An article about the use of insecure wireless networks in India by terrorists. The IT Act, 2000 that is also the sole cyber law of India is also silent on this aspect.
The wireless networks are increasingly used in India. On the one hand we have the convenience of using wireless networks whereas on the other hand they are prone to hacking and other cyber crimes making them the premier crime perpetuation platform. The Information Technology Act, 2000 (IT Act, 2000) is the exclusive cyber law of India and it is silent on this aspect. We are also witnessing an increased use of insecure wireless networks for sending mails either before or after the terrorist attacks in India.
This is not only framing the innocent people of India for terrorist attacks but is also creating a technological problem for the law enforcement in India. In India we have very few experts who can mange issues related to cyber law and cyber forensics.
According to Praveen Dalal, the Leading Techno-Legal Specialist of India, “The hi-tech crimes involving and using integrated circuits and Internet would be the future cyber crimes trend in India. There is inadequate cyber security in India particularly for the wireless networks. This makes “wireless hacking” possible and that is often used for committing cyber crimes and other purposes. Wireless hacking is, generally, a four step process that includes wardriving, victim identification, passwords and encryption keys sniffing and finally hacking. If MAC filtering is in place the offender may go for the MAC address spoofing to trick the authentication process.”.
The problem of wireless hacking is repeatedly brought to the public notice but still most of the wireless connections are insecure in India. The terrorists have targeted the wireless networks of Mumbai State and most of the terrorist mails are coming from such hacked wireless systems. We must secure our wireless networks on the one hand and adopt sound and stringent Crisis Management Strategies against terrorism in India on the other hand.
“Wired Equivalent Privacy (WEP) was the first security option for 802.11 WLANs. However, it allows a hacker to crack the WEP key by exploiting the WEP vulnerability. Although a hacker can attempt to crack WEP by brute force, other “soft techniques” are also available. WPA employs the Temporal Key Integrity Protocol (TKIP)—which is a safer RC4 implementation for data encryption and authentication. TKIP rotates the data encryption key to prevent the vulnerabilities of WEP and, consequently, cracking attacks. WPA2 is similar to 802.11i and uses the Advanced Encryption Standard (AES) to encrypt the data payload. AES is considered an uncrackable encryption algorithm. WPA2 also allows for the use of TKIP during a transitional period called mixed mode security. However, none of them are “full proof” from cyber attacks” suggests Praveen Dalal.
This does not mean that we must keep our wireless systems unprotected and insecure. Wireless hacking becomes tougher if security mechanisms are at place. Otherwise even a novice person may also hack the wireless systems. India must concentrate upon stringent cyber law, robust cyber security, capable cyber forensics workforce and sound and stringent crisis management strategies for meeting terrorist attacks with an iron hand.