Like most of the other things we see around, this one is also exclusively
made in China. We are not talking about any fake Nokia product. This is about a
vast electronic spy operation that has infiltrated and stolen documents from
computers in 103 countries. The 1,295 infected computers include those of the
Indian Embassy in Washington and the Tibetan spiritual leader, the Dalai Lama.
Some researches based in Canada have found that the spy operation is being
controlled by devices based in China. However, any mention of the involvement of
the Chinese government has been carefully avoided. The researchers were acting
on a request made by the Dalai Lamas office to check whether the computers of
the Tibetan network in exile were being monitored or hacked. The report called
Tracking GhostNet: Investigating a Cyber Espionage Network, was released after
a 10-month investigation by the Information Warfare Monitor (IWM), which
comprises researchers from Ottawa-based consultancy SecDev Group, and the Munk
Center for International Studies, University of Toronto.
The researchers found that the ministries of foreign affairs of Iran,
Bangladesh, Latvia, Indonesia, Philippines, Brunei, Barbados, and Bhutan appear
to have been targeted. Hacked systems were also discovered in the embassies of
India, South Korea, Indonesia, Romania, Cyprus, Malta, Thailand, Taiwan,
Portugal, Germany, and Pakistan. Analysts say the attacks are in effect
industrial espionage, with hackers showing an interest in the activities of
lawmakers and major companies.
And whats more, the operation is still going stronger, and continues to
invade and monitor more than a dozen new computers every week.
They have done it again, Dalai Lama pointing towards China |
Matter of Concern
Although the intention of the hackers and the involvement of the Chinese
government shall surface only with time, there are a few questions which stare
in the face of the whole world right now. Lets face it, the systems that have
been penetrated with such ease and are being monitored for over two years now
are not just systems of some ordinary citizens. These are the machines of the
most high profile government officials and one of the worlds greatest spiritual
leader.
The incident raises some grave pointers as far as the information movement
and security scenario is concerned. So what is it? Is it an extremely serious
lapse of security? Or are the security standards being outdone at an
unprecedented rate? Or is it just because the Chinese have been hit hard by the
global meltdown and as a consequence are passing their time infiltrating enemy
devices, since they have nothing better to do? The reasons can be one or all,
and even beyond these.
IT Security
But in the end it all boils down to IT security. We always knew that it
wasnt and perhaps cannot be foolproof, but this incident has thrown up some
glaring lapses. Says Rana Gupta, director, India and SAARC, SafeNet India,
36This incident underlines the importance to understand IT security in its own
right and not take it as an afterthought. It requires IT education to make IT
security an integral part at all levels (whether a 101 course on Computer
Usage)More than being a technological issue it is an awareness and discipline
issue. But if incidents like these are happening at large, then we really need
to locate this elusive IT discipline and put it where it really belongs.
Amuleek Bijral, country manager, RSA (the security division of EMC) agrees
that it is a serious lapse but refrains from commenting further since he thinks
that the depth of the event is yet to be ascertained. Technology is one element
but at the end of the day it is the management that has to be effective, he
says. He also points at the security-related regulations in the state offices
and defends technology by saying, Until you dont get your management and
governance right, there is little that technology can do for you.
That we all know is rightly said. Whatever be the cause of such an operation,
there is no denying the fact that there are lapsesbig ones at that. The sooner
we start the rectification process, the faster shall this ghost retreat. After
all, this Ghost is for real.
Mehak Chawla
mehakc@cybermedia.co.in