The hunt for Red October

Cyber espionage remains a big threat in India and Russia. Source: Photoxpress

Cyber espionage remains a big threat in India and Russia. Source: Photoxpress

Red October not only exposes the vulnerability of India’s national security, it reveals the new reality in cyber espionage – amateur hour is over and the professionals hired by nation states have taken over.

The origins of  Red October are still a mystery. Russia’s Kaspersky Labs has detected the malware on 300 computers but these are its own clients; there are probably many more systems where they are still lurking and working undetected. Based on information released by Kaspersky, we can only speculate about the nationality of the evil geniuses behind this sweeping global espionage campaign.

The Americans and Israelis

The United States has the most extensive intelligence gathering system ever created. The National Security Agency – whose sweep makes the CIA look like a corner-store operation by comparison – is constructing a super massive building that is about to take espionage to a different level.

According to Wired, “Under construction by contractors with top-secret clearances, the blandly named Utah Data Center is a project of immense secrecy; it is the final piece in a complex puzzle assembled over the past decade. Its purpose: to intercept, decipher, analyze, and store vast swaths of the world’s communications as they zap down from satellites and zip through the underground and undersea cables of international, foreign, and domestic networks. The heavily fortified $2 billion center should be up and running in September 2013.”

The United States has an extensive intelligence operation ring in India. In 2004 Indian counter intelligence discovered senior RAW agent Rabinder Singh passing on sensitive internal documents to his American handlers. The then Atal Bihari Vajpayee-headed NDA government, however, decided not to make the case public to avoid embarrassing the American government.

The upshot: tailing Singh for an overly long period tipped off the CIA who ensured a safe passage for him to the United States with an American passport. This was extraordinary in the history of espionage. Issuing an American passport to a compromised spy to enable him to escape was virtually admitting he was their man. The fact they did it without worrying about its impact on Indo-US ties indicates they knew Singh’s interrogation would have exposed other CIA assets in India.

Considering that Flame, Stuxnet and Gauss were developed by the Americans and Israelis, and they have an active interest in targeting computers in Iran and other Middle Eastern countries, the twosome remains among the leading suspects.

The Chinese

The Chinese are obvious suspects. According to Kaspersky’s report the "exploits appear to have been created by Chinese hackers". That itself may not be a definitive clue – when the Duqu worm was first discovered, the server it was sending its data to was eventually found in India.

A key clue is not who is in the list of countries targeted but who is not. Two leading intelligence operators, Britain and China, have escaped Red October’s sweep. Several years ago, Chinese IT students in Indian tech giant Infosys were expelled after Indian intelligence exposed them as spies.

China’s global intelligence gathering operation is rivalled only by the United States. It has the most to gain from spying on Russia, India and the Central Asian countries. According to Techworld“Whoever built this software wanted to keep long-term tabs on the military-governmental complex in countries once allied to Russia and their often new allies across the globe.”

Markus Jakobsson, cybersecurity expert at FatSkunk, a Silicon Valley anti-mobile malware company, told Mashable that because the motives seem to be political, he’s putting his money on China.

List of countries with most number of infections is topped by Russia:


Russia: 35

Kazakhstan: 21

India: 15
Azerbaijan: 15
Belgium: 15

Afghanistan: 10
Armenia: 10

Iran: 7
Turkmenistan: 7

Ukraine: 6
Vietnam: 6
USA: 6

Pakistan: 5

Brazil: 4

The Russians

Though an independent company, Kaspersky has strong ties to the FSB and the Russian government, whose cyber security it fiercely protects. If Red October had been a Russian government operation, there is simply no way Kaspersky would have outed it.

Kaspersky drops a few hints about the involvement of Russian speakers, starting with the malware’s name in its antivirus database, Backdoor.Win32.Sputnik. It says there are clues that its creators spoke Russian. They could be either native Russians or Russian-speaking immigrant Jews, perhaps based in Israel.

Jakobsson adds that if the motivation is criminal, “then my bets are that it is from Russia”.

The British and French

They are not in the same league as the first three, but the British and French do have the ambition – if not the technical expertise – to mount an espionage campaign of such massive sweep.

The Europeans are seeing their grip on global markets slipping and spying of this magnitude would give them an advantage in new and emerging markets. For instance, if the French or British know exactly what the mandarins in India’s Defence Ministry want, Dassault or Eurofighter can then submit a tailor made tender document that would undercut rivals.

Outing the Americans

Red October is not the first espionage campaign unearthed by the Russians. In the early eighties the KGB outed several CIA and British espionage campaigns in India, including one major spy ring in the Prime Minister’s Office. On one occasion, the KGB sent the dossier to the Indian media, thoroughly embarrassing the Americans. These scandals eventually led to the “foreign hand” scare.

To be sure, the Russians had no altruistic motive in exposing CIA activities in India; it was simply part of the global propaganda war. That it benefited India was incidental.

Kaspersky’s revelation that Indian state secrets may have been compromised by Red October shouldn’t really come as a surprise to seasoned observers. India, with its booming markets and big-ticket defence purchases, is an obvious target of intelligence gathering.

Back in the days of cloak-and-dagger style spying, a bottle of whiskey and a handful of cash would suffice to ferret out classified documents from the Prime Minister’s Office.

Former KGB general Oleg Kalugin, who was posted in India, has written in his memoirs that the country leaked like a sieve. The situation was so bad that neither the Americans nor the Russians trusted their Indian sources because they knew any secret passed on to Indians would end up on the other side within hours.

But today intelligence agencies don’t need to depend upon a greasy haired government servant to turn traitor because the job can easily be done by computer programs. Unlike a human spy, these cyber weapons work silently, can venture where few humans would dare to, and can self-destruct if detected – something a human is unlikely to do – giving few clues as to their origin.

India’s cyber security has been exposed on numerous occasions by hackers and foreign intelligence agencies. Senior government officials are known to use Gmail for internal communications. As long as sensitive information is sent and stored in such a cavalier manner, foreign espionage agencies will have a field day in India. And Kalugin’s words will continue to ring true.

All rights reserved by Rossiyskaya Gazeta.

More exciting stories and videos on Russia Beyond's Facebook page

This website uses cookies. Click here to find out more.

Accept cookies