Pakistan's ISI may have installed malware in BSNL's database

Pakistan may have pulled off a cyber attack on the database of state-owned Bharat Sanchar Nigam Ltd (BSNL). According to Mint, Pakistan's Inter-Services Intelligence (ISI) may have penetrated the database of BSNL and installed spyware on its systems. A Pakistani intelligence officer is reported as having posed as Major Vijay from Indian Army headquarters and calling a BSNL employee back in February. The call was later followed up by a communication over email, which helped the intelligence officers acquire sensitive data. According to the Indian Home Ministry, the ISI used the data to successfully install malware on BSNL's networks. This may have “contaminated the telco’s computer systems and compromised the integrity and security of the system." BSNL's database might have malware The Home Ministry is worried that the malware installed by the ISI opens up BSNL's communication links for sensitive organisations, which in turn makes them vulnerable to further cyber attacks. “Social engineering techniques allow a lot of access if an employee is not made aware and trained to screen calls and handle sensitive data properly. Hackers have been able to get blueprints and sensitive data successfully through social engineering, which is made easier nowadays with people not caring about their privacy and personal data available in the public domain in social media sites,” said Shree Parthasarathy, Executive Director, Enterprise Risk Services, Deloitte. “Another challenge is the classification of data. If there was a standard process then I’m sure the breach would have been caught. It’s relatively easy to solve but poses a major threat at the present time.”