Cyber terrorism next big threat to India: Cyber security Whizkid

Nov 24 (IANS) Pakistani cyber criminals deface nearly 60 Indian websites every day, says celebrity cyber security expert Ankit Fadia, adding that cyber terrorism is the biggest threat India is facing today.
“The next big war that the country may have to wage against terror will be on the Internet. The network infrastructure of the country may be attacked any time.Social networking sites like Twitter, Facebook, Orkut and Myspace may also pose a threat,” Fadia told IANS in an e-mail interview.

Fadia, 24, is considered “one of the best and the youngest ethical hackers in the country”.

He is an authority on computer security systems and digital intelligence. The computer whizkid, who at the age of 16 cracked an encrypted al Qaeda mail for an intelligence agency soon after the Sep 11 attacks, has a degree in information security from Stanford University in the US.

He advises top-of-the-chain global MNCs, the Singapore government and Indian police forces in network security and digital upgrades, and hosts a television show on ethical hacking.

“Pakistani cyber criminals deface nearly 60 Indian websites a day, but in return only 10 to 15 Pakistani websites are defaced. It has been going on since 2001. India may be the IT capital of the world, but as far as security issues are concerned the country is lagging far behind,” Fadia said.

“Most countries have been victims of cyber terrorim some time or the other. Since 2000-01, Pakistani criminals have been defacing Indian websites and writing derogatory messages against India. It is known as Hacktivism, hacking into websites to spread a political, social or economic cause.”

Fadia, who was working with the Central Bureau of Investigation till a couple of years ago, said: “As more and more aspects of our lives are now online, the danger of cyber terrorism is only rising.”

Terrorists are now using “VoIP (Voice over Internet Protocol) chats, hidden messages inside photographs, draft e-mails and encrypted pen drives to communicate across the world, he said.

After the Mumbai terror attacks last year, Fadia worked with the police “to decode various VoIP messages that the terrorists passed on using various VoIP software (Skype and Google Talk) before the attacks to plan the strike.

“The police had also found various e-mails that were sent by the terrorists. I worked with the police to trace the e-mails back to the source and determine the exact geographic locations of the terrorists.”

Fadia said: “At that time, India needed proof that the terrorists had indeed come from Pakistan. However, the initial e-mail trace revealed that the mails were sent from Saudi Arabia and Russia. After further investigation, we realised that the mails were sent from Pakistan and the terrorists had used proxy servers to disguise their locations.”

For the past couple of months, the security expert has been “working on a project on how social networking websites are the next big threat for individuals. I am also writing a book on spies, hacking and national security,” he said.

According to Fadia, cyber laws in India may be quite good, “but the problem is that the police who enforce those laws are not trained properly. If anyone lodges a cyber crime complaint at the nearest police station, I am sure that nine out of 10 times, officials attending to you won’t even know what you are saying.”

The threat of terrorism has “sort of legitimised the demand and the necessity for ethical hacking”, Fadia felt. “Especially after the Mumbai attacks, everyone realised the need for ethical hacking. An ethical hacker determines the various security loopholes in a company’s network and comes up with protection mechanisms to fix them.

“It is like hiring a criminal to break into your house and then asking the criminal to suggest ways to prevent a real break-in from taking place.”

Fadia wrote “The Unofficial Guide to Ethical Hacking” when he was just 14. It became an international bestseller, sold over three million copies and was translated into 11 languages.

Fadia said: “According to NASSCOM-IDC surveys the demand for ethical hackers is estimated at 77,000 in India and 188,000 worldwide currently.” He has trained more than 15,000 executives in systems security.

Fadia got his first computer when he was 10.

“At 12, I suddenly developed an interest in computer hacking. The fact that it was illegal attracted me. I hacked into the database of my favourite Chip magazine at 13. I defaced the magazine website and put up my website instead. But I wrote to the editor of the magazine and told him what I had done and how he could fix the security loophole so that such incidents don’t happen again. The editor offered me a job.”

Cyber Terrorism In India Is A National Security Hazard

Cyber law of India has covered a long distance. It has covered a journey from Informationn Technology Act, 2000 (IT Act, 2000) to the Information Technology Amendment Act 2008 (IT Act 2008).

Just like any other technology law, the IT Act, 2000 is also far from perfect. Also with the passage of time, new provisions must be incorporated to address the issues of cyber crimes and online transactions.

One such issue that has not received proper attention of the government of India (GOI) pertains to cyber terrorism in India.

Cyberterrorism is defined by Kevin G. Coleman as “The premeditated use of disruptive activities, or the threat thereof, against computers and/or networks, with the intention to cause harm or further social, ideological, religious, political or similar objectives. Or to intimidate any person in furtherance of such objectives.

Cyber Terrorism in India was first discussed and advocated in the year 2002 by Praveen Dalal, the leading Techno-Legal Expert of India and Managing Partner of Perry4Law.

However, the GOI woke up very late in the year 2008 when a single provision was incorporated in the Information Technology Amendment Act 2008 (IT Act 2008) on the basis of suggestions of Praveen Dalal.

Though the provision seems to be a good beginning yet there is still a long gap to cover as a single provision cannot be considered to be enough to address the menace of cyber terrorism in India.

It would be a good idea if the GOI take a serious note of the existing cyber law of India and come up with good and effective amendments.