (iii)introduce any Computer Contaminant (iv)interests of the sovereignty and integrity of India, the security of the State, incitement to an offence commits Cyber Terrorism Imprisonment for life
Cyber Terrorism – ITAA 2008 (source: Cyber Crimes, Talat Fatima) CYBER TERRORISM Intention to threaten security of India Denies access to any person authorized to access Obtains Information Gains access unauthorized, causing Which is related to security of India Death Injury to person Damage to property Disrupts supply, service and harms C.I.I
Solution Need to develop new policies that do not hinder the growth of ICT or affect the fundamental rights of citizens in India. Need to develop policy for /mobile service providers. Google stores information only for 28 days!? Need to institutionalize collaboration between law Enforcement, Military and all security & intelligence agencies to thwart the cyber terrorism.
Contd., Implementation of crisis management plan by all depts and ministries and critical agencies in both private / pulbic sector. Indigenous development of suitable security techniques & technology through frontier technology research, solution oriented research, proof of concept, pilot development etc. and deployment of secure IT products /processes (source: National cyber security plan(Draft)- MIT, GOI)
Contd., Use of secure products/services, protocols & communications, trusted networks and digital control systems. Internet Service Providers (ISPs) would be closely associated in – Providing for secure information flow through their networks and gateways. – Appropriate legally binding agreements need to be in place to support law enforcement, – Information security incident handling and crisis management processes on a 24x7 basis. (source: National cyber security plan(Draft)- MIT, GOI)
Technological Response Dismantling the terrorists IT infrastructure by using technology – not be considered as retaliation. Infiltrate on attackers IT systems- legality? Monitoring of DATA/VOICE under relevant legal provisions Installation of High resolution CCTV cameras at important places.
J Dey Murder Case What is available in public domain? How are we planning the CCTV networks – huge bearing on what we get? Best Practices to plan networks Trade-off between quality, storage and, end use of the recorded video / images.
Some Initiatives NASSCOM-DSCI Cyber Security Initiatives Manual of best practices / investigations Modernization-led planning CCPS strengthening / State Resource Centre Private sector expertise for forensic services Coordination with Judiciary National Initiative – CCIP with MHA
Bringing the layers together Participation of private industry with the Government to – Secure nation’s infrastructure – Spread awareness among the different stake holders of the society and – Importantly, train the law enforcement in the upcoming new technologies