• Investment World
• eWorld
• Brand Line
• Mentor
• Life
• Brand Quest
• The New Manager
• BL Club
• Smartbuy
• Books
• Gallery

Stocks

• Quotes
• SE Diary
• Scoreboard
• Open-End Mutual Fund

Cross Currency

• Rates
  
  

Shipping

• Ports
  
  

Archives

• Yesterday
• Datewise
• Resources
• In Focus
• In Depth
• Events 2007

Group Sites

• The Hindu
• The Hindu ePaper
• Business Line
• Business Line ePaper
• Sportstar
• Frontline
• The Hindu eBooks
• The Hindu Images

Ritu Raj Konwar

Watch out for chinks in the armour.

R. K. Raghavan

Cyber security has become a sophisticated and much-sought-after discipline that has generated a new breed of experts.

Many of the latter dazzle us with newer and newer theories of how vulnerable we are in cyberspace and offer prescriptions frequently on how we can protect ourselves from vandals.

Also, a large number of firms come out each day with some tool or the other that guarantees security to networks or stand-alone computers. There is a degree of competition and rivalry here that often amuses me. Each claims its product is better than that of the others. Despite all this, cyberspace is frequently rocked by miscreants, who, for commercial gains or personal gratification, breach a large number of Web sites and computers with ease, making all advance in computer security a mockery.

Recently, both South Korea and the US complained of a wave of attacks on their systems. Significantly, the intrusion started on July 4, the US Independence Day. Whether this was intentional or accidental, it is difficult to conjecture. It is equally difficult to say which of the two countries, US or Korea, was worse affected.

In the US, nearly 50,000 to 65,000 machines were affected. Many Federal government Web sites were subjected to a Denial of Service attack, rendering them inaccessible to genuine users. These included the Treasury, Secret Service, and Transportation Departments.

Among the prominent private establishments reported to be victims of hacking were the New York Stock Exchange, Nasdaq, Yahoo Finance and Washington Post. For nearly three days, the targeted American computers reported a noticeable slowing down of systems, if not total shutdown. As regards South Korea, the authorities there had been apprehensive for quite some time of a possible cyber attack.

But the suddenness of the July aggression on their computers and its magnitude should have come as a total surprise. At least 11 Web sites were hit and more than 10,000 computers infected. The victims included the President’s House, the Defence Ministry, a leading bank and a prominent newspaper.

The episode had its political overtones. The immediate suspect was North Korea, given the bitter animosity between the two Koreas. South Korea’s decades-long friendship with the US added spice to speculations that the two countries were targeted by a common enemy. The Chinese animosity to both is also equally well known.

The finding of a US researcher on the likely origin of the attacks did not, therefore, come as a surprise. According to him, the invading software contained the text string “get/China/DNS”, a literal give-away. DNS possibly referred to China’s Internet routing system. The researcher added that the data generated by the aggressor programme was based on a Korean language browser.

Some US officials say that if the attacks did in fact come from North Korea, they were part of the latter’s efforts to fuse a cyber war into its nuclear ambitions.

It is also the assessment of Andrew Brooks of the International Institute of Strategic Studies, London, that countries such as Iran and North Korea are now making huge investments in trying to equip themselves for a cyber war. The US President, Barack Obama’s recent decision to appoint a Cyber Czar in the White House also strengthens the country’s preparedness to meet challenges on this front and should be viewed in the context of the July attacks on the US and South Korea.

What amuses me is the sharp difference in the assessment of experts in the US and Korea with regard to the quality of the attacks. The South Koreans were positive that this was a serious assault that could not be taken lightly. According to the country’s National Intelligence Service, it was not the work of a lone hacker, but was one “planned and executed by a specific organisation or on a State level.” The obvious implication was that the North Korean government was directly or indirectly involved.

There are, however, some experts who discount that North Korea ever had the resources to carry out such an adventure. A few of them cite the fact that North Korea’s systems had always been considered decrepit. This is in tune with the US assessment that the July episode was not a sophisticated foray into American and South Korean systems.

Derisively, one referred to it as a “garden-variety” attack. This was based on an estimate that the intruders were able to generate only 23 MB data every second, not enough to launch a major offensive or cause a major disruption of any system.

The wide divergence in estimates of the prowess of an offender in cyberspace is one indication that, despite all claims of expertise, there are grey areas that expose chinks in the latter’s armoury. Ultimately, a lot of pronouncements after each cyber attack border more on guesswork than being products of scientific findings.

Anonymity in cyberspace gives a tremendous advantage to every intruder and mischief-monger. This explains why there is no credible finding yet on who was responsible for the July attacks.

Against the above backdrop, the stiff penalties prescribed by the cyber crime law in Pakistan seem reasonable. A fourteen-year jail term is the sentence for those who indulge in slander of the political leadership in their e-mails or SMS. A further penalty of confiscation of one’s property is also mentioned.

All this seems justified if one reckons the amount of mischief that takes place in cyberspace. But the popular belief in Pakistan is that such stringent measures have come about only with a view to protecting Asif Ali Zardari.

E-mail traffic in the country is reported to be dominated lately by a string of jokes on Zardari, although I have not got any myself. Need I say I look forward to savouring them!

The writer is a former CBI Director who is currently Adviser (Security) to TCS Ltd.

More Stories on : Security | Security Musings

Article E-Mail :: Comment :: Syndication :: Printer Friendly Page

Copyright © 2009, The Hindu Business Line. Republication or redissemination of the contents of this screen are expressly prohibited without the written consent of The Hindu Business Line