Majority of Indian Army Cyber Breaches from Pen Drives and PowerPoint

General Bikram Singh

Though Chinese and Pakistani hackers are a constant threat to India’s sensitive military information, restricting the use of pendrives and PowerPoint presentations is the key to preventing the cyber invasion against India according to Chief of Army Staff General Bikram Singh.

Analysis of Indian cyber breaches have shown that over 70 percent have been caused by the use of USB Pen drives. General Singh has also ordered that all sensitive war plan meetings be done paperless and that PowerPoint use is to be restricted.

The Indian military believes that doing this along with the standing practice of limiting military information leaked to social media sites will help keep the cyber invasion in check.

Last year the Indian army ordered all of its troops to remove their pictures and any military affiliation from social networking sites. This is a very good move, and one that I wish the United States would do with our troops. Social Engineering hackers are scanning these sites looking for military personal to target.

I have seen military personal post way too much military identifying information on their personal sites. This even includes members of our military cyber teams. And terrorist groups like the Taliban have been known to pose as attractive woman on social media sites to try to lure information out of allied soldiers.

Surviving a Public Infrastructure or Energy Grid Attack

Destructive cyber-attacks against critical infrastructure are coming” – Gen. Keith Alexander said last Thursday at a public interview in Aspen Colorado.

Are you ready?

What would you do if the lights suddenly went out? If power was out for days on end? Where would you get news from? Or more importantly Water? Keep cool or get heat? Though many disregard the government’s warnings about critical infrastructure attacks what if the worst did happen, would you be prepared? All these questions and answers became much more real to me the last few days.

Last Thursday our city was hit by a tornado. “That’s not a cyber attack!” I can already hear many say. But if power did go out, along with other public utilities at the same time would it really be that much different? And what if it was a natural disaster instead of a cyber attack from China, Russia or Iran?

It may be neither, but faulty, antiquated or overtaxed equipment. Three Hundred and seventy million people in India just lost power through a power grid crash. That is more people than the US & Canada combined. So the question still stands, would you be prepared?

The night of the storm, we lost all electric and all means to communicate to the outside world. Land line phones were dead, cell phone towers damaged. Relatives and others that live outside the city also lost running water.

Here is a list of things that I found to be very helpful:

  • Matches, candles, and flashlights
  • Cash on hand (no ATM access!)
  • Battery powered radio
  • Ice to keep food from going bad
  • Non-perishable food items
  • Water (bottled is great!)
  • Camp Stove or even an outdoor grill!
  • Walkie Talkies especially if you have family near
  • Cell phone
  • iPad or Android Tablet – With car charger!

The worse is not knowing. Not knowing if friends and family are okay, if more bad weather is on the way, not knowing when utilities will be restored, not knowing when things will be returned to normal.

Not only was our ability to get local news hampered, local news stations were also knocked out, but voice cell phone communication was non-existent the first couple of days and texting was intermittent.

The cell phone became our life line. We ended up getting our local emergency news and reports forwarded from a relative that lived in Florida!

Food was a huge concern, especially not knowing how long power would be out. I found that three bags of ice (luckily a local grocery store was unharmed) stacked one on top of the other fared pretty well keeping the freezer cool. Eventually when emergency services supplied dried ice, a block of dried ice next to the bags of ice kept the freezer very cold and kept both dry ice and bagged ice from melting.

The iPad and Android tablets seem an odd addition to the list. You would not believe how helpful they were during the outage, especially when you live in a house full of 2.0 teenagers who are as addicted to tech as much as you are. Locally stored Kindle books helped pass the time, and the mobile devices acted as a helpful mini light source when navigating the house at night. The long battery life on the iPad was a god send too!

As roads cleared, getting out with these devices and connecting to public Wi-Fi’s helped to get news and tell family members that all was well.

Having firearms was also a huge peace of mind. It is an eerie feeling living in a blacked out city at night and seeing the random police car go by shinning his search light up and down the alleys.

This is not an exhaustive or expert guide by any stretch of the imagination. Just some information that may help out if the worse happens.

Are you ready?

China – Cyber Pirates of the Electronic Coast?

We have all seen the images from the African coast. Pirates armed with AK-47’s and RPGs in small boats taking over civilian cargo vessels.  They claim that with the harsh economic conditions that they face, this is what they must do to get income for their villages. And get paid they do, millions have been given to them to release captured vessels.

It feels eerily similar to what another nation is doing. Chinese hackers attack foreign civilian and military facilities alike to gain finances and also classified military information.  

While China’s attacks against America and Britain are well known, we are not their only target. Chinese hackers have also targeted India, and Japan.

When you look at it, India is a rich target for China. A lot of American companies now rely on India for data supply and support. In fact, in April, American and Canadian security experts exposed a Chinese cyber espionage attack against India. The target?

The attacks were aimed at obtaining classified documents from the Indian Defense Ministry and also NATO security information.”

It may be easier for Chinese hackers to obtain sensitive military information about America from her allies by going after India’s less defended infrastructure. India is working hard to create a secure environment as they are still developing their national infrastructure (Only about 7% of its civilians have internet access).

Japan also has suffered from Chinese hackers. Japan has been on the receiving end of a rash of denial of service attacks from Chinese hackers. In this case, it is in response of a maritime dispute. Earlier this month, a Chinese fishing trawler collided with two Japanese coastguard vessels near a disputed area in the South China Sea. Also, a gas field in a disputed area has been a point of contention.

China’s response? Chinese hackers went to work.

Japan suspects its defence ministry and national police agency websites have come under cyber attack this week, a news report said Friday, amid a bitter row with China over a territorial dispute.

The government is looking into the attacks given that China’s largest known hackers’ group had warned it would attack Japanese government websites until Saturday in protest over the maritime incident, Kyodo News agency reported.

As the cargo ships off the African coast are tempting targets for Somalian Pirates, it would seem that the computer infrastructure of the world’s IT centers are too tempting a target for the Cyber Pirates of the Electronic Coast. 

Cyber Arms Intelligence Report for July 25th

This last week, malware was front and center in the news. The Register covered a story about Power Plants being infected with the latest Windows shortcut vulnerability. No problem, you’d think, just remove it. Well, Siemens warned their clients that removing the virus left the possibility of affecting the power plant. Yikes…

Next up, Dell reported that the W32.Spybot worm was found on replacement motherboards for four servers – the PowerEdge R310, PowerEdge R410, PowerEdge R510 and the PowerEdge T410PowerEdge R410. A limited number of the boards were sent out to customers, so Dell initiated a call campaign to notify affected users. The problem is that they never posted anything on their website, so customers were very cautious when they received unsolicited calls from non-technical Dell support reps. This makes one wonder, how did the worm get into the motherboard flash? Dell claims human error, and says that all infected boards at the factory have been dealt with and only clean boards are being shipped now.

And last but not least, the FBI shut down, a site that hosted over 70,000 blogs. According to the Foxnews report, the site contained links to material on terrorism, and had bomb making tutorials.

Here are some other top news stories from around the web:

Welcome to the future: Cloud-based WPA cracking is here
In 2008, I speculated about the future of distributed security cracking. That future has arrived, in the form of a $17 “cloud” based service provided through the efforts of a security researcher known as Moxie Marlinspike. It is effective against pre-shared key deployments of both WPA and WPA2 wireless networks.

DNS Hijack – How to Avoid Being a Victim
There are many ways DNS can be vulnerable, but there are also many ways enterprises can reinforce their DNS architecture to make it more resilient against both brute force attacks and fraud. Below, I’ve prescribed a just a few things that your organization can do to ensure that you have a better defense prepared for your DNS.

India and US planning to start Counter Attacks
India and the US signed a Counter Terrorism Initiative that includes steps to check financing of terror activities, joint probe in cases of bomb blasts besides cooperation in cyber and border security.

Could a single hacker crash a country’s network?
Harassing a handful of Web sites is one thing, but does one hacker have the technological wherewithal to bring down an entire country’s network? In a word: yes

7 Types of Hard CISSP Exam Questions and How To Approach Them
The first thing most people hear about the CISSP examination is how difficult or unfair the questions are. Although this may be a good warning, it does not begin to prepare you to do well on the exam itself. For some of the CISSP exam questions, just knowing the facts is not enough. These questions are referred to as “hard questions“. This paper examines seven types of hard questions you are likely to see on the CISSP examination and the best approaches for solving them.