Pages

17 October 2020

Have we under-estimated the cybersecurity threat from China?

By Khushhal Kaushik

Even as the Corona virus emerging from China batters the world, another virus, namely, the electronic virus emanating from the same country as part of a larger cyber security threat, remains somewhat understated. With Covid-19 prompting a pivot to digitalization of most spheres of life, a vast multitude of people are working from home, conducting meetings and even training online while also carrying out online transactions.

As such, a prodigious amount of confidential data from different locations would have been generated. While this digitization has simplified many aspects of everyday life, this all-out dependence on digital platforms is also riddled with extraordinary data security risks.

Incidentally, India has the world's highest number of Internet users downloading millions of apps every year. However, 80% of these apps are insecure from security standpoint. The cyber security threat originating in China is a major challenge for a Digital India. Unfortunately, India for a long time did not react to this threat with the seriousness it deserves. The government did responded recently, rather belatedly, by banning 118 Chinese applications. However, more needs to be done in order to fortify the cyber security systems in the country.

Weaponising technology and applications

With China playing the villainous protagonist, a cyber war of sorts has already begun. Several western countries including the US and Australia have placed a ban on 5G equipment from China. Since 2016, India has been the sixth most targeted country by China-based hackers mostly targeting IT, aerospace and public administration sectors. According to a cyber-intelligence report put together based on conversations on the dark web, an attack by Chinese hackers on several Indian organizations including media houses, telecom companies and even a tyre company is in the works.

While Pakistan has taken upon itself to harness social media to spread disinformation and fake news about India, China further facilitates this malicious and motivated propaganda through technological products and applications coming out of the country. Typically, the algorithms of the Chinese apps are not so robust as compared to other applications which in normal course allow auditing and cross-checking of the fact of the content. As a result, it had been difficult to rein in the spread of the propaganda and disinformation-ridden news on these Chinese applications.

Tiktok illustrates the risks

Tiktok, the widely popular app – with an estimated 120 million users in India – has proved to be notorious in terms of being instrumental in spreading fake news with the aim of spreading disinformation against India as well as creating disharmony within the Indian community. Any small incident was amplified and made viral beyond all proportions by this Chinese app. This was because the algorithm of this app has been designed in a way that any violent or chaotic content would automatically go viral and spread like wildfire in no time.

The fact-checking features in the algorithm were made exceptionally simplified making data leakage extremely easy. Not only this, because the app could share user data with the Chinese government, it constitutes a threat to national security. On the contrary, if any such content or message was targeted against China, that account would have been suspended immediately – revealing the deliberately designed anti-India bias embedded in these apps originating from China.

By placing a ban on it along with several other Chinese apps, the government has gone a step closer to strengthening the country's cyber security systems.

Chinese hackers constantly improvising

However, following the banning of applications, the tools and methods of cyber-attacks have also changed. One of the ways is by resorting to the extremely dangerous malware named Remote Access Trojan (RAT). This malware enters a user’s device through an email attachment or as part of larger software package such as a video game, in effect piggybacking on seemingly legitimate files.

Once the user clicks on it, a bot (named RAT) is released which injects the final payload using the Application Management service on Windows thereby allowing the hacker to completely take over control of the user device remotely. In addition to these dangerous improvisations, as noted above, Chinese hackers have even intensified cyber-attacks against government agencies and other institutions in India to sully India's reputation or steal sensitive information from the systems.

The country’s existing dependence on Chinese companies for telecom hardware devices and products for crucial wireless infrastructure makes it already vulnerable. Although the government has allowed the Chinese telecom companies to participate in 5G trials, it is widely hoped and believed that the government would do a rethink on this.

Clear guidelines on apps must be urgent priority

It is high time that the government issues clear-cut guidelines on applications that are ‘pushed’ onto user devices. Particularly keeping in mind those apps that are most used by Indians and on which Indian users have become highly dependent, the government must lay down rules and guidelines with respect to their functioning and use. These rules should mandatorily prescribe for maintaining quality of encryption, data security and privacy standards, programming framework, security framework etc. If an application owner fails to abide by these guidelines, they should be made liable to pay a certain penalty to the government.

Celebrities& common people must exercise caution

While the government agencies have their task cut out, itis also incumbent on celebrities and common people to exercise restraint and caution when it comes to Chinese technology products and applications. In fact, celebrities must conduct a thorough due diligence and seek ‘robust reassurances’ on privacy and data security before endorsing Chinese gadgets or smartphones. Or else in the long-term their credibility and brand appeal would suffer a hit if those gadgets and applications were found to be compromised and transmitting information out of the country. Likewise, common people must also desist from opting for Chinese products no matter how appealing or inexpensive the gadget may be given the track record of Chinese products.

Therefore, the cyber security threat from China is very real and already upon us. We must do everything in our power to stem this threat. Because any soft-handling would prove disastrous – not only from national security standpoint, but also economic and socio-cultural perspectives.

No comments:

Post a Comment