Home > Uncategorized > China hacks again – via USB sticks

China hacks again – via USB sticks

The Chinese do it again. As per the reports in Deccan Harald, hackers from China have penetrated into the computers at the Eastern Naval Command to access strategic information.
The espionage came to light in January-February this year, following which the Navy instituted a Board of Inquiry (BoI) against some officers whose computers were bugged and compromised.

The Eastern Naval Command plans operations and deployments in the South China Sea — the theatre of recent muscle-flexing by Beijing — and beyond. India’s first nuclear missile submarine, INS Arihant, is currently undergoing trials at the Command. India plans to build three nuclear-powered submarines, the Eastern Command is also constructing a secret under-water base for them. Hence this incident could not be taken lightly.

A Navy spokesperson denied leaking of any information to the Chinese.  Some data has been lost and efforts are on to find out the extent to which vital information was compromised due to these bugs, officials said. They said the bugs were detected during checks carried out by naval cyber security teams.

Defence Ministry had earlier adopted a practice of not storing sensitive information in computers, it is not clear at the moment if that standard procedure was followed at Visakhapatnam.

This is the second such case of IT security breach in the Navy that has come to light this year.  Four officers from the technical branch were tried by the Board of Inquiry (BoI) for possessing classified information on their personal computer systems. They were also found to be sharing this on social networking sites such as Facebook.

How the breach happened?

According to thehackingarticles.com, this breach had possibly occurred because of the use of pen drives that are prohibited in naval offices. The virus was found hidden in the pen drives that were being used to transfer data from standalone computers to other systems.

The virus apparently created a hidden folder and collected specific files and documents based on certain ‘key words’ that it has been programmed to identify. The documents remained hidden on the pen drives until they were put in computers that were connected to the Internet, after which the bug quietly sent the files to specific IP addresses.

Learning

Using safety measures in protecting critical military information is of important to a country. India also needs to adopt safer measures. Not storing sensitive information in computers, completely banning use of USB sticks on computers connected to Internet small steps.

The Government first of all needs an agency to look into such matters. It is not the first time that such a cyber espionage on India has happened. Since 2008, China has been trying to pick sensitive information from Indian computers. Notification of an agency under the Section 70 A of the Information Technology Act 2005/2008 is required.

Use of Linux systems is another important thing which should be done. Linux systems hardly get any viruses. By default Linux do not understand Windows executable formats. And hence apparently Linux would not understand viruses, worms or trojans made for Windows operating systems. And most of the virus are made with Windows operating systems as target. Being open source its code code is free, and any bug immediately gets reported and a fix is released. More eyes make fewer security flaws.

Besides Linux asks for authorization, whenever any process wants to access the system. It does not allow users to use its admin facilities, unlike windows operating systems, and needs strong authentication. Hence there is little chances of it effecting the root in case of any infection.

Last and most importantly, even if you plug a virus infected pen drive on your Linux machine, it won’t affect the system. Linux systems usually do not execute code from a USB stick when just connecting it. Thus copying stuff from it should be safe.

Recently the US Navy has rejected Windows for Linux. Parts of US Air Force and Army are already using Linux. There is a reason, of course.

(Source: (1) deccanherald.com/content/261170/chinese-hackers-penetrate-navys-computer.html (2) thehackingarticles.com/2012/07/china-hackers-enter-navy-computers.html#.T_EbwZESGSo (3) eleiss.com/eleiss/whylinux (4) askubuntu.com/questions/4508/how-do-i-safely-use-a-virus-infected-usb-drive-in-ubuntu)

Advertisements
  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s