Face-off with e-terrorism

Face-off with e-terrorism


[email protected]

In July 2012, the Indian state of Assam (located in the North-eastern region of the country) saw outbreak of riots between indigenous Bodos and Muslim migrants of Bangladeshi origin. About 80 people lost their lives and nearly 3 lakh were rendered homeless in the violence which continued till August. At the same time, reports of sporadic attacks on people belonging to north-east (NE) started coming in from other parts of the country. On August 11, 2012, a rally organised in Mumbai decrying the violence against Muslims in Assam and Myanmar (Burma) turned violent resulting in the death of two persons and injuring nearly 50. On August 16, thousands of north-easterners residing in Bangalore began fleeing the city to return to their native state. The next few days witnessed mass exodus of panic-stricken northeasterners from other major cities of India – Chennai, Pune, Mumbai, Hyderabad, etc. Such was the rush of people that Indian Railways had to ply special trains to cater to the requirement.

The unprecedented incident forced Indian government to sit up and take notice. Investigations revealed that the exodus was triggered by the rumours spread through social media networks, websites and SMSes/MMSes warning the migrant labourers to leave the cities before Ramadan (August 20) or else they would be killed, in revenge of the deaths of Muslims. The rumours had originated from Pakistan. Given the magnitude of the incident, the government went into an overdrive to contain the situation, resulting in imposing restrictions on sending bulk SMSes/MMSes, blocking nearly 300 websites and requesting the concerned social media sites to delete the hate content. The incident also witnessed many politicians demanding content regulation on internet.

The criticism
The Indian government’s response drew a lot of flak with experts questioning the very rationale behind the decisions – Does blocking of websites actually help? Haven’t the government ever heard of Streisand effect? Many even feared that the incident was being used by government as an excuse to impose censorship on internet. But then if the government’s response was a ‘knee-jerk’ reaction, what was the way out? Moreover, in an age where IT forms the backbone of a country’s infrastructure, economy, governance, security, to put simply, a country’s survival, how well is India, the IT giant, equipped to deal with the evolving cyber threat?

Cyber threat
Cyber warfare, cyber attack and now cyber terrorism – the three terms are used interchangeably with the jury still out about their definite meanings. What constitutes as an attack by one, may be described as terror by other. While the debate continues, here are some of the popular definitions associated with them:

Cyber warfare: Internationallyrecognised security expert Richard A. Clarke, in his book Cyber War, defines cyber warfare as “actions by a nation-state to penetrate another nation’s computers or networks for the purposes of causing damage or disruption.”

Cyber attacks: Institute for Security Technology Studies at Dartmouth College, US, describes cyber attacks as ‘computer-to-computer attack that undermines the confidentiality, integrity or availability of a computer or information resident on it.’

Cyber terrorism: The US National Infrastructure Protection Center defines it as: “A criminal act perpetrated by the use of computers and telecommunications capabilities, resulting in violence, destruction and/or disruption of services to create fear by causing confusion and uncertainty within a given population, with the goal of influencing a government or population to conform to particular political, social or ideological agenda”.

Cyber terrorism – the growing danger
The growing dependence of the world on IT is also making it vulnerable to cyber attacks. The discovery of cyber weapons like Stuxnet and Flames have aggravated these fears by demonstrating how a nation’s assets can be targeted and/ or destroyed without indulging in any bloodshed. In fact, such is a threat of cyber-terrorism that renowned cyber-security expert Eugene Kaspersky and co-founder of the anti-virus company Kaspersky Labs which discovered Flames, is reported to have said, “It is not cyber war, it is cyber terrorism, and I’m afraid the game is just beginning.” The website www. rt.com also quotes him as saying, “It will be the end of the world as we know it.”

World over, countries have started building cyber armies to deal with the increasing cyber threats.

Social media in Pakistan
Norwegian Peacebuilding Resource Center (NOREF) recently published a report on, ‘Social media in Pakistan: catalyst for communication, not change’. The report, written by Michael Kugelman presents an interesting insight into the world of social media in Pakistan. The report claims:
  • Social media penetration is growing in the country
  • Facebook accounts increased by a million between August 2011 and January 2012 and is currently the most popular website in Pakistan
  • Many extremist organisations have Facebook and Twitter accounts. For example, Jamaat-ud-Dawa (JuD), an Islamist charity and front for Lashkare-Taiba militant group, often takes to Twitter to spread its ideology

NE-mass exodus – Where did India go wrong?
The government’s response to the recent incident of internet triggered mass exodus of northeastern people from different parts of India, has been criticised both for its impracticality and heavyhandedness. Given the viral nature of information flow on internet, experts agree that the government’s reaction was a classic case of ‘too little, too late?’

Steps that government could have avoided:

Ban on websites: In its zest to contain disinformation campaign, government banned websites/ web pages including those which were actually exposing hateful rumours. Twitter accounts of several journalists and activists were also blocked, and so were YouTube videos containing news clips from several news channels.

“The blocking of websites is an extremely limited technical measure unless it is done extremely rapidly. A well-run disinformation campaign can make a fake story a trending topic very quickly, at which point, blocking the source content is usually meaningless as it has already proliferated far enough to spread organically. In fact, it often has the reverse effect of drawing more attention to the story,” explains cyber-security expert Sahir Hidayatullah, Managing Partner, Siegecraft, adding, “The Internet is designed to route around failure and blockage, so there will always be a way to reach the material.”

Experts even question the manner in which this whole process was carried out. Cmdr Mukesh Saini (Retd), former National Information Security Coordinator of Government of India, says, “The present issue was handled in dictatorial manner without regard to any law of the land. Government has made rules under section 69A of the Information Technology Act in 2009, however no rules were followed and there was no transparency despite the fact that these rules are designed so that such power cannot be abused.”

Involving Pakistan: Just days before the visit of India’s External Affairs Minister SM Krishna to Pakistan, India went public with its claim that the hate messages originated in Pakistan. What did it achieve with this move? Was it just a pressure tactic or was it a move meant to divert people’s attention? Both ways, it failed. Pakistan simply rejected India’s charges. “Naming Pakistan in this case was a bogey. Involvement of Pakistan in a limited sense cannot be ruled out but where was our own defence? Why did we allow this disinformation campaign to prevail for more than a month?” asks Cmdr Saini (Retd).

New Delhi also wanted Islamabad to take action against those who were responsible for such activities. But can we really zero-in on the person? Is it really possible to track the source? “If it is well executed, with good operational security, then no, it is not possible to track the source. It is easy enough to make the seed data come from multiple geographies or entities. At best one would be able to make inferences as to the source,” explains Hidayatullah.

Ignoring the power of social media: It is not the first time that social networks have been used for spreading propaganda. Earlier, they were seen as a medium used by terrorists to find information and recruit people. But with an increase in its reach, it is more like a sleeping volcano which can erupt anytime. Supreme Court of India’s advocate and one of the Asia’s foremost experts on Cyberlaw and Mobile Law, Pavan Duggal, explains, “the recent incident is a classical case study to demonstrate how countries of the world have to be very careful to not disregard social media websites, and take them far more seriously. Social media is no longer a child’s play today. It is one effective potent tool for creating and disseminating cyber terror and cyber panic.” Hidayatullah adds, “From an information warfare perspective, social networks provide a tremendous amplifying effect to seed discontent and rumours. In the past, governments were toppled by having a small group of dissenters strategically create the impression of a large revolution. Today, you can manage that through social networks far easier. Create a massive number of real-looking but actually fake accounts that fit the target demographic and get them to promote the content you want seeded. This can all be automated and is not difficult for a state-level adversary to do at all.”

What should then have been the government’s response?
Experts feel that the government could have contained this campaign better had it reacted quickly and instead of wasting its time in blocking and banning, countered the propaganda by educating people through all the media platforms available at its disposal – print, TV, internet and even social media. In this kind of campaign, time is of immense value. Hence, counter-propaganda is the only major effective tool in hand when faced with this kind of situation. The faster the government acts, the better the damage control.

How well is India prepared to deal with cyber threat?
It is not that India is not aware of the cyber threat. Every day, India rebuts nearly 1,500-2,000 attacks on its websites. There are two main agencies in the country primarily responsible for fighting cyber crime – National Technical Research Organization (NTRO) and Computer Emergency Response Team (CERT-In). While NTRO is responsible for protecting India’s critical cyber security infrastructure, CERT-In is tasked with cyber incident prevention and mitigation. Other organisations which are also working in strengthening India’s cyber capabilities are Defence Intelligence Agency (DIA), the National Informatics Centre (NIC), and police cyber teams.

India also has in place its Cyberlaw – the Information Technology Act, 2000. This is India’s mother legislation pertaining to the use of computers, computer systems, computer networks, computer resources, communication devices and also data and information in the electronic format. The law was amended in the year 2008, after the 26/11 attacks, to incorporate new crimes including cyber terrorism. Cyber terrorism is an offence punishable with life imprisonment and fine in India.

Although the foundation has been set, the recent incident has highlighted that more needs to be done.

One of the reasons which is considered to be behind the delayed and confused reaction of the government to the recent cyber crisis is the absence of a National Cyber Security Policy. The policy will define the roles of all the stakeholders, thus ensuring smooth coordination among agencies. The Ministry of Information Technology is reported to have completed its work on the policy and would soon present it before the cabinet.

“The apparent lack of coordination between various agencies to counter cyber attacks and use of communication networks is evident. A central coordination agency is necessary where inputs from all sources can be coordinated and executive orders issued for containing the threat. The present apparent diffusion between the Ministry of Home, Information Technology and the NTRO has to be overcome,” said defence analyst Brig Rahul Bhonsle (Retd).

“India needs to effectively implement the provisions of the Information Technology Act, 2000,” says Duggal, adding, “India should insist that all intermediaries targeting their services on computers, computer systems, computer networks, computer resources and communication devices physically located in India, comply with the Information Technology Act, 2000 irrespective of the fact that they are physically located in India or not. This is exactly what Sections 1 and 75 of the IT Act, 2000 as amended mandate.” Also, India’s laws are just not adequate to deal with the new emerging mobile crimes that have happened in the country and are peculiar to it. “There is a need to strengthen the Indian cyberlaw by coming up with appropriate stringent provisions. Cyber security and its protection and preservation needs to be the topmost priority for India,” he concludes.

Capacity building is another area that the government has to seriously look into. As Brig Bhonsle (Retd) suggests, “At the national level, the NTRO needs to expand the capacity to monitor anti-India propaganda on web, television channels and mobile networks on a 24/7 basis.” He further says, “Building capacity of state police for appreciation of the threat and countering the same is necessary. Cyber crime cells of state police need to be expanded and trained in monitoring internet as well as hostile communications.”

There are more than 60 million users of social media network in India. According to iCRossing, nearly 36 million people use Facebook. Similarly, estimates for 2012 show that Twitter and LinkedIn have nearly 15 million users each.
Courtesy: The Times of India

Social media platforms were widely used during Arab Spring for mobilising and coordinating protesters. The platform is now being used both by pro-and anti-government forces in Syria to galvanise public opinion.

The US Department of Homeland Security operates a ‘Social Networking/Media Capability’ which regularly monitors blogs, publicly available online forums and various websites.

Technologically, what’s the way out?
“There is a need for far greater analytics and mining of ‘big-data’. One cannot react piece-meal to individual events and occurrences as it is typically too late to mitigate the damage by that point. You need to capture the indicators of the threat before it can reach critical mass,” says Hidayatullah, adding, “At a very rudimentary level, trending topics can be tracked with keywords, geographic locations and so on, however a far better system is to try and monitor the larger datastream and use advanced analytics, visualisation and data-mining to detect trends. There has to be a welldefi ned process on how to react to any detected information warfare campaigns.”

But given the huge data that is being generated on social networks, is it really possible to monitor social media in real-time? And does monitoring not amount to intrusion into a user’s privacy?

Hidayatullah explains, “It is possible to monitor networks in real-time, especially when one has the availability of national infrastructure. The key is to try to narrow down exactly what you are looking for. Take, for example, Twitter’s advanced search, which lets you filter by a region and keyword: https://twitter.com/#!/ search-advanced this is an incredibly powerful way to watch what is happening in a geography. As far as privacy is concerned, all this information is publicly disclosed and available. However, in the grander scheme of things, the general public would likely not even be made aware that the monitoring was going on.”

Cmdr Saini (retd) says, “One cannot watch social media from outside,” adding, “One technological method is to encrypt everything and provide only metadata to the investigators. In case of any incident, appropriate and independent authority can unlock the relevant portion of information for further investigation and prosecution. More than data, it is metadata which is more critical for surveillance; this protects the privacy and still permits investigation.”

People are the weakest as well as the strongest link in propagandas which are being launched through social media platforms. So the best way to defeat any such propaganda is by educating people or by ‘building the IT IQ’. “With more and more people using smartphones, dependence on internet and social media is growing, esp., among youth. The youngsters should be very clear about what they are doing while accessing net, downloading apps or forwarding messages. They need to be educated about the other side of internet as well,” said an expert who didn’t wish to be quoted, adding, “It is only when people understand the difference between real and fake, will they avoid contributing to cyber panic attacks.”

Meanwhile, experts believe that India should not only concentrate on defensive capabilities but also aggressively work towards building its offensive capabilities.

Cyber warfare/ terrorism is a reality. In this IT age, information flow cannot be contained by the usage of archival methods, esp, in a democratic set-up. Government needs to come to terms with the fact that social media, smartphones and internet are now a part of life. It is time for states to get smart and act smartly. As Cmdr Saini (Retd) says, “If cyber defence is not built in peace time, the country is doomed to fail in case of any cyber war.”

However, the good news is that India is awakening to this reality, as can be judged by the recent statement of Indian Prime Minister Dr Manmohan Singh: “The use of bulk SMSes and social media to aggravate the communal situation is a new challenge that the recent disturbances have thrown before us. We need to fully understand how these new media are used by miscreants. We also need to devise strategies to counter the propaganda that is carried out by these new means.” How effective those strategies will be, only future can tell.