3,000 Internet Connections Compromise For Snooping From Foreign Locations

New Delhi, March 10, IRNA - About 3,000 Internet connections, including those of the Ministry of Defence (MoD), security agencies, the Central Bureau of Investigation (CBI) and banks in Delhi, have been found to be compromised, probably for snooping from foreign locations, according to a report submitted by cyber security experts to government. While computers in these organisations havenˈt been hacked, a vulnerability in the modems they use may have allowed outsiders access to information, the Indian Infosec Consortium said. ˈAbout 3,000 Internet connections in Delhi are compromised, including that of defence, CBI, election officers. They are being accessed using servers abroad. We have shared a detailed report with Telecom Minister Kapil Sibal who has promised prompt action,ˈ pti reported quoting IIC cyber security analyst Jiten Jain. Jain said the consortium has also submitted a report to security agencies for immediate action and correction of their systems. Over 99 per cent of the 3,000 connections surveyed by IIC were possible victims of snooping. IIC is a group of 20,000 cyber security experts pitching to become the first line of cyber defence for India and develop indigenous cyber security products. The researchers said they believe the threat emanates from a vulnerability due to technical settings in modems imported and sold by most Indian telecom operators. ˈAll of the devices included in the research were imported. I have not seen Indian telecom operators providing modem or routers of any Indian company. All of them are made by foreign companies, which is making systems vulnerable and susceptible to espionage,ˈ Jain said. The report said users of these vulnerable modems could be directed to malicious servers overseas instead of going through domain name system (DNS) servers to a desired website. A DNS server helps to connect a user to the server that hosts the desired website. The consortium found the DNS settings of modems, also known as Internet routers, had been manipulated. The report revealed that the primary DNS Internet address in the modems belonged to servers in China, Ukraine, the Netherlands and France, with most of them in the US. ˈNormally, the primary DNS servers should be on the network of actual Internet connection provider, but we found it is of malicious foreign servers which were suspicious and must have been used for phishing and traffic interception and diversion through a specific route,ˈ Jain said. The server located abroad may connect to the desired website or to a fake website that appears authentic. Jain said it was not possible to pinpoint which country may be spying on these systems due to the complex structure of the Internet. IIC used the telephone directory of a public sector company to find out which entities may have been targeted by cyber spies. It also found that Internet connections provided by a leading private telecom operator were vulnerable. However, the entities that may have been targeted could not be ascertained because the company doesnˈt have a directory service, Jain said. IIC is working on a service that will check if routers have been infected and whether their DNS settings need to be corrected, Jain said./end