by October 15, 2013 0 comments

IT has enabled citizen-centric initiatives by the government in a big way in various verticals such as healthcare, banking and finance, infrastructure. Such initiatives have been delivered in the remotest of areas, for instance Himachal Pradesh, where more than 70% of the services are delivered to 50 lakh people through IT solutions. Unfortunately, the interconnectivity of servers of the government with the private companies has led to serious cyber security issues. Malware is used as a potent weapon by cyber criminals to disrupt these initiatives from the government. As IT assets are large and interconnected this has created new vulnerabilities and consequently to cyber wars.
Speaking on the occasion, Alhad Apte, chairman, National Technical Research Organisation said, “The malware wars like Higgs Boson field can attain critical mass anytime to unleash a potent attack on cyber systems across the globe. Since the scale and speed of cyber attacks are massive, they are difficult to contain.”

The cost of cyber crime
According to Muktesh Chander, Ex Center Director, National Critical Information Infrastructure Protection Center, “Cyber revolution has surpassed all revolutions ever witnessed by mankind. In this age of ‘e-all’ environment $45 million are looted every hour from ATMs and according to the National Crime Records Bureau (NCRB) cyber crime is increasing by 50-60% every year.” Almost 2.2 bn people are connected on the internet which is a new dimension of humanity. 2.2 exabytes of data is generated every two days. On the flip side, the net impact of cyber attacks has crossed $1 tn worldwide. Since the first virus originated from a garage 20 years back, cyber attacks have now become a state-sponsored activity across the globe. Approx 4.5 bn pieces of information are shared on Facebook everyday. On top of it, each person now has 14-30 identities on business cards.

Said Dr Cherian Samuel, Associate Fellow, IDSA, “There were 2876 cases registered under the IT Act in 2012 which is up from 1791 registered in 2011.” The preferred crimes apart from theft are cyber stalking and bullying. According to the Norton Cybercrime report 2012, the global price tag of cyber crime in 2012 in India was $4 bn while in the US it was $38 bn. There has to be competent training of law enforceme nt agencies if we need to tackle cyber crime effectively. Most of the training today is outsourced and of short duration, and fixed on identity theft, fraud and IPR theft. We need to look beyond these and towards the evolving mechanisms in cyber crime. The first hour in each cyber crime is golden and you need to pull data asap. Therefore forensics training should dig deep into the hardware and software aspects of cyber crime.

According to the Verizon Data Breach Report 2012, there has been a 41% rise in cyber crime in 184 countries. There is one cyber attack every 3 mins and 46% of these attacks emanate from Asia and East Europe. One out of every three emails has malicious intents. Effective threat protection demands discovery in minutes and not days, as most attacks are polymorphic, multi-vector, targeted, stealthy and well-funded by agencies. The new-age solutions required to tackle cyber crime should focus on near real-time analysis, scalable detection across real-world, traffic patterns, sharing threat intelligence for pro-active security. Unfortunately, most cyber crimes are not reported or registered. There are large gaps to be filled in technology tools, training of professionals and capacity building. A digital Pearl Harbor need not be enacted to wake us from our slumber.

Popular hacking targets
Apart from servers, websites, cars with onboard computers, medical devices like pacemakers, US drones, set top boxes, in short everything that communicates is a potential candidate. In cars hackers are known to have taken control of the cruise speeds, the Taliban have shown the capability to hack drones, the Touch ID of iPhone 5S has been hacked. Matt Honan, the famous western journalist was harassed by hackers very systematically just for his twitter handle, @mat. There have been reported instances of fraud on IRCTC website using a software ‘Triple X’ where the hacker Salman used to siphon off tatkal tickets in the first couple of minutes. Similar concerns have been expressed about the Bharat Broadband project that envisages to connect remotest of areas with a 1Mbps line so that 0.5 bn people can access all IT services as you and me.


Need for proper training and global co-operation
There is lack of proper education in the IT field for an aspiring cyber security pro. Moreover, there is a lack of trust in the cyber security community. Our idea of cyber security is still centered around encryption, firewalls, IPS/IDS, viruses, etc. Newer solutions should focus on collecting data from internet like news sites, social networks, blogs, forums, public databases, hacking discussions. Extract entities from known and unknown patterns. There should be interception of malicious data based on keywords and protocol classification and analysis of command and control center channels for unsigned malware. There should be aggressive techniques for detection of cyber crime, right now only 60-70% of the spend is on cyber crime prevention. For all this, you would need high network speeds and capacity.

Cyberspace has no global boundaries and thus necessitates global co-operation. There is a dark web constantly working in the background and most of their activities remain unnoticed. However, the silver lining is that most tools by the hackers can be used to counter them. The output from IPS/IDS systems can be used for predictive analyses of the attacks. But we must be cautious not to put too much restrictions on the common user. Need to balance usage and restrictions in an attractive way for the end user.


No Comments so far

Jump into a conversation

No Comments Yet!

You can be the one to start a conversation.