STEALTHY SEED­ING : A VIEW­POINT

There has been sharp in­crease in pub­licly dis­closed vul­ner­a­bil­i­ties across se­cu­rity prod­ucts dur­ing 2012 and fu­ture pre­dic­tion is of in­creased at­tacks on se­cu­rity prod­ucts, com­pa­nies or so­lu­tions and that ma­jor­ity of vul­ner­a­bil­i­ties dis­cov­ered will not be

SP's MAI - - FRONT PAGE - The views ex­pressed herein are the per­sonal views of the author.

Eaves­drop­ping is not new to In­dia. Nu­mer­ous phone tap­pings have been re­ported in the past Giani Zail Singh’s bed­room and of­fice taped in Rash­tra­p­ati Bha­van through­out his ten­ure as Pres­i­dent. Or­gan­i­sa­tions like NTRO would ob­vi­ously tap phones and com­put­ers when or­dered. Then are for­eign agen­cies that can be hired, ex­am­ple be­ing tapped con­ver­sa­tion of Mushar­raf in Bei­jing dur­ing Kargil in­tru­sions.

So, elab­o­rat­ing on Ed­ward Snow­den’s dis­clo­sure that the US National Se­cu­rity Agency (NSA) has been snoop­ing glob­ally through its pro­gramme co­de­named Prism, the Guardian has brought out that tar­gets in­cluded friends, al­lies and foes. There have been anx­ious voices in In­dia whether the In­dian Em­bassy in Wash­ing­ton, D.C., was tar­geted, one min­is­ter voic­ing the is­sue should be in­quired into and the other say­ing no data was stolen, though the lat­ter can­not be es­tab­lished. The NSA ac­cess sys­tem is built into ev­ery ver­sion of the Win­dows op­er­at­ing sys­tem now in use and Win­dows source code is said to be highly com­part­men­talised, mak­ing it easy for mod­i­fi­ca­tions to be in­serted with­out the knowl­edge of even prod­uct man­agers, which ef­fec­tively com­pro­mises your en­tire op­er­at­ing sys­tem.

In fact, there is ev­i­dence that Snow­den did steal data, which may even­tu­ally be leaked grad­u­ally like Wik­ileaks. But then snoop­ing is an age-old phe­nom­e­non. In the mid-1990s, the Cen­tral In­tel­li­gence Agency (CIA) had tech­nol­ogy to plug in the power source five kilo­me­tres away and ex­tract data from com­put­ers, which forced the Ja­panese Min­istry of De­fense and all the ser­vices head­quar­ters cut off reg­u­lar power sup­ply and switch to in situ gen­er­a­tors. Now con­sider the dis­tance from the US Em­bassy in Chanakya­puri to the North and South Blocks in New Delhi.

Ad­mit­tedly to­day is an era of fire­walls, but what about where they are in­stalled, what is the strength of th­ese fire­walls and can they be breached. Af­ter all in a coun­try like the United States so ad­vanced in cyber war­fare, where were the fire­walls that Ju­lian As­sange and Ed­ward Snow­den could steal all that they did so eas­ily? Then if China has been able to even phys­i­cally pen­e­trate the Fed­eral Bureau of In­ves­ti­ga­tion (FBI) to steal tech­nol­ogy, could Snow­den be their agent or dou­bling on a price.

Now our National Se­cu­rity Coun­cil Sec­re­tariat (NSCS) has warned against Chi­nese gear mak­ers, es­pe­cially Huawei and ZTE quot­ing the In­tel­li­gence Bureau (IB) re­ports that th­ese com­pa­nies are in­volved in the Peo­ple’s Lib­er­a­tion Army (PLA) pro­ject for strength­en­ing army’s elec­tronic war­fare ca­pa­bil­i­ties. ZTE main­tains a di­verse re­la­tion­ship with PLA en­com­pass­ing col­lab­o­ra­tive re­search with mil­i­tary and civil­ian uni­ver­si­ties, in­clud­ing satel­lite nav­i­ga­tion, data link jam­ming tech­niques, train­ing of ac­tive duty PLA per­son­nel, and as prime sup­plier of cus­tomised tele­com ser­vice and hard­ware to the PLA. Sim­i­larly, Huawei has an on­go­ing re­la­tion­ship with PLA and Chi­nese po­lit­i­cal lead­er­ship, and trains PLA units in net­work­ing de­sign and con­struc­tion. Now look at their prod­ucts in In­dia. Iron­i­cally, we have bulk com­puter parts, telecom­mu­ni­ca­tion equip­ment, even pen drives com­ing from China. Chi­nese global bot armies apart, we do not know what mal­ware has been em­bed­ded in th­ese equip­ment at the man­u­fac­tur­ing stage it­self and have no ca­pa­bil­ity as yet to un­der­take any worth­while checks. Then there had been re­ports in the past that China has de­vised a sys­tem to snoop on the data in com­put­ers when­ever Skype is in op­er­a­tion.

Sig­nif­i­cantly, iViZ Se­cu­rity Inc in its lat­est re­port ti­tled ‘(In) Se­cu­rity in Se­cu­rity Prod­ucts 2013’ says the very se­cu­rity prod­ucts we use can them­selves have vul­ner­a­bil­i­ties which can leave us sus­cep­ti­ble to at­tacks. The re­port high­lights suc­cess­ful hacker at­tacks dur­ing 2012 on se­cu­rity soft­ware gi­ant Sy­man­tec Cor­po­ra­tion, cloud se­cu­rity com­pany Panda Se­cu­rity, e-mail se­cu­rity so­lu­tions provider Glob­alCerts and Bar­racuda Net­works.

There has been sharp in­crease in pub­licly dis­closed vul­ner­a­bil­i­ties across se­cu­rity prod­ucts dur­ing 2012 and fu­ture pre­dic­tion is of in­creased at­tacks on se­cu­rity prod­ucts, com­pa­nies or so­lu­tions and that ma­jor­ity of vul­ner­a­bil­i­ties dis­cov­ered will not be­come pub­lic. On bal­ance, we have to live with this re­al­ity till we de­velop in­dige­nous op­er­at­ing sys­tems, hard­ware, soft­ware and chips.

LT GEN­ERAL (RETD) P.C. KA­TOCH

Newspapers in English

Newspapers from India

© PressReader. All rights reserved.