Even as countries and organisations are gearing to defend themselves from cyber criminals and terror mongers, newer methods of destruction are being devised by potential attackers. The Internet, which started as an information dissemination medium, has now become the ground-zero on which tech savvy terrorists and criminals are 'settling scores'. The objectives are plentiful and the attacks boundless. This article attempts to identify and understand the various facets of cyber attacks with an Indian perspective.

Hackers owing allegiance to different nations and ideologies are fighting it out on the cyber front. Whether it is India-Pakistan, US-China or Israel-Palestine, cyber attacks are increasing and becoming deadlier, targeting critical business and government infrastructures.

From an Indian perspective only, the trend is clearly visible in the charts below.

However, these figures are only those reported by the attackers themselves on 'web defacement mirrors'. The actual number of attacks would far exceed the documented stats and would include attacks of all types rather than just defacements.

Profiling Cyber Attacks
Cyber attacks vary from simple web page defacements to a major information warfare attack. Weak nations or terrorist groups could well use information warfare to cripple a superpower's infrastructure -- a traditional attack of this intensity would be unthinkable.

It is why a cyber attack is also called an 'asymmetric' attack. A significant feature of cyber attacks is the anonymity provided by the Internet. Also, the fact that an individual wanting to attack your information assets needs just a home computer connected to the Internet, and access to easily available point-and-click tools. The threat of cyber attacks comes from an alarmingly wide spectrum of attackers. The following are the potential sources of attack listed by risk level:

Low risk: Attackers at this level include individuals/groups who just deface web pages or DoS a network to show off their 'skills'. These attacks are more of a nuisance than anything else and because of their young age and limited knowledge, these individuals are also called 'script kiddies'. These individuals or groups would generally scan a whole range of IP addresses, subnets for loopholes and hack them, usually without involving a grudge. It's just that a particular IP flashed in one of the mass Scanners (Auto Rooters) and they decided to change your web page with 'hax0r3d by', 'greetz to hax0r labz' etc. and no political msg. And yes, storing 'warez' (pirated software etc) on the victim's server in some cases!

Middle risk: In the middle risk level, you have criminals who indulge in frauds off the Internet or are involved in industrial espionage online. Hacking groups/individuals with political affiliation also belong to this group. Due to the similarity in the ideologies these individuals/groups are more prone to joining hands with cyber-terrorists and thus pose 'high risk' to information assets.

Hackers belonging to Pakistani groups like GForce, AIC (Anti India Crew) are well known, and are good examples of attackers in this category who have probably joined hands and have become a part of cyber terrorists. GForce, in one of its defacements even claimed to have passed sensitive information related to India to the ISI. These groups have hacked numerous Govt. of India and Indian corporate sites to propagate their malicious political ideology. The following are the attack statistics of these groups:

Table: Defacement statistics of top five defacers of Indian websites (2002)

One of the attackers from 'Anti India Crew' (AIC), an 18-year-old Pakistani living in U.S. has been caught by the FBI and sentenced to prison for hacking into US defence networks.

High Risk: This is the most destructive end of the attack spectrum. It includes rogue governments or cyber terrorists hostile to other nation states. These attacks could be conducted in isolation or in conjunction with a physical attack like bombing or killing innocent people. These groups are the most dangerous and would target very specific and mission-critical information assets or processes to cause a high degree of damage.

All this can safely make organizations think: "Oh, we are safe! They hold a grudge against the government, not us!" The reality, in fact, is quite the contrary. The private sector is the most affected in such attacks because these groups seek to disrupt the national economy any which way -- directly or indirectly.

Threats:
A cyber attack can bring with it a great amount of damage both in terms of money as well as functionality of basic necessities. Cyber attacks can range from simple web page defacements to destroying the computerised power grid ensuring a major blackout!

Defacements: Defacements can be used to spread misinformation and lead to loss of goodwill on the part of victim corporate organisations. The attacks can also make important computer resources unavailable by launching large-scale denial of service attacks.

DOS Attack: We have known the effect of a DOS attack on Yahoo, eBay and others. Indian media websites like Zee news website was DoSed by cyber terrorists from Pakistan some time back to show off their 'strength'.

Worms and Viruses: Worms and viruses are other means of achieving the same degree of disruption in an IT infrastructure. These 'codes' cause a lot of damage since the target is the ubiquitous and vulnerable desktop system used by a common Internet surfer who uses the Internet to check mail etc. These worms/viruses can damage the data on these desktops or for that matter infect millions of desktops and use their combined resources to attack an 'interesting' asset! All these methods can be used by attackers at different risk levels depending on their intent and skill.

Apart from this, unauthorized intrusions into systems and networks belonging to the government and private companies; thereby stealing, and corrupting highly sensitive data is always on the cards.

Cyberattack Trends
1) Repercussions of real world happenings reflect themselves in the cyber world. Cyberattacks from fundamentalists on US Govt. and private organisations are expected to rise tremendously owing to the ongoing war between Iraq and the US.

2) Cyber attacks are, and will continue to be launched with increasing coordination and sophistication. Terrorists will recruit 'geeks' with similar ideologies or by twisting their existing thinking. Cyber attacks from fundamentalists that were initially disjointed, are now being carried out in close coordination between attackers from different countries subscribing to a common ideology.

3) Cyber attacks will become essential tools to perpetuate terrorism in the near future. Though these will never actually replace physical attacks, but in time these will be increasingly used along with physical attacks to cause as much damage as possible.

4) Cyber terrorists or malicious attackers will increasingly use self-discovered vulnerabilities in the applications to cause havoc; details of which they will not reveal. Such information will trickle down to the federal agencies at a time when considerable damage has already occurred.

Defending India's Cyber Frontiers
With all this in mind, we need to have proper planning and strategies in place, whether it is governments or corporates. Now is a good time to do it, as India's dependence on the Internet is relatively less as compared to countries like the US and UK who have had a lead in this medium of communication. These countries are becoming targets of more and more cyber attacks, which over the years will become even more devastating. American government agencies are working on chalking out strategies to prevent attacks that could cripple their power grids or for that matter nuclear control centres!! Imagine a hacker penetrating a nation's nuclear installation and ordering the nukes to blast its parent nation!

India has the opportunity to learn from the experiences of countries and have its own strategies ready. India ultimately might have to face the same threat from cyber terrorists and fundamentalists. Also, being a progressive country the country's dependence on IT will continue to grow and so shall the cyber threat! With the Indian government planning to implement 'e-governance', we can safely assume that cyber attacks can be major set back to India's IT infrastructure which will affect even the common man.

In this context some important issues that need consideration are:

1) India does not have a national Information Security Policy based on common standards across the entire length and breadth of the country. The Indian Government needs to chalk out, in consultation with the Corporate Sector, a comprehensive National Information Security standard, to be implemented by all government institutions and corporates. In the current cyber environment, boundaries between government and corporate IT infrastructures don't exist -- they are seamlessly integrated into an overall national Information Infrastructure. Therefore, vulnerabilities in any corporate network would impinge on the security of all other interconnected networks - including government networks; and vice versa. This, therefore, mandates a common framework of information assurance across the entire national IT infrastructure. For this, government and corporates will need to put considerable effort into developing a 'Common Framework'.

2) Comprehensive legislation to combat cyber crime and terrorism needs to be brought into effect. The IT Act 2000 is a step in the right direction but this needs refinement in a dynamic cyber environment and has to be bolstered with provisions for easy implementation across international borders.

3) The government would need to be aggressive in bringing cyber-attackers to justice once they are identified. This could involve considerable diplomatic effort in cases where extradition procedures are to be put into motion.

At best, this write up is an attempt to provide basic information regarding the potential threats and effects of cyber attacks. The real issue is, of course, much larger, and can be tackled with active participation and a proactive and positive approach to security. Only then can the country's electronic frontiers be defended.