The recent publication of a Chinese scam where thousands of Credit Card swiping machines supplied from China to UK to be used at Merchant locations were found to have been tamperedÂ and inserted with a malicious chip to siphon off credit card data to China. This resulted in thousands of credit card customers losing money due to fraudulent withdrawals arising out of cloned cards.
This incident highlights the possibility of China being the epi center of a new wave of Cyber Crimes. When these incidents are seen along with the reports about Chinese mobiles being capable of remote controls, the scenario becomes very alrming.
We also know that China is in the forefront of Cyber War technology and has used India many times as a testing ground. There was a recent indicent where Satyam Computers, a reputed IT company in India faced the charge of having allowed malicious trojans operating in its system and allowing Chinese hackers get sensitive information of World Bank.
There is also a report that there is an unusual interest shown by China in sending hundereds of students to study in Mysore and many of these Chinese nationals are expected to stay andÂ Â work in and around the IT Capital of India,Â Bangalore. It is suspected that this move to sendÂ a large number of Chinese students into this area is an attempt to infiltrate the IT companiesÂ andÂ perhapsÂ engage in espionage activities.
At this point of time, I agree Â that these allegations are in the speculative range.Â But from the point of view of information security, there is a reasonable ground to believe that “Made in China” is today a serious security risk to be guarded against.
In this background, it is a matter of concern to know that BSNL, the public sector telecom giant has entered into a US $ 40 m deal to use Huawei broadband routers for its customers. In fact BSNL has been using Huawei routers for some time now. Since routers are the backbone of Internet traffic, it is considered eminently possible to use them for Cyber Terrorist activities. For example, it is possible to disable these routers and bring down the Internet economy by a single command sent on the Internet. It is possible to divert sensitive information through these routers to steal passwords.
As a concerned netizen of India I therefore consider it necessary to demand that BSNL must clarify to the public in India if it has undertaken a complete strip down audit of the embedded chips in the Huawei routers and tested it for reliability. If not they should do so now and use International help particularly with the UK investigators who worked on the Credit card machine fraud.
Recently, a PIL has been filed in Mumbai urging the Government to take certain Counter terrorism strategies using the Internet. Perhaps it is alsoÂ justifiable to file a PIL to ensure that BSNL does not neglect this requirement and endanger the Cyber Security of India through this otherwise innocuous commercial deal and open doors for Cyber terrorism or Cyber Wars to destabilize India.
Coordinator, Indian National Cyber Security Forum