While the National Security Agency’s US Prism surveillance system peeking into the private lives of millions of cyberiites has drwn flak, what is less known is the extensive secret domestic surveillance carried by Indian intelligence agencies. Though it is quite disturbing to note that India was the fifth most surveyed country under the Prism project, India’s cyber population has been under the lens for well over a decade now.
Indian intelligence agencies such as the National Security Council Secretariat (NSCS), Intelligence Bureau (IB), Research and Analysis Wing (RAW), National Technical Research Organisation (NTRO), Defence Research and Development Organisation (DRDO), Indian Computer Emergency Response Team (CERT-In) along with Army, Navy and Air Force units have been keeping a close tab on the growing Internet and mobile traffic for quite some time now. “In fact, monitoring of websites, Internet content and interception of mobile calls, etc., has been on as early as 1999,” said a senior IB officer.
Internet traffic in the country is reported to be of the order of 4,800 giga bytes, equivalent of zillions of calls and e-mails. Of this, 66 per cent is through mobile phones with data connection. It is estimated that there are over 350 million Internet users and 150 million broadband users in the country.
“We have been keeping a watch on the millions of phone and Internet users in the country with special focus on people who post anti-government content on the net. We already have a good surveillance in place so much so that we can easily track the name, location and even occupation of such folks,” said the IB officer.
Use of network sniffers in telecom structures has been in practice for a long time now, averred senior telecom officials. Sniffers, also called network analysers, are computer hardware devices with appropriate software or firmware programming that can intercept and log traffic passing over a digital network. These snoops examine network traffic, making a copy of the data but without redirecting or altering it.
“Security agencies can intercept all calls, e-mails and all communication over broadband network with sniffers and the data can be automatically copied in police nodes without the user’s knowledge,” confirmed an ISP service provider on condition of anonymity. “But not all traffic is intercepted. Currently, sniffers intercept based on pre-recorded keywords which automatically copy the data on to servers of security agencies,” he added.
This apart, cyber Indians are also under the constant threat of Bot infections. Bot-infected computers, or bots, are programs that are covertly installed on a user’s machine in order to allow an attacker to control the targeted system remotely through a communication channel. These channels allow the remote attacker to control a large number of compromised computers which can then be used to launch coordinated attacks.
A recent Symantec Internet Security Threat Report revealed that India has seen a 280 per cent increase in Bot infections and accounts for nearly 15 per cent of global Bot-net spams. “While India continues to rank high in the list for even the most basic threats, this year’s ISTR shows a clear focus among cyber criminals to target individuals, systems and organisations where the highest profits can be made,” said Mr Anand Naik, managing director-sales, India & SAARC, Symantec.
But the irony is Indian espionage is nascent, compared to the major global league with basic inherent flaws such as vulnerable government websites that can be easily hacked, a classic example being the recent hacking of CBSE sites to access class 12 board exam details by an Indian student at Cornell University.
Unless a communication is intercepted, the nature of the data being a national threat or not cannot be found. But questions are being raised about what is the guarantee that when the data of a good guy is compromised, it would not be misused.
“You need to achieve a balance between privacy and security,” said J. Prasanna, founder of Cyber Security and Privacy Foundation.
With a view to safeguarding data security of Indian cyber users, the foundation has decided to release a new asymmetric encryption software called Krypto.
“The open-source project would be made available free to all users to ensure secure encrypted communication across computers,” he said. However, decryption programmes would also be made available to intelligence agencies on request but only if there is a court order.
“Technology should be governed by legal mechanisms,” he added.