11 December 2014

India’s Cyber Challenge: Indian Mujahideen

By Melanie Schweiger
December 09, 2014

India’s most widely known terrorist organization is the Indian Mujahideen (IM), an Islamic terrorist group. Because of the organization’s close relations with the Islamic terrorist groups Lashkar-e-Taiba (LeT) and the Student Islamic Movement of India (SIMI), its earliest origins are unclear. However, the first attack that was linked to the IM was the Varanasi bombing in February 2005. That was followed by the Mumbai train bombings in 2006, serial bombings in Ahmedabad and Delhi in 2008, and the attack on the “German Bakery” in Pune in 2010.

Most of these attacks involved pressure cooker bombs, bicycle bombs, and car bombs, but rarely firearms. However, the organization does have a trademark: Before each attack, IM terrorists sent emails to the National Intelligence Agency (NIA) or government departments, in which they communicated the attack’s purpose. Then, shortly before the attacks, hackers penetrated Wi-Fi networks to cover their traces and make it more difficult for investigators to identify them.

For example, before the Delhi blasts in 2008, IM members spread messages about the forthcoming event by hacking into an open Wi-Fi in Mumbai, aiming to send the intelligence team to the wrong location. The IM has also been known to use cyberspace to gather knowledge, recruit new personnel, and disrupt national security by spreading terror and propaganda online. This has been in evidence recently. In August 2014, the IM wasaccused of helping the Islamic State with recruitment and propaganda. By offering financial incentives and using YouTube videos as a medium to promote jihadism, the IM is using the Internet to attract and persuade poor Indian Muslims to join the fighting in Iraq. By the time of the report, more than 100 young Indian men were reported missing, believed to have gone to the Middle East to join the Islamic State.

Previously, the IM was known to operate only within India, targeting territories with strong Islamic ideological bonds, such as Kerala, Karnataka, the northeastern states bordering Bangladesh and Myanmar, rural areas in Uttar Pradesh, and Jammu & Kashmir. This recent cooperation with the Islamic State suggests the organization is expanding its ties towards the Middle and Far East. In response to this rising terrorist presence online, the Indian government is planning to issue a new cyber security policy within the next six months.

According to Kaspersky Cybermap, India is one of the most frequently targeted countries for cyber attacks and cyber activities. Despite being a global outsourcing hub for IT services and software solutions, IT infrastructure security is poor in India, making it vulnerable to attach. Authorities sought to address this issue by proposing a National Cyber Security Policy in 2013, calling for 50,000 high-skilled security experts by 2018 and stricter surveillance systems.

That was a step in the right direction, but the policy has been poorly implemented and has failed to improve cyber security standards in India. The main stumbling block was budgetary. India’s cyber security budget for 2013-2014 was a mere $7.76 million, a tiny fraction of the 2014 U.S. budget of $5.1billion. According to Subimal Bhattacharjee, the Indian government must at least double its investment if cyber security is to begin to be effective. However, with the government of Narendra Modi focused on other massive development initiatives (such as Make in India), allocating a large share of the annual budget to cyber security looks hard to justify at this point.

Still, the government has taken some initial steps on cyber security: 

Under Section 69 of the Information Technology Act, the Center for Development of Telematics (C-DOT) is allowed to request decryption of any private information. Refusal can be punishable by up to seven years of imprisonment. For these purposes, the C-DOT is planning to install the spyware NETRA in more than 1,000 locations in order to monitor all online communications and enable government agencies direct access to individual web data. 

Military procurement is not only applicable to the purchase of weapons and military technology, but also to cyber security. India now actively acquires cyber security technology from Israel

However, if India is to effectively fight terrorism in cyberspace, including the recruitment tactics and propaganda videos of the Indian Mujahideen, the government will also need to create awareness about terrorist movements and increase the number of cyber security-specific think tanks monitoring and reporting terrorist activities.

Melanie Schweiger writes on security policies in the South Asian region.

No comments: