Ads

Ads
Center Of Excellence (CoE) For Internet Of Things (IoT) In India

Wednesday, March 13, 2013

Computer Systems Of DRDO And Security Officials Breached And Sensitive Files Leaked

Indian critical infrastructures and sensitive computer systems are regularly targeted by crackers. In many cases they are also successfully compromised and in many cases their compromise is also not known for a considerable period of time.

This has happened in the past and it would happen in the future as well. Although there is no absolute mechanism to ensure their security yet we must develop offensive and defensive cyber security capabilities of India.

There are many glaring cyber security problems of India that must be addressed on a priority basis. We must formulate the cyber security policy of India as soon as possible. Similarly, we must also ensure cyber security skills and capabilities development in India. In short, Indian cyber security problems, issues and challenges management must be properly appreciated and adequately taken care of.

In a recent media report, it has been alleged that a successful Chinese cracking attack has caused one of the biggest security breaches in India. The cyber security breach has compromised systems of hundreds of key DRDO and other security officials. The breach has also resulted in leakage of sensitive files related to the cabinet committee on security (CCS), the highest decision-making body for security issues of the government of India.

The leak was detected in the first week of March as officials from India’s technical intelligence wing, National Technical Research Organisation (NTRO), working with private Indian cyber security experts cracked open a file called “army cyber policy”. The file had been attached to hacked email accounts of senior DRDO officials that quickly spread through the system in a matter of seconds.

As Indian security experts began to track its origin they discovered, for the first time, that all the sensitive files stolen from the infected systems were being uploaded on a server in the Guangdong province of China.

On further and detailed probe of the breach, it was discovered that thousands of top secret CCS files, and other documents related to surface-to-air missile and radar programmes from DRDL, a DRDO laboratory based in Hyderabad, among many other establishments. Even the e-tickets of the scientists who had travelled to Delhi in the last week of February were found on the server.

The intelligence officials also discovered documents of deals struck between DRDO and Bharat Dynamics Ltd, a defence PSU which manufactures strategic missiles and components. Some other recovered files were related to price negotiations with MBDA, a French missile manufacturing company.

At Perry4Law and Perry4Law’s techno Legal Base (PTLB) we believe that this clearly is a cyber security lapse and cyber security due diligence failure on the part of organisations and computers involved. Let us hope that Indian government would learn lessons from this episode and plug in the loopholes existing in the security of these systems.

Source: CECSRDI.

Saturday, March 2, 2013

Regulations And Guidelines For Effective Investigation Of Cyber Crimes In India

Cyber crimes are increasing at a rapid speed in India. However, cyber crimes investigation in India has still to be developed to tackle these cyber crimes effectively. As on date the cyber crime investigation capabilities of law enforcement agencies of India is still deficient and they need proper training in this regard.

The legal and judicial systems of India also need to adapt as per the contemporary information technology oriented society. However, a majority of cyber crimes in India are not reported at all. Even if some cyber crimes are reported, they are not properly investigated and very few such cyber crime cases reach to the court level.

In the absence of scientific evidence and knowledge and proper cyber crime investigation, there are very few cyber crimes convictions in India. In fact, the Supreme Court of India is hearing many Public Interest Litigations (PILs) in this regard.

In one such PIL the Supreme Court of India has issued notice to Centre to seek its views in this regard. The Supreme Court has sought response from the Centre on a PIL seeking its direction to the government to frame regulations and guidelines for effective investigation of cyber crimes in India.

The notice has been issued by a Three Judge Bench of Supreme Court headed by Chief Justice Altamas Kabir. The PIL alleges that the common people are being harassed by police due to lack of procedural safeguards in the prevalent system of cyber laws.

The PIL originated out of the allegations of Pune-based businessman Dilip Kumar Tulsidas Shah who claimed that he was harassed by the police in a cyber crime case in which he was not involved.

 The petitioner seeks the remedy of issuing a writ of Mandamus, order or direction to the Centre to frame an appropriate regulatory framework of rules, regulations and guidelines for effective investigation of cyber crimes, keeping in mind the fundamental rights of citizens.

The Petitioner also contends that there is a near total lack of procedural safeguards in the prevalent system of cyber crime investigation. Police harassment of citizens, whether out of intention or ignorance, is rampant, says the Petitioner.

The Bench after hearing his arguments issued notice and clubbed his plea along with other similar PIL pending before it.

At Perry4Law Organisation and Perry4Law’s Techno Legal Base (PTLB) we have been working in the direction of spreading public awareness regarding cyber law on the one hand and cyber crimes investigation on the other. PTLB is managing the exclusive techno legal Centre of Excellence for Cyber Crimes Investigation in India.

PTLB is also managing the exclusive techno legal Cyber and Hi-Tech Crimes Investigation and Training Centre (CHCIT) of India. A special emphasis upon preventing and punishing cyber crimes against women in India has been undertaken by PTLB. 

PTLB has also launched a techno legal initiative named Intelligence Agencies and Law Enforcement Technology in India. The aim of this initiative is to develop the techno legal capabilities of law enforcement and intelligence agencies of India.

Intelligence agencies and law enforcement agencies of India are actively looking towards adoption and use of information and communication technology (ICT) for their functioning.

Ambitious projects like Crime And Criminal Tracking Network and Systems (CCTNS) Project Of India, National Intelligence Grid (Natgrid) Project Of India, National Counter Terrorism Centre (NCTC) Of India, Central Monitoring System (CMS) Project of India, National Cyber Coordination Centre (NCCC) Of India, etc require techno legal expertise. Law enforcement agencies of India must be aware of both technical as well as legal requirements in order to derive maximum benefits out of these projects.

If either the Supreme Court or the Centre needs our assistance regarding formulating regulations and guidelines for effective investigation of cyber crimes in India, Perry4Law and PTLB would be glad to extend the same.

Source: CECSRDI.

Advertisement Space- Bid Now

Advertisement Space- Bid Now