Dismiss Notice
Welcome to IDF- Indian Defence Forum , register for free to join this friendly community of defence enthusiastic from around the world. Make your opinion heard and appreciated.

Mega Thread - Indian Cyber Security & Attacks

Discussion in 'Indian Military Doctrine' started by PARIKRAMA, Jun 29, 2017.

  1. Zer0reZ

    Zer0reZ 2nd Lieutant FULL MEMBER

    Joined:
    Jun 10, 2017
    Messages:
    234
    Likes Received:
    288
    Country Flag:
    India
    Data of RBI, EPFO And DRDO Compromised, Says Cyber Security Firm Seqrite

    New Delhi, October 3: A cybersecurity firm Seqrite Cyber Intelligence Labs revealed the data of several important government and private organisations appeared to be compromised by a hacker. In a startling revelation, the company said it is investigating the breach with its partner seQtree InfoServices.

    • The company said the hacker had advertised for selling the data of organisations like Defence Research and Development Organisation.
    • The company found the data has been breached through India’s National Internet Registry.
    • The breach may also affect the registration of IP addresses of many organisations.
    The company said the hacker had advertised for selling the data of organisations like Defence Research and Development Organisation (DRDO), Reserve Bank of India (RBI) and Employees’ Provident Fund Organisation. It also added the hacker had advertised access to the servers and database dump of an unspecified Internet Registry.

    After a detailed investigation, the company found the data has been breached through India’s National Internet Registry: IRINN (Indian Registry for Internet Names and Numbers). IRINN comes under NIXI (National Internet Exchange of India). The breach may also affect the registration of IP addresses of many organisations.

    The company said, “[its] team then contacted the actor (hacker) for further details, posing as an interested buyer. Initially the actor was not willing to disclose the name of affected Internet Registry, however, later he agreed to share a small sample of email list from the allegedly compromised database.”

    It also added, “In the sample, the team noticed email address of a prominent Indian technology firm and another email address was from the Indian government. Then the team asked for complete/extensive emails list. Eventually, the actor agreed to share a text file containing the emails of users/organizations affected, allegedly from the compromised database(s). The text file contained a list of approx. 6000 emails.”

    The company warned if the hacker gets an interested buyer, then attack on the system could disrupt Internet IP allocation and in-turn the complete Internet in India.
     
    Sathya and Angel Eyes like this.
  2. Zer0reZ

    Zer0reZ 2nd Lieutant FULL MEMBER

    Joined:
    Jun 10, 2017
    Messages:
    234
    Likes Received:
    288
    Country Flag:
    India
    India is quietly preparing a cyber warfare unit to fight a new kind of enemy

    Recently, Pakistani hackers compromised 10 Indian websites which included National Aeronautics, Army Institute of Management and Technology, Defence Institute of Advanced Technology, Army Institute of Management, and the Board of Research in Nuclear Sciences. The hacker group — Pakistan Haxor Crew — claimed the action was to avenge the defacement of the Pakistan Railways website by an Indian hacker and to show solidarity with Kashmiris. Last year, reports emerged in Australia that the entire design plans that reveal the capability of India’s Scorpene submarine fleet were leaked. The design plans were leaked apparently from French manufacturer DCNS that is the designer of the system. According to reports, more than 22,000 pages of plans had been leaked.
    [​IMG]
    An IIT Kanpur study shared with Parliament’s Committee on Finance this year said attacks from the ‘Equation group’ — which a WikiLeaks reports said was a clandestine CIA and NSA programme — infected India’s telecom and military sectors and research institutes. The government is finally reacting to the threat with a plan to create a new tri-service agency for cyber warfare. The Defence Cyber Agency will work in coordination with the National Cyber Security Advisor. It will have more than 1,000 experts who will be distributed into a number of formations of the Army, Navy and IAF. According to reports, the new Defence Cyber Agency will have both offensive and defensive capacity. The Defence Cyber Agency is seen as a precursor of a cyber command. After reports that Russia meddled in the US elections by hacking machines and creating propaganda on the internet and the recent ransomware and other cyber attacks being attributed to North Korea, cyber warfare is gaining importance.
    [​IMG]
    According to experts, North Koreans have developed an advanced cyber program that steals hundreds of millions of dollars and can trigger global havoc. Minister of State for Home Kiren Rijiju admitted last month that there was a huge gap in India’s capability and capacity when it came to cyber warfare and it was imperative to narrow down this difference to discourage cyber attackers. China has already developed strong cyber warfare capacity. The next war may well have to be fought on the internet where a country’s vital networks and infrastructure would be on target that will create bigger disruption that actual wars. Equally important is cyber propaganda. During the Doklam conflict, China tried its best to unleash cyber propaganda on India and indulged in complex psy-ops. A Defence Cyber Agency could be the first step the government plans to for critical infrastructure and military networks that are increasingly becoming dependent on the Internet, thus increasing vulnerabilities.
     
    mugundhan and Angel Eyes like this.
  3. Zer0reZ

    Zer0reZ 2nd Lieutant FULL MEMBER

    Joined:
    Jun 10, 2017
    Messages:
    234
    Likes Received:
    288
    Country Flag:
    India
    Hackers from China break into secret Indian government video chat

    NEW DELHI: A high-profile government meeting last month involving video chat via satellite was compromised by Chinese hackers. The link was in the control of hackers for almost 4-5 minutes before a counter-offensive was launched to neutralise it, sources said.

    The Chinese link was traced by an Indian cyber patrolling team. It is yet to be ascertained whether a group of state actors were involved or a gang of cybercriminals carried out the operation.

    “The message from the hackers was clear: they could turn the tap anytime they want due to our lax cybersecurity apparatus. The way Chinese hackers hooked up to the most sophisticated and secret link is shocking and shows they could easily exploit vulnerabilities and disrupt critical infrastructure,” the sources told Express.

    This newspaper accessed the note from the Intelligence Bureau (IB), India’s domestic spy agency, which has warned the government against increasing instances of cyber espionage. “There is no let-up in targeting of a large number of Indian computers for data pilferage. Whereas government has taken several steps to address security concerns emanating from cyberspace, sources of threats to Indian cyberspace have become varied and unrelenting,” the IB note said.
     
  4. Hindustani78

    Hindustani78 FULL MEMBER

    Joined:
    Monday
    Messages:
    84
    Likes Received:
    58
    Country Flag:
    India
    Ministry of Electronics & IT
    20-November, 2017 14:22 IST
    Aadhaar Data is Never Breached or Leaked: UIDAI

    The Unique Identification Authority of India (UIDAI) responding to a news report, appeared in certain section of media on “210 Government sites made Aadhaar info public” as if Aadhaar data is leaked or breached, has said that such report is a skewed presentation of the facts and poses as if the Aadhaar data is breached or leaked which is not the true presentation. UIDAI said in a statement here that the Aadhaar data is fully safe and secure and there has been no data leak or breach at UIDAI.


    UIDAI said that this said data on these websites was placed in public domain as a measure of proactive disclosure under RTI Act by these government and institutional websites which included beneficiaries’ name, address, bank account, and other details including Aadhaar number and was collected from the third party/users for various welfare schemes. It was this collected info which had been displayed in the public domain under RTI Act. There was no breach or leakage of Aadhaar data from UIDAI database or server as has been aired by the said report.


    UIDAI said that acting promptly on this, UIDAI and Ministry of Electronics & IT had directed the concerned Government departments/ministries to immediately remove it from their websites and ensure that such violation do not occur in future. Certain other measures were also taken at various levels to ensure that such incidents of display of Aadhaar numbers do not take place. Following UIDAI’s action such data were removed from these websites immediately. However, the news presented the facts in a skewed manner and misleads readers as if Aadhaar data has been leaked or breached at 210 websites posing Aadhaar security is vulnerable.


    UIDAI reiterated that Aadhaar security systems are best of the international standards and Aadhaar data is fully secure. There has been no breach or leakage of Aadhaar data at UIDAI. Also, the Aadhaar numbers which were made public on the said websites do not pose any real threat to the people as biometric information is never shared and is fully secure with highest encryption at UIDAI and mere display of demographic information cannot be misused without biometrics.


    UIDAI clarified that Aadhaar number is not a secret number. It is to be shared with authorized agencies when an Aadhaarholder wishes to avail a certain service or benefit of government welfare scheme/s or other services. But that does not mean that the proper use of Aadhaar number poses a security or financial threat. Also, mere availability of Aadhaar number will not be a security threat or will not lead to financial/other fraud, as for a successful authentication fingerprint or iris of individual is also required. Further all authentications happen in presence of personnel of respective service provider which further add to the security of the system.


    Furthermore, UIDAI security system has people’s participatory security system like Biometric Lock facility available at UIDAI portal which any Aadhaarholder can use to put his/her own lock on one’s biometric by visiting UIDAI’s official website www.uidai.gov.in.
     
  5. Hindustani78

    Hindustani78 FULL MEMBER

    Joined:
    Monday
    Messages:
    84
    Likes Received:
    58
    Country Flag:
    India
    Ministry of Electronics & IT
    21-November, 2017 12:54 IST
    GCCS 2017
    Day 1 of The Curtain Raiser sets the tone for the mega event

    · Winnesr of the Ideathon Challenge hosted by State Bank of India felicitated

    · GCCS 2017 set to begin from 23rd November, inaugural session to be addressed by the honorable Prime Minister of India – Shri. Narendra Modi


    An action packed week leading to the Global Conference on Cyberspace 2017, kicked off today with a 2 day Curtain Raiser. The first day of the curtain raiser began with the 36-hour challenge in the Grand Finale of the Global Cyber Challenge called Peace-a-thon, one of the major highlights of the GCCS 2017. The Global Cyber Challenge is one of the major GCCS 2017 event conducted with the Ministry of Electronics and Information Technology (MeitY), National Critical Information Infrastructure Protection Center (NCIIPC), MyGov, Cyber Peace Foundation (CPF) and Policy Perspectives Foundation (PPF) as collaborators.


    The open challenge to computer wizards, hosted by top Universities worldwide for competing in a Hackathon and an Appathon had 15 top winning teams and the CTF winners competing for the top honor that would be closed at 2100 hours on the second day (21st November) of the Curtain Raiser. The open Cyber Challenge has attracted millions of registered users of MyGov, professionals and tens of thousands of scholars/students from Premier Institutions.


    As a side event to the Hackathon Grand Finale, the State Bank of India also hosted Ideathon, wherein ideas to strengthen their soon-to-be launched app YONO (You Only Need One) were invited from the participants. The top three ideas were recognized with a prizemoney worth INR. 25,000, INR. 15,000 and INR. 10,000 and two consolation prizes worth INR. 5,000 each. The prizes were transferred to the individual winners’ bank accounts through BHIM UPI App, in the presence of Mr. Sanjeev Gupta, President & CEO, NeGD and Mr. Mrityunjay Mahapatra, CIO, SBI.


    Session on Digital Policy - Key Imperatives:

    NASSCOM and DSCI hosted a half-day session on Digital Policy that covered topics of relevance from policy angle and deliberate on the role of stakeholders in the changing landscape. The event saw diverse set of speakers and participation from range of stakeholders.


    The multi stakeholder discussion examined issues from varied perspectives, allow better understanding and more informed policy decision-making. As a techno-legal-commercial platform, the need for balancing interests of the stakeholders, as well as the tradeoffs that policy making should contend with, the outcome of the deliberations will be appropriately fed into the Plenary and Parallel tracks of GCCS.

    The panel panel saw high profile speakers like Ms. Rama Vedasree, CEO DSCI, Mr. Rajat Kathuria, CE - ICRIER (Indian Council for Research on International Economic Relations), Mr. S Chandrasekhar, Microsoft, Ms. Gowree Gokhale, Leader Cyber Law, Nishith Desai Associates, Mr. Vinayak Godse, DSCI, Mr. Bhairav Acharya, Facebook, Mr. Rohan Bhasin, IBM and Mr. Sudhanshu Pandey, DoC while, Mr. Gautam Kapoor, Deloitte moderated the panel.


    Digital Transformation - Experience Sharing by Digital Champions:

    Digital transformation is described as "the total and overall societal effect of digitalization". Digitization has enabled the process of digitalization, which resulted in stronger opportunities to transform and change existing business models, socio-economic structures, legal and policy measures, organizational patterns, cultural barriers, etc. The session on Digital Transformation - Experience Sharing by Digital Champions, was chaired by Mr. Dinesh Tyagi, CEO, CSC SPV. Besides some heartwarming experiences shared by the VLEs from Rajasthan, Chhattisgarh and Haryana, the session witnessed some inspirational words from Mr. Shrikant Sinha. CEO, NASSCOM Foundation, Prof. Abhay Karandikar, Dean (Faculty Affairs), Institute Chair Professor, Department of Electrical Engineering, IIT Powai, Mumbai, Prof Alok Pande- Professor (Accounting & Finance), Lal Bahadhur Shastri Institute of Management, Mr. Krishnamachari Srikanth, Ex-Cricketer and member of the World Cup Winning Team, 1983. While, Mr. Srikant Sinha emphasized on reduction of e-waste and greater focus on re-use, re-furbish and recycle, Mr. Krishnamachari Srikkant called out for empowering the rural India through digital transformation, that provides more opportunities to the citizens belonging to the remote locations to have access to everything what a city dweller enjoys. He also cited the example of M.S. Dhoni, who albeit hailing from a small town, ruled the cricket world. Mr. Alok Pandey summed up the session highlighting livelihood, education and healthcare as the three basics, which needs to be digitally transformed.


    Session on Artificial Intelligence in Cyber Security:

    As the role of IT in businesses gets diversified with a greater role of digital in global economy, securing the business processes and transactions gets tougher. While the digital economy is creating new business opportunities on one side, it also intensifies the spectrum of attack vectors for both attackers and opportunists to thrive on. A very relevant session by Checkpoint, on Artificial Intelligence in Cyber Security, was chaired by Mr. Pavan Duggal, Cyber Law Expert, while eminent speakers and experts like Partha Sengupta, ITC, Mr. R S Mani, NIC, Mr. Pranab Mohanty, UIDAI, Mr. Venugopal N, Checkpoint, Mr. Ramandeep Singh, QoS, Mr. Bhaskar Bakthavatsalu, MD, Checkpoint and Mr. Harsh Marwah, Country Manager, Checkpoint put forward their views on how we have to execute a Cyber Resilience framework by working on:


    (a) high volume, veracity and velocity of data for ingestion telemetry;

    (b) applying the un-supervisory machine learning models to generate local intelligence from the ingested data in the form of indicators of attack (IOA) & pivot (IOP);

    (c) to enrich the intelligence with 3rd global and dark web feeds and apply the Artificial Intelligence through Supervisory Machine Learning models to assign the risk scores to each event.


    The Curtain Raiser have 14 events where approximately 1400 stakeholders are participating. Besides this, there are multiple side events in the backdrop of GCCS 2017 that are presenting a unique opportunity for people to engage with delegates present in the conference, particularly on niche topics such as Block chain technology, Internet of Things, Proliferation of Indic languages and Smart Cities.
     

Share This Page