Emerging Cybersecurity Challenges: Drones, Cyber Espionage, and State-Sponsored Intrusions in India’s Security Landscape
In an era defined by unprecedented technological advancement and interconnectedness, the realm of cyberspace has become both a platform for innovation and a battleground for covert operations. As nations vie for economic supremacy, strategic advantage, and intelligence superiority, the threat of state-sponsored espionage looms large. India, a nation on the cusp of digital transformation, finds itself at the crossroads of this evolving global landscape. The need for robust cyber security measures to counter state-sponsored espionage has become not only imperative for safeguarding national interests but also for preserving the sovereignty of the nation in an increasingly interconnected world.
China makes greater espionage investments than India. It is well-known for its cyber-intelligence, although Western media and foreign militaries calling for higher funds for signals intelligence (SIGINT) overestimate its usefulness. While much of the intelligence collected by Chinese spies is used for commercial purposes and benefits foreign businesses rather than directly advancing China’s defence policy, some of it is significant for national security reasons, with the May 2015 hack of US government personnel data serving as a prime example. The Ministry of State Security (MSS), the largest intelligence agency in China, is divided into divisions that handle counter-espionage, domestic intelligence, international intelligence, and internal intelligence. In terms of foreign intelligence, there is some overlap with the People’s Liberation Army’s (PLA) intelligence departments and with the Ministry of Public Security in the field of domestic intelligence.
The General Staff Department (the GSD), which once oversaw the SSF, has been replaced by the JSD, giving the Chinese army its own intelligence apparatus. This is collectively referred to as PLA Intelligence for convenience. The PLA Intelligence is tasked to maintain information on the commander profiles, war plans, and locations of the Indian army. This is not difficult to accomplish because much of that information is publicly accessible, but it is challenging to obtain “first and more” information, which means obtaining it before it is made public and obtaining more information than is made public, especially when the Indian military has purposefully withheld some of this data.
The objective of PLA Intelligence also includes equipment profiling, counterintelligence, mapping susceptible areas and points, topographical assessment of military interest areas, and identification of military command and control centres. It accomplishes its work through the use of human resources and communication interceptions all across China because it is impossible to rely on public information for this kind of information. In border regions, the PLA also maintains Military Reconnaissance Units. As will be detailed below, human intelligence operations against India are uncommon and challenging, which is why SIGINT is so crucial.
The arrest of Pema Tsering (also spelled Penpa) on May 23, 2013, in Dharamsala, the Dalai Lama’s stronghold in Himachal Pradesh, is one of many recent instances of Chinese espionage in India. It seems that Tsering has a checkered career in Tibet, serving in Chinese armed forces but also having been jailed for causing disturbances. The Chinese released him under the condition that he would observe the Dalai Lama’s group in India. For these services, the Chinese had paid him DEFENSE & SECURITY ANALYSIS; however, he had also been hired by RAW, India’s top intelligence agency, which had also paid him.
Chinese hacking allegations against India have been reported over several years and involve various incidents that suggest cyber espionage activities originating from China. These activities are often attributed to state-sponsored hacking groups seeking to gain access to sensitive information, including military, diplomatic, economic, and technological data. While specific details might vary, here is an overview of the broader pattern of Chinese hacking allegations against India:
2010-2011: Operation Aurora and GhostNet During this period, Chinese hackers were reportedly linked to large-scale cyber espionage campaigns against various countries, including India. Operation Aurora targeted multiple sectors, and GhostNet aimed at infiltrating the computers of government offices, embassies, and other organizations.
2012-2014: APT 30 The Advanced Persistent Threat (APT) 30, believed to have Chinese origins, targeted India and other countries in Southeast Asia. This group reportedly focused on stealing sensitive diplomatic, military, and economic information.
2016-2017: Sino-India Border Tensions Amid border tensions between India and China, there were allegations of Chinese hackers targeting Indian government and defence networks. These attacks were seen as attempts to gain intelligence on India’s military and strategic activities.
2018-2019: APT40 APT40, a Chinese hacking group, was reported to have targeted Indian maritime and naval entities, including defence and government organizations. The attacks were aimed at gathering information related to naval operations and maritime security.
2020: Border Disputes and COVID-19 Tensions between India and China escalated in 2020 due to border clashes. Reports emerged of increased cyber activities targeting India during this period. Additionally, allegations suggested that Chinese hackers leveraged the COVID-19 pandemic to launch cyber-attacks.
These allegations are part of a broader global pattern of cyber espionage attributed to various Chinese hacking groups, often believed to have links to or support from the Chinese government. These groups are known for using advanced tactics, techniques, and procedures (TTPs) to infiltrate networks, steal data, and gather intelligence.The motivations behind these alleged cyber espionage activities include gaining insights into military capabilities, technological advancements, economic strategies, and diplomatic negotiations. The allegations underscore the evolving nature of modern warfare, where cyber operations play a significant role alongside traditional military and diplomatic efforts.
It’s important to note that attributing cyberattacks to specific actors is a complex process, often requiring extensive technical analysis and intelligence gathering. Attribution can be challenging due to the use of proxies, false flags, and the anonymity provided by the digital landscape.
Other State sponsored Cyber espionage
State-sponsored cyber espionage involves hacking activities conducted by nation-states to gather intelligence, steal sensitive information, or influence the political, economic, or military landscape of another country.
Operation Shady RAT (2006-2011): A cybersecurity company reported on an extensive cyber espionage campaign called “Operation Shady RAT,” which targeted various countries, including India. While the exact scope and impact on India weren’t fully disclosed, the campaign highlighted the global nature of state-sponsored cyber espionage.
Operation Aurora (2009): While not exclusively targeting India, Operation Aurora, attributed to Chinese hackers, was a widespread cyber espionage campaign. It affected multiple countries and companies, including those in India. The attackers targeted a range of industries, seeking sensitive information.
APT30 (2012-2015): APT30, attributed to Chinese state-sponsored actors, targeted several countries, including India. The group focused on cyber espionage, with a particular interest in gathering political, military, and economic intelligence.
Sino-India Border Tensions (2020): Amid border clashes between India and China in 2020, reports emerged of increased cyber espionage activities targeting Indian government and military networks. These activities were seen as attempts to gather intelligence on India’s military and strategic operations.
COVID-19 Themed Attacks (2020): During the COVID-19 pandemic, there were reports of state-sponsored cyber espionage campaigns using COVID-19-related themes. These campaigns targeted various sectors, including governments and healthcare organizations in India, aiming to gather information related to the pandemic response.
“Transparent Tribe” (Ongoing): “Transparent Tribe” is a suspected Pakistan-based APT group that has been active since at least 2013. The group has been linked to espionage activities targeting India and other countries in the region. Its tactics involve using social engineering techniques, such as luring victims with fake job offers.
It’s important to note that attributing cyber espionage to specific nation-states can be complex and requires extensive analysis of technical indicators, motivations, and other factors. Additionally, state-sponsored cyber espionage is a global phenomenon, and many countries engage in such activities.
Unmanned Ariel Vehicles
UAVs are also utilized in a variety of military operations, including air-to-ground warfare, target tracking, and surveillance. The security of wireless UAV-UAV and ground-UAV communications is essential for such important applications. Additionally, methodologies to investigate security vulnerabilities in UAV networks as well as security schemes and procedures to assure fundamental security characteristics like mutual authentication and privacy protection are being developed. There is little question that UAVs will be essential to the development of our communities in the future. UAVs have many benefits, but they are not immune from security flaws. Even professional UAVs, which are employed for sensitive and important tasks like enemy surveillance and police operations, have been demonstrated to have a number of security flaws. When hacked, they can be utilized for unauthorized monitoring and unmanned assaults by criminals and terrorist groups. They might be remotely disabled, abducted, taken off in flight, or taken. The devastation that UAV assaults may cause is seen by recent occurrences in September 2021, there have been several instances where drones were suspected or reported to have been used for espionage along Indian defence borders. Others include;
Pathankot Airbase Attack (2016): In January 2016, an attack on the Indian Air Force’s Pathankot Airbase was carried out by terrorists suspected to have crossed the border from Pakistan. It was reported that the attackers might have used a small UAV (unmanned aerial vehicle) to conduct reconnaissance of the airbase before the attack.
Punjab Border Intrusion (2020): In June 2020, there were reports of sightings of drones along the India-Pakistan border in Punjab. Indian security forces apprehended drones allegedly used for smuggling and espionage. These incidents prompted concerns about the potential use of drones for illicit activities, including reconnaissance.
Border Skirmishes (2020): During the border tensions between India and China in 2020, there were reports of Chinese drones being used for reconnaissance purposes along the Line of Actual Control (LAC) in Ladakh. These incidents raised concerns about the use of drones to gather intelligence on Indian defence positions.
Drone Sightings in Jammu (2021): In June 2021, multiple drone sightings were reported in the Jammu region, near India’s international border with Pakistan. These drones were suspected of being used for smuggling and possibly for espionage. The Indian security forces heightened their surveillance and counter-drone measures in response.
Drone Attack on Jammu Air Base (2021): In June 2021, a drone attack targeted the Indian Air Force’s Jammu Air Base. Two drones carrying explosives reportedly targeted the airbase. While the investigation was ongoing, the incident highlighted the potential security threats posed by drones.
It’s important to note that while drones can be used for reconnaissance purposes, their capabilities and limitations vary widely. Drones can be used for a range of activities, from smuggling to surveillance, depending on their design and capabilities. Additionally, the attribution of drone activities to specific entities can be challenging due to their relatively small size and remote operation.
Honey traps
Honey trapping” is a form of espionage or manipulation where a person uses personal relationships, often romantic or sexual, to gain access to sensitive information or influence individuals for intelligence purposes. Wang Qing is another example in point. Before being detained in Dimapur (Nagaland) on January 18, 2011, Wang Qing worked in India under several covers. As an executive of a Chinese lumber firm, she took a flight from Kunming to Kolkata on a tourist visa, visited Nagaland, and met with a leader of the Naga insurgency. After her deportation, the Indian government wrote the Chinese embassy a letter of complaint. Chinese intelligence personnel from the MSS or the PLA frequently (and occasionally expertly) employ the honey-trap method. It is evident that having beautiful agents on staff is insufficient; they also need to be able to make the contact seem real, which becomes more difficult in direct proportion to how important the objective is. Making a party to a real encounter into an amateur agent is one way to get around this problem. This is simpler than it sounds because honey-trap pings are often used to bug apartments or take pictures of papers rather than to produce a long-term intelligence source. RAW has itself been a target of such an endeavour. China was its lowest point. Its performance in China reached a low point in 2008 when Uma Mishra, the station head, was removed due to a botched probe into a honeytrap case involving one of her employees. The staff member in issue had been tagged by two distinct Chinese operatives and had his residence bugged, according to the Indian Ministry of External Affairs, who took joy in exposing RAW’s apparent ineptitude.
Naval War Room Leak Case: The Naval War Room Leak case in 2004 involved allegations of espionage and leaking sensitive naval information. It was alleged that a navy officer was involved in a romantic relationship with a woman who was suspected to have links with Pakistani intelligence. The information leaked was reported to be related to naval operations and plans.
Sukhna Land Scam: The Sukhna Land Scam in 2006 involved alleged manipulation and honey trapping in the Indian Army. Officers were accused of using their positions to provide undue favors to individuals who allegedly used honey traps to influence them. The case led to a major investigation and several officers being charged.
BSF Jawan Case: In 2018, a Border Security Force (BSF) jawan claimed that he was honey-trapped by Pakistani operatives through a fake Facebook account. He alleged that he was manipulated into sharing sensitive information, including details about troop movements, locations, and the operational status of his unit.
Indian Army Jawan Case: In 2021, an Indian Army soldier was arrested for allegedly sharing sensitive military information with a woman he had befriended on social media. The soldier was accused of revealing details related to troop deployments and other operational matters.
Website Defacements
In August 2016, an Australian newspaper, ‘The Australian’, published a report stating that sensitive and classified data related to India’s Scorpene-class submarines had been leaked. The data leak reportedly included details about the submarine’s technical specifications, operational capabilities, and other sensitive information. The leaked data allegedly contained over 22,000 pages of documents, including information about the submarine’s combat systems, sensors, torpedo launch systems, and other critical components. The leak raised concerns about the potential compromise of India’s defence capabilities and national security. It was particularly worrying because it exposed technical details that could potentially be exploited by adversaries to gain insights into the submarine’s vulnerabilities.
The source of the data leak was believed to be an insider within the organization. Reports suggested that the data was not directly hacked but rather leaked by a former employee or subcontractor of DCNS (now known as Naval Group), a French defence contractor responsible for designing the Scorpene-class submarines.
Indian authorities and the Indian Navy initiated an investigation into the data leak to determine its extent and impact. Additionally, efforts were made to assess the damage caused and take measures to secure the compromised information.
This incident prompted defence organizations worldwide to reassess their cybersecurity strategies, particularly concerning insider threats and the protection of critical military technology. It also highlighted the importance of international collaboration in addressing cybersecurity challenges, as data breaches can have transnational implications.
Other involved Defacement of websites through unauthorized access by hackers who alter the appearance or content of a website, often leaving their own messages or symbols in place of the original content. Such defacement can have various motivations, ranging from political statements to expressing grievances or simply showcasing hacking skills.
Indian Army’s Website Defaced: In 2016, the official website of the Indian Army was reportedly defaced by a group claiming to be the “Pakistan Haxors Crew.” The defacement included anti-India messages and images, along with statements criticizing alleged human rights violations in the Indian-administered region of Jammu and Kashmir.
Defence Research and Development Organisation (DRDO) Website Defaced Around the same time as the Indian Army’s website incident, the website of the DRDO, which is responsible for defence technology development, was also defaced. The hackers posted messages expressing support for Pakistan and criticizing India’s policies.
Indian Air Force (IAF) Website Defaced: In 2020, the official website of the Indian Air Force (IAF) was targeted by hackers claiming to be from the Turkish group “Ayyıldız Tim.” The defacement included messages in Turkish and English, along with a reference to the Kashmir issue.
Defence Ministry Web Portal Defacement: Attempts in 2020, there were reports of attempted defacements of the official web portal of India’s Ministry of Defence. The hackers left messages criticizing India’s cybersecurity measures and calling for better security practices.
Indian Navy’s Website Defaced in 2020, the official website of the Indian Navy was reportedly defaced by hackers who claimed to be part of the “Team Kerala Cyber Warriors.” The defacement included messages related to the ongoing border tensions between India and China.
These instances of website defacement often occur in the context of geopolitical tensions, territorial disputes, or other contentious issues. While defacement itself might not cause significant harm beyond embarrassment and inconvenience, it does highlight vulnerabilities in website security and underscores the need for robust cybersecurity practices in the defence sector.
Critical Infrastructure
Critical infrastructure targeting refers to cyberattacks that focus on essential systems and services that are vital for a country’s functioning and security. These attacks can have severe consequences, impacting not only the affected infrastructure but also broader sectors of society. Some cases of critical infrastructure targets in India include,
Power Grid Corporation of India (2020): In May 2020, it was reported that a malware attack had targeted the Power Grid Corporation of India (PGCIL), which manages the country’s power transmission network. The attack did not cause significant disruptions, but it raised concerns about the potential vulnerabilities of critical energy infrastructure.
Mumbai Power Outage (2020): In October 2020, Mumbai experienced a massive power outage that affected millions of people. While the outage was initially attributed to grid failure, subsequent reports suggested that a cyberattack could have been involved. However, official investigations did not conclusively confirm a cyberattack as the cause.
Gujarat Water Supply (2021): In April 2021, reports emerged about a cyberattack on the computer systems of the water supply department in Gujarat, a state in India. The attack affected online water distribution services, highlighting the potential vulnerabilities in critical water infrastructure.
Healthcare Sector Amid COVID-19 (2020-2021): During the COVID-19 pandemic, there were concerns about cyberattacks targeting healthcare infrastructure, including hospitals and medical research facilities. While not exclusive to India, these attacks underscored the need to protect critical healthcare systems during times of crisis.
Conclusion
The manifestation of cyber espionage, characterized by the deliberate intrusion into computer systems to pilfer sensitive information, poses a critical challenge in the contemporary security landscape. Concurrently, the employment of unmanned aerial vehicles (UAVs) further amplifies these threats. Unmanned operations frequently exploit UAV networks to perpetrate attacks on military, industrial, and civilian targets. India’s strategic focus on counteracting security threats posed by China, Pakistan, and domestic terrorism underscores the need for robust cybersecurity measures. Nevertheless, the mutual inadequacies and nonchalance displayed by China and India in terms of reciprocal cyber surveillance jeopardize not only their individual security postures but also the stability of the region.
Collaboration between Indian and American cybersecurity researchers and experts has led to joint research projects on various aspects of cybersecurity. This includes topics like threat analysis, malware detection, and cybersecurity policy. Both countries have signed agreements and memoranda of understanding (MoUs) to formalize their cybersecurity cooperation. These agreements outline the terms of information sharing, joint research, capacity building, and mutual support in cyber incident response. India and the US have engaged in discussions on cybersecurity in international forums such as the United Nations and other multilateral platforms. They work together to promote responsible behaviour in cyberspace and establish international norms for cyber activities. India and the US collaborate to combat cybercrime, including sharing information about cybercriminal activities and coordinating efforts to track down and prosecute cybercriminals.
India and Israel have signed agreements and Memoranda of Understanding (MoUs) to formalize their cybersecurity cooperation. These agreements outline the terms of information sharing, joint research, capacity building, and collaboration in cybersecurity technology development. Both countries have established joint working groups focused on cybersecurity. These groups facilitate regular discussions and exchanges between experts to share insights, best practices, and strategies. India and Israel have engaged in collaborative efforts to develop and deploy cybersecurity technologies. This includes research on topics such as secure communication, threat intelligence, and advanced encryption methods. Israel is renowned for its robust cybersecurity start-up ecosystem. India has been exploring opportunities to collaborate with Israeli cybersecurity companies, invest in innovative solutions, and promote technology transfer. Both countries have been working together to enhance their capabilities in incident response and cyber crisis management. Sharing experiences and best practices helps improve their preparedness for dealing with cyber incidents. India has shown interest in learning from Israel’s cybersecurity expertise. Training programs, workshops, and exchange programs have been conducted to enhance the technical skills of Indian cybersecurity professionals. India and Israel have engaged in discussions on shaping international norms and policies for responsible behaviour in cyberspace. This includes participation in international forums and advocating for rules of engagement in cyber operations.
Leave a Reply