Proliferation of Cyber Warfare Capabilities in South Asia

Recent reports of Russian hacks of the American Democratic Party's election campaign staff to influence the outcome of US elections have brought international cyber espionage in sharp focus once again. How many nations have such capabilities? What are their names? Are India and Pakistan among them?

Pakistan is believed to be among a couple of dozen nations with serious cyber espionage capabilities. This belief has been strengthened among the cyber security community since Operation Arachnophobia is suspected to have originated in Pakistan.

Bloodmoney: A Novel of Espionage:

Washington Post columnist David Ignatius frequently writes about the activities of intelligence agencies and often cites "anonymous" intelligence sources to buttress his opinions. He is also a novelist who draws upon his knowledge to write spy thrillers.

Ignatius's 2011 fiction "Bloodmoney: A Novel of Espionage" features a computer science professor Dr. Omar who teaches at a Pakistani university as the main character. Omar, born in  Pakistan's tribal region of South Waziristan, is a cyber security expert. One of Omar's specialties is his deep knowledge of SWIFT, a network operated by Society for Worldwide Interbank Financial Telecommunication that tracks all international financial transactions, including credit card charges.

Omar's parents and his entire family are killed in a misdirected US drone strike. Soon after the tragedy,  several undercover CIA agents are killed within days after their arrival in Pakistan.  American and Pakistani investigations seek the professor's help to solve these murders. Ignatius's novel ends with the identification of the professor as the main culprit in the assassinations of CIA agents.

Operation Arachnophobia:

In 2014, researchers from FireEye, a Silicon Valley cyber security company founded by a Pakistani-American,  and ThreatConnect teamed up in their investigation of "Operation Arachnophobia" targeting Indian computers. It features a custom malware family dubbed Bitterbug that serves as the backdoor for stealing information. Though the researchers say they have not identified the specific victim organizations, they have spotted malware bundled with decoy documents related to Indian issues, according to DarkReading.com.

The reason it was dubbed "Operation Arachnophobia" has to do with the fact that variants of the Bitterburg malware detected by the researchers included build paths containing the strings “Tranchulas” and “umairaziz27”, where Tranchulas is the name of an Islamabad-based Pakistani security firm and Umair Aziz is one of its employees.

Operation Hangover:

Operation Arachnophobia targeted Indian officials. It appears to have been Pakistan's response to India's Operation Hangover that targeted Pakistan. Investigations by  Norway-based security firm Norman have shown that the Operation Hangover attack infrastructure primarily was used as a means to extract security-related information from Pakistan and, to a lesser extent, China.

"Targeted attacks are all too common these days, but this one is certainly noteworthy for its failure to employ advanced tools to conduct its campaigns," said Jean Ian-Boutin, malware researcher at ESET security company. "Publicly available tools to gather information on infected systems shows that the attackers did not go to great lengths to cover their tracks. On the other hand, maybe they see no need to implement stealthier techniques because the simple ways still work."

Attack Easier Than Defense:

The fact that cyber attacks so often succeed suggests that it's easier to attack a system than to defend it.  By the time such attacks are detected, it's already too late. A lot of valuable information has already been lost to attackers.

However, it's still very important to possess the cyberattack capability as a deterrent to attacks. Those who lack the capacity to retaliate invite even more brazen cyberattacks.

Need for International Treaties:

Cyberattacks on infrastructure can have disastrous consequences with significant loss of human life. Disabling power grids and communication networks can hurt a lot of people and prevent delivery of aid to victims of disaster. It's important that nations work together to agree on some norms for what is permissible and what is not before there is a catastrophe.

Summary:

About 30 nations, including US, UK, France, Germany, Russia, China, India, Iran, Israel and Pakistan, possess cyber espionage and attack capabilities.  Growth and proliferation of such technologies present a serious threat to world peace.  There is an urgent need for nations of the world to come together to agree on reasonable restrictions to prevent disasters.

Haq's Musings

Revolution in Military Affairs: Cyberweapons and Robots

Cyber Warfare

Pakistani-American Founder of Fireeye Cyber Firm

Pakistan Boosts Surveillance to Fight Terror

Pakistan's Biometric Registration Database

Operation Zarb e Azb Launch

Ex Indian Spy Documents RAW's Successes in Pakistan

Intelligence Failures in Preventing Daily Carnage in Pakistan

What If Musharraf Had Said NO to US After 911?

Pakistani Computer Scientist Fights Terror

Pakistani Killer Drones to Support Anti-Terror Campaign

3G 4G Rollout Spurs Data Services Boom in Pakistan



Comments

Riaz Haq said…
MALWARE ATTACKS USED BY THE U.S. GOVERNMENT RETAIN POTENCY FOR MANY YEARS, NEW EVIDENCE INDICATES

https://theintercept.com/2017/03/10/government-zero-days-7-years/

A NEW REPORT from Rand Corp. may help shed light on the government’s arsenal of malicious software, including the size of its stockpile of so-called “zero days” — hacks that hit undisclosed vulnerabilities in computers, smartphones, and other digital devices.

The report also provides evidence that such vulnerabilities are long lasting. The findings are of particular interest because not much is known about the U.S. government’s controversial use of zero days. Officials have long refused to say how many such attacks are in the government’s arsenal or how long it uses them before disclosing information about the vulnerabilities they exploit so software vendors can patch the holes.

Rand’s report is based on unprecedented access to a database of zero days from a company that sells them to governments and other customers on the “gray market.” The collection contains about 200 entries — about the same number of zero days some experts believe the government to have. Rand found that the exploits had an average lifespan of 6.9 years before the vulnerability each targeted was disclosed to the software maker to be fixed, or before the vendor made upgrades to the code that unwittingly eliminated the security hole.

Some of the exploits survived even longer than this. About 25 percent had a lifespan of a decade or longer. But another 25 percent survived less than 18 months before they were patched or rendered obsolete through software upgrades.

Rand’s researchers found that there was no pattern around which exploits lived a long or short life — severe vulnerabilities were not more likely to be fixed quickly than minor ones, nor were vulnerabilities in programs that were more widely available.

“The relatively long life expectancy of 6.9 years means that zero-day vulnerabilities — in particular the ones that exploits are created for [in the gray market] — are likely old,” write lead researchers Lillian Ablon and Andy Bogart in their paper “Zero Days, Thousands of Nights.”

Rand, a nonprofit research group, is the first to study in this manner a database of exploits that are in the wild and being actively used in hacking operations. Previous studies of zero days have used manufactured data or the vulnerabilities and exploits that get submitted to vendor bug bounty programs — programs in which software makers or website owners pay researchers for security holes found in their software or websites.

The database used in the study belongs to an anonymous company referred to in the report as “Busby,” which amassed the exploits over 14 years, going back to 2002. Busby’s full database actually has around 230 exploits in it, about 100 of which are still considered active, meaning they are unknown to the software vendors and therefore no patches are available to fix them. The Rand researchers only had access to information on 207 zero days — the rest are recently discovered exploits the company withheld from Rand’s set “due to operational sensitivity.”

While it’s not known how many of these exploits are in the U.S. government’s arsenal, Jason Healey, a senior research scholar at Columbia University’s School for International and Public Affairs, believes the U.S. government’s zero-day stockpile is comparable in size to Busby’s.
Riaz Haq said…
The global war in Cyberia has begun — and will never end

by NIALL FERGUSON

http://www.theaustralian.com.au/news/world/the-times/the-global-war-in-cyberia-has-begun-and-will-never-end/news-story/3945b41441acaf8e51b36fd4548746df


To each American administration, its war. For Truman and Eisenhower, Korea. For Kennedy, Johnson and Nixon, Vietnam. For Carter and Reagan, the culmination of the Cold War. For both Bushes, Iraq. For Clinton, ex-Yugoslavia. For Obama, Afghanistan.

Which will be Donald Trump’s war? There is good reason to fear it could the Second Korean War. Or it could be yet another quagmire in the Middle East. His most excitable critics warn that the Third World War will happen on his watch. But I am more worried about the First Cyber War — because that war has already begun.

Last week’s cyber-attack was just the latest directed against the US by WikiLeaks: the release of a vast cache of documents stolen from the CIA.

In a tweet, WikiLeaks claimed these revealed “CIA hacker malware a threat to journalists: infests iPhone, Android bypassing Signal, Confide encryption”.

Actually, none of the documents mentions Signal, but that’s not the point. In the strange land of Cyberia — the twilight zone inhabited by Russian intelligence operatives — cyber-warfare is mainly about the spread of disinformation under the guise of leaking classified or confidential information.


To visit the WikiLeaks website is to enter the trophy room of Cyberia. Here is the “Hillary Clinton Email Archive”, over there are “The Podesta Emails”. Not all the leaked documents are American, but you will look in vain for leaks calculated to embarrass Russia. Julian Assange may still skulk in the Ecuadorean embassy in London but he lives in Cyberia, Vladimir Putin’s honoured guest.


---
Computer scientists have understood the disruptive potential of cyber-warfare since the earliest days of the internet. At first it was adolescent hackers who caused mayhem: geeks such as Robert Tappan Morris, who almost crashed the internet in 1988 by releasing a highly infectious software worm.

It is still the case that a lot of cyber-attacks are carried out by non-state actors: teenage vandals, criminals, “hacktivists” or terrorist organisations. However, the most striking development of the past year has been the advent of Cyberia.

As the country that built the internet, the US was bound to lead in cyber-warfare. During the 2003 Iraq invasion, US spies penetrated Iraqi networks and sent messages urging generals to surrender. Seven years later the US and Israel unleashed the Stuxnet virus on Iran’s nuclear facilities. The problem is not just that two can play at that game. It is that no one knows how many people can play at any number of cyber-games.

In recent years, the US has found itself under cyber-attack from Iran, North Korea and China. However, these attacks were directed against companies (notably Sony Pictures). The Russians are the first to wage war directly against the US government. They learnt the ropes in attacks on Estonia, Georgia and Ukraine. Last year, using WikiLeaks and the blogger Guccifer 2.0 as proxies, they launched a sustained assault on the US political system, using the Clinton emails and those of her campaign manager John Podesta to undermine the credibility of the Democratic Party’s presidential candidate.

-----

Like the financial network, our social, commercial and infrastructural networks are under constant attack from fools and knaves. There is nothing we can do to stop them. The most we can do is to design networks so that the ravages of Cyberia can’t cause a total outage.

Trump’s war has begun: it is the First Cyber War. Like all wars, its first casualty was truth. Unlike other wars, it will have no last casualty, as it is a war without end. Get used to it. Or get rid of your computer.
Riaz Haq said…
Can Cyber Warfare Be Deterred? by Joseph Nye

https://www.project-syndicate.org/commentary/cyber-warfare-deterrence-by-joseph-s--nye-2015-12

Fear of a “cyber Pearl Harbor” first appeared in the 1990s, and for the past two decades, policymakers have worried that hackers could blow up oil pipelines, contaminate the water supply, open floodgates and send airplanes on collision courses by hacking air traffic control systems. In 2012, then-US Secretary of Defense Leon Panetta warned that hackers could “shut down the power grid across large parts of the country.”
None of these catastrophic scenarios has occurred, but they certainly cannot be ruled out. At a more modest level, hackers were able to destroy a blast furnace at a German steel mill last year. So the security question is straightforward: Can such destructive actions be deterred?
The Year Ahead 2017 Cover Image
It is sometimes said that deterrence is not an effective strategy in cyberspace, because of the difficulties in attributing the source of an attack and because of the large and diverse number of state and non-state actors involved. We are often not sure whose assets we can hold at risk and for how long.
Attribution is, indeed, a serious problem. How can you retaliate when there is no return address? Nuclear attribution is not perfect, but there are only nine states with nuclear weapons; the isotopic identifiers of their nuclear materials are relatively well known; and non-state actors face high entry barriers.
None of this is true in cyberspace where a weapon can consist of a few lines of code that can be invented (or purchased on the so-called dark web) by any number of state or non-state actors. A sophisticated attacker can hide the point of origin behind the false flags of several remote servers.
While forensics can handle many “hops” among servers, it often takes time. For example, an attack in 2014 in which 76 million client addresses were stolen from JPMorgan Chase was widely attributed to Russia. By 2015, however, the US Department of Justice identified the perpetrators as a sophisticated criminal gang led by two Israelis and an American citizen who lives in Moscow and Tel Aviv.
Attribution, however, is a matter of degree. Despite the dangers of false flags and the difficulty of obtaining prompt, high-quality attribution that would stand up in a court of law, there is often enough attribution to enable deterrence.
For example, in the 2014 attack on SONY Pictures, the United States initially tried to avoid full disclosure of the means by which it attributed the attack to North Korea, and encountered widespread skepticism as a result. Within weeks, a press leak revealed that the US had access to North Korean networks. Skepticism diminished, but at the cost of revealing a sensitive source of intelligence.
Prompt, high-quality attribution is often difficult and costly, but not impossible. Not only are governments improving their capabilities, but many private-sector companies are entering the game, and their participation reduces the costs to governments of having to disclose sensitive sources. Many situations are matters of degree, and as technology improves the forensics of attribution, the strength of deterrence may increase.
Moreover, analysts should not limit themselves to the classic instruments of punishment and denial as they assess cyber deterrence. Attention should also be paid to deterrence by economic entanglement and by norms.
Economic entanglement can alter the cost-benefit calculation of a major state like China, where the blowback effects of an attack on, say, the US power grid could hurt the Chinese economy. Entanglement probably has little effect on a state like North Korea, which is weakly linked to the global economy. It is not clear how much entanglement affects non-state actors. Some may be like parasites that suffer if they kill their host, but others may be indifferent to such effects.
Riaz Haq said…
As for norms, major states have agreed that cyber war will be limited by the law of armed conflict, which requires discrimination between military and civilian targets and proportionality in terms of consequences. Last July, the United Nations Group of Government Experts recommended excluding civilian targets from cyberattacks, and that norm was endorsed at last month’s G-20 summit.
It has been suggested that one reason why cyber weapons have not been used more in war thus far stems precisely from uncertainty about the effects on civilian targets and unpredictable consequences. Such norms may have deterred the use of cyber weapons in US actions against Iraqi and Libyan air defenses. And the use of cyber instruments in Russia’s “hybrid” wars in Georgia and Ukraine has been relatively limited.
The relationship among the variables in cyber deterrence is a dynamic one that will be affected by technology and learning, with innovation occurring at a faster pace than was true of nuclear weapons. For example, better attribution forensics may enhance the role of punishment; and better defenses through encryption may increase deterrence by denial. As a result, the current advantage of offense over defense may change over time.

Cyber learning is also important. As states and organizations come to understand better the importance of the Internet to their economic wellbeing, cost-benefit calculations of the utility of cyber warfare may change, just as learning over time altered the understanding of the costs of nuclear warfare.
Unlike the nuclear age, when it comes to deterrence in the cyber era, one size does not fit all. Or are we prisoners of an overly simple image of the past? After all, when nuclear punishment seemed too draconian to be credible, the US adopted a conventional flexible response to add an element of denial in its effort to deter a Soviet invasion of Western Europe. And while the US never agreed to a formal norm of “no first use of nuclear weapons,” eventually such a taboo evolved, at least among the major states. Deterrence in the cyber era may not be what it used to be, but maybe it never was

https://www.project-syndicate.org/commentary/cyber-warfare-deterrence-by-joseph-s--nye-2015-12
Riaz Haq said…
US scientists at U of Michigan hack' #India electronic #vote17 machines - BBC News. #UPElection2017

http://www.bbc.com/news/10123478

Scientists at a US university say they have developed a technique to hack into Indian electronic voting machines.
After connecting a home-made device to a machine, University of Michigan researchers were able to change results by sending text messages from a mobile.
Indian election officials say their machines are foolproof, and that it would be very difficult even to get hold of a machine to tamper with it.
India uses about 1.4m electronic voting machines in each general election.
'Dishonest totals'
A video posted on the internet by the researchers at the University of Michigan purportedly shows them connecting a home-made electronic device to one of the voting machines used in India.
Professor J Alex Halderman, who led the project, said the device allowed them to change the results on the machine by sending it messages from a mobile phone.

"We made an imitation display board that looks almost exactly like the real display in the machines," he told the BBC. "But underneath some of the components of the board, we hide a microprocessor and a Bluetooth radio."
"Our lookalike display board intercepts the vote totals that the machine is trying to display and replaces them with dishonest totals - basically whatever the bad guy wants to show up at the end of the election."
In addition, they added a small microprocessor which they say can change the votes stored in the machine between the election and the vote-counting session.
India's electronic voting machines are considered to be among the most tamperproof in the world.
There is no software to manipulate - records of candidates and votes cast are stored on purpose-built computer chips.
Paper and wax seals
India's Deputy Election Commissioner, Alok Shukla, said even getting hold of machines to tamper with would be very difficult.
"It is not just the machine, but the overall administrative safeguards which we use that make it absolutely impossible for anybody to open the machine," he told the BBC.
"Before the elections take place, the machine is set in the presence of the candidates and their representatives. These people are allowed to put their seal on the machine, and nobody can open the machine without breaking the seals."
The researchers said the paper and wax seals could be easily faked.
However, for their system to have any impact they would need to install their microchips on many voting machines, no easy task when 1,368,430 were used in the last general election in 2009.
Riaz Haq said…
India, Pakistan cyber war intensifies

https://www.thenews.com.pk/print/176619-India-Pakistan-cyber-war-intensifies

NEW DELHI: Indian hackers claimed to have hacked Islamabad, Peshawar, Multan International and Karachi airport

The hack comes just days after Pakistani hackers, identifying themselves as 'Alone Injector', posted offensive content on NSG's official homepage. As most were preparing to celebrate New Year, hackers from India and Pakistan were busy firing shots across the online border in the ongoing cyber war between the two countries.

Indian hackers allegedly infected three Pakistan airport websites with ransomware claiming that this was to avenge hacking of the official website of the elite National Security Guard (NSG) by their counterpart in Pakistan.

Indian hackers on Monday night claimed to have hacked Islamabad, Peshawar, Multan International and Karachi airport website. Not only they have hacked and brought the website down, but have also injected it with ransomware malware which restricts the owners use of their website. Indian hackers locked the access to the websites and are demanding bitcoins (virtual money) in exchange for unlocking it. However, an Indian hacker told Mail Today that last time the money they got from Pakistan to unlock their computer was donated to needy kids but this time, they will not share the key to unlock the sites.

The move came just a day after Pakistani hackers, identifying themselves as 'Alone Injector', posted the offensive content on NSG's official homepage. The website belonging to the 'black cat' commandos is maintained from the NSG headquarters and gives out basic information about the force, its origin and operations.

The matter has been brought to the notice of the National Informatics Centre, and remedial action is in process. Retaliating immediately, Indian hackers have launched a massive attack on crucial Pakistan establishment and warned both Pakistan hackers and the government against attacking India further.

This hacking group in past had infected the Pakistan government systems, taken control over hundreds of computers and locked its complete data, making it inaccessible - using a malicious programme. The hacking group also leaked details of Pakistan army officers and banking details.

However, there was no confirmation by any security agency about it as the hackers from both the countries are not officially. This fighting started last week after Pakistan cyber attackers hacked

Thiruvananthapuram airport's website, a group of cyber experts from Kerala - the 'Mallu Cyber Soldiers' - decided to respond in kind: by hacking the website of a Pakistani airport. The hacker obtained the login information for the website of the Sialkot International Airport in Pakistan's Punjab province. They changed the password and shared the new login details with the public. Experts believe the hacking of airport websites can be used to get out crucial information about flights, which can have serious consequences.

Moreover, leaking of details about the individual airports - from logistics to facilities - is also dangerous. Experts believe that intelligence-gathering process has increased as hackers are not only defacing the sites but are silently spying on critical networks. 'Indian hackers have only replied after observing malicious intention of Pakistani hackers.

'Techies across the border targeted Indian sites result of which NSG's website was hacked. Such fights are common but now the intensity of attacks have increased many fold as hackers from both the countries are targeting crucial websites,' said Kislay Choudhary, a cyber crime expert.
Riaz Haq said…
America must defend itself against the real national security menace

by Fareed Zakaria

1. Punishment
2. Defense
3. Taboo

https://www.washingtonpost.com/opinions/the-united-states-must-defend-itself-against-the-real-national-security-menance/2017/03/09/6ce0c586-050a-11e7-b9fa-ed727b644a0b_story.html?utm_term=.8eef381e98f8


Since the North Korean government’s 2014 attacks on Sony Pictures Entertainment, many in the intelligence community, including Adm. Michael S. Rogers, have warned that “we’re at a tipping point.” Rogers, head of the National Security Agency and U.S. Cyber Command, testified to Congress in 2015 that the country had no adequate deterrent against cyberattacks. He and many others have argued for an offensive capacity forceful enough to dissuade future threats.

But the digital realm is a complex one, and old rules will not easily translate. The analogy that many make is to nuclear weapons. In the early Cold War, that new category of weaponry led to the doctrine of deterrence, which in turn led to arms-control negotiations and other mechanisms to foster stable, predictable relations among the world’s nuclear powers.

But this won’t work in the cyber realm, Joseph Nye says in an important new essay in the journal International Security. First, the goal of nuclear deterrence has been “total prevention” — to avert a single use of nuclear weapons. Cyberattacks happen all the time, everywhere. The Defense Department reports getting 10 million attacks a day. Second, there is the problem of attribution. Nye quotes defense official William Lynn, who observed in 2010, “Whereas a missile comes with a return address, a computer virus generally does not.” That’s why it is so easy for the Russian government to deny any involvement with the hacking against the Democratic National Committee. It is hard to establish ironclad proof of the source of any cyberattack — which is a large part of its attractiveness as an asymmetrical weapon.


Nye argues that there are four ways to deal with cyberattacks: punishment, entanglement, defense and taboos. Punishment involves retaliation, and although it is worth pursuing, both sides can play that game, and it could easily spiral out of control.

Entanglement means that if other countries were to harm the United States, their own economies would suffer. It strikes me as of limited value because there are ways to attack the United States discreetly without shooting oneself in the foot (as Russia has shown recently, and as Chinese cybertheft of intellectual property shows as well). And it certainly wouldn’t deter groups such as the Islamic State, al-Qaeda or even WikiLeaks.

The other two strategies merit more consideration. Nye contends that the United States should develop a serious set of defenses, beyond simply governmental networks, that are modeled on public health. Regulations and information would encourage the private sector to follow some simple rules of “cyber hygiene” that could go a long way toward creating a secure national network. This new system of defenses should become standard in the digital world.

The final strategy Nye suggests is to develop taboos against certain forms of cyberwarfare. He points out that after the use of chemical weapons in World War I, a taboo grew around their use, was enacted into international law and has largely held for a century. Similarly, in the 1950s, many strategists saw no distinction between tactical nuclear weapons and “normal” weapons. Gradually, countries came to shun any use of nuclear weaponry, a mutual understanding that has also survived for decades. Nye recognizes that no one is going to stop using cyber-tools but believes that perhaps certain targets could be deemed off-limits, such as purely civilian equipment.

Of course, the development of such norms would involve multilateral negotiations, international forums, rules and institutions, all of which the Trump administration views as globaloney. But at least it is working hard to prevent Yemeni tourists from entering the country.
Riaz Haq said…
Wikileaks reveal #American #Spy Agency #NSA #Cyber Weapons Used to Hack #Pakistan mobile system http://bit.ly/2nQ1VHn via @techjuicepk

New information about the involvement of US in hacking Pakistan mobile system has been found in a release by Wikileaks. This leak points to NSA’s cyber weapons which include code related to hacking of Pakistan mobile system.

NSA’s interest in Pakistan
NSA, National Security Agency responsible for global monitoring, collection, and processing of information and data for foreign intelligence and counterintelligence purposes in the USA, has allegedly spied on Pakistani civilian and military leadership in the past. Edward Snowden, a former NSA employee, has also suggested in the past that NSA used wiretapping and cyber weapons to spy on many international leaders.

Scope of new information
On Saturday, Wikileaks revealed hundreds of cyber weapons variants which include code pointing towards NSA hacking Pakistan mobile system.

The link shared in the tweet by Wikileaks’ official account points to a Github repository containing the decrypted files pertaining to NSA cyber weapons. A complete analysis of these files by a cyber security expert is needed to further highlight the severity of the situation. Initial impressions, however, seem to indicate that these leaks will certainly provide more substance to previous allegations against NSA.
Riaz Haq said…
#Cyberattack Hits #Ukraine Then Spreads Internationally. #NSA #hackingtool #WannaCry #Petya #Russia

https://www.nytimes.com/2017/06/27/technology/ransomware-hackers.html

Computer systems from Ukraine to the United States were struck on Tuesday in an international cyberattack that was similar to a recent assault that crippled tens of thousands of machines worldwide.

In Kiev, the capital of Ukraine, A.T.M.s stopped working. About 80 miles away, workers were forced to manually monitor radiation at the old Chernobyl nuclear plant when their computers failed. And tech managers at companies around the world — from Maersk, the Danish shipping conglomerate, to Merck, the drug giant in the United States — were scrambling to respond. Even an Australian factory for the chocolate giant Cadbury was affected.

It was unclear who was behind this cyberattack, and the extent of its impact was still hard to gauge Tuesday. It started as an attack on Ukrainian government and business computer systems — an assault that appeared to have been intended to hit the day before a holiday marking the adoption in 1996 of Ukraine’s first Constitution after its break from the Soviet Union. The attack spread from there, causing collateral damage around the world.

The outbreak was the latest and perhaps the most sophisticated in a series of attacks making use of dozens of hacking tools that were stolen from the National Security Agency and leaked online in April by a group called the Shadow Brokers.

Like the WannaCry attacks in May, the latest global hacking took control of computers and demanded digital ransom from their owners to regain access. The new attack used the same National Security Agency hacking tool, Eternal Blue, that was used in the WannaCry episode, as well as two other methods to promote its spread, according to researchers at the computer security company Symantec.

The National Security Agency has not acknowledged its tools were used in WannaCry or other attacks. But computer security specialists are demanding that the agency help the rest of the world defend against the weapons it created.

“The N.S.A. needs to take a leadership role in working closely with security and operating system platform vendors such as Apple and Microsoft to address the plague that they’ve unleashed,” said Golan Ben-Oni, the global chief information officer at IDT, a Newark-based conglomerate hit by a separate attack in April that used the agency’s hacking tools. Mr. Ben-Oni warned federal officials that more serious attacks were probably on the horizon.

The vulnerability in Windows software used by Eternal Blue was patched by Microsoft in March, but as the WannaCry attacks demonstrated, hundreds of thousands of groups around the world failed to properly install the fix.

“Just because you roll out a patch doesn’t mean it’ll be put in place quickly,” said Carl Herberger, vice president for security at Radware. “The more bureaucratic an organization is, the higher chance it won’t have updated its software.”

Because the ransomware used at least two other ways to spread on Tuesday — including stealing victims’ credentials — even those who used the Microsoft patch could be vulnerable and potential targets for later attacks, according to researchers at F-Secure, a Finnish cybersecurity firm, and others.

A Microsoft spokesman said the company’s latest antivirus software should protect against the attack.

The Ukrainian government said several of its ministries, local banks and metro systems had been affected. A number of other European companies, including Rosneft, the Russian energy giant; Saint-Gobain, the French construction materials company; and WPP, the British advertising agency, also said they had been targeted.
Riaz Haq said…
The Opinion Pages | EDITORIAL

When Cyberweapons Go Missing
By THE EDITORIAL BOARDJULY 4, 2017

https://www.nytimes.com/2017/07/04/opinion/cyberweapons-nsa-attacks.html

Twice in the past few months, powerful cyberattacks have wreaked havoc on the world, shutting down tens of thousands of computers, including critical machines in hospitals, a nuclear site and businesses. The attacks were initially thought to be schemes to collect ransom, but their goals — whether money, politics or just chaos — have become increasingly blurred. One thing seems clear: The weapons for the attack were developed by the National Security Agency and stolen from it.

That’s chilling. After the first attack, Brad Smith, the president of Microsoft, said the theft of the cyberweapons was equivalent to Tomahawk missiles’ being stolen from the military, and he issued a scathing critique of the government’s stockpiling of computer vulnerabilities. The N.S.A. has not only failed to assist in identifying the vulnerabilities its weapons were designed to exploit but has also not even acknowledged their existence or their theft.

It remains a mystery whether the N.S.A. knows how its weapons were stolen. What is known is that a group called Shadow Brokers started offering them for sale in August and made them public in April. It promised a fresh batch last month, offering them to monthly subscribers. Former intelligence officials said it was clear the weapons came from an N.S.A. unit formerly known as Tailored Access Operations.

Once publicly available, the weapons can be reconfigured for many purposes and used by anyone with some computer savvy. North Korea was thought to be a culprit in the first wave of attacks, and Russian hackers may have been behind the second. Other forces may be at work, too. A cybersecurity officer with the IDT Corporation in Newark, Golan Ben-Oni, has made waves with warnings that ransom demands could be a cover for far deeper invasions to steal confidential information.

Secrecy, of course, is the N.S.A.’s stock in trade, and acknowledging authorship of stolen cyberweapons runs counter to everything the spy agency does. A spokesman for the National Security Council at the White House was quoted as saying that the administration “is committed to responsibly balancing national security interests and public safety and security.”

Fixing this deadly serious problem is certain to be complex, but the task is urgent. The N.S.A. clearly needs to do a better job of safeguarding the cyberweapons it is developing and also neutralizing the damage their theft has unleashed. Microsoft, whose software vulnerabilities were exploited in the attacks, and companies that use its software will have to strengthen their defenses.

Beyond that, the federal government may want to offer grants as incentives to groups doing malware analysis. Once conclusively identified, the culprits behind the attacks must be penalized in some way, such as with sanctions. While the immediate focus needs to be on concrete responses, it is also worth thinking seriously about more global cooperation, such as the Digital Geneva Convention proposed by Microsoft as a way to prevent cyberwarfare.
Riaz Haq said…
Pakistan military access metadata, texts, photos from hacked phones of Australian diplomats

https://www.theaustralian.com.au/national-affairs/foreign-affairs/pakistani-military-suspected-of-hacking-phones-of-australian-diplomats/news-story/83806eb1ae83bca12906d8bb02cb13ff

The Pakistani military is alleged to have hacked information from Australian diplomats potentially gaining access to sensitive metadata, texts and photos and tracking their movements.

The hacking is thought to have occurred after the Australians interacted with those whose phones were compromised after they downloaded apps or had their phones physically accessed by the hackers.

A just-published report by a United States mobile phone data security company, Lookout, detailed the hacking which it said it had reported to the appropriate authorities and may have links back to an individual previously associated with a Sydney-based company.

Lookout’s report said it had identified over 15 gigabytes of compromised data that included call records, audio recordings, device location information, text messages and photos.

It said analysis of the exfiltrated data found details of trips to the Pakistani cities of Quetta, and Balochistan by Australian diplomats.

The report contains an image of what appears to be a document detailing an itinerary for Australian diplomats.

“Visit of Australian diplomats” is the heading of the document which has been redacted by Lookout but appears to reference the names of the individuals undertaking a visit and discuss security arrangements.

The report says the tools were part of a “highly targeted intelligence gathering campaign we believe is operated by members of the Pakistani military” using surveillanceware families Lookout referred to as Stealth Mango (Android) and Tangelo (iOS).

“Our research shows that Stealth Mango is being actively managed by Pakistani based actors that are likely military,’’ it says. “We determined that government officials and civilians from the United States, Australia, the United Kingdom and Iran had their data indirectly compromised after they interacted with Stealth Mango victims.’’

It says the Australians may have had their data stolen after they associated with users who had been compromised by the Stealth Mango surveillanceware.

“We further identified content from other countries officials and diplomats, including the United States, Australia, the United Kingdom and Iran, however we believe this data may have been stolen when these victims interacted with Stealth Mango victims,’’ it said.

Among data that is believed to be uploaded and tracked from infected phones was installed packages and device information, changes in SIM card or phone numbers on the device, picture, video and audio files, SMS logs and deleted incoming messages, GPS tracking, functionality to detect when a victim is driving, calendar events and reminders and contact lists for various third party applications such as Yahoo and Google Talk among others.

The report notes that the developer of the spyware may have at one point been associated with a company headquartered in Sydney that develops similar legal applications that track devices.

It suspects the developer is part of a group of developers selling mobile surveillance ware and is based in a specific area in the Pakistani capital Islamabad — potentially a government building associated with the Pakistani ministry of education.

The company says it has shared information about the breaches with the appropriate authorities.

“The actor behind Stealth Mango has stolen a significant amount of sensitive data from compromised devices without the need to resort to exploits of any kind,’’ it says.

“The actors that are developing this surveillanceware are also setting up their own command and control infrastructure and in some cases encountering some operational security missteps, enabling researchers to discover who the targets are and details about the actors operating it that otherwise are not as easily obtained.



Riaz Haq said…
Stealth Mango & Tangelo Selling your fruits to nation state actors 



https://info.lookout.com/rs/051-ESQ-475/images/lookout-stealth-mango-srr-us.pdf



Lookout Security Intelligence has discovered a set of custom Android and iOS surveillanceware tools we’re respectively calling Stealth Mango and Tangelo. These tools have been part of a highly targeted intelligence gathering campaign we believe is operated by members of the Pakistani military. Our investigation indicates this actor has used these surveillanceware tools to successfully compromise the mobile devices of government officials, members of the military, medical professionals, and civilians. To date, we have observed Stealth Mango being deployed against victims in Pakistan, Afghanistan, India, Iraq, Iran, and the United Arab Emirates. The surveillanceware also retrieved sensitive data from individuals and groups in the United States, Australia, and the United Kingdom. These individuals and groups were not themselves targeted, but interacted with individuals whose devices had been compromised by Stealth Mango or Tangelo. We believe that the threat actor behind Stealth Mango is also behind Op C Major and Transparent Tribe.

Key findings Lookout researchers have identified a new mobile malware family called Stealth Mango. • Our research shows that Stealth Mango is being actively managed by Pakistani based actors that are likely military. • Stealth Mango is being used in targeted surveillance operations against government officials, members of the military, and activists in Pakistan, Afghanistan, India, Iraq, and the United Arab Emirates. • We determined that government officials and civilians from the United States, Australia, the United Kingdom, and Iran had their data indirectly compromised after they interacted with Stealth Mango victims. • The actors behind Stealth Mango typically lure victims via phishing, but they may also have physical access to victims’ devices. • The attacker has multi-platform capabilities. We know of the Android component and there is evidence of an iOS component. The evidence is as follows: • A sample Debian package on attacker infrastructure called Tangelo • EXIF data from exfiltrated content showed data from iPhones • WHOIS information from the attackers show registrations for the following domains: iphonespyingsoftware[.]org, iphonespyingapps[.]org, and iphonespyingapps[.]info We have identified over 15 gigabytes of compromised data on attacker infrastructure. • Exfiltrated content includes call records, audio recordings, device location information, text messages, and photos. • We found attacker infrastructure running the WSO web shell, which provides a third party with complete control over the server. • The actor deploying Stealth Mango appears to have a primarily mobile-focused capability. Stealth Mango and Tangelo appear to have been created by freelance developers with physical presences in Pakistan, India, and the United States. • These individuals belong to the same developer group. • We linked their tooling to several commodity mobile surveillance tools suggesting that they are either sharing code or have engaged with several distinct customers who are being delivered tooling based off similar source code.

Riaz Haq said…
Could Offensive #Cyber Capabilities Tip #India and #Pakistan to War? India launched Operation Hangover targeting Pakistan and, in response, Pakistan responded with Operation Arachnophobia, seeking to obtain intelligence from Indian officials @Diplomat_APAC http://thediplomat.com/2019/03/could-offensive-cyber-capabilities-tip-india-and-pakistan-to-war/

While both countries are responding to the rise in cyberattacks with national strategies and increased defensive capabilities, we do not know how they will set the rules when it comes to offensive cyber operations. We do know both countries are pursuing cybersecurity to protect against cyberattacks.

India has been establishing national cybersecurity policies to address the rise in persistent cyberattacks. The country is vulnerable to cyberattacks—it was ranked as the second most vulnerable nation-state targeted by cyberattacks in a survey by security company Symantec. As India’s economy has shifted toward information and communications technology (ICT), which includes information technology services, commerce, and banking sectors, there are concerns of cyberespionage and cyberattacks taking place against Indian industries and businesses.

In fact, according to a study commissioned by the High Court of India, cyber-related crimes cost Indian businesses $4 billion in 2013. This has led the government and private sector to increase their efforts to protect these industries. Back in 2013, India unveiled its National Cyber Security policy. This policy outlined measures the government would take in protecting India’s critical infrastructure. However, many critics point out this national policy has done little to curb cyberattacks as there is no way to implement many of its policies.

Pakistan is also on alert, though it does not have a national cybersecurity strategy document, despite efforts in Islamabad to develop a framework that will protect critical institutions from cyberattacks. These efforts have been motivated in part by the Edward Snowden leaks, which detailed the U.S. National Security Agency’s spying on Pakistan and were an inflection point for Pakistani government officials, as they realized they needed to address the gaps in their information security. A national Cyber Security Strategy was presented to the National Assembly, but no headway has been made yet on implementing the proposed actions, which included the creation of a national CERT and an Inter-Services Cyber Command Center that would streamline cyber defense for Pakistan’s Army. Pakistan still does not have an official national cybersecurity strategy.

Both countries’ security postures are transforming slowly to introduce cybersecurity. However, there is still not enough data available on what types of technologies these countries possess and how integrated these technologies are in India and Pakistan’s national security strategies. There are reports that both countries have engaged in offensive cyber operations. Each country has their own cyberespionage division, which siphons critical information from other national-states’ security and intelligence organizations.

India launched Operation Hangover that has targeted Pakistan and, in response, Pakistan spearheaded Operation Arachnophobia, which sought to obtain intelligence from Indian officials. While these operations are well-known, there is still a lack of awareness on how much each country spends on cyber technologies and the types of technologies they are employing. India is one of the largest spenders on military, yet the cybersecurity budget is “inadequate” for the growing cyber threat.

Understanding cyber capabilities is important because they can change geopolitical calculations. For example, the low cost of entry for offensive cyber capabilities benefits less resourced actors, and “offense preference” in cyberspace makes it easier to succeed on offense than at defense.
Riaz Haq said…
#India says a #Pakistani spy used bots to lure 98 #Indian targets in Army, Navy and Air Force, including #BrahMos #Missile Project Engineer, on #Facebook using 'Whisper', 'Gravity Rat' malware.
http://toi.in/xozvDa41/a24gk via @timesofindia

A recent investigation revealed how a Pakistani spy on Facebook named Sejal Kapoor hacked into the computers of 98 Indian defence officials since 2015. She was also involved in the leak of classified files of BrahMos missile in 2018.

It has been revealed that the hacker targeted officials from Indian Army, Navy, Air Force, paramilitary forces and state police personnel in Rajasthan, Madhya Pradesh, Uttar Pradesh, and Punjab between 2015 and 2018, reported TOI.

The hacker deceived her targets by sharing pictures and videos using a software malware called "Whisper", which is reported to be connected to a third-party server in a West Asian country.

Sejal's involvement in last year's leakage of sensitive technical information to Pakistan was also established in the recent investigation.

In 2018, an engineer working at the BrahMos Aerospace Private Limited, Nishant Agarwal, was arrested for providing technical information on BrahMos missiles to Pakistan in a joint operation by the Uttar Pradesh and Maharashtra Anti-Terrorism Squad (ATS) as well as the Military Intelligence (MI).

It was then revealed that Agarwal exchanged sensitive information to Pakistan spy agency Inter-Services Intelligence (ISI) based on evidence found on his personal computer and Facebook chat records.

Apart from the "Whisper" application, another software that the spy used was "Gravity Rat." The Indian intelligence agencies say that both the software use "self-aware" detection techniques as well as VPN hiding mechanism that enables a hacker to use around 25 internet addresses. The complex malware technology is stated to not be easily identified by anti-malware software.

The five dozen chats recently uncovered by intelligence agency revealed that Sejal would "force install" the Whisper app on computers of the targeted officials, reported TOI.

"Instantly, after getting downloaded, the malware first prompts the user to key in a code. It's to ensure that the app is not a virus or malware. Immediately after that, it scans all latest attachments sent from the computer in emails or downloads. It then scans all files with photographs, databases of MS Word and MS Excel, by first verifying their encryption keys and then opening their passwords," said a senior intelligence officer, reported TOI.

According to Sejal's Facebook profile, the hacker is an employer of a company called "Growth Company" in Manchester, the UK. Experts have claimed that such cases of armed force officials "honey-trapped" into sharing classified information are a threat to India's national security.

Last year, a Border Security Force (BSF) soldier was arrested by Uttar Pradesh ATS on September 18 for sharing key information about the unit's operations to a female Pakistan ISI agent, who claimed to be a defence reporter.

Riaz Haq said…
#Israeli #spyware allegedly used to target #Pakistani officials' phones. The details are likely to fuel speculation that #India could have been using NSO #technology for domestic and international surveillance. #Modi #RAW #WhatsApp
https://www.theguardian.com/world/2019/dec/19/israeli-spyware-allegedly-used-to-target-pakistani-officials-phones?CMP=share_btn_tw

The mobile phones of at least two dozen Pakistani government officials were allegedly targeted earlier this year with technology owned by the Israeli spyware company NSO Group, the Guardian has learned.

Scores of Pakistani senior defence and intelligence officials were among those who could have been compromised, according to sources familiar with the matter who spoke on the condition of anonymity.

The alleged targeting was discovered during an analysis of 1,400 people whose phones were the focus of hacking attempts in a two-week period earlier this year, according to the sources.

All the suspected intrusions exploited a vulnerability in WhatsApp software that potentially allowed the users of the malware to access messages and data on the targets’ phones.

The discovery of the breach in May prompted WhatsApp, which is owned by Facebook, to file a lawsuit against NSO in October in which it accused the company of “unauthorised access and abuse” of its services.

The lawsuit claimed intended targets included “attorneys, journalists, human rights activists, political dissidents, diplomats, and other senior foreign government officials”.

NSO has said it will vigorously contest the claim and has insisted that its technology is only used by law enforcement agencies around the world to snare criminals, terrorists and paedophiles.

The alleged targeting of Pakistani officials gives a first insight into how NSO’s signature “Pegasus” spyware could have been used for “state-on-state” espionage.


2017's top business stories: Whole Foods, hackers and a giant rabbit
Read more
The details also raise fresh questions about how NSO’s clients use its spyware.

“This kind of spyware is marketed as designed for criminal investigations. But the open secret is that it also winds up being used for political surveillance and government-on-government spying,” said John Scott-Railton, a senior researcher at the Citizen Lab, an academic research group located at the University of Toronto that has worked with WhatsApp to help identify victims of the alleged hacks.

“Spyware companies are clearly contributing to the proliferation of state-on-state technological espionage. No government seems particularly immune. This is probably further stretching the patience of governments around the world with this industry,” he added.

The Pakistani embassies in London and Washington declined multiple requests for comment. WhatsApp declined to comment.

Representatives for NSO declined to comment on questions about whether the company’s software had been used for government espionage.

The company has previously said it considered it a “misuse” of its product if the software was used for anything other than the prevention of “serious crime and terrorism”.

While it is not clear who wanted to target Pakistani government officials, the details are likely to fuel speculation that India could have been using NSO technology for domestic and international surveillance.

The government of the Indian prime minister, Narendra Modi, is facing questions from human rights activists about whether it has bought NSO technology after it emerged that 121 WhatsApp users in India were allegedly targeted earlier this year.

The figure included about two dozen alleged victims who are journalists, activists and human rights lawyers, a fact that prompted Modi opponents in the Indian National Congress to seek a supreme court inquiry into the matter.

Pakistan has not publicised the alleged hack, but there are signs the government, led by the prime minister, Imran Khan, is taking steps to address the matter.

Riaz Haq said…
Rank 2019

Rank 2020 Country Score 2019 Score 2020 % of Mobiles Infected with Malware Financial Malware Attacks (% of Users) % of Computers Infected with Malware % of Telnet Attacks by Originating Country (IoT) % of Attacks by Cryptominers Best Prepared for Cyberattacks Most Up-to-Date Legislation
1 1 Algeria 55.75 48.99 26.47 0.5 19.75 0.07 1.27 0.262 1
- 1 Tajikistan - 48.54 2.62 1.4 8.12 0.01 7.90 0.263 2
- 3 Turkmenistan - 48.39 4.89 1.1 5.84 0 7.79 0.115 2
- 4 Syria - 44.51 10.15 1.2 13.99 0.01 1.36 0.237 1
9 5 Iran 43.29 43.48 52.68 0.8 7.21 3.31 1.43 0.641 2
8 6 Belarus 45.09 41.64 2.10 2.9 13.34 0.05 2.35 0.578 3
6 7 Bangladesh 47.21 40.36 30.94 0.8 16.46 0.38 1.91 0.525 3.5
7 8 Pakistan 47.10 40.33 28.13 0.8 9.96 0.37 2.41 0.407 2.5
5 9 Uzbekistan 50.50 39.41 4.14 2.1 10.5 0.02 4.99 0.666 3
4
According to our study, Algeria is still the least cyber-secure country in the world despite its score improving slightly. With no new legislation (as was the same with all countries), it is still the country with the poorest legislation (only one piece of legislation — concerning privacy — is in place). It also scored poorly for computer malware infection rates (19.75%) and its preparation for cyberattacks (0.262). Nevertheless, only its score for lack of preparation that worsened over the last year (and its score for legislation which couldn’t get any worse). In all of the other categories, attacks declined, as was the common trend for most countries.

Other high-ranking countries were Tajikistan, Turkmenistan, Syria, and Iran, which took over from last year’s Indonesia, Vietnam, Tanzania, and Uzbekistan.

The highest-scoring countries per category were:

Highest percentage of mobile malware infections – Iran – 52.68% of users
Highest number of financial malware attacks – Belarus – 2.9% of users
Highest percent of computer malware infections – Tunisia – 23.26% of users
Highest percentage of telnet attacks (by originating country) – China – 13.78%
Highest percentage of attacks by cryptominers – Tajikistan – 7.9% of users
Least prepared for cyber attacks – Turkmenistan – 0.115
Worst up-to-date legislation for cybersecurity – Algeria – 1 key category covered
Apart from Algeria, China was the only country that stayed at the top of one of these lists – all of the other countries are new since last year.

https://www.comparitech.com/blog/vpn-privacy/cybersecurity-by-country/

Riaz Haq said…
Pakistan’s cyberspace at the mercy of hackers
Officials, experts say need to enact cybersecurity, data protection laws dire

https://tribune.com.pk/story/1938526/8-pakistans-cyberspace-mercy-hackers


As things stand, Pakistan counts itself among countries considered unsafe for internet users. The 2017 Global Cybersecurity Index places Pakistan at 67 on a list of 165 countries ranked according to how safe their cyber-environments are. Of Pakistan’s roughly 45 million internet users, a staggering 25% have been attacked one way or another by hackers.

In particular, the cyberattacks on Pakistani banks reported late last year underscored the woeful inadequacy of current cybercrime laws. In that episode, hackers stole credit card details of more than 20,000 customers from 22 Pakistani banks and leaked them over the ‘dark web’ – portions of the internet not open to public view and accessible only through special software.

Federal Investigation Agency (FIA) officials complain that current cybercrime laws do not recognise invasion of online privacy and unauthorised access to personal data as criminal offenses, putting Pakistani internet users at great risk of misuse of private information. To further complicate matters, social media networks and email services are not bound to relinquish any information for investigation.

Both officials and experts agree there is a pressing need to formulate an enforceable national cybersecurity framework and set up computer emergency response teams (CERTs) to prosecute and prevent such incidents.

Speaking to The Express Tribune, FIA Additional Director General Ammar Jaffery compared the lack of a legal framework covering cybersecurity to leaving a house unlocked.

“Would you not be practically inviting thieves to rob you? This is exactly what Pakistan’s current situation is with regards to cybersecurity,” he said, stressing the need to immediately introduce laws pertaining to cybersecurity. “Better cybersecurity supported by robust laws would deter would-be criminals from engaging in cybercrimes.”

“The Prevention of Electronic Crimes Act (PECA) which we have right now has some loopholes,” said Zeeshan Riaz, a lawyer who specialises in cybercrime cases. “Take data theft for example, there is no proper law covering it. If someone’s data was stolen today, authorities would encounter difficulties in determining cognisable and non-cognisable offenses, and obtaining warrants.”
Riaz Haq said…
#China Appears to Warn #India : Push Too Hard and the Lights Could Go Out in the Entire #SouthAsian Nation of 1.3 billion. Most of the #malware was never activated in the #Mumbai grid attack that was meant as a warning to #Modi. - The New York Times

https://www.nytimes.com/2021/02/28/us/politics/china-india-hacking-electricity.html

As border skirmishing increased last year, malware began to flow into the Indian electric grid, a new study shows, and a blackout hit Mumbai. It now looks like a warning.

Early last summer, Chinese and Indian troops clashed in a surprise border battle in the remote Galwan Valley, bashing each other to death with rocks and clubs.

Four months later and more than 1,500 miles away in Mumbai, India, trains shut down and the stock market closed as the power went out in a city of 20 million people. Hospitals had to switch to emergency generators to keep ventilators running amid a coronavirus outbreak that was among India’s worst.

Now, a new study lends weight to the idea that those two events may well have been connected — as part of a broad Chinese cybercampaign against India’s power grid, timed to send a message that if India pressed its claims too hard, the lights could go out across the country.

The study shows that as the standoff continued in the Himalayas, taking at least two dozen lives, Chinese malware was flowing into the control systems that manage electric supply across India, along with a high-voltage transmission substation and a coal-fired power plant.


The flow of malware was pieced together by Recorded Future, a Somerville, Mass., company that studies the use of the internet by state actors. It found that most of the malware was never activated. And because Recorded Future could not get inside India’s power systems, it could not examine the details of the code itself, which was placed in strategic power-distribution systems across the country. While it has notified Indian authorities, so far they are not reporting what they have found.

Stuart Solomon, Recorded Future’s chief operating officer, said that the Chinese state-sponsored group, which the firm named Red Echo, “has been seen to systematically utilize advanced cyberintrusion techniques to quietly gain a foothold in nearly a dozen critical nodes across the Indian power generation and transmission infrastructure.”

The discovery raises the question about whether an outage that struck on Oct. 13 in Mumbai, one of the country’s busiest business hubs, was meant as a message from Beijing about what might happen if India pushed its border claims too vigorously.

News reports at the time quoted Indian officials as saying that the cause was a Chinese-origin cyberattack on a nearby electricity load-management center. Authorities began a formal investigation, which is due to report in the coming weeks. Since then, Indian officials have gone silent about the Chinese code, whether it set off the Mumbai blackout and the evidence provided to them by Recorded Future that many elements of the nation’s electric grid were the target of a sophisticated Chinese hacking effort.

It is possible the Indians are still searching for the code. But acknowledging its insertion, one former Indian diplomat noted, could complicate the diplomacy in recent days between China’s foreign minister, Wang Yi, and his Indian counterpart, Subrahmanyam Jaishankar, in an effort to ease the border tensions.

https://www.recordedfuture.com/redecho-targeting-indian-power-sector/
Riaz Haq said…
Facebook says hackers in Pakistan targeted Afghan users amid government collapse

https://www.reuters.com/world/asia-pacific/exclusive-facebook-says-hackers-pakistan-targeted-afghan-users-amid-government-2021-11-16/

Hackers from Pakistan used Facebook to target people in Afghanistan with connections to the previous government during the Taliban's takeover of the country, the company's threat investigators said in an interview with Reuters.

Facebook (FB.O) said the group, known in the security industry as SideCopy, shared links to websites hosting malware which could surveil people's devices. Targets included people connected to the government, military and law enforcement in Kabul, it said. Facebook said it removed SideCopy from its platform in August.

The social media company, which recently changed its name to Meta, said the group created fictitious personas of young women as "romantic lures" to build trust and trick targets into clicking phishing links or downloading malicious chat apps. It also compromised legitimate websites to manipulate people into giving up their Facebook credentials.

"It's always difficult for us to speculate as to the end goal of the threat actor," said Facebook's head of cyber espionage investigations, Mike Dvilyanski. "We don't know exactly who was compromised or what the end result of that was."


Major online platforms and email providers including Facebook, Twitter Inc (TWTR.N), Alphabet Inc's (GOOGL.O) Google and Microsoft Corp's (MSFT.O) LinkedIn have said they took steps to lock down Afghan users' accounts during the Taliban's swift takeover of the country this past summer. read more

Facebook said it had not previously disclosed the hacking campaign, which it said ramped up between April and August, due to safety concerns about its employees in the country and the need for more work to investigate the network. It said it shared information with the U.S. State Department at the time it took down the operation, which it said had appeared "well-resourced and persistent."
Riaz Haq said…
Cyber Weapons And Fragile Peace Between India And Pakistan – OpEd
 January 22, 2021  Fatima Ahmed and Tajjalla Munir*  0 Comments
By Fatima Ahmed and Tajjalla Munir*



https://www.eurasiareview.com/22012021-cyber-weapons-and-fragile-peace-between-india-and-pakistan-oped/





After the advent of nuclear weapons, cyber weapons are the most destructive thing that we can imagine in this contemporary world. Nuclear weapons can lead to tangible damage. In the age when the world has become a global village, cyber weapons pose a threat to international peace. Cyberspace provided the fifth domain in the area of armed conflict. Previously, they were air, land, sea, and space.  Nuclear weapons are generally used for deterrence purposes and they are mostly used or considered as last option weapons, cyber-attack on the other hand can be materialized when there is no apparent conflict between two states. Due to the deep enmity between Indian and Pakistan, it will always a threat that both countries can target each other in cyberspace. When a cyber-attack is launched against India and Pakistan, they will blame each other but the perpetrators of this attack could be the third party. That could be state-sponsored cyber-attack or even non-state actors and individuals could carry out such endeavors. This has already happened, when a cyber-attack targeted some websites in India. Initially, Pakistan was made responsible for these attacks but later it was revealed that the offensive was done by a third party. It was due to insecurity and doubt present in both states about each other’s intentions or capabilities. While initially cyber-attacks can be very limited in scope but there are fair chances that it could escalate which could result in a conflict with the use of conventional weapons. Therefore in modern times, cyber weapons pose a great threat to the peaceful relations between India and Pakistan. That will ultimately lead to regional instability.
Riaz Haq said…
Mr. Modi has used the Israeli spyware to not only spy on his critics at home but also his perceived enemies abroad. Pakistani Prime Minister Imran Khan is among the most prominent targets of the Modi government's cyber attacks, according to a recently released Project Pegasus report. The Indian government has neither confirmed nor denied the report. The focus of the report is the use of the Israeli-made spyware by about a dozen governments to target politicians, journalists and activists. The users of the Pegasus software include governments of Bahrain, Morocco, Saudi Arabia, India, Mexico, Hungary, Azerbaijan, Togo and Rwanda.

http://www.riazhaq.com/2022/01/ny-times-modi-bought-israeli-pegasus.html
Riaz Haq said…
National Center for Cyber Security For Cyber Threats
Becoming an anonymous personality is a super easy task in the online space. All that one needs to do is hide the IP. The IP address makes it easier to trace online activities. You can find your IP address on What Is My IP. However, just because cyber threats exist, it does not mean one can prevent oneself from engaging in online activities. With proper digital hygiene along with government efforts, a country can mitigate cyber threats.

https://nation.com.pk/2022/07/07/the-role-of-national-center-for-cyber-security-in-pakistan/


In 2018, the Government of Pakistan established the National Centre for Cyber Security or NCCS. It was a joint initiative of the Planning Commission and Higher Education Commission. The body currently works in cybercrime forensics, smart devices, and network security.



New ways of committing cyber crimes are emerging with each passing year. Therefore, research and development are critical in fighting different cyber crimes. It is where the role of the National Center for Cyber Security comes in. NCCS deals with both applied and theoretical areas for fighting cybercrime.



It is known for its research on areas like Cyber Reconnaissance, Cybercrime Investigations, Blockchain Security, Digital Forensics, IoT Security, Intrusion Detection Systems, Mobile Phone Security, Internet Security and Privacy, Critical Infrastructure Security and Malware Analysis.

Cyber Security Policy Of Pakistan Is Evolving
In addition to bodies like NCCS, it is also important to have a solid cybersecurity policy. The Government of Pakistan recently approved a new cybersecurity policy to fight electronic crime. The policy will prove to be helpful for both the public and private institutions in fighting cybercrime. The policy will birth a secure cyber ecosystem in the country with the help of new governance and institutional framework. It will additionally support a computer emergency response team and a security operations centre at the institutional, sector and national level.



Further, the Government of Pakistan will work on improving general awareness of cyber security amongst the passes through public awareness campaigns, skill development and training programs.

Why Is Cyber Security Knowledge Important?
Security awareness is important in all sectors, including the domain of cyber security too. The interconnected system is essential to survive in the current digitised world. However, it comes with a risk a cyber security knowledge can mitigate. Without proper cyber security knowledge, it is easy to fall prey to online crime. The result will be that people will start losing their trust in the digital world, which can prove dangerous for any country in the digital age of digitisation.



Further, it is not enough to ensure the technology and infrastructure required to support it. Government should inform the people about the risks and help them fight it. Only through these methods can a country lay a strong foundation for further digitisation of the country.



Pakistan’s ranking on the Global CyberSecurity Index is disappointing. Therefore, the newly brought cyber security policy was a much-needed change to improve its ranking in future studies. With strong cyber security laws, Pakistan can promote easy socio-economic development. Thankfully, the Government of Pakistan is working towards it. For instance, a cyberattack on any Pakistan institution under the new policy will be considered an act of aggression against national sovereignty. The government will take all the necessary steps to punish the offender for dealing with it.

Popular posts from this blog

Pakistani Women's Growing Particpation in Workforce

Project Azm: Pakistan to Develop 5th Generation Fighter Plane

Pakistan's Saadia Zahidi Leads World Economic Forum's Gender Parity Effort