So remember that one time when RIM co-CEO Mike Lazaridis kind of freaked out during a BBC interview. The fact that he flaked on the interview kind of hinted at the reasons why he started freaking out in the first place — India. The Indian government has been tightening its control over social media and other forms of communication within the country amidst the rising threat of terrorism, RIM included. But the government is now looking to monitor communication on two of the most popular sites in the world, reports HackerNews.

You might have heard of them: Twitter and Facebook.

Carriers already help out the Indian government by monitoring communication on their networks, Twitter and Facebook included. But as you should already know, not every thing you do or say on Twitter and Facebook is public information; some of the data/text is encrypted. This is what the government in India is after, although to what extent has not be clarified.

For the full original article, see here.

With terrorists increasingly resorting to hacking and using internet for communications, India and the US Tuesday inked an agreement to promote increased collaboration in cyber security.

The memorandum of understanding on cyber security was signed by R. Chandrashekhar, secretary, India Department of Information Technology, and Jane Holl Lute, deputy secretary for the US Department of Homeland Security (DHS).

The agreement entails closer cooperation and the timely exchange of information on cyber security.

The pact was signed on a day US Secretary of State Hillary Clinton and External Affairs Minister held the second India-US strategic dialogue that focused on expanding counter-terror cooperation.
…

For full original article, see here

The Indian government is teaming up with Chinese tech giant Huawei to search imported smartphones and communications devices for signs of malware and spyware. However, some Indians are nervous because of Huawei’s close ties to the People’s Liberation Army and fear that the firm could be complicit in cyberattacks.

One journalist, Joji Thomas Philip of India’s Economic Times, calls it “rather like letting the fox in to guard the henhouse.”

Huawei recently opened a research lab at Bangalore’s Indian Institute of Science that will be expanded shortly. But opening a joint Indian-Chinese cybersecurity lab also presents problems for Huawei. The mobile-phone provider, which was named one of Fast Company’s Most Innovative Companies of 2010, will be operating in an environment where it will be easy for Indians to observe Huawei’s techniques and corporate goings-on.

The lab was reportedly opened by request of Indian intelligence services, who fear that foreign governments and corporations could use mobile-phone technology for espionage purposes. The lab’s tender requires it to test all imported mobile phones and handsets and equipment for built-in spyware and malware. It is not clear if the laboratory will also be involved in the testing of smartphone applications and for-purchase software for conventional mobile phones.

…

For full original article, see here

Government officials from around the world met on Wednesday to call for more global collaboration in the fight against cyber crime, as well as more co-ordination between governments and the private sector.

Heads of cyber security from the UK, US, China, India and France kicked off the
Worldwide Cybersecurity Summit in London with a high level discussion on how the world should work together to mitigate the threat of cyber terrorism.

Government officials from Germany and Russia were originally set to be included in the discussion but did not attend.

Themes included a need for more international collaboration to tackle cyber criminals, and what form this collaboration should take, as well how to get the balance right between online freedoms and regulation.

France and India debated whether the world needs more international regulation to provide a framework for states to effectively clamp down on cyber criminals, or whether national legislation is enough.

France said that national laws should suffice but that nation states should work together to combat cyber terrorists by quantifying the risk of cyber threats and setting international security standards for businesses.

“Can we still really say cyber space has no frontiers and the borders of cyber space do not follow political boundaries? Borders do exist and they are becoming stronger,” said Francis Delon, France’s secretary general for Defence and National Security Affairs.

“Work has to be done at an international level. This should consist of internationally agreeing an evaluation scale for cyber attacks, similar to the one being used for nuclear incidents. Secondly we need norms that the private sector should conform to, which will secure critical systems.”

India took a different view, arguing that cyber space is borderless in nature and that a global legal regime is needed to deal with the cyber terrorist threat.

“The nature of cyber space is that it is borderless and anonymous and it is not subject to government territories that have laws,” said Kapil Sibal, India’s minister for IT and communications.

“So there is a fundamental contradiction between government regulation and the nature of cyber space.

“It can be called a global problem more even than the environment because the threats can manifest themselves across the whole world. The threats require concerted action across governments. The question is what kind of action and co-ordination.”

Meanwhile, India’s deputy national security advisor, Latha Reddy, said that nations need to work together to create definitions relating to cyber security, best practice and a global
regime to protect the financial sector.

Reddy explained that international regulation is needed to define global rules that guide governments in what types of security and offensive strategies are acceptable and which are not.

“The challenge is how to create effective law enforcement across boundaries,” she said. “We need international agreements. We should go step by step, but we need to take immediate action.”

Tim Dowse, director of intelligence and national security for the UK Foreign and Commonwealth Office, argued that the debate on whether more international regulation is needed in the internet age raises important questions.

“Are existing national laws adequate? Do they apply to cyber space?” he said. “We all agree on international collaboration, but what form of collaboration should it take?”
Shawn Henry, FBI assistant director, discussed how the US is tackling cyber crime by spreading FBI resources globally.

“The key to all this is partnership. We have talked about partnerships at a private level and partnerships at a corporate level, but we also need partnerships in international law enforcement,” he said.

“The FBI has representatives in 75 countries around the world. We have embedded agents in legal agencies across the world and given these agents the ability to immediately share information and act on that.

“This has allowed us to have a positive impact. In 2010, we were able to arrest 200 cyber criminals tied to organised crime groups.”

Officials from China also spoke of the need for international collaboration when it comes to cyber security, even though the country has often appeared opposed to collaborating with the rest of the world when it comes to the internet. China’s ‘Great Firewall’ shuts out many web sites from the international community.

Liu Xiaoming, ambassador of the People’s Republic of China to the UK and Northern Ireland, did not join the panel discussion with the other speakers at the event but gave a speech by himself afterwards.

“The Chinese government has always supported international collaboration in cyber security,” he said.

“We are now in an era where the whole world is linked by the internet which means cyber security is a vital global issue that calls for international collaboration.”

The Cybersecurity Summit was held the day after the UK government revealed that it is working on a cyber offensive strategy to protect the nation from online threats.

On May 16, the United States revealed its foreign policy strategy for cyberspace in a thirty page document entitled International Strategy for Cyberspace: Prosperity, Security, and Openness in a Networked World. The document outlines the foreign policy goals of United States for the cyber domain. One commentator, Chris Bronk, pointed out that the strategy is not a cybersecurity plan, but rather, a broad set of prescriptions relating to the Internet and information more generally. Bronk states, “To borrow from Ronald Deibert and Rafal Rohozinski, the U.S. government has decided to pursue the protection of a global cyber commons.”

The document declares that the US will work with like minded states to establish a set of international expectations / norms of behaviour in which to guide defense policies, international partnerships and interstate conduct. These norms will be based on five principles: upholding fundamental freedoms, respect for property, valuing privacy, protection from crime, and the right of self-defense. Deriving from these principles, the document states, are core responsibilities in cyberspace, including global interoperability, network stability, reliable access, multi-stakeholder governance, and cybersecurity due diligence. To ensure that the United States will be able to implement its vision of cyberspace, the document outlines that the strategy will be realized through bilateral and multilateral partnerships, international and multi-stakeholder organizations, and private sector collaboration.

The document also explains that this vision of cyberspace will be enforced through the means of defense against “terrorists, cybercriminals, or states and their proxies.” An important paragraph states that “When warranted, the United States will respond to hostile acts in cyberspace as we would to any other threat to our country. All states possess an inherent right to self-defense, and we recognize that certain hostile acts conducted through cyberspace could compel actions under the commitments we have with our military treaty partners. We reserve the right to use all necessary means diplomatic, informational, military, and economic as appropriate and consistent with applicable international law, in order to defend our Nation, our allies, our partners, and our interests.” This statement has become a point of contention for some commentators, with Mikko Hypponen, Chief Research Officer for F-Secure tweeting, “So, basically, USA is saying ‘Try to DDoS us and we’ll launch missiles at you.’”

Bolstering the strategy’s commitment in fighting infringement of intellectual property is the release of a draft version of the “Preventing Real Online Threats to Economic Creativity and Theft of Intellectual Property Act of 2011” last week. If passed, this act would grant the government power to shutter Web sites that infringe on intellectual property rights. The IP Protect Act grants the government power to order Internet service providers to use DNS blocking to prevent domestic access to such sites; to order search engines from displaying links to the offending site; and rights holders would be allowed to instruct online services from partnering with offending sites. Touted as an Internet censorship bill by some, Google’s
Eric Schmidt cautioned that this action may set off a dangerous precedent for global freedom of expression: “So, let’s whack off the DNS. Okay, that seems like an appealing solution but it sets a very bad precedent because now another country will say, ‘I don’t like free speech so I’ll whack off all those that country would be China.”

Meanwhile, the United States has been strengthening bilateral relations with states. Last week, the U.S. Secret Service set up an office in Estonia to combat cyber and financial crimes, while the Economic Times of India reported on closer cooperation between India and the US on cybersecurity. Against the backdrop of increasing cyberattacks, India is currently in the process of setting up a Cyber Command Control Authority.

Amid these new developments, other states have implemented new measures to defend themselves against cyberattacks. Following the footsteps of other countries that have set up cyber commands, it was reported this week that Iran is doing the same. At the same time, it was been reported that Israel is also on the verge of setting up a national task force whose prime responsibility will be to “defend vital infrastructure networks against cybernetic terrorist attacks perpetrated by foreign countries and terrorist elements.” Meanwhile, Malaysia has partnered up with US security provider, Fortinet, to deal with cyberthreats.

WASHINGTON: The United States is having close co-operation with India on a range of issues related to cyber security and the country wants to expand it, a US official has said.

“We have had great cooperation with India. We’ve had many meetings with Indian officials in various different fora, including at the White House level,” Christopher Painter, the State Department Co-coordinator for Cyber Issues, told a group of foreign journalists in a media roundtable.

“I think we have lots more meetings coming up. I think we have very good cooperation with India, and that’s something we want to build on and expand,” he said in response to a question.

Talks with India, he said, are just a reflection of the fact that they are talking about how to exchange information, cooperate in securing networks, for instance, in fighting crime, in reaching agreement about these norms.
“That’s a global effort that requires countries like India to work together with us in reaching that result. So there’s been very robust cooperation around that. And I’ve also been to India – not recently but I’ve been there a couple of years ago — and I’ve met with Indian officials here. So this is something we take very importantly,” he said.

Painter said the International Strategy for Cyberspace released early this week for the first time pulls together all the different strands of our policies in cyberspace from Internet freedom issues to Internet governance issues, to security issues, to military issues, to cyber crime issues, to economic issues, and puts them really all in one framework for the first time.

“For the time what our goals are in cyberspace, what the future we’d like to see achieved in cyberspace. And I should note this is not – although this is a strategy that’s issued by our President, is it not a uniquely American vision. It is a vision that should be, and is, a world vision. And one of the key things behind this strategy is to find partners and to build a consensus around it,” he said.

Alarmed over rising cyber attacks from “White hats” in Pakistan and the Chinese “Honker Union” on Indian websites and computer networks, the Manmohan Singh government is in the process of establishing a Cyber Command & Control Authority.

The recent efforts of hackers from mafia groups in erstwhile Soviet Union countries to penetrate even the well-protected defence network prompted the government to set up a central command rather than leave it to each ministry and department to handle the problem.

A senior official involved with the cyber command programme told DNA that despite intelligence agencies issuing “regular warnings against possible hacking”, there had been little success in countering the attacks, forcing the change in approach from the government. However, the minister for communications and IT, Sachin Pilot, won’t go beyond saying that “the government has formulated a crisis management plan for countering cyber attacks and cyber terrorism”.

A crucial aspect of fighting a cyber attack is to launch a counter-attack, with the help of private IT experts if required. These experts are known as “white hats” if they work for state agencies. For example, when Delhi police recently arrested a software engineer Bhupinder Singh in a hacking case, it discovered that the person had once hacked some key computer networks in Pakistan. Bhupinder Singh is in fact considered amongst theworld’s ace cyber hackers and worked for a fee.

The white hats may work for the government without being directly on the rolls. The “black hats”, on the other hand, are hackers who obtain sensitive data for criminal activities. The Chinese hackers, known as Honker Union, who succeeded in penetrating Google servers last year and even broke the source code of Microsoft, are believed to have state patronage.

The need to establish a unified cyber Command is considered vital because cyber attacks are going to be part of future warfare.

There was some debate over whether this command should be under one of the ministries or directly under the prime minister, but now it has been placed under the National Security Adviser who reports to the PM.

It is learnt that officials in the national security apparatus have already interacted with the US, whose CYBYERCOMM works as a central command. The need for it was felt when websites of NASA, the state department and commerce department were hacked in 2007. The hackers disabled 2000 computers of theUS Army and also penetrated the networks of VISA, MasterCard and Paypal. In Britain, the parliament’s website faced the same fate, following which a cyber command on the lines of the US system was established at a cost of 650 million pounds. The US is also believed to have carried out cyber warfare by infecting the Iranian nuclear network with the Stuxnet computer worm.

In a confidential dossier, the US informed India that more than 100 attacks take place every day from all over the world to break its security network. It is in this backdrop that India is now establishing its own central cyber command authority under the PMO.

Chinese hackers may have inspired memorandum between India and Kazakhstan on cyber security. The agreement, specifically mentioned to by Kazakh president Nursultan Nazarbayev during his joint press conference with Prime Minister Manmohan Singh, was proposed by the Indian side but found ready acceptance with the Central Asian government.

Kazakhstan, an oil and gas-rich nation, was targeted by coordinated cyber attacks by a group of hackers who sought to break into the computers of energy firms and secure data on oil, gas and petrochemicals.

The attacks also covered energy firms in the United States, Taiwan and Greece. Roughly a dozen energy firms, including major multinationals, were attacked. Five firms later confirmed the attacks.

Subsequent sleuthing determined that the cyber attacks originated from China and were dubbed by security firm McAfee as the “Night Dragons”.

The key method used was to break into company servers and then send bogus emails to employees or breaking into employee laptops and steal confidential material.

Kazakh officials, perhaps mindful of their close economic relationship with China, denied their interest in the cyber security agreement was due to any specific attacks, saying it was a “reflection of the reality we face.”

Two possible outcomes loomed over the BlackBerry battles in India, Saudi Arabia, and other countries in recent months: Either local intelligence agencies get to snoop at messages from the handsets, or governments will shut them down.

An Indian entrepreneur says he has invented a third way, however, which threatens to complicate the efforts by Canadian manufacturer Research In Motion Ltd. to expand overseas.

Ajay Data, 37, grew up in a family business that sold ceramics and crockery in the pink-walled city of Jaipur, 300 kilometres southwest of Delhi, but has spent the past decade building his own technology firm, Data Infosys Limited.

He’s a computer scientist born with the perfect name: “I was destined to work with data,” he says.

Last year, he read a newspaper article about the high-stakes negotiations between RIM and the government of India, which promises to cut off the country’s estimated one million Blackberry subscribers if a deal on surveillance cannot be finalized by Jan. 31.

Mr. Data rushed into action, assigning 30 programmers to design a system that allows users to send and receive e-mail from their BlackBerries without relying on RIM’s servers. Messages are shunted through a server in Jaipur, allowing Indian security forces to monitor the traffic if necessary.

He called his service Bharat Berry, using the local word for the Indian subcontinent, and says that 150,000 people downloaded his software in the first 15 days after the service debuted at the end of October. Some of those users were probably worried about their handsets turning into paperweights if the RIM-India dispute escalates, Mr. Data said, but others might have been lured by his introductory price – free – and the prospect of later paying $1 per month, instead of Blackberry subscription fees.

He acknowledges that his new business might suffer if, as local sources have suggested, RIM is about to settle with India. A similar disagreement with Saudi Arabia ended when the Canadian company agreed to install a server in that country.

“If RIM sets up a server in India, I will have difficulty selling this here,” Mr. Data said. “But they won’t set up servers everywhere in the world.”

The Bharat Berry could prove popular in countries that want to monitor their citizens’ messages but lack the political clout or spy technology of their bigger neighbours, he said, describing recent talks in Nepal as “promising.”

In an e-mailed statement, RIM dismissed the Bharat Berry as unimportant.

“RIM does not view the Data Infosys service as a viable alternative for BlackBerry customers,” the company said. “Further, RIM’s discussions with the government of India continue to be positive and constructive and RIM is committed to serving its customers and growing its business in India.”

Indian sources speculated that RIM could also take Mr. Data to court for effectively hijacking the BlackBerry. The Indian legal system is notoriously slow, but has shown independence from the government; the fact that the chief minister of Rajasthan presided over the Bharat Berry’s official launch would not insulate the company from lawsuits.

“I can’t believe that what he’s doing is legal,” said Ehud Gelblum, an analyst for Morgan Stanley in New York. “At the same time, you can see the danger for RIM, that people may find an alternative and never go back.”

The Indian upstart will never threaten RIM’s corporate services, analysts say, because large firms would worry about security and the long-term viability of a small company offering its own servers.

But analyst Ashok Kumar, with Rodman & Renshaw, said this kind of technology could prove disruptive to RIM’s efforts to reach the emerging markets that now represent 40 per cent of new handset sales.

“It will resonate in places where price is front and centre,” Mr. Kumar said.

For his part, Mr. Data says he does not want to interfere with RIM’s business. In fact, he hopes that adoption of his software will drive purchases of the company’s hardware.

Nor is he concerned that users will worry about governments spying on them; the new generation does not worry so much about privacy, he said.

“Do you really care if they know about your messages to your girlfriend?” he said.

Research In Motion Ltd. defended itself on two fronts Thursday, denying reports it had reached a deal with the Indian government to provide access to BlackBerry messages in that country and maintaining that the battery life in its embryonic PlayBook tablet computer was comparable to that of rivals already on the market.

The Waterloo, Ont.-based maker of smartphones said the report in India’s Economic Times was “inaccurate and misleading” in saying that RIM had offered to install a “network-data analysis system” that would “automatically decode all data flowing on RIM’s network.”

In a statement issued Thursday, RIM said “a network-data analysis system … is simply the name of a tool require(d) to allow carriers in India to provide lawful access to RIM’s consumer services, including BBM (BlackBerry Messenger).”

The company added that this is “not new information,” and such technology is also required of its competitors operating in India. RIM said “the government of India has publicly stated that they are satisfied with RIM’s approach to satisfying lawful access requirements for consumer services,” and denied the Economic Times assertion that a Jan. 31 deadline is in place for reaching a final agreement.

The company maintained that it is “technologically infeasible” to provide government access to messages sent via its BlackBerry Enterprise Server (BES), a more secure system widely used by its corporate and government customers. “The government of India has in fact accepted and acknowledged that any concerns about the use of strong encryption for corporate and government data is not a matter specific to BlackBerry, and that lawful access to such encrypted data is actually an industry matter,” RIM said.

According to Reuters, officials in India say they are continuing to have discussions with RIM regarding access to corporate e-mails.

RIM also denied claims about the battery life of its PlayBook tablet computer, saying power management will be comparable.

Kaufman Bros analyst Shaw Wu this week cited unnamed sources saying the PlayBook’s battery lasts “a few hours” compared with six hours for Samsung’s Galaxy Tab and 10 hours for Apple’s iPad.

Wu said RIM may have been forced to delay the PlayBook’s launch so it could re-engineer the product, unveiled in late September and due to be released early in 2011.

RIM dismissed Wu’s claims. “Any testing or observation of battery life to date by anyone outside of RIM would have been performed using pre-beta units that were built without power management implemented,” RIM said in a statement.

It said development of the battery was on schedule and its performance would be comparable to competitors.

Analysts, on average, forecast RIM will sell fewer than four million PlayBooks in the 12 months after its launch.

Apple has sold more than seven million iPads since launching the device in April and analysts expect as many as six million to have been sold in the December quarter.