Thursday, July 14, 2011

Ignorance and greed biggest challenge to India

The problem with security and intelligence agencies in India is the lack of communication and the greed for credit and power. India is not the only exception or victim of such traits. Politics inside the bureaucracy and the power game is almost same in all the other countries of the world too; but the very basic difference between them and us is the fear of getting caught and getting punished. Deterrence of getting caught and failing in investigation and punishments somewhat controls their greed.

We lack proper laws and proper implementation of the same. Those in the power have every knack and control over twisting the law as per their convenience. Those in power and those who have the power are the two most dangerous factors in administration. For example there are a couple of “information and security research organizations” operating from India but the research they do here are for the foreign countries. We can’t question them or ask for any clarification as they operate from India in the name of “threat analysis/research”. They are not directly working on hardcore intelligence; instead they are working on the development and activities of various hackers groups who operate from these regions. Now the question that arises is how hackers and hacking can be an issue for national security? This issue needs completely different analysis and explanations. Looking at the recent terror attacks and threats to this country lets go little in-depth and understand the issue.

The problems are not limited to specific categories; the majority of issues are on smaller scales and that is the reason why they are less talked about, discussed and thought over. Hence it’s easier for all these terrorist organizations and other intelligence agencies to target India and that too so frequently. Let us take a simple example of the communication issues over the border areas of India. Mostly, the way security personnel/armed forces and terrorists who are deployed in the border areas communicate with each other in more or less the same manner and uses almost same technology and communication devices like walkie-talkie, wireless frequency and satellite phones (mostly used in base camps because of its high price).

The way communication gets trapped is not something extra ordinary; it happens because of a very simple reason that the communication cannot be encrypted over such mediums, and that is why it is easier to intercept them. But the irony is that it is not necessary that communication which is intercepted is true and accurate, the possibility of making this conversation for the purpose of misguiding the security forces in and around those areas is high. And at the same time we can’t even ignore them because if by any chance the incident happens then those soldiers who are deployed in the area will be considered guilty because the communication is passed to the senior officers sitting in the base camps. The percentage of number of security forces deployed in and around the borders is the maximum and the strength of Indian army and armed forces is among the top 6 in the world, so it is not possible to make any excuses for the “man power”, if such incidents happens and we fail to avoid them.

The very common problem that seems to be simple and hence ignored is “social engineering”. Most of the time both the forces deployed over the border keeps on scanning the wireless frequency ranges of each other’s and also the different specific frequency on which the patrolling forces are communicating. Because of the similarity in the language spoken, it is not a hard job for someone who is really good in social engineering to fool and collect information from these various patrolling forces/parties. All you need to do is make a call on the same frequency of the other side party and just ask them in a commanding and confident voice that you are so and so senior speaking from their respective bases and ask them for their progress or current location or some other outputs. Due to the hierarchy in the forces and couple of protocols which we ignore to follow, it makes it very difficult for that soldier to ask many questions regarding the caller’s identification and justify the reason of calling as no one wants to make their boss unhappy and that too if you are in armed force.

Thus, these types of problems are not very big and complicated but what makes it more difficult to be taken care of and encountered is the ignorance and lack of interest by those who are responsible for making the protocols and process by the think tanks. Unfortunately, they are focusing more on the issues that happen less frequently but make big news. The problems occurring because of such ignorance are not talked about much and fail to make big news. The one who has to be held responsible for such ignorance is the irresponsible media in such locations.

Now if we talk about these think tanks and decision and policy makers, then they are busy most of the time giving lectures all over the world. They only talk about big and critical issues which are not present but are expected to happen or occur in future. What our intelligence agencies are doing working under the banner of “research organizations” is extracting the money from the central government under the name of “research” or “strategy development” or “analysis”. Someone told me once about one such research which was like “understanding and studying the mind of “black hat hackers”. In this research the organization took assistance from couple of senior doctors (more preciously – psychiatrists) to complete the entire exercise. During their entire exercise there was not even a single time they talked or discussed things with any hacker or infosec professionals (forget about the black hats). They completed the entire exercise and study within the specific time, even prepared and gave the report to the top bosses. When I came to know about the amount of money spent on this, I was really shocked and was like “OMG”. With so much of money and time in available, had they done the research in a proper manner, then they could have finished their research in a terrific and successful manner. Their success in fact would have been fruitful and useful to those who were assigned to work on it and actually implement it. Being in this domain I can easily make out what they would have done during the entire project and what the entire project report would comprise of. If you ask me to tell this in simple words, then I would call it “shit”.

Inputs r45c4l

No comments:

Post a Comment