The Indian cyberspace is under attack and is being increasingly targeted by hackers and cyber criminals from neighbouring countries.

ICERT (Indian Computer Emergency Response Team) statistics show a rise in defacement cases. In January, 466 cases were reported whereas in January 2008 the number was 81.

Defacement of a website means changing the original content on the website by editing or adding fake information about people, organisation, or issues.

"Defacement can lead to serious problems for an organisation or a government body owning a website," Vijay Mukhi of the Foundation for Information Security and Technology (FIST) said.

"If some fake information is added on a website, it can lead to huge monetary as well as other losses for the owner. Defacement can be done by hacking into a website or by using some flaws in the software."

The ICERT report has divided the cases of defacement into two sections -- defacement cases in TLD (Top Level Domain) websites and CCTLD (Country Code Top Level Domain). Websites that fall in the TLD category have extension codes such as com, org, net, and edu whereas CCTLD websites have extension codes such as in, ac.in, gov.in, or edu.in.

"Cases reported to ICERT deal with mostly government websites that have been defaced," a cyber crime expert said. "On most occasions, the person defacing the website is traced to foreign countries. This makes it difficult to take any action against them."

Mukhi said several cases of defacement were not reported to ICERT. "This is another reason why no action can be taken against culprits," he said. "People should register complaints. One should keep upgrading the operating and other softwares to prevent websites being defaced."

Shannon Rossmiller, a Montana mom who befriends and betrays online jihadists -- while she gets her kids ready for school. Her social networking has helped bust a half-dozen terror rings, authorities say.

Rossmiller succeeds by exploiting a fundamental flaw in al Qaeda's famously decentralized organization. The absence of a strict hierarchy makes it pretty easy for a cunning person to mix among the terrorists. So she poses as a potential al Qaeda soldier looking for like-minded comers. She creates multiple characters and uses her older and more respected personae to invite the new ones into private forums. There are other self-taught counterterrorists like her, but they tend to translate and discuss, lurk and report. Rossmiller works the terrorism boards as if she were playing a complex videogame. Her characters come complete with distinct personalities and detailed biographies that are as richly conceived as any protagonist on an HBO series. She keeps copies of everything, time-stamps files, and takes screenshots. She has an Excel spreadsheet that details the 640 people with whom she has had contact on these boards since 2002...

In May 2002, [for instance,] Rossmiller saw a post from a man in Pakistan who said he had access to Stinger missiles he wanted to sell. She wrote back to the person she now identifies in her files as Rocket Man, posing as someone interested in purchasing his wares. After a few exchanges, she abruptly threatened to cut off contact unless he provided proof he was who he said he was. "And I'll be gol-danged if a few days later, a nice little zip file appears with pictures of him sitting on some crates." The inventory numbers of the Stingers were clearly visible. Rossmiller then realized that her hobby had turned into something that needed attention from the FBI.

Rossmiller's not the only private citizen that's tangling with Islamic extremists online, of course. Earlier this month, terror-hunted Rita Katz made headlines when she accused the Bush Administration of blowing her surveillance of Al-Qaeda's "intranet."

Then there's Joseph G. Shahda, a Boston engineer who's "happily claiming credit" for knocking offline "40 militant Islamist Web sites," including "some of the world’s most active jihadi sites, with forums full of extremist chatter."

“These sites are very, very dangerous,” Shahda tells the New York Times. “And I think we should keep going after them. They are used as recruiting tools for terrorists, arousing emotions, teaching how to hate.”

Al Qaeda may have been a pioneer in exploiting new media to spread propaganda and recruit members. But now, many experts feel the terror group is falling behind. Despite all the hand-wringing in U.S. intelligence circles, Osama & Co. don't seem to be comfortable with Web 2.0-style applications. Marc Lynch explains why, in a must-read post. Here's a snip:

Social networking: one of the biggest problems for a virtual network like AQ today is that it needs to build connections between its members while protecting itself from its enemies. That's a filtering problem: how do you get your people in, and keep intelligence agents out? An AQMonster.com database would be easy pickings - an online list of all the 'explosives experts' would be a gift to intelligence, no? An AQFacebook or AQSpace might create an identifiable universe of jihadist sympathizers, but again would probably help intelligence agencies as much as AQ. Perhaps an AQLinkedIn model, where members need to be recommended by a current member would reproduce the low-tech approach of allowing in trusted members and keeping out unknown quantities. This could potentially strengthen the 'organization' part... but at the expense of a greater distance from the pool of potential recruits who would not be sufficiently trusted to join. Overall it's hard to see how AQ could adapt social networking without creating such vulnerabilities. Its rivals, on the other hand, have no such problems - Muslim Brotherhood youth are all over Facebook.

Could Twitter become terrorists' newest killer app? A draft Army intelligence report, making its way through spy circles, thinks the miniature messaging software could be used as an effective tool for coordinating militant attacks.

For years, American analysts have been concerned that militants would take advantage of commercial hardware and software to help plan and carry out their strikes. Everything from online games to remote-controlled toys to social network sites to garage door openers has been fingered as possible tools for mayhem.

This recent presentation -- put together on the Army's 304th Military Intelligence Battalion and found on the Federation of the American Scientists website -- focuses on some of the newer applications for mobile phones: digital maps, GPS locators, photo swappers, and Twitter mash-ups of it all.

The report is roughly divided into two halves. The first is based mostly on chatter from Al-Qaeda-affiliated online forums. One Islamic extremist site discusses, for example, the benefits of "using a mobile phone camera to monitor the enemy and its mechanisms." Another focuses on the benefits of the Nokia 6210 Navigator, and how its GPS utilities could be used for "marksmanship, border crossings, and in concealment of supplies." Such software could allow jihadists to pick their way across multiple routes, identifying terrain features as they go. A third extremist forum recommends the installation of voice-modification software to conceal one's identity when making calls. Excerpts from a fourth site show cell phone wallpapers that wannabe jihadists can use to express their affinity for radicalism:

Then the presentation launches into an even-more theoretical discussion of how militants might pair some of these mobile applications with Twitter, to magnify their impact. After all, "Twitter was recently used as a countersurveillance, command and control, and movement tool by activists at the Republican National Convention," the report notes."The activists would Tweet each other and their Twitter pages to add information on what was happening with Law Enforcement near real time."

Terrorists haven't done anything similar, the Army report concedes - although it does note that there are "multiple pro and anti Hezbollah Tweets." Instead, the presentation lays out three possible scenarios in which Twitter could become a militant's friend:

Scenario 1: Terrorist operative “A” uses Twitter with… a cell phone camera/video function to send back messages, and to receive messages, from the rest of his [group]... Other members of his [group] receive near real time updates (similar to the movement updates that were sent by activists at the RNC) on how, where, and the number of troops that are moving in order to conduct an ambush.

Scenario 2: Terrorist operative “A” has a mobile phone for Tweet messaging and for taking images. Operative “A” also has a separate mobile phone that is actually an explosive device and/or a suicide vest for remote detonation. Terrorist operative “B” has the detonator and a mobile to view “A’s” Tweets and images. This may allow ”B” to select the precise moment of remote detonation based on near real time movement and imagery that is being sent by “A.”

Scenario 3: Cyber Terrorist operative “A” finds U.S. [soldier] Smith’s Twitter account. Operative “A” joins Smith’s Tweets and begins to elicit information from Smith. This information is then used for… identity theft, hacking, and/or physical [attacks]. This scenario… has already been discussed for other social networking sites, such as My Space and/or Face Book.

Steven Aftergood, a veteran intelligence analyst at the Federation of the American Scientists, doesn't dismiss the Army presentation out of hand. But nor does he think it's tackling a terribly seriously threat. "Red-teaming exercises to anticipate adversary operations are fundamental. But they need to be informed by a sense of what's realistic and important and what's not," he tells Danger Room. "If we have time to worry about 'Twitter threats' then we're in good shape. I mean, it's important to keep some sense of proportion."

Al-Qaida's once-robust online propaganda network has taken a hit. The release of a 9/11 anniversary video was delayed by nearly a week. And one of the most popular video-distribution sites is offline.

For years, the al-Ekhlaas network of sites has been a primary distributor of videos from al-Sahab, Qaida's propaganda arm. Then, on September 11, al-Ekhlaas.net was suddenly re-registered. Its domain name now belongs to the joker.com hosting service. All of its content vanished. Related and mirrored pages also went down. Even al-Ekhlaas' YouTube account was suspended.

It's not the first time this has happened; hosting companies have dumped al-Ekhlaas sites before, in response to Western pressures. But the breadth of this effort points to a coordinated attack on a major nerve center of al-Qaida's information warfare effort. "Al Ekhlaas fans are beginning to lose hope of being able to log onto what was once the number one militant Islamist forum on the web," reports CBS' online Internet Terror Monitor.

The strikes against the propaganda network appear to be ongoing. A much-hyped al-Sahab video, commemorating the 9/11 attacks, was only released today -- six days late. And some online al-Qaida sympathizers are complaining that they've been unable to use their normal passwords, to download the video.

The Hindustani Times credits two bloggers with the disruption: Aaron Weisburd from Internet Haganah and "Rusty Shackleford" from The Jawa Report. Shackleford was quick to laugh off the accusation. "News of my ability to thwart al Qaida's online activities have been greatly exaggerated," he writes. Internet jihadists, on the other hand, are blaming American intelligence agencies for the takedown.

Online jihadists have already used YouTube, blogs and other social media to spread their propaganda. Now, a group of internet Islamic extremists is putting together a plan for "invading Facebook."

"We can use Facebook to fight the media," notes a recent posting on the extremist al-Faloja forum, translated by Jihadica.com. "We can post media on Facebook that shows the Crusader losses."

"We have already had great success in raiding YouTube," the poster adds. "American politicians have used Facebook to get votes, like the house slave Obama."

Groups like al-Qaida were pioneering users of the internet — to train, share ideas and organize. But some observers, like George Washington University professor Marc Lynch, see a reluctance to embrace Web 2.0 tools like Facebook. "One of the biggest problems for a virtual network like AQ today is that it needs to build connections between its members while protecting itself from its enemies. That's a filtering problem: How do you get your people in, and keep intelligence agents out?" he asks.

But as Jihadica.com author and West Point Combating Terrorism Center fellow William McCants notes, the proposed Facebook invasion "is not an attempt to replicate [existing] social networks." Instead, "the members of the campaign want to exploit existing networks of people who are hostile to them and presumably they will adopt new identities once they have posted their material."

The al-Faloja poster suggests seven "brigades" work together within Facebook. One will distribute videos and writing of so-called "martyrs." Another will spread military training material. Most of them will work in Arabic, presumably. But one of the units will focus just on spread English-language propaganda through Facebook.

A group of Israeli students and would-be cyberwarriors have developed a program that makes it easy for just about anyone to start pounding on pro-Hamas websites. But using this "Patriot" software, to join in the online fight, means handing over control of your computer to the Israeli hacker group.

"While you're running their program, they can do whatever they want with your computer," Mike La Pilla, manager of malicious code operations at Verisign iDefense, the electronic security firm.

The online collective "Help Israel Win" formed in late December, as the current conflict in Gaza erupted. "We couldn't join the real combat, so we decided to fight Hamas in the cyber arena," "Liri," one the group's organizers, told Danger Room.

So they created a simple program, supposedly designed to overload Hamas-friendly sites like qudsnews.net and palestine-info.info. In recent years, such online struggles have become key components in the information warfare that accompanies traditional bomb-and-bullets conflicts. Each side tries to recruit more and more people -- and more and more computers -- to help in the network assaults. Help Israel Win says that more than 8,000 people have already downloaded and installed its Patriot software. It's a small part of a larger, increasingly sophisticated propaganda fight between supporters of Israel and Hamas that's being waged over the airwaves and online.

Help Israel Win, which has websites in Hebrew, English, Spanish, French, Russian and Portugese, doesn't say much about how the program functions -- only that it "unites the computer capabilities of many people around the world. Our goal is to use this power in order to disrupt our enemy's efforts to destroy the state of Israel. The more support we get, the more efficient we are."

Analysis from iDefense and the SANS Institute, however, reveals that computer users put their PCs at risk when they run the Patriot software. The program connects a computer to one of a number of Internet Relay Chat (IRC) servers. Once the machine is linked up, Help Israel Win can order it to do just about anything.

The Patriot program does something "fishy," SANS Institute security specialist Bojan Zdrnja said, by retrieving "a remote file and sav[ing] it on the local machine as TmpUpdateFile.exe." That could easily be a "trojan," Zdrnja said, referring to a program that sneaks malicious code onto a computer.

"While at the moment it does not appear to do anything bad (it just connects to the IRC server and sites there -- there also appeared to be around 1,000 machines running this when I tested this) the owner can probably do whatever he wants with machines running this," Zdrnja wrote.

Liri, with Help Israel Win, conceded that "the Patriot code could be used as a trojan. However, "practically it is not used as such, and will never be."

"The update option is used to fix bugs in the client, and not to upload any malicious code... never have and never will," Liri said. "The project will close right after the war is over, and we have given a fully functional uninstaller to [remove] the application."

It's also unclear how much the Patriot program is really helping the Israeli side in the online information war.

La Pilla has been monitoring Help Israel Win's IRC servers for days. "They didn't make us download and install anything. Didn't make us [attack] anybody. I was basically just sitting idle on their network." The group claims to have shut down sarayaalquds.org and qudsvoice.net. But, as of now, the rest of the group's pro-Hamas targets remain online. Meanwhile, Help Israel Win has had to shift from website to website, as they come under attack from unknown assailants.

Open wi-fi is a terrorist tool and has to be shut down, right this second. That's the conclusion, at least, of the Mumbai police. Starting today, the Times of India reports, "several police teams, armed with laptops and internet-enabled mobile phones, will randomly visit homes to detect unprotected networks."

"If a particular place's wi-fi is not password-protected or secured then the policemen at the spot has the authority to issue notice to the owner of the wi-fi connection directing him to secure the connection," deputy commissioner of police Sanjay Mohite tells The Hindu. Repeat wi-fi offenders may receive "notices under the Criminal Procedure Code," another senior officer warns the Times.

Mohite notes that e-mails taking credit for terror attacks in New Delhi and Ahmedabad were sent through open wireless networks. "Unprotected IP addresses can be misused for cyber crimes,'' he says. Other Indian cities now require cyber cafes to install surveillance cameras, and to collect identification from all customers.

But plugging up all those perceived security sieves in Mumbai is going to take some work. A quick Sheriff's Brigade survey on Sunday showed that 80 percent of wi-fi networks in South Mumbai were left unlocked. And it's not like terrorists are all that 802.11-dependent, of course. An e-mail also took credit for December's massacre in Mumbai. Whether that came from an open wi-fi connection or not is unclear -- the mailer used an anonymizer service, to cover his electronic tracks.

Last summer, three weeks before the shooting war between Georgia and Russia began, online attackers started assaulting Georgia's websites. Since then, researchers have tried to find out who masterminded the network strikes -- military electronic warriors, patriotic hackers, cyber-crooks -- without finding anything definitive.

But Georgian National Security Council chief Eka Tkeshelashvili says she knows exactly who's behind the network assault. "There's plenty of evidence that the attacks were directly organized by the government in Russia," she tells Danger Room. It's perhaps the boldest, most direct accusation of blame to come from a senior government official in the Russia-Georgia cyber war.

But, in conversations with Danger Room, neither Tkeshelashvili nor her advisers offered any new evidence that conclusively linked Moscow to the attacks on Georgian cyberspace. "I'm not saying it's enough for a criminal court, to prove a case beyond a reasonable doubt," Tkeshelashvili conceded.

Nevertheless, Tkeshelashvili is scheduled to tell the GovSec conference in Washington, D.C. later today that "Russia invaded Georgia on four fronts. Three of them were conventional — on the ground, through the air, and by sea. The fourth was new — their attacks via cyberspace... It is, quite simply, implausible that the parallel attacks by land and by cyberspace were a coincidence — official denials by Moscow notwithstanding."

And she may not be wrong. But the maddening thing about network attacks is that it's all too easy to cloak identities, work through third-parties, and route attacks through far-flung servers. Which makes it next-to-impossible to definitively pin blame. Russian hackers have claimed key roles in the cyber war. Ordinary citizens were encouraged to pile on. One member of Russia's parliament recently said the whole thing was started out of his office.

"You'll never be able to establish, through in-band technical means, who was sitting in front of a computer from which an attack originates, nor can you discern their motivations," Bill Woodcock, research director at the Packet Clearing House, told Danger Room, when the attacks began. "Instead, one has to look at who the political beneficiary is, one has to look at who's claiming responsibility for the attack, and whether that claim is contested."

In her speech, Tkeshelashvili lays out a three-part hierarchy to the attacks:

"At the top of the hierarchy are the "Soldiers": the professional planners, computer scientists, engineers, and other implementers, including the military itself. Next are what some call the "Mercenaries." These are criminal organizations paid to carry out certain elements of the attacks. In this case, there are strong signs implicating an outfit known as the Russian Business Network (RBN). And, finally, there are the "Volunteers." These are individuals with PC’s who are recruited to carry out attacks. They are provided with access to all the necessary software tools, as well as to detailed instructions for carrying out the attacks. In other words, they don’t have to be skilled and “educated” hackers. This is literally a mobilization of the masses."

Jeffrey Carr, principal of hacker-tracker firm GreyLogic, LLC, says Tkeshelashvili is "definitely in the ballpark." But key details are off. The Russian Business Network, as a group of individuals, has been largely disbanded, for instance. Their infrastructure of shell companies and shady servers and botnets-for-hire remains. It's yet another complicating factor, when online investigators try to find who's behind a network attack.

The Pentagon has spent $100m (£68m) deflecting and cleaning up after online attacks in the past six months, according to the head of the US Strategic Command.

US Air Force general Kevin Chilton told a cyber security conference in Nebraska that the money was being spent on computer equipment, contractors and manpower to clean up after external attacks and internal mistakes.

"The important thing is that we recognise that we are under assault from the least sophisticated - what I would call the bored teenager - all the way up to the sophisticated nation state, with some pretty criminal elements sandwiched in between," Chilton told Associated Press. "This is indeed our big challenge as we think about how to defend it."

Chilton declined to say what percentage of the attacks came from outside the military's systems, or to comment on the likelihood that some attempts were being made by foreign governments.

Brigadier general John Davis, the US Army's deputy commander for network operations, said that investment needed to be made into hardening the defences of military systems, rather than spending funds fire-fighting after the event.

"You can either pay me now, or you can pay me later," he said. "It would be nice to spend that money proactively, rather than fixing things after the fact. "

Foreign spies have infiltrated the US electrical grid, leaving behind software programs that could disrupt the system in a time of war, American national security officials have claimed.

The intruders, who came from countries including China and Russia, were believed to be attempting to map the US electrical system and work out how it was controlled, according to reports in the Wall Street Journal.

Officials said the cyberspies had not tried to damage the grid, but warned they could during a crisis or war.

"The Chinese have attempted to map our infrastructure, such as the electrical grid," a senior intelligence official told the paper. "So have the Russians."

The intrusion spread across the country and didn't target any specific companies or regions, a former Department of Homeland Security official said. "There are intrusions, and they are growing," the former official said, referring to electrical systems. "There were a lot last year."

Several of the intrusions were detected by US intelligence agencies and not by the companies in charge of the infrastructure, the officials said.

The breaches come as concern grows among the intelligence community over cyber attackers taking control of electrical facilities, a nuclear power plant or financial networks via the internet.

More worrying was the discovery that the cyberspies had left behind software tools that could be used to destroy infrastructure components, the senior intelligence official said. He told the Wall Street Journal: "If we go to war with them, they will try to turn them on."

Water, sewage and other infrastructure systems were also believed to be at risk.

"Over the past several years, we have seen cyberattacks against critical infrastructures abroad, and many of our own infrastructures are as vulnerable as their foreign counterparts," Director of National Intelligence Dennis Blair recently told politicians. "A number of nations, including Russia and China, can disrupt elements of the U.S. information infrastructure."

The Indian military fears a ‘Chinese aggression’ in less than a decade. A secret exercise, called ‘Divine Matrix’, by the army’s military operations directorate has visualised a war scenario with the nuclear-armed neighbour before 2017.

“A misadventure by China is very much within the realm of possibility with Beijing trying to position itself as the only power in the region. There will be no nuclear warfare but a short, swift war that could have menacing consequences for India,” said an army officer, who was part of the three-day war games that ended on Wednesday.

In the military’s assessment, based on a six-month study of various scenarios before the war games, China would rely on information warfare (IW) to bring India down on its knees before launching an offensive.

The war games saw generals raising concerns about the IW battalions of the People’s Liberation Army carrying out hacker attacks for military espionage, intelligence collection, paralysing communication systems, compromising airport security, inflicting damage on the banking system and disabling power grids. “We need to spend more on developing information warfare capability,” he said.

The war games dispelled the notion that China would take at least one season (one year) for a substantial military build-up across India’s northeastern frontiers. “The Tibetan infrastructure has been improved considerably. The PLA can now launch an assault very quickly, without any warning, the officer said.

The military believes that China would have swamped Tibet with sweeping demographic changes in the medium term. For the purposes of Divine Matrix, China would call Dalai Lama for rapprochement and neutralise him. The top brass also brainstormed over India’s options in case Pakistan joined the war to. Another apprehension was that Myanmar and Bangladesh would align with China in the future geostrategic environment.

An Israeli network security company brought down a Hizbullah-run Web site last week using hacking technology developed in China, Haaretz reported Tuesday. According to the daily, the Israeli company Applicure employed relatively cheap, accessible and easy to use software to bring down the site, english.hizbollah.tv, with only 10 computers.

Nevertheless, in the wake of the report, commentators were already questioning the ways in which privately waged cyber-warfare could affect the tense relationship between avowed enemies like Israel and Hizbullah.

The term used to describe the use of a singular or coordinated assault on a Web site to prevent it from properly functioning is "denial of service" (DOS) or distributed denial of service (DDOS). DOS or DDOS attacks utilize a number of computers, infected by viruses or Trojan horses and grouped into networks, to bombard a Web site with an overwhelming number of illegitimate requests, preventing it from servicing legitimate requests.

DOS is only one of many way to bring down a Web site or network, but it is often considered the most popular method because it does not require the advanced software used in other forms of Web sabotage.

Computers used by and often hijacked (without the knowledge of the primary user) by hackers are known as bots. Only ten of these bots, according to Haaretz were needed to interrupt the Hizbullah site.

Haaretz reported that Applicure was "trying out breaking-in tools developed by Chinese hackers," when it brought down the site. The report added that the software used was intended for "laymen," not hackers well-versed in programming.

In addition, the article noted that this particular software is relatively cheap, as little as $260 a year with a limited number of bots, and that it use to disrupt services can earn a user a six figure salary, primarily through blackmail.

Applicure has partners in South Korea, which is reportedly a popular place for Chinese hackers to disrupt Web-based services, especially gaming sites, which are quite popular. China's Computer Emergency Response Team increased its risk assessment to China's internal network twenty fold in 2007.

In the United States, DOS attacks often target online gambling sites where the private information of users, like credit card information can be mined, by infecting the largest number possible of personal computers with Trojan horses.

Citing technology and security experts, the report said this kind of virus infects an entire site and tires to "download" itself on to as many users computers as possible.

China has gained capability to shut down Britain by crippling its telecoms and utilities, a report claimed on Sunday.

Intelligence chiefs have told the government that equipment installed by Huawei, the Chinese telecoms giant, in BT's new communications network could be used to halt critical services such as power, food and water supplies.

According to a report in The Sunday Times, the warnings coincide with growing cyber warfare attacks on Britain by foreign governments, particularly Russia and China.

While BT has taken steps to reduce the risk of attacks by hackers or organised crime, the government believed that the mitigating measures are not effective against deliberate attack by China.

According to the report, Alex Allan, chairman of the Joint Intelligence Committee (JIC), briefed members of the ministerial committee on national security about the threat from China at a top-secret official meeting in January.

Home Secretary Ms Jacqui Smith chaired the meeting.

A media report on Sunday said vast cyber spy network controlled from China has infiltrated government and private computers in 103 countries, including those of Indian embassy in Washington and the Tibetan spiritual leader Dalai Lama.

Canadian researchers, the New York Times reported, have concluded that the computers based almost exclusively in China are controlling the network and stealing documents, but stopped short of saying that the Chinese government was involved.