N-plant cyber attack, a warning
Hyderabad: The attempted cyber attack on the Kudankulam nuclear power plant (KNPP) clearly shows the lack of watchfulness to prevent such attacks. Cyber-
security experts said it was a matter of concern.
The attack on the KNPP was a ‘remote access trojan attack,’ in which the hackers remotely access the machine, take control and mine the data slowly. They could even launch a remote command to execute a certain functionality.
In a press statement on Wednesday, the Nuclear Power Corporation of India Limited (NPCI) confirmed the presence of malware in the KNPP system and said the infected system belonged to a user connected to the internet and was used for administrative purposes. It said it was isolated from the critical internal network.
An investigation by the department of atomic energy confirmed that KNPP system was not affected.
Global cyber security forum chairman, Sai Krishna, said: “The hackers were able to hack a machine in the most secretive establishment of India. That itself is a big threat for us. They have credible information about the establishment, otherwise they wouldn’t have been able to pass through the gate.”
Information-gathering is a common technique applied by hackers and cyber security professionals to understand a machine.
Speaking about the ways in which hackers identify targets, Krishna said, “First, they identify the establishment through the public domain service providers through which they get the IP address and the contacts of employees. Later, they get into the machine through a network standpoint.”
Hackers can infiltrate the computer by dropping a code through an application and stay in the system.
Once they understand the network behaviour and collect data, they can find a vulnerability in the database server, application server or network site and exploit it.
“It is not an overnight journey, it takes months and years to get success,” an expert said.
But it may all not be so bad. Speaking to Deccan Chronicle, Mukesh Chowdhary, founder and chief executive officer of Cyberops, an Indian cybersecurity company, said: “An isolated system which was separated from the other systems, even though compromised, doesn’t have an effect on our classified data. They don’t keep confidential information in the systems which are connected to the internet. It is a very strict protocol which is being followed by the armed forces, security forces or scientists.”
He added: “The machines used for operational purposes are connected internally through intranet as a private network contained within the establishment.
It difficult to hack them as they are more secure because they are not connected to the internet.
“In rare cases, there is a possibility of a compromised machine affecting the machines next to it by analysing the electromagnetic waves. Every keystroke produces electromagnetic waves which can be captured by an other machine. So a gap of 10-20 feet is maintained,” Mr Chowdhary said.
He said that organisations working in classified space use Linux operating system which is an open source operating machine.
“It can be customised as per our needs unlike others where we unknowingly give consent,” Mr Chowdary said.