Malware lifts documents from Indian Navy
The Indian Navy has apparently fallen victim to a data thief, according to a report in the Indian Express. Attackers have been using malware which copies sensitive documents from the Eastern Naval Command and, when connected to the internet again, forwards it to IP addresses in China. There is, to date, nothing known about the data thieves.
Sources told the newspaper that the classified data has been leaked and that the breach may have occurred as a result of the use of USB flash storage on important systems. The Navy and other armed forces store sensitive data on standalone systems, unconnected to the internet and supposedly with no free USB ports where a flash drive could be plugged in.
The malware is reported to have created a hidden folder on the USB flash drives. When the drive was plugged into a Navy system, the malware searched for files based on particular key words it had been configured to look for. These files were then copied to the flash drive where they would remain hidden. When the drive was plugged into a system which was connected to the internet, the malware would then begin to transfer the files to a specific IP address.
The damage caused by the loss is still being evaluated, and officials told the Indian Express that it would be "premature at this stage" to comment on how sensitive the data was. There has, however, been a Board of Inquiry which is reported to have indicted six officers for lapses in procedure. The Eastern Naval Command is responsible for planning operations and deployments in the South China Sea. It is also responsible for India's first nuclear missile submarine, INS Arihant.