June 2012

Combating Cybercrime

Views: 402

“The breaches that happen in India are mostly the handiwork of semi-professional hackers and hacktivists, who are usually looking for easy targets”

Pankaj Jain
Pankaj Jain, Director, ESET India (ESS Distribution Pvt Ltd)

The Indian government is the custodian of valuable data that belongs to a large   number of Indians. So it is necessary that there should be a level of trust between the citizens and the government entities entrusted with storing and safeguarding the data. If trust is not there, citizens might not be willing to share their data with the departments and that will lead to the failure of many initiatives. The IT Ministry has framed laws to ensure that the data is safeguarded. But laws alone cannot ensure data security. For achieving security, we need to deploy hardware and software solutions at all levels.
Official statistics from NASSCOM and Data Security Council of India (DSCI) shows that 9,000 Indian websites were hacked in last 5 years. Considering the fact that majority of the breaches go unreported in India, it is our estimate that  the real number of hacking episodes could be about 10 times more than  what the official estimates indicate. Why do the hacking cases go unreported? Primarily because there are no rules to compel an organisation to report the hacking episodes. The most surprising thing is that even the large organisations come to know about a data breech only after it has been reported by the hackers themselves.

Targeted by hacktivists

As far as the cyber threat landscape in India is concerned, we are not talking  about such sophisticated attacks as Aurora or Stuxnet. These attacks did have  an impact in India, but the thing is that the country was not the primary target.  The breeches that happen in India are mostly the handiwork of  semi-professional hackers and hacktivists, who are looking for easy targets. So  the attacks are relatively simple. But the thing is that in a rising economy like   India, the IT infrastructure should be such that the hacking episodes can be avoided.
Globally we are seeing a significant rise in cases of APT or “advanced persistent  threats,” which are very sophisticated hacking attacks aimed at  governments, companies, political or social activists and performed mostly by  large groups of hackers, who may or may not be without probable corporate or  government support. In India also such incidences are on the rise.
Recently, we had the episode of Bangladeshi hacker group named “Bangladesh  Black HAT Hackers” attacking thousands of Indian websites, including sites of  Border Security Force (BSF) and several Indian ministries in response to an  incident on Indian-Bangladesh border. The hackers targeted the websites of Indian ministry’s, political parties, Bollywood stars, and large financial and  media organisations as well. The web resources were exposed to DDOS attacks  through botnet created by Bangladeshi hackers.
Then there was the case in Rajasthan, where more than 20 government  websites got hacked. According to the official statement from Sachin Pilot, Minister of State for Communications & IT, more than 100 government websites have been compromised by hackers in the past three months. The data we are getting from blackhat forums indicates much higher numbers.

Hackers are making money

Globally, the hackers seem to be making lot of money. They have become  professionals. The estimates made by ESET indicate that the global earnings of  cybercriminals are in the tune of $ 7-8 billion in 2011. The monthly revenue of  some large cyber criminal groups runs into tens of millions of dollars. The  revenues of cyber criminals seem to be much more than enterprises’ spending  on IT security. Moreover, such revenues with rather small expenses on organising cyber attacks allow hackers to invest more in R&D and technology  improvements.
Fighting cyber crime means lot of innovative thinking on part of security  agencies. The cyber criminals are armed with latest software and hardware  tools and they are constantly changing their strategies. People have to be  advised that they should create long passwords. Many times hackers are able  to pick up targets easily as there are passwords as simple as “1234.” The  bottom line is that the human factor plays more important role in cyber  security than technology itself.

Comments

comments

Click to comment

Leave a Reply

Your email address will not be published.

Latest News

To Top