India says its G20 summit last year faced massive cyber attacks, 1.6m attempts a minute

THE Indian government's official website faced a barrage of cyber attacks during the G20 summit held in New Delhi in September last year, with an average of 1.6 million attacks a minute or 26,000 attacks a second, the Indian Cyber Crime Coordination Centre (I4C), a division of the country's home affairs ministry, said on Wednesday (3).

Confirming the incident of attacks, Rajesh Kumar, chief executive officer of I4C, said at its annual press conference that they started soon after the website peaked during the summit, one of the biggest international events that India has hosted in recent memory. He said the attacks were resisted by the Indian Computer Emergency Response Team (CERT-IN) and the National Informatics Centre besides the I4C.

The I4C was established by the home ministry to set up a framework and ecosystem for law-enforcement agencies to tackle cybercrime in a coordinated and comprehensive way.

Read: ‘This is not era of war,’ reiterates Modi as India’s G20 presidency concludes

Kumar stopped short of disclosing specifics about the attacks or their origins, saying such information comes under the jurisdiction of CERT-IN, a national nodal body that responds to incidents of computer security.

Read: India’s G20 summit: A call for peace, prosperity & global cooperation

The Indian Express newspaper cited sources saying the probe suggested several groups from Pakistan and Indonesia carried out the attacks during the summit which was held on September 9 and 10 and attended by several top leaders, including US president Joe Biden and British prime minister Rishi Sunak.

Chinese president Xi Jinping and Russian president Vladimir Putin did not attend.

“The hackers employed two primary methods — Distributed Denial of Service (DDoS) attacks, utilizing multiple servers to inundate the source website and disrupt its functionality, and defacement attacks,” the Express cited a source as saying.

Kumar also gave details about the steep rise in cybercrime cases in India in 2022. He said the country saw more than 110 per cent rise in the number of instances reported on the National Cybercrime Reporting Portal (NCRP) vis-a-vis 2021. While 450,000 cases were reported in 2021, the number went up to 9,60,000 in 2022. In 2023, more than 15,56,000 cases were reported on NCRP.

The I4C chief also said that more than Rs 10,3000 crore (£978 million) were siphoned off from India by cybercriminals since April 1, 2021, of which agencies managed to block around Rs 1,127 crore (£107 million) and of that 9-10 per cent were restored in the accounts of the victims.