NEW DELHI: The Union Ministry of Home Affairs (MHA) on Thursday sounded an alert to all ministries and government departments after learning that cyber terrorists were using a bogus email ID registered in Railway Minister D V Sadananda Gowda’s name to gain access to critical and sensitive information pertaining to the various ministries.
Decoding the modus operandi of cyber terrorists, the MHA said an email -- “DV Sadananda Gowdafirstname.lastname@example.org” -- which has embedded malware and resembles the original email address of Railway Minister (email@example.com) was being circulated by the foreign-based cyber criminals to infect the targeted computers and connect it to their network to steal sensitive files. “The email has a malicious attachment – India-China Railway Cooperation.doc. Initial leads indicate that the email may have originated from a foreign-based IP. The mail would severely impair the security of data being stored, processed and transacted by infected computer system,” an MHA letter said.
A senior information security official in the MHA said the cyber criminals have used a topical and attractive subject, laced with espionage malware, to penetrate the government systems.
“The header – India-China Railway cooperation – in the name of Railway Minister in the document appears genuine. The moment gullible officers, not aware of espionage malware, is tricked into downloading the attachment, it provides the malware access to the computer. Cyber criminals, using backdoor, can gain access to all the information and files stored on the system and the entire hard disc can be copied using remote command and control servers by cyber criminals,” the official said.
The email has triggered alarm bells in the Central agencies, with the MHA advising the senior bureaucrats and babus in the government departments not to open any mail from unknown or suspicious mail ID and not to download, save or open any attachment without scanning for virus.
The MHA has also asked the officials not to open any files attached to an email, if the subject matter appeared questionable or unexpected, notwithstanding the email originating from a known source or email ID.
“To minimise the exposure of email addresses, avoid publishing official mail IDs in public domain like websites and blogs, unless official work related to public interaction. Officials are advised to send all official information only through NIC email accounts, not to use private email for official purpose and not to use personal ID for official communication,” the letter said.