Indian company blamed for global cyber attacks

A Norwegian cyber security firm has alleged that a sophisticated cyber attack infrastructure appears to originate from India, conducted by private actors with no evidence of state-sponsorship. Norman Shark, Norwegian firm, has also named an Indian company that is known to work with Indian military and intelligence as one of the possible suspects behind the attacks.

The Indian company, Appin Security Group, which figures in the report, has rubbished the claims, saying it was "totally false and very imaginative". The company pointed out that the report itself mentions "we are not implicating or suggesting inappropriate activity by Appin. Maybe someone has tried to hurt Appin by falsifying evidence to implicate them. Maybe some rogue agent within Appin Security Group is involved, or maybe there are other explanations."

Appin also pointed to a report by the Data Security Council of India questioning the credibility of the Norwegian report.

The Norman Shark report said the Indian cyber attack infrastructure "has likely been in operation for over three years, primarily as a platform for surveillance against targets of national security interest that are mostly based in Pakistan and possibly in the United States. It is also used for industrial espionage against the Norwegian telecom corporation Telenor and other civilian corporations. Evidence points to professional project management and outsourcing of key tasks, including some by freelance programmers."

The report said that the attackers based in India seem to have "employed multiple developers tasked with delivering specific malware", and that they appear to have "the resources and the relationships in India to make surveillance attacks possible anywhere in the world".

A senior government official said that one Indian intelligence agency had filed a report with the government a few months ago accusing Appin of wrong doings and probably compromising details of security vulnerability of one of its clients. "It is incorrect that Appin had placed details on any server which was accessible to people or in any manner it could be compromised. Appin always follows industry standard protocols for protecting data," Appin told TOI.

The Norwegian report said that the attacks seemed to target several sectors, including natural resources, telecommunications, law, hospitality and manufacturing. "It is highly unlikely that this organization of hackers would be conducting industrial espionage for just its own purposes, which makes this of considerable concern," the report said.

It added that the findings are currently under investigation by national and international authorities.

The Norman Shark report, titled "Operation Hangover", said the Indian network seems to have targeted victims in over a dozen countries. "Specific targets include government, military and business organizations. Attribution to India was based on an extensive analysis of IP addresses, website domain registrations, and text-based identifiers contained within the malicious code itself," the company said.

"This type of activity has been associated primarily with China over the past several years but to our knowledge, this is the first time that evidence of cyber espionage has shown to be originating from India," a senior official in the Norwegian company said in a statement.

For years now there have been several international reports, making several claims on cyber attacks. Most of these reports, including US official estimates have blamed hackers based in China, especially some units of the Chinese military of carrying out such attacks. Indian investigators have also found evidence of hackers based in Russia, central Asia etc of carrying out attacks on Indian targets. America's CIA and Israel's Mossad have famously used intrusive network attacks to target Iranian nuclear capabilities.

Read More

Murthy scandal: iGate staff gets social media code

On Tuesday, while many were still coming to terms with news of iGate sacking its chief Phaneesh Murthy, company officials were busy asking employees to cocoon themselves from the outside world, especially the media, in a bid to limit the damage. 

iGate employees in India received an email from the company's communication team at around 8 am, explaining the situation and telling them not to discuss it on social media, or talk to journalists. 

The Fremont, California-based company followed it up with a web-based town hall for its employees in India, in which a pre-recorded audio message from its founder-promoters - Ashok Trivedi and Sunil Wadhwani - was played. In it, they explained the facts of the case to employees. 

Senior managers told team members about the board's decision to sack Murthy, and asked them not to discuss it even with other employees inside the office, said staff at iGate's Bangalore campus, where about 7,000 people work. 

With nearly $1 billion (about 5,500 crore) in revenues, iGate has around 30,000 employees, a majority of them in India. 

On Wednesday, several iGate employees told ET, on condition of anonymity, that they were concerned about the company's growth after the exit of Murthy, who has been its face for most of the past decade. 

iGate's India employees shocked

One of the employees, who worked at iGate's White Field office on the outskirts of Bangalore, said his team members were 'shocked' and had spent more time at the canteen and smoking zone than inside the office. "Everyone was stunned, but nobody was allowed to discuss it," he said. 

Murthy, who joined iGate in 2003 after losing his job at Infosys for getting involved in a sexual relationship with his secretary Reka Maximovitch, is often credited with growing iGate from a little-known software firm to a billion-dollar company that challenged larger rivals such as Infosys and TCS. 

Employees said his departure might see other senior-level exits, especially those groomed by him. "Phaneesh was popular among employees, and the fact is that we have lost a leader," said one employee. 

But not all employees are shocked. Some said these events were part and parcel of the software industry. "Having a relationship with a subordinate is nothing new. In this industry there are many cases, some are reported while others are not," one of them said. 

Murthy was a popular face at iGate's Bangalore campus, which he used to visit at least once a month. For many employees, especially the juniors at the software company who admired Murthy's shrewdness, his departure has been difficult to digest.

Read More

Hackers find China is land of opportunity

Name a target anywhere in China, an official at a state-owned company boasted recently, and his crack staff will break into that person's computer, download the contents of the hard drive, record the keystrokes and monitor cellphone communications, too. 

Pitches like that, from a salesman for Nanjing Xhunter Software, were not uncommon at a crowded trade show this month that brought together Chinese law enforcement officials and entrepreneurs eager to win government contracts for police equipment and services. 

"We can physically locate anyone who spreads a rumor on the Internet," said the salesman, whose company's services include monitoring online postings and pinpointing who has been saying what about whom. 

The culture of hacking in China is not confined to top-secret military compounds where hackers carry out orders to pilfer data from foreign governments and corporations. Hacking thrives across official, corporate and criminal worlds. Whether it is used to break into private networks, track online dissent back to its source or steal trade secrets, hacking is openly discussed and even promoted at trade shows, inside university classrooms and on Internet forums. 

The Ministry of Education and Chinese universities, for instance, join companies in sponsoring hacking competitions that army talent scouts attend, though "the standards can be mediocre," said a cybersecurity expert who works for a government institute and handed out awards at a 2010 competition. 

Corporations employ freelance hackers to spy on competitors. In an interview, a former hacker confirmed recent official news reports that one of China's largest makers of construction equipment had committed cyberespionage against a rival. 

One force behind the spread of hacking is the government's insistence on maintaining surveillance over anyone deemed suspicious. So local police departments contract with companies like Xhunter to monitor and suppress dissent, industry insiders say. 

Ai Weiwei, the dissident artist, said he had received three messages from Google around 2009 saying his e-mail account had been compromised, an increasingly common occurrence in China among people deemed subversive. When the police detained him in 2011, he said, they seized 200 pieces of computer equipment and other electronic hardware. 

"They're so interested in computers," Mr Ai said. "Every time anyone is arrested or checked, the first thing they grab is the computer." 

There is criminal hacking, too. Keyboard jockeys break into online gaming programs and credit card databases to collect personal information. As in other countries, the police here have expressed growing concern. 

Some hackers see crime as more lucrative than legitimate work, but opportunities for skilled hackers to earn generous salaries abound, given the growing number of cybersecurity companies providing network defense services to the government, state-owned enterprises and private companies. 

"I have personally provided services to the People's Liberation Army, the Ministry of Public Security and the Ministry of State Security," said a prominent former hacker who used the alias V8 Brother for this interview because he feared scrutiny by foreign governments. He said he had done the work as a contractor and described it as defensive, but declined to give details. 

And "if you are a government employee, there could be secret projects or secret missions," the hacker said. 

But government jobs are usually not well paying or prestigious, and most skilled hackers prefer working for security companies that have cyberdefense contracts, as V8 Brother does, he and others in the industry say. 

Self-trained, the hacker teamed up with China's patriotic " red hackers" more than a decade ago. Then he began working for cybersecurity companies and was recently making $100,000 a year, he said. 

V8 Brother said this cyberworld was so arcane that senior Chinese officials did not know details about computer work at government agencies. "You can't even explain to them what you're doing," he said. "It's like explaining computer science to a construction worker." 

In Washington, officials criticize what they consider state-sponsored attacks. The officials say intrusions against foreign governments and businesses are growing, and the Pentagon this month accused the Chinese military of attacking American government computer systems and military contractors. The White House, which has ordered cyberattacks against Iran, has made cybersecurity a priority in talks with China. The Chinese Foreign Ministry says China opposes hacking attacks and is itself a victim. 

The furor in Washington intensified in February after The New York Times and other news organizations published details of hacking efforts against their own networks and the findings of a new report by a cybersecurity company, Mandiant. The report said a shadowy group within the People's Liberation Army, Unit 61398, ran a formidable hacking and espionage operation against foreign entities out of a building on the outskirts of Shanghai. 

In China, the unit is just one part of the complex universe of hacking and cybersecurity. And the military units are not a well-kept secret. At least four former employees of Unit 61786, responsible for cryptography and information security, have posted resumes on job-search Web sites listing employment in the unit. 

Another job seeker reported employment in Unit 61580; the unit has engineers specializing in "computer network defense and attack," according to the Project 2049 Institute, a nongovernmental organization in Virginia that studies security and policy issues in Asia. 

Members of Unit 61398, the bureau mentioned by Mandiant, have written several papers on hacking and cybersecurity with professors at Shanghai Jiaotong University, which has a prominent information security department. Across China, the universities labeled jiaotong — meaning communications — are taking the lead in building such departments. The military recruits at the universities and runs its own training center, the PLA Information Engineering University, in the city of Zhengzhou. 

But cybersecurity experts here say the schools often churn out students who know theory but lack practical skills. That could explain why many Chinese hacking attacks that have been discovered do not appear very sophisticated. American cybersecurity experts say attacks from Chinese groups often occur only from 9 to 5 Beijing time. And unlike, say, the Russians, Chinese hackers do not tend to cloak their movements, said Darien Kindlund, manager of the threat intelligence group for FireEye, a cybersecurity firm in Milpitas, Calif. 

"They're using the least amount of sophistication necessary to accomplish their mission," Mr. Kindlund said. "They have a lot of manpower available, but not necessarily a lot of intelligent manpower to conduct these operations stealthily." 

The culture of hacking began in China in the late 1990s. The most famous underground group then was Green Army. One sign of how hacking has gone mainstream is the fact that the name of a later incarnation of Green Army — Lumeng — is now used by a top cybersecurity company in China. (Its English name is NSFOCUS.) 

These companies are often started by prominent hackers or employ them to do network security. They have polished Web sites that list Chinese government agencies and companies as their clients. They also list foreign clients — at least one company, Knownsec, lists Microsoft — and have offices abroad. 

The Web site of another company, Venustech, says its clients include more than 100 government offices, among them almost all the military commands. The company, which declined an interview request, has a hacking and cyberdefense research center. 

Another former hacker said the monolithic notion of insidious, state-sponsored hacking now discussed in the West was absurd. The presence of the state throughout the economy means hackers often end up doing work for the government at some point, even if it is through something as small-scale as a contract with a local government office. 

"I don't think the West understands," he said. "China's government is so big. It's almost impossible to not have any crossover with the government." 

Private corporations in China are employing hackers for industrial espionage, in operations that involve complex tiers of agents who hire the hackers. Sany Group, one of China's biggest makers of construction equipment, hired hackers to spy on Zoomlion, a rival, according to official news media reports confirmed by the former hacker. Sany declined to comment. 

That hacker said he knew the middleman agent who had hired cyberspies for Sany. The agent was a security engineer who owned two apartments in Beijing and had been under pressure to meet mortgage payments. "In China, everyone is struggling to feed themselves, so why should they consider values and those kinds of luxuries?" the former hacker said. "They work for one thing, and that's for money."

Read More

Start and sell: India’s new Valley success stories

Abheek Anand is no ordinary product manager working out of Facebook's California headquarters. The 32-year-old, along with fellow IITian Sohan Majumdar, sold the mobile-based customer loyalty startup Tagtile, which they had jointly launched, to Facebook last year.

Anand and Majumdar represent the new generation of tech entrepreneurs in Silicon Valley. This breed thrives by soaking up the Valley's can-do culture, and by turning ideas into startups that attract the attention of the big fish.

A recent study by Kauffman Foundation says 33% of the co-founders of engineering and technology startups in the US since 2006 are Indians, leaving other immigrant communities far behind. The past 18 months have seen a slew of startups — with at least one Indian co-founder — being acquired by the biggies. Others have tapped the US capital markets with successful listings.

These include Cisco's acquisition of cloud-controlled WiFi provider Meraki for $1.2 billion; LinkedIn's buyout of mobile and web newsreader Pulse for $90 million; GroupOn snapping up social media firm Campfire Labs; and GREE's purchase of Funzio that creates games for social and mobile platforms. Palo Alto Networks, which provides firewalls, raised over $260 million when it went public last year.

However, these new kids on the block have failed to attract the kind of attention drawn by Indian-origin entrepreneurs Sabeer Bhatia, Kanwal Rekhi, Pramod Haque, Gururaj Deshpande and BV Jagadeesh, who were stars of the dotcom era. One reason could be that most of these pioneers sold their firms for eye-catching figures in all-cash deals unlike the current lot, who are mainly going for share-swaps with small cash components.

Hotmail founder Sabeer Bhatia, an early poster boy for Indian entrepreneurs in the US, struck gold by selling the company to Microsoft for $400 million in 1998. Infosys co-founder Narayana Murthy's brother-in-law Gururaj Deshpande's networking products company, Sycamore Networks, had a spectacular IPO in 1999, with its market cap touching $14.4 billion on day one.

Some things, however, stay the same. Businesses are hatched over coffee and funding put up over a good lunch. Tagtile was born in Fatoush, San Francisco's Mediterranean restaurant, to mine repeat buyers and improve customer loyalty.

"We believed we had a cool technology aimed at a large market. And we wanted to start a company," says Anand. Tagtile offers a free hardware dongle to merchants to record customers' purchase patterns, tapping their smartphones to the hardware device at the checkout. Customers can install the Tagtile app on their phones to redeem loyalty rewards from retailers.

"Indians continue to be wealth creators. Even though they are no more than 5% of Silicon Valley, they are responsible for almost 20% of start-ups," says Rekhi, a serial entrepreneur and MD of technology venture capital fund Inventus Capital Partners. First-generation entrepreneurs like Vinod Khosla and Ram Shriram became the role models for immigrant startups whose validation could get angel investors and VCs to cut seven-figure cheques for ideas on a napkin.

Ex-Googler Sakina Arsiwala and her husband Naveen Koorakula's social media startup was lapped up by deals site GroupOn when it was still in a stealth mode. Rajiv Batra who listed Palo Alto Networks, Sanjit Biswas of Meraki, Akshay Choudhury and Amit Gupta of Pulse figure in the Valley's recent list of Indian wealth and job generators.

Vivek Wadhwa, fellow at Arthur & Toni Rembe Rock Center for Corporate Governance in Stanford University, says Indians show a burning desire to raise their social status in a foreign country. This means rewriting rules of the game to plug into the Valley's entrepreneurial ecosystem, where they are otherwise typecast as techies. "When they leave India, they are at the top of the social ladder; when they come here, they are at the bottom. They are highly motivated to regain their social stature here and, hence, work extremely hard and take risks by starting companies," says Wadhwa, author of 'The Immigrant Exodus: Why America Is Losing the Global Race to Capture Entrepreneurial Talent'.

With most startup buyouts structured in stock options with little cash take-out, figuring out the wealth of this generation of entrepreneurs has become tricky. Internet and social media biggies like GroupOn and Facebook have had see-sawing stock prices, while LinkedIn's price has held firm. The stock-cash ratio depends on the stage of maturity the companies are in, while the entrepreneurial fortunes hinge on the market behaviour.

While most immigrant graduates and mid-level professionals at internet giants Google and Yahoo who plunge into entrepreneurship normally play in the Valley ecosystem, there are others who are making a splash too. Lalit Kalani, a Wharton grad who hails from a family of liquor manufacturers in Mumbai, co-founded Bandar Foods that makes Indian chilli sauces. This story spins around blending mango pickles and mint chutneys into squeeze bottles at a time Indian flavours are finding their space at takeaway counters.

JD Sethi's company, Dahlicious, makers of Indian-style probiotic yogurts, funded by loans from Boston brewer Samuel Adams, is another case of Indian risk appetite expanding outside the Valley.

The fact that several Indian professionals are now in top management at GroupOn, Google, Facebook and LinkedIn — simply put, on the side of acquirers — probably helps their million-dollar dreams.

Read More

Micromax launches data card

Micromax has launched MMX377G, a new data card offering a speed of 14.4 mbps. Micromax MMX377G data card can upload files at a speed of 5.76 mbps. 

The plug-and play requires no prior installation for use. Speaking about the new product, Mr. Deepak Mehrotra, CEO Micromax said, "At Micromax we constantly strive to innovate and develop technologically advanced devices. With the internet penetration in the country expected to grow at a steady rate, we have tried to address the need of high speed internet usage with the launch this new dongle. Users can experience high speed internet surfing, social networking, video streaming, gaming and more all on the go with this new device." 

The mini gadget is fuelled with T-Flash memory reader which is expandable up to 32GB and supports any operator's SIM card. 

Commenting on the new launch MediaTek's General Manager, business development, Finbarr Moynihan, said, "Micromax 377G dongle is the first device in India powered by MediaTek's MT6280 3G/HSPA+ thin-modem platform.

The chipset supports HSPA+ data rates, receive diversity and comes as a highly-integrated, single-chip baseband and RF SoC (System on Chip) that offers small size, low power and leading data modem performance ideal for 3G data dongles, resulting in a high-quality browsing experience for consumers. We are delighted that India's leading mobile brand has chosen MediaTek to power its latest 3G data card." 

The datacard comes at an MOP of Rs 1699. 

Read More