Tuesday, April 6, 2010

Cyber Wars Across China, India and Pakistan

Last year at the World Economic Forum, U.S.-based security software firm McAfee's CEO Dave Walt reportedly told some attendees that China, the United States, Russia, Israel and France are among 20 countries locked in a cyberspace arms race and gearing up for possible Internet hostilities. He further said that the traditional defensive stance of government computer infrastructures has shifted in recent years to a more offensive posture aimed at espionage, and deliberate disruption of critical networks in both government and private sectors. Such attacks could disrupt not only command and control for modern weapon systems such as ballistic missiles, but also critical civilian systems including banking, electrical grid, telecommunications, transportation, etc, and bring life to a screeching halt.

Richard Clark, the former US cyber security czar, explained in a Newsweek interview the potential impact of cyber attacks on privately owned and operators infrastructure as follows:

"I think the average American would understand it if they suddenly had no electricity. The U.S. government, [National Security Administration], and military have tried to access the power grid's control systems from the public Internet. They've been able to do it every time they have tried. They have even tried to issue commands to see if they could get generators to explode. That's the famous Aurora experiment in Idaho. Well, it worked. And we know there are other real cases, like the power grid taken out in Brazil as part of a blackmail scheme. So the government knows it can be done, the government admits it can be done, the government intends to do it to other countries. Even the Chinese military has talked publicly about how they would attack the U.S. power grid in a war and cause cascading failures".

As if to confirm Walt's assertions, the Chinese hackers have allegedly stolen Indian national security information, 1,500 e-mails from the Dalai Lama’s office, and other sensitive documents, according to a report released by researchers at the University of Toronto. Media reports also indicated that government, business, and academic computers at the United Nations and the Embassy of Pakistan in the US were also targets. The UofT report also indicated there was no evidence to suggest any involvement by the Chinese government, but it has put Beijing on the defensive. Similar reports earlier this year said security investigators had traced attacks on Google and other American companies to China-based computers.

Chinese hackers apparently succeeded in downloading source code and bugs databases from Google, Adobe and dozens of other high-profile companies using unprecedented tactics that combined encryption, stealth programming and an unknown hole in Internet Explorer, according to new details released by the anti-virus firm McAfee and reported by Wired magazine. These hack attacks were disguised by the use of sophisticated encryption, and targeted at least 34 companies in the technology, financial and defense sectors, exploiting a vulnerability in Adobe’s Reader and Acrobat applications.

While the Chinese cyber attacks on US and India often get wide and deep coverage in the western media, a lower profile, small-scale cyber warfare is also raging in the shadows between India and Pakistan, according to some reports. These reports indicate that around 40-50 Indian sites are being attacked by Pakistani hackers on a daily basis whereas around 10 Pakistani sites are being hit by their Indian counterparts.

According to Pakistani blogger Arsalan Jamshed, cyberwars between the two countries started in May 1998. Soon after India officially announced its first nuclear test, a group of hackers, believed to be Pakistani, called milw0rm broke into the Bhabha Atomic Research Center web site and posted anti-India and anti-nuclear messages. The cyberwars usually have been limited to defacing of each others' sites. Defacement causes only superficial damage, in which only the home page of a site is replaced with hacker's own page, usually with some message for the victim. Such defacements started in May 1998 and continued during Kargil War in 1999 and then during that era when the tension between India and Pakistan was at its peak from Dec 2001 to 2002. Therefore, the period between 1999 to 2002 was very crucial, when the troops were busy across the LOC exchanging fire and the hackers were busy in defacing each others' websites.

In 2003, Indian and Pakistani hackers attacked each others' servers using variants of Yaha-Q email worm to shut down about 20 different applications, including personal firewalls and anti-virus software, according to Tony Magallanez, a system engineer with Finland-based F-Secure Corp.

Last year, there were news reports of Indian cyber attacks on Pakistan's Oil and Gas Regularity Authority. In retaliation, some Pakistani attackers hacked the websites of the Indian Institute of Remote Sensing, the Center for Transportation Research and Management, the Army's Kendriya Vidyalaya of Ratlam and the Oil and Natural Gas Corporation (ONGC). In one particular instance, Pakistani hackers removed the "most wanted" list from the Indian state Andhra Pradesh's CID (criminal investigation department) website and replaced it with messages threatening their Indian cyber rivals.

Unwelcome computer intrusions by Pakistani hackers are not new. The nation has the dubious distinction of being the birth place of the first ever personal computer virus known to mankind. Popularly called the 'Brain virus', it was created in 1986 by two Pakistani brothers, Amjad and Basit Farooq Alvi. This virus, which spread via floppy disks, was known only to infect boot records and not computer hard drives like most viruses today. The virus also known as the Lahore, Pakistani, Pakistani Brain, Brain-A and UIUC would occupy unused space on the floppy disk so that it could not be used and would hide from detection. It would also disguise itself by displaying the uninfected bootsector on the disk.

Responding to the increasing threat perception of cyber attacks, the Indian Navy Chief Admiral Sureesh Mehta has called for leveraging Indian strengths in Information Technology to build cyber warfare capabilities in India.

According to a Times of India report last year, the Indian Army is boosting the cyber-security of its information networks right down to the level of divisions, which are field formations with over 15,000 troops.

In addition to creating cyber-security organization to protect against cyber attacks and data thefts, the Indian Army leaders have also underlined the urgent need for "periodic cyber-security audits" by India's Army Cyber Security Establishment (ACSE).

The Indian Army's actions are a response to reports that both China and Pakistan are bolstering their cyber-warfare or information warfare capabilities at a rapid clip.

While the India-Pakistan cyber conflict is at best the stuff of minor league, the real major league contest is likely to occur between the United States and its major adversaries, particularly China. The Pentagon already employs legions of elite hackers trained in cyberwarfare, according to a Wired Magazine story in November, 2009. But they mostly play defense, and that's what Naval Postgraduate School professor John Arquilla wants to change. He'd like the US military's coders to team up with network specialists abroad to form a global geek squad. Together, they could launch preemptive online strikes to head off real-world battles.

Among other things, the Wired magazine story had a scenario discussed by John Arquilla where an elite geek squad of world hackers could be used to prevent India-Pakistan nuclear war by taking out the command and control systems of both nations.

The increasing cyber attacks on U.S. government's networks and critical infrastructure, and the growing complexity of IT infrastructure, are driving a surge in federal cybersecurity spending; the U.S. federal government's total cumulative cybersecurity spending would be $55 billion between 2010 and 2015, according a report by Homeland Security News Wire. At the same time, countries such as China and Russia recognize the fact that the United States has an unfair advantage over them in cyber warfare simply because most of the operating system and infrastructure software used in the world today has its origins in the United States. These concerns are fueling efforts by most major nations in the world to enhance their cyber security, and they are focusing on development of capacity to retaliate as a deterrence.

As to the potential cyber component of any future wars between India and Pakistan, its dramatic impact could reverberate across the globe as the computers used in South Asia for outsourced work from the United States and Europe come under crippling attacks from hackers on both sides. Here is how Robert X. Cringeley describes it in a June 2009 blog post captioned "Collateral Damage":

"Forget for the moment about data incursions within the DC beltway, what happens when Pakistan takes down the Internet in India? Here we have technologically sophisticated regional rivals who have gone to war periodically for six decades. There will be more wars between these two. And to think that Pakistan or India are incapable or unlikely to take such action against the Internet is simply naive. The next time these two nations fight YOU KNOW there will be a cyber component to that war.

And with what effect on the U.S.? It will go far beyond nuking customer support for nearly every bank and PC company, though that’s sure to happen. A strategic component of any such attack would be to hobble tech services in both economies by destroying source code repositories. And an interesting aspect of destroying such repositories — in Third World countries OR in the U.S. — is that the logical bet is to destroy them all without regard to what they contain, which for the most part negates any effort to obscure those contents."

Related Links:

Haq's Musings

Nature of Future India-Pakistan Warfare

ITU Internet Access Data by Countries

Foreign Origin of India's Agni Missiles

Pakistan's Space Capabilities

Pakistani-American Entrepreneurs in Silicon Valley

Pakistan's Multi-Billion Dollar IT Industry

John Arquilla: Go on the Cyberoffensive

Pakistan Defense Industry Going High Tech

India-Pakistan Military Balance

21st Century High Tech Warfare


Anonymous said...

86% of North Easterners Face Racial Discrimination in National Capital: A Study Reveals
By Madhu Chandra

The racial discrimination and attack on Indians outside the country, no way
should be compromised, yet in own vineyard, same is repeatedly faced by
north easterners and least is worried by the majority of the Indian society.
Chief Minister of Mizoram, Mr. Lalthnhawla’s statement on racial
discrimination, has sparked the nation by revealing what was hidden for so
long and least cared. A study reveals socking reality on same issue.
86% of North East Indian communities face racial discrimination living in
Delhi and NCR for period of two years and more according to a study
conducted by North East Support Centre & Helpline. The study was conducted
by selecting samples of north easterners living in north Delhi, South Delhi
and Gurgaon. The samples 80 students in classification new comers and those
already for two years and more were selected randomly, who hails from
different parts of north east Indian states.
New comers who are less than two years in national capital, tense to say
“No” on racial discrimination faced by the north east communities while 86%
of those who are two years and more, face discrimination for the reason of
their different look, different culture, different language and being
Only 14% says that they did not face racial discrimination but they felt
people calling them chinkies, Nepalis, free culture and strangers, which
they did not consider racial discrimination. Half of those who said that
they did not face racial discrimination are less than two years living in
Delhi. The longer, the one stays in national capital reveals the racial
discrimination faced by the north easterners. The study also reveals the
possibilities that longer the one stays higher the chance to face racial
78.75% of those who face racial discrimination say that they are treated
like chinkies, strangers in own land, free culture and Nepalis. 22.5% face
physical attacks, 3.75% sexual assault, 35% vulgar remarks and 38.75% no
North East Support Centre & Helpline handled and reported 34 cases since its
birth on 21 October 2007. 41% of total cases was of sexual abuse, 18%
beating by locals, 12% rape cases, 9% killed probably in connection to
sexual assault, 6% landlord harassment, 3% vulgar remarks, 3% eve teasing,
3% police harassment, 3% employer harassment, 3% Media vulgar statement
against north easterners.
On top of the racial discrimination faced from the some of the local
communities, the discrimination is double when the cases are denied, ignored
and delayed by the police official on duty. Out of 34 cases handled and
reported to North East Support Centre & Helpline, only 67.65% cases were
filed FIR(s) and 32.35% did not file the case in police station. Out of 34,
only 17.65% of the cases were taken up by police, out of which only two
cases are taken in the court for legal judgement.
The racial discrimination on Indians outside the country is the concern,
less we forget to do the home work on the issue faced by own citizen of the
country, which is less cared just because they look different from rest of
the majority population.
(The study was conducted by Madhu Chandra – Spokes Person of North East
Support Centre & Helpline with the helps of his colleagues as part of his
Ph. D. on social and concern under South Asia Institute of Advance Christian
Studies (SAIACS), Bangalore. © Copyrights is reserved by North East Support
Centre & Helpline)

Riaz Haq said...

In addition to the kind of conventional warfare fought in 1965 and 1971, any future India-Pakistan war is likely to have two new components of cyber war and missiles war.

Cyber War:

The potential cyber component will have a dramatic impact which could reverberate across the globe as the computers used in South Asia for outsourced work from the United States and Europe come under crippling attacks from hackers on both sides. Here is how Robert X. Cringeley describes it in a June 2009 blog post captioned "Collateral Damage":

"Forget for the moment about data incursions within the DC beltway, what happens when Pakistan takes down the Internet in India? Here we have technologically sophisticated regional rivals who have gone to war periodically for six decades. There will be more wars between these two. And to think that Pakistan or India are incapable or unlikely to take such action against the Internet is simply naive. The next time these two nations fight YOU KNOW there will be a cyber component to that war.

And with what effect on the U.S.? It will go far beyond nuking customer support for nearly every bank and PC company, though that’s sure to happen. A strategic component of any such attack would be to hobble tech services in both economies by destroying source code repositories. And an interesting aspect of destroying such repositories — in Third World countries OR in the U.S. — is that the logical bet is to destroy them all without regard to what they contain, which for the most part negates any effort to obscure those contents."

Missile War:

In a Dec 2008-Jan 2009 series of articles for UPI Asia, Hari Sud, an NRI Indian from Toronto, Canada, laid out very optimistic, wishful scenario of how an Indian attack on Pakistan would play out. Sud's scenarios include Israel's direct attack on Pakistani nukes, US help for both India and Israel, and much heavier losses inflicted on Pakistan than on India, resulting in near-total destruction of Pakistan's nukes, and major cities of Islamabad and Karachi, while Delhi and Mumbai escape unscathed.

Sud has scripted the war as any chauvinistic Indian would wish it to be, and it can be summed up as follows: Israelis are perfect, Indians are a close second, and Pakistanis can't even shoot straight.

In the end, Sud's carefully crafted script fulfills his fantasy of bringing Pakistan to its knees, begging for peace!

Needless to say, Sud's wishful thinking was set aside in New Delhi, saner minds prevailed in India, and India decided to back off and pursue diplomacy instead. But Sud's writings give a pretty good insight into the aggressive Indians' minds, and point to the probability of a serious miscalculation by Delhi.

Here are the links to Hari Sud's dreamy forecasts:

1. India ready to avenge Mumbai carnage

2. Israel Joins India

3. Losses and Gains

4. The Missile War

5. Pakistan Seeks Peace

Anonymous said...


Every country has its extreme element in thinking and in action. You can refer pakalert.wordpress.com. I think he has more creative ideas than hari. He has scenarios where pak is the friend and enemy of usa. One best think of that guys is that he does not dabble around isreal too much

Anonymous said...

and lets not even think of theatre personality turned strategic analyst Zaid Hamid who seems to be a lot lot more popular in Pakistan than this Sud fellow (never heard of him) is in India.

That plus the fact that the smart musharaf/talat masood type have all but retired and the bulk of the pak officers core is urdu medium type recruited en masse during zia's islamization drive.

Riaz Haq said...

Here's a recent news report on Asian nukes from Times of India:

Pakistan is estimated to have more nuclear warheads than India and the two Asian neighbours along with China are increasing their arsenals and deploying weapons at more sites, two eminent American atomic experts have claimed.

While Pakistan is estimated to possess 70-90 nuclear weapons, India is believed to have 60-80, claims Robert S Norris and Hans M Kristensen in their latest article 'Nuclear Notebook: Worldwide deployments of nuclear weapons, 2009'.

The article published in the latest issue of 'Bulletin of the Atomic Science' claimed that Beijing, Islamabad and New Delhi are quantitatively and qualitatively increasing their arsenals and deploying weapons at more sites, yet the locations are difficult to pinpoint.

For example, no reliable public information exists on where Pakistan or India produces its nuclear weapons, it said.

"Whereas many of the Chinese bases are known, this is not the case in Pakistan and India, where we have found no credible information that identifies permanent nuclear weapons storage locations," they said.

"Pakistan's nuclear weapons are not believed to be fully operational under normal circumstances, India is thought to store its nuclear warheads and bombs in central storage locations rather than on bases with operational forces. But, since all three countries are expanding their arsenals, new bases and storage sites probably are under construction," the two nuclear experts said.

Riaz Haq said...

Here is an Indian report which disregards any Pakistani indigenous contribution to its missile programs and gives China and North Korea the entire credit. This might be a good way for the Indians not to feel too sorry for themselves. But the fact is that Pakistan has made tremendous progress in its domestic scientific research capabilities and indigenous industrial manufacture. The Indians have more access to foreign help than Pakistan and yet their program lags behind Pakistan:

With active help from China and North Korea, Pakistan has surged well ahead of India in the missile arena. The only nuclear-capable ballistic missile in India's arsenal which can be said to be 100% operational as of now is the short-range Prithvi missile.

Though the 700-km Agni-I and 2,000-km-plus Agni-II ballistic missiles are being "inducted" into the armed forces, it will take "some time" for them to become "fully-operational in the numbers required".

Defence sources said the armed forces were still in the process of undertaking the "training trials" of Agni-I and Agni-II to give them the requisite capabilities to fire them on their own.

Of the two, the progress report of Agni-I, tested for the first time in January 2002 to plug the operational gap between Prithvi (150-350 km) and Agni-II missiles, is much better. The Army has already conducted two "user training trials", one in October 2007 and other in March 2008, of the Pakistan-specific Agni-I missile.

The fourth test of 3,500-km Agni-III, which will give India the strategic capability to hit targets deep inside China, is also on the anvil now. But Agni-III, tested successfully only twice in April 2007 and May 2008, will not be ready for induction before 2012.

Then, of course, design work on India's most ambitious strategic missile with near ICBM (intercontinental ballistic missile) capabilities, the 5,000-km range Agni-V, which incorporates a third composite stage in the two-stage Agni-III, is also in progress. "We should be ready to test Agni-V by 2010-2011," said an official.

So, in effect, the missile report card is rather dismal at present. "Unlike Pakistan, our programme is indigenous. But a strategic missile needs to be tested 10 to 15 times, over a variety of flight envelopes and targets, before it can be said to be fully-operational. A missile cannot be dubbed ready just after three to four tests," said an expert.

Keeping this benchmark in mind, only Prithvi can be dubbed to be fully ready. Defence PSUs like Bharat Dynamics Ltd, Bharat Earth Movers Ltd and Mishra Dhatu Nigam Ltd, in fact, are stepping up production of the different Prithvi variants.

Army, for instance, has orders worth Rs 1,500 crore for 75 Prithvi-I and 62 Prithvi-II missiles, while IAF has gone in for 63 Prithvi-II missiles for over Rs 900 crore.

Navy, in turn, has ordered Dhanush missiles, the naval version of Prithvi, with a 350 km strike range, for its "dual-tasked" warships, INS Subhadra and INS Suvarna.

India wants to gatecrash into the very exclusive club of `Big-Five' countries like Russia, US and China, which have both ICBMs (missiles with strike ranges over 5,500-km) and SLBMs (submarine-launched ballistic missiles), before 2015.

The SLBM quest is specifically crucial since it's the most effective and secure leg of the "nuclear weapon triad", with land-based missiles and aircraft capable of delivering nuclear bombs constituting the first two components.

The initial range of K-15 SLBM being developed by DRDO will, however, be limited to 750-km, far less than the over 5,000-km range SLBMs brandished by the `Big-5' countries.

Anonymous said...

umm Pakistan's Shaheen and China's M-9 are undistinguishable except the paint scheme.
Ditto Ghauri and North Korean Nodong.

Agni 1,2,3 on the other hand don't have any look alikes which means they are in all probability indigenous products.

Another thing if Pakistan's missile tech is indigenous why hasn't it been leveraged to create a viable space launch program?
The costs are marginal once you have the capability of developing liquid fuelled ballistic missiles and they have obvious strategic and economic advantages?
Yet Pakistan is yet to launch a SLV comparable to India's 1980 SLV let alone the more advanced PSLV and now GSLV.

Now why is that ?

Riaz Haq said...

Anon: "Agni 1,2,3 on the other hand don't have any look alikes which means they are in all probability indigenous products."

The Industrial revolution didn't exactly start in India or Asia, nor did nuclear and missile technology. It came from Europe. And the Asians learned from Europe. Many foreigners, including Indians and Pakistanis and Chinese, who are educated and live and work in the United States and Europe acquire new knowledge here, and some of them return home to share it with their fellow countrymen.

Here's an excerpt about origins of Agni from a report by Gary Milhollin in the Bulletin of the Atomic Scientists
November 1989, pp. 31-35:

Agni's foreign ancestry dates from the 1960s. In November 1963, the United States began India's space program by launching a U.S. sounding rocket from Indian soil. (Sounding rockets fly straight up into the atmosphere to conduct scientific experiments. They are too small to launch satellites.) The United States was followed by others. Between 1963 and 1975, more than 350 U.S., French, Soviet, and British sounding rockets were launched from India's Thumba Range,[1] which the United States helped design. Thumba's first group of Indian engineers had learned rocket launching and range operation in the United States.

Among them was the Agni's chief designer, A. J. P. Abdul Kalam. In 1963-64, he spent four months in training in the United States. He visited NASA's Langley Research Center in Virginia, where the U.S. Scout rocket was conceived, and the Wallops Island Flight Center on the Virginia coast, where the Scout was being flown. The Scout was a low-cost, reliable satellite launcher that NASA had developed for orbiting small payloads.

Soon afterward, in 1965, the Indian government asked NASA how much it would cost and how long it would take to develop an Indian version of the Scout, and whether the United States would help. NASA replied that the Scout was "available . . . for purchase . . . in connection with scientific research," but warned that "transfer of this technology . . . would be a matter for determination by the Department of State under Munitions Control."[2] NASA nevertheless sent India technical reports on the Scout's design, which was unclassified. India's request should have raised some eyebrows: it came from Homi Bhabha, head of the Indian Atomic Energy Commission.

But Kalam had the information he needed. He returned to India and built the SLV-3 (Space Launch Vehicle), India's first satellite launcher. Its design is virtually identical to the Scout's. Both rockets are 23 meters long, use four similar solid-fuel stages and "open loop" guidance, and lift a 40-kilogram payload into low earth orbit. The SLV's 30-foot first stage would later become the first stage of the Agni.

Anonymous said...

Thanks for the info,hats off to Dr. kalam and the like.

But the thing is our missiles while originally based on foreign tech are now designed and built in India.

Pakistan's shaheen,Ghauri,hatf 3 are at best licence productions of Chinese M-11,9 and n korean Nodong missiles they look exactly the same and have identical performance parameters.

Its kind of like us calling Su-30 Mki an Indian aircraft because its license built in India.

agni 1,2,3 on the other hand are Indian designed missiles someone in ASL wrote the specs and designed it, sure some components may be designed with foreign help like the Ring laser gyroscope etc but the conceptualization,flight testing and finally serial production is done by Indians this is the kind of institutional knowledge that can be reused for other things like the space program which isn't the case when you license produce something.

I hope I've clarified myself.

Btw have you seen our new Light combat helicopter?


Riaz Haq said...

anon: "But Kalam had the information he needed. He returned to India and built the SLV-3 (Space Launch Vehicle), India's first satellite launcher. Its design is virtually identical to the Scout's."

So you think if Indians copy and make duplicates then it is still "indigenous"? But not so when Pakistanis do the same?

I think yours is a racist claim that deserves no further response.

Anonymous said...

"So you think if Indians copy and make duplicates then it is still "indigenous"? But not so when Pakistanis do the same?"

Our MISSILES are no longer licence copies of others.Even US/USSR started off by by 'copying and making duplicates' of Germany's V-2but the thing is we are currently at a stage when we can set our own parameters of our missiles parameters and design a system accordingly.
Pakistan on the other had is STILL at the 'copying and making duplicates' stage of technology at stage which we left in the late 1980s.
Hatf 3_>Chinese M 11
Shaheen?Chinese M 9
Ghauri>N Korean Nodong

Another thing Pakistani missiles never fail even in their pre production tests now given the FACT that everyone's newly designed missiles extensively blow up at the pre production stage US,Russia,China,France included
one can only conclude that Pakistan doesn't even significantly modify the missile designs it gets from China/N Korea.

By the way what exactly is racist in my posts ?

Riaz Haq said...

anon: "Pakistan on the other had is STILL at the 'copying and making duplicates' stage of technology at stage which we left in the late 1980s."

The best explanation for similarity between Ghauri and No Dong can be found in the fact that it's a consortium development effort, as explained by ArmsControlWonk website:

Also, following from Geoff Forden’s idea of consortium development, early tests of the Nodong in Pakistan and Iran could also be considered part of the part of the development effort. (Iran’s first Nodong flight-test, in 1998, reportedly blew up about 100 seconds after launch.)

Actually, the consortium idea is not so new. In describing its research methodology, the Rumsfeld Commission alluded to it in its 1998 report:

We examined the ways in which the programs of emerging ballistic missile powers compared with one another. For example, we traced the development histories of the related programs of North Korea, Iran, Iraq and Pakistan and the relationships among them. This comparison helped in identifying the similarities between programs, the extent to which each had aided one another in overcoming critical development hurdles and, importantly, the pace at which a determined country can progress in its program development.

anon: "By the way what exactly is racist in my posts ?"

The racism charge is based on Indian arrogance that they are smart enough to develop technology on their own and Pakistanis are not. You should read page 410 of George Perkovich's "India's Nuclear Bomb" to understand what I mean by it.
Perkovich refers to "general Indian contempt for Pakistan's technical capabilities" and shock at the the nuclear and missile tests.

Anonymous said...

Well I for one don't believe that Pakistanis are not capable etc however technological competence of nation states today is a direct function of money poured into higher education and basic science and technology.

US is more technologically advanced than Russia not because Russians are stupid but because they invest something like 15 times more money in basic sciences and thus have a deeper interdisciplinary talent pool.

Similarly India invests something like 10 times what Pakistan does in basic science and technology so it is pretty obvious to everyone other than die hard Pakistani nationalists that it has a more sophisticated techno-industrial base than Pakistan.

By any measure be it the number of top 500 universities,number of patents filed,technological content of exports etc India is significantly ahead of Pakistan and given the fact that its economy is growing at ~8% per annum the money invested will continue to rise and the gap will coninue to widen in India's favour.

Riaz Haq said...

anon: "it has a more sophisticated techno-industrial base than Pakistan"

I agree that India is ahead of Pakistan in education, particularly in science and technology education. Clearly, Pakistan needs to do a lot more to boost its education sector.

But I think the difference is highly exaggerated to portray India as "technology power house" and Pakistan as a backwater. Both characterization are conjured up by self-serving analysts to fit their conclusions. Such analysts have fed what Perkovich described as "general Indian contempt for Pakistan's technical capabilities"
and caused serious miscalculations by Indian security establishment about Pakistan's capabilities.

Here are some data points to consider:

1. In the top 400 universities ranked by Times Higher Ed Supplement, there are six Indian universities and one Pakistani university, hardly earth shaking difference given that India has 7 times the population of Pakistan.

2. In terms of anecdotal evidence, I see both Indians and Pakistanis working in high tech fields doing essentially similar jobs in Silicon Valley, though the number of Indians is larger in proportion to their population.

3. There are dozens of Pakistani scientists working in high-profile research at CERN on LHC, and as far as Antarctica at Jinnah research station.

4. The number of research papers and citations of their work have dramatically increased a reported by Sciencewatch.

5. Pakistan has a small but vibrant IT industry worth about $2.8 billion, half of it in exports.

Some India watchers such as Fareed Zakaria, an Indian-American who often acts as a cheerleader for India in the US, have expressed doubts about the quality of education at the Indian Institutes of Technology. In his book "The Post-American World", Zakaria argues that "many of the IITs are decidedly second-rate, with mediocre equipment, indifferent teachers, and unimaginative classwork." Zakaria says the key strength of the IIT graduates is the fact that they must pass "one of the world's most ruthlessly competitive entrance exams. Three hundred thousand people take it, five thousand are admitted--an acceptance rate of 1.7% (compared with 9 to 10 percent for Harvard, Yale, and Princeton)."

As a student of Karachi's NED University of Engineering and Technology in 1970s, I had similar assessment of my alma mater (and other UETs) in Pakistan as Zakaria's characterization of the IITs in India. NED Engineering College in 1970s was "decidedly second-rate, with mediocre equipment, indifferent teachers, and unimaginative classwork". However, given the fairly strict merit-based admission process, I found myself mostly surrounded by some of the best, most competitive students who had graduated with flying colors from Karachi's intermediate colleges and ranked very high on the Board of Education examination to make it into NED College. It was indeed the creme de la creme of Karachi's youth who have later proved themselves by many accomplishments in various industries, including some of the leading-edge high-tech companies in America. Even in the 1970s, there were a small number of students admitted on non-merit-based special quotas. NED University today, however, appears to have significantly expanded such special, non-merit-based, quotas for entrance into the institution, an action that has probably affected its elite status, its rankings and the perceived quality of its graduates, while other, newer institutions of higher learning have surpassed it. Some of the special categories now include sons and daughters of employees, children of faculty and professional engineers and architects, special nominees from various ministries and an expanded quota for candidates from rural areas and the military.

Anonymous said...

IIT is no great sheiks compared to the US ,tech facilities wise it is soundly beaten by Boston University to say noting of Ivy leagues but it is one of the best in the emerging world

However this acceptance rate business needs to be qualified.
Basically anyone who sits for JEE is said to be a contender for an IIT now the exam fee is INR 1500 so lacs sit but only about 5000-10000 people are serious ditto for IIM and CAT entrance exams.

In Harvard/MIT etc you have to first take a nation wide SAT/GRE/GMAT exams only if your scores are 95 percentile + would you consider spending considerable time and money applying.In India presently there is no such filter so don't get taken in by that OMG 100,000 people sit and only 2000 make it hype!

Now coming to the rest of the stuff:

1.Investments is basic R&D take years if not decades to fructify.

IISc was set up in the 30s by the great JRD Tata it took atleast 50 years for it to show results.
India(and China)have a much bigger pipeline of R&D investments than other emering markets.

2.The number of patents filed is one thing their impact factor by the number of times it has been cited by others and its industrial applications is more important.Japan files more patents than the US but the average quality of US patents is much higher.

3.Pakistan's IT industry exports are ~1.5 billion this is 1/3 of a major Indian IT company like TCS,Infosys,Wipro.
Also the quality/Value addition of Indian IT exposts seem to be increasing Bank of China runs on TCS Core Banking System.It beat switzerland's Temenos and UK's Misys to the contract.There are other similar examples.

4.The best indicator of a nations industrial capability is the quality of its companies India has a handful of world class companies like Larsen and Toubro,TATA, Infosys, Bharat Forge,Suzlon, Biocon, etc
I would be very glad to learn about comparable Pakistani companies.

Riaz Haq said...

India's cryogenic rocket launch failed on April 15, according to the <a href="http://news.bbc.co.uk/2/hi/8622602.stm>BBC</a>:

<i>India's bid to launch an advanced communications satellite into orbit for the first time by using a cryogenic engine has failed, scientists say.

The rocket took off as planned but the phase powered by the new engine failed to perform and deviated from its path.

Cryogenic engines are rocket motors designed for fuels that have to be held at very low temperatures to be liquid. They would otherwise be gas.

Officials say that only five countries in the world have this technology.

Indian Space Research Organisation (Isro) Chairman K Radhakrishnan said that an investigation would now be held to find out what exactly went wrong.

Scientists say the mission failed because control of the two engines controlling the satellite was lost, resulting in loss of altitude and velocity.

Journalists at the scene of the launch said that scientists in the mission control area at Sriharikota in eastern India initially clapped and rejoiced after what appeared to be a successful launch - but their disappointment was apparent as the rocket deviated from its course.

India began developing cryogenic technology after Russia reneged on a deal to supply cryogenic engines in 1993 - following pressure from the United States, which believed India was using the technology to power missiles.

India hopes to emerge as a global player in the multi-billion dollar satellite launch market.</i>

Riaz Haq said...

India's claim of "indigenous" technology are false.

There is plenty of data from Wisconsin Project that shows how India has copied its missiles and nuclear reactors from western nations, particularly US and Canada.

For example, Abul Kalam directly copied Agni from the US Scout missile. Both look identical.

The first Indian reactor was a copy of Cirus and other Canadian reactors supplied to India.

India also got a lot of help from other nations, notably US, Canada, Germany and France in it quest for nuclear and missile technology.

Anonymous said...

A few points:

1. Every single country's cryogenic engine blew up the first time around including US,Russia,ESA,Japan,China...

2.As discussed before everyone starts off copying others US/USSR copied Nazi Germany's V-2 tech,they both copied Nazi Germany's gas centrifuge technology,the this is in this current era.

So therefore claims of idigenous tech aren't false as you claim them to be..

Btw Scout was copied into the SLV in 1980 which was a space launch vehicle.The Agni TD (Tech Demonstrator) circa 1989 used the first stage of SLV along with a indeginously designed second stage.

HOWEVER ,and please pay attention,the current Agni 1,2,3 deployed by the Indian military are clean sheet indigenous designs which look nothing like any other country's missiles.

Riaz Haq said...

Anon: "the current Agni 1,2,3 deployed by the Indian military are clean sheet indigenous designs which look nothing like any other country's missiles."

India's cryogenic stage in recent launch was a copy of the Russian designs India bough earlier. That's why the ISRO seemed so confident prior to the launch. But, apparently, it was a botched effort.

According to Gary Milhollin of Wisconsin Project, the first stage of the Scout became the first stage of India's first large ballistic missile, the Agni-I. The Agni-I's second stage was liquid-fueled, and was based on a surface-to-air missile called the SA-2 that India bought from Russia.
France also helped India master liquid-fuel technology by selling India the technology used to build the "Viking" engine used on the Ariane space launcher. India calls its version the "Vikas." The Agni also needed a guidance system. The German Space Agency obliged with a long tutorial in rocket guidance, which allowed India to develop a guidance system and learn how to produce its components (gyroscopes, accelerometers and so forth). The German Space Agency also tested a model of the first stage of the SLV-3 in one of its wind tunnels in Cologne and helped India build its own rocket test facilities. Germany also trained Indians in how to make composite materials.

Anonymous said...

ok maybe my English isn't clear enough:
All competent 3rd world countries China.India,Brazil etc progress in tech like this:
1.Copy western tech
2.Modify it extensively
3.Make your own clean sheet design.

In the case of ballistic missiles we are currently at stage 3.

The Agni TD which confusingly was called Agni 1 by the MTCR brigade was stage 2(1989
).Agni TD has been retired.

SLV a straight copy of Scout was stage 1.1980

In heavy rocket tech we are currently in stage 2.Getting the blueprints is one thing painstakingly getting the tech base to the level where it can fabricate complex titanium alloys without much handholding is a feat.

Stage 3 of rocket tech will be GSLV mk3(2011-2012) this has a completely new Cryo engine as well as other stages.

In nuke reactor tech we are at stage 3 to the extent that post nuke deal AECL,Canada came looking for collaboration on newer reactor designs but we have progressed in PHWR tech enough to politely refuse them.

PWR tech though is different plus you can resuse the PWR tech for nuke subs so we went to Russia for a package deal nuke sub help(my understanding is they have agreed to give us Akula 2 designs :) :) ) plus VVER AES 92 reactor tech in exchange for an order of 16 nuclear reactors.Putin was in town last month.
Based on this we'll negotiate with the French/Americans..basically 'give us something more or we'll get it from the Russians anyway...'
Its called diplomacy.

Basically 10 more years and we'll be able to design build our own nuclear submarines and advanced PWR reactors.

Point being S&T capability takes decades to build and I don't see any serious strategy being implemented in Pakistan.Is there?

Riaz Haq said...

Here's a Newsweek piece in which Richard Clark, former US cyber czar, is fretting about American being unprepared for cyber warfare:

The United States economy depends on the Internet more than any other developed country in the world. On most days that's a good thing. But according to Cyber War a new book by Richard A. Clarke, the very connectivity that gives the U.S. an edge in most markets is likely its greatest vulnerability. While this nation and others have suffered attacks against some of their largest government and private infrastructures (DOD and Google’s password system), most Americans probably don't spend much time worrying about attacks on our technology systems. NEWSWEEK's Jessica Ramirez spoke with Clarke about the possibility of such an event and why we are not prepared for it. Excerpts:

NEWSWEEK: Do you think cyberwar is imminent?
Richard Clarke: The question isn't what are the chances of a cyberwar. The question is what are the chances of a war. The next time there's a war between sophisticated countries, cyber will be part of it. Unless we do something about the defensive side of that equation before it happens, we are going to hurt a lot the day after the attack.

So this country isn't prepared?

There is a broad sense that the U.S. government is late to the cyberwarfare game. Is that really true?
I think on the offensive side, the U.S. government invented it. They are probably the best in the world. But on the defensive side, there has always been this ideological issue about who should defend things that are not owned by the government like the power grids, railroads, airlines, and the banks. There's a subsection in the book that's called, "No, I thought you were doing it." That's kind of the problem. The government thinks the private sector is going to defend all of that, and the private sector's attitude is, "We can do that against run-of-the-mill threats, but please don't expect us to be able to handle a nation-state attack. That's why we pay taxes. So the U.S. government will do it."

Is this what was missing from President George W. Bush's Comprehensive National Cyber Security Initiative, which is in place now?
Yes. It has all these great programs to defend the Pentagon and defend .gov and .mil. But there's nothing about defending our banks or power grids. There's nothing about defending the critical infrastructure that would logically be attacked.

If the government has created a plan to protect key government sectors, then they understand a problem exists. So why not do the same for the private sector?
There are a couple of reasons. There hasn't been a singular big event. There are little events every day where intellectual property is being lost, but there's no one big driver. There's also the issue of the role of the federal government in regulating something like the Internet. It's not what most people want.

I don't know if the average American understands why it's so important to protect private infrastructure like our power grids. Can you explain?
I think the average American would understand it if they suddenly had no electricity. The U.S. government, [National Security Administration], and military have tried to access the power grid's control systems from the public Internet. They've been able to do it every time they have tried. They have even tried to issue commands to see if they could get generators to explode. That's the famous Aurora experiment in Idaho. Well, it worked. And we know there are other real cases, like the power grid taken out in Brazil as part of a blackmail scheme. So the government knows it can be done, the government admits it can be done, the government intends to do it to other countries. Even the Chinese military has talked publicly about how they would attack the U.S. power grid in a war and cause cascading failures.

Riaz Haq said...

anon: "China.India,Brazil etc progress in tech like this:
1.Copy western tech
2.Modify it extensively
3.Make your own clean sheet design."

Having lived through the Intel-AMD court battle about the definition of "clean room design", I do not agree that the steps you laid out would lead to what you call "clean sheet design". Any such design in the third step would be heavily contaminated because of the knowledge and learning of the design team gained in the first two steps.

"clean sheet design" should mean zero contamination.

Anonymous said...

umm all technology to more or less degree build on previous tech.

In that case there are very few russian or american clean sheet designs because most advances in aerodynamics area ruling,swept wing,FSW,flying wing etc etc can be traced to Nazi Germany.

Similarly in missiles most balistic missiles and space launch vehicles are descendants of the German V-2.

By your definition we won't have a clean sheet design in ballistic missiles after the V-2 because the laws of physics don't change..

Riaz Haq said...

anon: "By your definition we won't have a clean sheet design in ballistic missiles after the V-2 because the laws of physics don't change.."

The basic law of Physics is just Newton's third law that guides all rocket designs. But that's not what I am talking about.

To give you an example, AMD did finally develop a "clean room" version of Intel X86 processors on its own which was accepted by courts. The reason the courts found it acceptable is because AMD assembled a new team that did the design and had no exposure to the original Intel X86 microcode, RTL, logic design, schematics, etc.

In Kalam's and his successor's cases, however, they have actually had direct access to the original US and German detailed designs and blueprints as disclosed and documented by Wisconsin Project.

Riaz Haq said...

On page 24 of the Non Proliferation Review Fall 1997, author Wyn Bowen writes as follows abut the Indian acquisition of Russian cryogenic engines as follows:

"The (George H.W. Bush)administration's most notable achievement was gaining the Soviet Union's adherence to MTCR in June 1990. Five months later, however,
the Russian Space Agency signed an
agreement to supply cryogenic
rocket engines and the associated
production technology to the Indian
Space Research Organisation
(ISRO). Although Moscow publicly
viewed the deal as consistent with
its pledge to adhere to the MTCR,
the administration perceived it as a
clear violation. This difference of
opinion resulted in the deterioration
of the administration’s missile nonproliferation
dialogue with Moscow.
Although Russia pledged its adherence
to the MTCR following the dissolution
of the Soviet Union,
Glavkosmos and Russia’s KB Salyut
design bureau continued with the deal
to supply the Salyut-designed cryogenic
technology to the Indian SLV
program. As a result, the U.S. administration
imposed sanctions on
the Russian and Indian entities and
subsequently linked Russia’s entry
into the satellite launch market, and
its participation in the international
space station, to the termination of
the ISRO deal.57 However, this approach
did not produce any concrete
results during the final months of the
Bush presidency, primarily because
of the strength of Russia’s military industrial
complex, which did not
want to jeopardize its freedom to
export space launch technology and
tactical missiles.58

Finally, it has emerged that
Russia continued transferring rocket
engine technology to India in 1993
after its agreements with the United
States to refrain from doing so. This
reportedly resulted in the completion
of 60 to 80 percent of the transfers
to India."

Riaz Haq said...

Here's an excerpt from Pakistan's consumer electronics market report:

Pakistan’s consumer electronics market, defined as the addressable market for computing devices, mobile handsets and AV products, is projected to be worth around US$1.6bn in 2010. Underlying demand will grow at a CAGR of about 7%, but spending will be restrained by a sizable grey market of smuggled or illegally assembled products.
The market’s considerable potential is currently depressed by a large grey market, poor IP protection, an unstable economic and security situation and weak distribution channels. Growth will be driven, however, by improved ICT infrastructure, and more credit availability. Reform of often high national and provincial taxes and tariffs on products ranging from computers to prepaid mobile cards would also boost the market.
Computer Computers accounted for around 18% of Pakistan’s consumer electronics spending in 2009. BMI forecasts Pakistan’s domestic market computer sales (including notebooks and accessories) of US$283mn in 2010, up from US$264mn in 2009. Computer hardware CAGR for the 2010- 2014 period will be around 7%. The abolition in September 2009 of a minimum sales tax on imported computers should boost the market.
AV AV devices accounted for around 40% of Pakistan’s consumer electronics spending in 2008. Pakistan’s domestic AV device market is projected at US$632mn in 2010. The market is expected to grow at a CAGR of 11% between 2010-2014, to a value of US$946mn in 2014. TV sets remain the core product in this category, but the growing availability of smuggled colour televisions is a market inhibitor.
Mobile Handsets Pakistan’s market handset sales are expected to grow at a CAGR of 1% to 18.8mn units in 2014, as mobile subscriber penetration reaches 91%. Revenue growth will be slower due to lower average selling prices (ASPs) of mobile handsets, with most handsets sold at a under US$40 price-point. Another issue is a declining growth rate of mobile subscriber penetration, which is now above 60%.

Riaz Haq said...

Here's an interesting excerpt from a piece about the use of technology in Pakistan written for CNET by a visiting Pakistani tech journalist Zamir Haider at Stanford University:

According to the Ministry of Finance's Economic Survey of Pakistan for fiscal 2005-2006, computer use in urban households is high. In comparison with the literacy rate--53 percent--at least 40 percent of Pakistanis are computer literate or have access to computers.

Mostly, these are Pentium II or Pentium III PCs, since laptops are expensive. PCs are now widely available at good prices, thanks to Chinese computers flooding the markets. Most of these machines are not big brands, but they do say "Intel Inside." As for laptops, they come from various brands like Dell, Toshiba, Compaq, Sony and Apple. Wireless Internet connections, on the other hand, are still rare.

Dialing up through the phone lines
In Pakistan, 99 percent of Internet connections are still over phone lines. Wi-Fi is generally seen only at five-star hotels and now at a few restaurants. People at home usually use Internet cards of various denominations starting from 10 rupees per hour (16 cents) to 100 rupees per 10 hours ($1.60). Connection speeds through Internet cards are generally poor.

Getting permanent Internet connections from an Internet service provider is expensive, but most businesses do get connections from these companies.

Mobile phones are the most common form of personal technology seen in Pakistan. Connecting to the Internet through mobile phones is getting popular now, but it probably will still take another a year or more to be as popular as it is here in California.

People here are excited about the coming of the Apple iPhone. That's what I hear people talking about when I go to any of the mobile phone outlets in San Francisco.

In Pakistan, people aren't that much different when it comes to mobile phones. They're fond of buying expensive cell phones not for technology purposes alone, but also largely to show off.

Riaz Haq said...

It appears that Stuxnet worm was designed, developed and released by western and-or Israeli intelligence agencies to sabotage industrial systems at Iranian nuclear facilities. Here's a CNET report:

Iran's official news agency said today that a sophisticated computer worm purportedly designed to disrupt power grids and other such industrial facilities had infected computers at the country's first nuclear-power plant but had not caused any serious damage.

The Stuxnet worm, which some see as heralding a new era of cyberwarfare, appeared in July and was already known to be widespread in Iran. In fact, its high concentration there, along with a delay in the opening of the Bushehr plant, led one security researcher to hypothesize that Stuxnet was created to sabotage Iran's nuclear industry.

In addition to emphasizing the threat posed by the worm, which could be used to remotely seize control of industrial systems, today's news could well add to speculation about Stuxnet, the sophistication of which has caused some to suspect that a nation state, such as Israel or the U.S., might be behind its creation.

The worm exploits three holes in Windows, one of which has been patched, and targets computers running Siemens software used in industrial control systems.

Mahmoud Jafari, the project manager at the Bushehr plant, said the worm "has not caused any damage to major systems of the plant" and that a team was working to remove it from several computers, according to Iran's IRNA news agency, which was cited in a report by the Associated Press.

Jafari said the infection involved the personal computers of several staff members working at Bushehr and would not affect plans to open the nuclear plant in October, the AP reported.

Read more: http://news.cnet.com/8301-1009_3-20017651-83.html#ixzz11GhExJ8o

Riaz Haq said...

Here's an excerpt fom a NY Times story on Obama's India visit and internal US policy debates on India-Pakistan conflict:

Gen. David H. Petraeus, the top commander in Afghanistan, is among those who have warned internally about the dangers of Cold Start, according to American and Indian officials. Adm. Mike Mullen, the chairman of the Joint Chiefs of Staff, and Richard C. Holbrooke, the special representative to Afghanistan and Pakistan, share these fears.

The strategy calls for India to create fast-moving battle groups that could deliver a contained but sharp retaliatory ground strike inside Pakistan within three days of suffering a terrorist attack by militants based in Pakistan, yet not do enough damage to set off a nuclear confrontation.

Pakistani officials have repeatedly stressed to the United States that worries about Cold Start are at the root of their refusal to redeploy forces away from the border with India so that they can fight Islamic militants in the frontier region near Afghanistan. That point was made most recently during a visit to Washington last month by Pakistan’s army chief, Gen. Ashfaq Parvez Kayani.

The administration raised the issue of Cold Start last November when India’s prime minister, Manmohan Singh, visited Washington, Indian and American officials said. Indian officials told the United States that the strategy was not a government or military policy, and that India had no plans to attack Pakistan. Therefore, they added, it should have no place on Mr. Obama’s agenda in India.

http://www.nytimes.com/2010/11/06/world/asia/06india.html?scp=6&sq=obama%20t rip%20to%20india&st=cse

Riaz Haq said...

I am sure many Indians looking for Obama to bash Pakistan (as that British novice PM Cameron did) would be sorely disappointed by the following statements Obama made to Indian students at St. Xavier's College in Mumbai:

"We want nothing more than a stable, prosperous and peaceful Pakistan".

"It may be surprising to some of you to hear me say this, but I am absolutely convinced that the country that has the biggest stake in Pakistan's success is India."

Here's more from the Washington Post today:

Obama commemorated the Nov. 26, 2008, massacre (in Mumbai) on his arrival Saturday when he laid a white rose at a memorial to the victims and spoke at the Taj Mahal Palace Hotel and Tower, a main target of the attack. But he infuriated many Indians by not mentioning Pakistan in his tribute, reinforcing the impression here that Obama cares less about India's grievances than he does about defending a key partner in the Afghanistan war.

The issue will probably come up again Monday, Obama's final day in India, when he appears with Prime Minister Manmohan Singh before the U.S. and Indian media and later addresses the Indian Parliament. Obama could well face questions over his position on Kashmir, a religiously mixed region in the subcontinent's northwest that both India and Pakistan claim.

How he portrays the U.S. interest in Pakistan, whose weak government is defending itself against its own Taliban insurgency, will probably determine whether his visit here succeeds in convincing Indians that he is serious when he says, as he did Sunday, that "the U.S.-India relationship will be indispensable in shaping the 21st century."

Riaz Haq said...

Wikileaks website under attack, according to a report:

The WikiLeaks website claims it is the target of another powerful cyber attack. Officials with the website made the claim Tuesday in a Twitter message.

This is the second time in three days that the WikiLeaks site has come under attack. Hackers also attacked the site Sunday, before WikiLeaks released more than a quarter-million sensitive U.S. diplomatic cables.

In both attacks, hackers flooded the website with requests for information in order to essentially make the site inaccessible to other users.

Also Tuesday, Forbes magazine reported WikiLeaks plans to release documents from a major U.S. financial firm early next year.

WikiLeaks founder Julian Assange told the magazine the tens of thousands of documents will expose what he called "the ecosystem of corruption."

Assange is an Australian citizen and former computer hacker.

The United States has condemned the release of the documents, which reveal details of candid U.S. diplomatic assessments of world leaders and events. They also quote top-level discussions with officials around the world.

Riaz Haq said...

Here is an Indian report about Pakistani hackers attacking India's FBI (called CBI) website:

New Delhi, Dec 6: Exposing India's weakness in information technology, the premier investigative agency, Central Bureau of Investigation has failed to restart its hacked official website even after 48 hours.

The CBI website (http://cbi.nic.in/), which was hacked by Pakistani hackers, remained offline on Monday, Dec 6. The failure indicates the credibility of Indian IT sector, which is considered as one of the leading exporter of 'brainees' to the Western countries.

The official website of CBI was hacked on Friday, Dec 3 night by unknown hackers, who claimed themselves as "Pakistan Cyber Army". The hackers infiltrated to the root level and left a note saying that the attack was a response to the hacking of Pakistan websites by Indian hackers.

The note left by Pakistan hackers read, "This attempt is in response to the Pakistani websites hacked by 'Indian Cyber Army'. We told u before too...we are sleeping but not dead". The note ended with "Pakistan Zindabad."

Later on Saturday, CBI officials released a statement describing that they were working hard to fix he issue and also registered a case under Information Technology Act against 'unknown' hackers.

"A case has been registered in this connection in the cyber crime cell of the CBI and efforts are underway to restore the website with the help of National Informatics Centre and the CBI cyber security experts," the statement said.

Another Indian report raises questions about the vulnerability of outsourced work in India to hacking, and it says: "Once, our national leaders cried for the 'brain drain' happened to India. Even now, US President Barack Obama urging Americans to compete with India 'brainees'. But the hacking of Central Bureau of Investigation (CBI)'s website exposed the 'real' credibility of Indian IT power."

Riaz Haq said...

Here's Wikileaks cable reported by Haaretz that hints at US-Israeli link to Stuxnet worm used against Iranian centrifuges last year:

A leading expert on Iran advised the United States to use "covert sabotage" rather than military action to destroy the Islamic Republic's nuclear facilities, according to a U.S. embassy cable released by WikiLeaks.

Citing a January 2010 cable dispatched by U.S. Ambassador Philip Murphy, The Guardian reported Wednesday that Germany's state-funded Institute for Security and International Affairs had told U.S. officials that a policy of sabotage would be "more effective" than a military strike in stopping Iran from developing a nuclear bomb.

Volker Perthes, director of the think tank, was referring to actions such as "unexplained explosions, accidents, computer hacking. etc" that would be more "effective than a military strike, whose effects in the region could be devastating", according to the cable.

Earlier cables disclosed by The Guardian show that U.S. officials - including former Secretary of State Condoleezza Rice - had "distinctly deferred" to Perthes for guidance on Iran-related matters.

In an interview with The Guardian, Perthes confirmed the details of the cable, saying that indeed "'unexplained accidents' or 'computer failures' etc are certainly better than military strikes," adding that "a military escalation with Iran – must be avoided."

"Compared to military action, such acts have the advantage that the leadership of a country that is affected wouldn't need to respond – everybody can agree that there was a technical failure, no one needs to shoot or bomb," he told The Guardian. "And at the same time, everybody has understood the message – about what developments are unacceptable to the other side."

The WikiLeaks cable emerged just days after The New York Times reported that Israel had tested a computer worm believed to have sabotaged Iran's nuclear centrifuges last year and slowed its ability to develop an atomic weapon.

In what the Times described as a joint Israeli-U.S. effort to undermine Iran's nuclear ambitions, it said the tests of the destructive Stuxnet worm had occurred over the past two years at the heavily guarded Dimona complex in the Negev desert.

The newspaper cited unidentified intelligence and military experts familiar with Dimona who said Israel had spun centrifuges virtually identical to those at Iran's Natanz facility, where Iranian scientists are struggling to enrich uranium.
"To check out the worm, you have to know the machines," an American expert on nuclear intelligence told the newspaper". The reason the worm has been effective is that the Israelis tried it out."

Western leaders suspect Iran's nuclear program is a cover to build atomic weapons, but Tehran says it is aimed only at producing electricity.

Iran's centrifuges have been plagued by breakdowns since a rapid expansion of enrichment in 2007 and 2008, and security experts have speculated its nuclear program may have been targeted in a state-backed attack using Stuxnet

Riaz Haq said...

Here's a NY Times story raising the usual alarm about Pakistan's nuclear weapons:

But the most recent estimates, according to officials and outsiders familiar with the American assessments, suggest that the number of deployed weapons now ranges from the mid-90s to more than 110. When Mr. Obama came to office, his aides were told that the arsenal “was in the mid-to-high 70s,” according to one official who had been briefed at the time, though estimates ranged from 60 to 90.

White House officials share the assessment that the increase in actual weapons has been what one termed “slow and steady.”

But the bigger worry is the production of nuclear materials. Based on the latest estimates of the International Panel on Fissile Materials, an outside group that estimates worldwide nuclear production, experts say Pakistan has now produced enough material for 40 to 100 additional weapons, including a new class of plutonium bombs. If those estimates are correct — and some government officials regard them as high — it would put Pakistan on a par with long-established nuclear powers.

“If not now, Pakistan will soon have the fifth largest nuclear arsenal in the world, surpassing the United Kingdom,” said Bruce Riedel, a former C.I.A. officer and the author of “Deadly Embrace: Pakistan, America, and the Future of Global Jihad.”

“And judging by the new nuclear reactors that are coming online and the pace of production, Pakistan is on a course to be the fourth largest nuclear weapons state in the world, ahead of France,” he said. The United States, Russia and China are the three largest nuclear weapons states.
“People are getting unduly concerned about the size of our stockpile,” said the officer, who was not authorized to speak publicly. “What we have is a credible, minimum nuclear deterrent. It’s a bare minimum.”

Riaz Haq said...

Here's a Reuters' story on OECD raising alarm about cyber attacks:

Attacks on computer systems now have the potential to cause global catastrophe, but only in combination with another disaster, the Organisation for Economic Cooperation and Development (OECD) said in a report on Monday.

The study, part of a wider OECD project examining possible "Future Global Shocks" such as a failure of the world's financial system or a large-scale pandemic, said there were very few single "cyber events" that could cause a global shock.

Examples were a successful attack on one of the technical protocols on which the Internet depends, or a large solar flare that wiped out key communications components such as satellites.

But it said a combination of events such as coordinated cyber attacks, or a cyber incident occurring during another form of disaster, should be a serious concern for policy makers.

"In that eventuality, 'perfect storm' conditions could exist," said the report, written by Professor Peter Sommer of the London School of Economics and Dr Ian Brown of Britain's Oxford University.

Governments are increasingly emphasising the importance of cyber security.

The United States is preparing for cyber conflict and has launched its own military cyber command. Britain last October rated cyber attacks as one of the top external threats, promising to spend an extra 650 million pounds ($1 billion) on the issue.

Meanwhile, emerging nations such as China and Russia are believed to see it as an arena in which they can challenge the United States' conventional military dominance.

The Stuxnet computer worm -- which targets industrial systems and was widely believed to be a state attack on Iran's nuclear programme -- is seen as a sign of the increasing militarisation of cyberspace.

The New York Times reported on Saturday that the worm was a joint U.S.-Israeli effort and had been tested at Israel's Dimona nuclear plant.

The OECD study concluded that cyber attacks would be ubiquitous in future wars, and that cyber weaponry would be "increasingly deployed and with increasing effect by ideological activists of all persuasions and interests".

"There are significant and growing risks of localised misery and loss as a result of compromise of computer and telecommunications services," the report said.

But it concluded that a true "cyberwar", fought almost entirely through computer systems, was unlikely as many critical systems were well protected and the effects of attacks were difficult to predict, and so could backfire on the assailants.

Brown said adopting a largely military approach to cyber security was a mistake, as most targets in the critical national infrastructure, such as communications, energy, finance and transport, were in the private sector.

Riaz Haq said...

Here are some excerpts from an Op Ed in The Hindu on Wikileaks cables showing growing US and Israeli influence in New Delhi:

The publication and analysis of the US embassy cables accessed by The Hindu through WikiLeaks is ongoing, but what has been made available so far reveals a disturbing picture. The US has acquired an influential position in various spheres - strategic affairs, foreign policy and economic policies. The US has access to the bureaucracy, military, security and intelligence systems and has successfully penetrated them at various levels. The cables cover a period mainly from 2005 to 2009, the very period when the UPA government went ahead to forge the strategic alliance with the US.
The volte face by the Manmohan Singh government in voting against Iran in the IAEA in September 2005 was one such crucial event. The cables illustrate how the US government exercised maximum pressure to achieve this turn around. The Indian government was told that unless India takes a firm stand against Iran, the US Congress would not pass the legislation to approve the nuclear deal.
Other cables reveal how the United States succeeded in getting India to coordinate policy towards other countries in South Asia like Nepal, Sri Lanka and Bangladesh. The close cooperation with Israel under US aegis is also spelt out.

The success achieved in getting India's foreign policy to be "congruent" to US policy is smugly stated in an embassy cable that Indian officials are ‘loathe to admit publicly that India and the US have begun coordinating foreign policies'.
One of the cables from the US ambassador to the American defense secretary Donald Rumsfeld spells out the agenda which the Americans hope to accomplish during the visit. The Defence Framework Agreement was the first of this type to be signed by India with any country. It envisages a whole gamut of cooperation between the armed forces of the two countries. It is evident from the cables that the US government and the Pentagon had been negotiating and planning for such an agreement from the time of the NDA government.
The cables show the growing coordination of the security establishments of the two countries reaching a high level of cooperation after the Mumbai terrorist attack. The then National Security Advisor, M K Narayanan was seen by the Americans as eager to establish a high degree of security cooperation involving agencies such as the FBI and the CIA.

The cables also provide a glimpse of how the Americans are able to penetrate the intelligence and security apparatus. Among the forty cables which were first published by the British paper, The Guardian, there are two instances of improper contacts. In the first case a member of the National Security Advisory Board meets an American embassy official and offers to provide information about Iranian contacts in India and requests for his visit to the United States to be arranged in return. In another case the US embassy reports that it is able to get access to terrorism related information directly from a police official serving in the Delhi Police, rather than going through official channels.
The collaboration between the intelligence and security agencies of the two countries had already resulted in American penetration. Two cases of espionage had come up. During the NDA government, a RAW officer, Rabinder Singh was recruited by the CIA. When his links were uncovered, he was helped by the CIA to flee to the United States. During the UPA government a systems analyst in the National Security Council secretariat was found to have been recruited by the CIA, the contact having been established through the US-India Cyber Security Forum.


Riaz Haq said...

US designing new creatures to join predator drones, according to NY Times:

WRIGHT-PATTERSON AIR FORCE BASE, Ohio — Two miles from the cow pasture where the Wright Brothers learned to fly the first airplanes, military researchers are at work on another revolution in the air: shrinking unmanned drones, the kind that fire missiles into Pakistan and spy on insurgents in Afghanistan, to the size of insects and birds.

The base’s indoor flight lab is called the “microaviary,” and for good reason. The drones in development here are designed to replicate the flight mechanics of moths, hawks and other inhabitants of the natural world. “We’re looking at how you hide in plain sight,” said Greg Parker, an aerospace engineer, as he held up a prototype of a mechanical hawk that in the future might carry out espionage or kill.


From blimps to bugs, an explosion in aerial drones is transforming the way America fights and thinks about its wars. Predator drones, the Cessna-sized workhorses that have dominated unmanned flight since the Sept. 11, 2001, attacks, are by now a brand name, known and feared around the world. But far less widely known are the sheer size, variety and audaciousness of a rapidly expanding drone universe, along with the dilemmas that come with it.

The Pentagon now has some 7,000 aerial drones, compared with fewer than 50 a decade ago. Within the next decade the Air Force anticipates a decrease in manned aircraft but expects its number of “multirole” aerial drones like the Reaper — the ones that spy as well as strike — to nearly quadruple, to 536. Already the Air Force is training more remote pilots, 350 this year alone, than fighter and bomber pilots combined.


A Tsunami of Data

The future world of drones is here inside the Air Force headquarters at Joint Base Langley-Eustis, Va., where hundreds of flat-screen TVs hang from industrial metal skeletons in a cavernous room, a scene vaguely reminiscent of a rave club. In fact, this is one of the most sensitive installations for processing, exploiting and disseminating a tsunami of information from a global network of flying sensors.

The numbers are overwhelming: Since the Sept. 11 attacks, the hours the Air Force devotes to flying missions for intelligence, surveillance and reconnaissance have gone up 3,100 percent, most of that from increased operations of drones. Every day, the Air Force must process almost 1,500 hours of full-motion video and another 1,500 still images, much of it from Predators and Reapers on around-the-clock combat air patrols.

The pressures on humans will only increase as the military moves from the limited “soda straw” views of today’s sensors to new “Gorgon Stare” technology that can capture live video of an entire city — but that requires 2,000 analysts to process the data feeds from a single drone, compared with 19 analysts per drone today.

At Wright-Patterson, Maj. Michael L. Anderson, a doctoral student at the base’s advanced navigation technology center, is focused on another part of the future: building wings for a drone that might replicate the flight of the hawk moth, known for its hovering skills. “It’s impressive what they can do,” Major Anderson said, “compared to what our clumsy aircraft can do.”


Riaz Haq said...

A computer virus has infected the cockpits of America’s Predator and Reaper drones, logging pilots’ every keystroke as they remotely fly missions over Afghanistan and other warzones, according to Wired magazine:

The virus, first detected nearly two weeks ago by the military’s Host-Based Security System, has not prevented pilots at Creech Air Force Base in Nevada from flying their missions overseas. Nor have there been any confirmed incidents of classified information being lost or sent to an outside source. But the virus has resisted multiple efforts to remove it from Creech’s computers, network security specialists say. And the infection underscores the ongoing security risks in what has become the U.S. military’s most important weapons system.

“We keep wiping it off, and it keeps coming back,” says a source familiar with the network infection, one of three that told Danger Room about the virus. “We think it’s benign. But we just don’t know.”

Military network security specialists aren’t sure whether the virus and its so-called “keylogger” payload were introduced intentionally or by accident; it may be a common piece of malware that just happened to make its way into these sensitive networks. The specialists don’t know exactly how far the virus has spread. But they’re sure that the infection has hit both classified and unclassified machines at Creech. That raises the possibility, at least, that secret data may have been captured by the keylogger, and then transmitted over the public internet to someone outside the military chain of command.

Drones have become America’s tool of choice in both its conventional and shadow wars, allowing U.S. forces to attack targets and spy on its foes without risking American lives. Since President Obama assumed office, a fleet of approximately 30 CIA-directed drones have hit targets in Pakistan more than 230 times; all told, these drones have killed more than 2,000 suspected militants and civilians, according to the Washington Post. More than 150 additional Predator and Reaper drones, under U.S. Air Force control, watch over the fighting in Afghanistan and Iraq. American military drones struck 92 times in Libya between mid-April and late August. And late last month, an American drone killed top terrorist Anwar al-Awlaki — part of an escalating unmanned air assault in the Horn of Africa and southern Arabian peninsula.

But despite their widespread use, the drone systems are known to have security flaws. Many Reapers and Predators don’t encrypt the video they transmit to American troops on the ground. In the summer of 2009, U.S. forces discovered “days and days and hours and hours” of the drone footage on the laptops of Iraqi insurgents. A $26 piece of software allowed the militants to capture the video.

The lion’s share of U.S. drone missions are flown by Air Force pilots stationed at Creech, a tiny outpost in the barren Nevada desert, 20 miles north of a state prison and adjacent to a one-story casino. In a nondescript building, down a largely unmarked hallway, is a series of rooms, each with a rack of servers and a “ground control station,” or GCS. There, a drone pilot and a sensor operator sit in their flight suits in front of a series of screens. In the pilot’s hand is the joystick, guiding the drone as it soars above Afghanistan, Iraq, or some other battlefield.


Riaz Haq said...

Here's a NY Times report on US plans to use cyber warfare against Libya and Pakistan:

The Obama administration is revving up the nation’s digital capabilities, while publicly emphasizing only its efforts to defend vital government, military and public infrastructure networks.

“We don’t want to be the ones who break the glass on this new kind of warfare,” said James Andrew Lewis, a senior fellow at the Center for Strategic and International Studies, where he specializes in technology and national security.

That reluctance peaked during planning for the opening salvos of the Libya mission, and it was repeated on a smaller scale several weeks later, when military planners suggested a far narrower computer-network attack to prevent Pakistani radars from spotting helicopters carrying Navy Seal commandos on the raid that killed Osama bin Laden on May 2.

Again, officials decided against it. Instead, specially modified, radar-evading Black Hawk helicopters ferried the strike team, and a still-secret stealthy surveillance drone was deployed.

“These cybercapabilities are still like the Ferrari that you keep in the garage and only take out for the big race and not just for a run around town, unless nothing else can get you there,” said one Obama administration official briefed on the discussions.

The debate about a potential cyberattack against Libya was described by more than a half-dozen officials, who spoke on the condition of anonymity because they were not authorized to discuss the classified planning.

In the days ahead of the American-led airstrikes to take down Libya’s integrated air-defense system, a more serious debate considered the military effectiveness — and potential legal complications — of using cyberattacks to blind Libyan radars and missiles.

“They were seriously considered because they could cripple Libya’s air defense and lower the risk to pilots, but it just didn’t pan out,” said a senior Defense Department official.

After a discussion described as thorough and never vituperative, the cyberwarfare proposals were rejected before they reached the senior political levels of the White House.

Gen. Carter F. Ham, the head of the military’s Africa Command, which led the two-week American air campaign against Libya until NATO assumed full control of the operation on March 31, would not comment on any proposed cyberattacks. In an interview, he said only that “no capability that I ever asked for was denied.”

Senior officials said one of the central reasons a cyberoffensive was rejected for Libya was that it might not have been ready for use in time, given that the rebel city of Benghazi was on the verge of being overrun by government forces.

While popular fiction and films depict cyberattacks as easy to mount — only a few computer keystrokes needed — in reality it takes significant digital snooping to identify potential entry points and susceptible nodes in a linked network of communications systems, radars and missiles like that operated by the Libyan government, and then to write and insert the proper poisonous codes.

“It’s the cyberequivalent of fumbling around in the dark until you find the doorknob,” Mr. Lewis said. “It takes time to find the vulnerabilities. Where is the thing that I can exploit to disrupt the network?”


Mayraj said...

"A cyber warfare expert claims he has linked the Stuxnetcomputer virus that attacked Iran's nuclear program in 2010 toConficker, a mysterious "worm" that surfaced in late 2008 and infected millions of PCs."
Insight: Did Conficker help sabotage Iran's nuke program?

Riaz Haq said...

Here are some excerpts of CBS 60 Minutes segment on Stuxnet aired on Mar 4, 2012:

The first attack, using a computer virus called Stuxnet was launched several years ago against an Iranian nuclear facility, almost certainly with some U.S. involvement. But the implications and the possible consequences are only now coming to light.

FBI Director Robert Mueller: I do believe that the cyberthreat will equal or surpass the threat from counterterrorism in the foreseeable future.

Defense Secretary Leon Panetta: There's a strong likelihood that the next Pearl Harbor that we confront could very well be a cyberattack.

House Intelligence Committee Chairman Mike Rogers: We will suffer a catastrophic cyberattack. The clock is ticking.

And there is reason for concern. For more than a decade, the U.S. military establishment has treated cyberspace as a domain of conflict, where it would need the capability to fend off attack, or launch its own. That time is here. Because someone sabotaged a top secret nuclear installation in Iran with nothing more than a long string of computer code.

Ret. Gen. Mike Hayden: We have entered into a new phase of conflict in which we use a cyberweapon to create physical destruction, and in this case, physical destruction in someone else's critical infrastructure.
We know from reverse engineering the attack codes that the attackers have full, and I mean this literally, full tactical knowledge of every damn detail of this plant. So you could say in a way they know the plant better than the Iranian operator.

We wanted to know what Retired General Michael Hayden had to say about all this since he was the CIA director at the time Stuxnet would have been developed.
You can download the actual source code of Stuxnet now and you can repurpose it and repackage it and then, you know, point it back towards wherever it came from.

Kroft: Sounds a little bit like Pandora's box.

McGurk: Yes.

Kroft: Whoever launched this attack--


Riaz Haq said...

Here's a piece published in the Bulletin of the Atomic Scientists:

With confirmation that the United States was behind the 2010 cyberattack on Iran's nuclear enrichment facility, the world has officially entered a new era of warfare. The New York Times' comprehensive reporting details how the US and Israeli governments developed the malicious Stuxnet software and how they deployed it in the digital wilderness of the Internet specifically to attack the plant at Natanz. Over the past decade, US experts have strenuously warned about the ominous possibility of other nations, rogue states, or even terrorist groups attacking US infrastructure through the Internet. As it happens, however, it is the United States that has developed malicious software in secrecy and launched it against another country -- in this case, Iran.

The parallels with the invention and first use of atomic bombs on Hiroshima and Nagasaki are eerie. Consider the similarities: First, government and scientific leaders invent a new kind of weapon out of fear that others will develop it first and threaten the United States. Second, the consequences of using the new weapon -- both the material damage it might cause as well as its effects on international security and arms-race dynamics -- are poorly understood. Third, scientists and engineers warn political and military leaders about the dangers of the new weapon and call for international cooperation to create rules of the road. Fourth, despite warnings by experts, the US government continues to develop this new class of weaponry, ultimately unleashing it without warning and without public discussion of its implications for peace and security.

And so, this may be another watershed moment, when, as Albert Einstein put it in 1954: "Everything has changed save our way of thinking, and thus we drift toward unparalleled catastrophe."

During World War II, the Allies feared that Germany would be the first to create an atomic bomb with disastrous consequences for civilization. And so, in utmost secrecy, the United States and Britain mobilized their scientists and engineers in order to develop the first atomic bombs. In the end, Germany did not come close to producing a nuclear weapon; perhaps US fears had been overstated. But the major goal was achieved: The Allies won the race to create to harness atomic energy in a bomb. But instead of declaring that the game was over, American political leaders considered using the new bomb to bring the war against Japan to an end.
In 1945, atomic scientists determined that only international control of nuclear energy could prevent an arms race between the United States and other countries. In yet another parallel, cyber scientists and engineers also have called for international cooperation to establish institutions to control cybertechnology and protocols to prevent a new kind of arms race. Unfortunately, these recommendations have not been heeded either, and once more, government leaders seem all too eager to deploy a new and very dangerous weapon.

And how ironic that the first acknowledged military use of cyberwarfare is ostensibly to prevent the spread of nuclear weapons. A new age of mass destruction will begin in an effort to close a chapter from the first age of mass destruction.


Riaz Haq said...

Here's Wall Street Journal story on cyberweapons:

"Cyberattacks are easy, can be carried out at a low cost and have potentially high benefits," said Peter Sommer, a computer-security expert who teaches at the London School of Economics. "You don't have to keep agents in location for a long time. You can be sitting at a computer in your home country."

Many countries—including the U.S., Russia, China, Israel, the U.K., Pakistan, India and North and South Korea—have developed sophisticated cyberweapons that can penetrate and destroy computer networks, experts say. Increasingly, governments are going public about break-ins to their networks to raise public awareness.

"We are seeing an important shift in the way people understand computer security," said Ilias Chantzos, the director of government affairs outside the U.S., at technology-security firm Symantec Corp. "It used to be exotic. Now we are seeing it elevated to a national level."

Recently, the North Atlantic Treaty Organization said it would develop a new policy to deal with computer threats after a string of attacks on member countries.

In 2009, the European Commission published a paper calling for greater cooperation among member states to fend off cyberattacks.

However, keeping up with the development of new cyberthreats is proving challenging for governments, which have to spend heavily upgrading their defense systems and focusing their efforts on their most vulnerable points, experts say. France, for instance, created ANSSI in 2009. In 2012, the agency will hire 70 new staff and have an annual budget of €90 million ($125.8 million).

"No single infrastructure system is safe enough," said Mr. Pailloux.


Riaz Haq said...

Here's an IEEE Spectrum piece on Stuxnet virus:


The Brain boot sector virus (aka Pakistani flu), the first IBM PC–compatible virus, is released and causes an epidemic. It was created in Lahore, Pakistan, by 19-year-old Basit Farooq Alvi and his brother, Amjad Farooq Alvi.

Computer cables snake across the floor. Cryptic flowcharts are scrawled across various whiteboards adorning the walls. A life-size Batman doll stands in the hall. This office might seem no different than any other geeky workplace, but in fact it’s the front line of a war—a cyberwar, where most battles play out not in remote jungles or deserts but in suburban office parks like this one. As a senior researcher for Kaspersky Lab, a leading computer security firm based in Moscow, Roel Schouwenberg spends his days (and many nights) here at the lab’s U.S. headquarters in Woburn, Mass., battling the most insidious digital weapons ever, capable of crippling water supplies, power plants, banks, and the very infrastructure that once seemed invulnerable to attack.

Recognition of such threats exploded in June 2010 with the discovery of Stuxnet, a 500-kilobyte computer worm that infected the software of at least 14 industrial sites in Iran, including a uranium-enrichment plant. Although a computer virus relies on an unwitting victim to install it, a worm spreads on its own, often over a computer network.

This worm was an unprecedentedly masterful and malicious piece of code that attacked in three phases. First, it targeted Microsoft Windows machines and networks, repeatedly replicating itself. Then it sought out Siemens Step7 software, which is also Windows-based and used to program industrial control systems that operate equipment, such as centrifuges. Finally, it compromised the programmable logic controllers. The worm’s authors could thus spy on the industrial systems and even cause the fast-spinning centrifuges to tear themselves apart, unbeknownst to the human operators at the plant. (Iran has not confirmed reports that Stuxnet destroyed some of its centrifuges.)
Companies have been slow to invest the resources required to update industrial controls. Kaspersky has found critical-infrastructure companies running 30-year-old operating systems. In Washington, politicians have been calling for laws to require such companies to maintain better security practices. One cybersecurity bill, however, was stymied in August on the grounds that it would be too costly for businesses. “To fully provide the necessary protection in our democracy, cybersecurity must be passed by the Congress,” Panetta recently said. “Without it, we are and we will be vulnerable.”

In the meantime, virus hunters at Kaspersky and elsewhere will keep up the fight. “The stakes are just getting higher and higher and higher,” Schouwenberg says. “I’m very curious to see what will happen 10, 20 years down the line. How will history look at the decisions we’ve made?”


Riaz Haq said...

Here's a PakistanToday on Indian and Pakistani hackers' war:

Pakistani hackers on Friday hacked over a thousand Indian websites in response to an Indian attack on the website of the Election Commission of Pakistan (ECP).

Pakistani hackers calling themselves True Cyber Army defaced 1,059 websites of Indian election bodies which then showed the ECP’s web page.

The hacked websites included http://www.nmcelection.org/, http://www.mcgmelection.org/. The hackers warned to launch more attacks on Indian websites if their rivals continued their campaign against Pakistani websites.

“If Indian hackers did not stop attacking Pakistani websites, we have a right to fight for the integrity of our homeland,” True Cyber Army said in an email message to a local newspaper. Last Friday the website of ECP was shut down after an attack by an Indian hacker who identified himself as NIGh7 F0x. The hacker defaced the homepage of ECP website and later compromised its availability.

The attack on ECP website came at a time when the P he commission shifted its website on another server to avert the crisis but still some ECP website users are complaining about difficulty in accessing some of the contents.

However, according to a spokesman of ECP all important election related data was secure and the website had started functioning normally. The Commission had already started uploading the nomination papers of candidates contesting in May 11 polls. Pakistani election body is busy in preparing for the general elections to be held on 11th May 2013.


Riaz Haq said...

From Wall Street Journal:

Russian researchers expose breakthrough U.S. spying program. The National Security Agency found a way to implant spyware into the firmware of hard drives, allowing the agency the ability to spy on the majority of computers worldwide, according to Kaspersky Lab. The Moscow-based security agency said it found infected computers in 30 countries, with the most infections found in Iran, Russia, Pakistan, Afghanistan, China, Mali, Syria, Yemen and Algeria. The targets included banks, energy companies, government and military institutions. A former NSA employee tells Reuters that Kasperky’s analysis is correct. The news could soon lead to more backlash against Western technology vendors.


Riaz Haq said...

(Noor Azizi) Uddin was a slippery character -- a 52-year-old hacker (from Pakistan) who used multiple aliases, a guy with a massive bank account who seemed to always be one step ahead of the law. In 2012, he was arrested by Interpol but, because of an evidentiary snafu, he walked. The next year, the FBI put a $50,000 bounty on his head for any information that could lead to his arrest.

Then, in early 2015, that tip finally came in. It landed in Pakistan's Federal Investigation Agency, and was directed to Jabbar, the cybersecurity official. The tip was a cell phone number that apparently belonged to Uddin. (Pakistan’s chief cybersecurity officer, Mir Mazhar) Jabbar contacted the wireless service provider. The carrier then gave him access to the phone's GPS coordinates.

And that's how Jabbar ended up on Uddin's doorstep last month.

The irony that Uddin would ultimately be found because of a hacked phone number was not lost on Jabbar. According to the FBI, Uddin is the mastermind behind a massive phone hacking crime ring that netted him and an accomplice, Farhan Arshad, a massive fortune. Over about four years, from 2008 to 2012, they grossed more than $50 million by hacking phones -- mostly landlines -- all around the world.


Most people are familiar with the idea of credit card hackers. But very few know about phone hackers, or PBX (private branch exchange) hackers, or even "phreakers," as they’re referred to by insiders. According to experts, the scam is on the rise -- and it's startlingly simple. The FBI says that Uddin, along with Arshad, would hack into the phone lines of U.S. companies, hijack their phone numbers, and begin auto-dialing like crazy. They’d use the numbers to call premium-rate lines, which, typically, charge the customer anywhere from 50 cents to $3 per minute.

But the crux of the scam is this: The hackers actually own those premium-rate lines, so they’re really just paying themselves by dialing with their victim's phones.

How It Works

It's a little bit complicated, so imagine it this way: Someone steals your iPhone. But instead of just selling it on Craigslist, they use it to dial one of those $3-per-minute phone sex lines, over and over, until you’ve racked up thousands of dollars in fees.

Now, imagine that same person who stole your iPhone actually owns that sex line that he was dialing, and you -- the unsuspecting user -- are forced to pay the bill to your carrier at the end of the month. Unfortunately, if you try to dispute the bill, your carrier will just shrug -- according to the terms of pretty much all user agreements, whoever actually owns the line is on the hook for the bill.

In Uddin’s case, the hacked entities were seemingly random businesses. The FBI’s official indictment doesn’t name specific entities, but it lists examples: One business in Livingston, New Jersey, was hacked for $24,120. Another, in Englewood, New Jersey, was charged $83,839.

The hacks themselves typically lasted for less than a day, usually on a weekend, when no one is in the office.

A PBX scam can begin as simply as giving the wrong person your business card. The most simple way hackers gain entry to your phone line is, surprisingly enough, through your voicemail. “That’s where your bad guys get creative,” says Paul Byrne, founder of PBX Wall, a fraud detection software company.

"PBX" is a term that’s ultimately used to describe any company’s phone system. Typically, hackers will call a landline and wait for the voicemail system to activate. Then, the hackers will begin guessing the voicemail password. They can do it manually, but more often than not, they use software with “brute force” capabilities, just like it’s done in computer hacks. Once they get your password, and manage to break into your system, they change your call forwarding service to the premium-rate line that they own.


Riaz Haq said...

Wikileaks reveal #American #Spy Agency #NSA #Cyber Weapons Used to Hack #Pakistan mobile system http://bit.ly/2nQ1VHn via @techjuicepk

New information about the involvement of US in hacking Pakistan mobile system has been found in a release by Wikileaks. This leak points to NSA’s cyber weapons which include code related to hacking of Pakistan mobile system.

NSA’s interest in Pakistan
NSA, National Security Agency responsible for global monitoring, collection, and processing of information and data for foreign intelligence and counterintelligence purposes in the USA, has allegedly spied on Pakistani civilian and military leadership in the past. Edward Snowden, a former NSA employee, has also suggested in the past that NSA used wiretapping and cyber weapons to spy on many international leaders.

Scope of new information
On Saturday, Wikileaks revealed hundreds of cyber weapons variants which include code pointing towards NSA hacking Pakistan mobile system.

The link shared in the tweet by Wikileaks’ official account points to a Github repository containing the decrypted files pertaining to NSA cyber weapons. A complete analysis of these files by a cyber security expert is needed to further highlight the severity of the situation. Initial impressions, however, seem to indicate that these leaks will certainly provide more substance to previous allegations against NSA.

Riaz Haq said...

Experts are unanimous in saying that the most important target of #Indian #cyber-#espionage & #cyberattacks by far is #Pakistan. Limited employment prospects of Indian techies have created a swarm of underground threat actors in #India| The Daily Swig

ANALYSIS India is sometimes overlooked by some in the threat intelligence community, even though the South Asian nation has advanced cyber capabilities – not least a huge pool of talent.

The country boasts a large number of engineers, programmers, and information security specialists, but not all of this tech talent was put to good use, even before the Covid-19 pandemic cast a shadow over the global economy.

Their somewhat limited employment prospects are said to have created a swarm of underground Indian threat actors eager to show off their hacking talents and make money – a resource that the Indian government might be able to tap into in order to bolster its own burgeoning cyber-espionage resources.

India is in catch-up mode for now, but has the technical resources to make rapid progress.

Who is being targeted by Indian hacking groups?
Geopolitical factors have fueled an increase in cyber threat activity both originating from and targeting India.

Experts quizzed by The Daily Swig were unanimous in saying that the most important target of Indian cyber-espionage by far is Pakistan – a reflection of the decades-long struggle over the disputed region of Kashmir.

China, India’s neighbour and an ally of Pakistan, is also a top target of state-sponsored Indian cyber-espionage.

Paul Prudhomme, head of threat intelligence advisory at IntSights, told The Daily Swig: “Indian cyber-espionage differs from that of other top state-sponsored threats, such as those of Russia and China, in the less ambitious geographic scope of their attacks.”

Other common targets of Indian hacking activity include other nations of the South Asian subcontinent, such as Bangladesh, Sri Lanka, and Nepal. Indian espionage groups may sometimes expand their horizons further to occasional targets in Southeast Asia or the Middle East.

Indian cyber-espionage groups typically seek information on Pakistan’s government, military, and other organizations to inform and improve its own national security posture.

But this is far from the only game in town.

For example, one Indian threat group called ‘Dark Basin’ has allegedly targeted advocacy groups, senior politicians, government officials, CEOs, journalists, and human rights activists across six continents over the last seven years.

India is currently considered to have a less mature cyber warfare armoury and capability than the ‘Big Six’ – China, North Korea, Russia, Israel, the UK, and US – but this may change over time since its capability is growing.

Chris Sedgwick, director of security operations at Talion, the managed security service spinoff of what used to be BAE System’s intelligence division, commented:

The sophistication of the various Indian cyber threat actors do not appear to be in the same league as China or Russia, and rather than having the ability to call on a cache of 0-day exploits to utilise, they have been known to use less sophisticated – but still fairly effective – techniques such as decoy documents containing weaponised macros.

Riaz Haq said...

Experts are unanimous in saying that the most important target of #Indian #cyber-#espionage & #cyberattacks by far is #Pakistan. Limited employment prospects of Indian techies have created a swarm of underground threat actors in #India| The Daily Swig

Morgan Wright, chief security advisor at SentinelOne and former US State Department special advisor, told The Daily Swig: “India’s growing offensive capability is still immature compared to China, North Korea, Russia, Israel, the UK and US. However, there is no shortage of people with advanced technical skills in India.”

With Covid-19 causing significant unemployment in India, it can be “safely assumed a portion of people with these skills will engage in cybercrime”, according to Wright.

“Ironically, tactics learned in committing cybercrime will be of value to the intelligence and military establishment in India as they develop and grow units to engage in cyber warfare and espionage,” he said.

India security

Assaf Dahan, senior director and head of threat research at Cybereason, told The Daily Swig: “The level of sophistication of the activity groups affiliated with India can vary; some groups have shown a high level of sophistication and use of advanced custom-built tools or advanced exploits, while others exhibited significantly less sophisticated capabilities.

“Sometimes a group might exhibit different levels of sophistication on different operations, based on the group’s needs and reasoning,” he added.

Dahan concluded: “Another point to remember: the level of sophistication isn’t always correlated with the success rate of the group’s operation or goals. Sometimes, simple social engineering attacks delivering a known commodity malware can be enough to get the threat actors what they want.”

What examples are there of Indian APT groups?
Recent attacks by Indian hacker groups:

The highly active cyber-espionage entity known as SideWinder has been plaguing governments and enterprises since 2012. A recently released report by AT&T Alien Labs shows most of SideWinder’s activity is heavily focused on South Asia and East Asia, with the group likely supporting Indian political interests.
The allegedly Indian state-sponsored group Dropping Elephant has been known to target the Chinese government via spear-phishing and watering hole attacks.
Viceroy Tiger has been known to use weaponised Microsoft Office documents in spear-phishing campaigns. Security researchers at Lookout recently went public with research on mobile malware attributed to the threat actors and rated as medium sophistication.

The level of direct Indian government involvement in some of these operations is contested.
Cybereason’s Dahan cautioned: “The line between ‘state operated’ or ‘state ordered’ can be rather fine, so it’s not always easy to link certain operations directly to an official government or military institution, especially due to the growing popularity of cyber mercenaries (hackers-for-hire).”

How might India expand its cyber warfare capabilities and defences?
Through an emerging initiative to provide technology education to 400,000 low-income students, India will significantly increase its cyber “bench strength”, according to Mike Hamilton, former CISO for the City of Seattle and co-founder and CISO of cybersecurity firm CI Security.

Hamilton predicted that a “cybercrime population will emerge [in India] and differentiate itself from nationalist motivations”.

Other experts reckon the flow of talent will run the other way and allow Indian to expand its cyber-espionage capabilities from the cohorts of cybercriminals.

Ahmed said...

Dear Sir

Thank you for sharing this great information.Sir I think Pakistani cyber attackers have attacked the sensitive websites of India in the past so much that later Indian authorities have focused on improving their cyber security.

Pls check this latest news, now the Indian cyber security ranked at No.10 in the "GLOBAL CYBER SECURITY" index where as Pakistan is ranked at no.79 in this same index.

Can you pls throw some light on this? How is it that Pakistan is lagging behind India in this index?