Oxford Disinfo Report: India, Pakistan Among Top Nations With "High Cyber Capacity"

Oxford University's report on global disinformation ranks India and Pakistan among top 17 "high cyber troop capacity" countries. The report defines "cyber troop capacity" in terms of numbers of people and the size of budget allocated to psychological operations or information warfare. "Cyber troop activity" as defined by the report includes social media manipulation by governments and political parties, and the various private companies and other organizations they work with to spread disinformation. Oxford report shows that India's cyber troops are "centralized" while those in Pakistan, US and UK are "decentralized". EU Disinfo Lab, an NGO that specializes in disinformation campaigns, has found that India is carrying out a massive 15-year-long disinformation campaign to hurt Pakistan. 

High Cyber Capacity Countries. Source: Oxford University Disinfo Report 2020


High Cyber Capacity: 
 

Countries ranked among "high cyber troop capacity" group by the Oxford disinformation report include:   Australia, China, Egypt, India, Iran, Iraq, Israel, Myanmar, Pakistan, Philippines, Russia, Saudi Arabia, Ukraine, United Arab Emirates, United Kingdom, United States, Venezuela, and Vietnam.   Oxford report shows that India's cyber troops are "centralized" while those in Pakistan, US and UK are "decentralized". Here's an excerpt of the report:

"High cyber troop capacity involves large numbers of staff, and large budgetary expenditure on psychological operations or information warfare. There might also be significant funds spent on research and development, as well as evidence of a multitude of techniques being used. These teams do not only operate during elections but involve full-time staff dedicated to shaping the information space. High-capacity cyber troop teams focus on foreign and domestic operations. They might also dedicate funds to state-sponsored media for overt propaganda campaigns. High-capacity teams include: Australia, China, Egypt, India, Iran, Iraq, Israel, Myanmar, Pakistan, Philippines, Russia, Saudi Arabia, Ukraine, United Arab Emirates, United Kingdom, United States, Venezuela, and Vietnam". 

Indian Chronicles: 

EU Disinfo Lab, an NGO that specializes in disinformation campaigns, has found that India is carrying out a massive 15-year-long disinformation campaign to hurt Pakistan. The key objective of the Indian campaign as reported in "Indian Chronicles" is as follows: "The creation of fake media in Brussels, Geneva and across the world and/or the repackaging and dissemination via ANI and obscure local media networks – at least in 97 countries – to multiply the repetition of online negative content about countries in conflict with India, in particular Pakistan".  After the disclosure of India's anti-Pakistan propaganda campaign, Washington-based US analyst Michael Kugelman tweeted: "The scale and duration of the EU/UN-centered Indian disinformation campaign exposed by @DisinfoEU is staggering. Imagine how the world would be reacting if this were, say, a Russian or Chinese operation".  
American Analyst Michael Kugelman's Tweet on Indian Disinformation Campaign


Firehose of Falsehood:

What Kugelman calls "Russian Operation" appears to be a reference to a US government-funded think tank RAND Corporation's report entitled "The Russian "Firehose of Falsehood" Propaganda Model". Here is an except of the RAND report:

"Russian propaganda is produced in incredibly large volumes and is broadcast or otherwise distributed via a large number of channels. This propaganda includes text, video, audio, and still imagery propagated via the Internet, social media, satellite television, and traditional radio and television broadcasting. The producers and disseminators include a substantial force of paid Internet “trolls” who also often attack or undermine views or information that runs counter to Russian themes, doing so through online chat rooms, discussion forums, and comments sections on news and other websites".

EU Disinformation Lab Report on India's Disinformation Campaign Against Pakistan

Indian Political Unity Against Pakistan:  

Former US President Barack Obama has observed that “Expressing hostility toward Pakistan was still the quickest route to national unity (in India)”.  The Indian disinformation campaign is a manifestation of Indians' political unity against Pakistan.  EU Disinfo Lab has found that Indian Chronicles is a 15-year-long campaign that started in 2005 on former Prime Minister Manmohan Singh's watch, well before Prime Minister Narendra Modi's election to India's highest office in 2014. It has grown to over 750 fake media outlets covering 119 countries. There are over 750 domain names, some in the name of dead people and others using stolen identities.  Here is an excerpt of EU Disinfo Lab's report:

"The creation of fake media in Brussels, Geneva and across the world and/or the repackaging and dissemination via ANI and obscure local media networks – at least in 97 countries – to multiply the repetition of online negative content about countries in conflict with India, in particular Pakistan". 

RAND's Recipe:  

Traditional countermeasures are ineffective against "firehose of falsehoods" propaganda techniques. As researchers Christopher Paul and Miriam Mathews of RAND put it: "Don't expect to counter the firehose of falsehood with the squirt gun of truth." They suggest:

1. Repeating the counter-information 

2. Providing an alternative story to fill in the gaps created when false "facts" are removed 

2. Forewarning people about propaganda, highlighting the ways propagandists manipulate public opinion. 

3.  Countering the effects of propaganda, rather than the propaganda itself; for example, to counter propaganda that undermines support for a cause, work to boost support for that cause rather than refuting the propaganda directly 

5. Turning off the flow by enlisting the aid of Internet service providers and social media services, and conducting electronic warfare and cyberspace operation

Summary: 

Recently released Oxford University Report entitled "Industrialized Disinformation 2020 Global Inventory of Organized Social Media Manipulation" has put both India and Pakistan among "high cyber capacity" countries. Oxford report shows that India's cyber troops are "centralized" while those in Pakistan, US and UK are "decentralized". India with its massive disinformation campaign against Pakistan appears to be following what a US think tank RAND calls "Firehose of Falsehoods". Pakistani policymakers charged with countering the Indian propaganda should read the RAND report "Firehose of Falsehoods" for its 5 specific recommendations to the US government to effectively respond to the Russian disinformation campaign. In particular they should heed its key advice: "All other things being equal, messages received in greater volume and from more sources will be more persuasive.......Don't expect to counter Russia's firehose of falsehoods with the squirt gun of truth. Instead, put raincoats on those at whom the firehose is aimed" 


Comments

Malik said…
But Pakistan, US, UK has decentralised coordination, whereas India has a centralised coordination
Riaz Haq said…
India, Pakistan among 7 nations with state actors active online for propaganda: Study
In India, cyber troop activity was found in two instances by a political party or politicians, three or more instances by a private contractor, on one instance by civil society organisation, and one by citizens and influencers.

https://indianexpress.com/article/india/india-pakistan-among-7-nations-with-state-actors-active-online-for-propaganda-study-6035217/

India figures in a small bunch of seven countries — along with China, Iran, Pakistan, Russia, Saudi Arabia, and Venezuela — where state actors use computational propaganda on Facebook and Twitter to influence global audiences, according to a comprehensive report on disinformation campaigns released by the Computational Propaganda project at Oxford on Thursday.

The report found at least seven instances of “cyber troops” in India, and private contractors came out to be the most active “cyber troops” in the country.

These troops are “government or political party actors tasked with manipulating public opinion online”, according to the report, and only Malaysia, Philippines, the UAE, and the US had as many or more instances as India. The report labelled India as “medium-capacity” for “cyber troops”. It stated, “Multiple teams ranging in size from 50-300 people. Multiple contracts and advertising expenditures valued at over 1.4M US.” Other countries in the category are Brazil, Pakistan, and the UK.

Over three years, the researchers examined 70 countries in which these operations do three things: suppress fundamental human rights, discredit political opposition, and drown out political dissent.

In India, cyber troop activity was found in two instances by a political party or politicians, three or more instances by a private contractor, on one instance by civil society organisation, and one by citizens and influencers.

In the first big crackdown on fake accounts for “inauthentic behaviour” in the run-up to Lok Sabha polls in April, Facebook removed more than 700 pages, groups and accounts from India. Those taken down include accounts associated with the Congress IT cell and Silver Touch Technologies, a company that has worked for the government and the BJP. They were taken down for attempts to deceive users of their identities, according to the company.

The report found that in India, bot-led automated manipulation as well as human-led manipulation spread propaganda for a party, attacked its political opposition, and spread polarising messaging designed to drive divisions.

In India, it found the use of disinformation and media manipulation, data-driven strategies, amplifying content by flooding hashtags, and troll armies that harass dissidents or journalists online. The only technique that the researchers did not find in India that was present in other countries was mass-reporting of content or accounts.

“The co-option of social media technologies provides authoritarian regimes with a powerful tool to shape public discussions and spread propaganda online, while simultaneously surveilling, censoring, and restricting digital public spaces,” the report says.

Of the 70 countries, 44 had campaigns conducted by government actors, such as a digital ministry or the military, and 45 had campaigns led by political parties or politicians, the report found. This is a 150-per cent increase in countries using organised social media manipulation campaigns.
This year, 70 countries saw campaigns of this kind; the corresponding figures 48 in 2018, and 28 in the year before.

The methodology involved news reporting analysis, a secondary literature review of public archives and scientific reports, drafting country case studies, and expert consultations.

On a platform-wise breakdown of the campaigns, India appeared on Facebook, WhatsApp and Twitter but not on YouTube and Instagram. Even with a growth of these activities on WhatsApp, Instagram and YouTube, the report found that Facebook still firmly remained the platform with the most manipulation activity.
Riaz Haq said…
Indian cyber-spy ‘Confucius’ targets #Pakistan, #Kashmir: #Indian hackers using #malware to target Pakistani military officials, Pak's top #nuclear regulator and #Indian election officials in #Indian Occupied Kashmir, says San Francisco-based Lookout Inc.
https://www.smh.com.au/world/asia/indian-cyber-spy-confucius-targets-pakistan-kashmir-security-report-20210211-p571q3.html

Oakland, California: A hacking group with ties to the Indian military adopted a pair of mobile surveillance tools to spy on geopolitical targets in Pakistan and Kashmir amid persistent regional tensions between the nuclear-armed neighbours, according to a report from a cyber security company.

The group is known for commandeering legitimate web services in South Asia and embedding surveillance tools or malware inside apps and services to conduct espionage. Since 2017, and as recently as December, the hackers have relied on spyware to target Pakistani military officials, the country’s top nuclear regulator and Indian election officials in the disputed state of Kashmir, according to the report released by San Francisco-based Lookout Inc on Thursday.

The campaign appears to be just the latest example of hackers targeting sensitive security targets with social engineering tactics - luring victims to download malicious files disguised as benign applications. What’s unique about attacks by the group, dubbed Confucius, is the extent to which its operators go to veil their efforts, experts say.

Using knock-off web applications disguised as Google security tools and popular regional chat and dating applications, Confucius managed to access 156 victims’ devices in a trove of data recently discovered by the research team. The files and related logs were found in unsecured servers used by the attack group, according to the report. Most of the users who recently accessed those servers were based in Northern India.

Once the attackers penetrate a device, they scrape it for data, including call logs, contacts, geolocation, images and voice notes. In some cases, the hackers took screen shots of the devices and recorded phone calls. In at least one instance, intruders got inside the device of a Pakistani Air Force service member and viewed a contact list filled with other Air Force officials, said Apurva Kumar, Lookout’s staff security intelligence engineer.

“While their technical tools and malwares might not be that advanced, the Confucius threat actor invests human time to gain trust from their targets,” said Daniel Lunghi, threat researcher at the cyber security firm, Trend Micro. “And in certain sensitive fields where people are more cautious, it might be what makes the difference.”

In two cases, researchers discovered that hackers stole the contents of WhatsApp chat conversations from 2017 and 2018 between officials at the Pakistan Nuclear Regulatory Authority, Pakistan Atomic Energy Commission and unknown third-parties. Then in April 2019, in the midst of India’s latest national election, the attackers burrowed into the device of an election official in the Pulwama region of Kashmir, where months earlier an Indian security convoy was attacked by a Pakistan-based Islamic terrorist in a deadly explosion.

Kumar said she couldn’t disclose the details of the stolen data.

Her research indicates the espionage campaign ramped up in 2018 after unknown hackers breached the commercial surveillance-ware provider, Retina-X Studios. Hornbill, one of the malware tools used by the attackers, shares code similarities with Retina-X’s Mobile Spy products. Another piece of malicious software called Sunbird, which is capable of remotely commandeering a user’s device, appears to be rooted in code for a stalkerware service called, BuzzOutLoud, based in India.
Riaz Haq said…
#US company unmasks state-sponsored Android spyware tied to #India. #Spyware targets personnel linked to #Pakistan’s #military and #nuclear authorities & #Indian election officials in Indian Occupied #Kashmir. Also Pakistani nationals in #UAE and #India. https://www.securitymagazine.com/articles/94573-lookout-unmasks-state-sponsored-android-spyware-tied-to-india-pakistan-conflict#.YCrG-roWg2o.twitter

Lookout, Inc., provider of mobile security solutions, announced the discovery of two novel Android surveillanceware, Hornbill and SunBird. The Lookout Threat Intelligence team believes these campaigns are connected to the Confucius APT, a well-known pro-India state-sponsored advanced persistent threat group. Hornbill and SunBird have sophisticated capabilities to exfiltrate SMS message content, encrypted messaging app content, geolocation, contact information, call logs, as well as file and directory listings. The surveillanceware targets personnel linked to Pakistan’s military and nuclear authorities and Indian election officials in Kashmir.

The Confucius group was previously reported to have first leveraged mobile malware in 2017 with ChatSpy[1]. However, based on this new discovery, Lookout researchers found that Confucius may have been spying on mobile users for up to a year prior to ChatSpy with SunBird. SunBird campaigns were first detected by Lookout researchers in 2017 but no longer seem to be active. The APT’s latest malware, Hornbill, is still actively in use and Lookout researchers have observed new samples as recently as December 2020.

“One characteristic of Hornbill and SunBird that stands out is their intense focus on exfiltrating a target's communications via WhatsApp,” said Apurva Kumar, Staff Security Intelligence Engineer at Lookout. “In both cases, the surveillanceware abused the Android accessibility services in a variety of ways to exfiltrate communications without the need for root access. SunBird can also record calls made through WhatsApp’s VoIP service, exfiltrate data on applications such as BlackBerry Messenger and imo, as well as execute attacker-specified commands on an infected device.”

Both Hornbill and SunBird appear to be evolved versions of commercial Android surveillance tooling. Hornbill was likely derived from the same code base as an earlier commercial surveillance product known as MobileSpy. Meanwhile, SunBird can be linked back to the Indian developers responsible for BuzzOut, an older commercial spyware tool. The Lookout researchers' theory that SunBird’s roots also lay in stalkerware is supported by content found in the exfiltrated data that they uncovered on the malware’s infrastructure in 2018. The data uncovered includes information about the stalkerware victims and campaigns targeting Pakistani nationals in their home country as well as those traveling abroad in the United Arab Emirates (UAE) and India.
Riaz Haq said…
Experts are unanimous in saying that the most important target of #Indian #cyber-#espionage & #cyberattacks by far is #Pakistan. Limited employment prospects of Indian techies have created a swarm of underground threat actors in #India| The Daily Swig
https://portswigger.net/daily-swig/indian-cyber-espionage-activity-rising-amid-growing-rivalry-with-china-pakistan


ANALYSIS India is sometimes overlooked by some in the threat intelligence community, even though the South Asian nation has advanced cyber capabilities – not least a huge pool of talent.

The country boasts a large number of engineers, programmers, and information security specialists, but not all of this tech talent was put to good use, even before the Covid-19 pandemic cast a shadow over the global economy.

Their somewhat limited employment prospects are said to have created a swarm of underground Indian threat actors eager to show off their hacking talents and make money – a resource that the Indian government might be able to tap into in order to bolster its own burgeoning cyber-espionage resources.

India is in catch-up mode for now, but has the technical resources to make rapid progress.

Who is being targeted by Indian hacking groups?
Geopolitical factors have fueled an increase in cyber threat activity both originating from and targeting India.

Experts quizzed by The Daily Swig were unanimous in saying that the most important target of Indian cyber-espionage by far is Pakistan – a reflection of the decades-long struggle over the disputed region of Kashmir.

China, India’s neighbour and an ally of Pakistan, is also a top target of state-sponsored Indian cyber-espionage.

Paul Prudhomme, head of threat intelligence advisory at IntSights, told The Daily Swig: “Indian cyber-espionage differs from that of other top state-sponsored threats, such as those of Russia and China, in the less ambitious geographic scope of their attacks.”


Other common targets of Indian hacking activity include other nations of the South Asian subcontinent, such as Bangladesh, Sri Lanka, and Nepal. Indian espionage groups may sometimes expand their horizons further to occasional targets in Southeast Asia or the Middle East.

Indian cyber-espionage groups typically seek information on Pakistan’s government, military, and other organizations to inform and improve its own national security posture.

But this is far from the only game in town.

For example, one Indian threat group called ‘Dark Basin’ has allegedly targeted advocacy groups, senior politicians, government officials, CEOs, journalists, and human rights activists across six continents over the last seven years.

India is currently considered to have a less mature cyber warfare armoury and capability than the ‘Big Six’ – China, North Korea, Russia, Israel, the UK, and US – but this may change over time since its capability is growing.

Chris Sedgwick, director of security operations at Talion, the managed security service spinoff of what used to be BAE System’s intelligence division, commented:

The sophistication of the various Indian cyber threat actors do not appear to be in the same league as China or Russia, and rather than having the ability to call on a cache of 0-day exploits to utilise, they have been known to use less sophisticated – but still fairly effective – techniques such as decoy documents containing weaponised macros.

Riaz Haq said…
#India Suspects #China May Be Behind Major #Mumbai Blackout. Officials are investigating whether #cyberattacks from China could have caused the #power outage, an assertion that China rejects. #Modi #Ladakh https://www.wsj.com/articles/india-suspects-china-may-be-behind-major-mumbai-blackout-11614615383

Indian officials are investigating whether cyberattacks from China could have been behind a blackout in Mumbai last year.

State officials in Maharashtra, of which Mumbai is the capital, said Monday that an initial investigation by its cyber department found evidence that China could have been behind a power outage that left millions without power in October.

It was the worst blackout in decades in India’s financial capital, stopping trains and prompting hospitals to switch to diesel powered generators. The megacity has long prided itself on being one of the few cities in India with uninterrupted power supply even as most of the country struggles with regular blackouts.

Anil Deshmukh, home minister of the state, said officials were investigating a possible connection between the blackout and a surge in cyberattacks on the servers of the state power utilities. He wouldn’t single out China, but said investigators had found evidence of more than a dozen Trojan horse attacks as well as suspicious data transfers into the servers of state power companies.

“There were attempts to login to our servers from foreign land,” said Mr. Deshmukh. “We will investigate further.”

Another state official said 8GB of unaccounted for data slipped into power company servers from China and four other countries between June and October. The official cited thousands of attempts by blacklisted IP addresses to access the servers.

State-sponsored hackers increasingly target critical infrastructure such as power grids instead of specific institutions, said Amit Dubey, a cybersecurity expert at Root64 Foundation, which conducts cybercrime investigations.

“Anything and everything is dependent on power,” Mr. Dubey said. Targeting power supply, he said, can “take down hundreds of plants or day-to-day services like trains.”

Mr. Dubey said many countries such as China, Russia and Iran are deploying state-sponsored hackers to target the power grids of other nations. Russian hackers succeeded in turning off the power in many parts of Ukraine’s capital a few years ago, he said, and have also attacked critical infrastructure in the U.S. in recent years.

India’s announcement came after U.S. cybersecurity firm Recorded Future on Sunday published a report outlining what it said were attacks from close to a China-linked group it identified as RedEcho. It cited a surge in attacks targeting India’s power infrastructure.

The report said the attacks could have been a reaction to the jump in border tension between the two countries. During a military skirmish in June, India said 20 Indian soldiers were killed and China said four Chinese soldiers were killed when soldiers fought with rocks, batons and clubs wrapped in barbed wire.

In response to the Recorded Future report, which was earlier reported by the New York Times, China said it doesn’t support cyberattacks.

“It is highly irresponsible to accuse a particular party when there is no sufficient evidence around,” Wang Wenbin, spokesman for China’s Ministry of Foreign Affairs said in a briefing Monday. “China is firmly opposed to such irresponsible and ill-intentioned practice.

Recorded Future said it couldn’t directly connect the attacks to the Mumbai blackout because it doesn’t have access to any hardware that might have been infected.

India’s Ministry of Power said it has dealt with the threats outlined in the Recorded Future report by strengthening its firewall, blocking IP addresses and using antivirus software to scan and clean its systems software.

Popular posts from this blog

Declining COVID19 Reproduction Rate in Pakistan Now Among the World's Lowest

Turkish-Born Muslim Scientists Behind Pfizer's Successful COVID19 Vaccine

Karachi-born NED University Alum Leads Mercedes Entry into Electric Vehicles Market