Aug 20 Washington Post carried a story by its Beijing correspondent Simon Denyer saying Indian government and its myriad agencies have been under attack for four years, have had sensitive information extracted from its data banks, and are vulnerable in the future because of secret electronic pathways being emplaced by the Chinese hacker permitting it future easy access. The Chinese are targeting other South and Southeast Asian states, and the Tibetan activist circles wherever they may reside.
More damningly, the WP report said the Indian government knew nothing about this high-value cyber operation until, it is implied, the information about the successful phising attacks was conveyed to it by an American cybersecurity company, Fireye, via the Obama Administration. So, what’s new?
If you look up my past writings on this blog, I have commented on how the National Technology Research Organization tasked with installing and operating cyberdefences and prosecuting offensive operations has become another heavily bureaucratised govt agency with minimal competence in cyber matters, and which has been used by its managers to siphon off funds by, for instance, hiring young talent on freelance basis, paying them little, but showing inflated bills and outgo’s on this account, with the balance being pocketed by the NTRO officials. A neat scamming channel, what?!
This mind you is the state of affairs in a country that’s supposedly rich in precisely the sort of hacking talent the cyberworld values highly. The trouble is no one really bright wants to join the govt payrolls because of low remuneration, low satisfaction — which is true across the board, including the civil services. So the nerdy dregs join NTRO and once in, do little except fall into the organization’s bad ways. And the bright ones who join initially for the challenge, leave soon enough.
Apparently, the Modi govt has recognized that the problem is beyond its capability to resolve. Whence as Denyer reports it has agreed on a joint Indo-US cooperation to thwart what’s called “cyber crime”. Considering, official India will bring very little to the table, this is a means to virtually outsource cybersecurity to the US/US Companies. This makes India doubly vulnerable in that the Chinese attacks won’t cease but the Indian system will be opened up to US companies ostensibly to help them defend the Indian official networks, an opportunity that will be used to implant remotely-controlled cyber-bugs that will send out sensitive information but now in the other direction!
Meanwhile, GOI and NTRO are content with small “victories” in our little backyard sandlot, whooping it up because Indian hackers penetrated/downed Pakistani websites and info networks!!!