On September 23, 2014, Naavi.org had written
China has always been an unreliable nation and cannot be trusted for business relations. China is the leader in Cyber Warfare and using their technologies for our bullet trains and smart cities is an open invitation to disaster if and when there is a cyber war between India and China.
It is good for Mr Modi to keep China at arms length in the field of technology and ensure that India tries to develop its capabilities in the technology era with the assistance of Japan and USA.
Indian companies doing business with China should also be careful not to transfer any critical technology to China in the long term interest of our country
This was not the first time, Naavi.org had highlighted the China risk. The fact that China was working on Quantum Supremacy and developing it’s own encryption system, the risk of buying Chinese mobiles, POS machines and computers which may have Manchurian Chips installed or malware installed, the risk of hiring Chinese employees, the risk of transfering IT knowledge to China, Possible use of Bitcoins by China to destabilize Indian economy, have all been highlighted at different points of time.
At the same time Naavi had also brought to the notice of Cert In some time in May 2017 that there was a suspicion that an incident report sent to the email address email@example.com appeared to have been opened in China and the same had been investigated and cleared by CERT- In.
It is therefore no surprise that when the border tensions with China are mounting, there could be a Cyber Attack on India. The CERT-In has issued an advisory indicating that there could be a large scale phishing attack and even an e-mail address such as “firstname.lastname@example.org” could be used in the phishing. This indicated that CERT In had actually identified that an e-mail account by this name could have been created in the Government domain and the same could be linked to China.
It is therefore reasonable to presume that there is a prima facie evidence of an “Attempt to initiate a Cyber Attack” which can be considered as “Cyber Terrorism” under Section 66F of ITA 2000.
If so, the response of CERT-In to issue an advisory of the type they have issued is only the minimum requirement but is grossly insufficient.
CERT In can perhaps warn China that India reserves its right to come out with its evidence and launch a case against China for Cyber Terrorism in an international court.
At the same time, Government should start putting some check on Chinese mobile and laptop sales in India so that the risks of implanted backdoor is curtailed. It was reported that the sale of One Plus 8 mobiles was quickly over booked showing the demand for China products.
Each of these devices could be planted spyware in India and we need to check them before allowing their import. Just as China insisted that Microsoft had to deposit their Windows Code before selling windows computers in China, we have to insist that the codes in OS in Chinese mobiles must be deposited with the Government before allowing import of any mobiles from China.
It is only such strong moves that will have any security impact on China and the advisory on Phishing is a grossly insufficient response.