Thursday, April 10, 2008
Chinese hackers have penetrated Indian Govt. computers, the focus of Cyber Attacks from China was mainly to United States and whole of the world was very much neglected and yes during the time people were watching news about chinese hackers accessing US defence systems they also hacked at a lot of different locations, India was one location to finally figure out that they were also attacked, Computers of Ministry of external affairs of India that used to host sensitive information, mission plans were seems to be compromised, those computers were supposed to be off network and not to be used for Internet or Lan but some employee plugged them into the Lan and that got internet access, wow.
Didn't they have firewalls ?, How did they directly get external IP addresses ?, Why were they not on NAT or a separate VLAN ? What ever the reason might be they have done the blunder and the reason is PEOPLE, insiders are responsible for 80% of attacks on an organization and even governments.
When they had so much of sensitive data why didn't they encrypt it ?
"NEW DELHI: Hackers, suspected to be from mainland China, have made deep intrusions into the secure computer systems of the ministry of external affairs, according to top government sources.
The serious breach was detected during a routine security audit by the intelligence agencies last month – the hackers had left clear trails. Alarmed, the government is sending a team of intelligence officials to audit the security standards of systems and computers in key Indian missions around the world, starting with the embassy in Beijing, sources say.
The Chinese hackers had even accessed some of the stand-alone secure computers on which senior MEA officials store secret notes on national policy and mission plans. Sources say these stand-alone computers may have been carelessly connected to the local area network and through it to the Internet giving hackers access.
Sources say the auditors were able to verify the details including internet protocol addresses and the Media Access Control (MAC) addresses of the hackers, confirming they originated in China.
A MAC address, also called hardware address, is a unique identification number that helps analysts trace the systems back to its country or location. All of these point to China, sources insist.
After the audit at the embassy in Beijing by this month-end, the missions in Europe and the US would be next."