Connect with us

Intelligence

India in the Era of Cyber Wars

Published

on

India has a solid and well-deserved reputation as one of the leaders in the global IT industry. This makes it all the more surprising that, until recently, Indian authorities had paid relatively little attention to introducing cyber technologies in the country’s governance system and using them to combat cyber threats posed by hackers acting out of personal, economic, and political motives.

A lackadaisical cyberwar

There are several reasons for this. The main factor is that India’s leadership has underestimated the scale of confrontation in cyberspace, believing that other great powers limit themselves to negligible operations that aim to collect information at best.

Serious difficulties have emerged due to the specific features of Indian governance as such; it is characterized by an extreme abundance of red tape and inertia in areas that are not considered a priority. While India’s bureaucracy exhibits its best qualities in priority areas such as ensuring the rapid concentration of resources, personnel mobilization and motivation, minimizing expenses, and a high level of oversight, thus making it possible to achieve outstanding successes with minimal expenses (India’s space program is a prime example), areas believed to be of secondary importance are plagued by chronic problems.

Until recently, cybersecurity was not one of the Indian government’s top priorities, and consequently, the relevant departments in state agencies were, as a rule, staffed residually. Since work in this area was not considered important or prestigious, employees working in IT security were paid relatively little and their in-house status was lower than those of employees working in other departments. As a result, these positions were filled with underqualified and poorly motivated people. A positive discrimination system intended to advance members of lower castes had an adverse effect in this regard; underqualified employees hired to fill the quotas were placed with cybersecurity departments.

Consequently, many agencies outsourced their cybersecurity while hiring specialized organizations to handle those matters. Since India does not have enough specialized organizations, foreign organizations were brought in, in particular, American ones, which, for obvious reasons, was not conducive to strengthening cyber protection. Since Pakistan and China were traditionally considered to be India’s principal adversaries on the cyber front, this state of affairs was considered acceptable.

The American challenge

India’s first serious attempt to respond to challenges in cybersecurity date back to 2012. At the Munich Security Conference, Indian specialists stated they were working on creating their own microprocessors and planning to cut imports of military software, instead of channeling money into domestic R&D (the share of imported military software in India is currently about 70%). Additionally, in the same year, a proposal was made to create a command and control center to monitor critical infrastructure and eliminate breaches in cybersecurity.

The next year, the situation began to change significantly. The necessary impetus came from actions of the U.S., which had previously stated on multiple occasions that it wanted to cooperate with India in cybersecurity. After 2013, when Edward Snowden publicized documents demonstrating that U.S. secret services were surveilling foreign citizens around the world, politicians in New Delhi were amazed to find out that U.S. secret services had been waging cyber warfare not only against their country’s probable adversaries, but also against countries they believed to be allies or at least friendly powers, and that included India: the NSA conducted cyber ops against India to learn more about its principal strategic and commercial interests. This revelation generated public outrage, and India hastily adopted its National Cyber Security Policy, which was developed by the Department of Electronics and Information Technology. The policy provided a clear definition of cyberspace and formulated the ultimate objective: protecting the personal information of India’s citizens as well as financial and bank information and data that are of critical significance for state governance and security against theft and cyberattacks. It required the creation of a reliable cyber ecosystem in the country and reliable work among IT systems that were being introduced on a large scale in all economic sectors; this, in turn, required creating a consistent mechanism to assess threats and risks in cybersecurity and ensuring an appropriate response. To meet the demand for the necessary personnel, plans were made to train 500,000 professionals within the next 5 years.

However, this did not happen. This is partly attributable to the fact that a year later, the Indian National Congress lost the elections, Manmohan Singh’s government resigned, and Narendra Modi’s new government focused on handling internal economic objectives. It was also partly due to the fact that there were no mechanisms to implement the program and it was clearly not feasible in such a short period.

To date, the situation has not changed. The networks of both public and private organizations are extremely vulnerable, there are no DLP systems in place, and users and administrators themselves often turn off firewall and antivirus software. It is common for IT department employees to be absent from their work stations with doors to their rooms left open. It is quite a telling fact that only 8% of Indian IT managers consider their employees to be sufficiently competent to combat threats in cybersecurity. Overall, Indian IT specialists in relevant departments spend about one-third of their work time combating cyber threats; the results, however, are still quite modest due to insufficient funding as well as a lack of qualified personnel and cutting-edge technologies. About 81% of Indian IT department heads believe that the funds their organizations allocate to combat cyber threats are not sufficient.

The situation is somewhat more optimistic in cyber offensives. Nearly all Indian secret services, including foreign intelligence and domestic security agencies, the Ministry of Home Affairs, the executive office of the National Security Advisor, and the military intelligence have departments that engage in cyber ops. Their effectiveness is hard to assess; it is known, however, that they face the same problems in ensuring cybersecurity as do other governmental agencies. Moreover, high-ranking Indian officials in general mistrust new computer technologies, including work on artificial intelligence. In May 2018, Chair of the Defence Research and Development Organisation (DRDO) S. Christopher said that particular caution should be taken when developing AI technologies since “the cure may be worse than the disease.”

The Indian defense

In July 2018, it was announced that a military agency on cybersecurity was being formed; the agency will be working in close cooperation with the executive office of the National Security Advisor (a position that was established in 2015). Plans for the agency call for over providing some 1,000 experts who will ensure the cybersecurity of the military, the navy and the air force as well as conducting offensive operations in cyberspace. In the future, this agency should be transformed into a full-fledged cyber command.

The newly-created body was called the Defence Cyber Agency (DCA). Rear Admiral Mohit Gupta was appointed as its commander. At present, its head and his executive office are working on developing a cyber ops doctrine. Thus far, it is hard to say how effective the DCA will be, given the traditional autonomy of the navy, the air force, and the military, which are reluctant to share operational information with each other and the difficulties of developing their own software. A previous attempt to introduce a specialized operating system called Bharat Operating System Solutions (BOSS), which was developed by the Centre for Development of Advanced Computing, ended in failure and the Indian military was forced to go back to using Windows OS.

Given the absence of the requisite products created by governmental organizations, the Indian authorities will have to turn to private firms. Back in 2018, the Central Reserve Police Force (CRPF) and the Border Security Force (BSF) signed a contract with Innefu, a start-up headquartered in New Delhi. This company’s products had previously passed a test of sorts: the company was given about 1,500 documents, including social media profiles of protesters and posts about planned actions. Based on this data, Innefu managed to trace connections between protesters, determine the nature of their interaction, and predict possible actions very soon.

Innefu now offers a complete set of ready-to-use solutions called Prophecy. It includes several tools that monitor social media, which provide big data analytics, facial recognition, and object identification, and detect faces and objects in real-time.

Thus, Indian IT specialists have created a product that may be used to process massive amounts of information for the purposes of intelligence and counter-intelligence. It has already been tested: according to the Indian media, police used it to successfully prevent several protests by analyzing the social media activity of certain individuals and to find roughly 3,000 children missing in New Delhi. There are plans to complete the development of a new cybersecurity strategy by 2020; it is intended to ensure the protection of important data given the introduction of 5G technology which, according to Lt. Gen. Rajesh Pant, the National Cyber Security Coordinator on the National Security Council, will radically change the state of affairs in this regard.

A war on three fronts

Now India’s leadership has acknowledged possible threats and is developing the necessary response means that take into account the realities of cyber warfare that is being conducted without regard for existing borders and for pacts and treaties regulating military action; cyber warfare also allows states to conceal their complicity in a cyberattack against another state. The Indian authorities are paying more and more attention to conducting defensive and offensive operations in cyberspace while striving to reduce the country’s dependence on tools developed aboard and giving preference to forward-looking India-made products.

At present, Pakistan, China, and the U.S. are India’s key adversaries in cyberspace. Pakistan’s capabilities for waging cyberwar are fairly limited: as a rule, Pakistani secret services either hack the websites of Indian agencies and companies connected with the government (such operations cause relatively little damage), or they pose on the Internet as young girls wishing to meet young officers in order to recruit current employees of Indian law enforcement, military, and secret services.

China is conducting large cyber operations against India which have reached such a scale that some analysts characterize them as a full-fledged cyberwar. This war takes on various forms: from hacking Indian networks to providing various rebel groups with hosting services on China’s servers; nonetheless, the large-scale cyber ops have not prevented Beijing and New Delhi from strengthening their political and military relations.

Relations with the U.S. are complex. On the one hand, Washington publicly calls India its key partner in the Indian Ocean region; on the other hand, U.S. secret services continue to conduct cyber ops that threaten India’s national security.

Russia is one of the few great powers that has interests in the region and does not attack India in cyberspace. This is due primarily to the fact that there is no conflict between the two countries as well as Russia’s general interest in establishing cooperation with Eurasian states to form a common trade space. Thus, Russia currently has a favorable opportunity to bolster its interaction with India in this regard and conclude a cyberspace non-aggression pact and, in the future, coordinate efforts with New Delhi to this end.

From our partner RIAC

PhD in History, Research fellow, The Institute of World Economy and International Relations (IMEMO) of the Russian Academy of Sciences, RIAC Expert

Intelligence

Hacking of the Newswires connected with Trading: A refresher for the business community

Bob Budahl

Published

on

This case I am touching on is regarding Leonid Momotok in which he and other traders used insider trading information from not yet released press releases to amass windfalls in illegal trading. He pleaded guilty to conspiracy to commit wire fraud in his role to hack into three business newswires and obtain through theft the information related to finance that enabled illegal trading advantages. Their trades resulted in at least $30million in illegal profits. He pleaded guilty and faced up to 20 years in prison, restitution, a fine and criminal forfeiture.

The crux of the enabling operation to obtain an illegal advantage was gained through computer hackers in Ukraine who gained intrusion into Marketwired L.P, PR Newswire Association LLC (PRN) and Business Wire (Newswire Companies).Marketwired is owned by NASDAQ Inc., Business Wire is part of the billionaire Warren Buffet’s Berkshire Hathaway and PR Newswire is a Cision unit. The hackers used cyber-attack methods to obtain entry into the Newswire Companies’ networks. Once in, they stole upcoming press announcements about earnings, gross margins, confidential and material financial information and revenue information. They even sent messages regarding their activities. They went on to state they had gained access to the log-on to 15 wire business employees. While the traders made lists of what information they wanted, the hackers provided instructions on how to access and use the overseas server networks. And by having insider information before the public release the traders capitalized by placing trades prior to release date of the press releases. Caterpillar, Hewlett Packard, Panera Bread, Home Depot and others were some of those affected regarding nonpublic information. The hackers received a percentage of the profits and received it through shell corporations.       

The Dubovoy Group defendants tried to avoid detection by spreading their trading to more than 10 brokers firms in various names, etc. They helped each other with the activities as much as able. They stole over 100,000 unpublished press releases. Leonid Momotok owned 1% interest in two of Arkadiy Dubovoy’s companies.“He advised Arkadiy Dubovoy how to trade using the stolen information, and he had formal trading authority for brokerage accounts used in the scheme but held in the name of other members of the Dubovoy Group, …p 12.’

Involvement in the apprehension and prosecution of the perpetrators included many government agencies. The President’s Financial Fraud Enforcement Task Force had a leading hand in the pursuit and prosecution.

Continue Reading

Intelligence

9-11 Terrorist Attack: Defensive countermeasures of deter and detect

Bob Budahl

Published

on

On September 11, 2001 at 8:46 a.m. an airliner slammed into the North Tower of the World Trade Center in New York City. At 9:03 a.m. a 2nd airliner slammed into the South Tower. The planes carried thousands of gallons of jet-fuel aboard in effect making them lethal weapons. Tens of thousands of people worked in these buildings daily and both buildings fell to the ground within 90 minutes. More than 2,600 people died in the World Trade Center tower attacks. Then at 9:37 a.m. a 3rd airliner rammed into the western side of the Pentagon. 125 people died in the Pentagon attack. And a 4thairliner was intended for attack in either the U.S. Capitol or White House but the heroics of passengers crashed the plane, hence thwarting the attack. A total of 256 people died in the four planes. The death toll even surpassed the Pearl Harbor attacks of 1941.

Those responsible for the horrific attack were 19 Arabs carrying out Islamist extremists plans. Their headquarters were located in Afghanistan. They were resourceful and some had lived in the United States for some time and four of them had trained to be pilots. They were not well educated. They carried out the terrible attacks with knives, cutters, mace, etc. And they had tried to bring down the World Trade Center in 1993 but failed however in the result killed six people and wounded a thousand. It was an effort led by Ramzi Yousef. Others including Omar Abdel Rahman who had plans to blow up the Lincoln and Holland tunnels and other New York City landmarks, but they were arrested. Ramzi Yousef and others had various other terror plans of which some succeeded and some fortunately did not.

Bin Ladin was known and thought to be a financier but not thought of as a terrorist leader until later. In 1998 Bin Ladin and four others issued a fatwa in which it was publicly declaring it was God’s order that Muslims should try to kill any American they could. Bin Ladin was a wealthy Saudi and had conducted jihadist activities against the Soviet Union. But he also held grievances against the United States such as a U.S. troop presence in Saudi Arabia. He recruited and trained followers in Afghanistan and continued carrying out acts of terror, including on the United States. His people attacked embassies, hotels, and even attempted to sink the USS Cole Navy Ship by a terrorist attack. His rhetoric is derived from Islam, history and the economic and political disorder in the area. He formed an alliance between the al Qaeda group he led and the Taliban. The Clinton administration had tried cruise missile strikes against al Qaeda in Afghanistan and tried to get the Taliban to force Bin Ladin to leave Afghanistan. The U.S. unsuccessfully utilized CIA paid foreign agents to try to capture or kill Bin Ladin and his group.

As early as 1998 or 1999 Bin Ladin had been contacted by Khalid Sheikh Mohammed with an idea of using the planes as a method of attacking the World Trade Center and other targets. The original plans were for 10 planes to target both east and west coasts of the United States. The CIA did uncover some reports of Bin Ladin’s intent on attacks. The U.S. continued its disruption attempts globally and also utilized diplomacy with countries. The “predator drone” was eventually fitted with a missile should an attack on Bin Ladin provide an opportunity. Some of the reasons and connections to the actions of the perpetrators of the planned 9-11 terrorist attack became apparent after the attack. Unrest had come to the surface in the time before the attack as the Taliban leader opposed attacking the United States, in contrast to Bin Ladin’s wishes.

On 9/11 the terrorists were successful in hijacking the four planes. The planes were being used as terrorist weapons and confusion was present with air control. But eventually the FAA and NORAD who controlled airspace did receive a “shoot down order” but it was after the plane in Pennsylvania had been forced down by passengers in the only way to stop the plane from being used as a weapon.      

The enactment of the United States “Patriot Act” removed barriers that had impeded terrorism investigations in their outlay, scope and means. And in effect sped up the investigation and prosecution of the defendants. The FBI was point on the investigation that followed the attack and the operation was named Operation PENTTBOM. At one time more than half of the FBI’s personnel worked on the case. They followed through on more than one-half million leads. It was the largest crime scene in the FBI’s history.  Also in the time period following the 9/11 attack the Department of Homeland Security was created in March 2003, which brought together 22 separate agencies and offices into a Cabinet level department. The 9/11 Commission had made several recommendations and in this report some details are brought forward. These would be included under the defensive counterintelligence support mode of operation and include the principles of deter and detect within the countermeasures. It included recognizing 72 fusion centers throughout the country which acts as a focal point for receipt, analysis and sharing of threat related information. Also establishing related training and informational programs to deal with threats. One such example is the National Terrorism Advisory System. And the DHS developed and implemented a risk-based transportation security strategy. An action taken such as strengthening airline passenger’s pre-screening and targeting terrorist travel will deter terrorists as they become aware of increased security measures and thwart terrorists from attempting to board airlines for terrorist activities. The airliner’s cabin cockpit doors have been hardened post-911 and Air Marshalls are used appropriately as well as some flight crew being eligible to carry firearms. The TSA behavior detection officers use non-intrusive behavior observation to identify people who may be high risk. The TSA also utilizes detection methods such as canine teams to sniff for explosives on passengers and in luggage. Post 9/11 all cargo on U.S. planes is screened commensurate with their checked luggage. The flights coming into the U.S. from foreign countries are required to provide information prior to departure and checks all passengers against watch lists the government utilizes such as the Secure Flight Program. It also increases efficiency by allowing those cross-checked with biometrics to have expedited travel.

Today a significant defensive countermeasure post-911 is that airlines now screen all checked and carry-on baggage for explosives. The U.S. has increased security of U.S. borders and identification documents. Certain areas are closely watched and critical security improvements along the Northern and maritime are emplaced. The Dept. Of Homeland Security has taken aggressive action to enhance the security of the nation’s infrastructure and also cyber infrastructure and networks. There in a federal government system cyber intrusion detection system which includes EINSTEIN and the National Cybersecurity and communications integration center is the nation’s hub for organizing cyber response efforts. DHS and DOD are working together to protect against threats to military and civilian computer systems and networks. This is another example of defensive countermeasures. DNDO is affiliated with nuclear detection and back in 2003 only 68% of arriving trucks and passenger vehicles were scanned along the northern border with no system on the southwest border. But today the systems scan 100% of all containerized cargo and personal vehicles arriving in the U.S. through land port of entries and up to 99% of sea containers. Counter-proliferation of nuclear and biological threats is a high priority of the DHS. The tragic occurrence of 9-11 has brought about real focus on the danger of leaving vulnerabilities open to exploitation. The DHS also has importantly increased efforts to track and disrupt terrorist financing through programs such as ECTF or Electronic Crimes Task Force.

Another action taken post-9/11 was the creation of the National Counterterrorism Center or NCTC which was to serve 5 functions which were; Threat Analysis, Identity Management, Information sharing, Strategic Operational Planning and National Intelligence Management.

The U.S. Department of Justice charged ZACARIAS MOUSSAOUI with numerous terrorism charges and indicates others involved in the terrorist acts. The United States Department of Defense obtained a video tape of Bin Ladin basically accepting responsibility of the 9-11 attacks and the DOD has a transcript of the video and a portion I will quote is as follows. UBL refers to Osama Bin Ladin: “UBL: The brothers, who conducted the operation, all they knew was that they have a martyrdom operation and we asked each of them to go to America but they didn’t know anything about the operation, not even one letter.  But they were trained and we did not reveal the operation to them until they are there and just before they boarded the planes.UBL: (…inaudible…) then he said: Those who were trained to fly didn’t know the others.”

Bin Ladin, America’s most wanted terrorist was killed by United States Special Forces in a compound in Pakistan on May 2, 2011. The CIA had been involved in investigating Bin Ladin for years.      

Continue Reading

Intelligence

Counterintelligence Threat Brief for Turkey

Bob Budahl

Published

on

I will provide a Counterintelligence threat brief on traditional and non-traditional Counterintelligence threats to non-security cleared individuals who are traveling to Turkey as business travelers or for personal reasons. MIT, the official Turkey intelligence agency is active. And non-traditional threats also exist as Turkey includes diverse elements of persons from different Muslim nations. Some of which include terrorist groups with their main base of operation located in a different country but also operating within Turkey. As seen in EurAsia Review, conflicts that were usually based on national interests today are based typically on non-national interests such as ethnicity, religion and culture. Asymmetric warfare rather than having a clear issue now has several. And a weaker enemy will use it strengths against a superior adversaries weaknesses.

Using OSINT (Open Source Intelligence) to conduct my research I uncovered motive for Turkey seeking intelligence from the United States. Turkey is a NATO ally and an American ally. However, that is the crux of their relationship. It has never encompassed social and economic theology. They are predominately a Muslim country and have disagreements about many aspects of wars and conflicts that the US had interests in such as Iraq and Syria. Turkey targets Kurd fighters in Syria while we support them. And they opposed the action President Trump put in place of recognizing Jerusalem as Israel’s Capitol. There is a great amount of suspicion and mistrust regarding the failed coup of President Erdoğan. And Fethullah Gülen, the suspected leader of the attempted coup resides in the United States and refuses to extradite him. They believe Gulen is responsible for the assassination of Russian ambassador Andrey Karlov. They have typically bought US military products and technology but have made a deal with Russia to purchase an advanced missile defense system. Andrew Brunson who is an American Pastor is being held and faces spying charges and thus far efforts to release him are unsuccessful. They are suspicious of everyone. They will not hesitate to leverage information acquired through their intelligence services from the United States or any source. Turkey has long been thought of as torn between the East and West. In Turkey if you access the internet via a local ISP they can install spyware on your computer that can control it. Charter Schools are being targeted by Turkey since Gulen was instrumental in them and that tie is enough for Erdogan to lash out. MIT-Turkey’s intelligence agency places agents in journalist positions as cover which often leads to someone divulging information that is considered private.

If Turkey has decided to spy on you it probably originates from passport screening. Some things that a US visitor should be aware of are to self-assess if you could be thought of as a terrorist, narcotics trafficker or criminal. Black market activity. Do not be caught with suspicious or incriminating luggage. Do not identify known associations that Turkey may find incriminating. They may utilize any of these ways to recruit you as an asset of theirs. Usually direct and indirect activities used in conducting their intelligence operations are non-threatening and unobtrusive. Beware of local laws and customs as one example is in Turkey derogatory comments regarding government and its leaders are prohibited. It may be illegal to use insulting language.

Information Turkey may covet and target from a target such as a defense contractor non-intelligence employee may include customer data, employee data, vendor information, pricing strategies, propriety information, technical plans, corporate strategies, financials, computer access protocols, acquisition strategies, investment date, business directories of phone and emails. They may be subtle and use elicitation to gain information slowly and by gaining your trust. Be alert for tips. Throw them off their own game by asking why they ask. Refer them to public sources if specifically targeted questions are posed. Or say you cannot discuss it or just do not know. Examples of things I would consider for combating their intelligence collection efforts are to use rental electronic devices. Disable the Wi-Fi. And on the flight travel with the device as carry-on luggage. Do not use foreign storage devices in your devices. Do not leave documents and information in your hotel room. Do not use the hotel safe. Select your own cab.

But sometimes harassment incidents are utilized and obviously are meant to intimidate or test a US citizen’s reactions. If harassment is selected to be used on a prospective recruit it can be used in a variety of means.

Continue Reading

Latest

Africa1 hour ago

Addressing Economic Challenges in Africa Through Deep Investments

The African continent comprises a diverse collection of countries, each with its own set of challenges. The governance of individual...

Green Planet4 hours ago

The Threat to Life from Ocean Microplastics

Authors: Meena Miriam Yust and Arshad Khan When Chelsea Rochman at the University of Toronto and colleagues began their study on medakas...

Health & Wellness6 hours ago

5 tips to make the most out of your workout routine

Whether you’re hitting the gym to get healthy, tone up or improve your overall well-being, there’s no denying that seeing...

Travel & Leisure10 hours ago

Trips that transform: How airline miles can transform a child’s life

Maksim was just a few months shy of 2 years old when his parents rushed him to the emergency room...

Economy13 hours ago

Scaling up support for sustainable development: Mongolia on the rise

Mongolia’s economic rebound in recent years reveals a country rising up to the challenges borne from adverse economic shocks. The...

Intelligence15 hours ago

Hacking of the Newswires connected with Trading: A refresher for the business community

This case I am touching on is regarding Leonid Momotok in which he and other traders used insider trading information...

Newsdesk17 hours ago

UNIDO and Kenya to increase cooperation for inclusive and sustainable industrial development

LI Yong, the Director General of the United Nations Industrial Development Organization (UNIDO), arrived for a two day official visit...

Trending

Copyright © 2019 Modern Diplomacy