4
Information Technology and Communications Security in India*

N. Balakrishnan


The foundation of the information and communication technology (ICT) revolution was laid in the seventeenth century when Gottfried von Leibniz invented the Step-Reckoner in 1671.19 The Step-Reckoner is a device that can add, subtract, divide, multiply, and evaluate square roots. His invention provided invaluable support for the binary system and marked the beginning of desktop computers. Leibniz asserted that excellent men should not lose hours like slaves in the labor of calculations, which could safely be relegated to anyone else, if machines were used. This premise is relevant to the entire populace, and can be applied to scientists or terrorists.

The information security perspective differs from country to country. Developed countries are concerned with managing and operating nuclear power plants, dams, power grids, air traffic control systems (ATC), financial institutions, and disaster recovery. For developed and developing countries, information technology (IT) is both a weapon and a target.

Capital spending on IT is predicted to increase. IT will soon become a very significant component of the economy. Most countries are predicting that more than half of the economy will be directly driven or indirectly controlled by IT. Economists have found that the percentage of Gross Domestic Product (GDP) spent on ICT can be used to distinguish between developed, transitioning, and underdeveloped countries. The economies of countries that are gradually moving toward becoming developed or moving toward the transition stage will critically depend on IT.

The Internet is not pivotal nor is its functioning critical to Indian society as yet. Nonetheless, information technology is vital to the country’s economic security.

19

The author would like to thank Professor Roddam Narasimha for helping to shape this paper, and gratefully acknowledges the work of his students Meera Sarma and Madhavi Ganapathiraju.

*

Editor’s note: Since this paper was originally presented in January 2004, many changes have occurred in the fields of information technology and communications security in India. This paper was based on information available to the author at the time.



The National Academies | 500 Fifth St. N.W. | Washington, D.C. 20001
Copyright © National Academy of Sciences. All rights reserved.
Terms of Use and Privacy Statement



Below are the first 10 and last 10 pages of uncorrected machine-read text (when available) of this chapter, followed by the top 30 algorithmically extracted key phrases from the chapter as a whole.
Intended to provide our own search engines and external engines with highly rich, chapter-representative searchable text on the opening pages of each chapter. Because it is UNCORRECTED material, please consider the following text as a useful but insufficient proxy for the authoritative book pages.

Do not use for reproduction, copying, pasting, or reading; exclusively for search engines.

OCR for page 31
Science and Technology to Counter Terrorism: Proceedings of an Indo-U.S. Workshop 4 Information Technology and Communications Security in India* N. Balakrishnan The foundation of the information and communication technology (ICT) revolution was laid in the seventeenth century when Gottfried von Leibniz invented the Step-Reckoner in 1671.19 The Step-Reckoner is a device that can add, subtract, divide, multiply, and evaluate square roots. His invention provided invaluable support for the binary system and marked the beginning of desktop computers. Leibniz asserted that excellent men should not lose hours like slaves in the labor of calculations, which could safely be relegated to anyone else, if machines were used. This premise is relevant to the entire populace, and can be applied to scientists or terrorists. The information security perspective differs from country to country. Developed countries are concerned with managing and operating nuclear power plants, dams, power grids, air traffic control systems (ATC), financial institutions, and disaster recovery. For developed and developing countries, information technology (IT) is both a weapon and a target. Capital spending on IT is predicted to increase. IT will soon become a very significant component of the economy. Most countries are predicting that more than half of the economy will be directly driven or indirectly controlled by IT. Economists have found that the percentage of Gross Domestic Product (GDP) spent on ICT can be used to distinguish between developed, transitioning, and underdeveloped countries. The economies of countries that are gradually moving toward becoming developed or moving toward the transition stage will critically depend on IT. The Internet is not pivotal nor is its functioning critical to Indian society as yet. Nonetheless, information technology is vital to the country’s economic security. 19 The author would like to thank Professor Roddam Narasimha for helping to shape this paper, and gratefully acknowledges the work of his students Meera Sarma and Madhavi Ganapathiraju. * Editor’s note: Since this paper was originally presented in January 2004, many changes have occurred in the fields of information technology and communications security in India. This paper was based on information available to the author at the time.

OCR for page 31
Science and Technology to Counter Terrorism: Proceedings of an Indo-U.S. Workshop Software exports have grown in recent years, and ICT has markedly increased as a percentage of GDP. Thus, IT is crucial to our economic security. ICT forms a growing percentage of GDP of developed economies, a slightly lower percentage of GDP in emerging economies such as India, China, and Korea, and only a negligible portion of GDP in less-developed nations. With the trend seen in the growth of ICT in India as a percentage of GDP, it is likely to match the rate of developed nations. It is only natural to believe that the Indian economy will become more and more dominated by ICT growth. The effectiveness of ICT in Indian society is quite visible, and we see that economic thieves are increasingly relying on computers and computer databases. In this regard, disk forensics20 and the laws controlling them are an issue. People who misappropriate funds and launder money maintain all their accounts on computers. Technology is increasingly utilized to trap politicians and political and business opponents. People involved in illegal activities such as betting, economic crimes, and terrorism make use of cellular phones and other technological advancements. Unlike what is witnessed in developed countries, attacks on national networks and the national infrastructure in India are more likely to be politically motivated than motivated by economic gain. Observation of Internet traffic and intrusion attempts by hackers over a period of time suggests that script kiddies21 are hacking into some of our networks in order to use the bandwidth to launch attacks on others. Script kiddies are also active participants in chat relays, the cauldron for the formation of hacker groups. The expression of anti-Indian sentiments over the Internet is a spillover of this. This is also made easier by the poor maintenance of some Indian Web sites. In an effort to improve awareness in the country, the first Indian Computer Emergency Response Team (CERT-In) was launched recently. However, we are still faced with the absence of any serious intrusion detection sensors and few or no intrusion prevention methods and policies in India. With the lack of rules and regulations regarding spam, India could have the largest number of spam mails and the most virus-prone computers in the world. This signifies a need for a national agenda to assist the creation of antispamming laws and best practices for Web sites. If such preventive measures were put into practice, most of our security issues would be solved. Another important aspect is the advancement of technology and the potential for misuse of that technology. Countries such as India and China could use this as a vehicle for their economic development. Processor technology has already become a nanotechnology. Soon we will witness the convergence of silicon technology with nanotechnology and biotechnology, which will be far more disruptive than ICT. It is also predicted that ICT, biotechnologies, and nanotechnologies together could be more perilous than ICT alone. In the future, IT will be one of several critical factors for the economic security of countries like India. Storage technology has also demonstrated some remarkable changes. On small form-factor disks, it is possible to store 250 gigabytes (GBytes) today. In 10 years the number of gigabytes on a disc has grown 1,000-fold. There has been an equally 20 Disk forensics is the science of extracting forensic information from hard disk images. 21 Script kiddies are relatively unsophisticated computer hackers that look for vulnerabilities in programs through the Internet without understanding those vulnerabilities uncovered by others.

OCR for page 31
Science and Technology to Counter Terrorism: Proceedings of an Indo-U.S. Workshop astonishing growth in bandwidth. Seen collectively, the richness and the reach of information are exploding exponentially. The paradigm shift in Internet traffic is another noteworthy aspect. Until very recently, much of the traffic on the Internet was voice traffic, now data or Internet protocol (IP) traffic has caught up with voice or analog traffic. Currently, the construction of data infrastructure is outpacing voice three to one. With the advent of voice-over-Internet-protocol (VOIP), countries like India will not be far behind. This is a central issue that may create serious problems in the arena of information security in the future. The major challenge in the area of communication technology is the conflict between connection-oriented and connection-less circuits. Another concern is the seamless integration of broadcast, unicast, and multicast in the midst of growing security concerns. One of the dominant questions about the future of communications is whether there will be wireless and optics alone, or something else beyond fiber technology. It is most likely that very soon mobile phones will exceed the number of fixed phones. Additionally, they will offer specialized services (that is, calendar, address book, e-mail, and Internet access). The mushrooming growth of mobile phone-like access devices that enable mobility will present a key hurdle in monitoring cyberspace. These devices are small, and determining the location of users may be difficult. The extent of miniaturization is so substantial that in a few years cellular phones will be wearable and will functionally replace many smart devices. The convergences of multiple devices into single devices will, unfortunately, have dire consequences in the sphere of information security. Digital convergence has led to the creation of smart devices. Behind such digital convergence is the drive toward material convergence and natural interfaces. The various dimensions of the wireless information society are human interface that makes technology transparent virtual presence that makes distance transparent seamless solutions that make systems transparent In the upcoming era of virtual presence, the creation of global innovation networks will become possible. These will be virtual communities where ideas, information, and knowledge circulate and collide freely. Together, communication and the technology of computers give life to the concept of information for anyone, at anytime and anyplace. TECHNOLOGY FOLLOWS THE LAW OF ACCELERATING RETURNS There is a paradigm shift in the world of computers and communications from supercomputers to smaller microprocessors; in other words, small fish eat big fish. Companies like Cray, Wang, and others have been bought out by smaller companies. Some of them have actually disappeared. Processors could be holographic or have speech input and output with automatic speech recognition and speech synthesis, as well as multilingual and terabit connectivity at a personal computer. In the future, browsers

OCR for page 31
Science and Technology to Counter Terrorism: Proceedings of an Indo-U.S. Workshop will be the only medium of communication. They will be active with voice, video, and language, and will be independent. Mobility and small form-factor devices such as palm devices, personal digital assistants, and tablets will be the devices of the future. Now we can also see the convergence of silicon electronics and photonics. Further, the convergence of biological sciences and nanosciences may make the cyborg a reality. Such technologies may also fall into the hands of antisocial elements. Indeed, computers are gradually moving from thinking machines to spiritual machines. By 2019 a $1,000 computer could have the capability of the human mind. THE ROLE OF INFORMATION TECHNOLOGY IN THE INDIAN ECONOMY AND THE NEED FOR INFORMATION SECURITY In India, information technology is going to be a critical factor that has to be protected rather than used as a weapon. Billions of dollars come from IT directly, and the IT market is growing exponentially. Hence, IT—not just the IT infrastructure per se, but also the other components of IT—is extremely critical to the Indian economy. Protecting India’s capability for IT expansion is more critical than protecting the critical infrastructure. In 2002, the vast majority of India’s exports were sent to the United States and Europe. Given this, uninterrupted communication between these parts of the world is critical to the Indian economy. For India, IT has also been an excellent economic contributor, leading directly and indirectly to the creation of new jobs and foreign direct investment. Appropriate protection for IT in India should not be limited to just infrastructure, but rather it should be a unique area of comprehensive activity. Information technology is a critical component of the Indian economy. Knowledge is the wealth of a nation. It is thoroughly interwoven by networks and is often stored on computers as codes, data, and network flow. In the world of digital information, movement of data across a network is essential to the creation of wealth— the digital economy. Hence, physical and economic security is linked to information security. Information security is decisive to India because it is strongly connected to economic security. E-commerce, supply-chain management, workforce optimization and e-learning are critical enablers of e-business. These critical components will drive requirements, and are linked to economic security. In other words, security is a critical enabler for e-business. In order to achieve security, in-depth defense, which extends beyond classic perimeter controls such as firewalls, is a necessity. Multiple cohesive security components such as intrusion detection appliances and specialized virtual private network (VPN) gateways will have to be used. Security will also have to be integrated into the e-business infrastructure, particularly into enabling networking devices. As security is probabilistic and each security component can either harm or help, a comprehensive blueprint specifying design, operation, and management practices is also required. There is an explosion occurring in e-business as organizations move to rapidly take advantage of today’s Internet economy. As organizations move to use the Internet

OCR for page 31
Science and Technology to Counter Terrorism: Proceedings of an Indo-U.S. Workshop and e-business to gain a competitive advantage, they inherently open themselves to new security risks. These risks are significant, and organizations that wish to thrive in the Internet age need to address them. A dichotomy exists. There is an urge to share information, and at the same time, there is an urge to protect invaluable information. There is a growing need for systems to be open as well as secure. It is predicted that the Internet will become so mission-critical in India that people would rely on it just as much as they rely on the telephone. The Internet is gradually absorbing the phone system, VOIP, entertainment, and digital radio. People will expect high levels of reliability and security from such Indian firms as Telco. WHY IS THE INTERNET AN EASY TARGET? The Internet environment today is dynamic, crosses jurisdictional boundaries, and is witnessing an explosion in government, commercial, and consumer use. It continually incorporates new technology but lacks central administrative control. To understand the environment in which incident handlers work, it is necessary to understand that the Internet is global and has no central authority. The Internet started as a research project. It was a small community of researchers who knew and trusted one another. Security was not a primary consideration in the design of Internet protocols. Today, however, any problem that occurs in one part of the world can spread to any part of the world like a virus. Its bandwidth is expanding from dial-up networks. Furthermore, the local area network (LAN) and the wide area network (WAN) have merged, yielding what seems like a single seamless integration of networks. Thus, in addition to the challenge of identifying solutions to protect the current network, a whole new network that looks like one single network has emerged. Some of the major weaknesses of the Internet are the presence of an ad hoc collection of transmission control protocol/Internet protocol (TCP/IP) interconnections, the absence of a central authority, the lack of central knowledge of connections, poor packet billing, the lack of integration of core equipment in helping law enforcement, and the presence of large perimeters that are difficult to control. Hence, the Internet has become an easy target for individuals and groups intent on doing harm. Since the growth of the Internet has been exponential, it has many hundreds of thousands of vulnerable systems connected to it—all of which are potential gateways or targets for intruders. All are built on an (ultimately) insecure foundation and based on a culture of trust. The Internet itself has become an infrastructure, like the telecommunications or utility services. Furthermore, the complexity and administration of computer and network infrastructures make it even more difficult to properly manage the security of computer and network resources. As a result, many more computer security events or incidents are occurring. One of the most basic premises is that with the right funding and sufficient time, any network could be broken into. People who try to compromise networks do not have any budgets. They possess blank checks.

OCR for page 31
Science and Technology to Counter Terrorism: Proceedings of an Indo-U.S. Workshop DIFFERENT WAYS TO ATTACK Concerted attacks could be mounted by a combination of agents such as Trojan horses, worms, spies, moles, sleepers, controllers, and couriers. Intentional or unintentional insider attacks are also possible. Denial of service, distributed denial of service, catastrophic denial of service, and social engineering are other types of attacks. In India, very often attacks, such as denial of distributed service or catastrophic denial of service, are absent because the country’s backbone bandwidth is not significant. In this regard there are three components of information warfare—defensive, offensive, and monitoring. The defensive component comprises firewalls, encryption, and secure protocols. The offensive component comprises sniffers, scanners, denial-of-service attacks, viruses, and hardware and software bugs. The monitoring component consists of traffic analyzers, intrusion detection systems, international communication interception, communications intelligence, and passive detection. The monitoring component is extremely important, and many institutions today are collaborating to devise systems that monitor and conduct preventive analyses of attacks. There are many possible situations presented in the world of information warfare. None of them are possible in India. Nations that are most advanced in networking are also the most vulnerable. A sudden power blackout, nuclear station malfunctions, random changes in airline and railway reservations, or automated teller machines randomly crediting are highly unlikely scenarios in India, particularly because these cannot be attacked through wires. India’s telecom network (which is not connected to the Internet), air traffic control systems, commercial banks, and airline reservations are less vulnerable and most of the vulnerabilities are not life threatening. In most countries, individuals, enterprises, and governments are vulnerable to attacks, but in India the Internet is predominantly used for business-to-consumer activities (rather than business-to-business activities). Given the relative vulnerability of the systems and importance of the targets, it seems likely that, were insider attacks to occur, government information systems and financial information systems would be most affected. The main problem with ICT is that networks are neither limited by range nor by speed. This means that because of the speed at which information moves, when a network is used in an attack, damage can be extensive and lethal. INFORMATION LIFETIME Key players in a networked information society are individuals, enterprises, and the government. These players interact with each other for e-commerce, information exchange, and information dissemination. The economic value of information varies, as does its privacy requirements and the time during which it will require protection. For example, electronic fund transfers require short-term security, as the data is dynamic. In contrast, a company’s strategic plans require security for several years. A proprietary product or software would require protection for decades. Personal information, such as medical records and confidential assessments, requires a lifetime of protection.

OCR for page 31
Science and Technology to Counter Terrorism: Proceedings of an Indo-U.S. Workshop India has witnessed the communications revolution in different ways. Weapons used could be just words or pictures. India, therefore, is very vulnerable because manipulative information very quickly creates panic. Information Warfare Information warfare is the use of information to achieve national objectives. This is done by actions to deny, exploit, corrupt, or destroy the enemy’s information and its functions, while protecting the state against those actions, and exploiting the state’s own military information functions. Cyberterrorism is a type of information warfare. Future wars are most likely to be fought in this theater. Information warfare affects the economy, commerce, and all of society. In the field of information warfare, software is the soldier. KNOWBAT, a software spy; daemon sniffer, software that records commands and reports on query; viruses; and trap doors are examples of such soldiers. Computers and networks are also soldiers in information warfare. In India a virus on a chip, electromagnetic pulse (EMP) attacks, EMP-triggered hardware, and biological organisms that eat chips are methods of attack gradually becoming more probable. Hence, waging information warfare is cheap. There are abundant opportunities to manipulate perception in cyberspace. It is possible to commit virtual fabrication, deception, and propaganda, as no nation has any sovereignty over cyberspace. The amount of technical knowledge required to be a successful hacker has dropped dramatically. Hacking that required a Ph.D. in computer science in the 1980s can be done today by a school student. The amount of potential damage has also been exponentially increasing, so much so that even a school student could bring down the world’s network. Hackers love making the news, and often do, but threats to corporate resources are everywhere. As networks become more sophisticated, so do the tools that hackers use, and today they come with a user manual. This obviously means that instead of a few, brilliant hackers threatening networks, there are many more people of average intelligence and education who can, and do, cause trouble. It is more important than ever to make sure that networks are secure. PROFILING THE ATTACKER AND ATTACKS VS. PROFILING NETWORKS With regard to profiling attacks and understanding attacker capabilities, a good research organization can manage to control the attackers’ combined capability. A profile of the top defacers worldwide indicates that the Silver Lords, an international group that works in Indonesia and many other places, have caused extensive damage. Such group attacks have been analyzed. Rather than profiling the workings of the networks, profiles of the attackers have been created. The popular methods of attacks are very informative. Many attacks have been due to configuration and administration mistakes. In many cases, vulnerabilities were known in advance and had been reported in CERT-In and other places, but system administrators had not corrected them. In other words, numerous attacks could have been prevented by being careful or by employing intelligent operating systems and self-healing

OCR for page 31
Science and Technology to Counter Terrorism: Proceedings of an Indo-U.S. Workshop networks. Social engineering also accounts for a small percent of the attacks. Undisclosed vulnerability is a factor in a few attacks. If one linearly predicts that the number of attacks is also related to the losses incurred, a large number of the attacks could have been contained if we understood how to work cooperatively. Hacker Groups Key individuals working in popular Pakistani-based defacer groups and using Windows are GForce, Moron, and Nightman. World’s Fantabulous Defacers (WFD), the Silver Lords, and the Pakistan Hackers Club (PHC) are other groups. The newly formed group Federal Bureau of Hackers (FBH) was quiet for awhile, then on August 14, 2003, it did a mass defacement of sites. The FBH has also written an exploit code. Of all the groups it has a slightly better technical capability. Pakistani-based groups have largely defaced Indian sites. The Anti-India Crew (AIC) and the GForce defaced many sites. The Silver Lords and WFD also defaced many sites. The Bugs have defaced a few as well. The entire logistical operations of the defacements have been analyzed and mapped. AIC appears to have attacked .com sites and .in sites in equal numbers but did not attack .net, .org, and .edu sites. Many of the Indian sites that end with .com are located in the United States. They have been attacked, but not the sites in India. In information warfare, protecting the Indian border is not going to be a great help. The same sites have been defaced repeatedly. This is popularly known as redefacement. For example, the site of the Regional Research Laboratory in Bhubaneshwar has been redefaced. Gforce is one of the groups that has launched extensive attacks against India. Its operating system (OS) attacks are mostly on Linux. It has very little capability to hack other operating systems. It uses e-mail and file encryptions, rootkits, sniffers, and other methods. It loads the sniffers onto one of the machines, procures the password, and obtains access to the machine. Hacker Psychology Observation of attacker capabilities reveals that the majority of attacks could have been done by anyone, fewer required moderate capabilities, and a small percent required higher capabilities. Regarding the level of administrative experience needed by a hacker group to deface Web sites, it is evident that most attacks are common-knowledge attacks. There are very few attacker groups or individuals capable of launching intellectual attacks that require extensive premeditation. The same group psychology that is used for understanding the development of open software by a heterogeneous mass of people who have not met, or for developing Linux, works for the formation of hacker groups. No credits are given; no brand names are mentioned. However, hacker groups still indulge in defacements. Certain groups have expertise in compromising certain types of operating systems. For example, GForce has attacked Linux and Solaris operating systems. WFT, on the other hand, has expertise on Windows. The Silver Lords has a combined capability that allows it to compromise Windows and Linux. A fused analysis, called a science, technology, and psychology analysis, was

OCR for page 31
Science and Technology to Counter Terrorism: Proceedings of an Indo-U.S. Workshop conducted to profile the attacks. The aim was to find answers to questions such as, who are these attackers, what are their capabilities, and what should be our capabilities to control them, contain them, or prevent them? Unlike in the United States, attacks in India are predominantly Web-based defacements. These are not the type of attacks by which people have obtained the root password or have gained access to economically sensitive information. There are three types of Web defacements. Many domains host what are called hosting institutions or host service providers, which host many Web sites. Once the root of the host is compromised, all the Web pages hosted on the sites can be defaced. This is known as mass defacement. There is also re-defacement, the act of defacing an already defaced site. As noted earlier, re-defacing domains is probably the most dismal act that can be committed in the script kiddie world. The All India Institute of Medical Sciences Web site was redefaced. Special defacements are more critical and may have an economic impact. Such defacements would include sites maintained by the government, security agencies, or credit card companies. Monthly statistics suggest that there are many attacker groups. In recent years, the number of attackers increased, as did the number of defacements and mass defacements. These increases also correspond to India opening up a little more during this time and acquiring more bandwidth for international connectivity. The trends absolutely correlate. The number of defaced sites is also becoming correlated with this increase. Observing the Indian sites that are being defaced, it is clear that their number is growing. Interestingly, the sites that are located outside of the country but are owned by India have been targeted rather than the Indian sites located within the country. This is also related to the access bandwidth. A thorough analysis of defacements was made in order to find out whether there are political triggers that have been causing fluctuations in defacements. An examination of the country domain defacements indicates that the number of Indian domain defacements is growing. A closer look at the motives for defacements indicates that the primary reason given for more than about half of the attacks was “just for fun,” or “I want to be the best defacer as a challenger, as a patriot.” Political reasons accounted for about one-tenth of the just-for-fun attacks. Revenge against a particular Web site was a motive in very few cases. The next step was to look at a large number of randomly-selected attacks (out of 10,000 attacks, a random sample of 160 was taken), analyze them, and sort them into various groups. The patterns of attacks are similar to the worldwide trend. In other words, out of 10,000 attacks, a random sample of 160 was taken. The Indian attacks were separated from the total number of attacks and analyzed, then put into various groups again. The number of “just-for-fun” attacks was very small. The number of attacks motivated by “ethnic hate and nationalism” was higher. The number of “political interest and political ideology” attacks on India surpass economic attacks. In other words, attacks on Indian sites are not carried out by organized criminals, but rather by people who want to convey a political message. In this respect, India is completely different from any of the nations of the developed world. The number of Internet hosts has been increasing in India, which could create future problems. At the same time, the number of Internet servers has been decreasing—

OCR for page 31
Science and Technology to Counter Terrorism: Proceedings of an Indo-U.S. Workshop there are many sites that are closing down—and the number of Internet users has been growing. Corporations are aggregating their sites and making them into a single site, so that they can maintain it appropriately. The defacement messages were classified into four groups and studied: (1) inoffensive, (2) slightly offensive, (3) offensive and threatening, and (4) extremely offensive and threatening. GForce has been leaving messages that are extremely offensive. Moron and Nightman have been hacking on a much larger scale, but their messages are slightly moderate compared with GForce. The messages posted by the WFD have been largely offensive. The Pakistan Hackers Club has not been placing significantly offensive messages. For example, the Silver Lords’ messages about “Free Kashmir,” using vile language and threats, exemplify offensive and threatening messages. GForce messages are also extremely offensive and threatening. They provide an example of Pakistan Hackers Club activity. Inoffensive messages contain content such as, “We defeated India.” An analysis was conducted to identify the trigger factors. Newsworthy events were divided into three groups. The first group was news of nuclear-related events. An attempt was made to see if the attacks on Indian sites were related to news of nuclear-related events. Thirty nuclear policy announcements were considered. They had no relevance to the attacks that took place. Statements or bomb explosions do not seem to affect the attack trends in any way. Second, terrorist-related events were examined. The first one occurred on August 8, 2000, when Hizbul Mujahideen revoked the ceasefire declaration and its commandos went underground. On January 13, 2001, Jammu and Kashmir Chief Minister Dr. Farooq Abdullah escaped an attempt on his life. Researchers found that every one of these terrorist-related events was preceded by, or correlated with, excesses or increases in attacks on Web sites, all of which originated from the same groups. There is no doubt that these are related to each other. Third, an effort was made to see whether government policies and responses to terrorist acts have decreased or increased the number of attacks. There does not appear to be any correlation. The terrorist operations that have been taking place on land seem to have a very strong correlation to the number of cyberattacks, however small, that have occurred. There is also a very high correlation in the way that attacks have occurred. In monitoring attacks, there are asocial triggers that become clear, making it possible to predict the formation of attacker groups. It also becomes possible to identify triggers and to predict whether there is going to be a ground attack following a cyberattack. The third point is that preventive measures can be taken before cyberattacks are committed. There are several technologies available. The Writing on the Wall In India it is not hacking that has been on the rise, but rather hactivism. Hactivism is the convergence of political activism and computer attacks. Many hacker sites have been set up by nongovernmental organizations and antinuclear groups that use international funds and serve as front organizations. They have participated in chat groups, and psychological Web sites have been designed to create panic and to incite hate

OCR for page 31
Science and Technology to Counter Terrorism: Proceedings of an Indo-U.S. Workshop groups. There are also Web sites that collect money through the Internet to fund antinational activities in other countries. Case studies show a direct relationship between political conflicts and increased cyberattacks. Malicious cyberactivity can have concrete political and economic consequences. Although more study is needed, in India cellular phone traffic appears to be a predictive indicator of the onset of terrorist acts. Cellular phone traffic should be closely monitored to detect anomalies that correspond to triggers. In India, as in Israel and Palestine, the number of cyberattacks increases following events such as car bombings and mortar shellings. Subsequent to the April 2001 midair collision between a U.S. surveillance plane and a Chinese fighter aircraft, Chinese hacker groups immediately organized a massive and sustained week-long campaign of cyberattacks against U.S. targets. There have been similar occurrences in India and constitute a type of political activism and are not for economic gain. Often the intent of attacks is Web site defacement or denial of service. However, on several occasions, poor judgment on the part of patriot hackers has resulted in the hacking of the sites of organizations that are clearly not responsible for the attacks. In fact, one hactivist group erroneously defaced a site operated by a company with offices in the World Trade Center. “Virus propagation” recycles or modifies old viruses to make them appear to be related to recent events. For example, a new version of the life_stages.txt.shs virus was renamed wtc.txt.vbs in order to give the appearance that it was related to the World Trade Center. New viruses and attacks sprang up with reference to the September 11, 2001, attacks. One example is the Goner virus, which appeared in December 2001. As with the Comprehensive Test Ban Treaty, the ability of nations to launch cyberattacks and to protect against concerted attacks will become an item for negotiation among nations. As with the nuclear issue, there will soon be nations that are capable of protecting themselves from cyberattacks and non-cybernations. We are all vulnerable. It is important not just to rely on science and technology for protection. It is important to have sufficient analytical capability to learn from the traffic. With Internet Protocol Version 6 there is enough address space for every molecule in the world, and we should be able to assign that space such that the ownership is identifiable. The future of intelligence is actually the open source. In fact, open-source information can be used to identify triggers. The challenge is to mine this information and find connections between apparently unconnected events. There is a theory that says that in the world every two persons are connected by six degrees of connectivity. The theory applies to terrorists and to persons who are trying to control terrorism. Open-source intelligence and networking strive to reduce this connectivity to two, so that it can be managed. NEW DIRECTIONS IN THE MANAGEMENT OF CYBERTERRORISM Every individual should have a traceable identity to guard against the creation of false identities. There must be a balance between privacy and national security. Every computer or access device is identifiable and traceable; every transaction is traceable. The future of intelligence is in the open source. Through data mining to interlink apparently unconnected events combined with information fusion, recovery procedures,

OCR for page 31
Science and Technology to Counter Terrorism: Proceedings of an Indo-U.S. Workshop and the use of cryptography, every computer or even every molecule could be given a traceable ownership. RESEARCH ISSUES AND RECOMMENDATIONS The following items indicate priority areas for further research. sensors for predictive analysis based on the flow at the backbone level information sharing data mining tools not only to predict attacks in advance, but also to predict low-intensity, long-duration attacks and the formation of groups data mining to interlink apparently unconnected events information fusion recovery procedures and CERT-In use of cryptography The Lessons In today’s borderless world, protecting the world is everyone’s business. Terrorism was once the problem of the developing nations. Today, it is everyone’s problem. If we see terrorism in some other part of the world and keep quiet, we will live to regret it, because it will reach our doorstep very soon. Under Indo-U.S. collaboration, it is necessary to share our experiences and expertise in information and communication security. To begin this process, experts from the two countries could develop a framework to be used by governments in protecting the cyberspace of each nation. This framework could involve regulatory mechanisms, technologies for developing monitoring sensors and analysis capability to predict intrusions well in advance. The second major area for collaboration is the creation of cybersecurity awareness across a wide spectrum of users, including homemakers, students, corporations, software and hardware developers, vendors, and government officials. Such awareness would greatly facilitate our efforts to protect the infrastructures of both nations.