Comment by Riaz Haq on July 4, 2017 at 10:07pm

The Opinion Pages | EDITORIAL

When Cyberweapons Go Missing
By THE EDITORIAL BOARDJULY 4, 2017

https://www.nytimes.com/2017/07/04/opinion/cyberweapons-nsa-attacks...

Twice in the past few months, powerful cyberattacks have wreaked havoc on the world, shutting down tens of thousands of computers, including critical machines in hospitals, a nuclear site and businesses. The attacks were initially thought to be schemes to collect ransom, but their goals — whether money, politics or just chaos — have become increasingly blurred. One thing seems clear: The weapons for the attack were developed by the National Security Agency and stolen from it.

That’s chilling. After the first attack, Brad Smith, the president of Microsoft, said the theft of the cyberweapons was equivalent to Tomahawk missiles’ being stolen from the military, and he issued a scathing critique of the government’s stockpiling of computer vulnerabilities. The N.S.A. has not only failed to assist in identifying the vulnerabilities its weapons were designed to exploit but has also not even acknowledged their existence or their theft.

It remains a mystery whether the N.S.A. knows how its weapons were stolen. What is known is that a group called Shadow Brokers started offering them for sale in August and made them public in April. It promised a fresh batch last month, offering them to monthly subscribers. Former intelligence officials said it was clear the weapons came from an N.S.A. unit formerly known as Tailored Access Operations.

Once publicly available, the weapons can be reconfigured for many purposes and used by anyone with some computer savvy. North Korea was thought to be a culprit in the first wave of attacks, and Russian hackers may have been behind the second. Other forces may be at work, too. A cybersecurity officer with the IDT Corporation in Newark, Golan Ben-Oni, has made waves with warnings that ransom demands could be a cover for far deeper invasions to steal confidential information.

Secrecy, of course, is the N.S.A.’s stock in trade, and acknowledging authorship of stolen cyberweapons runs counter to everything the spy agency does. A spokesman for the National Security Council at the White House was quoted as saying that the administration “is committed to responsibly balancing national security interests and public safety and security.”

Fixing this deadly serious problem is certain to be complex, but the task is urgent. The N.S.A. clearly needs to do a better job of safeguarding the cyberweapons it is developing and also neutralizing the damage their theft has unleashed. Microsoft, whose software vulnerabilities were exploited in the attacks, and companies that use its software will have to strengthen their defenses.

Beyond that, the federal government may want to offer grants as incentives to groups doing malware analysis. Once conclusively identified, the culprits behind the attacks must be penalized in some way, such as with sanctions. While the immediate focus needs to be on concrete responses, it is also worth thinking seriously about more global cooperation, such as the Digital Geneva Convention proposed by Microsoft as a way to prevent cyberwarfare.

Comment by Riaz Haq on February 19, 2018 at 10:44pm

E-governance council to be established in Pakistan for policy formulation

https://www.techjuice.pk/e-governance-council-to-be-established-in-...

Nasser Khan Janjua, the National Security Advisor Lt General (Retd) said during a closing ceremony that Pakistan is in need of excelling and developing an e-governance council policy formulation according to the globally acceptable parameters. The ceremony, “Cyber Secure Pakistan – Policy Framework” was arranged by CGSS and was held in Islamabad on Tuesday.

The seminar highlighted the importance of emerging technologies in the cyber world. It aimed to create an awareness about the threats concerning the national security due to the evolvement in the cyberspace and therefore, to plan a consolidated cybersecurity policy for the country.

The advisor said, “Pakistan is engulfed in traditional threats and insecurities due to which the new emerging threats have been ignored hence, we have to do better more than ever before,”

The ‘emerging threats’ are due to the growing digitalization of the cyberspace and are pertaining to the country’s defense and security, he expressed.

He added that the whole sphere had been endangered and it was very important to get out of the consumer market and venture into the new dimensions.

Mr. Nasser further stated, “Excessive use of internet has put our security under the threat. Due to our increasing alliance on the internet, cybersecurity policy is becoming the need of the hour.”

Moreover, Lieutenant General Muhammad Zahir Ul Islam (Retd) – Chairman CGSS, in his opening remarks stated that a well-articulated legislation must be passed by the government that would provide a legal framework for law enforcement and intelligence agencies to operate under. Likewise, Secretary National Security Division, Syed Iftikhar Hussain Babar also called attention to the significance of the cybersecurity in his opening address.

He mentioned that the danger of the cyber warfare is real and protecting the data is as important as protecting ourselves. The government and many private institutions have been working in this regard. Before the world moves a step further in the cyberspace, Pakistan must secure a firm position in this particular field and formulate its state policy accordingly.

Comment by Riaz Haq on May 22, 2018 at 6:57pm

Pakistan military access metadata, texts, photos from hacked phones of Australian diplomats

https://www.theaustralian.com.au/national-affairs/foreign-affairs/p...

The Pakistani military is alleged to have hacked information from Australian diplomats potentially gaining access to sensitive metadata, texts and photos and tracking their movements.

The hacking is thought to have occurred after the Australians interacted with those whose phones were compromised after they downloaded apps or had their phones physically accessed by the hackers.

A just-published report by a United States mobile phone data security company, Lookout, detailed the hacking which it said it had reported to the appropriate authorities and may have links back to an individual previously associated with a Sydney-based company.

Lookout’s report said it had identified over 15 gigabytes of compromised data that included call records, audio recordings, device location information, text messages and photos.

It said analysis of the exfiltrated data found details of trips to the Pakistani cities of Quetta, and Balochistan by Australian diplomats.

The report contains an image of what appears to be a document detailing an itinerary for Australian diplomats.

“Visit of Australian diplomats” is the heading of the document which has been redacted by Lookout but appears to reference the names of the individuals undertaking a visit and discuss security arrangements.

The report says the tools were part of a “highly targeted intelligence gathering campaign we believe is operated by members of the Pakistani military” using surveillanceware families Lookout referred to as Stealth Mango (Android) and Tangelo (iOS).

“Our research shows that Stealth Mango is being actively managed by Pakistani based actors that are likely military,’’ it says. “We determined that government officials and civilians from the United States, Australia, the United Kingdom and Iran had their data indirectly compromised after they interacted with Stealth Mango victims.’’

It says the Australians may have had their data stolen after they associated with users who had been compromised by the Stealth Mango surveillanceware.

“We further identified content from other countries officials and diplomats, including the United States, Australia, the United Kingdom and Iran, however we believe this data may have been stolen when these victims interacted with Stealth Mango victims,’’ it said.

Among data that is believed to be uploaded and tracked from infected phones was installed packages and device information, changes in SIM card or phone numbers on the device, picture, video and audio files, SMS logs and deleted incoming messages, GPS tracking, functionality to detect when a victim is driving, calendar events and reminders and contact lists for various third party applications such as Yahoo and Google Talk among others.

The report notes that the developer of the spyware may have at one point been associated with a company headquartered in Sydney that develops similar legal applications that track devices.

It suspects the developer is part of a group of developers selling mobile surveillance ware and is based in a specific area in the Pakistani capital Islamabad — potentially a government building associated with the Pakistani ministry of education.

The company says it has shared information about the breaches with the appropriate authorities.

“The actor behind Stealth Mango has stolen a significant amount of sensitive data from compromised devices without the need to resort to exploits of any kind,’’ it says.

“The actors that are developing this surveillanceware are also setting up their own command and control infrastructure and in some cases encountering some operational security missteps, enabling researchers to discover who the targets are and details about the actors operating it that otherwise are not as easily obtained.

Comment by Riaz Haq on May 22, 2018 at 7:07pm

Stealth Mango & Tangelo Selling your fruits to nation state actors 

https://info.lookout.com/rs/051-ESQ-475/images/lookout-stealth-mang...

Lookout Security Intelligence has discovered a set of custom Android and iOS surveillanceware tools we’re respectively calling Stealth Mango and Tangelo. These tools have been part of a highly targeted intelligence gathering campaign we believe is operated by members of the Pakistani military. Our investigation indicates this actor has used these surveillanceware tools to successfully compromise the mobile devices of government officials, members of the military, medical professionals, and civilians. To date, we have observed Stealth Mango being deployed against victims in Pakistan, Afghanistan, India, Iraq, Iran, and the United Arab Emirates. The surveillanceware also retrieved sensitive data from individuals and groups in the United States, Australia, and the United Kingdom. These individuals and groups were not themselves targeted, but interacted with individuals whose devices had been compromised by Stealth Mango or Tangelo. We believe that the threat actor behind Stealth Mango is also behind Op C Major and Transparent Tribe.

Key findings Lookout researchers have identified a new mobile malware family called Stealth Mango. • Our research shows that Stealth Mango is being actively managed by Pakistani based actors that are likely military. • Stealth Mango is being used in targeted surveillance operations against government officials, members of the military, and activists in Pakistan, Afghanistan, India, Iraq, and the United Arab Emirates. • We determined that government officials and civilians from the United States, Australia, the United Kingdom, and Iran had their data indirectly compromised after they interacted with Stealth Mango victims. • The actors behind Stealth Mango typically lure victims via phishing, but they may also have physical access to victims’ devices. • The attacker has multi-platform capabilities. We know of the Android component and there is evidence of an iOS component. The evidence is as follows: • A sample Debian package on attacker infrastructure called Tangelo • EXIF data from exfiltrated content showed data from iPhones • WHOIS information from the attackers show registrations for the following domains: iphonespyingsoftware[.]org, iphonespyingapps[.]org, and iphonespyingapps[.]info We have identified over 15 gigabytes of compromised data on attacker infrastructure. • Exfiltrated content includes call records, audio recordings, device location information, text messages, and photos. • We found attacker infrastructure running the WSO web shell, which provides a third party with complete control over the server. • The actor deploying Stealth Mango appears to have a primarily mobile-focused capability. Stealth Mango and Tangelo appear to have been created by freelance developers with physical presences in Pakistan, India, and the United States. • These individuals belong to the same developer group. • We linked their tooling to several commodity mobile surveillance tools suggesting that they are either sharing code or have engaged with several distinct customers who are being delivered tooling based off similar source code.

Comment by Riaz Haq on June 20, 2018 at 11:17am

Journalist Warns Cyber Attacks Present A 'Perfect Weapon' Against Global Order

https://www.npr.org/2018/06/19/621338178/journalist-warns-cyber-att...


DAVIES: Right. I mean, obviously, to conduct the kind of disabling cyberattack that would shut down a lot of a country's infrastructure, you have to have done a lot of work beforehand. I want to be clear about this. Are we saying that we know that there are implants in our power grid which would enable the Russians or someone else to take it down?

SANGER: We know that there are implants in our power grid. Interesting question is, if somebody made use of it, how good would it be at taking it down? And that's why for the electric utility industry and for the financial industry, they've invested a huge amount in redundancy and resilience so that if you lose some set of power plants, you could contain it, route around it and be able to pick up and go on. And you just don't know until things happen how well your adversary has wired your system to take everything down. And as you said, this takes a lot of time. The United States spent years getting inside the Iranian centrifuges at Natanz and even then had to keep working on the software to improve it. The North Koreans, when they went into Sony Pictures in 2014 in retaliation for the release of a really terrible movie called "The Interview" that envisioned the assassination of Kim Jong Un, the same friendly Kim Jong Un we all saw in Singapore the other day - when the North Koreans went in, they went in in early September of 2014. They didn't strike until around Thanksgiving because it took all that time just to map out the interconnections of the electrical system, of the computer system, and when they did strike, it was devastating. They took out 70 percent of Sony's computer servers and hard drives.

DAVIES: OK. In this book, you say that, you know, cyberwarfare is the kind of game-changing innovation that's - you compare it to the introduction of aircraft into warfare in the early 20th century and that we are still figuring out what rules or conventions should apply to it. I want to get to some of that conversation, but let's talk a bit about some of the experience that we've had over the last 10 years. You write that in 2008, a woman at the National Security Agency, Debora Plunkett, discovers something about the classified networks in the Pentagon that's troubling. What did she find?

SANGER: Well, she was overseeing security at the NSA, and somebody came to her with evidence that the Russians - though the U.S. did not announce it was Russians at the time - were deep into something called the SIPRNet, which is basically a classified network by which the Defense Department, some of the intelligence agencies, sometimes the State Department, communicate with each other. And this was a big shock to everybody because they had seen the Russians in unclassified systems before, but here they were deep into a classified system. And the first question was, how'd they get in? And the answer was so simple that it really was a wakeup call. Somebody had distributed little USB keys, you know, the kinds you get at conventions and all those kinds of...

Comment by Riaz Haq on March 25, 2019 at 10:11pm

Could Offensive #Cyber Capabilities Tip #India and #Pakistan to War? India launched Operation Hangover targeting Pakistan and, in response, Pakistan responded with Operation Arachnophobia, seeking to obtain intelligence from Indian officials @Diplomat_APAC http://thediplomat.com/2019/03/could-offensive-cyber-capabilities-t...

While both countries are responding to the rise in cyberattacks with national strategies and increased defensive capabilities, we do not know how they will set the rules when it comes to offensive cyber operations. We do know both countries are pursuing cybersecurity to protect against cyberattacks.

India has been establishing national cybersecurity policies to address the rise in persistent cyberattacks. The country is vulnerable to cyberattacks—it was ranked as the second most vulnerable nation-state targeted by cyberattacks in a survey by security company Symantec. As India’s economy has shifted toward information and communications technology (ICT), which includes information technology services, commerce, and banking sectors, there are concerns of cyberespionage and cyberattacks taking place against Indian industries and businesses.

In fact, according to a study commissioned by the High Court of India, cyber-related crimes cost Indian businesses $4 billion in 2013. This has led the government and private sector to increase their efforts to protect these industries. Back in 2013, India unveiled its National Cyber Security policy. This policy outlined measures the government would take in protecting India’s critical infrastructure. However, many critics point out this national policy has done little to curb cyberattacks as there is no way to implement many of its policies.

Pakistan is also on alert, though it does not have a national cybersecurity strategy document, despite efforts in Islamabad to develop a framework that will protect critical institutions from cyberattacks. These efforts have been motivated in part by the Edward Snowden leaks, which detailed the U.S. National Security Agency’s spying on Pakistan and were an inflection point for Pakistani government officials, as they realized they needed to address the gaps in their information security. A national Cyber Security Strategy was presented to the National Assembly, but no headway has been made yet on implementing the proposed actions, which included the creation of a national CERT and an Inter-Services Cyber Command Center that would streamline cyber defense for Pakistan’s Army. Pakistan still does not have an official national cybersecurity strategy.

Both countries’ security postures are transforming slowly to introduce cybersecurity. However, there is still not enough data available on what types of technologies these countries possess and how integrated these technologies are in India and Pakistan’s national security strategies. There are reports that both countries have engaged in offensive cyber operations. Each country has their own cyberespionage division, which siphons critical information from other national-states’ security and intelligence organizations.

India launched Operation Hangover that has targeted Pakistan and, in response, Pakistan spearheaded Operation Arachnophobia, which sought to obtain intelligence from Indian officials. While these operations are well-known, there is still a lack of awareness on how much each country spends on cyber technologies and the types of technologies they are employing. India is one of the largest spenders on military, yet the cybersecurity budget is “inadequate” for the growing cyber threat.

Understanding cyber capabilities is important because they can change geopolitical calculations. For example, the low cost of entry for offensive cyber capabilities benefits less resourced actors, and “offense preference” in cyberspace makes it easier to succeed on offense than at defense.

Comment by Riaz Haq on July 2, 2020 at 1:18pm

Mysterious Explosion and Fire Damage #Iranian Nuclear Enrichment Facility Building New Advanced Centrifuges. A decade ago, the #UnitedStates and #Israel used #Stuxnet worm in operation code-named “Olympic Games" which destroyed 1,000 #Iranian centrifuges.
https://www.nytimes.com/2020/07/02/us/politics/iran-explosion-nucle...

A fire ripped through a building at Iran’s main nuclear-fuel production site early Thursday, causing extensive damage to what appeared to be a factory where the country has boasted of producing a new generation of centrifuges. The United States has repeatedly warned that such machinery could speed Tehran’s path to building nuclear weapons.

The Atomic Energy Agency of Iran acknowledged an “incident” at the desert site, but did not term it sabotage. It released a photograph showing what seemed to be destruction from a major explosion that ripped doors from their hinges and caused the roof to collapse. Parts of the building, which was recently inaugurated, were blackened by fire.

But it was not clear how much damage was done underground, where video released by the Iranian government last year suggested most of the assembly work is conducted on next-generation centrifuges — the machines that purify uranium.

The fire took place inside the nuclear complex at Natanz, where the Iranian desert gives way to barbed wire, antiaircraft guns and an industrial maze. The damaged building is adjacent to the underground fuel production facilities where, a decade ago, the United States and Israel conducted the most sophisticated cyberattack in modern history, code-named “Olympic Games.” That attack, which lasted for several years, altered the computer code of Iran’s industrial equipment and destroyed roughly 1,000 centrifuges, setting back Iran’s nuclear program for a year or more.


The early evidence strongly suggested on Thursday the damage was in fact sabotage, though the possibility remained that it was the result of an industrial accident.

The timing was suspicious: A series of unexplained fires have broken out in recent days at other facilities related to the nuclear program. Still, experts noted that if the explosion was deliberately set, it showed none of the stealth and secrecy surrounding the complex cyberattacks by the United States and Israel that were first ordered by President George W. Bush toward the end of his term, and then extended by President Barack Obama.

The Persian language service of the BBC reported that several members of its staff received an email from a previously unknown group, which referred to itself as the Homeland Cheetahs, before news of the fire became public. The group claimed responsibility and said it was composed of dissidents in Iran’s military and security apparatus. They said the attack would target above-ground sections of the targeted facilities so that the Iranian government could not cover up the damage.

There was no way to confirm if Homeland Cheetahs was a real group, and if so whether it was domestic, as it claimed, or supported by a foreign power.

A Middle Eastern intelligence official, who would not be quoted by name because he was discussing closely held information, said the blast was caused by an explosive device planted inside the facility. The explosion, he said, destroyed much of the aboveground parts of the facility where new centrifuges — delicate devices that spin at supersonic speeds — are balanced before they are put into operation.

Comment by Riaz Haq on August 14, 2020 at 9:35pm

Before #India’s elections in 2019, #Facebook took down inauthentic pages tied to #Pakistan’s military & #Indian Opposition Congress party, but it didn't remove #BJP accounts spewing anti-#Muslim #hate & #fakenews. Why? FB executive Ankhi Das intervened. https://www.wsj.com/articles/facebook-hate-speech-india-politics-muslim-hindu-modi-zuckerberg-11597423346

In 2017, Ms. Das wrote an essay, illustrated with Facebook’s thumbs-up logo, praising Mr. Modi. It was posted to his website and featured in his mobile app.

On her own Facebook page, Ms. Das shared a post from a former police official, who said he is Muslim, in which he called India’s Muslims traditionally a “degenerate community” for whom “Nothing except purity of religion and implementation of Shariah matter.”

---------

In Facebook posts and public appearances, Indian politician T. Raja Singh has said Rohingya Muslim immigrants should be shot, called Muslims traitors and threatened to raze mosques.

Facebook Inc. employees charged with policing the platform were watching. By March of this year, they concluded Mr. Singh not only had violated the company’s hate-speech rules but qualified as dangerous, a designation that takes into account a person’s off-platform activities, according to current and former Facebook employees familiar with the matter.

---

Yet Mr. Singh, a member of Indian Prime Minister Narendra Modi’s Hindu nationalist party, is still active on Facebook and Instagram, where he has hundreds of thousands of followers. The company’s top public-policy executive in the country, Ankhi Das, opposed applying the hate-speech rules to Mr. Singh and at least three other Hindu nationalist individuals and groups flagged internally for promoting or participating in violence, said the current and former employees.

Ms. Das, whose job also includes lobbying India’s government on Facebook’s behalf, told staff members that punishing violations by politicians from Mr. Modi’s party would damage the company’s business prospects in the country, Facebook’s biggest global market by number of users, the current and former employees said.

---------------
India is a vital market for Facebook, which isn’t allowed to operate in China, the only other nation with more than one billion people. India has more Facebook and WhatsApp users than any other country, and Facebook has chosen it as the market in which to introduce payments, encryption and initiatives to tie its products together in new ways that Mr. Zuckerberg has said will occupy Facebook for the next decade. In April, Facebook said it would spend $5.7 billion on a new partnership with an Indian telecom operator to expand operations in the country—its biggest foreign investment.

-----------
Another BJP legislator, a member of Parliament named Anantkumar Hegde, has posted essays and cartoons to his Facebook page alleging that Muslims are spreading Covid-19 in the country in a conspiracy to wage “Corona Jihad.” Human-rights groups say such unfounded allegations, which violate Facebook’s hate speech rules barring direct attacks on people based on “protected characteristics” such as religion, are linked to attacks on Muslims in India, and have been designated as hate speech by Twitter Inc.

While Twitter has suspended Mr. Hegde’s account as a result of such posts, prompting him to call for an investigation of the company, Facebook took no action until the Journal sought comment from the company about his “Corona Jihad” posts. Facebook removed some of them on Thursday. Mr. Hegde didn’t respond to a request for comment.

------------

Within hours of the videotaped message, which Mr. Mishra uploaded to Facebook, rioting broke out that left dozens of people dead. Most of the victims were Muslims, and some of their killings were organized via Facebook’s WhatsApp

Comment by Riaz Haq on September 7, 2020 at 10:18am

The existential threat from cyber-enabled information warfare
Herbert Lin

https://www.tandfonline.com/doi/abs/10.1080/00963402.2019.1629574

Corruption of the information ecosystem is not just a multiplier of two long-acknowledged existential threats to the future of humanity – climate change and nuclear weapons. Cyber-enabled information warfare has also become an existential threat in its own right, its increased use posing the possibility of a global information dystopia, in which the pillars of modern democratic self-government – logic, truth, and reality – are shattered, and anti-Enlightenment values undermine civilization as we know it around the world.

Comment by Riaz Haq on June 28, 2021 at 7:04am

IISS Report: #India has some #cyber-intelligence & offensive cyber capabilities but they are focused on #Pakistan. #Delhi is building new capability with the help of key international partners – including #US, #UK & #France. #Cyberwar https://indianexpress.com/article/india/focused-on-pakistan-rather-... via @IndianExpr

Cyberpower, in the study, is measured on seven parameters: from strategy to cybersecurity. India’s reform in cyber governance has been slow. It should better harness its digital start-up ecosystem, says the study.

Greg Austin, who leads the IISS programme on Cyber, Space and Future Conflict and played a leading role in the preparation of the report, told The Indian Express Sunday: “India has some cyber-intelligence and offensive cyber capabilities but they are regionally focused, principally on Pakistan. It is currently aiming to compensate for its weaknesses by building new capability with the help of key international partners – including the US, the UK and France – and by looking to concerted international action to develop norms of restraint.”

The report said that India’s approach towards institutional reform of cyber governance has been “slow and incremental”, with key coordinating authorities for cyber security in the civil and military domains established only as late as 2018 and 2019 respectively.

These work closely with the main cyber-intelligence agency, the National Technical Research Organisation.

“India has a good regional cyber-intelligence reach but relies on partners, including the United States, for wider insight”, the report said.

It said that the strengths of the Indian digital economy include a vibrant start-up culture and a very large talent pool. “The private sector has moved more quickly than the government in promoting national cyber security.”

The country is active and visible in cyber diplomacy but has not been among the leaders on global norms, preferring instead to make productive practical arrangements with key states, the report said.

“India is a third-tier cyber power whose best chance of progressing to the second tier is by harnessing its great digital-industrial potential and adopting a whole-of-society approach to improving its cyber security,” the report said.

The report also assessed China’s cyber power as clearly inferior to that of the US, and substantially below the combined cyber power of the US network of alliances.

The countries covered in this report are US, United Kingdom, Canada and Australia (four of the Five Eyes intelligence allies); France and Israel (the two most cyber-capable partners of the Five Eyes states); Japan (also an ally of the Five Eyes states, but less capable in the security dimensions of cyberspace, despite its formidable economic power); China, Russia, Iran and North Korea (the principal states posing a cyber threat to Western interests); and India, Indonesia, Malaysia and Vietnam (four countries at earlier stages in their cyber-power development). It is an ongoing study, which will cover a total of 40 countries, including Germany, Singapore, Nigeria among others.

India has been put in the third tier meant for countries that have strengths or potential strengths in some of these categories but “significant weaknesses” in others. Also in this category are: Japan, Iran, Indonesia, Vietnam, Malaysia and North Korea.

In the second tier, with world-leading strengths in “some” categories are: Australia, Canada, China, France, Israel, Russia and the United Kingdom.

Comment

• ‹ Previous
• 1
• 2
• 3
• Next ›
• Page