Should India raise a Cyber Army? 

It has  been observed that in the month of August 2000, 52 Indian websites were attacked and defaced by hackers believed to be from Pakistan. In the past, prestigious and sensitive sites such as Indian Army, BARC, VSNL etc has been  successfully hacked. If we accept that "Digital Economy" is becoming  an important part of any Country's economic activity, one can accept a logic in this  act of  organised hacking.  

It is not clear whether the Indian Government has taken note of this development and has taken any counter offensive in this regard. Yesterday, there was an unusual post in the message board of the Ministry Of Information Technology from a person who wanted  to hack Pakistani sites. Essentially he  wanted to join the "Cyber Army" if there was such a provision. 

According to Indian Law however, irrespective of the objective, "Hacking" is an offence. If therefore an Indian  hacks a Pakistani site, Pakistan can initiate legal action through appropriate courts  to punish such a "Cyber Soldier". 

At the same time, there is a need to set up a body which can assist Indian Website Owners in protecting  from attacks from the  enemies of the Country. If such an attack happens only because the site belongs to an Indian,  then the state has a duty to protect its Citizens in the Cyber space. While there is some talk of "Taxing" the Cyber society, there has so far been no talk of "State Protection" for the Indian Cyber Society. 

Many other countries have already set up "Computer Emergency  Response Teams" (CERT) who try to advise and assist the public against Virus  or  Hacking attacks. 

There is an urgent need for a CERT to be set up in  India. This has to be funded by the Government and supported by the industry. Nasscom should take a lead in this respect. Knowing the lethargy  and preoccupation of our legislators, I feel that this is another responsibility thrust on Netizen's Forum for Credible Cyber Regulations to initiate some action. 

I look forward to the advise and support of Cyber Security specialists in this regard. 

Send your views in this regard to Naavi 

Naavi
September 8, 2000
 

We know that the govt. is lethargic and incompetent and no matter what you do to offer help, it will be a waste of time. Let them manage their own affairs and sink or swim.

As far as other private parties are concerned - a CERT may help. Again, I am personally opposed to govt. funding. We are all too ready to ask them to do everything even though we know they are lethargic and incompetent and also in this case ignorant of the issues.

So, it should be a private initiative - may be the 'big 5' IT companies can help. They will learn and perhaps even earn as their people will become specialists.

Are you listening TCS / Infosys.....?

PKS
September 8, 2000

I am software professional who is in IT and UNIX world for more than 10 years.  Please let me know if I may be of any help to regarding CERT.

Thanks
Shailesh Raval

 Yes, there is certainly a need for cyberarmy. If we're thinking of shifting  everything on the net by the next decade, how can we do anything without law and order? The current people are not capable of maintaining law and order.
 National Informatics Centre or NIC is a prime branch under the MIT and it  is sad that NIC is not a secure organization as far as cyber world is concerned. That's why most of the govt. websites could be hacked as they, including www.mit.gov.in, are hosted on servers maintained by NIC. Either the sysadms need more education, or they're, as appropritaly mentioned by Naavi,  lethargic. Ignorance may also be one of the reasons. We are >already providing e-security to our clients in our region and would love to support the MIT or other organizations for security consultation or assessment. We're revamping our site at http://www.crosswinds.net/~trappers/index.html We also proposed an "electronic evidence centre" that would be used to keep and eye and take action on the indian cyber world.The govt. funding is needed in my opinion as some hi-tech gadgets cost big bucks. There is a possibility of keeping an eye on the net without even touching the privacy issue distantly. Of course, there is no need to keep an eye on a normal user but those trying to access delicate information systems. One hi-tech building setup anywhere in the country for the purpose can do the task. What we see on television under the so called "fiction" categories, especially related to the net, is a real possiblity and not merely a fiction. We used to watch movies in which people (or ghosts) become invisible (reminds you of "Mr. India" ?) and always thought it's not possible and only a fiction. But the fact today is that US Army and NASA have jointly developed a dress which makes a person invisible. They're still woking on it. The details need to be discussed here but it works on optical devices, upto-sensors and outputs. In easy language, if you place minute cameras and minute screens side by side in thousands, it is possible to process the multi-dimensional  images input by the cameras via a computer and depict the "background image" in the small output screens on the dress, thus giving an illusion. The idea seems to be based on the compound eye of a fly and other insects. What i wanted to stress in the example is that nothing is impossible in this age. Had there been proper e-security checks on bank servers, millions of dollars could not have been transferred to bogus accounts, and Kevin Mitnick, now an ideal in the underground world as well as those processing cyber crime, would not have been free again.

 CyberArmy is a necessary evil in my opinion provided the govt. breaks the orthodox rules pertaining to emploment. There should be competent people and not the current ones promoted or deputed as what currently happens in govt. offices. The criteria in no case should be based on age or educational qualifications as the interaction, in my humble opinion, between a computer and the user is directly through the brain of the user. For me, its the real brain vs. the virtual brain while programming on the computer. So if we observe the current scenario of  govt. websites being hacked, the webmasters and the sysadms are the real ones to be blamed. Although it is and always be a "cat and mouse" scene as far as hackers and webmasters and sysadms. But I feel that hiring hackers to do proactive hacking is also one of the possiblities. If we're trying to copy the western world in the Internet world, we need to copy them completely. "Mudge", a former hacker, is now a security consultant to CNN. And if we're not trying to copy them, we need to set new standards and examples for the whole world to follow. For that, we need to think and then act, rather than act and then think. Thanks for the patient reading.

 Inderjeet S Sodhi
 Info-tech Consultant, E-Security & S/W Solution Provider,
 Web Designer and Beta-Tester
Sept  10, 2000

I wish the Ministry of Defence and the Ministry of External Affairs could see these and take right decisions. 
We all read reports about Indian websites being hacked and defaced in the recent months. Well for those interested in more information and who could have done it, an intercepted conversation for 14 days between a hacker group supposedly at pakistan, is available at http://www.crosswinds.net/~trappers/files During the conversation, they mention several times about Indian websites and servers. This group, however, does not appear to be associated with ISI as mentioned in some of the media reports, as one of the hackers seems to be a 17 year old guy doing it just for fun. 

It is worth noting that one of them disclosed his phone number also in the one of the chat sessions. It is not known whether it is a genuine one or not.

Note: Days 1 thru 6 have been posted yet. Days 7 to 14 shall be posted tommorrow. 

Inderjeet S Sodhi
InfoTech Consultant, E-Security and S/W Solution Provider,
Web Designer & Beta-Tester