PakAlumni Worldwide: The Global Social Network
The Global Social Network
Global Cyber Arms Race Heating Up?
The United States has launched successful cyber attacks against Iran and North Korea in recent years, according to multiple credible reports. These cyber attacks have caused physical destruction of thousands of Iranian nuclear centrifuges and disrupted North Korean missiles on launchpads or shortly after takeoff. Some of the code and developer tools used in the attacks have leaked out. These leaks are enabling other nations to learn and develop their own offensive cyber weapons. The United States and the United Kingdom have accused Russia of using social media apps like Facebook and Twitter to exploit and deepen divisions during the US presidential elections and the UK's Brexit referendum in 2016. Similar warfare techniques, described by the US RAND Corporation as New Generation or Hybrid Warfare, are probably being deployed by other nations as well. It refers to the use of a broad range of subversive instruments, many of which are nonmilitary, to further a country's national interests. It wouldn't be far-fetched to think that India and Pakistan are learning from New Generation Warfare techniques developed and deployed by technologically advanced nations.
US-Israel Joint Stuxnet Against Iran:
A large number of Iranian centrifuges suddenly started to blow up around 2008-9 soon after President Barack Obama's inauguration. The mystery was finally resolved in the summer of 2010 when a computer worm later named Stuxnet escaped Iran’s Natanz plant and spread around the world on the Internet.
New York Times' David Sanger reported that the United States and Israel developed Stuxnet and then tested it by building replicas of the Iranian Natanz plant equipped with Pakistani P-1 centrifuge designed in 1980s. Americans obtained P-1 centrifuges from Libyan leader Moammar Ghadafi and dismantled them to learn how it worked. P-1 uses a Siemens controller S7-417. Stuxnet inserted malware in the Siemens controller to suddenly change the centrifuge speed which caused its destruction. It was designed to attack computers with specific configuration of Siemens S7-417 controller. Here's how New York Times' David Sanger described the test results:
"After several false starts, it worked. One day, toward the end of Mr. Bush’s term, the rubble of a centrifuge was spread out on the conference table in the Situation Room, proof of the potential power of a cyberweapon. The worm was declared ready to test against the real target: Iran’s underground enrichment plant."
US Left-of-Launch Attack Against North Korea:
A very high percentage of North Korean missile launches failed in the period from 2015 to 2017. The missiles either blew up on the launchpads or failed soon after launch. These failures are widely attributed to American cyber attacks.
American strategists see Left-of-Launch cyber weapons as a low-cost extension of their missile defense strategy. Gen. James Dickinson, the chief of Army Space and Missile Defense Command and Army Forces Strategic Command, explains it as follows:
“You’ve probably heard the conversation about how we’re on the wrong side of the cost curve for missile defense many times. We’re utilizing multi-million-dollar interceptors against very inexpensive missiles and those types of threats, So it’s a balance. It has to be a balance between the end game, if you will, where we’re relying on an interceptor to defeat the threat and other approaches."
Russia's Information Warfare in US, UK:
The United States and the United Kingdom have accused Russia of using social media apps like Facebook and Twitter to exploit and deepen divisions during the US presidential elections and the UK's Brexit referendum in 2016.
American and British intelligence officials believe Russia used all major social media platform to spread words, images and videos tailored to voters’ interests to help elect President Trump. Similar allegations have been made by the British government about Russian interference to influence the outcome of the Brexit vote in the U.K.
Facebook, Google and Twitter acknowledged in 2017 that they had identified Russian interference on their sites. The companies have responded to the threat — Facebook, in particular, created a “war room” in 2018 to fight interference around elections — but none has revealed interference around US midterm elections in 2017 on the same scale as in 2016.
Cyber Weapons Code and Tools Leaks:
Stuxnet worm and recently leaked NSA's hacking tools by Shadow Brokers have revealed the extent of US intelligence agencies' cyber spying and hacking operations. Symantec's Liam O'Murchu who was among the first to unravel Stuxnet says it is "by far the most complex piece of code that we've looked at — in a completely different league from anything we’d ever seen before." It is almost certain that the code is being reverse-engineered and repurposed as their weapon by cyber warriors in many countries around the world.
In 2013, a group known as "Shadow Brokers" leaked NSA's sophisticated cyberweapons that have exposed major vulnerabilities in Cisco routers, Microsoft Windows, and Linux mail servers. Soona after the Shadow Brokers leak, North Korea is believed to have developed and used WannaCry ransomware. It encrypts files on the target PC's hard drive, making them inaccessible, then demands a ransom payment in bitcoin to decrypt them.
Summary:
American agencies have launched successful cyber campaigns against adversaries like Iran and North Korea in recent years, according to multiple credible reports. These cyber attacks have caused physical destruction of thousands of Iranian nuclear centrifuges and disrupted North Korean missiles on launchpads or shortly after takeoff. Some of the code and developer tools used in the attacks have leaked out. These leaks are enabling other nations to learn and develop their own offensive cyber weapons. The United States and the United Kingdom have accused Russia of using social media apps like Facebook and Twitter to cause and deepen divisions during the US presidential elections and the UK's Brexit referendum in 2016. Similar warfare techniques, described by the US RAND Corporation as New Generation or Hybrid Warfare, are probably being deployed by other nations as well. It refers to the use of a broad range of subversive instruments, many of which are nonmilitary, to further a country's national interests. It wouldn't be far-fetched to think that India and Pakistan are learning from New Generation Warfare techniques developed and deployed by technologically advanced nations.
Related Links:
Cyber Hacking Tools in Pakistan
Pakistan Operation Arachnophobia
Revolution in Military Affairs: Cyberweapons and Robots
Pakistani-American Founder of Fireeye Cyber Firm
Pakistan Boosts Surveillance to Fight Terror
Pakistan's Biometric Registration Database
Ex Indian Spy Documents RAW's Successes in Pakistan
Intelligence Failures in Preventing Daily Carnage in Pakistan
What If Musharraf Had Said NO to US After 911?
Pakistani Computer Scientist Fights Terror
Views: 457
-
Comment by Riaz Haq on July 3, 2020 at 4:28pm
-
Iran threatens retaliation after what it calls possible cyber attack on #nuclear #centrifuge site. A 2010 Stuxnet virus, which is widely believed to have been developed by #US and #Israel, was discovered after it was used to attack #Iran's Natanz facility.https://reut.rs/2VH6oQz
The Natanz uranium-enrichment site, much of which is underground, is one of several Iranian facilities monitored by inspectors of the International Atomic Energy Agency (IAEA), the U.N. nuclear watchdog.
Iran’s top security body said on Friday that the cause of the “incident” at the nuclear site had been determined, but “due to security considerations” it would be announced at a convenient time.
Iran’s Atomic Energy Organisation initially reported an “incident” had occurred early on Thursday at Natanz, located in the desert in the central province of Isfahan.
It later published a photo of a one-storey brick building with its roof and walls partly burned. A door hanging off its hinges suggested that there had been an explosion inside the building.
“Responding to cyber attacks is part of the country’s defence might. If it is proven that our country has been targeted by a cyber attack, we will respond,” civil defence chief Gholamreza Jalali told state TV late on Thursday.
An article issued on Thursday by state news agency IRNA addressed what it called the possibility of sabotage by enemies such as Israel and the United States, although it stopped short of accusing either directly.
“So far Iran has tried to prevent intensifying crises and the formation of unpredictable conditions and situations,” IRNA said. “But the crossing of red lines of the Islamic Republic of Iran by hostile countries, especially the Zionist regime and the U.S., means that strategy...should be revised.”
SUSPICIONS
Three Iranian officials who spoke to Reuters on condition of anonymity said they believed the fire was the result of a cyber attack, but did not cite any evidence
One of the officials said the attack had targeted a centrifuge assembly building, referring to the delicate cylindrical machines that enrich uranium, and said Iran’s enemies had carried out similar acts in the past.
Two of the officials said Israel could have been behind the Natanz incident, but offered no evidence.
Asked on Thursday evening about recent incidents reported at strategic Iranian sites, Israeli Prime Minister Benjamin Netanyahu told reporters: “Clearly we can’t get into that.”
The Israeli military and Netanyahu’s office, which oversees Israel’s foreign intelligence service Mossad, did not immediately respond to Reuters queries on Friday.
In 2010, the Stuxnet computer virus, which is widely believed to have been developed by the United States and Israel, was discovered after it was used to attack the Natanz facility.
The IAEA said on Friday the location of the fire did not contain nuclear materials, and that none of its inspectors was present at the time.
-
-
Indian cyber-spy ‘Confucius’ targets #Pakistan, #Kashmir: #Indian hackers using #malware to target Pakistani military officials, Pak's top #nuclear regulator and #Indian election officials in #Indian Occupied Kashmir, says San Francisco-based Lookout Inc.
https://www.smh.com.au/world/asia/indian-cyber-spy-confucius-target...
Oakland, California: A hacking group with ties to the Indian military adopted a pair of mobile surveillance tools to spy on geopolitical targets in Pakistan and Kashmir amid persistent regional tensions between the nuclear-armed neighbours, according to a report from a cyber security company.
The group is known for commandeering legitimate web services in South Asia and embedding surveillance tools or malware inside apps and services to conduct espionage. Since 2017, and as recently as December, the hackers have relied on spyware to target Pakistani military officials, the country’s top nuclear regulator and Indian election officials in the disputed state of Kashmir, according to the report released by San Francisco-based Lookout Inc on Thursday.
The campaign appears to be just the latest example of hackers targeting sensitive security targets with social engineering tactics - luring victims to download malicious files disguised as benign applications. What’s unique about attacks by the group, dubbed Confucius, is the extent to which its operators go to veil their efforts, experts say.
Using knock-off web applications disguised as Google security tools and popular regional chat and dating applications, Confucius managed to access 156 victims’ devices in a trove of data recently discovered by the research team. The files and related logs were found in unsecured servers used by the attack group, according to the report. Most of the users who recently accessed those servers were based in Northern India.
Once the attackers penetrate a device, they scrape it for data, including call logs, contacts, geolocation, images and voice notes. In some cases, the hackers took screen shots of the devices and recorded phone calls. In at least one instance, intruders got inside the device of a Pakistani Air Force service member and viewed a contact list filled with other Air Force officials, said Apurva Kumar, Lookout’s staff security intelligence engineer.
“While their technical tools and malwares might not be that advanced, the Confucius threat actor invests human time to gain trust from their targets,” said Daniel Lunghi, threat researcher at the cyber security firm, Trend Micro. “And in certain sensitive fields where people are more cautious, it might be what makes the difference.”
In two cases, researchers discovered that hackers stole the contents of WhatsApp chat conversations from 2017 and 2018 between officials at the Pakistan Nuclear Regulatory Authority, Pakistan Atomic Energy Commission and unknown third-parties. Then in April 2019, in the midst of India’s latest national election, the attackers burrowed into the device of an election official in the Pulwama region of Kashmir, where months earlier an Indian security convoy was attacked by a Pakistan-based Islamic terrorist in a deadly explosion.
Kumar said she couldn’t disclose the details of the stolen data.
Her research indicates the espionage campaign ramped up in 2018 after unknown hackers breached the commercial surveillance-ware provider, Retina-X Studios. Hornbill, one of the malware tools used by the attackers, shares code similarities with Retina-X’s Mobile Spy products. Another piece of malicious software called Sunbird, which is capable of remotely commandeering a user’s device, appears to be rooted in code for a stalkerware service called, BuzzOutLoud, based in India.
-
-
IISS Report: #India has some #cyber-intelligence & offensive cyber capabilities but they are focused on #Pakistan. #Delhi is building new capability with the help of key international partners – including #US, #UK & #France. #Cyberwar https://indianexpress.com/article/india/focused-on-pakistan-rather-... via @IndianExpr
Cyberpower, in the study, is measured on seven parameters: from strategy to cybersecurity. India’s reform in cyber governance has been slow. It should better harness its digital start-up ecosystem, says the study.
Greg Austin, who leads the IISS programme on Cyber, Space and Future Conflict and played a leading role in the preparation of the report, told The Indian Express Sunday: “India has some cyber-intelligence and offensive cyber capabilities but they are regionally focused, principally on Pakistan. It is currently aiming to compensate for its weaknesses by building new capability with the help of key international partners – including the US, the UK and France – and by looking to concerted international action to develop norms of restraint.”
The report said that India’s approach towards institutional reform of cyber governance has been “slow and incremental”, with key coordinating authorities for cyber security in the civil and military domains established only as late as 2018 and 2019 respectively.
These work closely with the main cyber-intelligence agency, the National Technical Research Organisation.
“India has a good regional cyber-intelligence reach but relies on partners, including the United States, for wider insight”, the report said.
It said that the strengths of the Indian digital economy include a vibrant start-up culture and a very large talent pool. “The private sector has moved more quickly than the government in promoting national cyber security.”
The country is active and visible in cyber diplomacy but has not been among the leaders on global norms, preferring instead to make productive practical arrangements with key states, the report said.
“India is a third-tier cyber power whose best chance of progressing to the second tier is by harnessing its great digital-industrial potential and adopting a whole-of-society approach to improving its cyber security,” the report said.
The report also assessed China’s cyber power as clearly inferior to that of the US, and substantially below the combined cyber power of the US network of alliances.
The countries covered in this report are US, United Kingdom, Canada and Australia (four of the Five Eyes intelligence allies); France and Israel (the two most cyber-capable partners of the Five Eyes states); Japan (also an ally of the Five Eyes states, but less capable in the security dimensions of cyberspace, despite its formidable economic power); China, Russia, Iran and North Korea (the principal states posing a cyber threat to Western interests); and India, Indonesia, Malaysia and Vietnam (four countries at earlier stages in their cyber-power development). It is an ongoing study, which will cover a total of 40 countries, including Germany, Singapore, Nigeria among others.
India has been put in the third tier meant for countries that have strengths or potential strengths in some of these categories but “significant weaknesses” in others. Also in this category are: Japan, Iran, Indonesia, Vietnam, Malaysia and North Korea.
In the second tier, with world-leading strengths in “some” categories are: Australia, Canada, China, France, Israel, Russia and the United Kingdom.
-
-
IISS: Cyber Capabilities and National Power: A Net Assessment
London-based THE INTERNATIONAL INSTITUTE FOR STRATEGIC STUDIES
https://www.iiss.org/blogs/research-paper/2021/06/cyber-capabilitie...
India has frequently been the victim of cyber attacks, including on its critical infrastructure, and has attributed a significant proportion of them to China or Pakistan. CERT-In reported, for example, that there were more than 394,499 incidents in 2019,44 and 2020 saw an upsurge in attacks from China.45 Of particular concern to the Indian government are cyber attacks by North Korea that use Chinese digital infrastructure.46 The vast major- ity of the cyber incidents flagged by CERT-In appear to have been attempts at espionage,47 but they could also have resulted in serious damage to the integrity of
Indian networks and platforms. In 2020, India had the second-highest incidence of ransomware attacks in the world48 and the government banned 117 Chinese mobile applications because of security concerns.49
---------
Public statements by Indian officials and other open- source material indicate that India has developed rela- tively advanced offensive cyber capabilities focused on Pakistan. It is now in the process of expanding these capabilities for wider effect.
India reportedly considered a cyber response against Pakistan in the aftermath of the November 2008 terror- ist attacks in Mumbai, with the NTRO apparently at the forefront of deliberations.67 A former national security advisor has since indicated publicly that India pos- sesses considerable capacity to conduct cyber-sabotage operations against Pakistan,68 which appears credible
--------------------
Overall, India’s focus on Pakistan will have given it useful operational experience and some viable regional offensive cyber capabilities. It will need to expand its cyber-intelligence reach to be able to deliver sophisti- cated offensive effect further afield, but its close collab- oration with international partners, especially the US, will help it in that regard.
----------------
Raj Chengappa and Sandeep Unnithan, ‘How to Punish Pakistan’, India Today, 22 September 2016, https://www. indiatoday.in/magazine/cover-story/story/20161003-uri- attack-narendra-modi-pakistan-terror-kashmir-nawaz-sharif- india-vajpayee-829603-2016-09-22.
-
-
Pakistan-linked hackers targeted Indian power company with ReverseRat
https://thehackernews.com/2021/06/pakistan-linked-hackers-targeted-...
A threat actor with suspected ties to Pakistan has been striking government and energy organizations in the South and Central Asia regions to deploy a remote access trojan on compromised Windows systems, according to new research.
"Most of the organizations that exhibited signs of compromise were in India, and a small number were in Afghanistan," Lumen's Black Lotus Labs said in a Tuesday analysis. "The potentially compromised victims aligned with the government and power utility verticals."
Some of the victims include a foreign government organization, a power transmission organization, and a power generation and transmission organization. The covert operation is said to have begun at least in January 2021.
The intrusions are notable for a number of reasons, not least because in addition to its highly-targeted nature, the tactics, techniques, and procedures (TTPs) adopted by the adversary rely on repurposed open-source code and the use of compromised domains in the same country as the targeted entity to host their malicious files.
At the same time, the group has been careful to hide their activity by modifying the registry keys, granting them the ability to surreptitiously maintain persistence on the target device without attracting attention.
Explaining the multi-step infection chain, Lumen noted the campaign "resulted in the victim downloading two agents; one resided in-memory, while the second was side-loaded, granting threat actor persistence on the infected workstations."
The attack commences with a malicious link sent via phishing emails or messages that, when clicked, downloads a ZIP archive file containing a Microsoft shortcut file (.lnk) and a decoy PDF file from a compromised domain.
The shortcut file, besides displaying the benign document to the unsuspecting recipient, also takes care of stealthily fetching and running an HTA (HTML application) file from the same compromised website.
The lure documents largely describe events catering to India, disguising as a user manual for registering and booking an appointment for COVID-19 vaccine through the CoWIN online portal, while a few others masquerade as the Bombay Sappers, a regiment of the Corps of Engineers of the Indian Army.
-
-
Ignite Conducts Karachi Qualifier Round of Digital Pakistan Cybersecurity Hackathon 2022
https://propakistani.pk/2022/12/02/ignite-conducts-karachi-qualifie...
Ignite National Technology Fund, a public sector company with the Ministry of IT & Telecom, conducted the qualifier round of Digital Pakistan Cybersecurity Hackathon 2022 in Karachi on 1st December 2022 after conducting qualifier rounds at Quetta and Lahore.
The Cybersecurity Hackathon aims to improve the cybersecurity readiness, protection, and incident response capabilities of the country by conducting cyber drills at a national level and identifying cybersecurity talent for public and private sector organizations.
Dr. Zain ul Abdin, General Manager Ignite, stated that Ignite was excited about organizing Pakistan’s 2nd nationwide cybersecurity hackathon in five cities this year. The purpose of the Cyber Security Hackathon 2022 is to train and prepare cyber security experts in Pakistan, he said.
Speaking on the occasion, Asim Shahryar Husain, CEO Ignite, said, “The goal of the cybersecurity hackathon is to create awareness about the rising importance of cybersecurity for Pakistan and also to identify and motivate cybersecurity talent which can be hired by public and private sector organizations to secure their networks from cyberattacks.”
“There is a shortage of 3-4 million cybersecurity professionals globally. So this is a good opportunity for Pakistan to build capacity of its IT graduates in cybersecurity so that they can boost our IT exports in future,” he added.
Chief guest, Mohsin Mushtaq, Additional Secretary (Incharge) IT & Telecommunication, said, “Digital Pakistan Cybersecurity Hackathon is a step towards harnessing the national talent to form a national cybersecurity response team.”
“Ignite will continue to hold such competitions every year to identify new talent. I would like to congratulate CEO Ignite and his team for holding such a marathon competition across Pakistan to motivate cybersecurity students and professionals all over the country,” he added.
Top cybersecurity experts were invited for keynote talks during the occasion including Moataz Salah, CEO Cyber Talents, Egypt, and Mehzad Sahar, Group Head InfoSec Engro Corp, who delivered the keynote address on Smart InfoSec Strategy.
Panelists from industry, academia, and MoITT officials participated in two panel discussions on “Cyber Threats and Protection Approaches” and “Indigenous Capability & Emerging Technologies” during the event.
The event also included a cybersecurity quiz competition in which 17 teams participated from different universities. The top three teams in the competition were awarded certificates.
41 teams competed from Karachi in the Digital Pakistan Cybersecurity Hackathon 2022.
The top three teams shortlisted after the eight-hour hackathon were: “Team Control” (Winner); “Revolt” (1st Runner-up); and “ASD” (2nd Runner-up).
These top teams will now compete in the final round of the hackathon in Islamabad later this month.
Comment
- ‹ Previous
- 1
- 2
- Next ›
Twitter Feed
Live Traffic Feed
Sponsored Links
South Asia Investor Review
Investor Information Blog
Haq's Musings
Riaz Haq's Current Affairs Blog
Please Bookmark This Page!
Blog Posts
Pakistani Student Enrollment in US Universities Hits All Time High
Pakistani student enrollment in America's institutions of higher learning rose 16% last year, outpacing the record 12% growth in the number of international students hosted by the country. This puts Pakistan among eight sources in the top 20 countries with the largest increases in US enrollment. India saw the biggest increase at 35%, followed by Ghana 32%, Bangladesh and…
ContinuePosted by Riaz Haq on April 1, 2024 at 5:00pm
Agriculture, Caste, Religion and Happiness in South Asia
Pakistan's agriculture sector GDP grew at a rate of 5.2% in the October-December 2023 quarter, according to the government figures. This is a rare bright spot in the overall national economy that showed just 1% growth during the quarter. Strong performance of the farm sector gives the much needed boost for about …
ContinuePosted by Riaz Haq on March 29, 2024 at 8:00pm
© 2024 Created by Riaz Haq.
Powered by
You need to be a member of PakAlumni Worldwide: The Global Social Network to add comments!
Join PakAlumni Worldwide: The Global Social Network