Hackers have broken into sensitive naval computer systems in and around Visakhapatnam, the headquarters of the Eastern Naval Command, and planted bugs that relayed confidential data to IP addresses in China.
The Eastern Naval Command plans operations and deployments in the South China Sea — the theatre of recent muscle-flexing by Beijing — and beyond. India’s first nuclear missile submarine, INS Arihant, is currently undergoing trials at the Command.
The extent of the loss is still being ascertained, and officials said it was “premature at this stage” to comment on the sensitivity of the compromised data. But the Navy has completed a Board of Inquiry (BoI) which is believed to have indicted at least six mid-level officers for procedural lapses that led to the security breach.
The naval computers were found infected with a virus that secretly collected and transmitted confidential files and documents to Chinese IP addresses. Strict disciplinary action against the indicted officers is imminent.
Responding to a questionnaire sent by The Sunday Express on whether highly classified data had been sent to IP addresses in China due to the bug, the Navy said: “An inquiry has been convened and findings of the report are awaited. It needs to be mentioned that there is a constant threat in the cyber domain from inimical hackers worldwide.”
Sources, however, confirmed that classified data had been leaked, and the breach had possibly occurred because of the use of pen drives that are prohibited in naval offices. The virus was found hidden in the pen drives that were being used to transfer data from standalone computers to othersystems, said a person familiar with the investigation.
The Navy — and the other armed forces — stores sensitive data only in standalone computers that are not connected to the Internet. These computers are not supposed to have ports or access points for pen drives or external storage devices.
The virus apparently created a hidden folder and collected specific files and documents based on certain ‘key words’ that it has been programmed to identify.
The documents remained hidden on the pen drives until they were put in computers that were connected to the Internet, after which the bug quietly sent the files to specific IP addresses.
The cyber espionage came to light in January-February this year. Besides the Navy’s resources, other cyber forensic agencies were involved in tracing the hackers, sources said. China has been accused earlier of using “cyber battalions” — specially trained military staff — to break into sensitive computer systems across the world.
The Naval HQ in New Delhi is monitoring the case closely. Besides the Arihant trial, several other sensitive projects are being undertaken near Visakhapatnam, including an upcoming underground nuclear submarine base that is expected to house India’s strategic assets.