Modi Government Planted Spyware in Pakistani Prime Minister Imran Khan's Smartphone

Pakistani Prime Minister Imran Khan has been the target of the Modi government's cyber attacks, according to a recently released Project Pegasus report.  The Indian government has neither confirmed nor denied the report.  The focus of the report is the use of the Israeli-made spyware by about  a dozen governments to target politicians, journalists and activists. The users of the Pegasus software include governments of  Bahrain, Morocco, Saudi Arabia, India, Mexico, Hungary, Azerbaijan, Togo and Rwanda.    

This is not the first time that Pakistan has figured prominently as India's favorite target for cyber hacks. Last year, a report in The Sunday Guardian of India said: "Mobile phones of around 30 Pakistani government servants, who include serving army generals, officials attached with the ISI and senior bureaucrats, were hacked into by using Pegasus spying software during April and May 2019". 

In addition to the use of spyware, the Indian government has been engaged in a massive, long-running disinformation campaign targeting Pakistan. EU Disinfo Lab, an NGO that specializes in disinformation campaigns, has found that India is carrying out a massive 15-year-long disinformation campaign to hurt Pakistan. The key objective of the Indian campaign as reported in "Indian Chronicles" is as follows: "The creation of fake media in Brussels, Geneva and across the world and/or the repackaging and dissemination via ANI and obscure local media networks – at least in 97 countries – to multiply the repetition of online negative content about countries in conflict with India, in particular Pakistan".  After the disclosure of India's anti-Pakistan propaganda campaign, Washington-based US analyst Michael Kugelman tweeted: "The scale and duration of the EU/UN-centered Indian disinformation campaign exposed by @DisinfoEU is staggering. Imagine how the world would be reacting if this were, say, a Russian or Chinese operation".  

Pegasus Spyware Explained. Source: The Guardian 


Pegasus is spying software made by NSO Group, an Israeli company whose exports are regulated and controlled by the Israeli government. It uses several different messaging apps to plant itself in mobile phones. Last year, Apple issued a warning to its customers of a "zero-click" version of the Pegasus software. It does not require the phone user to click on any links or messages for the spyware to take control of the device. Once installed, it can read and export any information or extract any file from SMS messages, address books, call history, calendars, emails and internet browsing histories.   

The Israeli spyware will likely inspire other software developers elsewhere to copy and improve it, contributing to a proliferation of such hacking and spying tools around the world. The governments and officials who use it to target others will eventually become targets themselves, unless the nations of the world agree to some norms of internationally accepted cyber behavior. It's high time to think about it. 


Comments

Riaz Haq said…
Secured messaging app being developed for govt officials: #Pakistan #IT minister. 'Beep Pakistan’ app is undergoing in-house trial, will be launched within few months. It will be mandatory to use the app for official purpose. #Pegasus #ImranKhan #Spyware https://www.thenews.com.pk/latest/866845-secured-messaging-app-developed-for-govt-officials-aminul-haq


Federal Minister for Information Technology and Telecommunications Syed Aminul Haq on Tuesday said that his ministry has developed "a secured and seamless" messaging app for the government officials.

In a statement Tuesday, Aminul Haq said that his ministry has developed a digital messaging app named 'Beep Pakistan' for a secured official communication in the country.

He maintained that the app will initially provide a secured chat and audio call facilities, adding that video call facility will also be available on the app soon.

The minister said that the app is aimed at providing government officials a safe communication platform.

According to the Ministry of IT and Telecom, ‘Beep Pakistan’ app was undergoing in-house trial, adding that the app will be launched within few months. It will be mandatory for all the government employees to use the app for official purpose.

It is pertinent to mention here that India had targeted a phone which was earlier in Prime Minister Imran Khan's use through an Israeli firm's malware, a global investigation had revealed, igniting fears of widespread privacy and rights abuses.


As reported by an independent Israeli publication Haaretz, several Pakistani officials, Kashmiri freedom fighters, Indian Congress leader Rahul Gandhi, and even an Indian supreme court judge had been targeted, the publication said.

Sources had informed Geo News that India tried to tap the Federal Cabinet members' calls and messages through the spyware, prompting Pakistan to develop new software for its federal ministers.

Following the development, a high-level meeting of the civil and military leadership had been called which would decide a future course of action against India's spying attempt.



Riaz Haq said…
#Indian ex Chief Justice Rajan Gogoi was facing #sexual #harassment charges while #Modi govt was using #PegasusSpyware to spy on him. Modi's pressure on #Gogoi got favorable verdicts on #Ayodhya, #Rafale corruption cases pending in #India's Supreme Court. https://www.thequint.com/voices/opinion/can-indias-supreme-court-ride-out-the-pegasus-scandal-after-reports-on-surveillance-of-complainant-in-sexual-harassment-case-former-cji-ranjan-gogoi


By SANJOY GHOSE

Bhanwari’s tears ensured that the cry of India’s women for a safe workplace reverberated in India’s highest Court. The Court did not disappoint and its landmark guidelines on addressing sexual harassment at the workplace laid down in Vishakha’s Case ensured that an issue, hitherto brushed under the carpet, was mainstreamed into India’s public life.
The Court had exercised its inherent powers under Article 142 of the Constitution of India to lay down “guidelines” to fill in the legislative void, clarifying that these norms would give way to the law which Parliament would frame in future.
Until Parliament got around to doing so by enactment of the Sexual Harassment of Women at Workplace (Prevention, Prohibition and Redressal) Act, 2013 (2013 Act), several institutions, public and private, modified their internal norms to institutionalise “sexual harassment” as a “misconduct”.
While like many of the rushed legislation in the dying days of the UPA Regime—the law on unorganised workers, on street vendors and the right to food, to name a few—the 2013 Act leaves much to be desired and suffers from glaring inconsistencies.
.....
------------

Questions to be Asked About Sexual Harassment Case After Pegasus Leaks
It is in this backdrop that the Pegasus revelations are jaw dropping. In the galaxy of celebrity journalists, businessmen and politicians, what sticks out as a sore thumb are the 11 phone numbers belonging to the complainant and her family members. Some unknown force, as the government has denied any involvement, has spent about Rs 1.5 crore per phone on 11 phones to spy on the accuser of the CJI and her near and dear ones!
Many questions arise.
What was the motive behind expending such a large sum of money to spy on a clerical employee and her family? Was the motive to seek out information which would embarrass the CJI or make him vulnerable to blackmail or dictation? Was the motive to pressurize the complainant or make her vulnerable to settlement or surrender or compromise?
Who are behind this surveillance? Are the actors State or Non-State?
Who were aware of this surveillance? Was the CJI at any time aware of this, was it undertaken with his direct or tacit approval? What would have been his reaction to such an action? If indeed he was, or at any stage became aware, why has he himself not brought this into the public domain?
Has Justice Pattanaik in his report been able to get a whiff of this mischief?
In every possible scenario, this act of snooping has impacted upon the “independence of the judiciary” and is indisputably a matter of “great public importance”.
The fact that a complainant of sexual impropriety by the sitting CJI was so extensively snooped especially when he was in the process of deciding several sensitive cases having larger political ramifications, in normal times, would have provoked an outrage of Tsunamic proportions. The reactions predictably are muted. The Bar has hardly reacted. There is no concerted call for investigation and accountability!

In the light of the Pegasus scandal, would the Supreme Court make public the Pattanaik Committee Report or the Bobde Committee Report which exonerated Shri Gogoi of sexual harassment allegations, albeit with suitable redactions to protect the privacy of the complainant?
Riaz Haq said…
Hours after his sudden firing by #Modi & #Shah, #India's Central Bureau of Investigation (#CBI) Chief Alok Verma, his family and 2 other senior CBI officials were targeted for surveillance with #Pegasus #spyware made by #Israel's #NSOGroup https://thewire.in/government/pegasus-project-chronology-samajhiye-hours-after-midnight-coup-cbi-chiefs-phones-entered-surveillance-zone via @thewire_in

The midnight coup in the CBI came barely two days after Verma ordered the filing of a criminal case against Asthana, then special director in the Bureau, accusing him of corruption.

Given Asthana’s proximity to Modi, the case, registered on October 21, 2018 – which ironically depended on (lawful) phone intercepts and apparently yielded a lot of sensitive material – sent alarm bells ringing at the highest levels of the government. Two days later, Asthana filed a complaint against Verma with the Central Vigilance Commission.



----------

‘Chronology Samajhiye’: Hours After Midnight Coup, CBI Chief Alok Verma Entered Surveillance Zone
Leaked list contains numbers of Alok Verma and family, and of Rakesh Asthana, against whom the CBI had filed a case, triggering alarm bells at the highest levels of Modi government

Hours after Prime Minister Narendra Modi acted to oust Alok Verma from his post as head of the Central Bureau of Investigation at midnight on October 23, 2018, an unidentified Indian agency known to be a user of Pegasus spyware made a note of three telephone numbers registered in his name.

For India’s top law enforcement official, this was a remarkable reversal of fortune.

Until his peremptory termination despite having three months of tenure to go, Verma had enjoyed the authority to order the surveillance of suspects – under norms prescribed by law.

But unknown to him at the time, the blow the Modi government delivered that night was accompanied by a second sucker punch: someone with the keys to India’s hush-hush spyware deployment system received authorisation to add Verma’s numbers to an extensive list of persons of interest selected for surveillance, The Wire has established.

The Wire investigated several hundred India numbers from a leaked database comprising 50,000 numbers believed to be linked to potential targets of Pegasus. Forbidden Stories, a French media non-profit, accessed and shared the database with a consortium of 15 other international media partners.

Along with Verma, the personal telephone numbers of his wife, daughter and son-in-law would eventually get placed on the list too, making it a total of 8 numbers from this one family.

Also added to the list of numbers at the same time as Verma were two other senior CBI officials, Rakesh Asthana and A.K. Sharma.

Both men were added on to the database about an hour after their former boss. Asthana was also removed from the CBI on the night of October 23, 2018; he is currently head of the Border Security Force (BSF). Sharma was divested that night of the crucial charge he held – head of the policy division – but remained in the CBI till January 2019, when he was transferred out. He retired from government earlier this year.

The numbers of Asthana, Sharma, Verma and his family members figure in the leaked database for a short period. By the second week of February, 2019, by which time Verma had finally retired from government service, this entire cluster of persons ceased being of interest to the government agency which had added them to the list.

NSO insists the leaked database has nothing to do with the company or with Pegasus. Verma was unwilling to participate in this story, so forensics on the telephones linked to him – the only way of conclusively establishing whether they were targeted or infected with Pegasus – could not be carried out.
Riaz Haq said…
#Pakistan seeks #UN probe of #India's use of #Pegasus spyware, made & licensed by #Israeli company #NSO. It's been used in attempted and successful hacks of 37 smartphones belonging to #ImranKhan, #Indian journos, govt officials & human rights activists. https://reut.rs/3zrsyaF

Pakistan called on the United Nations on Friday to investigate whether India used Israeli-made Pegasus spyware to spy on public figures including Prime Minister Imran Khan.

The Pakistani leader’s phone number was on a list of what an investigation by a group of 17 international media organisations and Amnesty International said were potential surveillance targets for countries that bought the spyware.

Pakistan’s foreign office issued a statement accusing India of “state-sponsored, continuing and widespread surveillance and spying operations in clear breach of global norms of responsible state behaviour.”

“In view of the gravity of these reports, we call on the relevant UN bodies to thoroughly investigate the matter, bring the facts to light, and hold the Indian perpetrators to account,” it said.

India’s foreign ministry did not immediately respond to a request for comment on the statement.

The Indian government has already faced calls by domestic political opponents to investigate allegations of spying on officials including the main opposition leader, Rahul Gandhi.

Delhi has not responded to the allegations.

The investigation published by the media organisations on Sunday said spyware made and licensed by Israeli company NSO had been used in attempted and successful hacks of 37 smartphones belonging to journalists, government officials and human rights activists.

NSO has said its product was intended only for use by vetted government intelligence and law enforcement agencies to fight terrorism and crime.


Arch-rivals and neighbours, Pakistan and India have fought two of their three wars over the disputed Himalayan region of Kashmir, which both claim in full.

The statement by Pakistan’s foreign office said Delhi had long been using such tactics in Indian-administered Kashmir, an accusation to which India did not immediately respond.

“We are closely following these revelations and will bring the Indian abuses to the attention of appropriate global platforms,” the statement said.
Riaz Haq said…
Netflix's Playbook for Tyrants Has a Real-World Mimic in #India. In fact, modern India has one advantage the Netflix six did not. I’m speaking of #spyware technology of the winged-horse variety. #Modi #Pegasus #BJP #hindutvaterror https://thewire.in/politics/netflix-how-to-become-a-tryant via @thewire_in

by Karan Thapar

I don’t watch many Netflix programmes but a series recommended by my cousin Mala Singh has struck me like a bolt of lightning. Called How to Become a Tyrant, it presents what it calls “a playbook for absolute power”. Much of it is tongue-in-cheek, yet it’s based on the actual tactics and strategies used by Adolf Hitler, Josef Stalin, Mao Zedong, Muammar Gaddafi, Kim Il-sung, Idi Amin and Saddam Hussein. So if you take it seriously, it tells you what you must do if you aspire to be India’s tanashah. And the remarkable thing is it feels uncannily like the country we’re living in and the politics we’re subjected to. Read on and see if you agree.

First, if you want to be a dictator, you need to be a particular type of person. For a start, you must be or, at least, present yourself as, one of the people. Hitler was a corporal, Mussolini the son of a blacksmith. As the commentary puts it: “A man who shares your dreams can fulfil them.” So a chaiwala will do very nicely.

The would-be dictator must also believe in himself. The series claims “a megalomaniacal belief in your abilities convinces others of them”. So whether it’s the mystical power of taalis and thalis or the claim a single act of demonetisation can eliminate corruption, if you are convinced of it then you can be sure an awful lot of others will also agree.

However, our putative dictator needs one further character quality: the gift of speech or, actually, the more important capacity to attract attention. Hitler’s pencil-brush moustache was his defining feature. It was unmistakably him. But a flowing white beard might do as well. Hitler, we’re told, was a natural-born adman. The Swastika, it’s claimed, was the most striking symbol ever created. If that’s true, the performance we first saw at Madison Square Gardens and the penchant for clever alliteration, acronyms and rhymes is clearly an enormous asset.

Now, if these are the qualities that can define a potential tyrant, there are a few others he needs to attract a firm and loyal following. First, the promise that he can create a better world for everyone. It’s not necessary to succeed – few tyrants have – but the promise must remain evergreen and the belief you’re steadily getting closer to delivery must be unquestioned. After all, you won’t become a tyrant if you’re associated with ‘burre din’.

But this promise on its own is not enough. Our tyrant-in-the-making must also be seen as the only man who can fulfil it. He must, therefore, be acknowledged not just as the fount of all wisdom but also the fount of all virtue. So he needs to whip up a cult of personality. With the right number of bhakts, that’s quite easily done.

In normal times this should be enough to corral the flock behind the shepherd but, sometimes, even sheep can go astray. So it’s a good idea to create an enemy to keep them in line. Hitler found one in the Jews, Idi Amin in Ugandan-Asians and Gaddafi in Italian-Libyans. Our minorities could neatly fit this purpose. The Muslims, for example, at 14% of the population, are large enough to be falsely painted as a threat yet small enough to be easily kept in their place.


Every now and then, an external enemy also helps. Saddam Hussein chose Iran, Kim Il-sung South Korea, Hitler France and Germany, and Stalin most of the rest of the world. Little Pakistan next door would be perfect for us. The problem is the support it gets from China. If the enemy you choose is stronger than you, things could unravel pretty quickly. Still, if you can strike at Balakot and the only price you pay is a MiG-21, the audience at home will keep smiling.

Finally, tyrants need to be prepared for the worst.
Riaz Haq said…
#Disinformation Industry is Booming. Abhay Aggarwal, head of #Toronto-based CEO of #disinfo company "Press Monitor", says that his company’s services are used by the #Indian government. Disinfo campaigns have recently been found promoting #BJP #Modi https://www.nytimes.com/2021/07/25/world/europe/disinformation-social-media.html

Private firms, straddling traditional marketing and the shadow world of geopolitical influence operations, are selling services once conducted principally by intelligence agencies.

They sow discord, meddle in elections, seed false narratives and push viral conspiracies, mostly on social media. And they offer clients something precious: deniability.

“Disinfo-for-hire actors being employed by government or government-adjacent actors is growing and serious,” said Graham Brookie, director of the Atlantic Council’s Digital Forensic Research Lab, calling it “a boom industry.”

Similar campaigns have been recently found promoting India’s ruling party, Egyptian foreign policy aims and political figures in Bolivia and Venezuela.

Mr. Brookie’s organization tracked one operating amid a mayoral race in Serra, a small city in Brazil. An ideologically promiscuous Ukrainian firm boosted several competing political parties.

In India, dozens of government-run Twitter accounts have shared posts from India Vs Disinformation, a website and set of social media feeds that purport to fact-check news stories on India.

India Vs Disinformation is, in reality, the product of a Canadian communications firm called Press Monitor.

Nearly all the posts seek to discredit or muddy reports unfavorable to Prime Minister Narendra Modi’s government, including on the country’s severe Covid-19 toll. An associated site promotes pro-Modi narratives under the guise of news articles.

A Digital Forensic Research Lab report investigating the network called it “an important case study” in the rise of “disinformation campaigns in democracies.”

A representative of Press Monitor, who would identify himself only as Abhay, called the report completely false.

He specified only that it incorrectly identified his firm as Canada-based. Asked why the company lists a Toronto address, a Canadian tax registration and identifies as “part of Toronto’s thriving tech ecosystem,” or why he had been reached on a Toronto phone number, he said that he had business in many countries. He did not respond to an email asking for clarification.

A LinkedIn profile for Abhay Aggarwal identifies him as the Toronto-based chief executive of Press Monitor and says that the company’s services are used by the Indian government.
A set of pro-Beijing operations hint at the field’s capacity for rapid evolution.

Since 2019, Graphika, a digital research firm, has tracked a network it nicknamed “Spamouflage” for its early reliance on spamming social platforms with content echoing Beijing’s line on geopolitical issues. Most posts received little or no engagement.

In recent months, however, the network has developed hundreds of accounts with elaborate personas. Each has its own profile and posting history that can seem authentic. They appeared to come from many different countries and walks of life.

Graphika traced the accounts back to a Bangladeshi content farm that created them in bulk and probably sold them to a third party.

The network pushes strident criticism of Hong Kong democracy activists and American foreign policy. By coordinating without seeming to, it created an appearance of organic shifts in public opinion — and often won attention.

The accounts were amplified by a major media network in Panama, prominent politicians in Pakistan and Chile, Chinese-language YouTube pages, the left-wing British commentator George Galloway and a number of Chinese diplomatic accounts.

A separate pro-Beijing network, uncovered by a Taiwanese investigative outlet called The Reporter, operated hundreds of Chinese-language websites and social media accounts.


Riaz Haq said…
The Pegasus #spyware revelations cast doubt on the health of #Indian #democracy under #Modi. The inclusion of prominent critics on a list of hacking targets embarrasses the government. #BJP #Hindutva #Fascist https://www.economist.com/asia/2021/07/31/the-pegasus-revelations-cast-doubt-on-the-health-of-indian-democracy



In ancient Hindu lore a winged horse emerges from the milky churn of primeval oceans to become the trusted mount of Indra, king of the heavens. A later tradition says it was instead Mahabali, lord of the demons, who rode the fabulous stallion. Both versions picture a creature strikingly like Pegasus, the flying horse of Greek myth, except that the Indian model is fancier. It sports not one but seven heads.

Contemporary India’s most powerful men could have used those extra heads. Relying on Pegasus—not the mythical horse but a very modern brand of electronic spyware—they seem to have ridden recklessly into danger. A global investigation by a clutch of newspapers and ngos, triggered by the leak of some 50,000 phone numbers in ten countries, casts the government of Narendra Modi in an ugly light as a presumed client of Pegasus’s Israeli creator, the nso Group.

Riaz Haq said…
#Twitter locks account of #India's largest opposition party. Rohan Gupta, the head of #socialmedia for #Congress, alleged that Twitter had taken the step at the direction of the ruling #BJP. #Modi #Hindutva #Islamophobia_in_india https://tcrn.ch/3iBzY5E via @techcrunch

Indian National Congress wrote about the Twitter episode on Facebook Thursday.

“When our leaders were put in jails, we were not scared then why would we be afraid of closing our Twitter accounts now. We are Congress, this is the message of the people, we will fight, we will keep fighting. If it is a crime to raise our voice to get justice for the rape victim girl, then we will do this crime a hundred times. Jai Hind… Satyamev Jayate,” it said.

Rohan Gupta, the head of social media for Congress, alleged that Twitter had taken the step at the direction of the ruling Bharatiya Janata Party, adding that the firm had also suspended profiles of several of the party’s senior leaders.

In a statement, a Twitter spokesperson said the company’s rules are enforced judiciously and impartially for everyone on their service.

“We have taken proactive action on several hundred Tweets that posted an image that violated our Rules, and may continue to do so in line with our range of enforcement options. Certain types of private information carry higher risks than others, and our aim is always to protect individuals’ privacy and safety. We strongly encourage everyone on the service to familiarise themselves with the Twitter Rules and report anything they believe is in violation,” the spokesperson added.

The locking of the Indian National Congress’ account has prompted some new criticism for the American firm. “We strongly condemn the blocking of the accounts of the Indian National Congress and senior leaders of the Congress party,” tweeted Derek O’ Brien, from the All India Trinamool Congress party.

Riaz Haq said…
A small #US #software maker accuses #China’s #Huawei in a lawsuit of forcing it to build a ‘back door’ into a sensitive surveillance project in #Pakistan . Huawei denies the claim.


https://www.wsj.com/articles/huawei-accused-in-suit-of-installing-data-back-door-in-pakistan-project-11628947988?st=fdedtsl17enzx5z&reflink=article_email_share


Huawei is a leader in safe-cities projects—citywide surveillance systems marketed to governments as crime-fighting tools that often make use of facial-recognition cameras and other high-tech capabilities. The projects have drawn scrutiny from some governments and rights groups, who say they are used to export China’s surveillance practices. Huawei says its projects improve public safety and says it has built safe-cities systems in hundreds of cities around the world.

Pakistan has signed more agreements for Huawei safe-city projects than any other country, according to research by the Center for Strategic and International Studies.

BES’s lawsuit says that Huawei’s alleged back door was located in a database that consolidated sensitive information—including national ID card records, foreigner registrations, tax records and criminal records—for law enforcement. The system is called the Data Exchange System, or DES, according to the lawsuit.

BES says in the suit that after it installed the DES in Lahore, Huawei demanded in 2017 that it install a duplicate DES in the eastern Chinese city of Suzhou that would give Huawei direct access to the data being gathered in Pakistan.

Before building the Suzhou system, BES says in the suit it asked Huawei to obtain approval from Pakistani authorities.

“We want to insure that PPIC3 has no objection in transfer of this technology outside of PPIC3 for security reasons,” Mr. Nawaz wrote in an email to Huawei officials attached to the lawsuit. “Please get an approval from PPIC3, in writing, prior to us performing this function.”

PPIC3 is the acronym for the Pakistani command center that oversees the Lahore project.

According to the lawsuit, Huawei initially said it wasn’t necessary to get approval for what it called a test and threatened to withhold payments and terminate its agreements with BES if the contractor didn’t build the system.

Later, the lawsuit says, Huawei told BES it had indeed received Pakistani approval, and BES went ahead with the installation in Suzhou.

Mr. Nawaz said in an interview that Huawei refused to show evidence of Pakistani approval and that BES installed the alleged back door under duress. The lawsuit alleges that “Huawei-China uses the proprietary DES system as a back door from China into Lahore to gain access, manipulate, and extract sensitive data important to Pakistan’s national security.”


Adrian Nish, the London-based head of threat intelligence at BAE Systems Applied Intelligence, a unit of BAE Systems PLC, said it isn’t uncommon for a vendor to build a duplicate version of a system in-house for testing while it is under development, but such duplicates shouldn’t be connected to the actual system.

“Those two systems should not talk to each other,” he said.


Riaz Haq said…
How the NSA bugged Cisco's routers

https://www.infoworld.com/article/2608141/snowden--the-nsa-planted-backdoors-in-cisco-products.html

Much has been made of industrial espionage by China, and the U.S. government has repeatedly warned businesses not to trust technologies purchased from that country. Maybe the Chinese and other governments are the ones that should be issuing warnings.

"The NSA routinely receives -- or intercepts -- routers, servers, and other computer network devices being exported from the U.S. before they are delivered to the international customers," Greenwald writes. "The agency then implants backdoor surveillance tools, repackages the devices with a factory seal, and sends them on. The NSA thus gains access to entire networks and all their users."

Routers, switches, and servers made by Cisco are booby-trapped with surveillance equipment that intercepts traffic handled by those devices and copies it to the NSA's network, the book states. Greenwald notes that there is no evidence that Cisco or other companies were aware of the program.

"We've stated previously that Cisco does not work with any government to weaken our products for exploitation," a Cisco spokesman told the Wall Street Journal. "We would, of course, be deeply concerned with anything that could damage the integrity of our products or our customers' networks."

Apart from any concerns you might have about privacy, this kind of publicity is very bad for U.S. business. Why would you buy a product that handles sensitive corporate or government data if you thought the device was bugged?
Riaz Haq said…
Close the N.S.A.’s Back Doors

https://www.nytimes.com/2013/09/22/opinion/sunday/close-the-nsas-back-doors.html

In 2006, a federal agency, the National Institute of Standards and Technology, helped build an international encryption system to help countries and industries fend off computer hacking and theft. Unbeknown to the many users of the system, a different government arm, the National Security Agency, secretly inserted a “back door” into the system that allowed federal spies to crack open any data that was encoded using its technology.

Documents leaked by Edward Snowden, the former N.S.A. contractor, make clear that the agency has never met an encryption system that it has not tried to penetrate. And it frequently tries to take the easy way out. Because modern cryptography can be so hard to break, even using the brute force of the agency’s powerful supercomputers, the agency prefers to collaborate with big software companies and cipher authors, getting hidden access built right into their systems.

The New York Times, The Guardian and ProPublica recently reported that the agency now has access to the codes that protect commerce and banking systems, trade secrets and medical records, and everyone’s e-mail and Internet chat messages, including virtual private networks. In some cases, the agency pressured companies to give it access; as The Guardian reported earlier this year, Microsoft provided access to Hotmail, Outlook.com, SkyDrive and Skype. According to some of the Snowden documents given to Der Spiegel, the N.S.A. also has access to the encryption protecting data on iPhones, Android and BlackBerry phones.

These back doors and special access routes are a terrible idea, another example of the intelligence community’s overreach. Companies and individuals are increasingly putting their most confidential data on cloud storage services, and need to rely on assurances their data will be secure. Knowing that encryption has been deliberately weakened will undermine confidence in these systems and interfere with commerce.

The back doors also strip away the expectations of privacy that individuals, businesses and governments have in ordinary communications. If back doors are built into systems by the N.S.A., who is to say that other countries’ spy agencies — or hackers, pirates and terrorists — won’t discover and exploit them?

The government can get a warrant and break into the communications or data of any individual or company suspected of breaking the law. But crippling everyone’s ability to use encryption is going too far, just as the N.S.A. has exceeded its boundaries in collecting everyone’s phone records rather than limiting its focus to actual suspects.

Representative Rush Holt, Democrat of New Jersey, has introduced a bill that would, among other provisions, bar the government from requiring software makers to insert built-in ways to bypass encryption. It deserves full Congressional support. In the meantime, several Internet companies, including Google and Facebook, are building encryption systems that will be much more difficult for the N.S.A. to penetrate, forced to assure their customers that they are not a secret partner with the dark side of their own government.
Riaz Haq said…
NSA’s Own Hardware Backdoors May Still Be a “Problem from Hell”
Revelations that the NSA has compromised hardware for surveillance highlights the vulnerability of computer systems to such attacks.

https://www.technologyreview.com/2013/10/08/176195/nsas-own-hardware-backdoors-may-still-be-a-problem-from-hell/

In 2011, General Michael Hayden, who had earlier been director of both the National Security Agency and the Central Intelligence Agency, described the idea of computer hardware with hidden “backdoors” planted by an enemy as “the problem from hell.” ...

That revelation particularly concerned security experts because Hayden’s assessment is widely held to be true. Compromised hardware is difficult, and often impossible, to detect. Hardware can do things such as access data in ways invisible to the software on a computer, even security software. The possibility that computer hardware in use around the world might be littered with NSA backdoors raises the prospect that other nations’ agencies are doing the same thing, or that groups other than the NSA might find and exploit the NSA’s backdoors. Critics of the NSA say the untraceable nature of hardware flaws, and the potential for building them into many systems, also increases the risk that intelligence agencies that place them will be tempted to exceed legal restrictions on surveillance.

“Hardware is like a public good because everybody has to rely on it,” says Simha Sethumadhavan, an associate professor at Columbia University who researches ways to detect backdoors in computer chips. “If hardware is compromised in some way, you lose security in a very fundamental way.”

----
The Times report says, however, that the NSA inserted backdoors into some encryption chips that businesses and governments use to secure their data, and that the agency worked with an unnamed U.S. manufacturer to add backdoors to computer hardware about to be shipped to an overseas target.

“There has always been a lot of speculation and hinting about hardware being backdoored,” says Steve Weis, CTO and cofounder of PrivateCore, a startup whose software for cloud servers can offer protection against some kinds of malicious hardware. “This builds the case for that being right.” Weis believes that many companies in the U.S. and elsewhere will now think again about where their hardware comes from, and who has access to it. But scoping out potential problems is not straightforward for many companies, which now put data, software, and hardware in third-party locations to be run by cloud-hosting providers.

PrivateCore’s software for servers powering cloud services offers some protection against malicious hardware by encrypting data in a system’s RAM, or short-term memory. Data there is not usually encrypted, making RAM a good place for bad hardware attached to a system to covertly copy data and send it back to an attacker.

Weis says that in internal tests his technology defeated hardware attached to a server that attempted to copy data and send it out over the Internet, and that these results have been validated by rigorous tests commissioned from an outside security firm. However, the protection has its limits. “The one component we trust is an Intel processor,” says Weis. “We can’t really get around that today.”

Compromised chips are the most covert of backdoors, says Columbia’s Sethumadhavan. There is essentially no way for the buyer of a completed chip to check that it doesn’t have a backdoor, he says, and there are a multitude of ways that a design can be compromised.

“Making a chip is a global process with hundreds of steps and many different companies involved,” says Sethumadhavan. “Each and every step in the process can be compromised.”

Chipmakers usually buy third-party IP blocks to integrate into a final design. Slipping extra circuits into one of those outside designs would be the easiest way to backdoor a chip, says Sethumadhavan, because tools don’t exist to screen for them.
Riaz Haq said…
Big #Tech Thought It Had A Billion Users In The Bag. Long viewed as the world’s biggest market for “the next billion users,” #India is fast becoming #SiliconValley’s biggest headache under #Modi's #Hindutva rule. #BJP #SocialMedia https://www.buzzfeednews.com/article/pranavdixit/big-tech-thought-it-had-a-billion-users-in-the-bag-now-its via @PranavDixit

When he tweeted a screenshot of the email to his more than 200,000 followers, he wrote “Hail the Modi government!” in Hindi, and almost immediately, the Indian internet exploded. The move to silence him was seen by many as yet another step by India’s increasingly authoritarian government to clamp down on dissent.

For months, the country’s ruling Bharatiya Janata Party, led by Modi, a nationalist autocrat accused of reshaping India’s secular ethos into a Hindu state, had been hard at work trying to quell an upswell of criticism on social media after a deadly second wave of the pandemic killed thousands and protests from millions of farmers against new agricultural laws rocked the nation. But it wasn’t until the last week of May that things came to a head.

From May 26, India’s government armed itself with policies that empowered it to crack down on virtually all major digital platforms  —  social media companies like Twitter, Facebook, YouTube, and Instagram, messaging apps like WhatsApp, streaming services like Netflix and Amazon Prime, and news websites.

Among the new rules, which were first proposed in February, was one that requires social media platforms and streaming services to hire additional staff to address “grievances” filed by Indians offended by certain content and to employ full-time officers to liaise with law enforcement agencies around the clock. Others required news websites to submit monthly compliance reports and to agree to moderate or remove stories, podcasts, and videos flagged by a government committee. Another mandates that in certain circumstances messaging apps like WhatsApp must allow the government to track who texted whom, effectively breaking encryption.

The immediate consequences for not complying with these rules can be severe  —  companies can be slapped with heavy fines, local staffers can be jailed. And the broader consequences could be worse: losing protection from being held liable for content that people post, which could open companies up to all kinds of lawsuits.

If a streaming platform doesn’t respond or give an explanation that satisfies the complainant, they can appeal to the federal government, which can ultimately compel the platform to censor, edit, or take down the content in question.

It’s a sea change for Silicon Valley.

Years ago, seeing a quick path to exponential growth in India’s millions, the US tech industry rushed in, hired thousands of people, poured in billions of dollars, and became inextricably intertwined with the story of a modern, ascendant nation. But as muscular nationalism coursed ever faster through India’s veins, criticism of the powerful became increasingly difficult. Journalists were jailed, activists imprisoned, and the internet, dominated almost entirely by American social media platforms and streaming companies and one of the last remaining spaces for dissent, is now in the crosshairs.

Tech companies thought they had a billion users in the bag. But the new rules mean they might be forced to make a choice between standing up for democratic values and the rights of their users, and continuing to operate in a market crucial to growth and market dominance.

“The new rules were a jolt,” Mishi Choudhary, a technology and policy lawyer based in New York, told BuzzFeed News.

“Suddenly, they turned a wide open internet into one of the most intrusively regulated states and took it in an undemocratic direction.”

Riaz Haq said…
Prominent female #Indian journalists critical of #Modi government targeted by online scammers. Lured with fake job offers from #Harvard University in #Cambridge #Massachusetts. #BJP #Hindu #Hindutva #India https://www.nytimes.com/2021/12/16/technology/harvard-job-scam-india.html?smid=tw-share

Nearly a year later, it is still uncertain why Ms. Razdan and the other women were targeted. Although the scammers expressed support online for the Hindu nationalist movement in India, they shed little light on their decision to trick reporters.

The perpetrators have successfully covered their tracks — at least, most of them. The New York Times reviewed private messages, emails and metadata the scammers sent to the women as well as archives of the scammers’ tweets and photos that the scammers claimed were of themselves. The Times also relied on analysis from researchers at Stanford University and the University of Toronto who study online abuse, and from a cybersecurity expert who examined Ms. Razdan’s computer.

The identities of the scammers remain a secret.

“It’s not like anything I’ve ever seen,” said Bill Marczak, a senior research fellow at Citizen Lab, an institute at the University of Toronto that investigates cyberattacks on journalists. “It’s a huge amount of effort and no payoff that we’ve identified.”

--------
One at a time, the scammers selected their prey.

The first known target: Rohini Singh, an outspoken female journalist who had broken some big stories that powerful men in India didn’t like.

Ms. Singh delivered a blockbuster article in 2017 about the business fortunes of the son of India’s current minister of home affairs. She is a freelance contributor to an online publication called The Wire that is among the most critical of the Hindu nationalist government in India. She has also amassed nearly 796,000 Twitter followers.


-------

The next target was another female journalist, Zainab Sikander. An up-and-coming political commentator, Ms. Sikander campaigns against discrimination toward Muslims, a growing problem under the Hindu nationalist government. She has also written and posted many critical observations of the administration of Prime Minister Narendra Modi.

On Aug. 22, 2019, Ms. Sikander, too, received a Twitter message from Tauseef Ahmad, inviting her to participate in a high-powered media conference at Harvard. It was the same message sent to Ms. Singh, though neither woman knew the other had been targeted.

-----------

Just like in Ms. Singh’s case, Tauseef connected her to Alex Hirschman. What she didn’t know was that Alex and Tauseef were likely fake personas — a search of Harvard’s student directory showed no students by either name.

Ms. Sikander also didn’t know that Tauseef’s Twitter account was one of several online personas that were interlinked. Tauseef and Alex seemed so friendly, sending her compliments — and confirmations for the flights and hotels they claimed to have booked.

--------------
The next target was another female journalist working at a prominent Indian publication, who spoke with The Times on the condition that she was not identified. Suspicious about the scammer’s U.A.E. phone number, she quickly broke off contact too. But the scammers didn’t give up. By the time they communicated in November 2019 with Nighat Abbass, a spokeswoman for India’s ruling political party, known by its acronym, the B.J.P., they had copied email signatures from real Harvard employees and swiped official letterhead from the university’s website.
Riaz Haq said…
The Battle for the World’s Most Powerful Cyberweapon

https://www.nytimes.com/2022/01/28/magazine/nso-group-israel-spyware.html

In July 2017, Narendra Modi, who won office on a platform of Hindu nationalism, became the first Indian prime minister to visit Israel. For decades, India had maintained a policy of what it called “commitment to the Palestinian cause,” and relations with Israel were frosty. The Modi visit, however, was notably cordial, complete with a carefully staged moment of him and Prime Minister Netanyahu walking together barefoot on a local beach. They had reason for the warm feelings. Their countries had agreed on the sale of a package of sophisticated weapons and intelligence gear worth roughly $2 billion — with Pegasus and a missile system as the centerpieces. Months later, Netanyahu made a rare state visit to India. And in June 2019, India voted in support of Israel at the U.N.’s Economic and Social Council to deny observer status to a Palestinian human rights organization, a first for the nation.
Riaz Haq said…
India Bought Pegasus as Part of Larger $2 Billion Deal with Israel in 2017, Claims 'NYT' Report
The media report notes that Pegasus was the 'centrepiece' of a 2017 deal between India and Israel.


https://thewire.in/tech/india-bought-pegasus-israel-nyt-report



New Delhi: India bought controversial spyware tool Pegasus in 2017 as part of a larger arms deal with Israel, according to a new report published by The New York Times.

Access to the spyware, which is classified as military-grade software and produced by the NSO Group, was reportedly part of a “package of sophisticated weapons and intelligence gear worth roughly $2 billion” between India and Israel.

NYT’s report, which examines how Israel reaped diplomatic gains around the world from NSO’s Pegasus spyware, details how the US’s Federal Bureau of Investigation bought a version of Pegasus. It also sheds new light on how the software ended up being sold to Poland, India and Hungary.

“The combination of Israel’s search for influence and NSO’s drive for profits has also led to the powerful spying tool ending up in the hands of a new generation of nationalist leaders worldwide. Though the Israeli government’s oversight was meant to prevent the powerful spyware from being used in repressive ways, Pegasus has been sold to Poland, Hungary and India, despite those countries’ questionable records on human rights,” the report noted.

According to the NYT report, India’s access to Pegasus was sealed in 2017. The story claims that “Pegasus and a missile system” were the “centrepieces” of a broader defence package worth $2 billion.



“In July 2017, Narendra Modi, who won office on a platform of Hindu nationalism, became the first Indian prime minister to visit Israel…The Modi visit, however, was notably cordial, complete with a carefully staged moment of him and Prime Minister Netanyahu walking together barefoot on a local beach. They had reason for the warm feelings,” the report notes.

“Their countries had agreed on the sale of a package of sophisticated weapons and intelligence gear worth roughly $2 billion – with Pegasus and a missile system as the centerpieces. Months later, Netanyahu made a rare state visit to India.”



The report provides no further details on the specifics of the deal – or insight into which government department or agency procured it on behalf of the Indian government – but in April 2017, it was widely reported that New Delhi had signed a $2 billion (nearly Rs 12,880 crore) contract with Israel Aerospace Industries for supply of air defence missiles to the Indian Army.

In July 2021, a consortium of international media organisations including The Wire reported on the usage of Pegasus in countries across the world. In India, over 10 cases of Pegasus infection were found through forensic analysis conducted by Amnesty International’s Security Lab.



In 2019, messaging application WhatsApp sued the NSO Group over what it termed as an illegal breach of its software. At the time, the Facebook-owned firm confirmed that it had detected Pegasus targeting on the phones of several Indian activists and journalists.

The Indian government has been largely evasive in its replies with regard to whether it has purchased Pegasus or used it. In August 2021, the defence ministry clearly statedit had no business transaction with the NSO Group, leading to speculation as to whether an agency under the home affairs ministry was a customer.
Riaz Haq said…
S.L. Kanthan
@Kanthan2030
How many Americans know how propaganda works?

How many have heard of Edward Bernays? Maybe 1%.

He is the father of mass propaganda. And his techniques are still copied.

For example: This is how he increased sales of cigarettes — by inducing women to smoke and thus doubling potential customers.

And he did by using three strategies:

🔹reframing smoking as a “women’s liberation” thing.

🔹Recruiting celebrities

🔹Paying off media to glorify his stunt.

Thus, he held a women’s march for freedom and had the front-row women smoke cigarettes.

Then, he had the NY Times print it (in 1929) as a big news on the first page: “Group of Girls Puff at Cigarettes as a Gesture of “Freedom.”

By 1930, advertisements with beautiful women smoking were everywhere! Lucky brand was a good example.

The same playbook has been used over and over for decades for everything from consumer products and wars to vaccines and LGBTQ.

Edward Bernays influenced every aspect of US — from corporate marketing to military industrial complex.

But you just have to figure out the basics, and then you will see the trick everywhere.

https://twitter.com/Kanthan2030/status/1676659334431014912?s=20

-----------

The manipulation of the American mind: Edward Bernays and the birth of public relations

https://theconversation.com/the-manipulation-of-the-american-mind-edward-bernays-and-the-birth-of-public-relations-44393

“The most interesting man in the world.” “Reach out and touch someone.” “Finger-lickin’ good.” Such advertising slogans have become fixtures of American culture, and each year millions now tune into the Super Bowl as much for the ads as for the football.

While no single person can claim exclusive credit for the ascendancy of advertising in American life, no one deserves credit more than a man most of us have never heard of: Edward Bernays.

I first encountered Bernays through an article I was writing on propaganda, and it quickly became clear that he was one of the 20th century’s foremost salesmen of ideas. The fact that 20 years have elapsed since his death provides a fitting opportunity to reexamine his legacy.

Bernays pioneered public relations
Often referred to as “the father of public relations,” Bernays in 1928 published his seminal work, Propaganda, in which he argued that public relations is not a gimmick but a necessity:

How The Conversation is different: We explain without oversimplifying.
Learn more
The conscious and intelligent manipulation of the organized habits and opinions of the masses is an important element in democratic society. Those who manipulate this unseen mechanism of society constitute an invisible government which is the true ruling power of our country. We are governed, our minds are molded, our tastes formed, and our ideas suggested, largely by men we have never heard of…. It is they who pull the wires that control the public mind.
Riaz Haq said…
Russian FSB Hackers Breach Pakistani APT Storm-0156

(Russian) Parasitic advanced persistent threat (APT) Secret Blizzard accessed another APT's infrastructure (Pakistan's), and stole the same kinds of info it targets in South Asian government and military victims.

https://www.darkreading.com/threat-intelligence/russian-fsb-hackers-breach-pakistan-storm-0156

Hackers operating on behalf of Russian state intelligence have breached hackers operating out of Pakistan, latching onto their espionage campaigns to steal information from government, military, and defense targets in Afghanistan and India.

In December 2022, Secret Blizzard (aka Turla) — which the Cybersecurity and Infrastructure Security Agency (CISA) has tied to Russia's Federal Security Service (FSB) — gained access to a server run by another advanced persistent threat (APT), Storm-0156 (aka Transparent Tribe, SideCopy, APT36). It soon expanded into 33 separate command-and-control (C2) nodes operated by Storm-0156 and, in April 2023, breached individual workstations owned by its fellow hackers.

Since then, researchers from Microsoft and Black Lotus Labs say, Secret Blizzard has been able to leech off of Storm-0156's cyberattacks, accessing sensitive information from various Afghani government agencies and Indian military and defense targets.

---------------------

Frequent freeloader part I: Secret Blizzard compromising Storm-0156 infrastructure for espionage | Microsoft Security Blog

https://www.microsoft.com/en-us/security/blog/2024/12/04/frequent-freeloader-part-i-secret-blizzard-compromising-storm-0156-infrastructure-for-espionage/

In this first of a two-part blog series, we discuss how (Russia's) Secret Blizzard has used the infrastructure of the Pakistan-based threat activity cluster we call Storm-0156 — which overlaps with the threat actor known as SideCopy, Transparent Tribe, and APT36 — to install backdoors and collect intelligence on targets of interest in South Asia. Microsoft Threat Intelligence partnered with Black Lotus Labs, the threat intelligence arm of Lumen Technologies, to confirm that Secret Blizzard command-and-control (C2) traffic emanated from Storm-0156 infrastructure, including infrastructure used by Storm-0156 to collate exfiltrated data from campaigns in Afghanistan and India. We thank the Black Lotus Team for recognizing the impact of this threat and collaborating on investigative efforts. In the second blog, Microsoft Threat Intelligence will be detailing how Secret Blizzard has used Amadey bots and the PowerShell backdoor of two other threat actors to deploy the Tavdigbackdoor and then use that foothold to install their KazuarV2 backdoor on target devices in Ukraine.

Popular posts from this blog

Pakistani Women's Growing Particpation in Workforce

Pakistan's Saadia Zahidi Leads World Economic Forum's Gender Parity Effort

Pakistan Among World's Largest Food Producing Countries