Despite Digital India initiative, the focus on providing and increasing national cyber security and promoting safe digital practices have always been at the lowest of the barrel in priorities when it comes to India. The internet is usually the easiest way for any rogue nation or group to attack because of the comfort of remote attacks, and vaguely described agreements that determine what exactly constitutes a state sponsored cyber attack. Recently, reports by a Russian software security group and backed by the famous anti-virus services provider Kaspersky claimed an unknown number of computers of senior government officials at Cabinet Secretariat, ministries of external affairs and IT were compromised by a Chinese cyber hacking group between February and March this year.
The report also claims the hackers were able to send emails from the official email addresses of accounts of the cabinet secretary, which is the nodal agency of the Government of India. “The origin of Danti is unknown, but Kaspersky Lab researchers have reason to suspect that the group is somehow connected to the Nettraveler and DragonOK groups. It is believed that Chinese-speaking hackers are behind these groups,” the report said.
The alleged hack was discovered when comments in Chinese languages in various files it obtained from Chinese cyber espionage group Dantis network. Using a very new exploit called CVE-2015-2545 in Microsoft Office in February 2016; several DOCX (Microsoft Office’s default extension) files were uploaded to Virus Total. However, Indian government wasn’t the only one targeted by the hacking group – it also included the Indian embassy in Hungary, Denmark and Colombia. The email was forged to look exactly like it was sent actually by the senior government officials and shared with official IDs of Indian commission, complete with the official phone number, designation and office address of the official.
In order to gain attention of Indian officials, the email could have been sent to several Indian high power officials. Once the user clicks the DOCx file, the Danti backdoor would be installed in the system oif the official allowing complete access and monitoring of the same. her attack could have possibly allowed sensitive information including state secretes to be stolen away with ease. However, the shocking part is nobody really knows the extent of the damage caused by the exploit already and if it had already gained access to some systems or emails of officials.
Such attacks highlight the repso0nsibility of government officials to be taught on how hackers frequently exploit bugs and how phishing works. Once of the easiest exploits to work, phishing tricks the user to believing the email is sent from someone it’s not actually sent from making the user voluntarily give up his/her rights. Priorities should be given to secure official computer systems and proper training be taught to prevent such mi9shaps in the future. Frequent updates to essentials that include fixes for previous security exploits are necessary for a safely working computer.