India, Pakistan Hackers Waging Cyber Warfare

Last year at the World Economic Forum, U.S.-based security software firm McAfee's CEO Dave Walt reportedly told some attendees that China, the United States, Russia, Israel and France are among 20 countries locked in a cyberspace arms race and gearing up for possible Internet hostilities. He further said that the traditional defensive stance of government computer infrastructures has shifted in recent years to a more offensive posture aimed at espionage, and deliberate disruption of critical networks in both government and private sectors. Such attacks could disrupt not only command and control for modern weapon systems such as ballistic missiles, but also critical civilian systems including banking, electrical grid, telecommunications, transportation, etc, and bring life to a screeching halt.



As if to confirm Walt's assertions, the Chinese hackers have allegedly stolen Indian national security information, 1,500 e-mails from the Dalai Lama’s office, and other sensitive documents, according to a report released by researchers at the University of Toronto. Media reports also indicated that government, business, and academic computers at the United Nations and the Embassy of Pakistan in the US were also targets. The UofT report also indicated there was no evidence to suggest any involvement by the Chinese government, but it has put Beijing on the defensive. Similar reports earlier this year said security investigators had traced attacks on Google and other American companies to China-based computers.

Chinese hackers apparently succeeded in downloading source code and bugs databases from Google, Adobe and dozens of other high-profile companies using unprecedented tactics that combined encryption, stealth programming and an unknown hole in Internet Explorer, according to new details released by the anti-virus firm McAfee and reported by Wired magazine. These hack attacks were disguised by the use of sophisticated encryption, and targeted at least 34 companies in the technology, financial and defense sectors, exploiting a vulnerability in Adobe’s Reader and Acrobat applications.

While the Chinese cyber attacks on US and India often get wide and deep coverage in the western media, a lower profile, small-scale cyber warfare is also raging in the shadows between India and Pakistan, according to some reports. These reports indicate that around 40-50 Indian sites are being attacked by Pakistani hackers on a daily basis whereas around 10 Pakistani sites are being hit by their Indian counterparts.

According to Pakistani blogger Arsalan Jamshed, cyberwars between the two countries started in May 1998. Soon after India officially announced its first nuclear test, a group of Pakistan-based hackers called milw0rm broke into the Bhabha Atomic Research Center web site and posted anti-India and anti-nuclear messages. The cyberwars usually have been limited to defacing of each others' sites. Defacement causes only superficial damage, in which only the home page of a site is replaced with hacker's own page, usually with some message for the victim. Such defacements started in May 1998 and continued during Kargil War in 1999 and then during that era when the tension between India and Pakistan was at its peak from Dec 2001 to 2002. Therefore, the period between 1999 to 2002 was very crucial, when the troops were busy across the LOC exchanging fire and the hackers were busy in defacing each others' websites.

In 2003, Indian and Pakistani hackers attacked each others' servers using variants of Yaha-Q email worm to shut down about 20 different applications, including personal firewalls and anti-virus software, according to Tony Magallanez, a system engineer with Finland-based F-Secure Corp.

Last year, there were news reports of Indian cyber attacks on Pakistan's Oil and Gas Regularity Authority. In retaliation, some Pakistani attackers hacked the websites of the Indian Institute of Remote Sensing, the Center for Transportation Research and Management, the Army's Kendriya Vidyalaya of Ratlam and the Oil and Natural Gas Corporation (ONGC). In one particular instance, Pakistani hackers removed the "most wanted" list from the Indian state Andhra Pradesh's CID (criminal investigation department) website and replaced it with messages threatening their Indian cyber rivals.

Unwelcome computer intrusions by Pakistani hackers are not new. The nation has the dubious distinction of being the birth place of the first ever computer virus know to mankind. Popularly called the 'Brain virus', it was created in 1986 by two Pakistani brothers, Amjad and Basit Farooq Alvi. This virus, which spread via floppy disks, was known only to infect boot records and not computer hard drives like most viruses today. The virus also known as the Lahore, Pakistani, Pakistani Brain, Brain-A and UIUC would occupy unused space on the floppy disk so that it could not be used and would hide from detection. It would also disguise itself by displaying the uninfected bootsector on the disk.

Responding to the increasing threat perception of cyber attacks, the Indian Navy Chief Admiral Sureesh Mehta has called for leveraging Indian strengths in Information Technology to build cyber warfare capabilities in India.

According to a Times of India report last year, the Indian Army is boosting the cyber-security of its information networks right down to the level of divisions, which are field formations with over 15,000 troops.

In addition to creating cyber-security organization to protect against cyber attacks and data thefts, the Indian Army leaders have also underlined the urgent need for "periodic cyber-security audits" by India's Army Cyber Security Establishment (ACSE).

The Indian Army's actions are a response to reports that both China and Pakistan are bolstering their cyber-warfare or information warfare capabilities at a rapid clip.

While the India-Pakistan cyber conflict is at best the stuff of minor league, the real major league contest is likely to occur between the United States and its major adversaries, particularly China. The Pentagon already employs legions of elite hackers trained in cyberwarfare, according to a Wired Magazine story in November, 2009. But they mostly play defense, and that's what Naval Postgraduate School professor John Arquilla wants to change. He'd like the US military's coders to team up with network specialists abroad to form a global geek squad. Together, they could launch preemptive online strikes to head off real-world battles.

Among other things, the Wired magazine story had a scenario discussed by John Arquilla where an elite geek squad of world hackers could be used to prevent India-Pakistan nuclear war by taking out the command and control systems of both nations.

The increasing cyber attacks on U.S. government's networks and critical infrastructure, and the growing complexity of IT infrastructure, are driving a surge in federal cybersecurity spending; the U.S. federal government's total cumulative cybersecurity spending would be $55 billion between 2010 and 2015, according a report by Homeland Security News Wire. At the same time, countries such as China and Russia recognize the fact that the United States has an unfair advantage over them in cyber warfare simply because most of the operating system and infrastructure software used in the world today has its origins in the United States. These concerns are fueling efforts by most major nations in the world to enhance their cyber security, and they are focusing on development of capacity to retaliate as a deterrence.

Related Links:

Haq's Musings

Pakistan's Multi-Billion Dollar IT Industry

John Arquilla: Go on the Cyberoffensive

Pakistan Defense Industry Going High Tech

India-Pakistan Military Balance

21st Century High Tech Warfare

Views: 442

Comment by Riaz Haq on August 2, 2012 at 10:30pm

Here's Wall Street Journal story on cyberweapons:

"Cyberattacks are easy, can be carried out at a low cost and have potentially high benefits," said Peter Sommer, a computer-security expert who teaches at the London School of Economics. "You don't have to keep agents in location for a long time. You can be sitting at a computer in your home country."

Many countries—including the U.S., Russia, China, Israel, the U.K., Pakistan, India and North and South Korea—have developed sophisticated cyberweapons that can penetrate and destroy computer networks, experts say. Increasingly, governments are going public about break-ins to their networks to raise public awareness.

"We are seeing an important shift in the way people understand computer security," said Ilias Chantzos, the director of government affairs outside the U.S., at technology-security firm Symantec Corp. "It used to be exotic. Now we are seeing it elevated to a national level."

Recently, the North Atlantic Treaty Organization said it would develop a new policy to deal with computer threats after a string of attacks on member countries.

In 2009, the European Commission published a paper calling for greater cooperation among member states to fend off cyberattacks.

However, keeping up with the development of new cyberthreats is proving challenging for governments, which have to spend heavily upgrading their defense systems and focusing their efforts on their most vulnerable points, experts say. France, for instance, created ANSSI in 2009. In 2012, the agency will hire 70 new staff and have an annual budget of €90 million ($125.8 million).

"No single infrastructure system is safe enough," said Mr. Pailloux.

http://online.wsj.com/article/SB10001424052748703386704576186061676...

Comment by Riaz Haq on February 28, 2013 at 11:00pm

Here's an IEEE Spectrum piece on Stuxnet virus:

1986

The Brain boot sector virus (aka Pakistani flu), the first IBM PC–compatible virus, is released and causes an epidemic. It was created in Lahore, Pakistan, by 19-year-old Basit Farooq Alvi and his brother, Amjad Farooq Alvi.
-----------

Computer cables snake across the floor. Cryptic flowcharts are scrawled across various whiteboards adorning the walls. A life-size Batman doll stands in the hall. This office might seem no different than any other geeky workplace, but in fact it’s the front line of a war—a cyberwar, where most battles play out not in remote jungles or deserts but in suburban office parks like this one. As a senior researcher for Kaspersky Lab, a leading computer security firm based in Moscow, Roel Schouwenberg spends his days (and many nights) here at the lab’s U.S. headquarters in Woburn, Mass., battling the most insidious digital weapons ever, capable of crippling water supplies, power plants, banks, and the very infrastructure that once seemed invulnerable to attack.

Recognition of such threats exploded in June 2010 with the discovery of Stuxnet, a 500-kilobyte computer worm that infected the software of at least 14 industrial sites in Iran, including a uranium-enrichment plant. Although a computer virus relies on an unwitting victim to install it, a worm spreads on its own, often over a computer network.

This worm was an unprecedentedly masterful and malicious piece of code that attacked in three phases. First, it targeted Microsoft Windows machines and networks, repeatedly replicating itself. Then it sought out Siemens Step7 software, which is also Windows-based and used to program industrial control systems that operate equipment, such as centrifuges. Finally, it compromised the programmable logic controllers. The worm’s authors could thus spy on the industrial systems and even cause the fast-spinning centrifuges to tear themselves apart, unbeknownst to the human operators at the plant. (Iran has not confirmed reports that Stuxnet destroyed some of its centrifuges.)
------------
Companies have been slow to invest the resources required to update industrial controls. Kaspersky has found critical-infrastructure companies running 30-year-old operating systems. In Washington, politicians have been calling for laws to require such companies to maintain better security practices. One cybersecurity bill, however, was stymied in August on the grounds that it would be too costly for businesses. “To fully provide the necessary protection in our democracy, cybersecurity must be passed by the Congress,” Panetta recently said. “Without it, we are and we will be vulnerable.”

In the meantime, virus hunters at Kaspersky and elsewhere will keep up the fight. “The stakes are just getting higher and higher and higher,” Schouwenberg says. “I’m very curious to see what will happen 10, 20 years down the line. How will history look at the decisions we’ve made?”

http://spectrum.ieee.org/telecom/security/the-real-story-of-stuxnet

Comment by Riaz Haq on March 30, 2015 at 8:38am
(Noor Azizi) Uddin was a slippery character -- a 52-year-old hacker (from Pakistan) who used multiple aliases, a guy with a massive bank account who seemed to always be one step ahead of the law. In 2012, he was arrested by Interpol but, because of an evidentiary snafu, he walked. The next year, the FBI put a $50,000 bounty on his head for any information that could lead to his arrest.

Then, in early 2015, that tip finally came in. It landed in Pakistan's Federal Investigation Agency, and was directed to Jabbar, the cybersecurity official. The tip was a cell phone number that apparently belonged to Uddin. (Pakistan’s chief cybersecurity officer, Mir Mazhar) Jabbar contacted the wireless service provider. The carrier then gave him access to the phone's GPS coordinates.

And that's how Jabbar ended up on Uddin's doorstep last month.

The irony that Uddin would ultimately be found because of a hacked phone number was not lost on Jabbar. According to the FBI, Uddin is the mastermind behind a massive phone hacking crime ring that netted him and an accomplice, Farhan Arshad, a massive fortune. Over about four years, from 2008 to 2012, they grossed more than $50 million by hacking phones -- mostly landlines -- all around the world. 

-------------

Most people are familiar with the idea of credit card hackers. But very few know about phone hackers, or PBX (private branch exchange) hackers, or even "phreakers," as they’re referred to by insiders. According to experts, the scam is on the rise -- and it's startlingly simple. The FBI says that Uddin, along with Arshad, would hack into the phone lines of U.S. companies, hijack their phone numbers, and begin auto-dialing like crazy. They’d use the numbers to call premium-rate lines, which, typically, charge the customer anywhere from 50 cents to $3 per minute.

But the crux of the scam is this: The hackers actually own those premium-rate lines, so they’re really just paying themselves by dialing with their victim's phones. 

How It Works

It's a little bit complicated, so imagine it this way: Someone steals your iPhone. But instead of just selling it on Craigslist, they use it to dial one of those $3-per-minute phone sex lines, over and over, until you’ve racked up thousands of dollars in fees.

Now, imagine that same person who stole your iPhone actually owns that sex line that he was dialing, and you -- the unsuspecting user -- are forced to pay the bill to your carrier at the end of the month. Unfortunately, if you try to dispute the bill, your carrier will just shrug -- according to the terms of pretty much all user agreements, whoever actually owns the line is on the hook for the bill.

In Uddin’s case, the hacked entities were seemingly random businesses. The FBI’s official indictment doesn’t name specific entities, but it lists examples: One business in Livingston, New Jersey, was hacked for $24,120. Another, in Englewood, New Jersey, was charged $83,839.

The hacks themselves typically lasted for less than a day, usually on a weekend, when no one is in the office.

------------
A PBX scam can begin as simply as giving the wrong person your business card. The most simple way hackers gain entry to your phone line is, surprisingly enough, through your voicemail. “That’s where your bad guys get creative,” says Paul Byrne, founder of PBX Wall, a fraud detection software company.

"PBX" is a term that’s ultimately used to describe any company’s phone system. Typically, hackers will call a landline and wait for the voicemail system to activate. Then, the hackers will begin guessing the voicemail password. They can do it manually, but more often than not, they use software with “brute force” capabilities, just like it’s done in computer hacks. Once they get your password, and manage to break into your system, they change your call forwarding service to the premium-rate line that they own.

http://www.ibtimes.com/inside-story-how-pakistan-took-down-fbis-mos...

Comment by Riaz Haq on February 28, 2021 at 7:10am

Experts are unanimous in saying that the most important target of #Indian #cyber-#espionage & #cyberattacks by far is #Pakistan. Limited employment prospects of Indian techies have created a swarm of underground threat actors in #India| The Daily Swig
https://portswigger.net/daily-swig/indian-cyber-espionage-activity-...


ANALYSIS India is sometimes overlooked by some in the threat intelligence community, even though the South Asian nation has advanced cyber capabilities – not least a huge pool of talent.

The country boasts a large number of engineers, programmers, and information security specialists, but not all of this tech talent was put to good use, even before the Covid-19 pandemic cast a shadow over the global economy.

Their somewhat limited employment prospects are said to have created a swarm of underground Indian threat actors eager to show off their hacking talents and make money – a resource that the Indian government might be able to tap into in order to bolster its own burgeoning cyber-espionage resources.

India is in catch-up mode for now, but has the technical resources to make rapid progress.

Who is being targeted by Indian hacking groups?
Geopolitical factors have fueled an increase in cyber threat activity both originating from and targeting India.

Experts quizzed by The Daily Swig were unanimous in saying that the most important target of Indian cyber-espionage by far is Pakistan – a reflection of the decades-long struggle over the disputed region of Kashmir.

China, India’s neighbour and an ally of Pakistan, is also a top target of state-sponsored Indian cyber-espionage.

Paul Prudhomme, head of threat intelligence advisory at IntSights, told The Daily Swig: “Indian cyber-espionage differs from that of other top state-sponsored threats, such as those of Russia and China, in the less ambitious geographic scope of their attacks.”


Other common targets of Indian hacking activity include other nations of the South Asian subcontinent, such as Bangladesh, Sri Lanka, and Nepal. Indian espionage groups may sometimes expand their horizons further to occasional targets in Southeast Asia or the Middle East.

Indian cyber-espionage groups typically seek information on Pakistan’s government, military, and other organizations to inform and improve its own national security posture.

But this is far from the only game in town.

For example, one Indian threat group called ‘Dark Basin’ has allegedly targeted advocacy groups, senior politicians, government officials, CEOs, journalists, and human rights activists across six continents over the last seven years.

India is currently considered to have a less mature cyber warfare armoury and capability than the ‘Big Six’ – China, North Korea, Russia, Israel, the UK, and US – but this may change over time since its capability is growing.

Chris Sedgwick, director of security operations at Talion, the managed security service spinoff of what used to be BAE System’s intelligence division, commented:

The sophistication of the various Indian cyber threat actors do not appear to be in the same league as China or Russia, and rather than having the ability to call on a cache of 0-day exploits to utilise, they have been known to use less sophisticated – but still fairly effective – techniques such as decoy documents containing weaponised macros.

Comment by Riaz Haq on February 28, 2021 at 7:11am

Experts are unanimous in saying that the most important target of #Indian #cyber-#espionage & #cyberattacks by far is #Pakistan. Limited employment prospects of Indian techies have created a swarm of underground threat actors in #India| The Daily Swig
https://portswigger.net/daily-swig/indian-cyber-espionage-activity-...


Morgan Wright, chief security advisor at SentinelOne and former US State Department special advisor, told The Daily Swig: “India’s growing offensive capability is still immature compared to China, North Korea, Russia, Israel, the UK and US. However, there is no shortage of people with advanced technical skills in India.”

With Covid-19 causing significant unemployment in India, it can be “safely assumed a portion of people with these skills will engage in cybercrime”, according to Wright.

“Ironically, tactics learned in committing cybercrime will be of value to the intelligence and military establishment in India as they develop and grow units to engage in cyber warfare and espionage,” he said.


India security

Assaf Dahan, senior director and head of threat research at Cybereason, told The Daily Swig: “The level of sophistication of the activity groups affiliated with India can vary; some groups have shown a high level of sophistication and use of advanced custom-built tools or advanced exploits, while others exhibited significantly less sophisticated capabilities.

“Sometimes a group might exhibit different levels of sophistication on different operations, based on the group’s needs and reasoning,” he added.

Dahan concluded: “Another point to remember: the level of sophistication isn’t always correlated with the success rate of the group’s operation or goals. Sometimes, simple social engineering attacks delivering a known commodity malware can be enough to get the threat actors what they want.”

What examples are there of Indian APT groups?
Recent attacks by Indian hacker groups:

The highly active cyber-espionage entity known as SideWinder has been plaguing governments and enterprises since 2012. A recently released report by AT&T Alien Labs shows most of SideWinder’s activity is heavily focused on South Asia and East Asia, with the group likely supporting Indian political interests.
The allegedly Indian state-sponsored group Dropping Elephant has been known to target the Chinese government via spear-phishing and watering hole attacks.
Viceroy Tiger has been known to use weaponised Microsoft Office documents in spear-phishing campaigns. Security researchers at Lookout recently went public with research on mobile malware attributed to the threat actors and rated as medium sophistication.

The level of direct Indian government involvement in some of these operations is contested.
Cybereason’s Dahan cautioned: “The line between ‘state operated’ or ‘state ordered’ can be rather fine, so it’s not always easy to link certain operations directly to an official government or military institution, especially due to the growing popularity of cyber mercenaries (hackers-for-hire).”

How might India expand its cyber warfare capabilities and defences?
Through an emerging initiative to provide technology education to 400,000 low-income students, India will significantly increase its cyber “bench strength”, according to Mike Hamilton, former CISO for the City of Seattle and co-founder and CISO of cybersecurity firm CI Security.

Hamilton predicted that a “cybercrime population will emerge [in India] and differentiate itself from nationalist motivations”.

Other experts reckon the flow of talent will run the other way and allow Indian to expand its cyber-espionage capabilities from the cohorts of cybercriminals.

Comment

You need to be a member of PakAlumni Worldwide: The Global Social Network to add comments!

Join PakAlumni Worldwide: The Global Social Network

Pre-Paid Legal


Twitter Feed

    follow me on Twitter

    Sponsored Links

    South Asia Investor Review
    Investor Information Blog

    Haq's Musings
    Riaz Haq's Current Affairs Blog

    Please Bookmark This Page!




    Blog Posts

    2010-2020: Pakistan's Lost Decade

    Until 2010, Bangladesh was a laggard in South Asia region. Its per capita income was about half of Pakistan's. Now Bangladesh has surpassed Pakistan as the Pakistani economy has suffered significant slow-down from the previous decade. In fact, the Pakistan economy grew at the slowest rate in South Asia as reflected in per capita incomes. While Pakistan's per capita income more than doubled from $500 to $1,000 in the ten years 2000 to 2010, the growth has slowed to less than 30% from 2010 to…

    Continue

    Posted by Riaz Haq on April 14, 2021 at 6:30pm

    Cultural Psychologist Michele Gelfand on American and Pakistani Stereotypes

    Americans see Pakistanis as "aggressive and violent" while Pakistanis say Americans are "loose, immoral and arrogant", according to research study findings of American cultural psychologist Michele Gelfand. She told an interviewer that the American media portrayed Pakistanis as "big bad wolf".  Gelfand is a distinguished professor at the University of Maryland. She studies why different cultures…

    Continue

    Posted by Riaz Haq on April 11, 2021 at 1:30pm

    © 2021   Created by Riaz Haq.   Powered by

    Badges  |  Report an Issue  |  Terms of Service