Cyber sleuths hit babu firewall

Visit the front pageVisit your profilePublish a blog post

Can government officials claim right to privacy if their emails have been hacked and security agencies ask for full access to the contents of the accounts?

Efforts of Indian intelligence agencies to counter waves of cyber attacks on government networks have run into an iron wall. Although access to the compromised email accounts of officials is critical for investigations, officials are less than keen.

The officials say that allowing the agencies to trawl contents of all their emails will breach their privacy: a position which is being supported by the National Informatics Centre (NIC), the custodian of all official electronic data.

Faced with regular attacks on government's critical infrastructure, agencies are discussing how much detail regarding the e-mails can be made available to investigators as officials are chary about private mails being scrutinized.

Sources said government found a clear pattern in cyber attacks targeting government computers, networks and other infrastructure. Almost all these attacks gain entry into a computer or a network via emails of officials. Almost all of them are official emails provided to them by the NIC.

From phishing to acquire information such as usernames and passwords to planting Trojans that provide remote access to a user's computer and network, the attacks are consistent and widespread. Trojans can be used for downloading or uploading files from, or to, a system.

Sources in the military and intelligence agencies say NIC - the official holder of official emails and websites - has been fending off bids to access hacked official emails. In case of such foreign cyber attacks, there are no police cases filed or any formal criminal investigation launched.

Public email providers such as Google part with details of e-mails only when law enforcement agencies file formal cases and seek details.

The government agencies want access as soon as attacks happen so as to track down the attack as well as to initiate preventive measures. The logs of the e-mail would tell them where all these e-mails have been accessed from, and other details. A military source said, besides accessing the logs of affected e-mails they were also keen to get contents of emails that may have been hacked. "We would definitely like to know how much of information has been compromised," he said.

"What is there in the e-mail would tell us what has surely been lost," he added.

A senior official said the government is now set to draw up a policy guideline on accessing logs and contents of official e-mails of government officials. "We are primarily looking at the regular needs of intelligence agencies. They need quick access, but we have to ensure that there is no misuse," he said.

The move comes at a time when the government is strengthening its overall posture against cyber attacks. A comprehensive policy is set to be approved by the Cabinet Committee on Security, detailing India's response to cyber attacks targeted at government systems and other critical infrastructure. Part of the strategy is to create dedicated Computer Emergency Response Teams for various sectors, setting up of National Critical Information Infrastructure Protection Centre etc.

Published by:

siavash's picture