Cyfirma, a Singapore-based cyber-security research firm, recently confirmed that hacking groups working closely with the Chinese government were planning a nation-wide cyberattack. The chinese hackers were targeting several Indian businesses and government offices, to infiltrate sensitive data and create brand damage.
“In the first week of June, researchers in our company came across a series of conversations about India on the dark web. The chat was primarily in Mandarin, and the hackers were expressing their frustration over India and were discussing ways to ‘teach India a lesson.’
They also published multiple lists with names of companies they plan to target. Apart from that, they also discussed potential methods that could be used to target their data. They did not want to simply hack the company and de-face their website, they wanted to steal sensitive information,” says Kumar Ritesh, the Chairman and CEO of the company, to The Better India.
A spokesperson from the company confirmed that the ongoing jostle for geopolitical supremacy is a key motivation for these cyberattacks.
The chinese hackers were planning to target companies including Reliance Jio Infocomm, Bharti Airtel, Larsen & Toubro, Apollo Tyres, Micromax, Sun Pharma, and Cipla, along with Defence, External Affairs, and Information and Broadcasting ministries. Media houses like Hindustan Times and Times of India were also named as targets.
Who are the Chinese Hackers?
When the published lists were traced back to their sources it led to two well-known hacker groups — ‘Gothic Panda’, and ‘Stone Panda’ — who are directly affiliated to the People’s Liberation Army (PLA).
Gothic Panda is a long-standing Chinese threat actor group that has targeted the aerospace, construction, engineering, telecommunication, transportation, and manufacturing sectors of other countries in the past. Meanwhile, Stone Panda is involved in stealing international trade secrets, and supply chain information from enterprises in Countries such as India, the United States, Japan, Canada, and Brazil.
“The full list of exposed IP addresses along with a detailed technical analysis has been submitted to IN CERT (Indian Computer Emergency Response Team). They have taken necessary actions,” says Ritesh.
From Bhopal to the British Intelligence Service
Kumar Ritesh, the founder of Cyfirma has undoubtedly had an interesting professional journey.
“I got my first job in the late 1990’s, as a software engineer in an MNC. My family was thrilled, and the work was alright, but soon a feeling of dissatisfaction set in, and I quit the job in six months, and started to look for other opportunities,” he begins.
During this time, he spent a lot of time on online coder communities writing codes for other users.
“I used to write a lot of codes. I even made a website with a repository of codes I developed. Soon, my work, on that online community, reached a large IT firm. After an interview, I was selected for the role of a research engineer,”
Here, he worked as a ‘security-coder’ and was one of the engineers who helped build a cybersecurity layer for that company. But, within 10 months, Ritesh found himself addressing the media over a security-breach issue that the company had faced.
“Since I was the only one fluent in English, I was given a script to read in front of the press. But, I added details to explain the breach in detail. This was aired on national and international media channels. Within a few days, I was contacted by officials in the UK about a job related to coding. I was 23 years old, and it was like a fairytale for me,” says Ritesh.
Little did he know that he had been selected for a job at the British Intelligence Service.
“I cleared the interview, acquired the work visa and moved to London. Only after I proved trustworthy, did they tell me the real story,” says Ritesh.
In 2008, Ritesh retired from the organisation for personal reasons, and continued to work in different companies across the world until 2016. After gaining experience for two decades it was clear to him that businesses looked at cyber intelligence in the wrong way.
“Most organisations turn to cybersecurity solutions once an attack has taken place. But, if you understand your enemy and your threats, preventive measures can be taken to protect data. My idea was to decode threats to understand who is the hacker, what is their motive, when they will attack, and how they will attack,” says Ritesh.
In February 2016, Ritesh approached various companies with his idea which was well-received by Goldman Sachs.
“Goldman Sachs was our first investor. They agreed to provide us back up, but since we were just starting and did not have the technology, they invited me to join hands with global data analytics firm Antuit.ai, another company they invested with. But, we had an agreement that once Cyfirma grew, we would become a separate entity,” says Ritesh.
Today, Cyfirma has 3 investors — Zodius capital, ZP3 Partners, and Goldman Sachs. The total funding raised by the company stands at $8 million, and the company is also a separate entity. Their clients include companies such as Mitsubishi Corporation and Toshiba.
Precautionary Measures That a Layperson Can Take
The Better India also spoke to Rizwan Shaik, an experienced ‘ethical hacker’ and the founder of Pristine Infosolution, a Mumbai-based IT company. He has closely followed the news about the chinese hackers plot, and reiterates the importance of taking precautionary measures to protect data from unauthorised access or attacks.
“Everything relies on computers and the internet now. There are many threats, some more serious than the others. Among these dangers are malware attacks which can erase all your data, alter data, and steal sensitive information. Therefore, it is important to take precautionary measures and detect attacks before they happen,” he says.
Rizwan says, simple practices like changing passwords regularly, upgrading technical skills of existing IT experts, and keeping antivirus softwares up to date can minimize chances of getting hacked.
Image courtesy: Cyfirma.
(Edited by Gayatri Mishra)