Thursday, March 9, 2017

Has Pakistan Developed Cyber Attack and Defense Capabilities?

Recent reports of Russian hacks of the American Democratic Party's election campaign staff to influence the outcome of US elections have brought international cyber espionage in sharp focus once again. How many nations have such capabilities? What are their names? Are India and Pakistan among them?

Pakistan is believed to be among a couple of dozen nations with serious cyber espionage capabilities. This belief has been strengthened among the cyber security community since Operation Arachnophobia is suspected to have originated in Pakistan.

Bloodmoney: A Novel of Espionage:

Washington Post columnist David Ignatius frequently writes about the activities of intelligence agencies and often cites "anonymous" intelligence sources to buttress his opinions. He is also a novelist who draws upon his knowledge to write spy thrillers.

Ignatius's 2011 fiction "Bloodmoney: A Novel of Espionage" features a computer science professor Dr. Omar who teaches at a Pakistani university as the main character. Omar, born in  Pakistan's tribal region of South Waziristan, is a cyber security expert. One of Omar's specialties is his deep knowledge of SWIFT, a network operated by Society for Worldwide Interbank Financial Telecommunication that tracks all international financial transactions, including credit card charges.

Omar's parents and his entire family are killed in a misdirected US drone strike. Soon after the tragedy,  several undercover CIA agents are killed within days after their arrival in Pakistan.  American and Pakistani investigations seek the professor's help to solve these murders. Ignatius's novel ends with the identification of the professor as the main culprit in the assassinations of CIA agents.

Operation Arachnophobia:

In 2014, researchers from FireEye, a Silicon Valley cyber security company founded by a Pakistani-American,  and ThreatConnect teamed up in their investigation of "Operation Arachnophobia" targeting Indian computers. It features a custom malware family dubbed Bitterbug that serves as the backdoor for stealing information. Though the researchers say they have not identified the specific victim organizations, they have spotted malware bundled with decoy documents related to Indian issues, according to

The reason it was dubbed "Operation Arachnophobia" has to do with the fact that variants of the Bitterburg malware detected by the researchers included build paths containing the strings “Tranchulas” and “umairaziz27”, where Tranchulas is the name of an Islamabad-based Pakistani security firm and Umair Aziz is one of its employees.

Operation Hangover:

Operation Arachnophobia targeted Indian officials. It appears to have been Pakistan's response to India's Operation Hangover that targeted Pakistan. Investigations by  Norway-based security firm Norman have shown that the Operation Hangover attack infrastructure primarily was used as a means to extract security-related information from Pakistan and, to a lesser extent, China.

"Targeted attacks are all too common these days, but this one is certainly noteworthy for its failure to employ advanced tools to conduct its campaigns," said Jean Ian-Boutin, malware researcher at ESET security company. "Publicly available tools to gather information on infected systems shows that the attackers did not go to great lengths to cover their tracks. On the other hand, maybe they see no need to implement stealthier techniques because the simple ways still work."

Attack Easier Than Defense:

The fact that cyber attacks so often succeed suggests that it's easier to attack a system than to defend it.  By the time such attacks are detected, it's already too late. A lot of valuable information has already been lost to attackers.

However, it's still very important to possess the cyberattack capability as a deterrent to attacks. Those who lack the capacity to retaliate invite even more brazen cyberattacks.

Need for International Treaties:

Cyberattacks on infrastructure can have disastrous consequences with significant loss of human life. Disabling power grids and communication networks can hurt a lot of people and prevent delivery of aid to victims of disaster. It's important that nations work together to agree on some norms for what is permissible and what is not before there is a catastrophe.


About 30 nations, including US, UK, France, Germany, Russia, China, India, Iran, Israel and Pakistan, possess cyber espionage and attack capabilities.  Growth and proliferation of such technologies present a serious threat to world peace.  There is an urgent need for nations of the world to come together to agree on reasonable restrictions to prevent disasters.

Haq's Musings

Revolution in Military Affairs: Cyberweapons and Robots

Cyber Warfare

Pakistani-American Founder of Fireeye Cyber Firm

Pakistan Boosts Surveillance to Fight Terror

Pakistan's Biometric Registration Database

Operation Zarb e Azb Launch

Ex Indian Spy Documents RAW's Successes in Pakistan

Intelligence Failures in Preventing Daily Carnage in Pakistan

What If Musharraf Had Said NO to US After 911?

Pakistani Computer Scientist Fights Terror

Pakistani Killer Drones to Support Anti-Terror Campaign

3G 4G Rollout Spurs Data Services Boom in Pakistan

Fiber Optic Connectivity in Pakistan


Riaz Haq said...


A NEW REPORT from Rand Corp. may help shed light on the government’s arsenal of malicious software, including the size of its stockpile of so-called “zero days” — hacks that hit undisclosed vulnerabilities in computers, smartphones, and other digital devices.

The report also provides evidence that such vulnerabilities are long lasting. The findings are of particular interest because not much is known about the U.S. government’s controversial use of zero days. Officials have long refused to say how many such attacks are in the government’s arsenal or how long it uses them before disclosing information about the vulnerabilities they exploit so software vendors can patch the holes.

Rand’s report is based on unprecedented access to a database of zero days from a company that sells them to governments and other customers on the “gray market.” The collection contains about 200 entries — about the same number of zero days some experts believe the government to have. Rand found that the exploits had an average lifespan of 6.9 years before the vulnerability each targeted was disclosed to the software maker to be fixed, or before the vendor made upgrades to the code that unwittingly eliminated the security hole.

Some of the exploits survived even longer than this. About 25 percent had a lifespan of a decade or longer. But another 25 percent survived less than 18 months before they were patched or rendered obsolete through software upgrades.

Rand’s researchers found that there was no pattern around which exploits lived a long or short life — severe vulnerabilities were not more likely to be fixed quickly than minor ones, nor were vulnerabilities in programs that were more widely available.

“The relatively long life expectancy of 6.9 years means that zero-day vulnerabilities — in particular the ones that exploits are created for [in the gray market] — are likely old,” write lead researchers Lillian Ablon and Andy Bogart in their paper “Zero Days, Thousands of Nights.”

Rand, a nonprofit research group, is the first to study in this manner a database of exploits that are in the wild and being actively used in hacking operations. Previous studies of zero days have used manufactured data or the vulnerabilities and exploits that get submitted to vendor bug bounty programs — programs in which software makers or website owners pay researchers for security holes found in their software or websites.

The database used in the study belongs to an anonymous company referred to in the report as “Busby,” which amassed the exploits over 14 years, going back to 2002. Busby’s full database actually has around 230 exploits in it, about 100 of which are still considered active, meaning they are unknown to the software vendors and therefore no patches are available to fix them. The Rand researchers only had access to information on 207 zero days — the rest are recently discovered exploits the company withheld from Rand’s set “due to operational sensitivity.”

While it’s not known how many of these exploits are in the U.S. government’s arsenal, Jason Healey, a senior research scholar at Columbia University’s School for International and Public Affairs, believes the U.S. government’s zero-day stockpile is comparable in size to Busby’s.

Anonymous said...

Actually, Pakistan has more to worry. Pakistan's critical infrastructure runs on Chinese manufactured devices containing Chinese firmwares. Like Pakistan's mobile network. Or Internet routers. Chinese firmwares are usually poorly written with gaping holes like never seen before. Few example are ZTE and Huwei. Modems and Routers produced by these firms are riddled with very easy to exploit bugs. My favourite one is a DoS attack involving invoking reboot.cgi. Chinese are so careless with their firmware that they do not even check for authorized session. A script kidde can bring entire bank to halt if they were using Chinese modems to connect to internet.

Riaz Haq said...

Anon: " Like Pakistan's mobile network. Or Internet routers. Chinese firmwares are usually poorly written with gaping holes like never seen before. Few example are ZTE and Huwei. "

Both ZTE and Huawei have huge market share all over the world. Here's a BT report:

"n 2011/12, Huawei was ahead of Ericsson and Nokia Siemens Network (NSN), the European telecom equipment makers which have long held the top two spots in the country by revenues. But the first few years were full of hurdles for both Huawei and ZTE, also a Chinese telecom equipment maker. European companies such as NSN, Ericsson and Alcatel Lucent had been operating in India for decades and were trusted. There was a widespread perception that Chinese products would be of inferior quality."

And Europe is using a lot of Chinese telecom equipment:

A second strategy, exemplified by telecoms equipment maker Huawei Technologies, is a straightforward effort to raise margins by diversifying out of the low-margin Chinese market into higher-margin foreign ones. Huawei has derived more than half its sales from abroad for over a decade, and has gradually increased its presence in European markets, in part through loose alliances with major clients such as BT, Orange, Deutsche Telekom, and Telef√≥nica. It has also moved quickly into the device sector. From tablets to smartphones and 3G keys, its products are now spreading across Europe, as are its greenfield investments in European R&D centers. Its efforts to expand through M&A have been hampered by its image as an arm of the Chinese state—although privately owned, it has benefited from huge lines of credit from Chinese policy banks, and has never put to rest rumors of close ties with the People’s Liberation Army.

Abdul Jabbar said...

Pakistan has large number of hackers and has capability to respond to any threat.

Riaz Haq said...

The global war in Cyberia has begun — and will never end


To each American administration, its war. For Truman and Eisenhower, Korea. For Kennedy, Johnson and Nixon, Vietnam. For Carter and Reagan, the culmination of the Cold War. For both Bushes, Iraq. For Clinton, ex-Yugoslavia. For Obama, Afghanistan.

Which will be Donald Trump’s war? There is good reason to fear it could the Second Korean War. Or it could be yet another quagmire in the Middle East. His most excitable critics warn that the Third World War will happen on his watch. But I am more worried about the First Cyber War — because that war has already begun.

Last week’s cyber-attack was just the latest directed against the US by WikiLeaks: the release of a vast cache of documents stolen from the CIA.

In a tweet, WikiLeaks claimed these revealed “CIA hacker malware a threat to journalists: infests iPhone, Android bypassing Signal, Confide encryption”.

Actually, none of the documents mentions Signal, but that’s not the point. In the strange land of Cyberia — the twilight zone inhabited by Russian intelligence operatives — cyber-warfare is mainly about the spread of disinformation under the guise of leaking classified or confidential information.

To visit the WikiLeaks website is to enter the trophy room of Cyberia. Here is the “Hillary Clinton Email Archive”, over there are “The Podesta Emails”. Not all the leaked documents are American, but you will look in vain for leaks calculated to embarrass Russia. Julian Assange may still skulk in the Ecuadorean embassy in London but he lives in Cyberia, Vladimir Putin’s honoured guest.

Computer scientists have understood the disruptive potential of cyber-warfare since the earliest days of the internet. At first it was adolescent hackers who caused mayhem: geeks such as Robert Tappan Morris, who almost crashed the internet in 1988 by releasing a highly infectious software worm.

It is still the case that a lot of cyber-attacks are carried out by non-state actors: teenage vandals, criminals, “hacktivists” or terrorist organisations. However, the most striking development of the past year has been the advent of Cyberia.

As the country that built the internet, the US was bound to lead in cyber-warfare. During the 2003 Iraq invasion, US spies penetrated Iraqi networks and sent messages urging generals to surrender. Seven years later the US and Israel unleashed the Stuxnet virus on Iran’s nuclear facilities. The problem is not just that two can play at that game. It is that no one knows how many people can play at any number of cyber-games.

In recent years, the US has found itself under cyber-attack from Iran, North Korea and China. However, these attacks were directed against companies (notably Sony Pictures). The Russians are the first to wage war directly against the US government. They learnt the ropes in attacks on Estonia, Georgia and Ukraine. Last year, using WikiLeaks and the blogger Guccifer 2.0 as proxies, they launched a sustained assault on the US political system, using the Clinton emails and those of her campaign manager John Podesta to undermine the credibility of the Democratic Party’s presidential candidate.


Like the financial network, our social, commercial and infrastructural networks are under constant attack from fools and knaves. There is nothing we can do to stop them. The most we can do is to design networks so that the ravages of Cyberia can’t cause a total outage.

Trump’s war has begun: it is the First Cyber War. Like all wars, its first casualty was truth. Unlike other wars, it will have no last casualty, as it is a war without end. Get used to it. Or get rid of your computer.

Riaz Haq said...

Let’s leave aside the question of whether that interference decided the election in favour of Trump. The critical point is that Moscow was undeterred. For specialists in national security, this is only one of many perplexing features of cyber-war. Accustomed to the elegant theories of “mutually assured destruction” that evolved during the Cold War, they are struggling to develop a doctrine for a different form of conflict, with countless potential attackers and numerous gradations of destructiveness.

For Joseph Nye of Harvard’s Kennedy School, deterrence may be salvageable, but that can only be true now if America is prepared to make an example of an aggressor. The three other options Nye proposes are to ramp up cyber-security, to try to “entangle” potential aggressors in trade and other relationships (so as to raise the cost of cyber-attacks to them), or to establish global taboos against cyber, like those against biological and chemical weapons.

Nye’s analysis is not very comforting. Given the sheer number of cyber-aggressors, defence seems doomed to lag behind offence. And the Russians have proved themselves to be indifferent to both entanglement and taboos, even if China seems more amenable to Nye’s approach.

How scared should we be of Cyberia? For Princeton’s Anne-Marie Slaughter, our hyper-networked world is, on balance, a benign place and America “will gradually find the golden mean of network power”. At the other extreme is Joshua Cooper Ramo, whose book T he Seventh Sense argues for the erection of real and virtual “gates” to shut out the Russians and other malefactors. But Ramo himself quotes the three rules of computer security devised by the NSA cryptographer Robert Morris Sr: 1. Do not own a computer; 2. Do not power it on; 3. Do not use it. If we all ignore those rules, how will any gates keep out the Cyberians?

An intellectual arms race is on to devise a viable doctrine of cyber-security. My 10 cents’ worth is that those steeped in the traditional thinking of national security will not come up with it. A realistic goal is not to deter attacks or retaliate against them but to regulate all the various networks on which our society depends so that they are resilient — or, better still, “anti-fragile”, a term coined by Nassim Taleb to describe a system that grows stronger under attack.

Riaz Haq said...

Can Cyber Warfare Be Deterred? by Joseph Nye

Fear of a “cyber Pearl Harbor” first appeared in the 1990s, and for the past two decades, policymakers have worried that hackers could blow up oil pipelines, contaminate the water supply, open floodgates and send airplanes on collision courses by hacking air traffic control systems. In 2012, then-US Secretary of Defense Leon Panetta warned that hackers could “shut down the power grid across large parts of the country.”
None of these catastrophic scenarios has occurred, but they certainly cannot be ruled out. At a more modest level, hackers were able to destroy a blast furnace at a German steel mill last year. So the security question is straightforward: Can such destructive actions be deterred?
The Year Ahead 2017 Cover Image
It is sometimes said that deterrence is not an effective strategy in cyberspace, because of the difficulties in attributing the source of an attack and because of the large and diverse number of state and non-state actors involved. We are often not sure whose assets we can hold at risk and for how long.
Attribution is, indeed, a serious problem. How can you retaliate when there is no return address? Nuclear attribution is not perfect, but there are only nine states with nuclear weapons; the isotopic identifiers of their nuclear materials are relatively well known; and non-state actors face high entry barriers.
None of this is true in cyberspace where a weapon can consist of a few lines of code that can be invented (or purchased on the so-called dark web) by any number of state or non-state actors. A sophisticated attacker can hide the point of origin behind the false flags of several remote servers.
While forensics can handle many “hops” among servers, it often takes time. For example, an attack in 2014 in which 76 million client addresses were stolen from JPMorgan Chase was widely attributed to Russia. By 2015, however, the US Department of Justice identified the perpetrators as a sophisticated criminal gang led by two Israelis and an American citizen who lives in Moscow and Tel Aviv.
Attribution, however, is a matter of degree. Despite the dangers of false flags and the difficulty of obtaining prompt, high-quality attribution that would stand up in a court of law, there is often enough attribution to enable deterrence.
For example, in the 2014 attack on SONY Pictures, the United States initially tried to avoid full disclosure of the means by which it attributed the attack to North Korea, and encountered widespread skepticism as a result. Within weeks, a press leak revealed that the US had access to North Korean networks. Skepticism diminished, but at the cost of revealing a sensitive source of intelligence.
Prompt, high-quality attribution is often difficult and costly, but not impossible. Not only are governments improving their capabilities, but many private-sector companies are entering the game, and their participation reduces the costs to governments of having to disclose sensitive sources. Many situations are matters of degree, and as technology improves the forensics of attribution, the strength of deterrence may increase.
Moreover, analysts should not limit themselves to the classic instruments of punishment and denial as they assess cyber deterrence. Attention should also be paid to deterrence by economic entanglement and by norms.
Economic entanglement can alter the cost-benefit calculation of a major state like China, where the blowback effects of an attack on, say, the US power grid could hurt the Chinese economy. Entanglement probably has little effect on a state like North Korea, which is weakly linked to the global economy. It is not clear how much entanglement affects non-state actors. Some may be like parasites that suffer if they kill their host, but others may be indifferent to such effects.

Riaz Haq said...

As for norms, major states have agreed that cyber war will be limited by the law of armed conflict, which requires discrimination between military and civilian targets and proportionality in terms of consequences. Last July, the United Nations Group of Government Experts recommended excluding civilian targets from cyberattacks, and that norm was endorsed at last month’s G-20 summit.
It has been suggested that one reason why cyber weapons have not been used more in war thus far stems precisely from uncertainty about the effects on civilian targets and unpredictable consequences. Such norms may have deterred the use of cyber weapons in US actions against Iraqi and Libyan air defenses. And the use of cyber instruments in Russia’s “hybrid” wars in Georgia and Ukraine has been relatively limited.
The relationship among the variables in cyber deterrence is a dynamic one that will be affected by technology and learning, with innovation occurring at a faster pace than was true of nuclear weapons. For example, better attribution forensics may enhance the role of punishment; and better defenses through encryption may increase deterrence by denial. As a result, the current advantage of offense over defense may change over time.

Cyber learning is also important. As states and organizations come to understand better the importance of the Internet to their economic wellbeing, cost-benefit calculations of the utility of cyber warfare may change, just as learning over time altered the understanding of the costs of nuclear warfare.
Unlike the nuclear age, when it comes to deterrence in the cyber era, one size does not fit all. Or are we prisoners of an overly simple image of the past? After all, when nuclear punishment seemed too draconian to be credible, the US adopted a conventional flexible response to add an element of denial in its effort to deter a Soviet invasion of Western Europe. And while the US never agreed to a formal norm of “no first use of nuclear weapons,” eventually such a taboo evolved, at least among the major states. Deterrence in the cyber era may not be what it used to be, but maybe it never was

Riaz Haq said...

US scientists at U of Michigan hack' #India electronic #vote17 machines - BBC News. #UPElection2017

Scientists at a US university say they have developed a technique to hack into Indian electronic voting machines.
After connecting a home-made device to a machine, University of Michigan researchers were able to change results by sending text messages from a mobile.
Indian election officials say their machines are foolproof, and that it would be very difficult even to get hold of a machine to tamper with it.
India uses about 1.4m electronic voting machines in each general election.
'Dishonest totals'
A video posted on the internet by the researchers at the University of Michigan purportedly shows them connecting a home-made electronic device to one of the voting machines used in India.
Professor J Alex Halderman, who led the project, said the device allowed them to change the results on the machine by sending it messages from a mobile phone.

"We made an imitation display board that looks almost exactly like the real display in the machines," he told the BBC. "But underneath some of the components of the board, we hide a microprocessor and a Bluetooth radio."
"Our lookalike display board intercepts the vote totals that the machine is trying to display and replaces them with dishonest totals - basically whatever the bad guy wants to show up at the end of the election."
In addition, they added a small microprocessor which they say can change the votes stored in the machine between the election and the vote-counting session.
India's electronic voting machines are considered to be among the most tamperproof in the world.
There is no software to manipulate - records of candidates and votes cast are stored on purpose-built computer chips.
Paper and wax seals
India's Deputy Election Commissioner, Alok Shukla, said even getting hold of machines to tamper with would be very difficult.
"It is not just the machine, but the overall administrative safeguards which we use that make it absolutely impossible for anybody to open the machine," he told the BBC.
"Before the elections take place, the machine is set in the presence of the candidates and their representatives. These people are allowed to put their seal on the machine, and nobody can open the machine without breaking the seals."
The researchers said the paper and wax seals could be easily faked.
However, for their system to have any impact they would need to install their microchips on many voting machines, no easy task when 1,368,430 were used in the last general election in 2009.

Riaz Haq said...

India, Pakistan cyber war intensifies

NEW DELHI: Indian hackers claimed to have hacked Islamabad, Peshawar, Multan International and Karachi airport

The hack comes just days after Pakistani hackers, identifying themselves as 'Alone Injector', posted offensive content on NSG's official homepage. As most were preparing to celebrate New Year, hackers from India and Pakistan were busy firing shots across the online border in the ongoing cyber war between the two countries.

Indian hackers allegedly infected three Pakistan airport websites with ransomware claiming that this was to avenge hacking of the official website of the elite National Security Guard (NSG) by their counterpart in Pakistan.

Indian hackers on Monday night claimed to have hacked Islamabad, Peshawar, Multan International and Karachi airport website. Not only they have hacked and brought the website down, but have also injected it with ransomware malware which restricts the owners use of their website. Indian hackers locked the access to the websites and are demanding bitcoins (virtual money) in exchange for unlocking it. However, an Indian hacker told Mail Today that last time the money they got from Pakistan to unlock their computer was donated to needy kids but this time, they will not share the key to unlock the sites.

The move came just a day after Pakistani hackers, identifying themselves as 'Alone Injector', posted the offensive content on NSG's official homepage. The website belonging to the 'black cat' commandos is maintained from the NSG headquarters and gives out basic information about the force, its origin and operations.

The matter has been brought to the notice of the National Informatics Centre, and remedial action is in process. Retaliating immediately, Indian hackers have launched a massive attack on crucial Pakistan establishment and warned both Pakistan hackers and the government against attacking India further.

This hacking group in past had infected the Pakistan government systems, taken control over hundreds of computers and locked its complete data, making it inaccessible - using a malicious programme. The hacking group also leaked details of Pakistan army officers and banking details.

However, there was no confirmation by any security agency about it as the hackers from both the countries are not officially. This fighting started last week after Pakistan cyber attackers hacked

Thiruvananthapuram airport's website, a group of cyber experts from Kerala - the 'Mallu Cyber Soldiers' - decided to respond in kind: by hacking the website of a Pakistani airport. The hacker obtained the login information for the website of the Sialkot International Airport in Pakistan's Punjab province. They changed the password and shared the new login details with the public. Experts believe the hacking of airport websites can be used to get out crucial information about flights, which can have serious consequences.

Moreover, leaking of details about the individual airports - from logistics to facilities - is also dangerous. Experts believe that intelligence-gathering process has increased as hackers are not only defacing the sites but are silently spying on critical networks. 'Indian hackers have only replied after observing malicious intention of Pakistani hackers.

'Techies across the border targeted Indian sites result of which NSG's website was hacked. Such fights are common but now the intensity of attacks have increased many fold as hackers from both the countries are targeting crucial websites,' said Kislay Choudhary, a cyber crime expert.

Riaz Haq said...

America must defend itself against the real national security menace

by Fareed Zakaria

1. Punishment
2. Defense
3. Taboo

Since the North Korean government’s 2014 attacks on Sony Pictures Entertainment, many in the intelligence community, including Adm. Michael S. Rogers, have warned that “we’re at a tipping point.” Rogers, head of the National Security Agency and U.S. Cyber Command, testified to Congress in 2015 that the country had no adequate deterrent against cyberattacks. He and many others have argued for an offensive capacity forceful enough to dissuade future threats.

But the digital realm is a complex one, and old rules will not easily translate. The analogy that many make is to nuclear weapons. In the early Cold War, that new category of weaponry led to the doctrine of deterrence, which in turn led to arms-control negotiations and other mechanisms to foster stable, predictable relations among the world’s nuclear powers.

But this won’t work in the cyber realm, Joseph Nye says in an important new essay in the journal International Security. First, the goal of nuclear deterrence has been “total prevention” — to avert a single use of nuclear weapons. Cyberattacks happen all the time, everywhere. The Defense Department reports getting 10 million attacks a day. Second, there is the problem of attribution. Nye quotes defense official William Lynn, who observed in 2010, “Whereas a missile comes with a return address, a computer virus generally does not.” That’s why it is so easy for the Russian government to deny any involvement with the hacking against the Democratic National Committee. It is hard to establish ironclad proof of the source of any cyberattack — which is a large part of its attractiveness as an asymmetrical weapon.

Nye argues that there are four ways to deal with cyberattacks: punishment, entanglement, defense and taboos. Punishment involves retaliation, and although it is worth pursuing, both sides can play that game, and it could easily spiral out of control.

Entanglement means that if other countries were to harm the United States, their own economies would suffer. It strikes me as of limited value because there are ways to attack the United States discreetly without shooting oneself in the foot (as Russia has shown recently, and as Chinese cybertheft of intellectual property shows as well). And it certainly wouldn’t deter groups such as the Islamic State, al-Qaeda or even WikiLeaks.

The other two strategies merit more consideration. Nye contends that the United States should develop a serious set of defenses, beyond simply governmental networks, that are modeled on public health. Regulations and information would encourage the private sector to follow some simple rules of “cyber hygiene” that could go a long way toward creating a secure national network. This new system of defenses should become standard in the digital world.

The final strategy Nye suggests is to develop taboos against certain forms of cyberwarfare. He points out that after the use of chemical weapons in World War I, a taboo grew around their use, was enacted into international law and has largely held for a century. Similarly, in the 1950s, many strategists saw no distinction between tactical nuclear weapons and “normal” weapons. Gradually, countries came to shun any use of nuclear weaponry, a mutual understanding that has also survived for decades. Nye recognizes that no one is going to stop using cyber-tools but believes that perhaps certain targets could be deemed off-limits, such as purely civilian equipment.

Of course, the development of such norms would involve multilateral negotiations, international forums, rules and institutions, all of which the Trump administration views as globaloney. But at least it is working hard to prevent Yemeni tourists from entering the country.

Riaz Haq said...

Wikileaks reveal #American #Spy Agency #NSA #Cyber Weapons Used to Hack #Pakistan mobile system via @techjuicepk

New information about the involvement of US in hacking Pakistan mobile system has been found in a release by Wikileaks. This leak points to NSA’s cyber weapons which include code related to hacking of Pakistan mobile system.

NSA’s interest in Pakistan
NSA, National Security Agency responsible for global monitoring, collection, and processing of information and data for foreign intelligence and counterintelligence purposes in the USA, has allegedly spied on Pakistani civilian and military leadership in the past. Edward Snowden, a former NSA employee, has also suggested in the past that NSA used wiretapping and cyber weapons to spy on many international leaders.

Scope of new information
On Saturday, Wikileaks revealed hundreds of cyber weapons variants which include code pointing towards NSA hacking Pakistan mobile system.

The link shared in the tweet by Wikileaks’ official account points to a Github repository containing the decrypted files pertaining to NSA cyber weapons. A complete analysis of these files by a cyber security expert is needed to further highlight the severity of the situation. Initial impressions, however, seem to indicate that these leaks will certainly provide more substance to previous allegations against NSA.

Riaz Haq said...

#Cyberattack Hits #Ukraine Then Spreads Internationally. #NSA #hackingtool #WannaCry #Petya #Russia

Computer systems from Ukraine to the United States were struck on Tuesday in an international cyberattack that was similar to a recent assault that crippled tens of thousands of machines worldwide.

In Kiev, the capital of Ukraine, A.T.M.s stopped working. About 80 miles away, workers were forced to manually monitor radiation at the old Chernobyl nuclear plant when their computers failed. And tech managers at companies around the world — from Maersk, the Danish shipping conglomerate, to Merck, the drug giant in the United States — were scrambling to respond. Even an Australian factory for the chocolate giant Cadbury was affected.

It was unclear who was behind this cyberattack, and the extent of its impact was still hard to gauge Tuesday. It started as an attack on Ukrainian government and business computer systems — an assault that appeared to have been intended to hit the day before a holiday marking the adoption in 1996 of Ukraine’s first Constitution after its break from the Soviet Union. The attack spread from there, causing collateral damage around the world.

The outbreak was the latest and perhaps the most sophisticated in a series of attacks making use of dozens of hacking tools that were stolen from the National Security Agency and leaked online in April by a group called the Shadow Brokers.

Like the WannaCry attacks in May, the latest global hacking took control of computers and demanded digital ransom from their owners to regain access. The new attack used the same National Security Agency hacking tool, Eternal Blue, that was used in the WannaCry episode, as well as two other methods to promote its spread, according to researchers at the computer security company Symantec.

The National Security Agency has not acknowledged its tools were used in WannaCry or other attacks. But computer security specialists are demanding that the agency help the rest of the world defend against the weapons it created.

“The N.S.A. needs to take a leadership role in working closely with security and operating system platform vendors such as Apple and Microsoft to address the plague that they’ve unleashed,” said Golan Ben-Oni, the global chief information officer at IDT, a Newark-based conglomerate hit by a separate attack in April that used the agency’s hacking tools. Mr. Ben-Oni warned federal officials that more serious attacks were probably on the horizon.

The vulnerability in Windows software used by Eternal Blue was patched by Microsoft in March, but as the WannaCry attacks demonstrated, hundreds of thousands of groups around the world failed to properly install the fix.

“Just because you roll out a patch doesn’t mean it’ll be put in place quickly,” said Carl Herberger, vice president for security at Radware. “The more bureaucratic an organization is, the higher chance it won’t have updated its software.”

Because the ransomware used at least two other ways to spread on Tuesday — including stealing victims’ credentials — even those who used the Microsoft patch could be vulnerable and potential targets for later attacks, according to researchers at F-Secure, a Finnish cybersecurity firm, and others.

A Microsoft spokesman said the company’s latest antivirus software should protect against the attack.

The Ukrainian government said several of its ministries, local banks and metro systems had been affected. A number of other European companies, including Rosneft, the Russian energy giant; Saint-Gobain, the French construction materials company; and WPP, the British advertising agency, also said they had been targeted.

Riaz Haq said...

The Opinion Pages | EDITORIAL

When Cyberweapons Go Missing

Twice in the past few months, powerful cyberattacks have wreaked havoc on the world, shutting down tens of thousands of computers, including critical machines in hospitals, a nuclear site and businesses. The attacks were initially thought to be schemes to collect ransom, but their goals — whether money, politics or just chaos — have become increasingly blurred. One thing seems clear: The weapons for the attack were developed by the National Security Agency and stolen from it.

That’s chilling. After the first attack, Brad Smith, the president of Microsoft, said the theft of the cyberweapons was equivalent to Tomahawk missiles’ being stolen from the military, and he issued a scathing critique of the government’s stockpiling of computer vulnerabilities. The N.S.A. has not only failed to assist in identifying the vulnerabilities its weapons were designed to exploit but has also not even acknowledged their existence or their theft.

It remains a mystery whether the N.S.A. knows how its weapons were stolen. What is known is that a group called Shadow Brokers started offering them for sale in August and made them public in April. It promised a fresh batch last month, offering them to monthly subscribers. Former intelligence officials said it was clear the weapons came from an N.S.A. unit formerly known as Tailored Access Operations.

Once publicly available, the weapons can be reconfigured for many purposes and used by anyone with some computer savvy. North Korea was thought to be a culprit in the first wave of attacks, and Russian hackers may have been behind the second. Other forces may be at work, too. A cybersecurity officer with the IDT Corporation in Newark, Golan Ben-Oni, has made waves with warnings that ransom demands could be a cover for far deeper invasions to steal confidential information.

Secrecy, of course, is the N.S.A.’s stock in trade, and acknowledging authorship of stolen cyberweapons runs counter to everything the spy agency does. A spokesman for the National Security Council at the White House was quoted as saying that the administration “is committed to responsibly balancing national security interests and public safety and security.”

Fixing this deadly serious problem is certain to be complex, but the task is urgent. The N.S.A. clearly needs to do a better job of safeguarding the cyberweapons it is developing and also neutralizing the damage their theft has unleashed. Microsoft, whose software vulnerabilities were exploited in the attacks, and companies that use its software will have to strengthen their defenses.

Beyond that, the federal government may want to offer grants as incentives to groups doing malware analysis. Once conclusively identified, the culprits behind the attacks must be penalized in some way, such as with sanctions. While the immediate focus needs to be on concrete responses, it is also worth thinking seriously about more global cooperation, such as the Digital Geneva Convention proposed by Microsoft as a way to prevent cyberwarfare.

Anonymous said...

Pakistan is currently lacking the offensive capability recent times an wave of immediate sense of insecurity is being felt in top brass. we need to address this issue on war-footing basis. The Cyber Threat Landscape already showing Pakistan as top targeted countries specially its industrial base highly vulnerable to ICS attacks.

Riaz Haq said...

IT ministry to come up with plan to ensure country’s cyber-security

Ministry of Information Technology has been entrusted with the responsibility to propose an appropriate organisation in order to ensure cyber-security of Pakistan.

The decision was taken during a high-level meeting on Thursday to develop a framework and way forward to coordinate and evolve a mechanism for country’s cyber-security.

National Security Adviser Nasser Khan Janjua chaired the meeting. National Security Division secretary, representatives from Ministry of Information and Broadcasting, Ministry of Information Technology, Pakistan Electronic Media Regulatory Authority (PEMRA), Pakistan Telecommunication Authority (PTA) and Federal Investigation Agency (FIA) attended the meeting.

Moreover, the Ministry of Information and Broadcasting will propose a mechanism that could chalk out a way forward towards the use of social media for a progressive Pakistan.

The meeting ended on a note that a next session would be scheduled soon to conclude the process of evolving a mechanism for ensuring cyber-security.

Riaz Haq said...

Ex-CIA officer arrested after US spy network is exposed in China
It was one of the worst intelligence failures for years

Andrew Buncombe New York @AndrewBuncombe a day ago


Last spring, The New York Times reported that as many as 20 US intelligence assets had been killed by China since 2010, destroying years worth of intelligence efforts in the country. One operative was allegedly shot and killed in front of his colleagues and his body left in the car park of a government building as a warning to others.

US officials described the losses as “one of the worst” intelligence breaches in decades, comparing it to the number of assets lost in the Soviet Union in the 1980s and 1990s, when two prominent US assets worked as double agents for the Soviets. Officials said the breach has destroyed years of network-building within the country.

The arrest of Mr Lee come as China is looking to increasingly spread its international influence – economically, diplomatically and militarily. At the same time, the US, under the America First strategy adopted by Donald Trump, appears to be retreating from many areas, such as the environment and international security, it once led.


A former CIA officer has been arrested and charged as part of an alleged espionage scandal investigators claim resulted in the collapse of the US spying network in China and the deaths or imprisonment of up to 20 agency informants.

Jerry Chun Shing Lee, 53, a naturalised US citizen, was arrested earlier this week after arriving at JFK International Airport in New York. Mr Lee, who currently lives in Hong Kong, appeared in court and was charged with illegally retaining classified records, including names and phone numbers of covert CIA assets.

Mr Lee, who served in the US Army from 1982-86, joined the CIA in 1994 and worked as a case officer trained in covert communications, surveillance detection, and the recruitment and the handling of assets.

“[Mr] Lee began working for the CIA as a case officer in 1994, maintained a Top Secret clearance and signed numerous non-disclosure agreements during his tenure at CIA,” according to a statement released by the US Department of Justice.

The arrest of Mr Lee, who has not offered a plea, is said to have marked the culmination for more than five years of intense counter-espionage operation launched by the FBI. That investigation was established in 2012, two years after the CIA started losing assets in China.

Reports in the US media said investigators were initially unsure whether the agency had been hacked by the Chinese authorities or whether the losses were the result of a mole.

According to an eight-page affidavit, Mr Lee, who left the CIA in 2007 and has been working for a well-known auction house, travelled from Hong Kong to northern Virginia, where he lived from 2012 to 2013 – apparently having been lured there with a fake job offer.

When he flew to Virginia, the FBI obtained a warrant to search Mr Lee’s luggage and hotel room. The court documents say agents found two small books with handwritten notes containing names and numbers of covert CIA employees and locations of covert facilities.

Mr Lee left the US in 2013 after being questioned on five different occasions by FBI agents. He never mentioned his possession of the books containing classified information, say the court documents.

The FBI affidavit makes no allegations of espionage against Mr Lee, only alleging illegal retention of documents. Any conviction on that offence carries a maximum penalty of 10 years in prison.

Riaz Haq said...

E-governance council to be established in Pakistan for policy formulation

Nasser Khan Janjua, the National Security Advisor Lt General (Retd) said during a closing ceremony that Pakistan is in need of excelling and developing an e-governance council policy formulation according to the globally acceptable parameters. The ceremony, “Cyber Secure Pakistan – Policy Framework” was arranged by CGSS and was held in Islamabad on Tuesday.

The seminar highlighted the importance of emerging technologies in the cyber world. It aimed to create an awareness about the threats concerning the national security due to the evolvement in the cyberspace and therefore, to plan a consolidated cybersecurity policy for the country.

The advisor said, “Pakistan is engulfed in traditional threats and insecurities due to which the new emerging threats have been ignored hence, we have to do better more than ever before,”

The ‘emerging threats’ are due to the growing digitalization of the cyberspace and are pertaining to the country’s defense and security, he expressed.

He added that the whole sphere had been endangered and it was very important to get out of the consumer market and venture into the new dimensions.

Mr. Nasser further stated, “Excessive use of internet has put our security under the threat. Due to our increasing alliance on the internet, cybersecurity policy is becoming the need of the hour.”

Moreover, Lieutenant General Muhammad Zahir Ul Islam (Retd) – Chairman CGSS, in his opening remarks stated that a well-articulated legislation must be passed by the government that would provide a legal framework for law enforcement and intelligence agencies to operate under. Likewise, Secretary National Security Division, Syed Iftikhar Hussain Babar also called attention to the significance of the cybersecurity in his opening address.

He mentioned that the danger of the cyber warfare is real and protecting the data is as important as protecting ourselves. The government and many private institutions have been working in this regard. Before the world moves a step further in the cyberspace, Pakistan must secure a firm position in this particular field and formulate its state policy accordingly.

Riaz Haq said...

Malware allegedly designed by Pakistani hackers has become stronger: experts
GravityRAT, a malware allegedly designed by Pakistani hackers, has recently been updated further and equipped with anti-malware evasion capabilites, Maharashtra cybercrime officials said.

The RAT was first detected by Indian Computer Emergency Response Team, CERT-In, on various computers in 2017. It is designed to infliltrate computers and steal the data of users, and relay the stolen data to Command and Control centres in other countries. The ‘RAT’ in its name stands for Remote Access Trojan, which is a program capable of being controlled remotely and thus difficult to trace.

Mask presence

Maharashtra cybercrime department officials said that the latest update to the program by its developers is part of GravityRAT’s function as an Advanced Persistent Threat (APT), which, once it infiltrates a system, silently evolves and does long-term damage.

“GravityRAT is unlike most malware, which are designed to inflict short term damage. It lies hidden in the system that it takes over and keeps penetrating deeper. According to latest inputs, GravityRAT has now become self aware and is capable of evading several commonly used malware detection techniques,” an officer of the cybercrime unit said.

One such technique is ‘sandboxing’, to isolate malware from critical programs on infected devices and provide an extra layer of security.

“The problem, however, is that malware needs to be detected before it can be sandboxed, and GravityRAT now has the ability to mask its presence. Typically, malware activity is detected by the ‘noise’ it causes inside the Central Processing Unit, but GravityRAT is able to work silently. It can also gauge the temperature of the CPU and ascertain if the device is carrying out high intensity activity, like a malware search, and act to evade detection,” another officer said.

email attachment

Officials said that GravityRAT infiltrates a system in the form of an innocuous looking email attachment, which can be in any format, including MS Word, MS Excel, MS Powerpoint, Adobe Acrobat or even audio and video files.

“The hackers first identify the interests of their targets and then send emails with suitable attachments. Thus a document with ‘share prices’ in the file is sent to those interested in the stock market. Once it is downloaded, it prompts the user to enter a message in a dialogue box, purportedly to prove that the user is not a bot. While the users take this to be a sign of extra security, the action actually initiates the process for the malware to infiltrate the system, triggering several steps that end with GravityRAT sending data to the Command and Control server regularly,” an officer said.

The other concern is that the Command and Control servers are based in several countries. The data is sent in an encrypted format, making it difficult to detect exactly what is leaked.

Riaz Haq said...

Human rights defenders in Pakistan face digital threats, attacks: Amnesty
Ramsha JahangirUpdated May 16, 2018 Facebook Count
Twitter Share
KARACHI: Human rights defenders in Pakistan are under threat from a targeted campaign of digital attacks, which has seen social media accounts hacked and computers and mobile phones infected with spyware, a four-month investigation by Amnesty International revealed.

In a new report released on Tuesday titled ‘Human Rights Under Surveillance: Digital Threats Against Human Rights Defenders in Pakistan’, the human rights watchdog revealed how attackers were using fake online identities and social media profiles to ensnare Pakistani human rights defenders online and mark them out for surveillance and cybercrime.

Take a look: Every second woman rights activist faces serious threats: study

“We uncovered an elaborate network of attackers who are using sophisticated and sinister methods to target human rights activists. Attackers use cleverly designed fake profiles to lure activists and then attack their electronic devices with spyware, exposing them to surveillance and fraud and even compromising their physical safety,” said Sherif Elsayed-Ali, Director of Global Issues at Amnesty International.


HR watchdog calls on authorities to carry out investigation to identify perpetrators

The investigation showed how attackers used fake Facebook and Google login pages to trick their victims into revealing their passwords. “It is already extremely dangerous to be a human rights defender in Pakistan and it is alarming to see how attacks on their work are moving online,” he said.

The report highlighted the case of Diep Saeeda, a prominent civil society activist from Lahore. On December 2, 2017, one of her friends, Raza Mehmood Khan, a peace activist who tried to bring people from India and Pakistan together through activities like letter-writing, was subjected to an enforced disappearance.

Also read: Suspect arrested in Peshawar for giving death threats through social media

Ms Saeeda began publicly calling for Mr Raza’s release, including petitioning the Lahore High Court. Soon after, she began to receive suspicious messages from people claiming to be concerned about Mr Raza’s well-being, the report found.

As per Amnesty International’s investigation, a Facebook user who claimed to be an Afghan woman named Sana Halimi — living in Dubai and working for the UN — repeatedly contacted Ms Saeeda via Facebook Messenger, saying that she had information about Mr Raza. The operator of the profile sent her links to files containing malware called StealthAgent which, if opened, would have infected her mobile devices.

The profile — which the human rights watchdog believed was fake — was also used to trick Ms Saeeda into divulging her email address, to which she started receiving emails infected with a Windows spyware commonly known as Crimson.

Amnesty found that several human rights activists in Pakistan have been targeted in this way, sometimes by people claiming to be human rights activists themselves.

Ms Saeeda also received emails claiming to be from staff of the Punjab chief minister. The emails included false details of a supposed upcoming meeting between the provincial ministry of education and her organisation, the Institute for Peace and Secular Studies. In other cases, the attackers pretended to be students looking for guidance and tuition from Ms Saeeda.

Riaz Haq said...

Pakistan military access metadata, texts, photos from hacked phones of Australian diplomats

The Pakistani military is alleged to have hacked information from Australian diplomats potentially gaining access to sensitive metadata, texts and photos and tracking their movements.

The hacking is thought to have occurred after the Australians interacted with those whose phones were compromised after they downloaded apps or had their phones physically accessed by the hackers.

A just-published report by a United States mobile phone data security company, Lookout, detailed the hacking which it said it had reported to the appropriate authorities and may have links back to an individual previously associated with a Sydney-based company.

Lookout’s report said it had identified over 15 gigabytes of compromised data that included call records, audio recordings, device location information, text messages and photos.

It said analysis of the exfiltrated data found details of trips to the Pakistani cities of Quetta, and Balochistan by Australian diplomats.

The report contains an image of what appears to be a document detailing an itinerary for Australian diplomats.

“Visit of Australian diplomats” is the heading of the document which has been redacted by Lookout but appears to reference the names of the individuals undertaking a visit and discuss security arrangements.

The report says the tools were part of a “highly targeted intelligence gathering campaign we believe is operated by members of the Pakistani military” using surveillanceware families Lookout referred to as Stealth Mango (Android) and Tangelo (iOS).

“Our research shows that Stealth Mango is being actively managed by Pakistani based actors that are likely military,’’ it says. “We determined that government officials and civilians from the United States, Australia, the United Kingdom and Iran had their data indirectly compromised after they interacted with Stealth Mango victims.’’

It says the Australians may have had their data stolen after they associated with users who had been compromised by the Stealth Mango surveillanceware.

“We further identified content from other countries officials and diplomats, including the United States, Australia, the United Kingdom and Iran, however we believe this data may have been stolen when these victims interacted with Stealth Mango victims,’’ it said.

Among data that is believed to be uploaded and tracked from infected phones was installed packages and device information, changes in SIM card or phone numbers on the device, picture, video and audio files, SMS logs and deleted incoming messages, GPS tracking, functionality to detect when a victim is driving, calendar events and reminders and contact lists for various third party applications such as Yahoo and Google Talk among others.

The report notes that the developer of the spyware may have at one point been associated with a company headquartered in Sydney that develops similar legal applications that track devices.

It suspects the developer is part of a group of developers selling mobile surveillance ware and is based in a specific area in the Pakistani capital Islamabad — potentially a government building associated with the Pakistani ministry of education.

The company says it has shared information about the breaches with the appropriate authorities.

“The actor behind Stealth Mango has stolen a significant amount of sensitive data from compromised devices without the need to resort to exploits of any kind,’’ it says.

“The actors that are developing this surveillanceware are also setting up their own command and control infrastructure and in some cases encountering some operational security missteps, enabling researchers to discover who the targets are and details about the actors operating it that otherwise are not as easily obtained.

Riaz Haq said...

Stealth Mango & Tangelo Selling your fruits to nation state actors

Lookout Security Intelligence has discovered a set of custom Android and iOS surveillanceware tools we’re respectively calling Stealth Mango and Tangelo. These tools have been part of a highly targeted intelligence gathering campaign we believe is operated by members of the Pakistani military. Our investigation indicates this actor has used these surveillanceware tools to successfully compromise the mobile devices of government officials, members of the military, medical professionals, and civilians. To date, we have observed Stealth Mango being deployed against victims in Pakistan, Afghanistan, India, Iraq, Iran, and the United Arab Emirates. The surveillanceware also retrieved sensitive data from individuals and groups in the United States, Australia, and the United Kingdom. These individuals and groups were not themselves targeted, but interacted with individuals whose devices had been compromised by Stealth Mango or Tangelo. We believe that the threat actor behind Stealth Mango is also behind Op C Major and Transparent Tribe.

Key findings Lookout researchers have identified a new mobile malware family called Stealth Mango. • Our research shows that Stealth Mango is being actively managed by Pakistani based actors that are likely military. • Stealth Mango is being used in targeted surveillance operations against government officials, members of the military, and activists in Pakistan, Afghanistan, India, Iraq, and the United Arab Emirates. • We determined that government officials and civilians from the United States, Australia, the United Kingdom, and Iran had their data indirectly compromised after they interacted with Stealth Mango victims. • The actors behind Stealth Mango typically lure victims via phishing, but they may also have physical access to victims’ devices. • The attacker has multi-platform capabilities. We know of the Android component and there is evidence of an iOS component. The evidence is as follows: • A sample Debian package on attacker infrastructure called Tangelo • EXIF data from exfiltrated content showed data from iPhones • WHOIS information from the attackers show registrations for the following domains: iphonespyingsoftware[.]org, iphonespyingapps[.]org, and iphonespyingapps[.]info We have identified over 15 gigabytes of compromised data on attacker infrastructure. • Exfiltrated content includes call records, audio recordings, device location information, text messages, and photos. • We found attacker infrastructure running the WSO web shell, which provides a third party with complete control over the server. • The actor deploying Stealth Mango appears to have a primarily mobile-focused capability. Stealth Mango and Tangelo appear to have been created by freelance developers with physical presences in Pakistan, India, and the United States. • These individuals belong to the same developer group. • We linked their tooling to several commodity mobile surveillance tools suggesting that they are either sharing code or have engaged with several distinct customers who are being delivered tooling based off similar source code.

Riaz Haq said...

Pakistan’s first-ever Cyber Security Centre launched
Aims to develop tools and technologies to protect cyberspace, sensitive data and local economy from the cyber-attacks

Pakistan government’s Cyber Security Centre has been inaugurated at Air University in Islamabad to deal with cyber security challenges in the digital age.


Faaiz Amir informed that Air University is also commencing a four year BS cyber security programme, which is designed to develop modern cyber security skills and apply them to manage computers, systems, and networks from cyber-attacks. The programme would increase the awareness and knowledge about cyber security in Pakistani students, he added.


Cyber security encompasses technologies, processes and controls that are designed to protect systems, networks and data from cyber attacks. Pakistan’s Cyber Security Centre aims to develop advanced tools and research technologies to protect Pakistan’s cyberspace, sensitive data, and local economy from the cyber-attacks.
The headquarter of the National Centre for Cyber Security will be based at Air University Islamabad with labs at different universities of Pakistan including Bahria University Islamabad, National University of Science and Technology (NUST), Information Technology University Lahore (ITU), Lahore University of Managment Sciences (LUMS), University of Peshawar, University of Engineering and Technology Peshawar, University of Nowshera, Pakistan Institute of Engineering and Applied Sciences (PIEAS), NED University Karachi, University of Engineering and Technology Lahore and University of Engineering and Technology Taxila.
Cyber-attackspose an enormous threat to the national economy, defence and security, National Security Adviser, Nasser Khan Janjua, earlier said.
After repeated calls from experts to secure the cyber space, Pakistan government has finally launched the centre to protect the cyberspace, sensitive data, and local economy from the cyber-attacks.
Last week, country’s National Counter Terrorism Authority (NACTA) also established a cyber security wing on modern lines to evolve cyber security strategies and to meet emerging cyber terrorism threats.

Riaz Haq said...

Journalist Warns Cyber Attacks Present A 'Perfect Weapon' Against Global Order

DAVIES: And tell us about this private cyber investigator Kevin Mandia. There was this building in China where a lot of this activity was going on - and the level of information he was able to get.

SANGER: So the building is near the Shanghai airport. And it's a big, bland, white office tower. And it is the home of Unit 61398, which is a PLA cyber unit.

DAVIES: People Liberation Army - the Chinese Army.

SANGER: The People's Liberation Army Cyber Unit. And the way that people began to understand what was happening was - Mr. Mandia, who ran a company called Mandiant that's since been merged up with FireEye, which he now runs, began to track the attacks that this unit was doing to steal intellectual property in the United States whether it was, you know, F-35 designs or other industrial designs and then turn them over to state-run Chinese firms. The hackers who would come in would sit at their computer terminals, and, unbeknownst to them, Mandiant would turn the cameras on those computers back on. So you could see them working.

And they would come in at like 8:30 in the morning. They would check sports scores. They would send a few notes to their girlfriends. A couple of them would look at a little bit of porn. You know, they would be reading newspaper articles. 9 o'clock would come. They'd start hacking into American sites. Lunchtime, they're back to sending notes to the girlfriends. They're back to checking their sports scores. I mean, it was such an interesting picture of the life of a young Chinese hacker.

DAVIES: David Sanger is a national security correspondent for The New York Times. His book about cyberwarfare is called "The Perfect Weapon." After a break, he'll take us inside the Russian hack of the Democratic National Committee, and we'll talk about President Trump's initiative to curb North Korea's nuclear program. Also, rock critic Ken Tucker reviews Father John Misty's new album. I'm Dave Davies. And this is FRESH AIR.

Riaz Haq said...

Journalist Warns Cyber Attacks Present A 'Perfect Weapon' Against Global Order

DAVIES: Right. I mean, obviously, to conduct the kind of disabling cyberattack that would shut down a lot of a country's infrastructure, you have to have done a lot of work beforehand. I want to be clear about this. Are we saying that we know that there are implants in our power grid which would enable the Russians or someone else to take it down?

SANGER: We know that there are implants in our power grid. Interesting question is, if somebody made use of it, how good would it be at taking it down? And that's why for the electric utility industry and for the financial industry, they've invested a huge amount in redundancy and resilience so that if you lose some set of power plants, you could contain it, route around it and be able to pick up and go on. And you just don't know until things happen how well your adversary has wired your system to take everything down. And as you said, this takes a lot of time. The United States spent years getting inside the Iranian centrifuges at Natanz and even then had to keep working on the software to improve it. The North Koreans, when they went into Sony Pictures in 2014 in retaliation for the release of a really terrible movie called "The Interview" that envisioned the assassination of Kim Jong Un, the same friendly Kim Jong Un we all saw in Singapore the other day - when the North Koreans went in, they went in in early September of 2014. They didn't strike until around Thanksgiving because it took all that time just to map out the interconnections of the electrical system, of the computer system, and when they did strike, it was devastating. They took out 70 percent of Sony's computer servers and hard drives.

DAVIES: OK. In this book, you say that, you know, cyberwarfare is the kind of game-changing innovation that's - you compare it to the introduction of aircraft into warfare in the early 20th century and that we are still figuring out what rules or conventions should apply to it. I want to get to some of that conversation, but let's talk a bit about some of the experience that we've had over the last 10 years. You write that in 2008, a woman at the National Security Agency, Debora Plunkett, discovers something about the classified networks in the Pentagon that's troubling. What did she find?

SANGER: Well, she was overseeing security at the NSA, and somebody came to her with evidence that the Russians - though the U.S. did not announce it was Russians at the time - were deep into something called the SIPRNet, which is basically a classified network by which the Defense Department, some of the intelligence agencies, sometimes the State Department, communicate with each other. And this was a big shock to everybody because they had seen the Russians in unclassified systems before, but here they were deep into a classified system. And the first question was, how'd they get in? And the answer was so simple that it really was a wakeup call. Somebody had distributed little USB keys, you know, the kinds you get at conventions and all those kinds of...

Riaz Haq said...

How #Israel's #Mossad broke into an #Iranian facility and stole half a ton of #nuclear files. Mossad agents broke into a warehouse in an industrial area in #Tehran, had 6 and 1/2 hours to finish the job before the morning shift arrived at 7 A.M. #Iran

An operation by the Mossad earlier this year to steal files relating to Iran's nuclear program was conducted on January 31, according to a report by the New York Times. Mossad operatives broke into a warehouse in an industrial area in Tehran and, according to the report, had six hours and 29 minutes to finish the job before the morning shift arrived at 7 A.M. During this limited time, they disabled the alarms, broke through two doors, burned open dozens of safes and fled the city with the documents.

The agents were carrying blowtorches that burned at some 2,000 degrees Celsius to cut through the safes, according to the Times,. The report suggests that Israel may have had help on the inside, since it says that the Mossad agents knew exactly which safes to break into – leaving many of the others untouched. At the end of the night, the agents fled with half a ton of secret materials, including 50,000 pages and 163 compact discs containing files, videos and plans.

The Iranians began storing the files at the warehouse after signing a landmark 2015 accord on its nuclear program with the United States, European powers, Russia and China. The deal gave the UN nuclear watchdog access to suspected nuclear sites in Iran.

Israel claims that after signing the agreement, the Iranian regime collected files from across the country about the nuclear program, storing them at the warehouse. The warehouse wasn't guarded around the clock so as to not arouse suspicion.

The report was based on briefings Israel gave Western media outlets last week and included details from the stolem documents, which were presented in April by Prime Minister Benjamin Netanyahu in a prime time address.

The report further stated that Israeli officials said Tehran received help for its nuclear program from Pakistan and from other foreign experts.

Another report, from the Washington Post, says that Iran was on the verge of acquiring "key bombmaking technologies" when the program, code-named Project Amad, was halted some 15 years ago.

Riaz Haq said...

Could Offensive #Cyber Capabilities Tip #India and #Pakistan to War? India launched Operation Hangover targeting Pakistan and, in response, Pakistan responded with Operation Arachnophobia, seeking to obtain intelligence from Indian officials @Diplomat_APAC

While both countries are responding to the rise in cyberattacks with national strategies and increased defensive capabilities, we do not know how they will set the rules when it comes to offensive cyber operations. We do know both countries are pursuing cybersecurity to protect against cyberattacks.

India has been establishing national cybersecurity policies to address the rise in persistent cyberattacks. The country is vulnerable to cyberattacks—it was ranked as the second most vulnerable nation-state targeted by cyberattacks in a survey by security company Symantec. As India’s economy has shifted toward information and communications technology (ICT), which includes information technology services, commerce, and banking sectors, there are concerns of cyberespionage and cyberattacks taking place against Indian industries and businesses.

In fact, according to a study commissioned by the High Court of India, cyber-related crimes cost Indian businesses $4 billion in 2013. This has led the government and private sector to increase their efforts to protect these industries. Back in 2013, India unveiled its National Cyber Security policy. This policy outlined measures the government would take in protecting India’s critical infrastructure. However, many critics point out this national policy has done little to curb cyberattacks as there is no way to implement many of its policies.

Pakistan is also on alert, though it does not have a national cybersecurity strategy document, despite efforts in Islamabad to develop a framework that will protect critical institutions from cyberattacks. These efforts have been motivated in part by the Edward Snowden leaks, which detailed the U.S. National Security Agency’s spying on Pakistan and were an inflection point for Pakistani government officials, as they realized they needed to address the gaps in their information security. A national Cyber Security Strategy was presented to the National Assembly, but no headway has been made yet on implementing the proposed actions, which included the creation of a national CERT and an Inter-Services Cyber Command Center that would streamline cyber defense for Pakistan’s Army. Pakistan still does not have an official national cybersecurity strategy.

Both countries’ security postures are transforming slowly to introduce cybersecurity. However, there is still not enough data available on what types of technologies these countries possess and how integrated these technologies are in India and Pakistan’s national security strategies. There are reports that both countries have engaged in offensive cyber operations. Each country has their own cyberespionage division, which siphons critical information from other national-states’ security and intelligence organizations.

India launched Operation Hangover that has targeted Pakistan and, in response, Pakistan spearheaded Operation Arachnophobia, which sought to obtain intelligence from Indian officials. While these operations are well-known, there is still a lack of awareness on how much each country spends on cyber technologies and the types of technologies they are employing. India is one of the largest spenders on military, yet the cybersecurity budget is “inadequate” for the growing cyber threat.

Understanding cyber capabilities is important because they can change geopolitical calculations. For example, the low cost of entry for offensive cyber capabilities benefits less resourced actors, and “offense preference” in cyberspace makes it easier to succeed on offense than at defense.

Riaz Haq said...

#India says a #Pakistani spy used bots to lure 98 #Indian targets in Army, Navy and Air Force, including #BrahMos #Missile Project Engineer, on #Facebook using 'Whisper', 'Gravity Rat' malware. via @timesofindia

A recent investigation revealed how a Pakistani spy on Facebook named Sejal Kapoor hacked into the computers of 98 Indian defence officials since 2015. She was also involved in the leak of classified files of BrahMos missile in 2018.

It has been revealed that the hacker targeted officials from Indian Army, Navy, Air Force, paramilitary forces and state police personnel in Rajasthan, Madhya Pradesh, Uttar Pradesh, and Punjab between 2015 and 2018, reported TOI.

The hacker deceived her targets by sharing pictures and videos using a software malware called "Whisper", which is reported to be connected to a third-party server in a West Asian country.

Sejal's involvement in last year's leakage of sensitive technical information to Pakistan was also established in the recent investigation.

In 2018, an engineer working at the BrahMos Aerospace Private Limited, Nishant Agarwal, was arrested for providing technical information on BrahMos missiles to Pakistan in a joint operation by the Uttar Pradesh and Maharashtra Anti-Terrorism Squad (ATS) as well as the Military Intelligence (MI).

It was then revealed that Agarwal exchanged sensitive information to Pakistan spy agency Inter-Services Intelligence (ISI) based on evidence found on his personal computer and Facebook chat records.

Apart from the "Whisper" application, another software that the spy used was "Gravity Rat." The Indian intelligence agencies say that both the software use "self-aware" detection techniques as well as VPN hiding mechanism that enables a hacker to use around 25 internet addresses. The complex malware technology is stated to not be easily identified by anti-malware software.

The five dozen chats recently uncovered by intelligence agency revealed that Sejal would "force install" the Whisper app on computers of the targeted officials, reported TOI.

"Instantly, after getting downloaded, the malware first prompts the user to key in a code. It's to ensure that the app is not a virus or malware. Immediately after that, it scans all latest attachments sent from the computer in emails or downloads. It then scans all files with photographs, databases of MS Word and MS Excel, by first verifying their encryption keys and then opening their passwords," said a senior intelligence officer, reported TOI.

According to Sejal's Facebook profile, the hacker is an employer of a company called "Growth Company" in Manchester, the UK. Experts have claimed that such cases of armed force officials "honey-trapped" into sharing classified information are a threat to India's national security.

Last year, a Border Security Force (BSF) soldier was arrested by Uttar Pradesh ATS on September 18 for sharing key information about the unit's operations to a female Pakistan ISI agent, who claimed to be a defence reporter.

Riaz Haq said...

Mysterious Explosion and Fire Damage #Iranian Nuclear Enrichment Facility Building New Advanced Centrifuges. A decade ago, the #UnitedStates and #Israel used #Stuxnet worm in operation code-named “Olympic Games" which destroyed 1,000 #Iranian centrifuges.

A fire ripped through a building at Iran’s main nuclear-fuel production site early Thursday, causing extensive damage to what appeared to be a factory where the country has boasted of producing a new generation of centrifuges. The United States has repeatedly warned that such machinery could speed Tehran’s path to building nuclear weapons.

The Atomic Energy Agency of Iran acknowledged an “incident” at the desert site, but did not term it sabotage. It released a photograph showing what seemed to be destruction from a major explosion that ripped doors from their hinges and caused the roof to collapse. Parts of the building, which was recently inaugurated, were blackened by fire.

But it was not clear how much damage was done underground, where video released by the Iranian government last year suggested most of the assembly work is conducted on next-generation centrifuges — the machines that purify uranium.

The fire took place inside the nuclear complex at Natanz, where the Iranian desert gives way to barbed wire, antiaircraft guns and an industrial maze. The damaged building is adjacent to the underground fuel production facilities where, a decade ago, the United States and Israel conducted the most sophisticated cyberattack in modern history, code-named “Olympic Games.” That attack, which lasted for several years, altered the computer code of Iran’s industrial equipment and destroyed roughly 1,000 centrifuges, setting back Iran’s nuclear program for a year or more.

The early evidence strongly suggested on Thursday the damage was in fact sabotage, though the possibility remained that it was the result of an industrial accident.

The timing was suspicious: A series of unexplained fires have broken out in recent days at other facilities related to the nuclear program. Still, experts noted that if the explosion was deliberately set, it showed none of the stealth and secrecy surrounding the complex cyberattacks by the United States and Israel that were first ordered by President George W. Bush toward the end of his term, and then extended by President Barack Obama.

The Persian language service of the BBC reported that several members of its staff received an email from a previously unknown group, which referred to itself as the Homeland Cheetahs, before news of the fire became public. The group claimed responsibility and said it was composed of dissidents in Iran’s military and security apparatus. They said the attack would target above-ground sections of the targeted facilities so that the Iranian government could not cover up the damage.

There was no way to confirm if Homeland Cheetahs was a real group, and if so whether it was domestic, as it claimed, or supported by a foreign power.

A Middle Eastern intelligence official, who would not be quoted by name because he was discussing closely held information, said the blast was caused by an explosive device planted inside the facility. The explosion, he said, destroyed much of the aboveground parts of the facility where new centrifuges — delicate devices that spin at supersonic speeds — are balanced before they are put into operation.