Not so long ago, we woke up to the terrifying news that terrorists had attacked an Indian Army camp at Uri. A week later, the Indian Army carried out a surgical strike in Pakistan occupied Kashmir (PoK) as an act of retaliation to eliminate terror launch pads across the border. Following the incident, a war ensued - however, this was not a full-fledged military confrontation, but a cyber war.
On October 3, the National Green Tribunal’s website came under attack with a Pakistani group hacking it and posting a message mocking the Indian side. A hacker identifying himself as D4RK 4NG3l took responsibility for the attack. The message on the defaced site read “We are Unbeatable #OpIndia” with other pro-Kashmir freedom slogans.
On October 6, Pakistani Hackers again attacked the Indian Cyber space by vandalising Parbhani District Police website and the Bihar State Electronics Development Commission website. A Pakistani hacker who goes by cyber name Faisal 1337 claimed to have hacked both the sites and took mirrors of the defaced site.
Yet another Pakistani group called Pak Haxors Crew (PHC) claimed to have successfully hacked 7,010 Indian websites by releasing a list of hacked sites on Pastebin. The targeted sites were mostly SMEs; however, all of those sites were recovered within few hours after they were compromised. The message from Pakistani Hackers was loud and clear: “Tum ne sirf socha tha aur hum ne kar ke dikhaya.”
This is where the necessity of proactive Cyber Incident Response Plan comes into play. In reality, many websites in our country are prone to cyber attacks and threats. If we were to recall, there would be numerous cyber incidents that India has encountered - from the defacement of CBI’s official website to a private group called “Tranchulas” using APT (Advanced Persistence Threat) malware attacks to spy on the phones of Army personnel.
Similar to the retaliation conducted by Indian ground forces in response to the Uri Attack in PoK, patriotic Indian hackers vented out the anger by damaging Pakistan’s crucial government websites. A group called “Telangana Cyber Warrior” claimed they had infected a Pakistan government website by implanting a CTB-Locker Ransomware. The hacker said he got 120 bitcoins (Rs 50,82,085) to release the Pakistani government computers.
After that Hacktivity, India’s Top Black Hat Group “Hell Shield Hackers” broke into multiple Pakistani government websites, and the Pakistan Army website. Hell Shield Hackers broke into the server of the textile ministry of Pakistan and defaced Pakistan Central Cotton Committee's website. The same group claimed to have hacked into Pakistan Army's recruitment website. The hacker in73ct0r d3vil left a message on the website, “You are Nothing but Brainwashing our Citizen in Kashmir, But wait Indian Hackers Gonna beat the hell outta you”, with hashtags #DestroyPakistan and #UriAttacks:
Another hacker from India, Mr Z, compromised the Agricultural Department of Baltistan website. Mr Z then warned Pakistani Hackers: “If we start attack on you, it would be more dangerous than surgical strikes.”
Apart from these cyber assaults, websites of Freedom Party Pakistan, University of Karachi and University of Faisalabad were hacked.
India’s most popular hacking team Hell Shield Hackers claimed they had compromised the backbone of Pakistani government covertly and performed data exfiltration to extract sensitive information from their servers.
One click of a hacker can easily undo years of hardwork of any organisation, without the need to cross the border. Stealing confidential information, intellectual property and financial data is extremely harmful and paralyses the country’s economy.
The point to ponder upon is: What if the Indian government supports these patriotic cyber security personnel who are contributing to protect the national cyber infrastructure without any monetary benefit?
In fact, there will be more investment and attention devoted to mitigate state-sponsored cyber attacks in the future. Similar to the allocation of a defence budget, India needs specific funds to strengthen the national cyber infrastructure, and encourage and motivate hackers.
Countries like USA, China, Russia et al have an official cyber army backed by their governments, whereas India is yet to announce its cyber task force. However, few of us are aware that National Cyber Safety and Security Standards (NCSS) steadily works on aggressive plans and fetches talent to not only keep up with the fast-changing IT evolution, but also expand its reach among the people to guide them about cyber security.
Hence, cyber security has emerged as a crucial aspect in the modern IT era. This is the reason why many private organisations have started “Bug Bounty Programs” where they receive vulnerability reports from researchers and freelancers, and after mitigating the loophole, pay out or acknowledge the researchers.
Cyber security remains underrated in India and we need to understand the repercussions of its failure - and hence, rapid awareness must be built to systematically gain from it in the long run.