Jul. 3 – Hackers have broken into Indian naval computers in Visakhapatnam, where India’s Eastern Naval Command is headquartered, and have relayed confidential data to IP addresses based in China. The Eastern Naval Command is in charge of Indian operations and deployments in the South China Sea, a region in which China currently has numerous territorial disputes. The Command’s Visakhapatnam location is also the current base for India’s first nuclear missile submarine, which was undergoing trials at the time of the cyber-attack.
The extent of the loss is unclear, with Indian officials claiming that it is premature at this stage to comment on the sensitivity of the compromised data. India has, however, established a Board of Inquiry which has indicted six mid-level officers for procedural lapses that aided the security breach.
The Indian Navy stores confidential data on computers that are not connected to the internet, and which are also not supposed to have access points for external storage devices. Sources have revealed that the virus at the center of the attack was initially planted on internet-connected computers around the Command, which was designed to attach itself to portable USB drives. It is believed that Indian naval officers, who are prohibited to use USB drives for this very reason, unknowingly transferred the virus from the external internet-connected network to the closed network within the Eastern Naval Command.
Once an infected USB was connected to the naval computers, the virus searched for specific keywords, most likely regarding India’s new nuclear submarine, and copied as much data as it could to a hidden folder. When the virus completed its objective, it remained dormant in the USB drive until it was connected to an external internet-connected network, after which it covertly sent the files to IP addresses in China.
The Chinese government may not have been behind the attack, however. According to cyber studies expert Tang Lan, IP addresses cannot be used as evidence of where hackers come from. As hackers IP addresses can change, it is difficult to precisely trace their original country of origin. This, however, is not the first time that China has reportedly been behind cyber-attacks. The country has regularly been accused of using trained military staff to break into sensitive computer systems across the world to steal confidential data.
“This is something that the U.S. government, Chinese government, and even the Indian government have been doing for many years now,” according to Ankit Fadia, an independent Indian computer security consultant.
“The Indian government servers have been repeatedly attacked by Chinese hackers,” Fadia added. “The Indian government needs to take cyber security more seriously and improve the security of critical government systems. Regular security audits must be done and government officials need to be trained properly as well.”
Until the extent of the loss is revealed, it is difficult to ascertain whether this was a targeted attack by China or by another rogue actor. What is clear, however, is that due to the importance of the Command center for Indian operations in the South China Sea, and also as a testing facility for its new submarine, there remains the possibility that China was behind the cyber-attacks.