Tuesday, April 6, 2010

Cyber Wars Across China, India and Pakistan

Last year at the World Economic Forum, U.S.-based security software firm McAfee's CEO Dave Walt reportedly told some attendees that China, the United States, Russia, Israel and France are among 20 countries locked in a cyberspace arms race and gearing up for possible Internet hostilities. He further said that the traditional defensive stance of government computer infrastructures has shifted in recent years to a more offensive posture aimed at espionage, and deliberate disruption of critical networks in both government and private sectors. Such attacks could disrupt not only command and control for modern weapon systems such as ballistic missiles, but also critical civilian systems including banking, electrical grid, telecommunications, transportation, etc, and bring life to a screeching halt.

Richard Clark, the former US cyber security czar, explained in a Newsweek interview the potential impact of cyber attacks on privately owned and operators infrastructure as follows:

"I think the average American would understand it if they suddenly had no electricity. The U.S. government, [National Security Administration], and military have tried to access the power grid's control systems from the public Internet. They've been able to do it every time they have tried. They have even tried to issue commands to see if they could get generators to explode. That's the famous Aurora experiment in Idaho. Well, it worked. And we know there are other real cases, like the power grid taken out in Brazil as part of a blackmail scheme. So the government knows it can be done, the government admits it can be done, the government intends to do it to other countries. Even the Chinese military has talked publicly about how they would attack the U.S. power grid in a war and cause cascading failures".



As if to confirm Walt's assertions, the Chinese hackers have allegedly stolen Indian national security information, 1,500 e-mails from the Dalai Lama’s office, and other sensitive documents, according to a report released by researchers at the University of Toronto. Media reports also indicated that government, business, and academic computers at the United Nations and the Embassy of Pakistan in the US were also targets. The UofT report also indicated there was no evidence to suggest any involvement by the Chinese government, but it has put Beijing on the defensive. Similar reports earlier this year said security investigators had traced attacks on Google and other American companies to China-based computers.

Chinese hackers apparently succeeded in downloading source code and bugs databases from Google, Adobe and dozens of other high-profile companies using unprecedented tactics that combined encryption, stealth programming and an unknown hole in Internet Explorer, according to new details released by the anti-virus firm McAfee and reported by Wired magazine. These hack attacks were disguised by the use of sophisticated encryption, and targeted at least 34 companies in the technology, financial and defense sectors, exploiting a vulnerability in Adobe’s Reader and Acrobat applications.

While the Chinese cyber attacks on US and India often get wide and deep coverage in the western media, a lower profile, small-scale cyber warfare is also raging in the shadows between India and Pakistan, according to some reports. These reports indicate that around 40-50 Indian sites are being attacked by Pakistani hackers on a daily basis whereas around 10 Pakistani sites are being hit by their Indian counterparts.

According to Pakistani blogger Arsalan Jamshed, cyberwars between the two countries started in May 1998. Soon after India officially announced its first nuclear test, a group of hackers, believed to be Pakistani, called milw0rm broke into the Bhabha Atomic Research Center web site and posted anti-India and anti-nuclear messages. The cyberwars usually have been limited to defacing of each others' sites. Defacement causes only superficial damage, in which only the home page of a site is replaced with hacker's own page, usually with some message for the victim. Such defacements started in May 1998 and continued during Kargil War in 1999 and then during that era when the tension between India and Pakistan was at its peak from Dec 2001 to 2002. Therefore, the period between 1999 to 2002 was very crucial, when the troops were busy across the LOC exchanging fire and the hackers were busy in defacing each others' websites.

In 2003, Indian and Pakistani hackers attacked each others' servers using variants of Yaha-Q email worm to shut down about 20 different applications, including personal firewalls and anti-virus software, according to Tony Magallanez, a system engineer with Finland-based F-Secure Corp.

Last year, there were news reports of Indian cyber attacks on Pakistan's Oil and Gas Regularity Authority. In retaliation, some Pakistani attackers hacked the websites of the Indian Institute of Remote Sensing, the Center for Transportation Research and Management, the Army's Kendriya Vidyalaya of Ratlam and the Oil and Natural Gas Corporation (ONGC). In one particular instance, Pakistani hackers removed the "most wanted" list from the Indian state Andhra Pradesh's CID (criminal investigation department) website and replaced it with messages threatening their Indian cyber rivals.

Unwelcome computer intrusions by Pakistani hackers are not new. The nation has the dubious distinction of being the birth place of the first ever personal computer virus known to mankind. Popularly called the 'Brain virus', it was created in 1986 by two Pakistani brothers, Amjad and Basit Farooq Alvi. This virus, which spread via floppy disks, was known only to infect boot records and not computer hard drives like most viruses today. The virus also known as the Lahore, Pakistani, Pakistani Brain, Brain-A and UIUC would occupy unused space on the floppy disk so that it could not be used and would hide from detection. It would also disguise itself by displaying the uninfected bootsector on the disk.

Responding to the increasing threat perception of cyber attacks, the Indian Navy Chief Admiral Sureesh Mehta has called for leveraging Indian strengths in Information Technology to build cyber warfare capabilities in India.

According to a Times of India report last year, the Indian Army is boosting the cyber-security of its information networks right down to the level of divisions, which are field formations with over 15,000 troops.

In addition to creating cyber-security organization to protect against cyber attacks and data thefts, the Indian Army leaders have also underlined the urgent need for "periodic cyber-security audits" by India's Army Cyber Security Establishment (ACSE).

The Indian Army's actions are a response to reports that both China and Pakistan are bolstering their cyber-warfare or information warfare capabilities at a rapid clip.

While the India-Pakistan cyber conflict is at best the stuff of minor league, the real major league contest is likely to occur between the United States and its major adversaries, particularly China. The Pentagon already employs legions of elite hackers trained in cyberwarfare, according to a Wired Magazine story in November, 2009. But they mostly play defense, and that's what Naval Postgraduate School professor John Arquilla wants to change. He'd like the US military's coders to team up with network specialists abroad to form a global geek squad. Together, they could launch preemptive online strikes to head off real-world battles.

Among other things, the Wired magazine story had a scenario discussed by John Arquilla where an elite geek squad of world hackers could be used to prevent India-Pakistan nuclear war by taking out the command and control systems of both nations.

The increasing cyber attacks on U.S. government's networks and critical infrastructure, and the growing complexity of IT infrastructure, are driving a surge in federal cybersecurity spending; the U.S. federal government's total cumulative cybersecurity spending would be $55 billion between 2010 and 2015, according a report by Homeland Security News Wire. At the same time, countries such as China and Russia recognize the fact that the United States has an unfair advantage over them in cyber warfare simply because most of the operating system and infrastructure software used in the world today has its origins in the United States. These concerns are fueling efforts by most major nations in the world to enhance their cyber security, and they are focusing on development of capacity to retaliate as a deterrence.

As to the potential cyber component of any future wars between India and Pakistan, its dramatic impact could reverberate across the globe as the computers used in South Asia for outsourced work from the United States and Europe come under crippling attacks from hackers on both sides. Here is how Robert X. Cringeley describes it in a June 2009 blog post captioned "Collateral Damage":

"Forget for the moment about data incursions within the DC beltway, what happens when Pakistan takes down the Internet in India? Here we have technologically sophisticated regional rivals who have gone to war periodically for six decades. There will be more wars between these two. And to think that Pakistan or India are incapable or unlikely to take such action against the Internet is simply naive. The next time these two nations fight YOU KNOW there will be a cyber component to that war.

And with what effect on the U.S.? It will go far beyond nuking customer support for nearly every bank and PC company, though that’s sure to happen. A strategic component of any such attack would be to hobble tech services in both economies by destroying source code repositories. And an interesting aspect of destroying such repositories — in Third World countries OR in the U.S. — is that the logical bet is to destroy them all without regard to what they contain, which for the most part negates any effort to obscure those contents."

Related Links:

Haq's Musings

Nature of Future India-Pakistan Warfare

ITU Internet Access Data by Countries

Foreign Origin of India's Agni Missiles

Pakistan's Space Capabilities

Pakistani-American Entrepreneurs in Silicon Valley

Pakistan's Multi-Billion Dollar IT Industry

John Arquilla: Go on the Cyberoffensive

Pakistan Defense Industry Going High Tech

India-Pakistan Military Balance

21st Century High Tech Warfare

43 comments:

Anonymous said...

86% of North Easterners Face Racial Discrimination in National Capital: A Study Reveals
By Madhu Chandra

The racial discrimination and attack on Indians outside the country, no way
should be compromised, yet in own vineyard, same is repeatedly faced by
north easterners and least is worried by the majority of the Indian society.
Chief Minister of Mizoram, Mr. Lalthnhawla’s statement on racial
discrimination, has sparked the nation by revealing what was hidden for so
long and least cared. A study reveals socking reality on same issue.
86% of North East Indian communities face racial discrimination living in
Delhi and NCR for period of two years and more according to a study
conducted by North East Support Centre & Helpline. The study was conducted
by selecting samples of north easterners living in north Delhi, South Delhi
and Gurgaon. The samples 80 students in classification new comers and those
already for two years and more were selected randomly, who hails from
different parts of north east Indian states.
New comers who are less than two years in national capital, tense to say
“No” on racial discrimination faced by the north east communities while 86%
of those who are two years and more, face discrimination for the reason of
their different look, different culture, different language and being
outsiders.
Only 14% says that they did not face racial discrimination but they felt
people calling them chinkies, Nepalis, free culture and strangers, which
they did not consider racial discrimination. Half of those who said that
they did not face racial discrimination are less than two years living in
Delhi. The longer, the one stays in national capital reveals the racial
discrimination faced by the north easterners. The study also reveals the
possibilities that longer the one stays higher the chance to face racial
discrimination.
78.75% of those who face racial discrimination say that they are treated
like chinkies, strangers in own land, free culture and Nepalis. 22.5% face
physical attacks, 3.75% sexual assault, 35% vulgar remarks and 38.75% no
comments.
North East Support Centre & Helpline handled and reported 34 cases since its
birth on 21 October 2007. 41% of total cases was of sexual abuse, 18%
beating by locals, 12% rape cases, 9% killed probably in connection to
sexual assault, 6% landlord harassment, 3% vulgar remarks, 3% eve teasing,
3% police harassment, 3% employer harassment, 3% Media vulgar statement
against north easterners.
On top of the racial discrimination faced from the some of the local
communities, the discrimination is double when the cases are denied, ignored
and delayed by the police official on duty. Out of 34 cases handled and
reported to North East Support Centre & Helpline, only 67.65% cases were
filed FIR(s) and 32.35% did not file the case in police station. Out of 34,
only 17.65% of the cases were taken up by police, out of which only two
cases are taken in the court for legal judgement.
The racial discrimination on Indians outside the country is the concern,
less we forget to do the home work on the issue faced by own citizen of the
country, which is less cared just because they look different from rest of
the majority population.
(The study was conducted by Madhu Chandra – Spokes Person of North East
Support Centre & Helpline with the helps of his colleagues as part of his
Ph. D. on social and concern under South Asia Institute of Advance Christian
Studies (SAIACS), Bangalore. © Copyrights is reserved by North East Support
Centre & Helpline)

Riaz Haq said...

In addition to the kind of conventional warfare fought in 1965 and 1971, any future India-Pakistan war is likely to have two new components of cyber war and missiles war.

Cyber War:

The potential cyber component will have a dramatic impact which could reverberate across the globe as the computers used in South Asia for outsourced work from the United States and Europe come under crippling attacks from hackers on both sides. Here is how Robert X. Cringeley describes it in a June 2009 blog post captioned "Collateral Damage":

"Forget for the moment about data incursions within the DC beltway, what happens when Pakistan takes down the Internet in India? Here we have technologically sophisticated regional rivals who have gone to war periodically for six decades. There will be more wars between these two. And to think that Pakistan or India are incapable or unlikely to take such action against the Internet is simply naive. The next time these two nations fight YOU KNOW there will be a cyber component to that war.

And with what effect on the U.S.? It will go far beyond nuking customer support for nearly every bank and PC company, though that’s sure to happen. A strategic component of any such attack would be to hobble tech services in both economies by destroying source code repositories. And an interesting aspect of destroying such repositories — in Third World countries OR in the U.S. — is that the logical bet is to destroy them all without regard to what they contain, which for the most part negates any effort to obscure those contents."


Missile War:

In a Dec 2008-Jan 2009 series of articles for UPI Asia, Hari Sud, an NRI Indian from Toronto, Canada, laid out very optimistic, wishful scenario of how an Indian attack on Pakistan would play out. Sud's scenarios include Israel's direct attack on Pakistani nukes, US help for both India and Israel, and much heavier losses inflicted on Pakistan than on India, resulting in near-total destruction of Pakistan's nukes, and major cities of Islamabad and Karachi, while Delhi and Mumbai escape unscathed.

Sud has scripted the war as any chauvinistic Indian would wish it to be, and it can be summed up as follows: Israelis are perfect, Indians are a close second, and Pakistanis can't even shoot straight.

In the end, Sud's carefully crafted script fulfills his fantasy of bringing Pakistan to its knees, begging for peace!

Needless to say, Sud's wishful thinking was set aside in New Delhi, saner minds prevailed in India, and India decided to back off and pursue diplomacy instead. But Sud's writings give a pretty good insight into the aggressive Indians' minds, and point to the probability of a serious miscalculation by Delhi.

Here are the links to Hari Sud's dreamy forecasts:

1. India ready to avenge Mumbai carnage

2. Israel Joins India

3. Losses and Gains

4. The Missile War

5. Pakistan Seeks Peace

Anonymous said...

Riaz

Every country has its extreme element in thinking and in action. You can refer pakalert.wordpress.com. I think he has more creative ideas than hari. He has scenarios where pak is the friend and enemy of usa. One best think of that guys is that he does not dabble around isreal too much

Anonymous said...

and lets not even think of theatre personality turned strategic analyst Zaid Hamid who seems to be a lot lot more popular in Pakistan than this Sud fellow (never heard of him) is in India.

That plus the fact that the smart musharaf/talat masood type have all but retired and the bulk of the pak officers core is urdu medium type recruited en masse during zia's islamization drive.

Riaz Haq said...

Here's a recent news report on Asian nukes from Times of India:

Pakistan is estimated to have more nuclear warheads than India and the two Asian neighbours along with China are increasing their arsenals and deploying weapons at more sites, two eminent American atomic experts have claimed.

While Pakistan is estimated to possess 70-90 nuclear weapons, India is believed to have 60-80, claims Robert S Norris and Hans M Kristensen in their latest article 'Nuclear Notebook: Worldwide deployments of nuclear weapons, 2009'.

The article published in the latest issue of 'Bulletin of the Atomic Science' claimed that Beijing, Islamabad and New Delhi are quantitatively and qualitatively increasing their arsenals and deploying weapons at more sites, yet the locations are difficult to pinpoint.

For example, no reliable public information exists on where Pakistan or India produces its nuclear weapons, it said.

"Whereas many of the Chinese bases are known, this is not the case in Pakistan and India, where we have found no credible information that identifies permanent nuclear weapons storage locations," they said.

"Pakistan's nuclear weapons are not believed to be fully operational under normal circumstances, India is thought to store its nuclear warheads and bombs in central storage locations rather than on bases with operational forces. But, since all three countries are expanding their arsenals, new bases and storage sites probably are under construction," the two nuclear experts said.

Anonymous said...

umm Pakistan's Shaheen and China's M-9 are undistinguishable except the paint scheme.
Ditto Ghauri and North Korean Nodong.

Agni 1,2,3 on the other hand don't have any look alikes which means they are in all probability indigenous products.

Another thing if Pakistan's missile tech is indigenous why hasn't it been leveraged to create a viable space launch program?
The costs are marginal once you have the capability of developing liquid fuelled ballistic missiles and they have obvious strategic and economic advantages?
Yet Pakistan is yet to launch a SLV comparable to India's 1980 SLV let alone the more advanced PSLV and now GSLV.

Now why is that ?

Riaz Haq said...

Anon: "Agni 1,2,3 on the other hand don't have any look alikes which means they are in all probability indigenous products."

The Industrial revolution didn't exactly start in India or Asia, nor did nuclear and missile technology. It came from Europe. And the Asians learned from Europe. Many foreigners, including Indians and Pakistanis and Chinese, who are educated and live and work in the United States and Europe acquire new knowledge here, and some of them return home to share it with their fellow countrymen.

Here's an excerpt about origins of Agni from a report by Gary Milhollin in the Bulletin of the Atomic Scientists
November 1989, pp. 31-35:

Agni's foreign ancestry dates from the 1960s. In November 1963, the United States began India's space program by launching a U.S. sounding rocket from Indian soil. (Sounding rockets fly straight up into the atmosphere to conduct scientific experiments. They are too small to launch satellites.) The United States was followed by others. Between 1963 and 1975, more than 350 U.S., French, Soviet, and British sounding rockets were launched from India's Thumba Range,[1] which the United States helped design. Thumba's first group of Indian engineers had learned rocket launching and range operation in the United States.

Among them was the Agni's chief designer, A. J. P. Abdul Kalam. In 1963-64, he spent four months in training in the United States. He visited NASA's Langley Research Center in Virginia, where the U.S. Scout rocket was conceived, and the Wallops Island Flight Center on the Virginia coast, where the Scout was being flown. The Scout was a low-cost, reliable satellite launcher that NASA had developed for orbiting small payloads.

Soon afterward, in 1965, the Indian government asked NASA how much it would cost and how long it would take to develop an Indian version of the Scout, and whether the United States would help. NASA replied that the Scout was "available . . . for purchase . . . in connection with scientific research," but warned that "transfer of this technology . . . would be a matter for determination by the Department of State under Munitions Control."[2] NASA nevertheless sent India technical reports on the Scout's design, which was unclassified. India's request should have raised some eyebrows: it came from Homi Bhabha, head of the Indian Atomic Energy Commission.

But Kalam had the information he needed. He returned to India and built the SLV-3 (Space Launch Vehicle), India's first satellite launcher. Its design is virtually identical to the Scout's. Both rockets are 23 meters long, use four similar solid-fuel stages and "open loop" guidance, and lift a 40-kilogram payload into low earth orbit. The SLV's 30-foot first stage would later become the first stage of the Agni.

Anonymous said...

Thanks for the info,hats off to Dr. kalam and the like.

But the thing is our missiles while originally based on foreign tech are now designed and built in India.

Pakistan's shaheen,Ghauri,hatf 3 are at best licence productions of Chinese M-11,9 and n korean Nodong missiles they look exactly the same and have identical performance parameters.

Its kind of like us calling Su-30 Mki an Indian aircraft because its license built in India.

agni 1,2,3 on the other hand are Indian designed missiles someone in ASL wrote the specs and designed it, sure some components may be designed with foreign help like the Ring laser gyroscope etc but the conceptualization,flight testing and finally serial production is done by Indians this is the kind of institutional knowledge that can be reused for other things like the space program which isn't the case when you license produce something.


I hope I've clarified myself.

Btw have you seen our new Light combat helicopter?

http://www.ndtv.com/news/india/indias-indigenous-light-combat-helicopter-takes-1st-flight-18762.php

Riaz Haq said...

anon: "But Kalam had the information he needed. He returned to India and built the SLV-3 (Space Launch Vehicle), India's first satellite launcher. Its design is virtually identical to the Scout's."

So you think if Indians copy and make duplicates then it is still "indigenous"? But not so when Pakistanis do the same?

I think yours is a racist claim that deserves no further response.

Anonymous said...

"So you think if Indians copy and make duplicates then it is still "indigenous"? But not so when Pakistanis do the same?"

Our MISSILES are no longer licence copies of others.Even US/USSR started off by by 'copying and making duplicates' of Germany's V-2but the thing is we are currently at a stage when we can set our own parameters of our missiles parameters and design a system accordingly.
Pakistan on the other had is STILL at the 'copying and making duplicates' stage of technology at stage which we left in the late 1980s.
Hatf 3_>Chinese M 11
Shaheen?Chinese M 9
Ghauri>N Korean Nodong

Another thing Pakistani missiles never fail even in their pre production tests now given the FACT that everyone's newly designed missiles extensively blow up at the pre production stage US,Russia,China,France included
one can only conclude that Pakistan doesn't even significantly modify the missile designs it gets from China/N Korea.

By the way what exactly is racist in my posts ?

Riaz Haq said...

anon: "Pakistan on the other had is STILL at the 'copying and making duplicates' stage of technology at stage which we left in the late 1980s."

The best explanation for similarity between Ghauri and No Dong can be found in the fact that it's a consortium development effort, as explained by ArmsControlWonk website:

Also, following from Geoff Forden’s idea of consortium development, early tests of the Nodong in Pakistan and Iran could also be considered part of the part of the development effort. (Iran’s first Nodong flight-test, in 1998, reportedly blew up about 100 seconds after launch.)

Actually, the consortium idea is not so new. In describing its research methodology, the Rumsfeld Commission alluded to it in its 1998 report:

We examined the ways in which the programs of emerging ballistic missile powers compared with one another. For example, we traced the development histories of the related programs of North Korea, Iran, Iraq and Pakistan and the relationships among them. This comparison helped in identifying the similarities between programs, the extent to which each had aided one another in overcoming critical development hurdles and, importantly, the pace at which a determined country can progress in its program development.


anon: "By the way what exactly is racist in my posts ?"

The racism charge is based on Indian arrogance that they are smart enough to develop technology on their own and Pakistanis are not. You should read page 410 of George Perkovich's "India's Nuclear Bomb" to understand what I mean by it.
Perkovich refers to "general Indian contempt for Pakistan's technical capabilities" and shock at the the nuclear and missile tests.

Anonymous said...

Well I for one don't believe that Pakistanis are not capable etc however technological competence of nation states today is a direct function of money poured into higher education and basic science and technology.

US is more technologically advanced than Russia not because Russians are stupid but because they invest something like 15 times more money in basic sciences and thus have a deeper interdisciplinary talent pool.

Similarly India invests something like 10 times what Pakistan does in basic science and technology so it is pretty obvious to everyone other than die hard Pakistani nationalists that it has a more sophisticated techno-industrial base than Pakistan.

By any measure be it the number of top 500 universities,number of patents filed,technological content of exports etc India is significantly ahead of Pakistan and given the fact that its economy is growing at ~8% per annum the money invested will continue to rise and the gap will coninue to widen in India's favour.

Riaz Haq said...

anon: "it has a more sophisticated techno-industrial base than Pakistan"

I agree that India is ahead of Pakistan in education, particularly in science and technology education. Clearly, Pakistan needs to do a lot more to boost its education sector.

But I think the difference is highly exaggerated to portray India as "technology power house" and Pakistan as a backwater. Both characterization are conjured up by self-serving analysts to fit their conclusions. Such analysts have fed what Perkovich described as "general Indian contempt for Pakistan's technical capabilities"
and caused serious miscalculations by Indian security establishment about Pakistan's capabilities.

Here are some data points to consider:

1. In the top 400 universities ranked by Times Higher Ed Supplement, there are six Indian universities and one Pakistani university, hardly earth shaking difference given that India has 7 times the population of Pakistan.

2. In terms of anecdotal evidence, I see both Indians and Pakistanis working in high tech fields doing essentially similar jobs in Silicon Valley, though the number of Indians is larger in proportion to their population.

3. There are dozens of Pakistani scientists working in high-profile research at CERN on LHC, and as far as Antarctica at Jinnah research station.

4. The number of research papers and citations of their work have dramatically increased a reported by Sciencewatch.

5. Pakistan has a small but vibrant IT industry worth about $2.8 billion, half of it in exports.

Some India watchers such as Fareed Zakaria, an Indian-American who often acts as a cheerleader for India in the US, have expressed doubts about the quality of education at the Indian Institutes of Technology. In his book "The Post-American World", Zakaria argues that "many of the IITs are decidedly second-rate, with mediocre equipment, indifferent teachers, and unimaginative classwork." Zakaria says the key strength of the IIT graduates is the fact that they must pass "one of the world's most ruthlessly competitive entrance exams. Three hundred thousand people take it, five thousand are admitted--an acceptance rate of 1.7% (compared with 9 to 10 percent for Harvard, Yale, and Princeton)."

As a student of Karachi's NED University of Engineering and Technology in 1970s, I had similar assessment of my alma mater (and other UETs) in Pakistan as Zakaria's characterization of the IITs in India. NED Engineering College in 1970s was "decidedly second-rate, with mediocre equipment, indifferent teachers, and unimaginative classwork". However, given the fairly strict merit-based admission process, I found myself mostly surrounded by some of the best, most competitive students who had graduated with flying colors from Karachi's intermediate colleges and ranked very high on the Board of Education examination to make it into NED College. It was indeed the creme de la creme of Karachi's youth who have later proved themselves by many accomplishments in various industries, including some of the leading-edge high-tech companies in America. Even in the 1970s, there were a small number of students admitted on non-merit-based special quotas. NED University today, however, appears to have significantly expanded such special, non-merit-based, quotas for entrance into the institution, an action that has probably affected its elite status, its rankings and the perceived quality of its graduates, while other, newer institutions of higher learning have surpassed it. Some of the special categories now include sons and daughters of employees, children of faculty and professional engineers and architects, special nominees from various ministries and an expanded quota for candidates from rural areas and the military.

Anonymous said...

IIT is no great sheiks compared to the US ,tech facilities wise it is soundly beaten by Boston University to say noting of Ivy leagues but it is one of the best in the emerging world

However this acceptance rate business needs to be qualified.
Basically anyone who sits for JEE is said to be a contender for an IIT now the exam fee is INR 1500 so lacs sit but only about 5000-10000 people are serious ditto for IIM and CAT entrance exams.


In Harvard/MIT etc you have to first take a nation wide SAT/GRE/GMAT exams only if your scores are 95 percentile + would you consider spending considerable time and money applying.In India presently there is no such filter so don't get taken in by that OMG 100,000 people sit and only 2000 make it hype!

Now coming to the rest of the stuff:

1.Investments is basic R&D take years if not decades to fructify.

IISc was set up in the 30s by the great JRD Tata it took atleast 50 years for it to show results.
India(and China)have a much bigger pipeline of R&D investments than other emering markets.

2.The number of patents filed is one thing their impact factor by the number of times it has been cited by others and its industrial applications is more important.Japan files more patents than the US but the average quality of US patents is much higher.

3.Pakistan's IT industry exports are ~1.5 billion this is 1/3 of a major Indian IT company like TCS,Infosys,Wipro.
Also the quality/Value addition of Indian IT exposts seem to be increasing Bank of China runs on TCS Core Banking System.It beat switzerland's Temenos and UK's Misys to the contract.There are other similar examples.

4.The best indicator of a nations industrial capability is the quality of its companies India has a handful of world class companies like Larsen and Toubro,TATA, Infosys, Bharat Forge,Suzlon, Biocon, etc
I would be very glad to learn about comparable Pakistani companies.

Riaz Haq said...

India's claim of "indigenous" technology are false.

There is plenty of data from Wisconsin Project that shows how India has copied its missiles and nuclear reactors from western nations, particularly US and Canada.

For example, Abul Kalam directly copied Agni from the US Scout missile. Both look identical.

The first Indian reactor was a copy of Cirus and other Canadian reactors supplied to India.

India also got a lot of help from other nations, notably US, Canada, Germany and France in it quest for nuclear and missile technology.

Anonymous said...

A few points:

1. Every single country's cryogenic engine blew up the first time around including US,Russia,ESA,Japan,China...

2.As discussed before everyone starts off copying others US/USSR copied Nazi Germany's V-2 tech,they both copied Nazi Germany's gas centrifuge technology,the this is in this current era.

So therefore claims of idigenous tech aren't false as you claim them to be..

Btw Scout was copied into the SLV in 1980 which was a space launch vehicle.The Agni TD (Tech Demonstrator) circa 1989 used the first stage of SLV along with a indeginously designed second stage.

HOWEVER ,and please pay attention,the current Agni 1,2,3 deployed by the Indian military are clean sheet indigenous designs which look nothing like any other country's missiles.

Riaz Haq said...

Anon: "the current Agni 1,2,3 deployed by the Indian military are clean sheet indigenous designs which look nothing like any other country's missiles."

India's cryogenic stage in recent launch was a copy of the Russian designs India bough earlier. That's why the ISRO seemed so confident prior to the launch. But, apparently, it was a botched effort.

According to Gary Milhollin of Wisconsin Project, the first stage of the Scout became the first stage of India's first large ballistic missile, the Agni-I. The Agni-I's second stage was liquid-fueled, and was based on a surface-to-air missile called the SA-2 that India bought from Russia.
France also helped India master liquid-fuel technology by selling India the technology used to build the "Viking" engine used on the Ariane space launcher. India calls its version the "Vikas." The Agni also needed a guidance system. The German Space Agency obliged with a long tutorial in rocket guidance, which allowed India to develop a guidance system and learn how to produce its components (gyroscopes, accelerometers and so forth). The German Space Agency also tested a model of the first stage of the SLV-3 in one of its wind tunnels in Cologne and helped India build its own rocket test facilities. Germany also trained Indians in how to make composite materials.

Anonymous said...

ok maybe my English isn't clear enough:
All competent 3rd world countries China.India,Brazil etc progress in tech like this:
1.Copy western tech
2.Modify it extensively
3.Make your own clean sheet design.

In the case of ballistic missiles we are currently at stage 3.

The Agni TD which confusingly was called Agni 1 by the MTCR brigade was stage 2(1989
).Agni TD has been retired.

SLV a straight copy of Scout was stage 1.1980

In heavy rocket tech we are currently in stage 2.Getting the blueprints is one thing painstakingly getting the tech base to the level where it can fabricate complex titanium alloys without much handholding is a feat.

Stage 3 of rocket tech will be GSLV mk3(2011-2012) this has a completely new Cryo engine as well as other stages.

In nuke reactor tech we are at stage 3 to the extent that post nuke deal AECL,Canada came looking for collaboration on newer reactor designs but we have progressed in PHWR tech enough to politely refuse them.

PWR tech though is different plus you can resuse the PWR tech for nuke subs so we went to Russia for a package deal nuke sub help(my understanding is they have agreed to give us Akula 2 designs :) :) ) plus VVER AES 92 reactor tech in exchange for an order of 16 nuclear reactors.Putin was in town last month.
Based on this we'll negotiate with the French/Americans..basically 'give us something more or we'll get it from the Russians anyway...'
Its called diplomacy.

Basically 10 more years and we'll be able to design build our own nuclear submarines and advanced PWR reactors.

Point being S&T capability takes decades to build and I don't see any serious strategy being implemented in Pakistan.Is there?

Riaz Haq said...

Here's a Newsweek piece in which Richard Clark, former US cyber czar, is fretting about American being unprepared for cyber warfare:

The United States economy depends on the Internet more than any other developed country in the world. On most days that's a good thing. But according to Cyber War a new book by Richard A. Clarke, the very connectivity that gives the U.S. an edge in most markets is likely its greatest vulnerability. While this nation and others have suffered attacks against some of their largest government and private infrastructures (DOD and Google’s password system), most Americans probably don't spend much time worrying about attacks on our technology systems. NEWSWEEK's Jessica Ramirez spoke with Clarke about the possibility of such an event and why we are not prepared for it. Excerpts:

NEWSWEEK: Do you think cyberwar is imminent?
Richard Clarke: The question isn't what are the chances of a cyberwar. The question is what are the chances of a war. The next time there's a war between sophisticated countries, cyber will be part of it. Unless we do something about the defensive side of that equation before it happens, we are going to hurt a lot the day after the attack.

So this country isn't prepared?
No.

There is a broad sense that the U.S. government is late to the cyberwarfare game. Is that really true?
I think on the offensive side, the U.S. government invented it. They are probably the best in the world. But on the defensive side, there has always been this ideological issue about who should defend things that are not owned by the government like the power grids, railroads, airlines, and the banks. There's a subsection in the book that's called, "No, I thought you were doing it." That's kind of the problem. The government thinks the private sector is going to defend all of that, and the private sector's attitude is, "We can do that against run-of-the-mill threats, but please don't expect us to be able to handle a nation-state attack. That's why we pay taxes. So the U.S. government will do it."

Is this what was missing from President George W. Bush's Comprehensive National Cyber Security Initiative, which is in place now?
Yes. It has all these great programs to defend the Pentagon and defend .gov and .mil. But there's nothing about defending our banks or power grids. There's nothing about defending the critical infrastructure that would logically be attacked.

If the government has created a plan to protect key government sectors, then they understand a problem exists. So why not do the same for the private sector?
There are a couple of reasons. There hasn't been a singular big event. There are little events every day where intellectual property is being lost, but there's no one big driver. There's also the issue of the role of the federal government in regulating something like the Internet. It's not what most people want.

I don't know if the average American understands why it's so important to protect private infrastructure like our power grids. Can you explain?
I think the average American would understand it if they suddenly had no electricity. The U.S. government, [National Security Administration], and military have tried to access the power grid's control systems from the public Internet. They've been able to do it every time they have tried. They have even tried to issue commands to see if they could get generators to explode. That's the famous Aurora experiment in Idaho. Well, it worked. And we know there are other real cases, like the power grid taken out in Brazil as part of a blackmail scheme. So the government knows it can be done, the government admits it can be done, the government intends to do it to other countries. Even the Chinese military has talked publicly about how they would attack the U.S. power grid in a war and cause cascading failures.

Riaz Haq said...

anon: "China.India,Brazil etc progress in tech like this:
1.Copy western tech
2.Modify it extensively
3.Make your own clean sheet design."

Having lived through the Intel-AMD court battle about the definition of "clean room design", I do not agree that the steps you laid out would lead to what you call "clean sheet design". Any such design in the third step would be heavily contaminated because of the knowledge and learning of the design team gained in the first two steps.

"clean sheet design" should mean zero contamination.

Anonymous said...

umm all technology to more or less degree build on previous tech.

In that case there are very few russian or american clean sheet designs because most advances in aerodynamics area ruling,swept wing,FSW,flying wing etc etc can be traced to Nazi Germany.

Similarly in missiles most balistic missiles and space launch vehicles are descendants of the German V-2.

By your definition we won't have a clean sheet design in ballistic missiles after the V-2 because the laws of physics don't change..

Riaz Haq said...

anon: "By your definition we won't have a clean sheet design in ballistic missiles after the V-2 because the laws of physics don't change.."

The basic law of Physics is just Newton's third law that guides all rocket designs. But that's not what I am talking about.

To give you an example, AMD did finally develop a "clean room" version of Intel X86 processors on its own which was accepted by courts. The reason the courts found it acceptable is because AMD assembled a new team that did the design and had no exposure to the original Intel X86 microcode, RTL, logic design, schematics, etc.

In Kalam's and his successor's cases, however, they have actually had direct access to the original US and German detailed designs and blueprints as disclosed and documented by Wisconsin Project.

Riaz Haq said...

On page 24 of the Non Proliferation Review Fall 1997, author Wyn Bowen writes as follows abut the Indian acquisition of Russian cryogenic engines as follows:

"The (George H.W. Bush)administration's most notable achievement was gaining the Soviet Union's adherence to MTCR in June 1990. Five months later, however,
the Russian Space Agency signed an
agreement to supply cryogenic
rocket engines and the associated
production technology to the Indian
Space Research Organisation
(ISRO). Although Moscow publicly
viewed the deal as consistent with
its pledge to adhere to the MTCR,
the administration perceived it as a
clear violation. This difference of
opinion resulted in the deterioration
of the administration’s missile nonproliferation
dialogue with Moscow.
56
Although Russia pledged its adherence
to the MTCR following the dissolution
of the Soviet Union,
Glavkosmos and Russia’s KB Salyut
design bureau continued with the deal
to supply the Salyut-designed cryogenic
technology to the Indian SLV
program. As a result, the U.S. administration
imposed sanctions on
the Russian and Indian entities and
subsequently linked Russia’s entry
into the satellite launch market, and
its participation in the international
space station, to the termination of
the ISRO deal.57 However, this approach
did not produce any concrete
results during the final months of the
Bush presidency, primarily because
of the strength of Russia’s military industrial
complex, which did not
want to jeopardize its freedom to
export space launch technology and
tactical missiles.58


Finally, it has emerged that
Russia continued transferring rocket
engine technology to India in 1993
after its agreements with the United
States to refrain from doing so. This
reportedly resulted in the completion
of 60 to 80 percent of the transfers
to India."

Riaz Haq said...

Here's an interesting excerpt from a piece about the use of technology in Pakistan written for CNET by a visiting Pakistani tech journalist Zamir Haider at Stanford University:

According to the Ministry of Finance's Economic Survey of Pakistan for fiscal 2005-2006, computer use in urban households is high. In comparison with the literacy rate--53 percent--at least 40 percent of Pakistanis are computer literate or have access to computers.

Mostly, these are Pentium II or Pentium III PCs, since laptops are expensive. PCs are now widely available at good prices, thanks to Chinese computers flooding the markets. Most of these machines are not big brands, but they do say "Intel Inside." As for laptops, they come from various brands like Dell, Toshiba, Compaq, Sony and Apple. Wireless Internet connections, on the other hand, are still rare.

Dialing up through the phone lines
In Pakistan, 99 percent of Internet connections are still over phone lines. Wi-Fi is generally seen only at five-star hotels and now at a few restaurants. People at home usually use Internet cards of various denominations starting from 10 rupees per hour (16 cents) to 100 rupees per 10 hours ($1.60). Connection speeds through Internet cards are generally poor.

Getting permanent Internet connections from an Internet service provider is expensive, but most businesses do get connections from these companies.

Mobile phones are the most common form of personal technology seen in Pakistan. Connecting to the Internet through mobile phones is getting popular now, but it probably will still take another a year or more to be as popular as it is here in California.

People here are excited about the coming of the Apple iPhone. That's what I hear people talking about when I go to any of the mobile phone outlets in San Francisco.

In Pakistan, people aren't that much different when it comes to mobile phones. They're fond of buying expensive cell phones not for technology purposes alone, but also largely to show off.

Riaz Haq said...

It appears that Stuxnet worm was designed, developed and released by western and-or Israeli intelligence agencies to sabotage industrial systems at Iranian nuclear facilities. Here's a CNET report:

Iran's official news agency said today that a sophisticated computer worm purportedly designed to disrupt power grids and other such industrial facilities had infected computers at the country's first nuclear-power plant but had not caused any serious damage.

The Stuxnet worm, which some see as heralding a new era of cyberwarfare, appeared in July and was already known to be widespread in Iran. In fact, its high concentration there, along with a delay in the opening of the Bushehr plant, led one security researcher to hypothesize that Stuxnet was created to sabotage Iran's nuclear industry.

In addition to emphasizing the threat posed by the worm, which could be used to remotely seize control of industrial systems, today's news could well add to speculation about Stuxnet, the sophistication of which has caused some to suspect that a nation state, such as Israel or the U.S., might be behind its creation.

The worm exploits three holes in Windows, one of which has been patched, and targets computers running Siemens software used in industrial control systems.

Mahmoud Jafari, the project manager at the Bushehr plant, said the worm "has not caused any damage to major systems of the plant" and that a team was working to remove it from several computers, according to Iran's IRNA news agency, which was cited in a report by the Associated Press.

Jafari said the infection involved the personal computers of several staff members working at Bushehr and would not affect plans to open the nuclear plant in October, the AP reported.



Read more: http://news.cnet.com/8301-1009_3-20017651-83.html#ixzz11GhExJ8o

Riaz Haq said...

I am sure many Indians looking for Obama to bash Pakistan (as that British novice PM Cameron did) would be sorely disappointed by the following statements Obama made to Indian students at St. Xavier's College in Mumbai:

"We want nothing more than a stable, prosperous and peaceful Pakistan".

"It may be surprising to some of you to hear me say this, but I am absolutely convinced that the country that has the biggest stake in Pakistan's success is India."

Here's more from the Washington Post today:

Obama commemorated the Nov. 26, 2008, massacre (in Mumbai) on his arrival Saturday when he laid a white rose at a memorial to the victims and spoke at the Taj Mahal Palace Hotel and Tower, a main target of the attack. But he infuriated many Indians by not mentioning Pakistan in his tribute, reinforcing the impression here that Obama cares less about India's grievances than he does about defending a key partner in the Afghanistan war.

The issue will probably come up again Monday, Obama's final day in India, when he appears with Prime Minister Manmohan Singh before the U.S. and Indian media and later addresses the Indian Parliament. Obama could well face questions over his position on Kashmir, a religiously mixed region in the subcontinent's northwest that both India and Pakistan claim.

How he portrays the U.S. interest in Pakistan, whose weak government is defending itself against its own Taliban insurgency, will probably determine whether his visit here succeeds in convincing Indians that he is serious when he says, as he did Sunday, that "the U.S.-India relationship will be indispensable in shaping the 21st century."

Riaz Haq said...

Wikileaks website under attack, according to a report:

The WikiLeaks website claims it is the target of another powerful cyber attack. Officials with the website made the claim Tuesday in a Twitter message.

This is the second time in three days that the WikiLeaks site has come under attack. Hackers also attacked the site Sunday, before WikiLeaks released more than a quarter-million sensitive U.S. diplomatic cables.

In both attacks, hackers flooded the website with requests for information in order to essentially make the site inaccessible to other users.

Also Tuesday, Forbes magazine reported WikiLeaks plans to release documents from a major U.S. financial firm early next year.

WikiLeaks founder Julian Assange told the magazine the tens of thousands of documents will expose what he called "the ecosystem of corruption."

Assange is an Australian citizen and former computer hacker.

The United States has condemned the release of the documents, which reveal details of candid U.S. diplomatic assessments of world leaders and events. They also quote top-level discussions with officials around the world.

Riaz Haq said...

Here's Wikileaks cable reported by Haaretz that hints at US-Israeli link to Stuxnet worm used against Iranian centrifuges last year:

A leading expert on Iran advised the United States to use "covert sabotage" rather than military action to destroy the Islamic Republic's nuclear facilities, according to a U.S. embassy cable released by WikiLeaks.

Citing a January 2010 cable dispatched by U.S. Ambassador Philip Murphy, The Guardian reported Wednesday that Germany's state-funded Institute for Security and International Affairs had told U.S. officials that a policy of sabotage would be "more effective" than a military strike in stopping Iran from developing a nuclear bomb.

Volker Perthes, director of the think tank, was referring to actions such as "unexplained explosions, accidents, computer hacking. etc" that would be more "effective than a military strike, whose effects in the region could be devastating", according to the cable.

Earlier cables disclosed by The Guardian show that U.S. officials - including former Secretary of State Condoleezza Rice - had "distinctly deferred" to Perthes for guidance on Iran-related matters.

In an interview with The Guardian, Perthes confirmed the details of the cable, saying that indeed "'unexplained accidents' or 'computer failures' etc are certainly better than military strikes," adding that "a military escalation with Iran – must be avoided."

"Compared to military action, such acts have the advantage that the leadership of a country that is affected wouldn't need to respond – everybody can agree that there was a technical failure, no one needs to shoot or bomb," he told The Guardian. "And at the same time, everybody has understood the message – about what developments are unacceptable to the other side."

The WikiLeaks cable emerged just days after The New York Times reported that Israel had tested a computer worm believed to have sabotaged Iran's nuclear centrifuges last year and slowed its ability to develop an atomic weapon.

In what the Times described as a joint Israeli-U.S. effort to undermine Iran's nuclear ambitions, it said the tests of the destructive Stuxnet worm had occurred over the past two years at the heavily guarded Dimona complex in the Negev desert.

The newspaper cited unidentified intelligence and military experts familiar with Dimona who said Israel had spun centrifuges virtually identical to those at Iran's Natanz facility, where Iranian scientists are struggling to enrich uranium.
"To check out the worm, you have to know the machines," an American expert on nuclear intelligence told the newspaper". The reason the worm has been effective is that the Israelis tried it out."

Western leaders suspect Iran's nuclear program is a cover to build atomic weapons, but Tehran says it is aimed only at producing electricity.

Iran's centrifuges have been plagued by breakdowns since a rapid expansion of enrichment in 2007 and 2008, and security experts have speculated its nuclear program may have been targeted in a state-backed attack using Stuxnet

Riaz Haq said...

Here's a NY Times story raising the usual alarm about Pakistan's nuclear weapons:

-----------
But the most recent estimates, according to officials and outsiders familiar with the American assessments, suggest that the number of deployed weapons now ranges from the mid-90s to more than 110. When Mr. Obama came to office, his aides were told that the arsenal “was in the mid-to-high 70s,” according to one official who had been briefed at the time, though estimates ranged from 60 to 90.
--------

White House officials share the assessment that the increase in actual weapons has been what one termed “slow and steady.”

But the bigger worry is the production of nuclear materials. Based on the latest estimates of the International Panel on Fissile Materials, an outside group that estimates worldwide nuclear production, experts say Pakistan has now produced enough material for 40 to 100 additional weapons, including a new class of plutonium bombs. If those estimates are correct — and some government officials regard them as high — it would put Pakistan on a par with long-established nuclear powers.

“If not now, Pakistan will soon have the fifth largest nuclear arsenal in the world, surpassing the United Kingdom,” said Bruce Riedel, a former C.I.A. officer and the author of “Deadly Embrace: Pakistan, America, and the Future of Global Jihad.”

“And judging by the new nuclear reactors that are coming online and the pace of production, Pakistan is on a course to be the fourth largest nuclear weapons state in the world, ahead of France,” he said. The United States, Russia and China are the three largest nuclear weapons states.
--------
----------
“People are getting unduly concerned about the size of our stockpile,” said the officer, who was not authorized to speak publicly. “What we have is a credible, minimum nuclear deterrent. It’s a bare minimum.”

Riaz Haq said...

Here's a Reuters' story on OECD raising alarm about cyber attacks:

Attacks on computer systems now have the potential to cause global catastrophe, but only in combination with another disaster, the Organisation for Economic Cooperation and Development (OECD) said in a report on Monday.

The study, part of a wider OECD project examining possible "Future Global Shocks" such as a failure of the world's financial system or a large-scale pandemic, said there were very few single "cyber events" that could cause a global shock.

Examples were a successful attack on one of the technical protocols on which the Internet depends, or a large solar flare that wiped out key communications components such as satellites.

But it said a combination of events such as coordinated cyber attacks, or a cyber incident occurring during another form of disaster, should be a serious concern for policy makers.

"In that eventuality, 'perfect storm' conditions could exist," said the report, written by Professor Peter Sommer of the London School of Economics and Dr Ian Brown of Britain's Oxford University.

Governments are increasingly emphasising the importance of cyber security.

The United States is preparing for cyber conflict and has launched its own military cyber command. Britain last October rated cyber attacks as one of the top external threats, promising to spend an extra 650 million pounds ($1 billion) on the issue.

Meanwhile, emerging nations such as China and Russia are believed to see it as an arena in which they can challenge the United States' conventional military dominance.

The Stuxnet computer worm -- which targets industrial systems and was widely believed to be a state attack on Iran's nuclear programme -- is seen as a sign of the increasing militarisation of cyberspace.

The New York Times reported on Saturday that the worm was a joint U.S.-Israeli effort and had been tested at Israel's Dimona nuclear plant.

The OECD study concluded that cyber attacks would be ubiquitous in future wars, and that cyber weaponry would be "increasingly deployed and with increasing effect by ideological activists of all persuasions and interests".

"There are significant and growing risks of localised misery and loss as a result of compromise of computer and telecommunications services," the report said.

But it concluded that a true "cyberwar", fought almost entirely through computer systems, was unlikely as many critical systems were well protected and the effects of attacks were difficult to predict, and so could backfire on the assailants.

Brown said adopting a largely military approach to cyber security was a mistake, as most targets in the critical national infrastructure, such as communications, energy, finance and transport, were in the private sector.

Riaz Haq said...

A computer virus has infected the cockpits of America’s Predator and Reaper drones, logging pilots’ every keystroke as they remotely fly missions over Afghanistan and other warzones, according to Wired magazine:

The virus, first detected nearly two weeks ago by the military’s Host-Based Security System, has not prevented pilots at Creech Air Force Base in Nevada from flying their missions overseas. Nor have there been any confirmed incidents of classified information being lost or sent to an outside source. But the virus has resisted multiple efforts to remove it from Creech’s computers, network security specialists say. And the infection underscores the ongoing security risks in what has become the U.S. military’s most important weapons system.

“We keep wiping it off, and it keeps coming back,” says a source familiar with the network infection, one of three that told Danger Room about the virus. “We think it’s benign. But we just don’t know.”

Military network security specialists aren’t sure whether the virus and its so-called “keylogger” payload were introduced intentionally or by accident; it may be a common piece of malware that just happened to make its way into these sensitive networks. The specialists don’t know exactly how far the virus has spread. But they’re sure that the infection has hit both classified and unclassified machines at Creech. That raises the possibility, at least, that secret data may have been captured by the keylogger, and then transmitted over the public internet to someone outside the military chain of command.

Drones have become America’s tool of choice in both its conventional and shadow wars, allowing U.S. forces to attack targets and spy on its foes without risking American lives. Since President Obama assumed office, a fleet of approximately 30 CIA-directed drones have hit targets in Pakistan more than 230 times; all told, these drones have killed more than 2,000 suspected militants and civilians, according to the Washington Post. More than 150 additional Predator and Reaper drones, under U.S. Air Force control, watch over the fighting in Afghanistan and Iraq. American military drones struck 92 times in Libya between mid-April and late August. And late last month, an American drone killed top terrorist Anwar al-Awlaki — part of an escalating unmanned air assault in the Horn of Africa and southern Arabian peninsula.

But despite their widespread use, the drone systems are known to have security flaws. Many Reapers and Predators don’t encrypt the video they transmit to American troops on the ground. In the summer of 2009, U.S. forces discovered “days and days and hours and hours” of the drone footage on the laptops of Iraqi insurgents. A $26 piece of software allowed the militants to capture the video.

The lion’s share of U.S. drone missions are flown by Air Force pilots stationed at Creech, a tiny outpost in the barren Nevada desert, 20 miles north of a state prison and adjacent to a one-story casino. In a nondescript building, down a largely unmarked hallway, is a series of rooms, each with a rack of servers and a “ground control station,” or GCS. There, a drone pilot and a sensor operator sit in their flight suits in front of a series of screens. In the pilot’s hand is the joystick, guiding the drone as it soars above Afghanistan, Iraq, or some other battlefield.


http://www.wired.com/dangerroom/2011/10/virus-hits-drone-fleet/

Mayraj said...

"A cyber warfare expert claims he has linked the Stuxnetcomputer virus that attacked Iran's nuclear program in 2010 toConficker, a mysterious "worm" that surfaced in late 2008 and infected millions of PCs."
http://news.yahoo.com/insight-did-conficker-worm-help-sabotage-irans-nuke-061355305.html
Insight: Did Conficker help sabotage Iran's nuke program?

Riaz Haq said...

Here are some excerpts of CBS 60 Minutes segment on Stuxnet aired on Mar 4, 2012:

The first attack, using a computer virus called Stuxnet was launched several years ago against an Iranian nuclear facility, almost certainly with some U.S. involvement. But the implications and the possible consequences are only now coming to light.

FBI Director Robert Mueller: I do believe that the cyberthreat will equal or surpass the threat from counterterrorism in the foreseeable future.

Defense Secretary Leon Panetta: There's a strong likelihood that the next Pearl Harbor that we confront could very well be a cyberattack.

House Intelligence Committee Chairman Mike Rogers: We will suffer a catastrophic cyberattack. The clock is ticking.

And there is reason for concern. For more than a decade, the U.S. military establishment has treated cyberspace as a domain of conflict, where it would need the capability to fend off attack, or launch its own. That time is here. Because someone sabotaged a top secret nuclear installation in Iran with nothing more than a long string of computer code.

Ret. Gen. Mike Hayden: We have entered into a new phase of conflict in which we use a cyberweapon to create physical destruction, and in this case, physical destruction in someone else's critical infrastructure.
----------
We know from reverse engineering the attack codes that the attackers have full, and I mean this literally, full tactical knowledge of every damn detail of this plant. So you could say in a way they know the plant better than the Iranian operator.

We wanted to know what Retired General Michael Hayden had to say about all this since he was the CIA director at the time Stuxnet would have been developed.
------------
You can download the actual source code of Stuxnet now and you can repurpose it and repackage it and then, you know, point it back towards wherever it came from.

Kroft: Sounds a little bit like Pandora's box.

McGurk: Yes.

Kroft: Whoever launched this attack--


http://www.cbsnews.com/8301-18560_162-57390124/stuxnet-computer-worm-opens-new-era-of-warfare/?pageNum=4&tag=contentMain;contentBody

Riaz Haq said...

Here's Wall Street Journal story on cyberweapons:

"Cyberattacks are easy, can be carried out at a low cost and have potentially high benefits," said Peter Sommer, a computer-security expert who teaches at the London School of Economics. "You don't have to keep agents in location for a long time. You can be sitting at a computer in your home country."

Many countries—including the U.S., Russia, China, Israel, the U.K., Pakistan, India and North and South Korea—have developed sophisticated cyberweapons that can penetrate and destroy computer networks, experts say. Increasingly, governments are going public about break-ins to their networks to raise public awareness.

"We are seeing an important shift in the way people understand computer security," said Ilias Chantzos, the director of government affairs outside the U.S., at technology-security firm Symantec Corp. "It used to be exotic. Now we are seeing it elevated to a national level."

Recently, the North Atlantic Treaty Organization said it would develop a new policy to deal with computer threats after a string of attacks on member countries.

In 2009, the European Commission published a paper calling for greater cooperation among member states to fend off cyberattacks.

However, keeping up with the development of new cyberthreats is proving challenging for governments, which have to spend heavily upgrading their defense systems and focusing their efforts on their most vulnerable points, experts say. France, for instance, created ANSSI in 2009. In 2012, the agency will hire 70 new staff and have an annual budget of €90 million ($125.8 million).

"No single infrastructure system is safe enough," said Mr. Pailloux.


http://online.wsj.com/article/SB10001424052748703386704576186061676412704.html

Riaz Haq said...

Here's a PakistanToday on Indian and Pakistani hackers' war:

Pakistani hackers on Friday hacked over a thousand Indian websites in response to an Indian attack on the website of the Election Commission of Pakistan (ECP).

Pakistani hackers calling themselves True Cyber Army defaced 1,059 websites of Indian election bodies which then showed the ECP’s web page.

The hacked websites included http://www.nmcelection.org/, http://www.mcgmelection.org/. The hackers warned to launch more attacks on Indian websites if their rivals continued their campaign against Pakistani websites.

“If Indian hackers did not stop attacking Pakistani websites, we have a right to fight for the integrity of our homeland,” True Cyber Army said in an email message to a local newspaper. Last Friday the website of ECP was shut down after an attack by an Indian hacker who identified himself as NIGh7 F0x. The hacker defaced the homepage of ECP website and later compromised its availability.

The attack on ECP website came at a time when the P he commission shifted its website on another server to avert the crisis but still some ECP website users are complaining about difficulty in accessing some of the contents.

However, according to a spokesman of ECP all important election related data was secure and the website had started functioning normally. The Commission had already started uploading the nomination papers of candidates contesting in May 11 polls. Pakistani election body is busy in preparing for the general elections to be held on 11th May 2013.


http://www.pakistantoday.com.pk/2013/04/06/news/national/hackers-hit-back-1059-indian-websites-defaced-by-pakistani-hackers/

Riaz Haq said...

Wikileaks reveal #American #Spy Agency #NSA #Cyber Weapons Used to Hack #Pakistan mobile system http://bit.ly/2nQ1VHn via @techjuicepk

New information about the involvement of US in hacking Pakistan mobile system has been found in a release by Wikileaks. This leak points to NSA’s cyber weapons which include code related to hacking of Pakistan mobile system.

NSA’s interest in Pakistan
NSA, National Security Agency responsible for global monitoring, collection, and processing of information and data for foreign intelligence and counterintelligence purposes in the USA, has allegedly spied on Pakistani civilian and military leadership in the past. Edward Snowden, a former NSA employee, has also suggested in the past that NSA used wiretapping and cyber weapons to spy on many international leaders.

Scope of new information
On Saturday, Wikileaks revealed hundreds of cyber weapons variants which include code pointing towards NSA hacking Pakistan mobile system.

The link shared in the tweet by Wikileaks’ official account points to a Github repository containing the decrypted files pertaining to NSA cyber weapons. A complete analysis of these files by a cyber security expert is needed to further highlight the severity of the situation. Initial impressions, however, seem to indicate that these leaks will certainly provide more substance to previous allegations against NSA.

Riaz Haq said...

Experts are unanimous in saying that the most important target of #Indian #cyber-#espionage & #cyberattacks by far is #Pakistan. Limited employment prospects of Indian techies have created a swarm of underground threat actors in #India| The Daily Swig
https://portswigger.net/daily-swig/indian-cyber-espionage-activity-rising-amid-growing-rivalry-with-china-pakistan


ANALYSIS India is sometimes overlooked by some in the threat intelligence community, even though the South Asian nation has advanced cyber capabilities – not least a huge pool of talent.

The country boasts a large number of engineers, programmers, and information security specialists, but not all of this tech talent was put to good use, even before the Covid-19 pandemic cast a shadow over the global economy.

Their somewhat limited employment prospects are said to have created a swarm of underground Indian threat actors eager to show off their hacking talents and make money – a resource that the Indian government might be able to tap into in order to bolster its own burgeoning cyber-espionage resources.

India is in catch-up mode for now, but has the technical resources to make rapid progress.

Who is being targeted by Indian hacking groups?
Geopolitical factors have fueled an increase in cyber threat activity both originating from and targeting India.

Experts quizzed by The Daily Swig were unanimous in saying that the most important target of Indian cyber-espionage by far is Pakistan – a reflection of the decades-long struggle over the disputed region of Kashmir.

China, India’s neighbour and an ally of Pakistan, is also a top target of state-sponsored Indian cyber-espionage.

Paul Prudhomme, head of threat intelligence advisory at IntSights, told The Daily Swig: “Indian cyber-espionage differs from that of other top state-sponsored threats, such as those of Russia and China, in the less ambitious geographic scope of their attacks.”


Other common targets of Indian hacking activity include other nations of the South Asian subcontinent, such as Bangladesh, Sri Lanka, and Nepal. Indian espionage groups may sometimes expand their horizons further to occasional targets in Southeast Asia or the Middle East.

Indian cyber-espionage groups typically seek information on Pakistan’s government, military, and other organizations to inform and improve its own national security posture.

But this is far from the only game in town.

For example, one Indian threat group called ‘Dark Basin’ has allegedly targeted advocacy groups, senior politicians, government officials, CEOs, journalists, and human rights activists across six continents over the last seven years.

India is currently considered to have a less mature cyber warfare armoury and capability than the ‘Big Six’ – China, North Korea, Russia, Israel, the UK, and US – but this may change over time since its capability is growing.

Chris Sedgwick, director of security operations at Talion, the managed security service spinoff of what used to be BAE System’s intelligence division, commented:

The sophistication of the various Indian cyber threat actors do not appear to be in the same league as China or Russia, and rather than having the ability to call on a cache of 0-day exploits to utilise, they have been known to use less sophisticated – but still fairly effective – techniques such as decoy documents containing weaponised macros.

Riaz Haq said...

Experts are unanimous in saying that the most important target of #Indian #cyber-#espionage & #cyberattacks by far is #Pakistan. Limited employment prospects of Indian techies have created a swarm of underground threat actors in #India| The Daily Swig
https://portswigger.net/daily-swig/indian-cyber-espionage-activity-rising-amid-growing-rivalry-with-china-pakistan


Morgan Wright, chief security advisor at SentinelOne and former US State Department special advisor, told The Daily Swig: “India’s growing offensive capability is still immature compared to China, North Korea, Russia, Israel, the UK and US. However, there is no shortage of people with advanced technical skills in India.”

With Covid-19 causing significant unemployment in India, it can be “safely assumed a portion of people with these skills will engage in cybercrime”, according to Wright.

“Ironically, tactics learned in committing cybercrime will be of value to the intelligence and military establishment in India as they develop and grow units to engage in cyber warfare and espionage,” he said.


India security

Assaf Dahan, senior director and head of threat research at Cybereason, told The Daily Swig: “The level of sophistication of the activity groups affiliated with India can vary; some groups have shown a high level of sophistication and use of advanced custom-built tools or advanced exploits, while others exhibited significantly less sophisticated capabilities.

“Sometimes a group might exhibit different levels of sophistication on different operations, based on the group’s needs and reasoning,” he added.

Dahan concluded: “Another point to remember: the level of sophistication isn’t always correlated with the success rate of the group’s operation or goals. Sometimes, simple social engineering attacks delivering a known commodity malware can be enough to get the threat actors what they want.”

What examples are there of Indian APT groups?
Recent attacks by Indian hacker groups:

The highly active cyber-espionage entity known as SideWinder has been plaguing governments and enterprises since 2012. A recently released report by AT&T Alien Labs shows most of SideWinder’s activity is heavily focused on South Asia and East Asia, with the group likely supporting Indian political interests.
The allegedly Indian state-sponsored group Dropping Elephant has been known to target the Chinese government via spear-phishing and watering hole attacks.
Viceroy Tiger has been known to use weaponised Microsoft Office documents in spear-phishing campaigns. Security researchers at Lookout recently went public with research on mobile malware attributed to the threat actors and rated as medium sophistication.

The level of direct Indian government involvement in some of these operations is contested.
Cybereason’s Dahan cautioned: “The line between ‘state operated’ or ‘state ordered’ can be rather fine, so it’s not always easy to link certain operations directly to an official government or military institution, especially due to the growing popularity of cyber mercenaries (hackers-for-hire).”

How might India expand its cyber warfare capabilities and defences?
Through an emerging initiative to provide technology education to 400,000 low-income students, India will significantly increase its cyber “bench strength”, according to Mike Hamilton, former CISO for the City of Seattle and co-founder and CISO of cybersecurity firm CI Security.

Hamilton predicted that a “cybercrime population will emerge [in India] and differentiate itself from nationalist motivations”.

Other experts reckon the flow of talent will run the other way and allow Indian to expand its cyber-espionage capabilities from the cohorts of cybercriminals.

Ahmed said...


Dear Sir

Thank you for sharing this great information.Sir I think Pakistani cyber attackers have attacked the sensitive websites of India in the past so much that later Indian authorities have focused on improving their cyber security.

Pls check this latest news, now the Indian cyber security ranked at No.10 in the "GLOBAL CYBER SECURITY" index where as Pakistan is ranked at no.79 in this same index.

Can you pls throw some light on this? How is it that Pakistan is lagging behind India in this index?

Ref:
https://www.thenews.com.pk/print/857169-global-cyber-security-index-un-study-ranks-pakistan-at-79

Riaz Haq said...

Ignite Conducts Karachi Qualifier Round of Digital Pakistan Cybersecurity Hackathon 2022

https://propakistani.pk/2022/12/02/ignite-conducts-karachi-qualifier-round-of-digital-pakistan-cybersecurity-hackathon-2022/


Ignite National Technology Fund, a public sector company with the Ministry of IT & Telecom, conducted the qualifier round of Digital Pakistan Cybersecurity Hackathon 2022 in Karachi on 1st December 2022 after conducting qualifier rounds at Quetta and Lahore.

The Cybersecurity Hackathon aims to improve the cybersecurity readiness, protection, and incident response capabilities of the country by conducting cyber drills at a national level and identifying cybersecurity talent for public and private sector organizations.

Dr. Zain ul Abdin, General Manager Ignite, stated that Ignite was excited about organizing Pakistan’s 2nd nationwide cybersecurity hackathon in five cities this year. The purpose of the Cyber Security Hackathon 2022 is to train and prepare cyber security experts in Pakistan, he said.

Speaking on the occasion, Asim Shahryar Husain, CEO Ignite, said, “The goal of the cybersecurity hackathon is to create awareness about the rising importance of cybersecurity for Pakistan and also to identify and motivate cybersecurity talent which can be hired by public and private sector organizations to secure their networks from cyberattacks.”

“There is a shortage of 3-4 million cybersecurity professionals globally. So this is a good opportunity for Pakistan to build capacity of its IT graduates in cybersecurity so that they can boost our IT exports in future,” he added.

Chief guest, Mohsin Mushtaq, Additional Secretary (Incharge) IT & Telecommunication, said, “Digital Pakistan Cybersecurity Hackathon is a step towards harnessing the national talent to form a national cybersecurity response team.”

“Ignite will continue to hold such competitions every year to identify new talent. I would like to congratulate CEO Ignite and his team for holding such a marathon competition across Pakistan to motivate cybersecurity students and professionals all over the country,” he added.

Top cybersecurity experts were invited for keynote talks during the occasion including Moataz Salah, CEO Cyber Talents, Egypt, and Mehzad Sahar, Group Head InfoSec Engro Corp, who delivered the keynote address on Smart InfoSec Strategy.

Panelists from industry, academia, and MoITT officials participated in two panel discussions on “Cyber Threats and Protection Approaches” and “Indigenous Capability & Emerging Technologies” during the event.

The event also included a cybersecurity quiz competition in which 17 teams participated from different universities. The top three teams in the competition were awarded certificates.

41 teams competed from Karachi in the Digital Pakistan Cybersecurity Hackathon 2022.

The top three teams shortlisted after the eight-hour hackathon were: “Team Control” (Winner); “Revolt” (1st Runner-up); and “ASD” (2nd Runner-up).

These top teams will now compete in the final round of the hackathon in Islamabad later this month.

Riaz Haq said...

Pakistan-linked Malware Campaign Evolves to Target Windows, Android, and macOS



https://thehackernews.com/2024/06/pakistan-linked-malware-campaign.html


Threat actors with ties to Pakistan have been linked to a long-running malware campaign dubbed Operation Celestial Force since at least 2018.

The activity, still ongoing, entails the use of an Android malware called GravityRAT and a Windows-based malware loader codenamed HeavyLift, according to Cisco Talos, which are administered using another standalone tool referred to as GravityAdmin.

The cybersecurity attributed the intrusion to an adversary it tracks under the moniker Cosmic Leopard (aka SpaceCobra), which it said exhibits some level of tactical overlap with Transparent Tribe.

"Operation Celestial Force has been active since at least 2018 and continues to operate today — increasingly utilizing an expanding and evolving malware suite — indicating that the operation has likely seen a high degree of success targeting users in the Indian subcontinent," security researchers Asheer Malhotra and Vitor Ventura said in a technical report shared with The Hacker News.

GravityRAT first came to light in 2018 as a Windows malware targeting Indian entities via spear-phishing emails, boasting of an ever-evolving set of features to harvest sensitive information from compromised hosts. Since then, the malware has been ported to work on Android and macOS operating systems, turning it into a multi-platform tool.

Subsequent findings from Meta and ESET last year uncovered continued use of the Android version of GravityRAT to target military personnel in India and among the Pakistan Air Force by masquerading it as cloud storage, entertainment, and chat apps.

Cisco Talos' findings bring all these disparate-but-related activities under a common umbrella, driven by evidence that points to the threat actor's use of GravityAdmin to orchestrate these attacks.

Cosmic Leopard has been predominantly observed employing spear-phishing and social engineering to establish trust with prospective targets, before sending them a link to a malicious site that instructs them to download a seemingly innocuous program that drops GravityRAT or HeavyLift depending on the operating system used.

GravityRAT is said to have been put to use as early as 2016. GravityAdmin, on the other hand, is a binary used to commandeer infected systems since at least August 2021 by establishing connections with GravityRAT and HeavyLift's command-and-control (C2) servers.

Riaz Haq said...

Cyber Warfare And Emerging Technologies: Securing Pakistan’s Future – OpEd – Eurasia Review

https://www.eurasiareview.com/22102024-cyber-warfare-and-emerging-technologies-securing-pakistans-future-oped/


As technology continues to evolve, future wars will likely be fought not by humans alone but with machines playing a central role. However, human control may still influence the operations of these machines, especially in cyber warfare.

Today, states have a variety of methods to attack each other that go beyond conventional warfare. These include cyber operations alongside military, economic, or political strategies. With emerging innovations and recent technological advancements, cyberspace has become a new domain of warfare, presenting complex threats. From a national security perspective, cyber warfare—the use of information technology to infiltrate a country’s classified databases or strike its essential systems—is one of the most menacing forms of conflict.

The frequency and intensity of cyber warfare are increasing, fueled by the advancement of technologies such as artificial intelligence (AI) and quantum computing (QC). These technologies not only amplify the number of cyber threats but also increase their sophistication. To secure its place as a dominant force in cyberspace, Pakistan must begin mastering these cyber realms today. By positioning itself as a hub of AI and QC, Pakistan can make a significant global impact.

Cyber Warfare
Cyber warfare refers to computer and network operations intended to control or disrupt vital ICT resources in a state or government, aiming to cause harm or espionage. In many countries, the dependency on technology has made cyber threats more frequent.

A historic example is the Morris Worm, the first major hacker attack that affected up to six thousand computers, causing losses ranging from one hundred thousand to millions of dollars. It targeted Unix operating systems, deleting files and slowing down operations. Another significant incident was the Stuxnet Worm, used by the United States against Iran’s nuclear program. Stuxnet not only destroyed nearly 1,000 uranium enrichment centrifuges, delaying Iran’s nuclear ambitions, but it also infected Windows computers and networks, spreading rapidly through a USB drive.

AI and Quantum Computing in Warfare
AI and QC are shaping the future of technology and warfare. AI, which processes vast amounts of data and runs algorithms to identify patterns, is highly advanced and adaptable. However, its potential use in weapon technology raises serious concerns. QC, with its unparalleled computational power, can perform calculations simultaneously by leveraging quantum mechanics.

Both AI and QC pose serious threats to national security because of their autonomous capabilities and the difficulty of preventing them from being exploited. AI systems, which can simulate human intelligence, are revolutionizing problem-solving and innovation but are also susceptible to cyberattacks. Data breaches in centralized servers, which house sensitive information, can expose AI systems to these attacks, allowing hackers to target critical infrastructure like power grids or classified databases.

In military operations, the integration of AI—especially in autonomous weapon systems—could surpass conventional forces in terms of both damage and risk. However, for a country like Pakistan, AI has the potential to strengthen cyber defenses and augment intelligence capabilities, providing a vital edge in defense strategies. Properly managed, AI could defend against emerging cyber threats while significantly improving data analysis and cybersecurity efforts.
October 22, 2024 at 11:33 AM

Riaz Haq said...

Russian FSB Hackers Breach Pakistani APT Storm-0156

(Russian) Parasitic advanced persistent threat (APT) Secret Blizzard accessed another APT's infrastructure (Pakistan's), and stole the same kinds of info it targets in South Asian government and military victims.

https://www.darkreading.com/threat-intelligence/russian-fsb-hackers-breach-pakistan-storm-0156

Hackers operating on behalf of Russian state intelligence have breached hackers operating out of Pakistan, latching onto their espionage campaigns to steal information from government, military, and defense targets in Afghanistan and India.

In December 2022, Secret Blizzard (aka Turla) — which the Cybersecurity and Infrastructure Security Agency (CISA) has tied to Russia's Federal Security Service (FSB) — gained access to a server run by another advanced persistent threat (APT), Storm-0156 (aka Transparent Tribe, SideCopy, APT36). It soon expanded into 33 separate command-and-control (C2) nodes operated by Storm-0156 and, in April 2023, breached individual workstations owned by its fellow hackers.

Since then, researchers from Microsoft and Black Lotus Labs say, Secret Blizzard has been able to leech off of Storm-0156's cyberattacks, accessing sensitive information from various Afghani government agencies and Indian military and defense targets.

---------------------

Frequent freeloader part I: Secret Blizzard compromising Storm-0156 infrastructure for espionage | Microsoft Security Blog

https://www.microsoft.com/en-us/security/blog/2024/12/04/frequent-freeloader-part-i-secret-blizzard-compromising-storm-0156-infrastructure-for-espionage/

In this first of a two-part blog series, we discuss how (Russia's) Secret Blizzard has used the infrastructure of the Pakistan-based threat activity cluster we call Storm-0156 — which overlaps with the threat actor known as SideCopy, Transparent Tribe, and APT36 — to install backdoors and collect intelligence on targets of interest in South Asia. Microsoft Threat Intelligence partnered with Black Lotus Labs, the threat intelligence arm of Lumen Technologies, to confirm that Secret Blizzard command-and-control (C2) traffic emanated from Storm-0156 infrastructure, including infrastructure used by Storm-0156 to collate exfiltrated data from campaigns in Afghanistan and India. We thank the Black Lotus Team for recognizing the impact of this threat and collaborating on investigative efforts. In the second blog, Microsoft Threat Intelligence will be detailing how Secret Blizzard has used Amadey bots and the PowerShell backdoor of two other threat actors to deploy the Tavdigbackdoor and then use that foothold to install their KazuarV2 backdoor on target devices in Ukraine.