India and Pakistan Targeted in Cyber Wars

Last year at the World Economic Forum, U.S.-based security software firm McAfee's CEO Dave Walt reportedly told some attendees that China, the United States, Russia, Israel and France are among 20 countries locked in a cyberspace arms race and gearing up for possible Internet hostilities. He further said that the traditional defensive stance of government computer infrastructures has shifted in recent years to a more offensive posture aimed at espionage, and deliberate disruption of critical networks in both government and private sectors. Such attacks could disrupt not only command and control for modern weapon systems such as ballistic missiles, but also critical civilian systems including banking, electrical grid, telecommunications, transportation, etc, and bring life to a screeching halt.

Richard Clark, the former US cyber security czar, explained in a Newsweek interview the potential impact of cyber attacks on privately owned and operators infrastructure as follows:

"I think the average American would understand it if they suddenly had no electricity. The U.S. government, [National Security Administration], and military have tried to access the power grid's control systems from the public Internet. They've been able to do it every time they have tried. They have even tried to issue commands to see if they could get generators to explode. That's the famous Aurora experiment in Idaho. Well, it worked. And we know there are other real cases, like the power grid taken out in Brazil as part of a blackmail scheme. So the government knows it can be done, the government admits it can be done, the government intends to do it to other countries. Even the Chinese military has talked publicly about how they would attack the U.S. power grid in a war and cause cascading failures".



As if to confirm Walt's assertions, the Chinese hackers have allegedly stolen Indian national security information, 1,500 e-mails from the Dalai Lama’s office, and other sensitive documents, according to a report released by researchers at the University of Toronto. Media reports also indicated that government, business, and academic computers at the United Nations and the Embassy of Pakistan in the US were also targets. The UofT report also indicated there was no evidence to suggest any involvement by the Chinese government, but it has put Beijing on the defensive. Similar reports earlier this year said security investigators had traced attacks on Google and other American companies to China-based computers.

Chinese hackers apparently succeeded in downloading source code and bugs databases from Google, Adobe and dozens of other high-profile companies using unprecedented tactics that combined encryption, stealth programming and an unknown hole in Internet Explorer, according to new details released by the anti-virus firm McAfee and reported by Wired magazine. These hack attacks were disguised by the use of sophisticated encryption, and targeted at least 34 companies in the technology, financial and defense sectors, exploiting a vulnerability in Adobe’s Reader and Acrobat applications.

While the Chinese cyber attacks on US and India often get wide and deep coverage in the western media, a lower profile, small-scale cyber warfare is also raging in the shadows between India and Pakistan, according to some reports. These reports indicate that around 40-50 Indian sites are being attacked by Pakistani hackers on a daily basis whereas around 10 Pakistani sites are being hit by their Indian counterparts.

According to Pakistani blogger Arsalan Jamshed, cyberwars between the two countries started in May 1998. Soon after India officially announced its first nuclear test, a group of hackers, believed to be Pakistani, called milw0rm broke into the Bhabha Atomic Research Center web site and posted anti-India and anti-nuclear messages. The cyberwars usually have been limited to defacing of each others' sites. Defacement causes only superficial damage, in which only the home page of a site is replaced with hacker's own page, usually with some message for the victim. Such defacements started in May 1998 and continued during Kargil War in 1999 and then during that era when the tension between India and Pakistan was at its peak from Dec 2001 to 2002. Therefore, the period between 1999 to 2002 was very crucial, when the troops were busy across the LOC exchanging fire and the hackers were busy in defacing each others' websites.

In 2003, Indian and Pakistani hackers attacked each others' servers using variants of Yaha-Q email worm to shut down about 20 different applications, including personal firewalls and anti-virus software, according to Tony Magallanez, a system engineer with Finland-based F-Secure Corp.

Last year, there were news reports of Indian cyber attacks on Pakistan's Oil and Gas Regularity Authority. In retaliation, some Pakistani attackers hacked the websites of the Indian Institute of Remote Sensing, the Center for Transportation Research and Management, the Army's Kendriya Vidyalaya of Ratlam and the Oil and Natural Gas Corporation (ONGC). In one particular instance, Pakistani hackers removed the "most wanted" list from the Indian state Andhra Pradesh's CID (criminal investigation department) website and replaced it with messages threatening their Indian cyber rivals.

Unwelcome computer intrusions by Pakistani hackers are not new. The nation has the dubious distinction of being the birth place of the first ever personal computer virus known to mankind. Popularly called the 'Brain virus', it was created in 1986 by two Pakistani brothers, Amjad and Basit Farooq Alvi. This virus, which spread via floppy disks, was known only to infect boot records and not computer hard drives like most viruses today. The virus also known as the Lahore, Pakistani, Pakistani Brain, Brain-A and UIUC would occupy unused space on the floppy disk so that it could not be used and would hide from detection. It would also disguise itself by displaying the uninfected bootsector on the disk.

Responding to the increasing threat perception of cyber attacks, the Indian Navy Chief Admiral Sureesh Mehta has called for leveraging Indian strengths in Information Technology to build cyber warfare capabilities in India.

According to a Times of India report last year, the Indian Army is boosting the cyber-security of its information networks right down to the level of divisions, which are field formations with over 15,000 troops.

In addition to creating cyber-security organization to protect against cyber attacks and data thefts, the Indian Army leaders have also underlined the urgent need for "periodic cyber-security audits" by India's Army Cyber Security Establishment (ACSE).

The Indian Army's actions are a response to reports that both China and Pakistan are bolstering their cyber-warfare or information warfare capabilities at a rapid clip.

While the India-Pakistan cyber conflict is at best the stuff of minor league, the real major league contest is likely to occur between the United States and its major adversaries, particularly China. The Pentagon already employs legions of elite hackers trained in cyberwarfare, according to a Wired Magazine story in November, 2009. But they mostly play defense, and that's what Naval Postgraduate School professor John Arquilla wants to change. He'd like the US military's coders to team up with network specialists abroad to form a global geek squad. Together, they could launch preemptive online strikes to head off real-world battles.

Among other things, the Wired magazine story had a scenario discussed by John Arquilla where an elite geek squad of world hackers could be used to prevent India-Pakistan nuclear war by taking out the command and control systems of both nations.

The increasing cyber attacks on U.S. government's networks and critical infrastructure, and the growing complexity of IT infrastructure, are driving a surge in federal cybersecurity spending; the U.S. federal government's total cumulative cybersecurity spending would be $55 billion between 2010 and 2015, according a report by Homeland Security News Wire. At the same time, countries such as China and Russia recognize the fact that the United States has an unfair advantage over them in cyber warfare simply because most of the operating system and infrastructure software used in the world today has its origins in the United States. These concerns are fueling efforts by most major nations in the world to enhance their cyber security, and they are focusing on development of capacity to retaliate as a deterrence.

As to the potential cyber component of any future wars between India and Pakistan, its dramatic impact could reverberate across the globe as the computers used in South Asia for outsourced work from the United States and Europe come under crippling attacks from hackers on both sides. Here is how Robert X. Cringeley describes it in a June 2009 blog post captioned "Collateral Damage":

"Forget for the moment about data incursions within the DC beltway, what happens when Pakistan takes down the Internet in India? Here we have technologically sophisticated regional rivals who have gone to war periodically for six decades. There will be more wars between these two. And to think that Pakistan or India are incapable or unlikely to take such action against the Internet is simply naive. The next time these two nations fight YOU KNOW there will be a cyber component to that war.

And with what effect on the U.S.? It will go far beyond nuking customer support for nearly every bank and PC company, though that’s sure to happen. A strategic component of any such attack would be to hobble tech services in both economies by destroying source code repositories. And an interesting aspect of destroying such repositories — in Third World countries OR in the U.S. — is that the logical bet is to destroy them all without regard to what they contain, which for the most part negates any effort to obscure those contents."

Related Links:

Haq's Musings

Nature of Future India-Pakistan Warfare

Pakistani-American Entrepreneurs in Silicon Valley

Pakistan's Multi-Billion Dollar IT Industry

John Arquilla: Go on the Cyberoffensive

Pakistan Defense Industry Going High Tech

India-Pakistan Military Balance

21st Century High Tech Warfare

Comments

Riaz Haq said…
Here's Wikileaks cable reported by Haaretz that hints at US-Israeli link to Stuxnet worm used against Iranian centrifuges last year:

A leading expert on Iran advised the United States to use "covert sabotage" rather than military action to destroy the Islamic Republic's nuclear facilities, according to a U.S. embassy cable released by WikiLeaks.

Citing a January 2010 cable dispatched by U.S. Ambassador Philip Murphy, The Guardian reported Wednesday that Germany's state-funded Institute for Security and International Affairs had told U.S. officials that a policy of sabotage would be "more effective" than a military strike in stopping Iran from developing a nuclear bomb.

Volker Perthes, director of the think tank, was referring to actions such as "unexplained explosions, accidents, computer hacking. etc" that would be more "effective than a military strike, whose effects in the region could be devastating", according to the cable.

Earlier cables disclosed by The Guardian show that U.S. officials - including former Secretary of State Condoleezza Rice - had "distinctly deferred" to Perthes for guidance on Iran-related matters.

In an interview with The Guardian, Perthes confirmed the details of the cable, saying that indeed "'unexplained accidents' or 'computer failures' etc are certainly better than military strikes," adding that "a military escalation with Iran – must be avoided."

"Compared to military action, such acts have the advantage that the leadership of a country that is affected wouldn't need to respond – everybody can agree that there was a technical failure, no one needs to shoot or bomb," he told The Guardian. "And at the same time, everybody has understood the message – about what developments are unacceptable to the other side."

The WikiLeaks cable emerged just days after The New York Times reported that Israel had tested a computer worm believed to have sabotaged Iran's nuclear centrifuges last year and slowed its ability to develop an atomic weapon.

In what the Times described as a joint Israeli-U.S. effort to undermine Iran's nuclear ambitions, it said the tests of the destructive Stuxnet worm had occurred over the past two years at the heavily guarded Dimona complex in the Negev desert.

The newspaper cited unidentified intelligence and military experts familiar with Dimona who said Israel had spun centrifuges virtually identical to those at Iran's Natanz facility, where Iranian scientists are struggling to enrich uranium.
"To check out the worm, you have to know the machines," an American expert on nuclear intelligence told the newspaper". The reason the worm has been effective is that the Israelis tried it out."

Western leaders suspect Iran's nuclear program is a cover to build atomic weapons, but Tehran says it is aimed only at producing electricity.

Iran's centrifuges have been plagued by breakdowns since a rapid expansion of enrichment in 2007 and 2008, and security experts have speculated its nuclear program may have been targeted in a state-backed attack using Stuxnet
Riaz Haq said…
Here's a NY Times report on US plans to use cyber warfare against Libya and Pakistan:

The Obama administration is revving up the nation’s digital capabilities, while publicly emphasizing only its efforts to defend vital government, military and public infrastructure networks.

“We don’t want to be the ones who break the glass on this new kind of warfare,” said James Andrew Lewis, a senior fellow at the Center for Strategic and International Studies, where he specializes in technology and national security.

That reluctance peaked during planning for the opening salvos of the Libya mission, and it was repeated on a smaller scale several weeks later, when military planners suggested a far narrower computer-network attack to prevent Pakistani radars from spotting helicopters carrying Navy Seal commandos on the raid that killed Osama bin Laden on May 2.

Again, officials decided against it. Instead, specially modified, radar-evading Black Hawk helicopters ferried the strike team, and a still-secret stealthy surveillance drone was deployed.

“These cybercapabilities are still like the Ferrari that you keep in the garage and only take out for the big race and not just for a run around town, unless nothing else can get you there,” said one Obama administration official briefed on the discussions.

The debate about a potential cyberattack against Libya was described by more than a half-dozen officials, who spoke on the condition of anonymity because they were not authorized to discuss the classified planning.

In the days ahead of the American-led airstrikes to take down Libya’s integrated air-defense system, a more serious debate considered the military effectiveness — and potential legal complications — of using cyberattacks to blind Libyan radars and missiles.

“They were seriously considered because they could cripple Libya’s air defense and lower the risk to pilots, but it just didn’t pan out,” said a senior Defense Department official.

After a discussion described as thorough and never vituperative, the cyberwarfare proposals were rejected before they reached the senior political levels of the White House.

Gen. Carter F. Ham, the head of the military’s Africa Command, which led the two-week American air campaign against Libya until NATO assumed full control of the operation on March 31, would not comment on any proposed cyberattacks. In an interview, he said only that “no capability that I ever asked for was denied.”

Senior officials said one of the central reasons a cyberoffensive was rejected for Libya was that it might not have been ready for use in time, given that the rebel city of Benghazi was on the verge of being overrun by government forces.

While popular fiction and films depict cyberattacks as easy to mount — only a few computer keystrokes needed — in reality it takes significant digital snooping to identify potential entry points and susceptible nodes in a linked network of communications systems, radars and missiles like that operated by the Libyan government, and then to write and insert the proper poisonous codes.

“It’s the cyberequivalent of fumbling around in the dark until you find the doorknob,” Mr. Lewis said. “It takes time to find the vulnerabilities. Where is the thing that I can exploit to disrupt the network?”


http://www.nytimes.com/2011/10/18/world/africa/cyber-warfare-against-libya-was-debated-by-us.html
Riaz Haq said…
Here are some excerpts of CBS 60 Minutes segment on Stuxnet aired on Mar 4, 2012:

The first attack, using a computer virus called Stuxnet was launched several years ago against an Iranian nuclear facility, almost certainly with some U.S. involvement. But the implications and the possible consequences are only now coming to light.

FBI Director Robert Mueller: I do believe that the cyberthreat will equal or surpass the threat from counterterrorism in the foreseeable future.

Defense Secretary Leon Panetta: There's a strong likelihood that the next Pearl Harbor that we confront could very well be a cyberattack.

House Intelligence Committee Chairman Mike Rogers: We will suffer a catastrophic cyberattack. The clock is ticking.

And there is reason for concern. For more than a decade, the U.S. military establishment has treated cyberspace as a domain of conflict, where it would need the capability to fend off attack, or launch its own. That time is here. Because someone sabotaged a top secret nuclear installation in Iran with nothing more than a long string of computer code.

Ret. Gen. Mike Hayden: We have entered into a new phase of conflict in which we use a cyberweapon to create physical destruction, and in this case, physical destruction in someone else's critical infrastructure.
----------
We know from reverse engineering the attack codes that the attackers have full, and I mean this literally, full tactical knowledge of every damn detail of this plant. So you could say in a way they know the plant better than the Iranian operator.

We wanted to know what Retired General Michael Hayden had to say about all this since he was the CIA director at the time Stuxnet would have been developed.
------------
You can download the actual source code of Stuxnet now and you can repurpose it and repackage it and then, you know, point it back towards wherever it came from.

Kroft: Sounds a little bit like Pandora's box.

McGurk: Yes.

Kroft: Whoever launched this attack--


http://www.cbsnews.com/8301-18560_162-57390124/stuxnet-computer-worm-opens-new-era-of-warfare/?pageNum=4&tag=contentMain;contentBody
Riaz Haq said…
Here's a piece published in the Bulletin of the Atomic Scientists:

With confirmation that the United States was behind the 2010 cyberattack on Iran's nuclear enrichment facility, the world has officially entered a new era of warfare. The New York Times' comprehensive reporting details how the US and Israeli governments developed the malicious Stuxnet software and how they deployed it in the digital wilderness of the Internet specifically to attack the plant at Natanz. Over the past decade, US experts have strenuously warned about the ominous possibility of other nations, rogue states, or even terrorist groups attacking US infrastructure through the Internet. As it happens, however, it is the United States that has developed malicious software in secrecy and launched it against another country -- in this case, Iran.

The parallels with the invention and first use of atomic bombs on Hiroshima and Nagasaki are eerie. Consider the similarities: First, government and scientific leaders invent a new kind of weapon out of fear that others will develop it first and threaten the United States. Second, the consequences of using the new weapon -- both the material damage it might cause as well as its effects on international security and arms-race dynamics -- are poorly understood. Third, scientists and engineers warn political and military leaders about the dangers of the new weapon and call for international cooperation to create rules of the road. Fourth, despite warnings by experts, the US government continues to develop this new class of weaponry, ultimately unleashing it without warning and without public discussion of its implications for peace and security.

And so, this may be another watershed moment, when, as Albert Einstein put it in 1954: "Everything has changed save our way of thinking, and thus we drift toward unparalleled catastrophe."

During World War II, the Allies feared that Germany would be the first to create an atomic bomb with disastrous consequences for civilization. And so, in utmost secrecy, the United States and Britain mobilized their scientists and engineers in order to develop the first atomic bombs. In the end, Germany did not come close to producing a nuclear weapon; perhaps US fears had been overstated. But the major goal was achieved: The Allies won the race to create to harness atomic energy in a bomb. But instead of declaring that the game was over, American political leaders considered using the new bomb to bring the war against Japan to an end.
--------------
In 1945, atomic scientists determined that only international control of nuclear energy could prevent an arms race between the United States and other countries. In yet another parallel, cyber scientists and engineers also have called for international cooperation to establish institutions to control cybertechnology and protocols to prevent a new kind of arms race. Unfortunately, these recommendations have not been heeded either, and once more, government leaders seem all too eager to deploy a new and very dangerous weapon.

And how ironic that the first acknowledged military use of cyberwarfare is ostensibly to prevent the spread of nuclear weapons. A new age of mass destruction will begin in an effort to close a chapter from the first age of mass destruction.


http://www.thebulletin.org/web-edition/columnists/kennette-benedict/stuxnet-and-the-bomb
Riaz Haq said…
Ignite Conducts Karachi Qualifier Round of Digital Pakistan Cybersecurity Hackathon 2022

https://propakistani.pk/2022/12/02/ignite-conducts-karachi-qualifier-round-of-digital-pakistan-cybersecurity-hackathon-2022/


Ignite National Technology Fund, a public sector company with the Ministry of IT & Telecom, conducted the qualifier round of Digital Pakistan Cybersecurity Hackathon 2022 in Karachi on 1st December 2022 after conducting qualifier rounds at Quetta and Lahore.

The Cybersecurity Hackathon aims to improve the cybersecurity readiness, protection, and incident response capabilities of the country by conducting cyber drills at a national level and identifying cybersecurity talent for public and private sector organizations.

Dr. Zain ul Abdin, General Manager Ignite, stated that Ignite was excited about organizing Pakistan’s 2nd nationwide cybersecurity hackathon in five cities this year. The purpose of the Cyber Security Hackathon 2022 is to train and prepare cyber security experts in Pakistan, he said.

Speaking on the occasion, Asim Shahryar Husain, CEO Ignite, said, “The goal of the cybersecurity hackathon is to create awareness about the rising importance of cybersecurity for Pakistan and also to identify and motivate cybersecurity talent which can be hired by public and private sector organizations to secure their networks from cyberattacks.”

“There is a shortage of 3-4 million cybersecurity professionals globally. So this is a good opportunity for Pakistan to build capacity of its IT graduates in cybersecurity so that they can boost our IT exports in future,” he added.

Chief guest, Mohsin Mushtaq, Additional Secretary (Incharge) IT & Telecommunication, said, “Digital Pakistan Cybersecurity Hackathon is a step towards harnessing the national talent to form a national cybersecurity response team.”

“Ignite will continue to hold such competitions every year to identify new talent. I would like to congratulate CEO Ignite and his team for holding such a marathon competition across Pakistan to motivate cybersecurity students and professionals all over the country,” he added.

Top cybersecurity experts were invited for keynote talks during the occasion including Moataz Salah, CEO Cyber Talents, Egypt, and Mehzad Sahar, Group Head InfoSec Engro Corp, who delivered the keynote address on Smart InfoSec Strategy.

Panelists from industry, academia, and MoITT officials participated in two panel discussions on “Cyber Threats and Protection Approaches” and “Indigenous Capability & Emerging Technologies” during the event.

The event also included a cybersecurity quiz competition in which 17 teams participated from different universities. The top three teams in the competition were awarded certificates.

41 teams competed from Karachi in the Digital Pakistan Cybersecurity Hackathon 2022.

The top three teams shortlisted after the eight-hour hackathon were: “Team Control” (Winner); “Revolt” (1st Runner-up); and “ASD” (2nd Runner-up).

These top teams will now compete in the final round of the hackathon in Islamabad later this month.

Riaz Haq said…
Pakistan-linked Malware Campaign Evolves to Target Windows, Android, and macOS



https://thehackernews.com/2024/06/pakistan-linked-malware-campaign.html


Threat actors with ties to Pakistan have been linked to a long-running malware campaign dubbed Operation Celestial Force since at least 2018.

The activity, still ongoing, entails the use of an Android malware called GravityRAT and a Windows-based malware loader codenamed HeavyLift, according to Cisco Talos, which are administered using another standalone tool referred to as GravityAdmin.

The cybersecurity attributed the intrusion to an adversary it tracks under the moniker Cosmic Leopard (aka SpaceCobra), which it said exhibits some level of tactical overlap with Transparent Tribe.

"Operation Celestial Force has been active since at least 2018 and continues to operate today — increasingly utilizing an expanding and evolving malware suite — indicating that the operation has likely seen a high degree of success targeting users in the Indian subcontinent," security researchers Asheer Malhotra and Vitor Ventura said in a technical report shared with The Hacker News.

GravityRAT first came to light in 2018 as a Windows malware targeting Indian entities via spear-phishing emails, boasting of an ever-evolving set of features to harvest sensitive information from compromised hosts. Since then, the malware has been ported to work on Android and macOS operating systems, turning it into a multi-platform tool.

Subsequent findings from Meta and ESET last year uncovered continued use of the Android version of GravityRAT to target military personnel in India and among the Pakistan Air Force by masquerading it as cloud storage, entertainment, and chat apps.

Cisco Talos' findings bring all these disparate-but-related activities under a common umbrella, driven by evidence that points to the threat actor's use of GravityAdmin to orchestrate these attacks.

Cosmic Leopard has been predominantly observed employing spear-phishing and social engineering to establish trust with prospective targets, before sending them a link to a malicious site that instructs them to download a seemingly innocuous program that drops GravityRAT or HeavyLift depending on the operating system used.

GravityRAT is said to have been put to use as early as 2016. GravityAdmin, on the other hand, is a binary used to commandeer infected systems since at least August 2021 by establishing connections with GravityRAT and HeavyLift's command-and-control (C2) servers.

Popular posts from this blog

Pakistani Women's Growing Particpation in Workforce

Pakistan's Saadia Zahidi Leads World Economic Forum's Gender Parity Effort

Pakistan Among World's Largest Food Producing Countries