Cyberterrorism and geopolitical situations

14 October 2016

Dhruv Chawla, Partner, Forensic Services and Dhritimaan Shukla, Director, Forensic Services

With the rise in the use of interconnected devices and proliferation of data, cyberterrorism has become a reality in today’s world. According to the US Federal Bureau of Investigation, cyberterrorism is any ‘premeditated, politically motivated attack against information, computer systems, computer programs, and data which results in violence against non-combatant targets by sub-national groups or clandestine agents’.1

As opposed to physical violence, where large-scale damage is inflicted to bring about a political, religious or ideological change, today, terrorists are carrying out cyberattacks to disrupt critical infrastructure such as national defence systems and air traffic control systems. It is believed that the more technologically advanced the target, the greater is the threat of cyberterrorism. Given the heavy reliance on the Internet, the quantum and intensity of damage from cyberattacks are likely to increase significantly in the coming years.

Rise in cyberterrorism

The emergence of the Syrian Electronic Army (SEA)2 is a classic example of the growing menace of cyberterrorism. Using spam, website defacement, malware and denial-of-service attacks, SEA targeted political opposition groups, Western news organisations, human rights groups and websites that were opposed to the Syrian government.

Similarly, in 2014, as tensions between Russia and Ukraine escalated, there was a huge surge in malware activity in these two countries—resulting in 30 million ‘callbacks’3 (i.e. messages sent back from infected computers, allowing hackers to control them remotely).

In 2010, a nuclear facility in Natanz, Iran, was attacked by the Stuxnet computer worm. It is believed to have destroyed nearly 1,000 nuclear centrifuges, infecting about 60,000 computers in the process.process.4

The rising threat of cyberattacks in the Indian subcontinent

Given the current geopolitical tension in Indian subcontinent, there is an increased possibility of cyberattacks on Indian servers, both private and government. Such threats can emanate from state-sponsored tactics, such as activating advanced persistent threats (APTs) which are dormant in Indian IT infrastructure, or from private hacking groups and individuals who undertake cyber tactics such as spamming, website defacement and phishing attacks.

The vulnerability of Indian IT infrastructure to APTs is already evident. In May this year, an anti-virus company claimed to have traced a cyber espionage group called Suckfly,5 which launched a targeted attack and successfully infiltrated systems belonging to the central government, financial institutions, e-commerce firms and stock exchange vendors. 

In India, from 2011 to 2014, there has been a surge of approximately 300% in the cybercrime cases registered under the Information Technology (IT) Act, 2000.6 The Indian Computer Emergency Response Team (CERT-In) has also reported asurge in the number of incidents handled by it, with close to 50,000 security incidents in 2015.7

We could also expect a rise in the spamming of the Facebook pages of political parties with provocative comments as well vandalisation of popular Indian government websites with messages.8

Gear up; don’t give up

Given the current situation, Indian corporates and state-run enterprises should not only strengthen their cyber security but also conduct an assessment of their breach response and preparedness mechanism.

Breach preparedness is about assessing the current IT and business policies, standards, procedures, and infrastructure to check whether the company captures the right information and the right amount of it in order to effectively detect and respond to such a threat. In our experience, the incidence of a cyber breach exposes various inadequacies in the current set-up of a company in terms of what information is captured as well as training and awareness in responding to breaches.

Our Global Economic Crime Survey 2016,910 indicated that of the companies surveyed in India, 74% relied on their IT security specialist to double up as the first responder.

Only 12% had a digital forensic investigator who acted as the first responder. This is an indication that, in most cases, companies tend to identify the problem, plug the gap and move on. They do not focus on investigating and initiating legal proceedings. A lack of understanding of the process of evidence collection and preservation can weaken the cybercrime case when companies choose to take the legal route.

Cyber breach response is not just an IT problem; it requires a team of skilled resources similar to the dedicated units and resources who deal with economic crime.

Sachin Yadav, Director, Forensic Services, and Harpreet Dardi, Consultant, Forensic Services, contributed to this blog post.

National Crime Records Bureau (NCRB): Crime in India, PwC analysis
Indian Computer Emergency Response Team. Retrieved from www.cert-in.org.in


Feed You can follow this conversation by subscribing to the comment feed for this post.

The comments to this entry are closed.