Militerisation of Cyber Space & Weaponisation of Software By DR T.H. CHOWDARY * Director, Center for Telecom Management & Studies Chairman, Pragna Bharati (Intellect India), Andhra Pradesh Fellow: Tata Consultancy Service Ltd. * Former Information Technology Adviser, Government of A.P Chairman & Managing Director Videsh Sanchar Nigam Ltd., Bombay T: +91 (40) (O) ® F: +91 (40) (O)‏ Talk at IETE, Visakhapatnam : 4 December 2010

Preface A specter is haunting a great power like the US and the powers like India that want to be great and the power Russia that was once a super power. The specter is Information Warfare (IW), in cyber space. Internet is being militarized just as the outer space was militarized by the Ronald Reagon, Margaret Thatcher combination. Software is being weaponised in order to smash the adversaries capability to wage war. This power point presentation is to sensitize Indian policy - makers to the looming peril and urge Indian professionals to develop the skills that are necessary to make our computer networks impregnable. No amount of funding will be too much to secure our networks especially those of the armed forces, finance and banking, telecom and power, health care and emergency service sectors. S454_ Dec20102THC_CTMS

ICTs are affecting our civilization Cell phones, computers, Internet, communications satellites, optical fiber cables, wireless in the local loop (WILL) Global connectivity to every equipped person, at any time, to anyone, anywhere S454_ Dec20103THC_CTMS

ICT-based Information Society Information storage, transmission and exchange over millions of computer networks distributed across the world. Diplomatic Missions, e-governance, power grids, telecoms, civil aviation, railways, police & related security and law enforcement, organs, banks, health and relief services…armed forces networks, supply chains… are targets. S454_ Dec20104THC_CTMS

ICTs in and for war Electronic warfare Militerisation of outer space – Star Wars (Indrajit of Ramayana & Ghatotkacha of Mahabharat) Ronald Reagon, Margaret Thacher Vs. The Soviet Union (Gulf Wars I and II, Afghanistan/ Pakistan ) S454_ Dec20105THC_CTMS

China- The Foremost Information War (IW) Power Sources for this presentation: 1. Northrop Grumman project; Capability of the Peoples Republic of China to Conduct Cyber Warfare and Computer Network Exploitation prepared for the US-China Economic and Security Review Commission. Shadows in the Cloud : A report released on 6 th April 2010 by the Information Warfare Monitor Citizen Lab, Munk School of Global Affairs, University of Toronto and (b) The SecDev Group, Ottawa and the Shadow Service Foundation. Cyber Warfare: An Analysis of the Means and Motivations of Selected Nation States by the Institute for Security Technology Studies at Dartmouth College, USA Ten Critical Trends for Cyber Security - World war The Futurist, Sept- Oct 2009 Scrutiny Cyber Space for the 44 th Presidency: A report of the CSIS Commission on Cyber Security S454_ Dec20106THC_CTMS

Cyber War Silent, bloodless but deadly. Russia crippled Georgia’s computer network Russia crippled Lithuania computer network Others warm us! US & Canadian sources disclosed April 2010 that China stole 2.2 Terabytes of India's military information Munk School of Global Affairs University of Toronto Report: Shadows in the Cloud Investigating Cyber Espionage – Docs. of National Security Council – Mil. Intelligence Directorate – Tracked several Indian Missions abroad & Dalai Lama’s government in Dharmasala 7S454_ Dec2010THC_CTMS

Canada Alerts us! Two actions : hack (deface etc) & Steal Gulshan Rai: Computer Emergency Response Team (CERT) Munk discovered Ghost Net in March 2009 covered 103 countries India focused Shadow Net Malicious software like Trojans Shadow Server Foundation (USA) - a voluntary group of internet Security professionals Collaboration between Munk &Shadow Server Foundation Register domain names ( cst $ 10 to 100 ea) 8S454_ Dec2010THC_CTMS

China: The Cyber Warrior (1) China’s cyber force at least 50,000 targeting India & Dalai Lama 10 Indian Embassies compromised Afghan, Russia, UAE, USA, UK, Nigeria National Security Council Sect – 2MES Establishments – 2Mountain Artillery Brigade – 2 Air force stations – Army Institute of Technology Pune – Military College of Electronics & Mechanical Engineering in Secunderabad 9S454_ Dec2010THC_CTMS

China: The Cyber Warrior (2) Munk center & 2 Researchers from the varsity of Illinois & Cambridge issued reports in march 2009 It revealed that 1295 computers in 103 countries were affected 30% of computers affected had high value content Indian Embassies in US, UK,FRG, Serbia, Cyprus, Belgium, Italy & Kuwait Chengdu capital of China’s Sichwan Province, in league with officially tolerated hacker organisation - NSFOCUS, EVILOCTAL linked to PLA University of Science &Technology in Chengdu – hosts hackers 10S454_ Dec2010THC_CTMS

China: The Cyber Warrior (3) Information Warfare Doctrine in the book- Unrestricted Warfare by Sr. Colonels of the PLA I.W is asymmetric as it affords stealth, speed and deniability Y2007: Hu Jintao Prime Minister of China stressed cyber capability in the PLA China formulated the cyber strategy in the early 1990s 11S454_ Dec2010THC_CTMS

China: The Cyber Warrior (4) 1997 Deng said, “What oil is to Middle east, rare earth metals are to China” Japan needs 35,000 tons of r.e.ms /year termed then as “21 st century’s economic weapons”. Chinas has cornered control over the world’s rare earth metals - restricts export to 35,000 tp/y Hundreds/thousands are trained in I.W in academies run by the PLA. Eg: Wuhan Varsity Raised militia units since Y 2002 drawn from Cos. ( like our TA) and Academia HUAWI & ZTE- specialists in wireless technologies Sichuan & XingJian – Uighur are locales for the Militias (Source: Jayadev Ranade Indian Express ) 12S454_ Dec2010THC_CTMS

China- The Foremost Information War (IW) Power (2) China’s Intellectuals resources for I.W The Science of Military Strategy The Science of Campaigns An Introduction to Information Warfare -written by Maj.Gen. Dai Qingmin. He worked at the PLA’s Electronic Engineering Academy. The Academy of Military Science has a journal, China Military Science with close links to PLA theoretical, experimental and practical work in the weaponisation of software. S454_ Dec201013THC_CTMS

China- The Foremost Information War (IW) Power (3)  China’s Intellectuals resources for I.W Institutions : The National University of Defense Technology, Changsha, Hunan Province The PLA Science & Engineering University The PLA Information Engineering University The AMS has a Department of Warfare Theory and Strategic Research. The PLA maintains 6 Technical Reconnaissance Bureau (TRB) located in Lanzhou, Jainan, Chengdu, Guangzhou and Beijing military regions that are responsible for SIGINT collection of strategic and tactical targets. The first TRB in Chengdu received a series of military commendations for substantial achievements in informatisation research. S454_ Dec201014THC_CTMS

China- The Foremost Information War (IW) Power (4) China’s I.W Doctrine PLA’s goal is to establish control of an adversary’s information flow and maintain dominance In the battle space The Information War (IW) strategies called Integrated Network Electronic Warfare. It targets the adversaries’ information systems to delay deployments and impact combat effectiveness of troops already in theater. Campaigns will be conducted in all domains simultaneously – ground, air, sea and electro-magnetic space. It seizes control of adversary’s information flow and establishes information dominance. PLA considers that this is a pre-requisite for seizing air and naval superiority. S454_ Dec201015THC_CTMS

China- The Foremost Information War (IW) Power (5) China’s Haktivist communities The Chinese hacker community. They are thousands of web based groups. They are developing malware tools. The community is engaged in large scale politically motivated denial of service attacks, data destruction and web-defacements of foreign networks. They are HACTISTS. They trade attacks with their counter parts in the USA, Japan, Taiwan, Indonesia and South Korea. Hackers are 2 kinds - White hat Hackers: These are bug hunters - exploit coders. Their goal is profits. They help improve security and achievement of recognition with great exploits & Black Hat operators : They are mercenaries, get paid to penetrate networks; they write worms and viruses. S454_ Dec201016THC_CTMS

China- The Foremost Information War (IW) Power (6) Chinese cyber ware hactivists have a nation state customer, making the activity state- sponsored by default, regardless of the affiliation of the actual operators at the keyboard. These operators have resources necessary to develop and exploit previously unknown vulnerabilities that are often missed by signature based IDS /IPS and end point protection software. These groups are heavily focused and research new Zero Day vulnerability (that is first ever discovery of vulnerability S454_ Dec201017THC_CTMS

China- The Foremost Information War (IW) Power (7) Recruitment & Organisaion PLA has Information Warfare Militia units since Y2002. The PLA scouts and identifies IT professionals with specific backgrounds such as advanced degree holders; who had studied overseas and computer networking experts to co-opt them in the cyber Militias. S454_ Dec201018THC_CTMS

China’s Patriot Hackers China has a global cyber capability rating #2 Has over 10,000 hackers Organised into official & unofficial Army Red Hackers Alliance – world’s largest patriotic hacker defending Chinese honour from a perceived foreign threat in existence since S454_ Dec2010THC_CTMS

Our I.T Minister has little time! A server to host the domain name $ 30 /80 p.m Munk School communicated their findings to India on 23 Feb 2010 Munk men met Sachin Pilot on He had only 15 mnts as he was “travelling”! The hacker group “switches servers” Millions of US systems had been attacked Chinese systems are strong & encrypted on a different level -can’t be hacked easily 20S454_ Dec2010THC_CTMS

China- The Foremost Information War (IW) Power (8) Targets Numbers: 30,000/40,000 Hactivists cleverly covered links with the PLA Forensic analysis suggests that the groups are comprised of multiple members of varying skill levels operating with fixed schedules and standard operating procedures They take detailed steps to mask their activities on the targeted computer. S454_ Dec201021THC_CTMS

China- The Foremost Information War (IW) Power (9) Exfiltration Operations These attacks often begin with an message with a file attachment containing both exploit code and another small piece of software which will give the attacker control of the victim’s computer. Then this file ( usually, an image document or spreadsheet is opened by the vulnerable program on the victim’s computers ( eg: Power Point, WordPad, Adobe Acrobat etc. the back door program executes. is the most common entry vector). Analysis of forensic data associated with penetrations attributed to sophisticated state-sponsored operators suggest that in some operations multiple individuals are possibly involved, responsible for specific tasks such as gaining and establishing network accessed, surveying portions of the targeted network to identify information of value and organizing the data exfiltration. S454_ Dec201022THC_CTMS

China- The Foremost Information War (IW) Power (10) Staging points are servers where the exfiltrated data are copied into. They compress, encrypt, segment and replicate exfiltrated information before distributing it through encrypted channels to multiple external servers that act as drop points. The US information security staff could eventually detect and block the exfiltration in mainstream but not before significant amounts of data left the network. Intrusion prevention systems were then turned on to alert and block further activity and for the next five hours, these systems continued to detect attempts by the hacking operators to return to complete the exfiltration. S454_ Dec201023THC_CTMS

China- The Foremost Information War (IW) Power (11) Main Theater of operations; Chengdu Operational Exercises A Lanzhou Military Region division conducted in Feb 2009 an opposed forced information warfare exercise featuring computer network attack while countering electronic warfare attacks S454_ Dec201024THC_CTMS

Some exploits In Jan 2007 the PLA successfully fired a laser to bring down a defunct Chinese weather satellite. That system has been operationalised since. This technology is called the Nuclear Generated electro-magnetic pulse attacks for controlling space-based information assets In 2007 China successfully tested direct ascent ASAT weapon that used a kinetic kill vehicle to destroy an aging Chinese weather satellite. China has developed a road mobile ICBM, the DF-31A that can range the continental United States and a submarine launched variant, the JL-2 that will be deployed in China’s new nuclear powered submarines. In 2006 the Chinese used a laser dazzling weapon that temporarily blinded a reconnaissance satellite. A long term persistent campaign by the Chinese hacker community successfully exfiltrated at least terabits of data from US government networks as of Y S454_ Dec201025THC_CTMS

Other countries on to E.W USA Russia Pakistan Iran South Korea Israel S454_ Dec201026THC_CTMS

Some key players Data Security Council of India is an initiative of NASSOM.DSCI is developing best practices for Data Security and Data Privacy. Computer Emergency Response Team monitors computer security incidents as and a when they occur. It also maintains a database of incidents and is supposed to study trends and patterns related to intruder activity. National Technical research Organisation is the nodal agency for technical intelligence an d surveillance. Army Cyber Security establishment is supposed to protect and secure the army’s information networks. Defence Intelligence Agency is to provide timely, objective and cogent military intelligence to defence planners and defence and national security policy makers. (Source: The New Indian Express 11 April 2010) 27S454_ Dec2010THC_CTMS

What India should do Evolve & adopt an IW doctrine Train ad equip defence personnel (like south Korea ) in EW Build intellectual resources Universities, Institutes, Journals Carry out exercises Hold Hacking competitions Fund Adequately S454_ Dec201028THC_CTMS

A surprise Kautilya’s Artha Sastra has a chapter on warfare- China’s PLA’s doctrine of IW appears to be the electronic version of physical actions. Welcome GOI’s decision (13.05.’10) to set up a National Defense University near Gurgaon. S454_ Dec201029THC_CTMS

India-China S454_ Dec201030THC_CTMS

China-India Economic asymmetry Key development indicatorsIndiaChina GDP ( 4 billion)1,1004,400 Foreign exchange reserves ( $ trillion)2832,200 GDP per capita ($ in PPP terms)2,7625,963 Percentage of poor ( income below $ 1/day) Urban population ( as% of total)2940 Life expectancy (years)6474 Mobile phones ( per 100 persons)6080 Road density (road kms/100 sq.km of area)21114 (Source: Business India, November 15,2009) 31S454_ Dec2010THC_CTMS

China-India Military asymmetry Military assetsIndiaChina Defence budget ( $ billion)3287 Military personnel (million) Combat aircrafts5002,000 Major warships3475 Nuclear Capable Guided Missiles70950 (Source: Business India, November 15, 2009) 32S454_ Dec2010THC_CTMS

Trade asymmetry India’s foreign trade with China ($ billion) S454_ Dec201033THC_CTMS

China’s Might (2) New Strategy w.r. to SOEs “Grasping the Big & Let go the Small” China concentrated on labour absorbing growth China India Food grains418 mln T 210 Steel163 mln T 29 Cement650 m S454_ Dec2010THC_CTMS

China’s Might (1) China: FDI P.A $8.9 bln $37.8 bln The stock of FDI to GDP in Y 2004 – 30% in Y 2004 – 24% in Y 2007 By Y 2007 – China is the world’s 2 nd largest exporter 35S454_ Dec2010THC_CTMS

Can India catch up For India to come abreast of China by Y 2025 growth should be 11.6%; if in % (Source: Chasing the Dragon by Mohan Guruswamy Rs. 650/- & Zorwar Daulet Singh) 36S454_ Dec2010THC_CTMS

Pakis Hack Ind Stat. Inst July 11, Y 2000: ISI hacked Calcutta’s Indian Statistical Inst. To erase it (aborted) All information restored from the Back-up “Our Organisation’s name is ISI. And no other Organsiation can exist with this name” - ISI’s hackers boasted & posted 37S454_ Dec2010THC_CTMS

Spy Phones Forbes, March 19m2010 Port of Los Angels: has 27 terminals, along 70 km of coastline, watched by 400 security cameras Security police can pull live videos from any of these cameras on to cell phones or car mounted computers Nifty software created by Reality mobile hooks 140 port officers into a network – a real force multiplier Will be used in unmanned drones Telepresence at the edge- Partial video phones received video frames at a fixed rate, Reality Mobiles software sends whole frames (easily processed JPEG files) at a variable ratified to available bandwidth 38S454_ Dec2010THC_CTMS

Dhanyawad: Thank You S454_ Dec201039THC_CTMS