Cyber attacks see spike before important government meetings

By ​Aveek Sen & Neha Alawadhi

BENGALURU/NEW DELHI: A day before Prime Minister Narendra Modi's visit to Afghanistan in December 2015, the email account of India's then ambassador to the country Amar Sinha was hacked by cyber attackers when he downloaded a malicious MS Word document sent as an email attachment.

Sinha, now secretary (economic relations) at the external affairs ministry, told ET that the attacker could not get any valuable information from his system.

“I was alert as such attacks took place often and had alerted NIC (National Informatics Centre),” Sinha said in an email response. “I also see a pattern as such attacks happen more often before important meetings. Even in the past (we) noted a spike before, say, BRICS meeting when I was in commerce Ministry. And targets would be all involved in decision-making across ministries.”

Officials said a spike in cyberattacks before important diplomatic meetings is a worldwide trend that targets government and defence personnel. But while Sinha acted in time and reported the attack, several other such attacks go unsuspected and unreported, they said.

India, according to experts, is grossly underprepared to deal with the diplomatic spying wars that are being played out in cyberspace.




“The government is underinvested in cybersecurity,” said one of the people familiar with the way cyber threats are handled, requesting not to be identified.

In the budget for 2016-17, the government has allocated Rs 70 crore to cybersecurity. The allocation in the current fiscal is Rs 120 crore for “cyber security including CERT-In (Indian Computer Emergency Response Team) and IT Act”.

The attack targeted at ambassador Sinha was first reported by network security company Palo Alto Networks in February. According to the company, the ambassador received an email that showed Defence Minister Manohar Parrikar as the sender, with the subject “Letter of appreciation for your remarkable achievements”. The email had a Microsoft Word document attached, which when clicked, downloaded a computer virus onto the ambassador’s system.

Internal advisories explaining the perils of clicking on unverified links and attachments in emails and safe online behaviour are often sent out by CERT-In.

However, India lacks a central authority for monitoring and reporting of cyber threats. The National Cyber Security Coordination Centre that was announced in 2013 has also been a non-starter, experts said.

“In the government, there is no evolved process of onboarding people on using technology. Everyone assumes you know how to open emails, everyday applications such as spreadsheets and so on...Cybersecurity trainings are almost unheard of,” said another person.

Although government officials largely agreed that more needs to be done to thwart cyberattacks, they argued that one cannot be careful all the time.

“Some are context based attacks. For example, around this time, when income tax returns are being filed, one can get an email saying you have received a tax refund and the person will be tempted to click the attachment or link,” said an official, who did not wish to be named.

Similar attacks were reported on Indian diplomatic personnel in Kazakhstan and Saudi Arabia. Indian military personnel are also often targeted. Different reports suggest that malicious links were sent to personnel working in the Indian embassies in Hungary, Denmark, and Colombia.

An email to the ministry of external affairs spokesperson seeking information on the course of action followed after such attacks remained unanswered till late evening on Sunday.

Sivarama Krishnan, partner, Risk Advisory Services at consultancy PwC said, “The government should work on three layers – it has to standardise its set of processes on technology; it should aggregate the hosting of all the government websites so phishing attacks can be easily detected; and it must invest in technologies which enhance control and security.”