Saturday, January 5, 2019

Global Cyber Arms Race Heating Up?

The United States has launched successful cyber attacks against Iran and North Korea in recent years, according to multiple credible reports. These cyber attacks have caused physical destruction of thousands of Iranian nuclear centrifuges and disrupted North Korean missiles on launchpads or shortly after takeoff. Some of the code and developer tools used in the attacks have leaked out. These leaks are enabling other nations to learn and develop their own offensive cyber weapons. The United States and the United Kingdom have accused Russia of using social media apps like Facebook and Twitter to exploit and deepen divisions during the US presidential elections and the UK's Brexit referendum in 2016. Similar warfare techniques, described by the US RAND Corporation as New Generation or Hybrid Warfare, are probably being deployed by other nations as well. It refers to the use of a broad range of subversive instruments, many of which are nonmilitary, to further a country's national interests. It wouldn't be far-fetched to think that India and Pakistan are learning from New Generation Warfare techniques developed and deployed by technologically advanced nations.

US-Israel Joint Stuxnet Against Iran:

A large number of  Iranian centrifuges suddenly started to blow up around 2008-9 soon after President Barack Obama's inauguration. The mystery was finally resolved in the summer of 2010  when a computer worm later named Stuxnet escaped Iran’s Natanz plant and spread around the world on the Internet.

New York Times' David Sanger reported that the United States and Israel developed Stuxnet and then tested it by building replicas of the Iranian Natanz plant equipped with Pakistani P-1 centrifuge designed in 1980s. Americans obtained P-1 centrifuges from Libyan leader Moammar Ghadafi and dismantled them to learn how it worked. P-1 uses a Siemens controller S7-417. Stuxnet inserted malware in the Siemens controller to suddenly change the centrifuge speed which caused its destruction.  It was designed to attack computers with specific configuration of Siemens S7-417 controller. Here's how New York Times' David Sanger described the test results:

"After several false starts, it worked. One day, toward the end of Mr. Bush’s term, the rubble of a centrifuge was spread out on the conference table in the Situation Room, proof of the potential power of a cyberweapon. The worm was declared ready to test against the real target: Iran’s underground enrichment plant."

US Left-of-Launch Attack Against North Korea:

A very high percentage of North Korean missile launches failed in the period from 2015 to 2017. The missiles either blew up on the launchpads or failed soon after launch. These failures are widely attributed to American cyber attacks.

American strategists see Left-of-Launch cyber weapons as a low-cost extension of their missile defense strategy. Gen. James Dickinson, the chief of Army Space and Missile Defense Command and Army Forces Strategic Command, explains it as follows:

“You’ve probably heard the conversation about how we’re on the wrong side of the cost curve for missile defense many times. We’re utilizing multi-million-dollar interceptors against very inexpensive missiles and those types of threats, So it’s a balance. It has to be a balance between the end game, if you will, where we’re relying on an interceptor to defeat the threat and other approaches."

Russia's Information Warfare in US, UK:

The United States and the United Kingdom have accused Russia of using social media apps like Facebook and Twitter to exploit and deepen divisions during the US presidential elections and the UK's Brexit referendum in 2016.

American and British intelligence officials believe Russia used all major social media platform to spread words, images and videos tailored to voters’ interests to help elect President Trump. Similar allegations have been made by the British government about Russian interference to influence the outcome of the Brexit vote in the U.K.

Facebook, Google and Twitter acknowledged in 2017 that they had identified Russian interference on their sites. The companies have responded to the threat — Facebook, in particular, created a “war room” in 2018 to fight interference around elections — but none has revealed interference around US midterm elections in 2017 on the same scale as in 2016.

Cyber Weapons Code and Tools Leaks:

Stuxnet worm and recently leaked NSA's hacking tools by Shadow Brokers have revealed the extent of US intelligence agencies' cyber spying and hacking operations. Symantec's Liam O'Murchu who was among the first to unravel Stuxnet says it is "by far the most complex piece of code that we've looked at — in a completely different league from anything we’d ever seen before." It is almost certain that the code is being reverse-engineered and repurposed as their weapon by cyber warriors in many countries around the world.

In 2013, a group known as "Shadow Brokers" leaked NSA's sophisticated cyberweapons that have exposed major vulnerabilities in Cisco routers, Microsoft Windows, and Linux mail servers.  Soona after the Shadow Brokers leak, North Korea is believed to have developed and used WannaCry ransomware. It encrypts files on the target PC's hard drive, making them inaccessible, then demands a ransom payment in bitcoin to decrypt them.


American agencies have launched successful cyber campaigns against adversaries like  Iran and North Korea in recent years, according to multiple credible reports. These cyber attacks have caused physical destruction of thousands of Iranian nuclear centrifuges and disrupted North Korean missiles on launchpads or shortly after takeoff. Some of the code and developer tools used in the attacks have leaked out. These leaks are enabling other nations to learn and develop their own offensive cyber weapons. The United States and the United Kingdom have accused Russia of using social media apps like Facebook and Twitter to cause and deepen divisions during the US presidential elections and the UK's Brexit referendum in 2016. Similar warfare techniques, described by the US RAND Corporation as New Generation or Hybrid Warfare, are probably being deployed by other nations as well. It refers to the use of a broad range of subversive instruments, many of which are nonmilitary, to further a country's national interests. It wouldn't be far-fetched to think that India and Pakistan are learning from New Generation Warfare techniques developed and deployed by technologically advanced nations.


Khan said...

One thing I don't understand how stuxnet entered centrifuge system did some mole implanted it manually or were they linked with internet ????

Riaz Haq said...

Khan: "One thing I don't understand how stuxnet entered centrifuge system did some mole implanted it manually or were they linked with internet ????"

It was probably downloaded on a laptop which was later connected to the internal network at Iran's Natanz plant.

Riaz Haq said...

Cyber-Threats to Strategic Networks: Challenges for
Pakistan’s Security
Rizwan Naseer
COMSATS Institute of Information Technology Islamabad, Pakistan.
Musarat Amin
Fatima Jinnah Women University Rawalpindi, Pakistan.

Stuxnet was designed to sabotage critical computer infrastructure dealing with
software; proved that shakedowns might spread to real lives as well. Stuxnet is a
significant new piece of virus which totally changed the security landscape of
state‟s military strategies (Thomas M. Chen, 2011).After Stuxnet, two other
embattled computer malwares for surveillance surfaced named as Duqu in
September, 2011, followed by Flame in May, 2012. Media reported that these two
were also designed to target Iran‟s nuclear infrastructure but were not as successful
as Stuxnet (Nakashima, 2012). India and Pakistan kept their nuclear weapons
under foolproof security from any physical threat. Physical threat is comparatively
easy to counter whereas cyber-threat is more complex and devastating. There have
been rumours about the vulnerability of terrorist attacks on Pakistan‟s nuclear
weapons based on the assumption that if General Headquarter(GHQ) came under
terrorist attack then how could nuclear weapons be secured. Former Ambassador
to United Nations Masood Khan while addressing United Nations General
Assembly assured the UN that Pakistan‟s tactical weapons were secure from entire
spectrum of threats including cyber attacks. He also put forth that “Pakistan‟s
nuclear weapons‟ security is guided by five Ds, that is to Deter, detect, delay,
defend and destroy” (APP, 2013). Despite acknowledgement of the safety of
Pakistan‟s nuclear weapons, cyber-threats remain a larger concern because
guarding weapons with trained and well equipped guards is different from
guarding it against an unknown threat which might attack anytime and sabotaging
network like Stuxnet did with Iran.
Massive Hacking of Crucial Websites
On the eve of Pakistan‟s 70th Independence Day, through a well coordinated cyberattack, websites of Pakistan‟s key ministries were hacked including Ministry of
Defence, Ministry of Water and Power, Ministry of Information, Ministry of
Environment Change and Ministry of Food Security (Zaidi, 2017). As an act of
disgrace that hackers posted Indian flag and a Happy Independence Day message
for India on those websites. Pakistan Telecommunication Authority (PTA) had to
shut down the websites. Losing a control over Ministry of defence website is quite
embarrassing because such incidents encourage hackers to hit on bigger things like
strategic assets and their control. Such attacks might sound like nonsense to those
who control it but not for those who hear news of crucial websites and system
hacking on frequent basis not only from Pakistan but from highly technological

Khan said...

So a mole
why would anyone connect a net connected laptop to a centrifuge system without a malice

Riaz Haq said...

Khan: "So a mole. why would anyone connect a net connected laptop to a centrifuge system without a malice"

It could have been a mole or an unwitting scientist who made a mistake.

Anonymous said...

I seem to remember that an usb was used to get inside. And yes a mole was used

Riaz Haq said...

Hybrid warfare
Munir Akram December 09, 2018 Facebook Count

THE 2018 IDEAS Expo in Karachi featured a high-level seminar on hybrid warfare. This was a timely recognition that threats to national security can and do assume complex forms.

For over 60 years, nuclear weapons have deterred a major conflict between nuclear-armed states, and, because of the global revulsion against the use of nuclear weapons, the nuclear powers have been also unable to realise offensive objectives through nuclear coercion, even against non-nuclear weapon states. Thus, most conflicts are in the form of conventional military interventions against smaller or weaker states, sub-conventional (guerrilla or irregular) conflicts or ‘hybrid warfare’.

Western analysts have termed the comprehensive approach employed by Russia in Ukraine (encompassing narrative control, cyberattacks, use of anonymous militias and irregular forces, clandestine supplies and diplomatic support) as “hybrid warfare”. The Russians refer to it as the ‘Gerasimov Doctrine’ (after the Russian military chief). This form of warfare is also called: asymmetrical, non-conventional, gray zone conflict, ‘new generation warfare’, ‘whole of government’ approach and so on. It is emerging as the preferred modality in today’s contests between the great powers.

Often, hybrid war may not be a war at all. The objective may not be to secure an adversary’s immediate defeat, but to erode its morale; isolate it; ‘soften’ it up before a conflict; deflect it from pursuing unacceptable military or political objectives; disrupt its communications, command and control and/or important infrastructure; impose economic pain to secure adherence to political demands; delegitimise an adversary’s government; compromise its leaders.

The objective may not be to secure an adversary’s immediate defeat, but to erode its morale.

The toolbox of instruments that can be used to wage such ‘hybrid’ warfare is rapidly expanding and becoming more sophisticated: eg autonomous weapons, advanced cyber programmes, social media, data mining, algorithms and artificial intelligence (AI), etc. By 2020, the ‘internet of things’ will reportedly connect 30 billion devices. Power will rest with the people who control these devices.

Technology is progressively blurring the distinction between hybrid and conventional warfare and increasing the incentives, opportunities and compulsions for the preemptive or ‘first-use’ of offensive action by adversaries eg to knock out an enemy’s command and control through a cyber strike. Given the complexities of defence and offence in such complex conflict, it will become increasingly difficult to prevent the escalation of hybrid wars to the conventional and even the nuclear level.

Pakistan was the target of hybrid or indirect ‘war’ in 1971. New Delhi’s hybrid strategy (promotion of Mujib’s six-point plan, the genocide and refugees narrative, training the Mukti Bahini, the Indo-Soviet ‘Friendship Treaty’) all laid the ground for the coup de grĂ¢ce of Indian military intervention in East Pakistan.

Since then, Pakistan has been the target of multiple ‘hybrid’ campaigns. Exaggerated proliferation concerns and coercive diplomacy were utilised to hold back Pakistan’s nuclear and missile programmes. The legitimacy of the Kashmiri freedom struggle was eroded by its projection as terrorism including through false-flag operations, infiltration of militant Kashmiri groups and concerted propaganda. The onus for America’s colossal military and political failure in Afghanistan was ascribed to alleged Afghan Taliban ‘safe havens’ in Pakistan. The Pakistan Army and the ISI remain a special focus of propaganda and fake news.

Today, the hybrid war against Pakistan is focused on Balochistan, the former Fata region, Gilgit-Baltistan and the China-Pakistan Economic Corridor.

Riaz Haq said...

Hybrid warfare
Munir Akram December 09, 2018 Facebook Count

Pakistan has developed credible capabilities to deter nuclear and conventional aggression. However, it remains very vulnerable to hybrid warfare. Pakistan’s adversaries enjoy considerable prowess in IT, cyber, media projection and narrative construction, including ‘fake news’, subversion and sabotage, and sponsorship of terrorism, including ‘false-flag’ operations.

The main modality of this ‘indirect war’ against Pakistan is the media, including social media. Very few Indian media personalities enjoy the ‘freedom’ to be critical of their country or their current government. Meanwhile, Pakistan print and electronic media speaks with many voices. There is little space for pro-Pakistani narratives in the Western media. An army of Indian trolls has been recruited to malign Pakistan on the internet.

There are numerous other ‘agents of influence’ who are used to develop and project an anti-Pakistan narrative. Many foreign funded and directed non-governmental organisations have been ubiquitous in developing negative critiques about Pakistan within Pakistan. Some among our local elite are co-opted by these organisations through jobs, travel and other perks. No wonder there has been such a hue and cry about the long overdue diligence conducted recently by the government and the Foreign Office on these organisations.

The hybrid campaign incorporates some ethnic and religious groups. Foreign sponsorship of the Balochistan Liberation Army and the Tehreek-i-Taliban Pakistan is well established. Some others need to be subjected to close scrutiny.

Any foreign funding of any Pakistani organisation ought to be declared and officially approved. Receipt of undeclared foreign payments should be a crime. This is an international norm. (Surely, the Financial Action Task Force will approve.)

Pakistan’s agencies must be equipped with the most advanced surveillance and data collection techniques to detect future Jadhevs or Osamas and neutralise any ‘black ops’, ‘false-flag’ or infiltration operations planned by enemy agencies.

Pakistan must possess the cyber capability to defend its crucial command-and-control systems and its industrial and transport infrastructure against enemy attack. But to deter such attack, Pakistan must also have the capability for offensive cyber action.

The technologies for waging a “comprehensive” conflict and “new generation warfare” are being actively developed by every significant State. Pakistan cannot afford to be left behind. To acquire credible capacity to defend against and repel hybrid wars, Pakistan will need to make dedicated efforts, comparable to those deployed to develop its nuclear and missile programmes.

However, there are certain elements of such warfare (cyberattacks, autonomous weapons, false-flag operations) which pose the threat of systemic and global disruption, destabilisation and military escalation. Pakistan and other responsible nations should take an initiative in relevant international forums to secure a global ban or restrictions on such dangerous elements of hybrid warfare.

Riaz Haq said...

Understanding 5th generation warfare
By Cynthia D Ritchie

More ‘developed’ nations often claim they are more democratic than their developing counterparts and often employ talking heads to push this narrative. Over the years, and certainly more recently, these talking heads can be seen desperately trying to push one version of events while ganging up on others who have a difference of opinion — cyber bullying. Further, these talking troll heads try to muddy waters by falsely labeling people they don’t know and claiming Fifth Generation Warfare (5GW) is nothing more than a silly conspiracy to derail attempts at their free speech. And while many unfounded conspiracies abound, it behooves us to take a closer look at these individuals and their claims. For starters, let’s consider what 5GW is.

Turns out, 5GW is real. Only it doesn’t feature armies or clear ideas. In an article for Wired Magazine, written about 10 years ago, David Axe quoted the US Army Major Shannon Beebe, the top Intel officer for Africa at the time, as describing the “fifth-generation as a vortex of violence, a free-for-all of surprise destruction motivated more by frustration than by any coherent plans for the future.”
Axe writes further, “5GW is what happens when the world’s disaffected direct their desperation at the most obvious symbol of everything they lack.” He quotes Marine Lt Col Stanton Coerr, for Marine Corps Gazette: “5GW is… espoused by [the likes of] al Qaeda… with aspirations of setting up alternative political systems… they’re opportunists, intent only on destruction. But even pointless violence can have a perverse logic, for the sudden, irrational destruction undermines the idea that nations… are viable in the modern world.”

Interestingly, both military officers were quoted by Raashid Wali Janjua in one of his columns for a national daily: “Pakistan is already in the throes of this phenomenon, internally generated and externally abetted. Like the resource curse of countries like Angola and Congo, Pakistan’s geographical location is a curse. Instead of yielding economic dividends it has caused constant meddling by global powers in its internal affairs. Faced with such constant supply of war fuel, the soft state model of governance by an illiberal democracy is a sure recipe for chaos and disorder.” Clearly there are issues that need to be handled by the State.

But when you have cyber bullies attempting to force others to share their narrative, the message gets lost and becomes almost disingenuous. What may be seen as important news by some appears almost as propaganda to others. But with so much propaganda these days, how can one differentiate between what’s authentic and what is completely contrived?

A Forbes article, by Travis Bradberry, who covers emotional intelligence and leadership performance, recently described the ‘12 habits Of Genuine People’. In summary, these individuals: don’t try to make people like them — they “aren’t desperate for attention”, and “speak in a friendly, confident, concise manner;” they don’t “pass judgment” — they are open-minded and approachable, and have the ability to “see the world through other people’s eyes;” they forge their own paths — “genuine people don’t derive their sense of pleasure and satisfaction” from other’s opinions, they have their own “internal compass” and are not swayed by the fact that somebody may not like it; they “treat everyone with respect;” they “aren’t motivated by material things;” they are “thick-skinned”; they “aren’t driven by ego;” they “aren’t hypocrites.”

Rks said...

Riaz Haq: "Pakistan was the target of hybrid or indirect ‘war’ in 1971. "
Riaz Bhai, not true. Pakistan was killing East Pakistanis in a genocidal manner. India intervened because it was flooded with refugees from "East Pakistan" and being a very poor nation in that period, was unable to handle the refugee situation.

India's intervention in fact, helped Pakistan to get out of the mess. India did not even press for trial of Pakistani army officers involved in the genocide of 3 million Bangladeshi citizens. Can you imagine what Pakistani army would have done if "the boot was on the other leg"?

Riaz Haq said...

19640909rk: "Pakistani army officers involved in the genocide of 3 million Bangladeshi citizens."

The "Genocide" story was part of the hybrid warfare by India against Pakistan that started with propaganda war and then expanded to RAW-inspired Mukti Bahaini insurgency and finally an outright military invasion of East Pakistan. These facts have been confirmed by multiple sources including BBC's Mark Tully, Indian author-journalist Sarmila Bose and Ex RAW official RK Yadav.

Pakistani journalist Anthony Mascarenhas' sensational story headlined "GENOCIDE", published by London's Sunday Times on June 13 1971, had a profound effect on all subsequent media coverage of East Pakistan, according to veteran BBC South Asia correspondent Mark Tully.

Mascarenhas' "Genocide" story was accepted on face value and widely disseminated by major western and Indian media outlets without any verification or fact-checks. Decades later, Sarmila Bose, an Indian journalist and scholar, finally scrutinized the story and found it to be "entirely inaccurate".

Bose's investigation of the 1971 Bangladeshi narrative began when she saw a picture of the Jessore massacre of April 2, 1971. It showed "bodies lie strewn on the ground. All are adult men, in civilian clothes....The caption of the photo is just as grim as its content: "April 2, 1971: Genocide by the Pakistan Occupation Force at Jessore." Upon closer examination, Bose found that "some of the Jessore bodies were dressed in shalwar kameez ' an indication that they were either West Pakistanis or ‘Biharis’, the non-Bengali East Pakistanis who had migrated from northern India". In Bose's book "Dead Reckoning" she has done case-by-case body count estimates that lead her in the end to estimate that between 50,000 and 100,000 people were killed on all sides, including Bengalis, Biharis, West Pakistanis and others, in 1971 war.

Ex RAW official RK Yadav has confirmed India's sponsorship of Mukti Bahini insurgency in East Pakistan. On Mukti Bahini Page 231, Yadav writes:

Since the Indian Army was not prepared and well-equipped for an immediate army action at that point (March 1971), it was planned to raise and train a guerrilla outfit of the Bengali refugees of East Pakistan by R&AW which would harass the Pakistan Army till the Indian Army would be ready for the final assault to the liberation of East Pakistan. She (Indira Gandhi) then asked R.N. Kao, Chief of R&AW, to prepare all possible grounds for the army for its final assault when the clearance from General Maneckshaw was received for its readiness for the war.

On 3 RAW created Forces (Mujeeb Bahini, Special Frontier Force (SFF) and Kader Bahini Page 242:

"..He (Kader Siddiqui aka Tiger Siddiqui) was the main operative of R&AW in the most vital areas of strategic operation around Dacca... Kader Bahini played havoc with the communication system of the army (Pakistani), ambushed enemy columns, blew up supply and ammunition dumps and assaulted a number of enemy convoys.....all these three guerrilla outfits created by R&AW with the help of BSF and the (Indian) army proved a vital force .. "

Riaz Haq said...

Could Chinese Telecom Giant Huawei Put U.S. Cyber-Security At Risk?

Terry Gross of Fresh Air interviews David Sanger of New York Times.

DAVID SANGER: Well, at its simplest, the 5G network is an increase in speed and range for what you see on your cell phone. So 5G means just fifth generation. But it's actually much more than that. The hope is that when you're using your phone or some other device over Wi-Fi, you'll get no lag time and that you'll get near instantaneous download of data, webpages and so forth. But as 5G was being rolled out, there was a recognition that the Internet had fundamentally changed, that this was a moment to roll out something that could accommodate a world in which the Internet of Things was connecting up to all of these other wireless devices. And so that's autonomous cars, which, of course, need to constantly get data back and forth from the cloud, constant connectivity so that they know where they are in addition to their sensors helping you drive. It's for every other Internet-connected device that you have.

If China is in command of the network itself and has sort of end end control from phones for which it makes its own chips to the software on the switch to all of the other tentacles of the central nervous system, that it, basically, can do whatever it wants. And the chances that you would see it are relatively diminished. Big network operators like AT&T and Verizon, if they bought Huawei equipment - and it's pretty clear the government is not going to allow them to do that - would have some visibility into the system.

But it's also possible that Huawei might be able to reach back from China directly into the equipment and software it's put in to go manipulate data. What could you do with that? Well, in the Worldwide Threat Assessment that came out earlier this week, the nation's intelligence chiefs mentioned, in particular, that China already has the capability to shut down, at least briefly, the natural gas network. They also said the Russians could do the same briefly with the electric grid.

If you had a country that was in full control of your networks, they could shut it down. They could siphon the traffic off to a place you didn't want it to go. They could siphon it back to China. And they would probably have a easier time intercepting it. Now, of course, a lot of that traffic is going to run encrypted. It's not as if the Chinese would be able to look at everything or would want to. But the more network equipment they put in, the more control they would have. And, of course, the Chinese government reserves the right to tell them what to go do with it.


In "The Perfect Weapon," I describe a plan the United States had if we went to war with Iran, called Nitro Zeus, to basically unplug Iran's communications and electricity grids. Well, imagine that that's in the Chinese plans for the United States. If they're in control of the communications grid of the U.S. or its allies, you can imagine how much easier that is to do.

Now, there is a concern here that we could get into a world of Red Scare, and the president himself might be fueling that some. And I have concerns that we're blaming too much on the Chinese. But the fact of the matter is, these are all major, complex vulnerabilities that, as Henry Kissinger said to me as I was working on the book, are so much more complex than the issues that came up with China in the Cold War.

Riaz Haq said...

Why #5G, a battleground for US and China, is also a military conflict. Both #UnitedStates and #China suspect each other of installing and using #technology "backdoors" in their #telecom equipment for #espionage and #cyberattacks. via @SCMPNews

Whereas existing networks connect people to people, the next generation will connect a vast network of sensors, robots and autonomous vehicles through sophisticated artificial intelligence.

The so-called internet of things will allow objects to “communicate” with each other by exchanging vast volumes of data in real time, and without human intervention.

5G explainer: how new network is different and how it will change the mobile web experience

Autonomous factories, long-distance surgery or robots preparing your breakfast – things that previously existed only in science fiction – will be made possible.

Meanwhile, though, it is being identified by many military experts as the cornerstone of future military technology.

Imagine a group of skirmishers in a jungle. They are moving forward speedily with a distance from one another of a few hundred metres. Each of them wears a wristwatch that displays fellow members’ positions. This is not satellite positioning, because reception in the tropical forest is unstable; it’s machine-to-machine communication.

China could ‘weaponise cities’ if it controlled 5G networks, retired US general says

Suddenly one soldier, ambushed by an enemy combatant, is shot and loses consciousness. His smart wearable device detects his condition via sensors, immediately tightens a belt around his wounded thigh, injects an adrenaline shot and sends an emergency alert to the field hospital as well as the entire team.

Having received the signal on their wristwatches, the team switch to a coordinated combat formation and encircle the enemy. An ambulance helicopter arrives to evacuate the injured soldier while auto-driven armoured vehicles come to reinforce – guided by devices on each soldier and antenna arrays nearby.

Or, imagine a street battle with a group of terrorists in a city. There is a power blackout and terrorists hide in an empty office building. A counterterrorism technician hacks into the building’s audio control system and collects high-sensitivity soundwaves using the microphones on surveillance cameras – the system is still running thanks to the devices’ low power consumption and long endurance.

China says it will fast-track 5G commercial licences amid push back on Huawei’s overseas expansion

After the acoustic data is sent back, artificial intelligence (AI) analysis determines the locations of the terrorists. A drone is called from nearby, enters through a window and fires a mini-gun at them.

These are not movie plots, but technologies already or about to be developed, as the internet of things – built on 5G and AI technologies – reshapes warfare.

“The 5G network and the internet of things enlarge and deepen the cognition of situations in the battlefield by several orders of magnitude and produce gigantic amounts of data, requiring AI to analyse and even issue commands,” said Dr Clark Shu, an AI and telecommunication researcher at the University of Electronic Science and Technology of China.

With the ability to carry much more data, much lower network latency (network response time) and energy consumption and much better stability than the previous generation of technologies, 5G is expected to transform digital communication.

Using 5G, data can be transmitted at up to 10 gigabytes per second, much faster than using a 4G network, and the latency is reduced to under a millisecond, or 1 per cent that of 4G.

Such features enhance connectivity in remote locations, connect sensors and robots, and will enable vehicles, traffic control, factories and construction to become more autonomous. In particular, 5G will enhance the connectivity of the internet of things (IoT).

Riaz Haq said...

Why #5G is a big deal for militaries around the world. It is a big part of #China's #global #BRI and #CPEC initiative in #Pakistan. Inclusion of #technology 5G and Chinese PNT (Positioning, Navigation, Timing) parallels a trend in US military practice.

The project has several components, one of which has become known as the “digital road.” It anticipates projecting the deployment of China’s 5G telecommunication infrastructure over the dozens of countries now affiliated with the initiative. The 5G telecommunications network would be integrated with another Chinese project, its Beidou (“Big Dipper”) precision navigation and timing system (now in the latter stage of fielding) to displace the U.S. Global Positioning System enabling China’s telecommunications and PNT system to dominate the future IoT and other in areas affected by China’s belt-and-road project.

5G as an instrument of China’s international security policy

China’s global security ambitions overlap its economic aspirations. The 19th Congress of the Communist Party of China, the belt-and-road initiative and its associated activities were incorporated in the Chinese Constitution at the 19th CPC. In that context belt and road is a project of the Party, and not the State which significantly elevates its security role and importance to its national leadership.

The BRI creates a global economic presence that has become a combination of commercial enablers for its “Maritime Silk Road” and forward air and naval installations for China’s armed forces. These include air and naval facilities in Djibouti in the Horn of Africa, Jiwani, Pakistan (~80-km west of its large commercial port at Gwadar, and a naval base in Sri Lanka (Hambantota, which China acquired in a debt-for-sovereignty swap when Sri Lanka could not service its BRI debt to China). China’s switch from a regional to an aspiring global power reflect its aspirations that have shaped the CPC’s rule since Mao: the deconstruction the old-world order in favor of one which gives China its rightful place at the zenith of a new international order.

The incorporation of the technology 5G telecommunication and Chinese controlled PNT parallels a trend in US military practice. DoD military communications, like China’s is moving to a wireless, mobile, and cloud-based IT systems built around 5G technology. China’s convergence of its 5G, BRI presence (military and civil), PNT and dominant role in the BRI member states are aimed at becoming the world’s leading economic and military power by the 100th anniversary of the founding of the Communist State in 2049.

5G is both an enabler and product of China’s remarkable economic growth since 1979 and is likely to become a central element of China’s economic and military power for the 1st half of the 21st century.

Riaz Haq said...

Gerasimov of South AsiaPakistan ISPR’s Asif Ghafoor Pukhraj Singh, APR 02 2019, 22:05PM IST

If there is a Pakistani inter-services directorate as lethal as the Inter-Services Intelligence (ISI), it is the Inter-Services Public Relations (ISPR).

Military strategists may balk at the fact that I am equating a notorious intelligence agency with an innocuous media management department. Since the times I executed cyber operations in the government, I have been obsessed with deconstructing the ev...

Riaz Haq said...

An adversary India has paid little attention to: Pakistan army’s public relations wing
Facebook’s action against Pakistan-based pages spreading disinformation in India show its army’s PR wing headed by Asif Ghafoor is more lethal than ISI.

ith Facebook taking down pages linked to Pakistani cyber actors spreading disinformation in India ahead of the 2019 Lok Sabha elections, it’s becoming increasingly clear that India has been late in spotting the danger: if there is a Pakistani inter-services directorate as lethal as the Inter Services Intelligence, it is, undoubtedly, the Inter-Services Public Relations.

Military strategists may balk at the fact that I am equating a notorious intelligence agency with an innocuous media management department. Since the times I executed cyber operations in the government, I have been obsessed with deconstructing the evolving mandate of this little-known outfit. And I have always held the opinion that the role, or rather the potential, of the ISPR has been severely underestimated in the Indian strategic circles.

Cyber operatives like me have been envisioning this scenario since a decade: how the South Asian flashpoint would manifest itself in the cyber-enabled information battlespace. The Balakot escalation unleashed another invisible playbook of the Pakistani military, and the ISPR was its key orchestrator.

Since 2009, the Pakistani Army has conducted a series of public wargames dubbed as Azm-e-Nau, meant to counter the elusive Indian Cold Start doctrine. With many successful iterations over the years, these exercises simulated massive mobilisations augmented by net-centric warfare, stopping short at the tactical nuclear weapons threshold. Azm-e-Nau (A New Beginning) further chiselled Pakistan’s homebrewed philosophy of hybrid war – fusing together many conventional and unconventional elements of conflict, power and diplomacy.

Interestingly, the said wargames treated the ISPR as the crucial pivot of conflict escalation and de-escalation. It was meant to undertake information operations, military deception and strategic communications – benignly dubbed as perception management in military parlance.

This was a couple of years prior to ‘hybrid war’ becoming all the rage in the media circles, manifesting itself as the wildly successful Russian playbook against Georgia, Ukraine, and the US elections. From leveraging non-uniformed militias to undertaking disruptive cyber operations that seeded widescale paranoia and confusion, the Russians reintroduced the cognitive dimension to this emerging format of war.

There were other classified Pakistani exercises that also hinged at the deftness and dexterity of the ISPR’s information warfare strategy. All of this neatly converged, almost with textbook precision, in the showdown after Pulwama.


In response to PAF strikes this morning as released by MoFA, IAF crossed LOC. PAF shot down two Indian aircrafts inside Pakistani airspace. One of the aircraft fell inside AJ&K while other fell inside IOK. One Indian pilot arrested by troops on ground while two in the area.

11:19 PM - Feb 26, 2019
Twitter Ads info and privacy
71.9K people are talking about this
Valery Gerasimov, the chief of the general staff of the armed forces of Russia, is thought to be the key proponent of its hybrid war philosophy, which first found mention in his 2013 article for a journal called Military-Industrial Courier. The contents of his article gained such prominence that the Western media now prefers to call it the Gerasimov Doctrine.

Riaz Haq said...

Korybko To Pakistani Academia: Be Careful How You Counter Hybrid War
Written by Andrew Korybko on 2019-07-09

Eurasia Future is publishing the full interview that Andrew Korybko gave to Beaconhouse National University’s Shahryaar Naeem as part of the article that he plans to publish in his university’s magazine about Hybrid War:

Q1: Please tell us something about your research or work regarding this topic.

I’ve been researching Hybrid War since 2013 when I enrolled as a student in the Moscow State Institute of International Relations’ (MGIMO) English-language International Relations master’s program for Governance and Global Affairs. I later published an expanded version of my thesis as a book in 2015 that I also released online. Since then, I’ve expanded my work by conducting Hybrid War risk assessments for close to 50 countries of relevance to China’s Belt & Road Initiative that I published online at Oriental Review and on Amazon as an e-book titled “The Law Of Hybrid Warfare: Eastern Hemisphere”. I also incorporate my developing theories about Hybrid War into most of my analyses whenever applicable in order to raise awareness about the prevalence of these tactics and strategies in practically all facets of contemporary international affairs.

Q2: Why do we call this type of war ‘hybrid’ and how it is different from conventional war?

I understand the “hybrid” in Hybrid War as referring to the interplay of overt and covert destabilization measures that go below the threshold of conventional war against one’s adversaries. Although kinetic means are sometimes applied, these are usually done through proxies and aren’t undertaken by the practitioner’s uniformed conventional forces.

Q3: What is ‘5th generation warfare’? Is it different from hybrid warfare? What were the previous generations of war? Are the theories of William S. Lind accurate on Modern Warfare?

I regard “Fifth Generational Warfare” as being analogous with Hybrid Warfare even though some experts consider them to be different from one another in some respects. In brief, the only thing novel about either of these two is the use of certain technologies in the informational and cyber spheres, as the general principle of weaponizing social processes and clandestinely destabilizing one’s adversaries has been around since time immemorial. As to the relevancy of Lind’s work, it’s still pertinent and forms the basis for better understanding Hybrid Warfare.

Q4: What types of wars are used in Hybrid War?

There are many different forms of Hybrid Warfare, but my book and the bulk of my research focus on the phased transition from Color Revolutions to Unconventional Wars in order to achieve Regime Tweaking (political concessions), Regime Change (self-explanatory), and/or Regime Reboot (constitutional reform) against the practitioner’s target. Information manipulation and NGOs figure prominently in catalyzing Color Revolutions, while Unconventional Wars see terrorist groups playing the main role.

Q5: Is bio warfare (e.g. the deliberate spread of viruses to kill masses) a part of this war?

Whether one chooses to classify it as part of Hybrid War or use some other terminology for describing it, biological warfare in the manner that you described certainly fulfills the purpose of indirectly destabilizing a target and is therefore of relevance to this topic.

Riaz Haq said...

Korybko To Pakistani Academia: Be Careful How You Counter Hybrid War
Written by Andrew Korybko on 2019-07-09

Eurasia Future is publishing the full interview that Andrew Korybko gave to Beaconhouse National University’s Shahryaar Naeem as part of the article that he plans to publish in his university’s magazine about Hybrid War:

Q6: Which countries are most active in using this war as a tool and which countries or continents are most affected?

My work specializes on the US’ use of Hybrid Warfare as an instrument for defending its unipolar hegemony and focuses on how it’s applied in various ways to undermine its geopolitical rivals, especially in regards to sabotaging China’s Belt & Road Initiative. Nevertheless, whether one looks at my model of Hybrid Warfare or other experts’, practically every country’s military, intelligence, and diplomatic bureaucracies (“deep state”) are theoretically capable of employing some of these tactics and strategies, albeit to differing degrees and with different scopes in pursuit of different ends that altogether advance their national interests.

Q7: When did Hybrid War enter Pakistan and which countries used it against us?

Indirect destabilization campaigns, the basis of Hybrid War, have been waged against Pakistan since its inception, first by India and nowadays also by the US, both of which are trying to weaken it from within through proxy means in pursuit of the contemporary objective of stopping CPEC.

Q8: Is our media currently being used against us?

Information manipulation is a key component of Hybrid Warfare, and it’s comparatively easier to pull off in countries like Pakistan where media outlets have proliferated in the past 20 years and a wide diversity of discourse on practically all topics already exists. It can be as simple as indirectly encouraging influential figures and platforms to promote certain narratives or be as complex as literally having people on a foreign intelligence agency’s payroll (whether directly or through an NGO or other proxy) in order to promote the desired agenda.

Q9: What was Operation Hangover?

Operation Hangover wasn’t anything unique because it was just India’s application of the NSA’s secret surveillance tactics and strategies in pursuit of its interests vis-a-vis Pakistan. As the world enters the 5G Revolution and the internet becomes more ubiquitous in all aspects of everyday life, cyber attacks such as that particular one can be expected to increase as well.

Q10: Are the tribal areas in Pakistan most vulnerable to psychological attacks?

All areas and all demographics of every country are vulnerable to psychological attacks, but Pakistan’s tribal ones have been extensively targeted in the past because of their geopolitical significance adjacent to the Afghan border and also nowadays in close proximity to CPEC’s main route.

Q11: How do NGOs operate in this war?

I encourage the reader to review my article about “NGOs And The Mechanics Of Hybrid War” at Oriental Review for more details about this, but in brief, such organizations can oftentimes be exploited as foreign intelligence proxies, both directly in the sense of being created from the get-go as fronts and also indirectly in the sense of their employees, mission, and/or activities being influenced from abroad.

Q12: What are the external and internal threats to Pakistan’s security?

Hybrid Wars, and particularly their informational component that precedes Color Revolutions and other forms of foreign-influenced socially driven destabilization activities, work most successfully when they take advantage of preexisting identity conflicts and especially those that are overtly geopolitical such as the issues pertaining to the Durand Line. Their effectiveness can be improved when other instruments are used in these campaigns, such as targeted sanctions and the employment of various terrorist groups.

Riaz Haq said...

Korybko To Pakistani Academia: Be Careful How You Counter Hybrid War
Written by Andrew Korybko on 2019-07-09

Eurasia Future is publishing the full interview that Andrew Korybko gave to Beaconhouse National University’s Shahryaar Naeem as part of the article that he plans to publish in his university’s magazine about Hybrid War:

Q13: Is Pakistan deliberately being pushed towards an economic crisis, and if so, how?

Pakistan has many preexisting socio-economic challenges that its adversaries are capitalizing upon in order to worsen the situation in the country. The intent is to push the country into taking painful austerity measures that could then be exploited by foreign forces to incite a renewed round of Color Revolution unrest. Violence might be deliberately used in order to provoke the security forces into responding with kinetic means to quell the disturbances, which could then be deliberately misportrayed through deceptively decontextualized and/or  edited images and footage in order to catalyze a self-sustaining cycle of destabilization. That’s why the professionalism of the Pakistan Armed Forces is paramount in order to avoid inadvertently escalating the situation in this scenario and playing into the enemies’ hands in the event that disproportionate force is used against civilians who are participating in this campaign through their irresponsible actions of rioting and other such related activities.

Q14: You mentioned ‘Color Revolutions’ in your book. Is there a secret plan to initiate one in Pakistan?

Yes, as I explained in the previous answer. The specific narratives and tactics employed can be flexibly adapted for any scenario, but it’s important to always keep in mind the basic strategy at play of provoking civilian-military clashes that could then be used as the basis upon which foreign forces can then “justify” their employment of terrorist groups and engage in other destabilization measures such as targeted sanctions and the like.

Q15: Is Pakistan only being targeted because of its nuclear program and CPEC project?

Those are both important reasons why it’s become a Hybrid War target, but it’s in India’s enduring national interests as it conceives of them to destabilize Pakistan precisely because of the fact that its existence as a separate state creates a precedent that New Delhi fears could inspire separatist movements within its own borders among its many diverse people.

Q16: Did Pakistan use 4th generation warfare in the Soviet-Afghan war by supporting the Mujahidin? Did India use it against us in the 1971 civil war?

If one simplifies Fourth Generation Warfare as simply being the use of proxies, then yes, both examples meet that criterion.

Q17: How ready is Pakistan to face this threat and how effectively are our intelligence agencies  countering it?

Hybrid War is a fact of life for Pakistan and its intelligence agencies are effectively thwarting it through their numerous proactive measures at home and abroad. The country has no choice but to adapt to this reality, as it has, and to creatively craft solutions for dealing with it without sacrificing the population’s basic freedoms (which could in turn be exploited from abroad to catalyze Color Revolutions and Unconventional Wars per the aforementioned strategy).

Riaz Haq said...

Korybko To Pakistani Academia: Be Careful How You Counter Hybrid War
Written by Andrew Korybko on 2019-07-09

Eurasia Future is publishing the full interview that Andrew Korybko gave to Beaconhouse National University’s Shahryaar Naeem as part of the article that he plans to publish in his university’s magazine about Hybrid War:

Q18: What should be the role of Pakistani civilians and media in countering this threat?

It is important that individuals and information outlets anywhere in the world behave responsibly when sharing information. People should learn how to differentiate between various media products (factual news reports, op-eds, analyses, propaganda, fake news, etc.) in order to not be swayed by foreign-backed manipulation campaigns, but they also shouldn’t prematurely accuse their opponents of engaging in them just because they disagree with their views. Governments should educate their populations about how they might inadvertently be guided into participating in these campaigns in order to raise awareness of these modi operandi, especially pointing out the difference between the right to peacefully protest and the illegality of rioting, let alone the inadmissibility of using force against members of the security services. Hybrid War is everywhere and affects everyone, but getting its targets to overreact to this threat is also an objective of its practitioners in and of itself, which is why prudent policies should be put into place and practiced by the state and its people in order to avoid this dangerous pitfall.

Riaz Haq said...

The existential threat from cyber-enabled information warfare
Herbert Lin

Corruption of the information ecosystem is not just a multiplier of two long-acknowledged existential threats to the future of humanity – climate change and nuclear weapons. Cyber-enabled information warfare has also become an existential threat in its own right, its increased use posing the possibility of a global information dystopia, in which the pillars of modern democratic self-government – logic, truth, and reality – are shattered, and anti-Enlightenment values undermine civilization as we know it around the world.

Riaz Haq said...

Pakistan has established #Cyber Forensic Laboratory at NUST, and the #Computer Emergency Response Team (PAK-CERT). #Pakistan has made major progress in #Nuclear ‘Security and Control Measures’ category with an incredible (+25) points.

Among countries with weapons-usable nuclear materials, Australia for the third time has been ranked at the first position in the sabotage ranking and for the fifth time for its security practices. Likewise, New Zealand and Sweden stand first in the ranking for countries without materials. It is very pertinent to highlight here that Pakistan’s commitment towards nuclear safety and security, has also been duly acknowledged. In this regard, since Pakistan has adopted new on-site physical protection and cyber security regulations, it has been appreciated in the index. This would likely further improve Pakistan’s existing insider threat prevention measures. Nevertheless, the 2020 NTI report has ranked Pakistan among the countries that have nuclear materials but its adherence to nuclear safety and security has been vindicated.

It is worth mentioning here that in the theft ranking for countries with nuclear materials, Pakistan has improved its ranking by an overall score of 7 points. In this regard, Pakistan has made major progress in the ‘Security and Control Measures’ category with an incredible (+25) points based on the new regulations. Also, Pakistan has improved in the Global Norms category with (+1) points. The strengthened laws and regulations have provided sustainable security benefits and resulted in improving Pakistan’s overall score. Moreover, Pakistan’s improvement in the Security and Control Measures category is quite significant. Over time, by improving +8 points in 2014, +2 points in 2016, and +6 points in 2018, Pakistan has steadily improved in the Security and Control Measures category. Owing to new regulations for on-site physical protection its score has improved since 2014. Whereas since 2018; the insider threat protection has also improved. When the report was first launched in 2012, since then Pakistan, unlike other states has improved its score in the security and control measure category with 25 points. This is an incredible improvement as it is the second-largest improvement among the related states.

At the national level, Pakistan has taken various initiatives including; the establishment of Cyber Forensic Laboratory at the National University of Science and Technology (NUST), and the Computer Emergency Response Team (PAK-CERT) to deal with cyber-related threats. Furthermore, the National Centre for Cyber Security at the Air University also aims at making cyberspace of Pakistan more secure. It has affiliated Research and Development Laboratories working on projects related to network security systems and smart devices. To maintain such a status, in the longer term, Pakistan needs to further expand the scope of its existing national cyber policy framework. This would enhance Pakistan’s capabilities to tackle cyber threats to nuclear security in a more efficient way.

Hence, the emergence of cyber threats to nuclear security both at the regional and the global levels needs to be addressed with greater cooperation among the states. Likewise, it is also essential to address the human factor for cyber security when insiders could unwittingly introduce or exacerbate cyber vulnerabilities. Pakistan needs to further enhance the role and increase the capacity of its specialized cyber workforce. In this regard, if required, the number of highly skilled technical staff may be increased keeping view of the emergent cyber threats to the nuclear facilities.

Riaz Haq said...

Pakistan’s cyberspace at the mercy of hackers
Officials, experts say need to enact cybersecurity, data protection laws dire

As things stand, Pakistan counts itself among countries considered unsafe for internet users. The 2017 Global Cybersecurity Index places Pakistan at 67 on a list of 165 countries ranked according to how safe their cyber-environments are. Of Pakistan’s roughly 45 million internet users, a staggering 25% have been attacked one way or another by hackers.

In particular, the cyberattacks on Pakistani banks reported late last year underscored the woeful inadequacy of current cybercrime laws. In that episode, hackers stole credit card details of more than 20,000 customers from 22 Pakistani banks and leaked them over the ‘dark web’ – portions of the internet not open to public view and accessible only through special software.

Federal Investigation Agency (FIA) officials complain that current cybercrime laws do not recognise invasion of online privacy and unauthorised access to personal data as criminal offenses, putting Pakistani internet users at great risk of misuse of private information. To further complicate matters, social media networks and email services are not bound to relinquish any information for investigation.

Both officials and experts agree there is a pressing need to formulate an enforceable national cybersecurity framework and set up computer emergency response teams (CERTs) to prosecute and prevent such incidents.

Speaking to The Express Tribune, FIA Additional Director General Ammar Jaffery compared the lack of a legal framework covering cybersecurity to leaving a house unlocked.

“Would you not be practically inviting thieves to rob you? This is exactly what Pakistan’s current situation is with regards to cybersecurity,” he said, stressing the need to immediately introduce laws pertaining to cybersecurity. “Better cybersecurity supported by robust laws would deter would-be criminals from engaging in cybercrimes.”

“The Prevention of Electronic Crimes Act (PECA) which we have right now has some loopholes,” said Zeeshan Riaz, a lawyer who specialises in cybercrime cases. “Take data theft for example, there is no proper law covering it. If someone’s data was stolen today, authorities would encounter difficulties in determining cognisable and non-cognisable offenses, and obtaining warrants.”

Riaz Haq said...

Rank 2019

Rank 2020 Country Score 2019 Score 2020 % of Mobiles Infected with Malware Financial Malware Attacks (% of Users) % of Computers Infected with Malware % of Telnet Attacks by Originating Country (IoT) % of Attacks by Cryptominers Best Prepared for Cyberattacks Most Up-to-Date Legislation
1 1 Algeria 55.75 48.99 26.47 0.5 19.75 0.07 1.27 0.262 1
- 1 Tajikistan - 48.54 2.62 1.4 8.12 0.01 7.90 0.263 2
- 3 Turkmenistan - 48.39 4.89 1.1 5.84 0 7.79 0.115 2
- 4 Syria - 44.51 10.15 1.2 13.99 0.01 1.36 0.237 1
9 5 Iran 43.29 43.48 52.68 0.8 7.21 3.31 1.43 0.641 2
8 6 Belarus 45.09 41.64 2.10 2.9 13.34 0.05 2.35 0.578 3
6 7 Bangladesh 47.21 40.36 30.94 0.8 16.46 0.38 1.91 0.525 3.5
7 8 Pakistan 47.10 40.33 28.13 0.8 9.96 0.37 2.41 0.407 2.5
5 9 Uzbekistan 50.50 39.41 4.14 2.1 10.5 0.02 4.99 0.666 3
According to our study, Algeria is still the least cyber-secure country in the world despite its score improving slightly. With no new legislation (as was the same with all countries), it is still the country with the poorest legislation (only one piece of legislation — concerning privacy — is in place). It also scored poorly for computer malware infection rates (19.75%) and its preparation for cyberattacks (0.262). Nevertheless, only its score for lack of preparation that worsened over the last year (and its score for legislation which couldn’t get any worse). In all of the other categories, attacks declined, as was the common trend for most countries.

Other high-ranking countries were Tajikistan, Turkmenistan, Syria, and Iran, which took over from last year’s Indonesia, Vietnam, Tanzania, and Uzbekistan.

The highest-scoring countries per category were:

Highest percentage of mobile malware infections – Iran – 52.68% of users
Highest number of financial malware attacks – Belarus – 2.9% of users
Highest percent of computer malware infections – Tunisia – 23.26% of users
Highest percentage of telnet attacks (by originating country) – China – 13.78%
Highest percentage of attacks by cryptominers – Tajikistan – 7.9% of users
Least prepared for cyber attacks – Turkmenistan – 0.115
Worst up-to-date legislation for cybersecurity – Algeria – 1 key category covered
Apart from Algeria, China was the only country that stayed at the top of one of these lists – all of the other countries are new since last year.

Riaz Haq said...

Indian cyber-spy ‘Confucius’ targets #Pakistan, #Kashmir: #Indian hackers using #malware to target Pakistani military officials, Pak's top #nuclear regulator and #Indian election officials in #Indian Occupied Kashmir, says San Francisco-based Lookout Inc.

Oakland, California: A hacking group with ties to the Indian military adopted a pair of mobile surveillance tools to spy on geopolitical targets in Pakistan and Kashmir amid persistent regional tensions between the nuclear-armed neighbours, according to a report from a cyber security company.

The group is known for commandeering legitimate web services in South Asia and embedding surveillance tools or malware inside apps and services to conduct espionage. Since 2017, and as recently as December, the hackers have relied on spyware to target Pakistani military officials, the country’s top nuclear regulator and Indian election officials in the disputed state of Kashmir, according to the report released by San Francisco-based Lookout Inc on Thursday.

The campaign appears to be just the latest example of hackers targeting sensitive security targets with social engineering tactics - luring victims to download malicious files disguised as benign applications. What’s unique about attacks by the group, dubbed Confucius, is the extent to which its operators go to veil their efforts, experts say.

Using knock-off web applications disguised as Google security tools and popular regional chat and dating applications, Confucius managed to access 156 victims’ devices in a trove of data recently discovered by the research team. The files and related logs were found in unsecured servers used by the attack group, according to the report. Most of the users who recently accessed those servers were based in Northern India.

Once the attackers penetrate a device, they scrape it for data, including call logs, contacts, geolocation, images and voice notes. In some cases, the hackers took screen shots of the devices and recorded phone calls. In at least one instance, intruders got inside the device of a Pakistani Air Force service member and viewed a contact list filled with other Air Force officials, said Apurva Kumar, Lookout’s staff security intelligence engineer.

“While their technical tools and malwares might not be that advanced, the Confucius threat actor invests human time to gain trust from their targets,” said Daniel Lunghi, threat researcher at the cyber security firm, Trend Micro. “And in certain sensitive fields where people are more cautious, it might be what makes the difference.”

In two cases, researchers discovered that hackers stole the contents of WhatsApp chat conversations from 2017 and 2018 between officials at the Pakistan Nuclear Regulatory Authority, Pakistan Atomic Energy Commission and unknown third-parties. Then in April 2019, in the midst of India’s latest national election, the attackers burrowed into the device of an election official in the Pulwama region of Kashmir, where months earlier an Indian security convoy was attacked by a Pakistan-based Islamic terrorist in a deadly explosion.

Kumar said she couldn’t disclose the details of the stolen data.

Her research indicates the espionage campaign ramped up in 2018 after unknown hackers breached the commercial surveillance-ware provider, Retina-X Studios. Hornbill, one of the malware tools used by the attackers, shares code similarities with Retina-X’s Mobile Spy products. Another piece of malicious software called Sunbird, which is capable of remotely commandeering a user’s device, appears to be rooted in code for a stalkerware service called, BuzzOutLoud, based in India.

Riaz Haq said...

Experts are unanimous in saying that the most important target of #Indian #cyber-#espionage & #cyberattacks by far is #Pakistan. Limited employment prospects of Indian techies have created a swarm of underground threat actors in #India| The Daily Swig

ANALYSIS India is sometimes overlooked by some in the threat intelligence community, even though the South Asian nation has advanced cyber capabilities – not least a huge pool of talent.

The country boasts a large number of engineers, programmers, and information security specialists, but not all of this tech talent was put to good use, even before the Covid-19 pandemic cast a shadow over the global economy.

Their somewhat limited employment prospects are said to have created a swarm of underground Indian threat actors eager to show off their hacking talents and make money – a resource that the Indian government might be able to tap into in order to bolster its own burgeoning cyber-espionage resources.

India is in catch-up mode for now, but has the technical resources to make rapid progress.

Who is being targeted by Indian hacking groups?
Geopolitical factors have fueled an increase in cyber threat activity both originating from and targeting India.

Experts quizzed by The Daily Swig were unanimous in saying that the most important target of Indian cyber-espionage by far is Pakistan – a reflection of the decades-long struggle over the disputed region of Kashmir.

China, India’s neighbour and an ally of Pakistan, is also a top target of state-sponsored Indian cyber-espionage.

Paul Prudhomme, head of threat intelligence advisory at IntSights, told The Daily Swig: “Indian cyber-espionage differs from that of other top state-sponsored threats, such as those of Russia and China, in the less ambitious geographic scope of their attacks.”

Other common targets of Indian hacking activity include other nations of the South Asian subcontinent, such as Bangladesh, Sri Lanka, and Nepal. Indian espionage groups may sometimes expand their horizons further to occasional targets in Southeast Asia or the Middle East.

Indian cyber-espionage groups typically seek information on Pakistan’s government, military, and other organizations to inform and improve its own national security posture.

But this is far from the only game in town.

For example, one Indian threat group called ‘Dark Basin’ has allegedly targeted advocacy groups, senior politicians, government officials, CEOs, journalists, and human rights activists across six continents over the last seven years.

India is currently considered to have a less mature cyber warfare armoury and capability than the ‘Big Six’ – China, North Korea, Russia, Israel, the UK, and US – but this may change over time since its capability is growing.

Chris Sedgwick, director of security operations at Talion, the managed security service spinoff of what used to be BAE System’s intelligence division, commented:

The sophistication of the various Indian cyber threat actors do not appear to be in the same league as China or Russia, and rather than having the ability to call on a cache of 0-day exploits to utilise, they have been known to use less sophisticated – but still fairly effective – techniques such as decoy documents containing weaponised macros.

Riaz Haq said...

Experts are unanimous in saying that the most important target of #Indian #cyber-#espionage & #cyberattacks by far is #Pakistan. Limited employment prospects of Indian techies have created a swarm of underground threat actors in #India| The Daily Swig

Morgan Wright, chief security advisor at SentinelOne and former US State Department special advisor, told The Daily Swig: “India’s growing offensive capability is still immature compared to China, North Korea, Russia, Israel, the UK and US. However, there is no shortage of people with advanced technical skills in India.”

With Covid-19 causing significant unemployment in India, it can be “safely assumed a portion of people with these skills will engage in cybercrime”, according to Wright.

“Ironically, tactics learned in committing cybercrime will be of value to the intelligence and military establishment in India as they develop and grow units to engage in cyber warfare and espionage,” he said.

India security

Assaf Dahan, senior director and head of threat research at Cybereason, told The Daily Swig: “The level of sophistication of the activity groups affiliated with India can vary; some groups have shown a high level of sophistication and use of advanced custom-built tools or advanced exploits, while others exhibited significantly less sophisticated capabilities.

“Sometimes a group might exhibit different levels of sophistication on different operations, based on the group’s needs and reasoning,” he added.

Dahan concluded: “Another point to remember: the level of sophistication isn’t always correlated with the success rate of the group’s operation or goals. Sometimes, simple social engineering attacks delivering a known commodity malware can be enough to get the threat actors what they want.”

What examples are there of Indian APT groups?
Recent attacks by Indian hacker groups:

The highly active cyber-espionage entity known as SideWinder has been plaguing governments and enterprises since 2012. A recently released report by AT&T Alien Labs shows most of SideWinder’s activity is heavily focused on South Asia and East Asia, with the group likely supporting Indian political interests.
The allegedly Indian state-sponsored group Dropping Elephant has been known to target the Chinese government via spear-phishing and watering hole attacks.
Viceroy Tiger has been known to use weaponised Microsoft Office documents in spear-phishing campaigns. Security researchers at Lookout recently went public with research on mobile malware attributed to the threat actors and rated as medium sophistication.

The level of direct Indian government involvement in some of these operations is contested.
Cybereason’s Dahan cautioned: “The line between ‘state operated’ or ‘state ordered’ can be rather fine, so it’s not always easy to link certain operations directly to an official government or military institution, especially due to the growing popularity of cyber mercenaries (hackers-for-hire).”

How might India expand its cyber warfare capabilities and defences?
Through an emerging initiative to provide technology education to 400,000 low-income students, India will significantly increase its cyber “bench strength”, according to Mike Hamilton, former CISO for the City of Seattle and co-founder and CISO of cybersecurity firm CI Security.

Hamilton predicted that a “cybercrime population will emerge [in India] and differentiate itself from nationalist motivations”.

Other experts reckon the flow of talent will run the other way and allow Indian to expand its cyber-espionage capabilities from the cohorts of cybercriminals.

Riaz Haq said...

The ransomware pandemic

Why it matters: Crippling a major U.S. oil pipeline this weekend initially looked like an act of war — but it's now looking like an increasingly normal crime, bought off-the-shelf from a "ransomware as a service" provider known as DarkSide.

"We are on the cusp of a global pandemic," said Christopher Krebs, the first director of the Cybersecurity and Infrastructure Security Agency, told Congress last week. The virus causing the pandemic isn't biological, however. It's software.

Why it matters: Crippling a major U.S. oil pipeline this weekend initially looked like an act of war — but it's now looking like an increasingly normal crime, bought off-the-shelf from a "ransomware as a service" provider known as DarkSide.

Driving the news: Colonial runs the largest refined products pipeline in the country, transporting over 100 million gallons per day. It was shut down on Friday in response to a ransomware attack, and will be reopened in "an incremental process" over the course of this week, per a corporate statement.

That's faster than the market expected — energy prices fell after the statement was released, after rising on the initial shutdown news.
The big picture: No company is safe from ransomware, and often the lines between criminals and state actors can be fuzzy. Preventing even bigger future attacks will require a so-far elusive degree of coordination between the public and private sectors in dozens — if not hundreds of countries.

Threat level: Very high. "Cybersecurity will be the issue of this decade in terms of how much worse it is going to get," IBM CEO Arvind Krishna told reporters Monday.
Currently, per Forrester analyst Allie Mellen, companies' main strategy is to pay up if hit — and to try to be slightly less vulnerable to attack than their competitors. "What do security pros do right now to lower their risk in the face of future ransomware attacks? Outrun the guy next to you,” Mellen says.
Between the lines: If anything, Colonial Pipeline was lucky that it is so important to the functioning of the American economy. Its systemic status helped to mobilize the full resources of the U.S. government, and even elicited an apology, of sorts, from DarkSide.

“Our goal is to make money and not creating problems for society," said the group in a statement on the dark web. "From today, we introduce moderation and check each company that our partners want to encrypt to avoid social consequences.”
What they're saying: "There is no silver bullet for solving this challenge," concludes a major report on combating ransomware from the Institute for Security + Technology. "No single entity alone has the requisite resources, skills, capabilities, or authorities to significantly constrain this global criminal enterprise."

The fight will require the active involvement of the National Security Council, says the report, as well as much more regulation of cryptocurrency, which is invariably used to pay the ransom.
It will also require a major upgrade of technology systems at the state and local level, very few of which have been migrated to cloud-based systems that can try to keep one step ahead of the bad guys.
The bottom line: The Colonial Pipeline attack was so big that it couldn't help but make headlines. But most attacks are quietly paid off with no fanfare and no publicity, making it extremely difficult to gauge the true scale of the problem.

Riaz Haq said...

IISS: Cyber Capabilities and National Power: A Net Assessment


India has frequently been the victim of cyber attacks, including on its critical infrastructure, and has attributed a significant proportion of them to China or Pakistan. CERT-In reported, for example, that there were more than 394,499 incidents in 2019,44 and 2020 saw an upsurge in attacks from China.45 Of particular concern to the Indian government are cyber attacks by North Korea that use Chinese digital infrastructure.46 The vast major- ity of the cyber incidents flagged by CERT-In appear to have been attempts at espionage,47 but they could also have resulted in serious damage to the integrity of
Indian networks and platforms. In 2020, India had the second-highest incidence of ransomware attacks in the world48 and the government banned 117 Chinese mobile applications because of security concerns.49

Public statements by Indian officials and other open- source material indicate that India has developed rela- tively advanced offensive cyber capabilities focused on Pakistan. It is now in the process of expanding these capabilities for wider effect.
India reportedly considered a cyber response against Pakistan in the aftermath of the November 2008 terror- ist attacks in Mumbai, with the NTRO apparently at the forefront of deliberations.67 A former national security advisor has since indicated publicly that India pos- sesses considerable capacity to conduct cyber-sabotage operations against Pakistan,68 which appears credible

Overall, India’s focus on Pakistan will have given it useful operational experience and some viable regional offensive cyber capabilities. It will need to expand its cyber-intelligence reach to be able to deliver sophisti- cated offensive effect further afield, but its close collab- oration with international partners, especially the US, will help it in that regard.

Raj Chengappa and Sandeep Unnithan, ‘How to Punish Pakistan’, India Today, 22 September 2016, https://www. attack-narendra-modi-pakistan-terror-kashmir-nawaz-sharif- india-vajpayee-829603-2016-09-22.

Riaz Haq said...

Pegasus was used to hack mobiles of Pak officials

New Delhi: Mobile phones of around 30 Pakistani government servants, who include serving army generals, officials attached with the ISI and senior bureaucrats, were hacked into by using Pegasus spying software during April and May 2019.

Pegasus takes control of the infected phone by entering the system through WhatsApp.

While the Pakistan government has so far kept the matter under wraps, possibly to avoid panic and public embarrassment, it, however, issued a special secret advisory to heads of departments, a copy of which was also sent to the secretary of Prime Minister Imran Khan, asking them to replace all phones purchased before 10 May 2019 immediately and prohibiting the transfer of official documents by using WhatsApp.

The hacking of the mobile numbers of around 30 officials—the exact number is known only to the group/individual/organisation that hacked into the phones—has sparked a frenzy among government officials because of speculation that key documents and vital information might have landed in unintended hands and offices across borders.

Information and classified documents that are generally found in the mobile phones of top government officials, are regarded as invaluable by both foreign government agencies and private operators as they give valuable insights into otherwise closely guarded policies and plans.

The Sunday Guardian reached out to the NSO Group, the Israel-based company that owns Pegasus, with a detailed questionnaire regarding the recent development. In a statement, the NSO Group said: “To protect the ongoing public safety missions of its agency customers and given significant legal and contractual constraints, NSO Group is not able to disclose who is or is not a client or discuss specific uses of its technology, as explained in its Transparency Statement of Principles. However, the company’s products are licensed only to government intelligence and law enforcement agencies for the sole purpose of preventing and investigating terror and serious crime. NSO’s technology is only licensed after a thorough vetting process that goes well beyond the legal requirements that we follow. All potential customers must meet strict export authority regulations before any sale, in addition to NSO’s internal vetting process that includes a focus on human rights. NSO’s governance framework aligns us with the UN Guiding Principles on Business and Human Rights and sets the highest standards in the cyber intelligence industry, embedding human rights due diligence into everything we do.”

This newspaper also shared its questions with the Pakistan high commission in New Delhi, and Pakistan’s Ministry of Information Technology & Telecom for response. However, no response was shared until the time the story went to press.

The NSO group gained some kind of notoriety after it emerged that Pegasus had infected at least 1,400 numbers across the world through WhatsApp. Facebook, the owner of WhatsApp, has already filed a suit against NSO in US courts for illegally breaking into WhatsApp.

Despite the controversy it has attracted in recent times, “Q Cyber Technologies”, the parent company of NSO, continues to remain active in the world of cyber espionage. It was one of the main sponsors of “ISS World Asia”—touted as the world’s largest gathering of law enforcement agencies, intelligence analysts, electronic surveillance and intelligence gathering—which was held in Kuala Lumpur, Malaysia in the first week of December.

In the said event, “Q Cyber Technologies” had defined itself as a company that equipped select intelligence agencies, militaries and law enforcement organisations around the world with the strategic, tactical and analytical technology capabilities required to ensure the success of their operations in fighting crime and terrorism.

Riaz Haq said...

Ignite Conducts Karachi Qualifier Round of Digital Pakistan Cybersecurity Hackathon 2022

Ignite National Technology Fund, a public sector company with the Ministry of IT & Telecom, conducted the qualifier round of Digital Pakistan Cybersecurity Hackathon 2022 in Karachi on 1st December 2022 after conducting qualifier rounds at Quetta and Lahore.

The Cybersecurity Hackathon aims to improve the cybersecurity readiness, protection, and incident response capabilities of the country by conducting cyber drills at a national level and identifying cybersecurity talent for public and private sector organizations.

Dr. Zain ul Abdin, General Manager Ignite, stated that Ignite was excited about organizing Pakistan’s 2nd nationwide cybersecurity hackathon in five cities this year. The purpose of the Cyber Security Hackathon 2022 is to train and prepare cyber security experts in Pakistan, he said.

Speaking on the occasion, Asim Shahryar Husain, CEO Ignite, said, “The goal of the cybersecurity hackathon is to create awareness about the rising importance of cybersecurity for Pakistan and also to identify and motivate cybersecurity talent which can be hired by public and private sector organizations to secure their networks from cyberattacks.”

“There is a shortage of 3-4 million cybersecurity professionals globally. So this is a good opportunity for Pakistan to build capacity of its IT graduates in cybersecurity so that they can boost our IT exports in future,” he added.

Chief guest, Mohsin Mushtaq, Additional Secretary (Incharge) IT & Telecommunication, said, “Digital Pakistan Cybersecurity Hackathon is a step towards harnessing the national talent to form a national cybersecurity response team.”

“Ignite will continue to hold such competitions every year to identify new talent. I would like to congratulate CEO Ignite and his team for holding such a marathon competition across Pakistan to motivate cybersecurity students and professionals all over the country,” he added.

Top cybersecurity experts were invited for keynote talks during the occasion including Moataz Salah, CEO Cyber Talents, Egypt, and Mehzad Sahar, Group Head InfoSec Engro Corp, who delivered the keynote address on Smart InfoSec Strategy.

Panelists from industry, academia, and MoITT officials participated in two panel discussions on “Cyber Threats and Protection Approaches” and “Indigenous Capability & Emerging Technologies” during the event.

The event also included a cybersecurity quiz competition in which 17 teams participated from different universities. The top three teams in the competition were awarded certificates.

41 teams competed from Karachi in the Digital Pakistan Cybersecurity Hackathon 2022.

The top three teams shortlisted after the eight-hour hackathon were: “Team Control” (Winner); “Revolt” (1st Runner-up); and “ASD” (2nd Runner-up).

These top teams will now compete in the final round of the hackathon in Islamabad later this month.

Riaz Haq said...

Pakistan-linked Malware Campaign Evolves to Target Windows, Android, and macOS

Threat actors with ties to Pakistan have been linked to a long-running malware campaign dubbed Operation Celestial Force since at least 2018.

The activity, still ongoing, entails the use of an Android malware called GravityRAT and a Windows-based malware loader codenamed HeavyLift, according to Cisco Talos, which are administered using another standalone tool referred to as GravityAdmin.

The cybersecurity attributed the intrusion to an adversary it tracks under the moniker Cosmic Leopard (aka SpaceCobra), which it said exhibits some level of tactical overlap with Transparent Tribe.

"Operation Celestial Force has been active since at least 2018 and continues to operate today — increasingly utilizing an expanding and evolving malware suite — indicating that the operation has likely seen a high degree of success targeting users in the Indian subcontinent," security researchers Asheer Malhotra and Vitor Ventura said in a technical report shared with The Hacker News.

GravityRAT first came to light in 2018 as a Windows malware targeting Indian entities via spear-phishing emails, boasting of an ever-evolving set of features to harvest sensitive information from compromised hosts. Since then, the malware has been ported to work on Android and macOS operating systems, turning it into a multi-platform tool.

Subsequent findings from Meta and ESET last year uncovered continued use of the Android version of GravityRAT to target military personnel in India and among the Pakistan Air Force by masquerading it as cloud storage, entertainment, and chat apps.

Cisco Talos' findings bring all these disparate-but-related activities under a common umbrella, driven by evidence that points to the threat actor's use of GravityAdmin to orchestrate these attacks.

Cosmic Leopard has been predominantly observed employing spear-phishing and social engineering to establish trust with prospective targets, before sending them a link to a malicious site that instructs them to download a seemingly innocuous program that drops GravityRAT or HeavyLift depending on the operating system used.

GravityRAT is said to have been put to use as early as 2016. GravityAdmin, on the other hand, is a binary used to commandeer infected systems since at least August 2021 by establishing connections with GravityRAT and HeavyLift's command-and-control (C2) servers.