Comment by Riaz Haq on January 29, 2022 at 10:24am

Fighting cyberweapons built by private businesses

https://blogs.microsoft.com/on-the-issues/2021/07/15/cyberweapons-c...

A world where private sector companies manufacture and sell cyberweapons is more dangerous for consumers, businesses of all sizes and governments. We take this threat seriously and have disrupted the use of certain cyberweapons manufactured and sold by a group we call Sourgum. The weapons disabled were being used in precision attacks targeting more than 100 victims around the world including politicians, human rights activists, journalists, academics, embassy workers and political dissidents. To limit these attacks, we focused on two actions. First, we built protections into our products against the unique malware Sourgum created, and we shared those protections with the security community. Second, we issued a software update that will protect Windows customers from exploits Sourgum was using to help deliver its malware. We’ve undertaken this work in close collaboration with the Citizen Lab at the University of Toronto’s Munk School.

We believe Sourgum is an Israel-based private sector offensive actor or PSOA. Citizen Lab has identified the group as a company called Candiru. Sourgum generally sells cyberweapons that enable its customers, often government agencies around the world, to hack into their targets’ computers, phones, network infrastructure and internet-connected devices. These agencies then choose who to target and run the actual operations themselves.

We initially started this work after receiving a tip from Citizen Lab about malware used by Sourgum. The Microsoft Threat Intelligence Center (MSTIC) and Microsoft Security Response Center (MSRC) spent weeks examining the malware, documenting how it works and building protections that can detect and neutralize it. We named the malware DevilsTongue. We’ve built protections against DevilsTongue into our security products, and we’ve shared these protections with others in the security community so they can protect their customers. Technical information for customers and the security community is available here.

By examining how Sourgum’s customers were delivering DevilsTongue to victim computers, we saw they were doing so through a chain of exploits that impacted popular browsers and our Windows operating system. Earlier this week, we released updates that, when installed, protect Windows customers from two key Sourgum exploits.

These attacks have largely targeted consumer accounts, indicating Sourgum’s customers were pursuing particular individuals. The protections we issued this week will prevent Sourgum’s tools from working on computers that are already infected and prevent new infections on updated computers and those running Microsoft Defender Antivirus as well as those using Microsoft Defender for Endpoint.

This is part of broader legal, technical and advocacy work we’re undertaking to address the dangers caused when PSOAs build and sell weapons. As we’ve previously said, these companies increase the risk that weapons fall into the wrong hands and threaten human rights. That’s why, for example, we filed an amicus brief in a legal case brought by WhatsApp against another PSOA called NSO Group.

As we increase our work to identify PSOAs and disrupt the capabilities of their weapons, we will continue to identify them using the names given to trees and shrubs, as we’ve done with Sourgum. This is similar to how we use elements of the periodic table to name nation-state actor groups we have identified.

We’re grateful to Citizen Lab for sharing the malware that sparked this work and for its offer to work with potential victims of these attacks.

Comment by Riaz Haq on January 29, 2022 at 10:31am

Cyber Weapons And Fragile Peace Between India And Pakistan – OpEd

 January 22, 2021  Fatima Ahmed and Tajjalla Munir*  0 Comments

By Fatima Ahmed and Tajjalla Munir*

https://www.eurasiareview.com/22012021-cyber-weapons-and-fragile-pe...

After the advent of nuclear weapons, cyber weapons are the most destructive thing that we can imagine in this contemporary world. Nuclear weapons can lead to tangible damage. In the age when the world has become a global village, cyber weapons pose a threat to international peace. Cyberspace provided the fifth domain in the area of armed conflict. Previously, they were air, land, sea, and space.  Nuclear weapons are generally used for deterrence purposes and they are mostly used or considered as last option weapons, cyber-attack on the other hand can be materialized when there is no apparent conflict between two states. Due to the deep enmity between Indian and Pakistan, it will always a threat that both countries can target each other in cyberspace. When a cyber-attack is launched against India and Pakistan, they will blame each other but the perpetrators of this attack could be the third party. That could be state-sponsored cyber-attack or even non-state actors and individuals could carry out such endeavors. This has already happened, when a cyber-attack targeted some websites in India. Initially, Pakistan was made responsible for these attacks but later it was revealed that the offensive was done by a third party. It was due to insecurity and doubt present in both states about each other’s intentions or capabilities. While initially cyber-attacks can be very limited in scope but there are fair chances that it could escalate which could result in a conflict with the use of conventional weapons. Therefore in modern times, cyber weapons pose a great threat to the peaceful relations between India and Pakistan. That will ultimately lead to regional instability.

Comment by Riaz Haq on January 29, 2022 at 4:24pm

Vijaita Singh
@vijaita
In light of the latest NYT report that Pegasus was sold to India in 2017,same year PM Modi visited Israel....here is our February 2017 report on NSCS budget (Rs 333 crore) getting an inexplicable tenfold hike in 2017-18 budget.

https://twitter.com/vijaita/status/1487272814562344962?s=20&t=l...

---------

Security council secretariat gets Rs.333 crore, a tenfold hike
Vijaita Singh

https://www.thehindu.com/news/national/Security-council-secretariat...

The National Security Council Secretariat (NSCS), which reports to National Security Adviser (NSA) Ajit Doval, has seen a tenfold increase in budgetary allocation this year.

Last fiscal, though ₹33 crore was allotted to the NSCS, it ended up spending ₹81 crore; this year the allocation has shot up to ₹333 crore.

NSCS works as an advisory group, comprising various experts on security-related matters, and is headed by deputy NSA Arvind Gupta. The body is responsible for advising the Prime Minister on key strategic and security issues, both on domestic as well as international fronts, and consists of academics and eminent professionals.

Brainchild of Brajesh
Mr. Doval, who is said to be the final authority on all major security-related decisions, has had a deep interest in reviving the scope of NSCS, which was the brainchild of late former NSA Brajesh Mishra.

Mr. Mishra set up the NSCS in 1998 under the then Prime Minister Atal Bihari Vajpayee.

In 2011-12, only ₹ 17.43 crore was allocated for the body. In 2012-13, it was marginally increased to ₹20.33 crore, going up to ₹26.06 crore in 2013-14.

After NDA-II came to power in 2014-15, the allocation for NSCS was increased to ₹44.46 crore but it could spend only ₹25 crore.

A subsidiary
The National Security Advisory Board (NSAB), which draws experts from all fields, is a subsidiary of NSCS and so is the Joint Intelligence Committee (JIC). The allocation for the office of the Principal Scientific Adviser to the Prime Minister has also increased substantially from ₹5.19 crore to ₹34.83 crore.

“The funds being allotted for NSCS were always insufficient and the increase in funds is a welcome step. It does security analysis, war-gaming etc. and advises the government on key security issues,” said a former member of NSCS, on condition of anonymity.

NSCS has about 100 staff of all scales. “The increase has got to do with activities. There is much more activity than ever in the past,” said a senior official.

Limited ambit
Another official pointed out that NSCS has a limited ambit, so it was surprising to see such a dramatic budget hike.

Comment by Riaz Haq on January 31, 2022 at 2:23pm

Pegasus: India parliament opens amid furore over Pegasus 'lies'

https://news.yahoo.com/pegasus-india-parliament-opens-amid-06063942...


"The government, on the floor of the House, always maintained that it had nothing to do with the Pegasus spyware and it never bought the spyware from the NSO Group... in light of the revelations… it appears that the Modi government has misled the parliament and the Supreme Court," Congress' leader in the Lok Sabha, Adhir Ranjan Chowdhury, wrote in a letter to the Speaker.

The allegations are expected to result in a heated debate as parliament assembles for a joint session of both houses. This comes ahead of the annual budget, which will be tabled on Tuesday, and days before five states go to the polls to elect a new government.

A fresh plea seeking a police investigation has been filed in the Supreme Court, which began an inquiry into the matter when allegations first emerged last year.

What are the allegations?
Last year, Indian media outlet The Wire reported that some 160 Indians, including prominent activists, lawyers and politicians, were spied on using the Pegasus malware.

Pegasus infects iPhones and Android devices, allowing operators to extract messages, photos and emails, record calls and secretly activate microphones.

An investigation by a global consortium of media outlets showed how the malware was used by governments around the world to hack phones of dissidents. The targets' phone numbers were on a database believed to be of interest to clients of Israeli firm NSO.

It's unclear where the list came from or how many phones were hacked - and NSO has denied any wrongdoing. It said the software was intended for tracking criminals and terrorists and was only sold to military, law enforcement and intelligence agencies from countries with good human rights records.

NSO was also accused of cyber attacks against Indian journalists and activists in 2019 - NSO Group denied the allegations.

But the New York Times reported on Friday that Pegasus and a missile system were the "centrepieces" of a roughly $2bn deal that took place between India and Israel in 2017 when Mr Modi made his first trip to the country. The visit - and a subsequent one by Mr Netanyahu the following year - marked a significant turn in India's relationship with Israel.

The fresh allegations sparked a political storm, with opposition leaders demanding answers from Mr Modi.

Congress party leader Rahul Gandhi accused the government of treason, and Congress MP Mallikarjun Kharge accused the government of acting "like the enemies of India".

What has Mr Modi 's government's said?

The government has denied that it ordered any unauthorised surveillance.

Last year, IT minister Ashwini Vaishnaw had called the allegations a "sensational" attempt "to malign Indian democracy and its well established institutions" - he told parliament in September that the government "has not had any transaction with NSO Group Technologies".

But there has been no statement from Mr Modi or his ministers since the latest allegations emerged. Opposition politicians have questioned the government's "silence" on the issue and demanded that Mr Modi address the country.

In September, the Supreme Court set up a panel to look into the allegations after the government repeatedly failed to respond to its questions, citing national security. The court had said the government had left it with "no option but to accept the prima facie case made out by the petitioners".

Comment by Riaz Haq on February 4, 2022 at 1:38pm

#Indian foreign office refuses comment on PM #Modi's 'Pakistan visit' claim made by #Pakistani industrialist Mian Mansha. Mansha said backchannel diplomacy between #SouthAsian rivals is working. https://www.tribuneindia.com/news/nation/mea-refuses-comment-on-pms...

The Ministry of External Affairs today said it “does not comment on observations from private individuals” when asked to react to claims by leading Pakistani businessman Mian Muhammad Mansha that backchannels were working between Pakistan and India that would hopefully yield good results.

“If things improve between the two neighbours, Indian Prime Minister Narendra Modi could visit Pakistan in a month,” he told a gathering of businessmen at the Lahore Chambers of Commerce and Industry on Wednesday. But MEA spokesperson Arindam Bagchi neither confirmed nor denied the claim and instead said it was not the practice of South Block to comment on statements by private individuals.

The Chairman of the Lahore-based Nishat Group warned that there would be disastrous consequences if the Pakistan economy did not improve and advised Islamabad to improve trade relations with India. “Europe fought two great wars, but ultimately settled for peace and regional development. There is no permanent enmity,” he observed in this context. There were similar reports last year of backchannel talks brokered by the UAE, leading to a ceasefire on the Line of Control but further conversation was discontinued.

Trade relations between the two countries were suspended in August 2019 after India revoked Article 370 in Jammu and Kashmir.

Comment by Riaz Haq on August 4, 2023 at 9:36am

Revealed | Pakistan’s Spy Agency Buys Israeli Cellphone Hacking Tech
Pakistan has no relations with Israel and its passport are ‘valid for all countries except Israel.’ Yet Cellebrite’s tools were sold via Singapore, and are used by the Federal Investigation Agency and national police

https://www.haaretz.com/israel-news/security-aviation/2023-08-03/ty...

----------

A cell phone hacking system produced by the Israeli Cellebrite company has been sold to Pakistan on multiple occasions, Haaretz reported on Thursday.

https://www.jpost.com/business-and-innovation/tech-and-start-ups/ar...

Cellebrite produces a system called a Universal Forensics Extraction Device (UFED) which allows law enforcement to access data from password-protected smartphones, drones, SIM cards, SD cards, GPS devices, and more, according to the company's website.

Cellebrite's Terms and Conditions prohibit "directly or indirectly" using or reselling its systems in a number of sanctioned countries, including Pakistan. But according to Haaretz, international shipment records show that, until at least 2019, Cellebrite Asia-Pacific Pte (a subsidiary of Cellebrite in Singapore) sold products directly to companies in Pakistan and the country's Federal Investigation Agency (FIA).

Cellebrite responded to the Haaretz article, writing "The company does not sell to Pakistan, directly or indirectly." The company did not explain the documents published in the report.

A number of Israeli hacking systems have ended up in countries that have been sanctioned or condemned for human rights violations.


Earlier this year, Haaretz reported that a number of Israeli spyware and surveillance tools had been sold to Bangladesh, including Cellebrite systems.

Pakistan and Israel do not have official relations
Pakistan does not have official relations with Israel, although secret talks have reportedly been conducted between the two countries in the past.

Last year, Pakistani media reported that diplomatic delegations from Pakistan and Indonesia were both in Israel for secret visits.

Comment