Cabinet Secretary K M Chandrasekhar has called a meeting of information technology (IT) and security experts next month to formulate a response to cyber attacks on key government ministries which have been found to be linked to computers servers in China. Government sources said the February 9 meeting has been convened after a sweep of computers in the Prime Minister's Office by National Technical Research Organisation (NTRO) last month and checks of the Home Ministry network by the IT experts last November found malware programmed to unauthorisedly access files and transmit them outside India. According to government cyber experts,the malware was sending files to an unknown IP address. Further investigations with top Internet companies in the US revealed that the IP address was exporting the vital information,which includes drafts and highly secure data,to servers in mainland China. These companies also confirmed to the Indian security agencies that hacker activity from China had been noticed in the past too. In fact,Dr Gulshan Rai,Director General,Indian Computer Emergency Response Team (CERT-In),has warned all secretaries about targeted attacks on government organisations through malicious emails. In a missive,dated December 24,2009,Dr Rai wrote: We have received reports that targeted attacks are being launched on government organisations through malicious emails. In these attacks,malicious PDF documents with malware embedded inside are being crafted and sent as attachment with convincing emails pretending to be from trusted sources. The emails could be from spoofed or compromised email accounts. Attached to the letter is a one-page advisory asking ministries to alert all e-mail users. These PDF file attachments are embedded with malicious code specially designed for exploiting Adobe flash player and Acrobat reader vulnerabilities, said the advisory. While China has denied that it was behind hacking PMO computers,top bureaucrats,security and intelligence chiefs have been strongly advised to use standalone computers with no Internet link. In case the data is to be transferred,they have been told to burn a CD and then uplink the data in case it has to be exported to other government departments. There is a serious concern within the government on cyber protection as Intelligence Bureau in late 2008 swept the Ministry of External Affairs computers only to detect malware in the computers of some senior joint secretaries. Typically the emails sent by attacker are spoofed "From" addresses of trusted agencies and colleagues. Since this embedded malicious code is not publicly known,the anti-virus and anti-spyware programmes popular in Indian may not detect the same, said the IT advisory.
