A successful Chinese hacking attack has caused what is arguably the biggest security breach in India with systems of hundreds of key DRDO and other security officials being compromised and leading to the leak of sensitive files related to the cabinet committee on security (CCS), the highest decision-making body for security issues of the government of India.
The other stolen files recovered so far belong to the governments of the United States, Russia, and South Korea.
The leak was detected in the first week of March as officials from India’s technical intelligence wing, National Technical Research Organisation (NTRO), working with private Indian cyber security experts cracked open a file called “army cyber policy”. The file had been attached to hacked email accounts of senior DRDO officials that quickly spread through the system in a matter of seconds.
As Indian security experts began to track its origin they discovered, for the first time, that all the sensitive files stolen from the infected systems were being uploaded on a server in the Guangdong province of China.
So far, Indian intelligence has never been able to pinpoint a hacking attack with such accuracy.
As they continued to trace the breach, they discovered thousands of top secret CCS files, and other documents related to surface-to-air missile and radar programmes from DRDL, a DRDO laboratory based in Hyderabad, among many other establishments.
Even the e-tickets of the scientists who had travelled to Delhi in the last week of February were found on the server.
The intelligence officials also discovered documents of deals struck between DRDO and Bharat Dynamics Ltd, a defence PSU which manufactures strategic missiles and components. Some other recovered files were related to price negotiations with MBDA, a French missile manufacturing company.
But the shocking part was the extent of the hacking by the Chinese, believed to be officially sponsored.
The officials began to find files related to the Russian military as well as files that belonged to CSRDC (Centre for Security Research & Development Center) which comes under the United States department of Homeland Security’s Science and Technology directorate.
Some files from NASA too have been recovered so far. All this was discovered after cyber security
officials of the Information Dominance Group (IDG) and private Indian cyber security officials began to track down the “NetTraveler Trojan and Key logger” that had infected Indian systems. The other files recovered belong to South Korea, Russia, and the United States.
For a server of its size and capacity, believed to be worth almost Rs150 crore in the open market, it hosted just six domains. This is highly unusual because a server of this size usually has over 10,000 domains.
This meant that this was being used for a specific purpose. Initially, it took time to decipher the files since they were all encrypted. But after the key was found, the decryption of the files began and to their horror, Indian intelligence officials discovered this massive breach of security.
Traced to server:
*Systems of hundreds of key DRDO and other security officials compromised
*Sensitive files related to the cabinet committee on security (CCS) leaked
*Thousands of top secret CCS files and documents related to surface-to-air missile and radar programmes from defence research & development lab discovered
*All sensitive files stolen from infected systems uploaded on a server in China’s Guangdong province