After a reportedly successful US-Israeli stux-net cyber attack on Iranian nuclear installations last year, there is now a report in the New York Times that the Obama administration has considered deploying cyber warfare against Pakistan as well.
The New York Times quotes unnamed US officials as acknowledging that the US "military planners suggested a far narrower computer-network attack to prevent Pakistani radars from spotting helicopters carrying Navy Seal commandos on the raid that killed Osama bin Laden on May 2." It says the idea of cyber attack on Pakistani air defense system was dropped, and radar-evading Black Hawk helicopters and stealthy RQ-170 Sentinel surveillance drone were instead used to for the raid in the Pakistani town of Abbottabad. The CIA spied on Osama bin Laden’s compound in Pakistan by video transmitted from a new bat-winged stealth drone, the RQ-170 Sentinel, which hovered high above Abbottabad for weeks before the raid. There are speculations that the US might be doing such aerial surveillance in other parts of Pakistan, particularly on Pakistan's nuclear installations.
Recently, officials at Creech Air Force Base in Nevada acknowledged a virus infecting the drone “cockpits” there, according to Wired magazine. The source of the virus has not been identified. Back in 2009, the Wall Street Journal reported that militants in Iraq used $26 off-the-shelf software to intercept live video feeds from U.S. Predator drones, potentially providing them with information they needed to evade or monitor U.S. military operations.
At the 2009 World Economic Forum, the U.S.-based security software firm McAfee's CEO Dave Walt reportedly told some attendees that China, the United States, Russia, Israel and France are among 20 countries locked in a cyberspace arms race and gearing up for possible Internet hostilities. He further said that the traditional defensive stance of government computer infrastructures has shifted in recent years to a more offensive posture aimed at espionage, and deliberate disruption of critical networks in both government and private sectors. Such attacks could disrupt not only command and control for modern weapon systems such as ballistic missiles, but also critical civilian systems including banking, electrical grid, telecommunications, transportation, etc, and bring life to a screeching halt.
In a Sept 2010 report, the Wall Street Journal quoted cyber security specialists saying that "many countries including the U.S., Russia, China, Israel, the U.K., Pakistan, India and North and South Korea have developed sophisticated cyber weapons that can repeatedly penetrate and have the ability to destroy computer networks".
Last year, Chinese hackers apparently succeeded in downloading source code and bugs databases from Google, Adobe and dozens of other high-profile companies using unprecedented tactics that combined encryption, stealth programming and an unknown hole in Internet Explorer, according to new details released by the anti-virus firm McAfee and reported by Wired magazine. These hack attacks were disguised by the use of sophisticated encryption, and targeted at least 34 companies in the technology, financial and defense sectors, exploiting a vulnerability in Adobe’s Reader and Acrobat applications.
While the Chinese cyber attacks on US and India often get wide and deep coverage in the western media, a lower profile, small-scale cyber warfare is also raging in the shadows between India and Pakistan, according to some reports. These reports indicate that around 40-50 Indian sites are being attacked by Pakistani hackers on a daily basis whereas around 10 Pakistani sites are being hit by their Indian counterparts.
Here is how Robert X. Cringeley described the potential effects of full-scale India-Pakistan cyber war in a June 2009 blog post captioned "Collateral Damage":
"Forget for the moment about data incursions within the DC beltway, what happens when Pakistan takes down the Internet in India? Here we have technologically sophisticated regional rivals who have gone to war periodically for six decades. There will be more wars between these two. And to think that Pakistan or India are incapable or unlikely to take such action against the Internet is simply naive. The next time these two nations fight YOU KNOW there will be a cyber component to that war.
And with what effect on the U.S.? It will go far beyond nuking customer support for nearly every bank and PC company, though that’s sure to happen. A strategic component of any such attack would be to hobble tech services in both economies by destroying source code repositories. And an interesting aspect of destroying such repositories — in Third World countries OR in the U.S. — is that the logical bet is to destroy them all without regard to what they contain, which for the most part negates any effort to obscure those contents."
Coming back to the US, it is no secret that the Pentagon and the CIA have increasingly been using America's significant technology edge for war fighting in many parts of the world in recent years. One example is the growing fleet of the remotely controlled stealthy drones being deployed in Afghanistan, Pakistan, Iraq, Yemen and elsewhere for espionage and attacks. Among other new developments, the modern drone is just one of the ways to fight wars covertly in remote places at low cost to America in terms of dollars and casualties, often without so munch as declaring such wars.
The Pentagon now has some 7,000 UAVs, compared with fewer 50 just 10 years ago. The US Air Force is now anticipating a decrease in manned aircraft but expects its number of “multirole” aerial drones like the Reaper — the ones that spy as well as strike — to nearly quadruple, to 536, according to NY Times. Already the Air Force is training more remote pilots, 350 this year alone, than all of the fighter and bomber pilots combined.
The covert nature of drone warfare is particularly true outside Afghanistan and Iraq which are declared wars. In Pakistan, for instance, the secret war is being fought by the CIA, an intelligence agency, not the American military. This war is not even publicly acknowledged by the US administration, and it's a clear violation of international laws and all conventions of war.
The US politicians, spies and generals seem to be calculating that the American people would be more willing to support such wars if they don't bust the US budget and result in as few American body bags as possible. However, this calculation ignores the basic fact that most international conflicts, including terrorism, are essentially political in nature, and must be solved by political rather than the military means.
Related Links:
Haq's Musings
Cyber Attacks in India, Pakistan and China
Nature of Future India-Pakistan Warfare
ITU Internet Access Data by Countries
Foreign Origin of India's Agni Missiles
Pakistan's Space Capabilities
Seeing Bin Laden's Death in Wider Perspective
Pakistan's Multi-Billion Dollar IT Industry
John Arquilla: Go on the Cyberoffensive
Pakistan Defense Industry Going High Tech
India-Pakistan Military Balance
21st Century High Tech Warfare
21 comments:
However, this calculation ignores the basic fact that most international conflicts, including terrorism, are essentially political in nature, and must be solved by political rather than the military means.
Absolutely!This is why there should be a political solution of dismantling Afghanistan the northern part needs to merge with Tajikistan,Uzbekistan and the PAshtun part needs to merge with NWFP and decleared Pashtoonistan with all pashtoons living in Karachi etc being forcefully repatriated so that we have a semblance of a funtioning country.
But who will do this Obama?Zardari?
I am afraid Pakistan is destined to be unstable for much of this decade!!:(
Here's a report in The Hill on Ron Paul's criticism of US policy in Pakistan:
GOP presidential hopeful Ron Paul said Sunday that the U.S. military is inciting a civil war in Pakistan.
The Texas Republican said the civilian casualties resulting from the Pentagon's drone attacks over Pakistan and other countries only create more enemies at the expense of homeland security.
"Sometimes they miss and sometimes there's collateral damage. And every time we do that, we develop more enemies," Paul said on Fox News Sunday.
"We're dropping a lot of drone missile/bombs in Pakistan and claim we've killed so many, but how about the innocent people [who have] died? Nobody hears about that. This is why the people of Pakistan can't stand our guts and why they disapprove of their own government," he said.
"We're bombing Pakistan and trying to kill some people, making a lot of mistakes, building up our enemies, at the same time we're giving billions of dollars to the government of Pakistan," he added. "We're more or less inciting a civil war there, so I think that makes us less safe.
"For everyone you kill, you probably create 10 new people who hate our guts and would like to do us harm."
The eight-term Republican reiterated his calls for a $1 trillion cut in federal spending in year one if he reaches the White House, and rejected the notion that those reductions could undermine the country if programs like medical research and development (R&D) are eliminated.
"If you take all these resources out of the hands of the government, that doesn't mean the money isn't going to be spent. It means that the individuals are going to be spending it," he said.
"You would have much more R&D and it would be better directed if investors and the market makes these decisions, because believe me, the politicians and the bureaucrats aren't smart enough to know what you should be investing in."
Paul also weighed in on the sexual harassment allegations dogging fellow-GOP presidential contender Herman Cain, saying the focus on the scandal "dilutes the real debate."
"The media's blown that way out of proportion," Paul said. "I don't like these distractions."
http://thehill.com/blogs/blog-briefing-room/news/192023-ron-paul-us-is-inciting-civil-war-in-pakistan
Guardian report on yet another innocent victim of US drone attacks in Pakistan:
Last Friday, I met a boy, just before he was assassinated by the CIA. Tariq Aziz was 16, a quiet young man from North Waziristan, who, like most teenagers, enjoyed soccer. Seventy-two hours later, a Hellfire missile is believed to have killed him as he was travelling in a car to meet his aunt in Miran Shah, to take her home after her wedding. Killed with him was his 12-year-old cousin, Waheed Khan.
Over 2,300 people in Pakistan have been killed by such missiles carried by drone aircraft such as the Predator and the Reaper, and launched by remote control from Langley, Virginia. Tariq and Waheed brought the known total of children killed in this way to 175, according to statistics maintained by the organisation I work for, the Bureau of Investigative Journalism.
The final order to kill is signed allegedly by Stephen Preston, the general counsel at the CIA headquarters. What evidence, I would like to know, does Mr Preston have against Tariq and Waheed? What right does he have to act as judge, jury and executioner of two teenage boys neither he nor his staff have ever met, let alone cross-examined, or given the opportunity to present witnesses?
It is not too late to call for a prosecution and trial of whoever pushed the button and the US government officials who gave the order: that is, Mr Preston and his boss, President Barack Obama.
There are many people whom I know who can appear as witnesses in this trial. We – a pair of reporters, together with several lawyers from Britain, Pakistan and the US – met the victim and dozens of other young men from North Waziristan for dinner at the Margalla hotel in Islamabad on Thursday 27 October. We talked about their local soccer teams, which they proudly related were named for Brazil, New Zealand and other nations, which they had heard about but never visited.
The next morning, I filmed young Tariq walking into a conference hall to greet his elders. I reviewed the tape after he was killed to see what was recorded of some of his last moments: he walks shyly and greets the Waziri elders in the traditional style by briefly touching their chests. With his friends, he walks to a set of chairs towards the back of the hall, and they argue briefly about where each of them will sit. Over the course of the morning, Tariq appears again in many photographs that dozens of those present took, always sitting quietly and listening intently.
Tariq was attending a "Waziristan Grand Jirga" on behalf of drone strike victims in Pakistan, which was held at the Margalla hotel the following day. As is the Pashtun custom, the young men, each of whom had lost a friend or relative in a drone strike, did not speak. For four hours, the Waziri elders debated the drone war, and then they listened to a resolution condemning the attacks, read out by Mirza Shahzad Akbar, a lawyer from the Foundation for Fundamental Rights. The group voted for this unanimously.
Neil Williams, a volunteer from Reprieve, the British legal charity, sat down and chatted with Tariq after the jirga was over. Together, they traveled in a van to the Pakistani parliament for a protest rally against drone strikes led by Imran Khan, a former cricketer, and now the leader of the Tehreek-e-Insaaf political party.
The next day, the group returned home to Waziristan. On Monday, Tariq was killed, according to his uncle Noor Kalam.
The question I would pose to the jury is this: would a terrorist suspect come to a public meeting and converse openly with foreign lawyers and reporters, and allow himself to be photographed and interviewed? More importantly, since he was so easily available, why could Tariq not have been detained in Islamabad, when we spent 48 hours together? ....
http://www.guardian.co.uk/commentisfree/cifamerica/2011/nov/07/cia-unaccountable-drone-war
Here are some excerpts of NY Times on the killing of 24 Pakistani soldiers by NATO:
The question now, as one senior American official put it on Sunday, is “what kind of resilience is left” in a relationship that has sunk to new lows time after time this year — with the arrest in January of a C.I.A. officer, Raymond Davis, the killing of Osama bin Laden in May and the deaths of so many Pakistani soldiers.
In each of those cases, Pakistan had reason to feel that the United States had violated its sovereignty. Even if circumstances on the ground justified the American actions, they have nonetheless made it difficult to sustain political support inside Pakistan for the strategic cooperation that both countries acknowledge is vital to winning the war in Afghanistan. “Imagine how we would feel if it had been 24 American soldiers killed by Pakistani forces at this moment,” Senator Richard J. Durbin, Democrat from Illinois, said on “Fox News Sunday.” The rift is one result of the United States’ two-pronged strategy in Afghanistan, which relies on both negotiating and fighting to end the war.
-------------
Just last Friday, Pakistan’s military commander, Army Gen. Ashfaq Parvez Kayani, met Gen. John R. Allen, the commander of coalition forces in Afghanistan, in Rawalpindi to discuss “measures concerning coordination, communication and procedures” between the Pakistan Army, the NATO-led International Security Assistance Force and the Afghan Army, “aimed at enhancing border control on both sides,” according to a statement by the Pakistani military.
“Then you have an incident that takes us back to where we were before her visit,” said Vali Nasr, a former deputy to the administration’s regional envoy, Richard C. Holbrooke, and now a professor at Tufts University.
The problem, Mr. Nasr said, is that the United States effectively has not one but two strategies for winning the war in Afghanistan.
While the State Department and the White House believe that only a negotiated political solution will end the war, American military and intelligence commanders believe that they must maximize pressure on the Taliban before the American military withdrawal begins in earnest before 2014. The military strategy has led to the intensified fighting in eastern Afghanistan along the border with Pakistan, increasing tensions. A major offensive last month involving 11,000 NATO troops and 25,000 Afghan fighters in seven provinces of eastern Afghanistan killed or captured hundreds of extremists, many of them using Pakistan as a base.
http://www.nytimes.com/2011/11/28/world/asia/pakistan-and-united-states-bitter-allies-in-fog-of-war.html
"A cyber warfare expert claims he has linked the Stuxnetcomputer virus that attacked Iran's nuclear program in 2010 toConficker, a mysterious "worm" that surfaced in late 2008 and infected millions of PCs."
http://news.yahoo.com/insight-did-conficker-worm-help-sabotage-irans-nuke-061355305.html
Insight: Did Conficker help sabotage Iran's nuke program?
Kudos to Iran's EW capabilities.
Iranian TV has shown the first video footage of an advanced US drone aircraft that Tehran says it downed 140 miles (225km) from the Afghan border.
Images show Iranian military officials inspecting the RQ-170 Sentinel stealth aircraft which appears to be undamaged.
US officials have acknowledged the loss of the unmanned plane, saying it had malfunctioned.
However, Iranian officials say its forces electronically hijacked the drone and steered it to the ground.
BBC security correspondent Frank Gardner says the intact condition of the Sentinel tends to support their claim.
Iran's Press TV said that the Iranian army's "electronic warfare unit" brought down the drone on 4 December as it was flying over the city of Kashmar.
Brig General Amir-Ali Hajizadeh, head of Iran's Revolutionary Guards' aerospace unit, told Iranian media that the drone "fell into the trap" of the unit "who then managed to land it with minimum damage".
He said Iran was "well aware of what priceless technological information" could be gleaned from the aircraft.
Nato said at the weekend that an unarmed reconnaissance aircraft had been flying a mission over western Afghanistan late last week when its operators lost control of it.
Pentagon officials have said they are concerned about Iran possibly acquiring information about the technology.
Iranian media said on Thursday that the foreign ministry had summoned the Swiss envoy to express its "strongest protest over the invasion of a US spy drone deep into its airspace".
Washington has no diplomatic relations with Iran and US affairs in the country are dealt with via the Swiss embassy in Tehran.
http://www.bbc.co.uk/news/world-middle-east-16098562
US Council on Foreign Relation elevates risk of conflict with Pakistan in 2012, according to AFP:
WASHINGTON: A conflict with Pakistan, the euro crisis, and a political instability in Saudi Arabia and have emerged as top potential threats facing the United States in 2012, an influential think-tank said Friday.
The Council on Foreign Relation’s Center for Preventive Action anonymously surveyed US officials and experts to compile an annual list of the most plausible conflicts for the United States in the new year.
The 2012 list elevated several contingencies to the top tier of risks: a US conflict with Pakistan prompted by an attack or counter-terrorism operation; an intensified euro crisis, which could plunge the United States back into recession; and a Saudi instability, which would threaten global oil supplies.
Threats that remained at the top of the list from last year included a potential incident between the United States and China, internal instability in Pakistan, intensified nuclear crises with Iran or North Korea, and a spillover of drug-related violence from Mexico.
Micah Zenko, a fellow at the Council on Foreign Relations who focuses on conflict resolution, said that the survey was designed to fill a gap as the US government has a poor record forecasting future instability and conflict.
“It is a perennial problem to get policymakers to focus on future challenges when dealing with the tyranny of the inbox,” Zenko said, referring to the overwhelming flow of messages.
“But in an age of austerity it has never been more important to forecast, prevent or mitigate plausible contingencies that could result in an expensive and long-lasting US military involvement,” he said.
The survey elevated the risk of conflict with Pakistan amid high tensions in 2011 following the US operation that killed Osama bin Laden. But the think-tank removed the potential for military escalation between Pakistan and arch-rival India from the top tier of risks.
The survey also added Bahrain as a “tier-two” risk to the United States, citing fears that growing instability in the Sunni-ruled kingdom could spur fresh military action by Saudi Arabia or Iran.
Other risks that were downgraded or removed from last year included:
- Intensified military conflict between Sudan and South Sudan.
- Renewed military conflict between Russia and Georgia.
- Violent instability in Thailand.
- Violent instability in Myanmar.
- A succession crisis in Zimbabwe.
http://tribune.com.pk/story/304332/conflict-with-pakistan-among-top-potential-threats-for-us-in-2012-report/
Here's a piece in a Russian newspaper on Putin's visit to Pakistan:
Russian President-elect Vladimir Putin will, on his first foreign tour after taking office, make his first stop in Pakistan. It symbolizes not just Pakistan’s importance in the region, but the shift in relations which means that the two countries, kept apart for so many years because of Russia’s espousal of Communism, are trying to come together. Russia seeks a new ally in the region, to substitute for India, now in the American lap, after the collapse of the USSR. Mr Putin’s visit shows that Russia intends to play a more proactive role in world affairs. It must do so, because by ceding to US supremacy, it has seen it not just invade Afghanistan physically, but threaten Iran. Russia has found its own physical space threatened by US expansionism, with the expansion of Nato threatening it in the West, the snatching away of India and the occupation of Afghanistan threatening it in Asia. The visit is a result of the successful visits to Russia by President Asif Zardari, in August 2010 for the Quadrilateral Summit, and by Foreign Minister Hina Rabbani Khar earlier this year.
Russia had previously tried to make headway in Pakistan through the Steel Mills project, and now it has offered to be involved in the Iran-Pakistan gas pipeline project. This is an offer that Pakistan must not hesitate to take up. While Pakistan's official 'ally' has done its best to sabotage the project, and has insisted India withdraw from it, Russia is extending a helping hand. Unlike the steel mills, the pipeline from Iran is existential, providing as it will, gas not just for domestic and industrial users, but also for power production. Thus not just for strategic concerns, but national interest should incline Pakistan towards Russia. However, as strategic concerns include Afghanistan, which Russia has been deeply interested in for a very long time, Russia would also be interested in how Pakistan sees the future of Afghanistan.
It should also be recognized that Russia has a deep interest in the reset in relations between the USA and Pakistan that is presently being discussed by the joint sitting of Parliament. Russia too has seen that the US has not just gained access to South Asia through Pakistan, but also Central Asia. As Russia is seeking an ally in the region to substitute for India, and as Pakistan is distanced from the USA, Russia is naturally more interested in Pakistan than ever before. President Putin’s visit, the first ever by a Russian President to Pakistan, reflects that.
http://english.ruvr.ru/2012_04_13/71586559/
Here's Wall Street Journal story on cyberweapons:
"Cyberattacks are easy, can be carried out at a low cost and have potentially high benefits," said Peter Sommer, a computer-security expert who teaches at the London School of Economics. "You don't have to keep agents in location for a long time. You can be sitting at a computer in your home country."
Many countries—including the U.S., Russia, China, Israel, the U.K., Pakistan, India and North and South Korea—have developed sophisticated cyberweapons that can penetrate and destroy computer networks, experts say. Increasingly, governments are going public about break-ins to their networks to raise public awareness.
"We are seeing an important shift in the way people understand computer security," said Ilias Chantzos, the director of government affairs outside the U.S., at technology-security firm Symantec Corp. "It used to be exotic. Now we are seeing it elevated to a national level."
Recently, the North Atlantic Treaty Organization said it would develop a new policy to deal with computer threats after a string of attacks on member countries.
In 2009, the European Commission published a paper calling for greater cooperation among member states to fend off cyberattacks.
However, keeping up with the development of new cyberthreats is proving challenging for governments, which have to spend heavily upgrading their defense systems and focusing their efforts on their most vulnerable points, experts say. France, for instance, created ANSSI in 2009. In 2012, the agency will hire 70 new staff and have an annual budget of €90 million ($125.8 million).
"No single infrastructure system is safe enough," said Mr. Pailloux.
http://online.wsj.com/article/SB10001424052748703386704576186061676412704.html
Here's an IEEE Spectrum piece on Stuxnet virus:
1986
The Brain boot sector virus (aka Pakistani flu), the first IBM PC–compatible virus, is released and causes an epidemic. It was created in Lahore, Pakistan, by 19-year-old Basit Farooq Alvi and his brother, Amjad Farooq Alvi.
-----------
Computer cables snake across the floor. Cryptic flowcharts are scrawled across various whiteboards adorning the walls. A life-size Batman doll stands in the hall. This office might seem no different than any other geeky workplace, but in fact it’s the front line of a war—a cyberwar, where most battles play out not in remote jungles or deserts but in suburban office parks like this one. As a senior researcher for Kaspersky Lab, a leading computer security firm based in Moscow, Roel Schouwenberg spends his days (and many nights) here at the lab’s U.S. headquarters in Woburn, Mass., battling the most insidious digital weapons ever, capable of crippling water supplies, power plants, banks, and the very infrastructure that once seemed invulnerable to attack.
Recognition of such threats exploded in June 2010 with the discovery of Stuxnet, a 500-kilobyte computer worm that infected the software of at least 14 industrial sites in Iran, including a uranium-enrichment plant. Although a computer virus relies on an unwitting victim to install it, a worm spreads on its own, often over a computer network.
This worm was an unprecedentedly masterful and malicious piece of code that attacked in three phases. First, it targeted Microsoft Windows machines and networks, repeatedly replicating itself. Then it sought out Siemens Step7 software, which is also Windows-based and used to program industrial control systems that operate equipment, such as centrifuges. Finally, it compromised the programmable logic controllers. The worm’s authors could thus spy on the industrial systems and even cause the fast-spinning centrifuges to tear themselves apart, unbeknownst to the human operators at the plant. (Iran has not confirmed reports that Stuxnet destroyed some of its centrifuges.)
------------
Companies have been slow to invest the resources required to update industrial controls. Kaspersky has found critical-infrastructure companies running 30-year-old operating systems. In Washington, politicians have been calling for laws to require such companies to maintain better security practices. One cybersecurity bill, however, was stymied in August on the grounds that it would be too costly for businesses. “To fully provide the necessary protection in our democracy, cybersecurity must be passed by the Congress,” Panetta recently said. “Without it, we are and we will be vulnerable.”
In the meantime, virus hunters at Kaspersky and elsewhere will keep up the fight. “The stakes are just getting higher and higher and higher,” Schouwenberg says. “I’m very curious to see what will happen 10, 20 years down the line. How will history look at the decisions we’ve made?”
http://spectrum.ieee.org/telecom/security/the-real-story-of-stuxnet
Here's a Washington Post report on US black budget targeting Pakistan for extra concerns and greater surveillance:
The $52.6 billion U.S. intelligence arsenal is aimed mainly at unambiguous adversaries, including al-Qaeda, North Korea and Iran. But top-secret budget documents reveal an equally intense focus on one purported ally: Pakistan.
No other nation draws as much scrutiny across so many categories of national security concern.
A 178-page summary of the U.S. intelligence community’s “black budget” shows that the United States has ramped up its surveillance of Pakistan’s nuclear arms, cites previously undisclosed concerns about biological and chemical sites there, and details efforts to assess the loyalties of counterterrorism sources recruited by the CIA.
Pakistan appears at the top of charts listing critical U.S. intelligence gaps. It is named as a target of newly formed analytic cells. And fears about the security of its nuclear program are so pervasive that a budget section on containing the spread of illicit weapons divides the world into two categories: Pakistan and everybody else.
The disclosures — based on documents provided to The Washington Post by former intelligence contractor Edward Snowden — expose broad new levels of U.S. distrust in an already unsteady security partnership with Pakistan, a politically unstable country that faces rising Islamist militancy. They also reveal a more expansive effort to gather intelligence on Pakistan than U.S. officials have disclosed.
----
Beyond the budget files, other classified documents provided to The Post expose fresh allegations of systemic human rights abuses in Pakistan. U.S. spy agencies reported that high-ranking Pakistani military and intelligence officials had been aware of — and possibly ordered — an extensive campaign of extrajudicial killings targeting militants and other adversaries.
Public disclosure of those reports, based on communications intercepts from 2010 to 2012 and other intelligence, could have forced the Obama administration to sever aid to the Pakistani armed forces because of a U.S. law that prohibits military assistance to human rights abusers. But the documents indicate that administration officials decided not to press the issue, in order to preserve an already frayed relationship with the Pakistanis.
In a statement, a spokeswoman for the National Security Council said the United States is “committed to a long-term partnership with Pakistan, and we remain fully engaged in building a relationship that is based on mutual interests and mutual respect.”...
http://www.washingtonpost.com/world/national-security/top-secret-us-intelligence-files-show-new-levels-of-distrust-of-pakistan/2013/09/02/e19d03c2-11bf-11e3-b630-36617ca6640f_story.html
From Wall Street Journal:
Russian researchers expose breakthrough U.S. spying program. The National Security Agency found a way to implant spyware into the firmware of hard drives, allowing the agency the ability to spy on the majority of computers worldwide, according to Kaspersky Lab. The Moscow-based security agency said it found infected computers in 30 countries, with the most infections found in Iran, Russia, Pakistan, Afghanistan, China, Mali, Syria, Yemen and Algeria. The targets included banks, energy companies, government and military institutions. A former NSA employee tells Reuters that Kasperky’s analysis is correct. The news could soon lead to more backlash against Western technology vendors.
http://blogs.wsj.com/cio/2015/02/17/ups-business-rides-on-orion-routing-algorithm/
#US #NSA hacked NTC to spy on #Pakistan military, political leadership: #Snowden documents reveal #NSAhack https://www.thenews.com.pk/latest/143967-US-hacked-NTC-to-spy-on-Pakistan-military-political-leadership-Snowden-documents …
The United States hacked into targets in the Pakistan's National Telecommunications Corporation (NTC) to spy on the country's political and military leadership, documents released by former National Security Agency contractor Edward Snowden confirm.
According to a report by online news site The Intercept, the previously unpublished documents released by Snowden confirm that some of the NSA's top-secret code has been leaked or hacked.
In the latest leak of top-secret documents, Snowden has given The Intercept a classified draft NSA manual on how to implant the SECONDDATE malware – malicious code that is used to monitor or control someone else's computer, the website said.
"There are at least two documented cases of SECONDDATE being used to successfully infect computers overseas: An April 2013 presentation boasts of successful attacks against computer systems in both Pakistan and Lebanon," said The Intercept report.
"In the first, NSA hackers used SECONDDATE to breach 'targets in Pakistan’s National Telecommunications Corporation’s (NTC) VIP Division,' which contained documents pertaining to 'the backbone of Pakistan’s Green Line communications network' used by 'civilian and military leadership'," said the report.
According to report, SECONDDATE is just one method used by the NSA to hack into target computer systems and networks.
Another document in the cache released by Snowden describes how the NSA used software other than SECONDDATE to repeatedly attack and hack into computer systems in Pakistan.
#US #NSA used #malware to spy on #Pakistani civilian, military leadership. #Pakistan #NSAhack #Snowden
http://www.dawn.com/news/1279013/nsa-used-malware-to-spy-on-pakistani-civilian-military-leadership-report
The United States' clandestine National Security Agency (NSA) allegedly spied on top civil-military leadership in Pakistan using malware, The Intercept reported.
Malware SECONDDATE allegedly built by the NSA was used by agency hackers to breach "targets in Pakistan’s National Telecommunications Corporation’s (NTC) VIP Division", which contained documents pertaining to "the backbone of Pakistan’s Green Line communications network" used by "civilian and military leadership", according to an April 2013 presentation document obtained by The Intercept.
The file appears to be a 'top secret' presentation originating from the NSA's SigDev division.
SECONDDATE is described as a tool that intercepts web requests and redirects browsers on target computers to an NSA web server. The server then infects the web requests with malware.
The malware server, also known as FOXACID, has been described in earlier leaks made by former NSA contractor Edward Snowden.
SECONDDATE, however, is just one method the NSA allegedly uses to redirect a target's browser to the FOXACID server. Others involve exploiting bugs in commonly used email providers by sending spam or malicious links that lead to the server, The Intercept said.
Another document obtained by The Intercept, an NSA Special Source Operations division newsletter describes how agency software other than SECONDDATE was used to repeatedly direct targets in Pakistan to the FOXACID servers to infect target computers.
The Intercept confirmed the "authenticity" of the SECONDDATE malware by means of a data leak reportedly made by Snowden.
Snowden released a classified top-secret agency draft manual for implanting malware which instructs NSA operators to track their use of a malware programme through a 16-character string ─ the same string which appears in the SECONDDATE code leaked by a group called ShadowBrokers.
ShadowBrokers last week announced that SECONDDATE was part of a group of NSA-built 'cyber weapons' that it was auctioning off.
Although it is unclear how the code for the software leaked and was obtained by ShadowBrokers, The Intercept claims "the malware is covered with NSA's virtual fingerprints and clearly originates from the agency".
The ShadowBrokers auction of SECONDDATE is the first time any full copies of NSA software have been made available to the public.
"The person or persons who stole this information might have used them against us," Johns Hopkins University cryptographer Matthew Green said on the dangers of such software becoming available to the public.
Speaking to The Intercept, Green said that such exploits could be used to target anyone using a vulnerable router. "This is the equivalent of leaving lockpicking tools lying around a high school cafeteria. It’s worse, in fact, because many of these exploits are not available through any other means, so they’re just now coming to the attention of the firewall and router manufacturers that need to fix them, as well as the customers that are vulnerable."
The Intercept has in the past published a number of reports from documents released by Snowden. The site’s editors include Glenn Greenwald, who won a Pulitzer Prize for his work in reporting on the whistleblower’s revelations.
https://theintercept.com/2016/08/19/the-nsa-was-hacked-snowden-documents-confirm/
Wikileaks reveal #American #Spy Agency #NSA #Cyber Weapons Used to Hack #Pakistan mobile system http://bit.ly/2nQ1VHn via @techjuicepk
New information about the involvement of US in hacking Pakistan mobile system has been found in a release by Wikileaks. This leak points to NSA’s cyber weapons which include code related to hacking of Pakistan mobile system.
NSA’s interest in Pakistan
NSA, National Security Agency responsible for global monitoring, collection, and processing of information and data for foreign intelligence and counterintelligence purposes in the USA, has allegedly spied on Pakistani civilian and military leadership in the past. Edward Snowden, a former NSA employee, has also suggested in the past that NSA used wiretapping and cyber weapons to spy on many international leaders.
Scope of new information
On Saturday, Wikileaks revealed hundreds of cyber weapons variants which include code pointing towards NSA hacking Pakistan mobile system.
The link shared in the tweet by Wikileaks’ official account points to a Github repository containing the decrypted files pertaining to NSA cyber weapons. A complete analysis of these files by a cyber security expert is needed to further highlight the severity of the situation. Initial impressions, however, seem to indicate that these leaks will certainly provide more substance to previous allegations against NSA.
IT ministry to come up with plan to ensure country’s cyber-security
National12 HOURS AGO BY APP
https://www.pakistantoday.com.pk/2018/01/11/it-ministry-to-come-up-with-plan-to-ensure-countrys-cyber-security/
Ministry of Information Technology has been entrusted with the responsibility to propose an appropriate organisation in order to ensure cyber-security of Pakistan.
The decision was taken during a high-level meeting on Thursday to develop a framework and way forward to coordinate and evolve a mechanism for country’s cyber-security.
National Security Adviser Nasser Khan Janjua chaired the meeting. National Security Division secretary, representatives from Ministry of Information and Broadcasting, Ministry of Information Technology, Pakistan Electronic Media Regulatory Authority (PEMRA), Pakistan Telecommunication Authority (PTA) and Federal Investigation Agency (FIA) attended the meeting.
Moreover, the Ministry of Information and Broadcasting will propose a mechanism that could chalk out a way forward towards the use of social media for a progressive Pakistan.
The meeting ended on a note that a next session would be scheduled soon to conclude the process of evolving a mechanism for ensuring cyber-security.
E-governance council to be established in Pakistan for policy formulation
https://www.techjuice.pk/e-governance-council-to-be-established-in-pakistan-for-policy-formulation/
Nasser Khan Janjua, the National Security Advisor Lt General (Retd) said during a closing ceremony that Pakistan is in need of excelling and developing an e-governance council policy formulation according to the globally acceptable parameters. The ceremony, “Cyber Secure Pakistan – Policy Framework” was arranged by CGSS and was held in Islamabad on Tuesday.
The seminar highlighted the importance of emerging technologies in the cyber world. It aimed to create an awareness about the threats concerning the national security due to the evolvement in the cyberspace and therefore, to plan a consolidated cybersecurity policy for the country.
The advisor said, “Pakistan is engulfed in traditional threats and insecurities due to which the new emerging threats have been ignored hence, we have to do better more than ever before,”
The ‘emerging threats’ are due to the growing digitalization of the cyberspace and are pertaining to the country’s defense and security, he expressed.
He added that the whole sphere had been endangered and it was very important to get out of the consumer market and venture into the new dimensions.
Mr. Nasser further stated, “Excessive use of internet has put our security under the threat. Due to our increasing alliance on the internet, cybersecurity policy is becoming the need of the hour.”
Moreover, Lieutenant General Muhammad Zahir Ul Islam (Retd) – Chairman CGSS, in his opening remarks stated that a well-articulated legislation must be passed by the government that would provide a legal framework for law enforcement and intelligence agencies to operate under. Likewise, Secretary National Security Division, Syed Iftikhar Hussain Babar also called attention to the significance of the cybersecurity in his opening address.
He mentioned that the danger of the cyber warfare is real and protecting the data is as important as protecting ourselves. The government and many private institutions have been working in this regard. Before the world moves a step further in the cyberspace, Pakistan must secure a firm position in this particular field and formulate its state policy accordingly.
Experts are unanimous in saying that the most important target of #Indian #cyber-#espionage & #cyberattacks by far is #Pakistan. Limited employment prospects of Indian techies have created a swarm of underground threat actors in #India| The Daily Swig
https://portswigger.net/daily-swig/indian-cyber-espionage-activity-rising-amid-growing-rivalry-with-china-pakistan
Morgan Wright, chief security advisor at SentinelOne and former US State Department special advisor, told The Daily Swig: “India’s growing offensive capability is still immature compared to China, North Korea, Russia, Israel, the UK and US. However, there is no shortage of people with advanced technical skills in India.”
With Covid-19 causing significant unemployment in India, it can be “safely assumed a portion of people with these skills will engage in cybercrime”, according to Wright.
“Ironically, tactics learned in committing cybercrime will be of value to the intelligence and military establishment in India as they develop and grow units to engage in cyber warfare and espionage,” he said.
India security
Assaf Dahan, senior director and head of threat research at Cybereason, told The Daily Swig: “The level of sophistication of the activity groups affiliated with India can vary; some groups have shown a high level of sophistication and use of advanced custom-built tools or advanced exploits, while others exhibited significantly less sophisticated capabilities.
“Sometimes a group might exhibit different levels of sophistication on different operations, based on the group’s needs and reasoning,” he added.
Dahan concluded: “Another point to remember: the level of sophistication isn’t always correlated with the success rate of the group’s operation or goals. Sometimes, simple social engineering attacks delivering a known commodity malware can be enough to get the threat actors what they want.”
What examples are there of Indian APT groups?
Recent attacks by Indian hacker groups:
The highly active cyber-espionage entity known as SideWinder has been plaguing governments and enterprises since 2012. A recently released report by AT&T Alien Labs shows most of SideWinder’s activity is heavily focused on South Asia and East Asia, with the group likely supporting Indian political interests.
The allegedly Indian state-sponsored group Dropping Elephant has been known to target the Chinese government via spear-phishing and watering hole attacks.
Viceroy Tiger has been known to use weaponised Microsoft Office documents in spear-phishing campaigns. Security researchers at Lookout recently went public with research on mobile malware attributed to the threat actors and rated as medium sophistication.
The level of direct Indian government involvement in some of these operations is contested.
Cybereason’s Dahan cautioned: “The line between ‘state operated’ or ‘state ordered’ can be rather fine, so it’s not always easy to link certain operations directly to an official government or military institution, especially due to the growing popularity of cyber mercenaries (hackers-for-hire).”
How might India expand its cyber warfare capabilities and defences?
Through an emerging initiative to provide technology education to 400,000 low-income students, India will significantly increase its cyber “bench strength”, according to Mike Hamilton, former CISO for the City of Seattle and co-founder and CISO of cybersecurity firm CI Security.
Hamilton predicted that a “cybercrime population will emerge [in India] and differentiate itself from nationalist motivations”.
Other experts reckon the flow of talent will run the other way and allow Indian to expand its cyber-espionage capabilities from the cohorts of cybercriminals.
Experts are unanimous in saying that the most important target of #Indian #cyber-#espionage & #cyberattacks by far is #Pakistan. Limited employment prospects of Indian techies have created a swarm of underground threat actors in #India| The Daily Swig
https://portswigger.net/daily-swig/indian-cyber-espionage-activity-rising-amid-growing-rivalry-with-china-pakistan
Morgan Wright, chief security advisor at SentinelOne and former US State Department special advisor, told The Daily Swig: “India’s growing offensive capability is still immature compared to China, North Korea, Russia, Israel, the UK and US. However, there is no shortage of people with advanced technical skills in India.”
With Covid-19 causing significant unemployment in India, it can be “safely assumed a portion of people with these skills will engage in cybercrime”, according to Wright.
“Ironically, tactics learned in committing cybercrime will be of value to the intelligence and military establishment in India as they develop and grow units to engage in cyber warfare and espionage,” he said.
India security
Assaf Dahan, senior director and head of threat research at Cybereason, told The Daily Swig: “The level of sophistication of the activity groups affiliated with India can vary; some groups have shown a high level of sophistication and use of advanced custom-built tools or advanced exploits, while others exhibited significantly less sophisticated capabilities.
“Sometimes a group might exhibit different levels of sophistication on different operations, based on the group’s needs and reasoning,” he added.
Dahan concluded: “Another point to remember: the level of sophistication isn’t always correlated with the success rate of the group’s operation or goals. Sometimes, simple social engineering attacks delivering a known commodity malware can be enough to get the threat actors what they want.”
What examples are there of Indian APT groups?
Recent attacks by Indian hacker groups:
The highly active cyber-espionage entity known as SideWinder has been plaguing governments and enterprises since 2012. A recently released report by AT&T Alien Labs shows most of SideWinder’s activity is heavily focused on South Asia and East Asia, with the group likely supporting Indian political interests.
The allegedly Indian state-sponsored group Dropping Elephant has been known to target the Chinese government via spear-phishing and watering hole attacks.
Viceroy Tiger has been known to use weaponised Microsoft Office documents in spear-phishing campaigns. Security researchers at Lookout recently went public with research on mobile malware attributed to the threat actors and rated as medium sophistication.
The level of direct Indian government involvement in some of these operations is contested.
Cybereason’s Dahan cautioned: “The line between ‘state operated’ or ‘state ordered’ can be rather fine, so it’s not always easy to link certain operations directly to an official government or military institution, especially due to the growing popularity of cyber mercenaries (hackers-for-hire).”
How might India expand its cyber warfare capabilities and defences?
Through an emerging initiative to provide technology education to 400,000 low-income students, India will significantly increase its cyber “bench strength”, according to Mike Hamilton, former CISO for the City of Seattle and co-founder and CISO of cybersecurity firm CI Security.
Hamilton predicted that a “cybercrime population will emerge [in India] and differentiate itself from nationalist motivations”.
Other experts reckon the flow of talent will run the other way and allow Indian to expand its cyber-espionage capabilities from the cohorts of cybercriminals.
Ignite Conducts Karachi Qualifier Round of Digital Pakistan Cybersecurity Hackathon 2022
https://propakistani.pk/2022/12/02/ignite-conducts-karachi-qualifier-round-of-digital-pakistan-cybersecurity-hackathon-2022/
Ignite National Technology Fund, a public sector company with the Ministry of IT & Telecom, conducted the qualifier round of Digital Pakistan Cybersecurity Hackathon 2022 in Karachi on 1st December 2022 after conducting qualifier rounds at Quetta and Lahore.
The Cybersecurity Hackathon aims to improve the cybersecurity readiness, protection, and incident response capabilities of the country by conducting cyber drills at a national level and identifying cybersecurity talent for public and private sector organizations.
Dr. Zain ul Abdin, General Manager Ignite, stated that Ignite was excited about organizing Pakistan’s 2nd nationwide cybersecurity hackathon in five cities this year. The purpose of the Cyber Security Hackathon 2022 is to train and prepare cyber security experts in Pakistan, he said.
Speaking on the occasion, Asim Shahryar Husain, CEO Ignite, said, “The goal of the cybersecurity hackathon is to create awareness about the rising importance of cybersecurity for Pakistan and also to identify and motivate cybersecurity talent which can be hired by public and private sector organizations to secure their networks from cyberattacks.”
“There is a shortage of 3-4 million cybersecurity professionals globally. So this is a good opportunity for Pakistan to build capacity of its IT graduates in cybersecurity so that they can boost our IT exports in future,” he added.
Chief guest, Mohsin Mushtaq, Additional Secretary (Incharge) IT & Telecommunication, said, “Digital Pakistan Cybersecurity Hackathon is a step towards harnessing the national talent to form a national cybersecurity response team.”
“Ignite will continue to hold such competitions every year to identify new talent. I would like to congratulate CEO Ignite and his team for holding such a marathon competition across Pakistan to motivate cybersecurity students and professionals all over the country,” he added.
Top cybersecurity experts were invited for keynote talks during the occasion including Moataz Salah, CEO Cyber Talents, Egypt, and Mehzad Sahar, Group Head InfoSec Engro Corp, who delivered the keynote address on Smart InfoSec Strategy.
Panelists from industry, academia, and MoITT officials participated in two panel discussions on “Cyber Threats and Protection Approaches” and “Indigenous Capability & Emerging Technologies” during the event.
The event also included a cybersecurity quiz competition in which 17 teams participated from different universities. The top three teams in the competition were awarded certificates.
41 teams competed from Karachi in the Digital Pakistan Cybersecurity Hackathon 2022.
The top three teams shortlisted after the eight-hour hackathon were: “Team Control” (Winner); “Revolt” (1st Runner-up); and “ASD” (2nd Runner-up).
These top teams will now compete in the final round of the hackathon in Islamabad later this month.
Russian FSB Hackers Breach Pakistani APT Storm-0156
(Russian) Parasitic advanced persistent threat (APT) Secret Blizzard accessed another APT's infrastructure (Pakistan's), and stole the same kinds of info it targets in South Asian government and military victims.
https://www.darkreading.com/threat-intelligence/russian-fsb-hackers-breach-pakistan-storm-0156
Hackers operating on behalf of Russian state intelligence have breached hackers operating out of Pakistan, latching onto their espionage campaigns to steal information from government, military, and defense targets in Afghanistan and India.
In December 2022, Secret Blizzard (aka Turla) — which the Cybersecurity and Infrastructure Security Agency (CISA) has tied to Russia's Federal Security Service (FSB) — gained access to a server run by another advanced persistent threat (APT), Storm-0156 (aka Transparent Tribe, SideCopy, APT36). It soon expanded into 33 separate command-and-control (C2) nodes operated by Storm-0156 and, in April 2023, breached individual workstations owned by its fellow hackers.
Since then, researchers from Microsoft and Black Lotus Labs say, Secret Blizzard has been able to leech off of Storm-0156's cyberattacks, accessing sensitive information from various Afghani government agencies and Indian military and defense targets.
---------------------
Frequent freeloader part I: Secret Blizzard compromising Storm-0156 infrastructure for espionage | Microsoft Security Blog
https://www.microsoft.com/en-us/security/blog/2024/12/04/frequent-freeloader-part-i-secret-blizzard-compromising-storm-0156-infrastructure-for-espionage/
In this first of a two-part blog series, we discuss how (Russia's) Secret Blizzard has used the infrastructure of the Pakistan-based threat activity cluster we call Storm-0156 — which overlaps with the threat actor known as SideCopy, Transparent Tribe, and APT36 — to install backdoors and collect intelligence on targets of interest in South Asia. Microsoft Threat Intelligence partnered with Black Lotus Labs, the threat intelligence arm of Lumen Technologies, to confirm that Secret Blizzard command-and-control (C2) traffic emanated from Storm-0156 infrastructure, including infrastructure used by Storm-0156 to collate exfiltrated data from campaigns in Afghanistan and India. We thank the Black Lotus Team for recognizing the impact of this threat and collaborating on investigative efforts. In the second blog, Microsoft Threat Intelligence will be detailing how Secret Blizzard has used Amadey bots and the PowerShell backdoor of two other threat actors to deploy the Tavdigbackdoor and then use that foothold to install their KazuarV2 backdoor on target devices in Ukraine.
Post a Comment