Chinese hackers may be using websites similar to those of 19 high courts in the country to spread computer virus and convert the user's system into a virtual zombie, a security expert has claimed before the CBI.
Commander (Retd.) Mukesh Saini, former naval officer and a cyber security consultant, brought the nefarious designs of these alleged hackers to the notice of Cybercrime wing of the CBI recently, which is looking into it.
Saini highlighted the modus operandi of these web sites which have addresses similar to the original ones - for example Delhi high court address is 'http://delhihighcourt.nic.in' while the phishing website address is 'http://delhi.highcourt.in'.
"When we analysed the website script, we found that the server had a '.cn' location. Also we found script used in the website was a declared malware program. These sites are dangerous because even if a user accidentally accesses them the malware spreads in his or her system.
"The program is designed in such a way that user's system functions normally but hackers can use it to extract any information without the user knowing it," he claimed.
Such websites came to the notice of Saini, founder of cyber security firm 'Xcyss', when he was following a news report on an employment scam running through the fake website of Patna High Court. Further analysis revealed there were identical websites of 19 high courts in the country.
The design of these replica websites was curious because it did not seek any information, such as financial details from the visitor, which prevents them of being suspicious.
When a detailed analysis of its program was done, it revealed the purpose was to infect all the visitors of these sites and take remote control of the visitors of High Court websites which may include legal departments of government, advocates and litigants.
"It was an attempt to infect all the visitors of these sites and take remote control of the visitors of High Court websites, including police, CBI, legal departments of government, advocates and litigants," Saini said.
He claimed these sites were operating since 2006 and as per the records gathered by his firm, these sites were infecting Indian computers since January 2009.
"Hence, we thought it right to inform the authority concerned and seeing the transnational impact of this, I gave a report to the CBI which is examining it and would take action suitable under the law," he said.