NEW DELHI: The MHA on Thursday sounded an alert across the government departments after learning that cyber terrorists were using a dubious email ID impersonating as original ID of Union Railway Minister D V Sadananda Gowda to attack critical and sensitive information infrastructure in various ministries.
Decoding the modus operandi of cyber terrorists, the MHA said an email -- “DV Sadananda Gowdafirstname.lastname@example.org” -- which has embedded malware and resembles the original email address of Railway Minister (email@example.com) was being circulated by the foreign-based cyber criminals to infect the targeted computers and connect it to their network to steal sensitive files. “The email has a malicious attachment -- India-China Railway Cooperation.doc. Initial leads indicate that the email may have originated from a foreign-based IP. The mail would severely impair the security of data being stored, processed and transacted by infected computer system,” an MHA letter accessed by Express said.
A senior information security official in the MHA said the criminals used a topical and attractive subject, laced with espionage malware, to penetrate government systems. “The header -- India-China Railway cooperation -- in the name of Railway Minister in the document appears genuine. The moment gullible officers, not aware of espionage malware, is tricked into downloading the attachment, it provides the malware access to the computer. Cyber criminals, using backdoor, can gain access to all the information and files stored on the system and the entire hard disc can be copied using remote command and control servers by cyber criminals,” he said.
The email has triggered alarm bells in the central agencies, with the MHA advising the senior bureaucrats and babus in the government departments not to open any mail from unknown or suspicious mail ID and not to download, save or open any attachment without scanning for virus. The MHA has also asked the officials not to open any files attached to an email, if the subject matter appeared questionable or unexpected, notwithstanding email originating from a known source or email ID.
“To minimise the exposure of email addresses, avoid publishing official mail IDs in public domain like websites and blogs, unless official work related to public interaction.
Officials are advised to send all official information only through NIC email accounts, not to use private email for official purpose and not to use personal ID for official communication,” the letter to all the government departments said.
The MHA has also asked bureaucrats not to open attachments having extension EXE, DLL, VBS, U64, SHS and PIF that appears as .txt.exe and .doc.exe. It has also advised the officials against clicking on any URL mentioned in the body of any email text, unless one was assured of the identity and credentials of the sender.