14 DAY TRIAL // Local media in India is reporting that the Ministry of External Affairs is dealing with a security incident on its computer network, after a number of computers have been found to be compromised with spyware. The malicious software has been sending copies of internal e-mail messages to a rogue address.
The MEA network is comprised of some 600 computers, and, according to the Indian Express, sources from inside the Ministry have confirmed that multiple systems have been affected, including some serving the Pakistani Affairs Department, as well as senior Secretaries and Joint Secretaries.
The large scale security breach was observed during an investigation that followed the discovery of spyware on the computers in service of an unnamed Minister of State. Details at this time are scarce, but initial reports claim that a server in China is involved.
"It's important to realize that, even if Chinese servers are involved they may not necessarily be under the control of the Chinese authorities. Hackers have a long history of taking over computers in other countries to hide their true location," Graham Cluley, senior technology consultant at Sophos, notes.
The inside sources mentioned that several different spyware-type applications might be involved, and speculated that the point of entry might have been the e-mails sent to government officials or the unsecure Internet connection they had used during their trips abroad.
The full extent of the exposed data is not yet known, but the Foreign Secretary is said to have started instructing employees to use encryption technology for e-mail communications. In addition, workers have been asked to abstain from accessing personal e-mail accounts, blogs and social networking websites while at the office.
This is not the first time that MEA has to deal with a cyber security incident. Almost a year ago, Chinese hackers were also blamed for penetrating the security of the Ministry's network and accessing classified information. The attack has been linked with others targeting the National Security Council and National Informatics Center (NIC).
Furthermore, we have recently reported that the website of the Indian Embassy in Spain (Embajada de la India en España) has been targeted by cyber criminals, who injected malicious code into its pages in order to distribute malware. On a side note, the Chinese hackers have been blamed by governments in several countries, including the United States, for breaking into secure networks. Some officials have even speculated that the hackers were hired by the Chinese authorities to gather intel.