Feeds

Indian navy computers stormed by malware-ridden USBs

China suspected of cyber skulduggery

SANS - Survey on application security programs

The Indian navy has been left licking its wounds after suspected Chinese hackers managed to lift classified data from maximum security, non-internet connected PCs via malware hidden on USB drives.

The Indian Eastern Naval Command – which is currently overseeing trials of the country’s first nuclear missile submarine, INS Arihant – was the target of the attacks, which were first discovered at the start of the year, according to the Indian Express.

A “person familiar with the investigation” revealed to the paper that thumb drives were found at the site. These were apparently infected with malware which, once placed in the standalone computers, covertly collected information according to certain keywords.

These documents remained hidden on a secret folder on the USB until it was connected to an internet-enabled PC again, when they were sent to certain IP addresses traced to China.

Although there is no conclusive proof that these IP addresses were the final destination of the stolen documents, China has been accused many times in the past of similar military-led cyber espionage attacks.

Just last month fears surfaced that a laptop which went missing from a Taiwanese missile boat was half-inched by a Chinese spy after the navy admitted security at the base where the boat was moored was not as tight as it should have been.

The Indian Eastern Naval Command is also charged with overseeing operations in the South China Sea, a region which is highly sensitive politically for China and one which has recently seen an escalation in tensions over its territorial claims.

The report claims six officers are awaiting strict disciplinary action after the incident, although there is no mention that any of them may have been acting maliciously.

The Indian government has finally been roused into action by the increasing threat to its national security from cyber space, recently announcing plans to create a 24-hour National Critical Information Infrastructure Protection Centre (NCIPC) to monitor threats.

More controversially, it has also been finalising plans which would authorise two agencies to carry out state-sponsored attacks if called upon. ®

Combat fraud and increase customer satisfaction

More from The Register

next story
Parent gabfest Mumsnet hit by SSL bug: My heart bleeds, grins hacker
Natter-board tells middle-class Britain to purée its passwords
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
Web data BLEEDOUT: Users to feel the pain as Heartbleed bug revealed
Vendors and ISPs have work to do updating firmware - if it's possible to fix this
Samsung Galaxy S5 fingerprint scanner hacked in just 4 DAYS
Sammy's newbie cooked slower than iPhone, also costs more to build
Snowden-inspired crypto-email service Lavaboom launches
German service pays tribute to Lavabit
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
Call of Duty 'fragged using OpenSSL's Heartbleed exploit'
So it begins ... or maybe not, says one analyst
prev story

Whitepapers

Designing a defence for mobile apps
In this whitepaper learn the various considerations for defending mobile applications; from the mobile application architecture itself to the myriad testing technologies needed to properly assess mobile applications risk.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.