Data thieves on the prowl,warns cyber report

The report has also tracked a recent instance of the government being targeted by Travnet,a form of malware or malicious software from attackers to disrupt or steal information

A report on Indian cyber space has cautioned the government against advanced persistent threat or APT campaigns that aim to steal confidential documents or gather valuable information through targeted spear phishing attacks mail from a friendly source asking users to give login IDs or to click onto a link and then spread malware on IT infrastructure.

The report was prepared in July by the National Security Database,a body of information security experts,with the support of the National Technical Research Organisation,Indias technical intelligence gathering agency.

The report has also tracked a recent instance of the government being targeted by Travnet,a form of malware or malicious software from attackers to disrupt or steal information. The campaign is believed to have originated from China. Kaspersky amp; McAfees,both of which deal with Internet security,too have published analyses of the malware and its campaign.

The experts zeroed in on rogue sites such as pkspring.net,livep92hotmail.com and viprambler.com,which still host Travnet malware and are registered in Guandong,China. While examining Pkspring,the experts found that 21 domains are hosted on the same server and all of them are active with the Travnet malware.

Malware comes hidden with attachments mailed to targets. In this case,the probe found,the attachments with disguised malware carries names designed to entice the recipient,such as Army cyber Security Policy 2013.doc,Jallianwala bagh massacre a deeply shameful act.doc,report-Asia defence spending boom.doc,His holiness Dalai Lamas visit to Switzerland day 3.doc,and BJP wont dump Modi for Nitish NDA headed for split.doc.

The Travnet malware collects system information and a list of files on the victim machine. It uploads files found on the victim machine to the remote server by copying its contents to a new file.

Obsolete software renders the IT network defenceless against such cyber attacks. Many of the servers that host gov.in sites are running on outdated software versions and use vulnerable codes,the report said. For instance,the domain karnataka.gov.in is hosted on a server that is running on Windows 2003.

Story continues below this ad

The NSD,which quoted from Googles transparency report for the period May 26 to June 26,2013,stated that out of 25,935 websites scanned,14 per cent were infected by malware. The government and major companies whose websites were attacked and which hosted malware included Tata Communications,Web Werks,Net Magic Datacenter,Net4india and National Informatics Centre.

Statistics published by CERT-IN say 2011 had over 13,000 security-related incidents; defacement of websites accounted for 17,306.

According to the report,authored by Rajshekhar Murthy and Atul Alex Cherian,both of NSD,the reports submitted by CERT do not take into account the most fundamental aspects of maintaining a secure IT environment. It emphasised identifying the root cause of incidents and conducting full security audits. The report cited servers running on older and vulnerable software versions,and pointed out that web applications on these servers are being designed and implemented by programmers who lack awareness in secure coding practices.

The report has recommended that the government set up a process under which citizens can report vulnerabilities on Indian websites to an authorised agency without any fear of facing action themselves under IT law. It has suggested the government formulate a clear policy on domain name acquisition and vendor qualification for secure website development.