Friday, January 15, 2021

Oxford Disinfo Report: India, Pakistan Among Top Nations With "High Cyber Capacity"

Oxford University's report on global disinformation ranks India and Pakistan among top 17 "high cyber troop capacity" countries. The report defines "cyber troop capacity" in terms of numbers of people and the size of budget allocated to psychological operations or information warfare. "Cyber troop activity" as defined by the report includes social media manipulation by governments and political parties, and the various private companies and other organizations they work with to spread disinformation. Oxford report shows that India's cyber troops are "centralized" while those in Pakistan, US and UK are "decentralized". EU Disinfo Lab, an NGO that specializes in disinformation campaigns, has found that India is carrying out a massive 15-year-long disinformation campaign to hurt Pakistan. 

High Cyber Capacity Countries. Source: Oxford University Disinfo Report 2020


High Cyber Capacity: 
 

Countries ranked among "high cyber troop capacity" group by the Oxford disinformation report include:   Australia, China, Egypt, India, Iran, Iraq, Israel, Myanmar, Pakistan, Philippines, Russia, Saudi Arabia, Ukraine, United Arab Emirates, United Kingdom, United States, Venezuela, and Vietnam.   Oxford report shows that India's cyber troops are "centralized" while those in Pakistan, US and UK are "decentralized". Here's an excerpt of the report:

"High cyber troop capacity involves large numbers of staff, and large budgetary expenditure on psychological operations or information warfare. There might also be significant funds spent on research and development, as well as evidence of a multitude of techniques being used. These teams do not only operate during elections but involve full-time staff dedicated to shaping the information space. High-capacity cyber troop teams focus on foreign and domestic operations. They might also dedicate funds to state-sponsored media for overt propaganda campaigns. High-capacity teams include: Australia, China, Egypt, India, Iran, Iraq, Israel, Myanmar, Pakistan, Philippines, Russia, Saudi Arabia, Ukraine, United Arab Emirates, United Kingdom, United States, Venezuela, and Vietnam". 

Indian Chronicles: 

EU Disinfo Lab, an NGO that specializes in disinformation campaigns, has found that India is carrying out a massive 15-year-long disinformation campaign to hurt Pakistan. The key objective of the Indian campaign as reported in "Indian Chronicles" is as follows: "The creation of fake media in Brussels, Geneva and across the world and/or the repackaging and dissemination via ANI and obscure local media networks – at least in 97 countries – to multiply the repetition of online negative content about countries in conflict with India, in particular Pakistan".  After the disclosure of India's anti-Pakistan propaganda campaign, Washington-based US analyst Michael Kugelman tweeted: "The scale and duration of the EU/UN-centered Indian disinformation campaign exposed by @DisinfoEU is staggering. Imagine how the world would be reacting if this were, say, a Russian or Chinese operation".  
American Analyst Michael Kugelman's Tweet on Indian Disinformation Campaign


Firehose of Falsehood:

What Kugelman calls "Russian Operation" appears to be a reference to a US government-funded think tank RAND Corporation's report entitled "The Russian "Firehose of Falsehood" Propaganda Model". Here is an except of the RAND report:

"Russian propaganda is produced in incredibly large volumes and is broadcast or otherwise distributed via a large number of channels. This propaganda includes text, video, audio, and still imagery propagated via the Internet, social media, satellite television, and traditional radio and television broadcasting. The producers and disseminators include a substantial force of paid Internet “trolls” who also often attack or undermine views or information that runs counter to Russian themes, doing so through online chat rooms, discussion forums, and comments sections on news and other websites".

EU Disinformation Lab Report on India's Disinformation Campaign Against Pakistan

Indian Political Unity Against Pakistan:  

Former US President Barack Obama has observed that “Expressing hostility toward Pakistan was still the quickest route to national unity (in India)”.  The Indian disinformation campaign is a manifestation of Indians' political unity against Pakistan.  EU Disinfo Lab has found that Indian Chronicles is a 15-year-long campaign that started in 2005 on former Prime Minister Manmohan Singh's watch, well before Prime Minister Narendra Modi's election to India's highest office in 2014. It has grown to over 750 fake media outlets covering 119 countries. There are over 750 domain names, some in the name of dead people and others using stolen identities.  Here is an excerpt of EU Disinfo Lab's report:

"The creation of fake media in Brussels, Geneva and across the world and/or the repackaging and dissemination via ANI and obscure local media networks – at least in 97 countries – to multiply the repetition of online negative content about countries in conflict with India, in particular Pakistan". 

RAND's Recipe:  

Traditional countermeasures are ineffective against "firehose of falsehoods" propaganda techniques. As researchers Christopher Paul and Miriam Mathews of RAND put it: "Don't expect to counter the firehose of falsehood with the squirt gun of truth." They suggest:

1. Repeating the counter-information 

2. Providing an alternative story to fill in the gaps created when false "facts" are removed 

2. Forewarning people about propaganda, highlighting the ways propagandists manipulate public opinion. 

3.  Countering the effects of propaganda, rather than the propaganda itself; for example, to counter propaganda that undermines support for a cause, work to boost support for that cause rather than refuting the propaganda directly 

5. Turning off the flow by enlisting the aid of Internet service providers and social media services, and conducting electronic warfare and cyberspace operation

Summary: 

Recently released Oxford University Report entitled "Industrialized Disinformation 2020 Global Inventory of Organized Social Media Manipulation" has put both India and Pakistan among "high cyber capacity" countries. Oxford report shows that India's cyber troops are "centralized" while those in Pakistan, US and UK are "decentralized". India with its massive disinformation campaign against Pakistan appears to be following what a US think tank RAND calls "Firehose of Falsehoods". Pakistani policymakers charged with countering the Indian propaganda should read the RAND report "Firehose of Falsehoods" for its 5 specific recommendations to the US government to effectively respond to the Russian disinformation campaign. In particular they should heed its key advice: "All other things being equal, messages received in greater volume and from more sources will be more persuasive.......Don't expect to counter Russia's firehose of falsehoods with the squirt gun of truth. Instead, put raincoats on those at whom the firehose is aimed" 


16 comments:

Riaz Haq said...

India, Pakistan among 7 nations with state actors active online for propaganda: Study
In India, cyber troop activity was found in two instances by a political party or politicians, three or more instances by a private contractor, on one instance by civil society organisation, and one by citizens and influencers.

https://indianexpress.com/article/india/india-pakistan-among-7-nations-with-state-actors-active-online-for-propaganda-study-6035217/

India figures in a small bunch of seven countries — along with China, Iran, Pakistan, Russia, Saudi Arabia, and Venezuela — where state actors use computational propaganda on Facebook and Twitter to influence global audiences, according to a comprehensive report on disinformation campaigns released by the Computational Propaganda project at Oxford on Thursday.

The report found at least seven instances of “cyber troops” in India, and private contractors came out to be the most active “cyber troops” in the country.

These troops are “government or political party actors tasked with manipulating public opinion online”, according to the report, and only Malaysia, Philippines, the UAE, and the US had as many or more instances as India. The report labelled India as “medium-capacity” for “cyber troops”. It stated, “Multiple teams ranging in size from 50-300 people. Multiple contracts and advertising expenditures valued at over 1.4M US.” Other countries in the category are Brazil, Pakistan, and the UK.

Over three years, the researchers examined 70 countries in which these operations do three things: suppress fundamental human rights, discredit political opposition, and drown out political dissent.

In India, cyber troop activity was found in two instances by a political party or politicians, three or more instances by a private contractor, on one instance by civil society organisation, and one by citizens and influencers.

In the first big crackdown on fake accounts for “inauthentic behaviour” in the run-up to Lok Sabha polls in April, Facebook removed more than 700 pages, groups and accounts from India. Those taken down include accounts associated with the Congress IT cell and Silver Touch Technologies, a company that has worked for the government and the BJP. They were taken down for attempts to deceive users of their identities, according to the company.

The report found that in India, bot-led automated manipulation as well as human-led manipulation spread propaganda for a party, attacked its political opposition, and spread polarising messaging designed to drive divisions.

In India, it found the use of disinformation and media manipulation, data-driven strategies, amplifying content by flooding hashtags, and troll armies that harass dissidents or journalists online. The only technique that the researchers did not find in India that was present in other countries was mass-reporting of content or accounts.

“The co-option of social media technologies provides authoritarian regimes with a powerful tool to shape public discussions and spread propaganda online, while simultaneously surveilling, censoring, and restricting digital public spaces,” the report says.

Of the 70 countries, 44 had campaigns conducted by government actors, such as a digital ministry or the military, and 45 had campaigns led by political parties or politicians, the report found. This is a 150-per cent increase in countries using organised social media manipulation campaigns.
This year, 70 countries saw campaigns of this kind; the corresponding figures 48 in 2018, and 28 in the year before.

The methodology involved news reporting analysis, a secondary literature review of public archives and scientific reports, drafting country case studies, and expert consultations.

On a platform-wise breakdown of the campaigns, India appeared on Facebook, WhatsApp and Twitter but not on YouTube and Instagram. Even with a growth of these activities on WhatsApp, Instagram and YouTube, the report found that Facebook still firmly remained the platform with the most manipulation activity.

Riaz Haq said...

Indian cyber-spy ‘Confucius’ targets #Pakistan, #Kashmir: #Indian hackers using #malware to target Pakistani military officials, Pak's top #nuclear regulator and #Indian election officials in #Indian Occupied Kashmir, says San Francisco-based Lookout Inc.
https://www.smh.com.au/world/asia/indian-cyber-spy-confucius-targets-pakistan-kashmir-security-report-20210211-p571q3.html

Oakland, California: A hacking group with ties to the Indian military adopted a pair of mobile surveillance tools to spy on geopolitical targets in Pakistan and Kashmir amid persistent regional tensions between the nuclear-armed neighbours, according to a report from a cyber security company.

The group is known for commandeering legitimate web services in South Asia and embedding surveillance tools or malware inside apps and services to conduct espionage. Since 2017, and as recently as December, the hackers have relied on spyware to target Pakistani military officials, the country’s top nuclear regulator and Indian election officials in the disputed state of Kashmir, according to the report released by San Francisco-based Lookout Inc on Thursday.

The campaign appears to be just the latest example of hackers targeting sensitive security targets with social engineering tactics - luring victims to download malicious files disguised as benign applications. What’s unique about attacks by the group, dubbed Confucius, is the extent to which its operators go to veil their efforts, experts say.

Using knock-off web applications disguised as Google security tools and popular regional chat and dating applications, Confucius managed to access 156 victims’ devices in a trove of data recently discovered by the research team. The files and related logs were found in unsecured servers used by the attack group, according to the report. Most of the users who recently accessed those servers were based in Northern India.

Once the attackers penetrate a device, they scrape it for data, including call logs, contacts, geolocation, images and voice notes. In some cases, the hackers took screen shots of the devices and recorded phone calls. In at least one instance, intruders got inside the device of a Pakistani Air Force service member and viewed a contact list filled with other Air Force officials, said Apurva Kumar, Lookout’s staff security intelligence engineer.

“While their technical tools and malwares might not be that advanced, the Confucius threat actor invests human time to gain trust from their targets,” said Daniel Lunghi, threat researcher at the cyber security firm, Trend Micro. “And in certain sensitive fields where people are more cautious, it might be what makes the difference.”

In two cases, researchers discovered that hackers stole the contents of WhatsApp chat conversations from 2017 and 2018 between officials at the Pakistan Nuclear Regulatory Authority, Pakistan Atomic Energy Commission and unknown third-parties. Then in April 2019, in the midst of India’s latest national election, the attackers burrowed into the device of an election official in the Pulwama region of Kashmir, where months earlier an Indian security convoy was attacked by a Pakistan-based Islamic terrorist in a deadly explosion.

Kumar said she couldn’t disclose the details of the stolen data.

Her research indicates the espionage campaign ramped up in 2018 after unknown hackers breached the commercial surveillance-ware provider, Retina-X Studios. Hornbill, one of the malware tools used by the attackers, shares code similarities with Retina-X’s Mobile Spy products. Another piece of malicious software called Sunbird, which is capable of remotely commandeering a user’s device, appears to be rooted in code for a stalkerware service called, BuzzOutLoud, based in India.

Riaz Haq said...

#US company unmasks state-sponsored Android spyware tied to #India. #Spyware targets personnel linked to #Pakistan’s #military and #nuclear authorities & #Indian election officials in Indian Occupied #Kashmir. Also Pakistani nationals in #UAE and #India. https://www.securitymagazine.com/articles/94573-lookout-unmasks-state-sponsored-android-spyware-tied-to-india-pakistan-conflict#.YCrG-roWg2o.twitter

Lookout, Inc., provider of mobile security solutions, announced the discovery of two novel Android surveillanceware, Hornbill and SunBird. The Lookout Threat Intelligence team believes these campaigns are connected to the Confucius APT, a well-known pro-India state-sponsored advanced persistent threat group. Hornbill and SunBird have sophisticated capabilities to exfiltrate SMS message content, encrypted messaging app content, geolocation, contact information, call logs, as well as file and directory listings. The surveillanceware targets personnel linked to Pakistan’s military and nuclear authorities and Indian election officials in Kashmir.

The Confucius group was previously reported to have first leveraged mobile malware in 2017 with ChatSpy[1]. However, based on this new discovery, Lookout researchers found that Confucius may have been spying on mobile users for up to a year prior to ChatSpy with SunBird. SunBird campaigns were first detected by Lookout researchers in 2017 but no longer seem to be active. The APT’s latest malware, Hornbill, is still actively in use and Lookout researchers have observed new samples as recently as December 2020.

“One characteristic of Hornbill and SunBird that stands out is their intense focus on exfiltrating a target's communications via WhatsApp,” said Apurva Kumar, Staff Security Intelligence Engineer at Lookout. “In both cases, the surveillanceware abused the Android accessibility services in a variety of ways to exfiltrate communications without the need for root access. SunBird can also record calls made through WhatsApp’s VoIP service, exfiltrate data on applications such as BlackBerry Messenger and imo, as well as execute attacker-specified commands on an infected device.”

Both Hornbill and SunBird appear to be evolved versions of commercial Android surveillance tooling. Hornbill was likely derived from the same code base as an earlier commercial surveillance product known as MobileSpy. Meanwhile, SunBird can be linked back to the Indian developers responsible for BuzzOut, an older commercial spyware tool. The Lookout researchers' theory that SunBird’s roots also lay in stalkerware is supported by content found in the exfiltrated data that they uncovered on the malware’s infrastructure in 2018. The data uncovered includes information about the stalkerware victims and campaigns targeting Pakistani nationals in their home country as well as those traveling abroad in the United Arab Emirates (UAE) and India.

Riaz Haq said...

Experts are unanimous in saying that the most important target of #Indian #cyber-#espionage & #cyberattacks by far is #Pakistan. Limited employment prospects of Indian techies have created a swarm of underground threat actors in #India| The Daily Swig
https://portswigger.net/daily-swig/indian-cyber-espionage-activity-rising-amid-growing-rivalry-with-china-pakistan


ANALYSIS India is sometimes overlooked by some in the threat intelligence community, even though the South Asian nation has advanced cyber capabilities – not least a huge pool of talent.

The country boasts a large number of engineers, programmers, and information security specialists, but not all of this tech talent was put to good use, even before the Covid-19 pandemic cast a shadow over the global economy.

Their somewhat limited employment prospects are said to have created a swarm of underground Indian threat actors eager to show off their hacking talents and make money – a resource that the Indian government might be able to tap into in order to bolster its own burgeoning cyber-espionage resources.

India is in catch-up mode for now, but has the technical resources to make rapid progress.

Who is being targeted by Indian hacking groups?
Geopolitical factors have fueled an increase in cyber threat activity both originating from and targeting India.

Experts quizzed by The Daily Swig were unanimous in saying that the most important target of Indian cyber-espionage by far is Pakistan – a reflection of the decades-long struggle over the disputed region of Kashmir.

China, India’s neighbour and an ally of Pakistan, is also a top target of state-sponsored Indian cyber-espionage.

Paul Prudhomme, head of threat intelligence advisory at IntSights, told The Daily Swig: “Indian cyber-espionage differs from that of other top state-sponsored threats, such as those of Russia and China, in the less ambitious geographic scope of their attacks.”


Other common targets of Indian hacking activity include other nations of the South Asian subcontinent, such as Bangladesh, Sri Lanka, and Nepal. Indian espionage groups may sometimes expand their horizons further to occasional targets in Southeast Asia or the Middle East.

Indian cyber-espionage groups typically seek information on Pakistan’s government, military, and other organizations to inform and improve its own national security posture.

But this is far from the only game in town.

For example, one Indian threat group called ‘Dark Basin’ has allegedly targeted advocacy groups, senior politicians, government officials, CEOs, journalists, and human rights activists across six continents over the last seven years.

India is currently considered to have a less mature cyber warfare armoury and capability than the ‘Big Six’ – China, North Korea, Russia, Israel, the UK, and US – but this may change over time since its capability is growing.

Chris Sedgwick, director of security operations at Talion, the managed security service spinoff of what used to be BAE System’s intelligence division, commented:

The sophistication of the various Indian cyber threat actors do not appear to be in the same league as China or Russia, and rather than having the ability to call on a cache of 0-day exploits to utilise, they have been known to use less sophisticated – but still fairly effective – techniques such as decoy documents containing weaponised macros.

Riaz Haq said...

Experts are unanimous in saying that the most important target of #Indian #cyber-#espionage & #cyberattacks by far is #Pakistan. Limited employment prospects of Indian techies have created a swarm of underground threat actors in #India| The Daily Swig
https://portswigger.net/daily-swig/indian-cyber-espionage-activity-rising-amid-growing-rivalry-with-china-pakistan


Morgan Wright, chief security advisor at SentinelOne and former US State Department special advisor, told The Daily Swig: “India’s growing offensive capability is still immature compared to China, North Korea, Russia, Israel, the UK and US. However, there is no shortage of people with advanced technical skills in India.”

With Covid-19 causing significant unemployment in India, it can be “safely assumed a portion of people with these skills will engage in cybercrime”, according to Wright.

“Ironically, tactics learned in committing cybercrime will be of value to the intelligence and military establishment in India as they develop and grow units to engage in cyber warfare and espionage,” he said.


India security

Assaf Dahan, senior director and head of threat research at Cybereason, told The Daily Swig: “The level of sophistication of the activity groups affiliated with India can vary; some groups have shown a high level of sophistication and use of advanced custom-built tools or advanced exploits, while others exhibited significantly less sophisticated capabilities.

“Sometimes a group might exhibit different levels of sophistication on different operations, based on the group’s needs and reasoning,” he added.

Dahan concluded: “Another point to remember: the level of sophistication isn’t always correlated with the success rate of the group’s operation or goals. Sometimes, simple social engineering attacks delivering a known commodity malware can be enough to get the threat actors what they want.”

What examples are there of Indian APT groups?
Recent attacks by Indian hacker groups:

The highly active cyber-espionage entity known as SideWinder has been plaguing governments and enterprises since 2012. A recently released report by AT&T Alien Labs shows most of SideWinder’s activity is heavily focused on South Asia and East Asia, with the group likely supporting Indian political interests.
The allegedly Indian state-sponsored group Dropping Elephant has been known to target the Chinese government via spear-phishing and watering hole attacks.
Viceroy Tiger has been known to use weaponised Microsoft Office documents in spear-phishing campaigns. Security researchers at Lookout recently went public with research on mobile malware attributed to the threat actors and rated as medium sophistication.

The level of direct Indian government involvement in some of these operations is contested.
Cybereason’s Dahan cautioned: “The line between ‘state operated’ or ‘state ordered’ can be rather fine, so it’s not always easy to link certain operations directly to an official government or military institution, especially due to the growing popularity of cyber mercenaries (hackers-for-hire).”

How might India expand its cyber warfare capabilities and defences?
Through an emerging initiative to provide technology education to 400,000 low-income students, India will significantly increase its cyber “bench strength”, according to Mike Hamilton, former CISO for the City of Seattle and co-founder and CISO of cybersecurity firm CI Security.

Hamilton predicted that a “cybercrime population will emerge [in India] and differentiate itself from nationalist motivations”.

Other experts reckon the flow of talent will run the other way and allow Indian to expand its cyber-espionage capabilities from the cohorts of cybercriminals.

Riaz Haq said...

#China Appears to Warn #India : Push Too Hard and the Lights Could Go Out in the Entire #SouthAsian Nation of 1.3 billion. Most of the #malware was never activated in the #Mumbai grid attack that was meant as a warning to #Modi. - The New York Times

https://www.nytimes.com/2021/02/28/us/politics/china-india-hacking-electricity.html

As border skirmishing increased last year, malware began to flow into the Indian electric grid, a new study shows, and a blackout hit Mumbai. It now looks like a warning.

Early last summer, Chinese and Indian troops clashed in a surprise border battle in the remote Galwan Valley, bashing each other to death with rocks and clubs.

Four months later and more than 1,500 miles away in Mumbai, India, trains shut down and the stock market closed as the power went out in a city of 20 million people. Hospitals had to switch to emergency generators to keep ventilators running amid a coronavirus outbreak that was among India’s worst.

Now, a new study lends weight to the idea that those two events may well have been connected — as part of a broad Chinese cybercampaign against India’s power grid, timed to send a message that if India pressed its claims too hard, the lights could go out across the country.

The study shows that as the standoff continued in the Himalayas, taking at least two dozen lives, Chinese malware was flowing into the control systems that manage electric supply across India, along with a high-voltage transmission substation and a coal-fired power plant.


The flow of malware was pieced together by Recorded Future, a Somerville, Mass., company that studies the use of the internet by state actors. It found that most of the malware was never activated. And because Recorded Future could not get inside India’s power systems, it could not examine the details of the code itself, which was placed in strategic power-distribution systems across the country. While it has notified Indian authorities, so far they are not reporting what they have found.

Stuart Solomon, Recorded Future’s chief operating officer, said that the Chinese state-sponsored group, which the firm named Red Echo, “has been seen to systematically utilize advanced cyberintrusion techniques to quietly gain a foothold in nearly a dozen critical nodes across the Indian power generation and transmission infrastructure.”

The discovery raises the question about whether an outage that struck on Oct. 13 in Mumbai, one of the country’s busiest business hubs, was meant as a message from Beijing about what might happen if India pushed its border claims too vigorously.

News reports at the time quoted Indian officials as saying that the cause was a Chinese-origin cyberattack on a nearby electricity load-management center. Authorities began a formal investigation, which is due to report in the coming weeks. Since then, Indian officials have gone silent about the Chinese code, whether it set off the Mumbai blackout and the evidence provided to them by Recorded Future that many elements of the nation’s electric grid were the target of a sophisticated Chinese hacking effort.

It is possible the Indians are still searching for the code. But acknowledging its insertion, one former Indian diplomat noted, could complicate the diplomacy in recent days between China’s foreign minister, Wang Yi, and his Indian counterpart, Subrahmanyam Jaishankar, in an effort to ease the border tensions.

https://www.recordedfuture.com/redecho-targeting-indian-power-sector/

Riaz Haq said...

#India Suspects #China May Be Behind Major #Mumbai Blackout. Officials are investigating whether #cyberattacks from China could have caused the #power outage, an assertion that China rejects. #Modi #Ladakh https://www.wsj.com/articles/india-suspects-china-may-be-behind-major-mumbai-blackout-11614615383

Indian officials are investigating whether cyberattacks from China could have been behind a blackout in Mumbai last year.

State officials in Maharashtra, of which Mumbai is the capital, said Monday that an initial investigation by its cyber department found evidence that China could have been behind a power outage that left millions without power in October.

It was the worst blackout in decades in India’s financial capital, stopping trains and prompting hospitals to switch to diesel powered generators. The megacity has long prided itself on being one of the few cities in India with uninterrupted power supply even as most of the country struggles with regular blackouts.

Anil Deshmukh, home minister of the state, said officials were investigating a possible connection between the blackout and a surge in cyberattacks on the servers of the state power utilities. He wouldn’t single out China, but said investigators had found evidence of more than a dozen Trojan horse attacks as well as suspicious data transfers into the servers of state power companies.

“There were attempts to login to our servers from foreign land,” said Mr. Deshmukh. “We will investigate further.”

Another state official said 8GB of unaccounted for data slipped into power company servers from China and four other countries between June and October. The official cited thousands of attempts by blacklisted IP addresses to access the servers.

State-sponsored hackers increasingly target critical infrastructure such as power grids instead of specific institutions, said Amit Dubey, a cybersecurity expert at Root64 Foundation, which conducts cybercrime investigations.

“Anything and everything is dependent on power,” Mr. Dubey said. Targeting power supply, he said, can “take down hundreds of plants or day-to-day services like trains.”

Mr. Dubey said many countries such as China, Russia and Iran are deploying state-sponsored hackers to target the power grids of other nations. Russian hackers succeeded in turning off the power in many parts of Ukraine’s capital a few years ago, he said, and have also attacked critical infrastructure in the U.S. in recent years.

India’s announcement came after U.S. cybersecurity firm Recorded Future on Sunday published a report outlining what it said were attacks from close to a China-linked group it identified as RedEcho. It cited a surge in attacks targeting India’s power infrastructure.

The report said the attacks could have been a reaction to the jump in border tension between the two countries. During a military skirmish in June, India said 20 Indian soldiers were killed and China said four Chinese soldiers were killed when soldiers fought with rocks, batons and clubs wrapped in barbed wire.

In response to the Recorded Future report, which was earlier reported by the New York Times, China said it doesn’t support cyberattacks.

“It is highly irresponsible to accuse a particular party when there is no sufficient evidence around,” Wang Wenbin, spokesman for China’s Ministry of Foreign Affairs said in a briefing Monday. “China is firmly opposed to such irresponsible and ill-intentioned practice.

Recorded Future said it couldn’t directly connect the attacks to the Mumbai blackout because it doesn’t have access to any hardware that might have been infected.

India’s Ministry of Power said it has dealt with the threats outlined in the Recorded Future report by strengthening its firewall, blocking IP addresses and using antivirus software to scan and clean its systems software.

Riaz Haq said...

IISS Report: #India has some #cyber-intelligence & offensive cyber capabilities but they are focused on #Pakistan. #Delhi is building new capability with the help of key international partners – including #US, #UK & #France. #Cyberwar https://indianexpress.com/article/india/focused-on-pakistan-rather-than-china-india-in-tier-3-as-cyberpower-report-7378610/ via @IndianExpr

Cyberpower, in the study, is measured on seven parameters: from strategy to cybersecurity. India’s reform in cyber governance has been slow. It should better harness its digital start-up ecosystem, says the study.

Greg Austin, who leads the IISS programme on Cyber, Space and Future Conflict and played a leading role in the preparation of the report, told The Indian Express Sunday: “India has some cyber-intelligence and offensive cyber capabilities but they are regionally focused, principally on Pakistan. It is currently aiming to compensate for its weaknesses by building new capability with the help of key international partners – including the US, the UK and France – and by looking to concerted international action to develop norms of restraint.”

The report said that India’s approach towards institutional reform of cyber governance has been “slow and incremental”, with key coordinating authorities for cyber security in the civil and military domains established only as late as 2018 and 2019 respectively.

These work closely with the main cyber-intelligence agency, the National Technical Research Organisation.

“India has a good regional cyber-intelligence reach but relies on partners, including the United States, for wider insight”, the report said.

It said that the strengths of the Indian digital economy include a vibrant start-up culture and a very large talent pool. “The private sector has moved more quickly than the government in promoting national cyber security.”

The country is active and visible in cyber diplomacy but has not been among the leaders on global norms, preferring instead to make productive practical arrangements with key states, the report said.

“India is a third-tier cyber power whose best chance of progressing to the second tier is by harnessing its great digital-industrial potential and adopting a whole-of-society approach to improving its cyber security,” the report said.

The report also assessed China’s cyber power as clearly inferior to that of the US, and substantially below the combined cyber power of the US network of alliances.

The countries covered in this report are US, United Kingdom, Canada and Australia (four of the Five Eyes intelligence allies); France and Israel (the two most cyber-capable partners of the Five Eyes states); Japan (also an ally of the Five Eyes states, but less capable in the security dimensions of cyberspace, despite its formidable economic power); China, Russia, Iran and North Korea (the principal states posing a cyber threat to Western interests); and India, Indonesia, Malaysia and Vietnam (four countries at earlier stages in their cyber-power development). It is an ongoing study, which will cover a total of 40 countries, including Germany, Singapore, Nigeria among others.

India has been put in the third tier meant for countries that have strengths or potential strengths in some of these categories but “significant weaknesses” in others. Also in this category are: Japan, Iran, Indonesia, Vietnam, Malaysia and North Korea.

In the second tier, with world-leading strengths in “some” categories are: Australia, Canada, China, France, Israel, Russia and the United Kingdom.

Riaz Haq said...

IISS: Cyber Capabilities and National Power: A Net Assessment

London-based THE INTERNATIONAL INSTITUTE FOR STRATEGIC STUDIES


https://www.iiss.org/blogs/research-paper/2021/06/cyber-capabilities-national-power

India has frequently been the victim of cyber attacks, including on its critical infrastructure, and has attributed a significant proportion of them to China or Pakistan. CERT-In reported, for example, that there were more than 394,499 incidents in 2019,44 and 2020 saw an upsurge in attacks from China.45 Of particular concern to the Indian government are cyber attacks by North Korea that use Chinese digital infrastructure.46 The vast major- ity of the cyber incidents flagged by CERT-In appear to have been attempts at espionage,47 but they could also have resulted in serious damage to the integrity of
Indian networks and platforms. In 2020, India had the second-highest incidence of ransomware attacks in the world48 and the government banned 117 Chinese mobile applications because of security concerns.49

---------
Public statements by Indian officials and other open- source material indicate that India has developed rela- tively advanced offensive cyber capabilities focused on Pakistan. It is now in the process of expanding these capabilities for wider effect.
India reportedly considered a cyber response against Pakistan in the aftermath of the November 2008 terror- ist attacks in Mumbai, with the NTRO apparently at the forefront of deliberations.67 A former national security advisor has since indicated publicly that India pos- sesses considerable capacity to conduct cyber-sabotage operations against Pakistan,68 which appears credible

--------------------
Overall, India’s focus on Pakistan will have given it useful operational experience and some viable regional offensive cyber capabilities. It will need to expand its cyber-intelligence reach to be able to deliver sophisti- cated offensive effect further afield, but its close collab- oration with international partners, especially the US, will help it in that regard.

----------------
Raj Chengappa and Sandeep Unnithan, ‘How to Punish Pakistan’, India Today, 22 September 2016, https://www. indiatoday.in/magazine/cover-story/story/20161003-uri- attack-narendra-modi-pakistan-terror-kashmir-nawaz-sharif- india-vajpayee-829603-2016-09-22.

Riaz Haq said...

Pakistan-linked hackers targeted Indian power company with ReverseRat

https://thehackernews.com/2021/06/pakistan-linked-hackers-targeted-indian.html

A threat actor with suspected ties to Pakistan has been striking government and energy organizations in the South and Central Asia regions to deploy a remote access trojan on compromised Windows systems, according to new research.

"Most of the organizations that exhibited signs of compromise were in India, and a small number were in Afghanistan," Lumen's Black Lotus Labs said in a Tuesday analysis. "The potentially compromised victims aligned with the government and power utility verticals."

Some of the victims include a foreign government organization, a power transmission organization, and a power generation and transmission organization. The covert operation is said to have begun at least in January 2021.

The intrusions are notable for a number of reasons, not least because in addition to its highly-targeted nature, the tactics, techniques, and procedures (TTPs) adopted by the adversary rely on repurposed open-source code and the use of compromised domains in the same country as the targeted entity to host their malicious files.

At the same time, the group has been careful to hide their activity by modifying the registry keys, granting them the ability to surreptitiously maintain persistence on the target device without attracting attention.

Explaining the multi-step infection chain, Lumen noted the campaign "resulted in the victim downloading two agents; one resided in-memory, while the second was side-loaded, granting threat actor persistence on the infected workstations."

The attack commences with a malicious link sent via phishing emails or messages that, when clicked, downloads a ZIP archive file containing a Microsoft shortcut file (.lnk) and a decoy PDF file from a compromised domain.

The shortcut file, besides displaying the benign document to the unsuspecting recipient, also takes care of stealthily fetching and running an HTA (HTML application) file from the same compromised website.

The lure documents largely describe events catering to India, disguising as a user manual for registering and booking an appointment for COVID-19 vaccine through the CoWIN online portal, while a few others masquerade as the Bombay Sappers, a regiment of the Corps of Engineers of the Indian Army.

Riaz Haq said...

India source:

Pakistan plans to set up international media channel funded by China to build narrative: Report (India Today) The leaked documents that Indian agencies have laid their hands on from Pakistan's security establishment show that Pakistan wants to collaborate with China to carry out an information war campaign globally, with Beijing providing finances and guidance.

https://thecyberwire.com/newsletters/daily-briefing/10/118


The leaked documents that Indian agencies have laid their hands on from Pakistan's security establishment show that Pakistan wants to collaborate with China to carry out an information war campaign globally, with Beijing providing finances and guidance.

The concept paper, reviewed by India Today, is titled ‘Building capacity to contest inimical narratives through counter on alternative narratives.’

The paper says the projects looks at truth and factual aspects with a view to quashing misperception.

Internal dynamics in Pakistan are favourable for open media but financial challenges are a hurdle, the paper says while justifying the need to team up with China.

“There is a need for a media house of the stature of Al Jazeera and RT to propel amenable narrative. A media house by Pakistan and funded by China will achieve the stipulated objectives,” the document states.


https://www.indiatoday.in/india/story/pakistan-china-international-media-channel-1816998-2021-06-19

Riaz Haq said...

Pegasus was used to hack mobiles of Pak officials

https://www.sundayguardianlive.com/news/pegasus-used-hack-mobiles-pak-officials

New Delhi: Mobile phones of around 30 Pakistani government servants, who include serving army generals, officials attached with the ISI and senior bureaucrats, were hacked into by using Pegasus spying software during April and May 2019.

Pegasus takes control of the infected phone by entering the system through WhatsApp.


While the Pakistan government has so far kept the matter under wraps, possibly to avoid panic and public embarrassment, it, however, issued a special secret advisory to heads of departments, a copy of which was also sent to the secretary of Prime Minister Imran Khan, asking them to replace all phones purchased before 10 May 2019 immediately and prohibiting the transfer of official documents by using WhatsApp.

The hacking of the mobile numbers of around 30 officials—the exact number is known only to the group/individual/organisation that hacked into the phones—has sparked a frenzy among government officials because of speculation that key documents and vital information might have landed in unintended hands and offices across borders.

Information and classified documents that are generally found in the mobile phones of top government officials, are regarded as invaluable by both foreign government agencies and private operators as they give valuable insights into otherwise closely guarded policies and plans.

The Sunday Guardian reached out to the NSO Group, the Israel-based company that owns Pegasus, with a detailed questionnaire regarding the recent development. In a statement, the NSO Group said: “To protect the ongoing public safety missions of its agency customers and given significant legal and contractual constraints, NSO Group is not able to disclose who is or is not a client or discuss specific uses of its technology, as explained in its Transparency Statement of Principles. However, the company’s products are licensed only to government intelligence and law enforcement agencies for the sole purpose of preventing and investigating terror and serious crime. NSO’s technology is only licensed after a thorough vetting process that goes well beyond the legal requirements that we follow. All potential customers must meet strict export authority regulations before any sale, in addition to NSO’s internal vetting process that includes a focus on human rights. NSO’s governance framework aligns us with the UN Guiding Principles on Business and Human Rights and sets the highest standards in the cyber intelligence industry, embedding human rights due diligence into everything we do.”

This newspaper also shared its questions with the Pakistan high commission in New Delhi, and Pakistan’s Ministry of Information Technology & Telecom for response. However, no response was shared until the time the story went to press.

The NSO group gained some kind of notoriety after it emerged that Pegasus had infected at least 1,400 numbers across the world through WhatsApp. Facebook, the owner of WhatsApp, has already filed a suit against NSO in US courts for illegally breaking into WhatsApp.

Despite the controversy it has attracted in recent times, “Q Cyber Technologies”, the parent company of NSO, continues to remain active in the world of cyber espionage. It was one of the main sponsors of “ISS World Asia”—touted as the world’s largest gathering of law enforcement agencies, intelligence analysts, electronic surveillance and intelligence gathering—which was held in Kuala Lumpur, Malaysia in the first week of December.

In the said event, “Q Cyber Technologies” had defined itself as a company that equipped select intelligence agencies, militaries and law enforcement organisations around the world with the strategic, tactical and analytical technology capabilities required to ensure the success of their operations in fighting crime and terrorism.

Riaz Haq said...

India’s Gandhi and Pakistan’s Khan tapped as targets in Israeli NSO spyware scandal - Tech News - Haaretz.com


https://www.haaretz.com/israel-news/tech-news/.premium-india-s-gandhi-and-pakistan-s-khan-tapped-as-israeli-nso-spyware-targets-1.10012729

Prominent Indian politician Rahul Gandhi and Pakistani Prime Minister Imran Khan were selected as potential targets of the Israeli-made Pegasus spyware program by clients of the NSO Group cyberespionage firm, a global investigation can reveal Monday.

Additional potential targets included Pakistani officials, including a number once associated with Pakistani leader Khan. They also included Kashmiri separatists, leading Tibetan religious figures and even an Indian supreme court judge. Khan did not respond to a request for comment from the Washington Post.

Gandhi, who said he changes phones every few months to avoid being hacked, said in response: “Targeted surveillance of the type you describe, whether in regard to me, other leaders of the opposition or indeed any law-abiding citizen of India, is illegal and deplorable.

According to an analysis of the Pegasus Project records, more than 180 journalists were selected in 21 countries by at least 12 NSO clients. The potential targets and clients hail from Bahrain, Morocco, Saudi Arabia, India, Mexico, Hungary, Azerbaijan, Togo and Rwanda.

----------

India is Israel’s biggest arms market, buying around $1 billion worth of weapons every year, according to Reuters. The two countries have grown closer since Modi became Indian prime minister in 2014, widening commercial cooperation beyond their longstanding defense ties. Modi became the first sitting Indian leader to visit Israel in July 2017, while former Prime Minister Benjamin Netanyahu held a state visit to India at the start of 2018

Riaz Haq said...

#Disinformation Industry is Booming. Abhay Aggarwal, head of #Toronto-based CEO of #disinfo company "Press Monitor", says that his company’s services are used by the #Indian government. Disinfo campaigns have recently been found promoting #BJP #Modi https://www.nytimes.com/2021/07/25/world/europe/disinformation-social-media.html

Private firms, straddling traditional marketing and the shadow world of geopolitical influence operations, are selling services once conducted principally by intelligence agencies.

They sow discord, meddle in elections, seed false narratives and push viral conspiracies, mostly on social media. And they offer clients something precious: deniability.

“Disinfo-for-hire actors being employed by government or government-adjacent actors is growing and serious,” said Graham Brookie, director of the Atlantic Council’s Digital Forensic Research Lab, calling it “a boom industry.”

Similar campaigns have been recently found promoting India’s ruling party, Egyptian foreign policy aims and political figures in Bolivia and Venezuela.

Mr. Brookie’s organization tracked one operating amid a mayoral race in Serra, a small city in Brazil. An ideologically promiscuous Ukrainian firm boosted several competing political parties.

In India, dozens of government-run Twitter accounts have shared posts from India Vs Disinformation, a website and set of social media feeds that purport to fact-check news stories on India.

India Vs Disinformation is, in reality, the product of a Canadian communications firm called Press Monitor.

Nearly all the posts seek to discredit or muddy reports unfavorable to Prime Minister Narendra Modi’s government, including on the country’s severe Covid-19 toll. An associated site promotes pro-Modi narratives under the guise of news articles.

A Digital Forensic Research Lab report investigating the network called it “an important case study” in the rise of “disinformation campaigns in democracies.”

A representative of Press Monitor, who would identify himself only as Abhay, called the report completely false.

He specified only that it incorrectly identified his firm as Canada-based. Asked why the company lists a Toronto address, a Canadian tax registration and identifies as “part of Toronto’s thriving tech ecosystem,” or why he had been reached on a Toronto phone number, he said that he had business in many countries. He did not respond to an email asking for clarification.

A LinkedIn profile for Abhay Aggarwal identifies him as the Toronto-based chief executive of Press Monitor and says that the company’s services are used by the Indian government.
A set of pro-Beijing operations hint at the field’s capacity for rapid evolution.

Since 2019, Graphika, a digital research firm, has tracked a network it nicknamed “Spamouflage” for its early reliance on spamming social platforms with content echoing Beijing’s line on geopolitical issues. Most posts received little or no engagement.

In recent months, however, the network has developed hundreds of accounts with elaborate personas. Each has its own profile and posting history that can seem authentic. They appeared to come from many different countries and walks of life.

Graphika traced the accounts back to a Bangladeshi content farm that created them in bulk and probably sold them to a third party.

The network pushes strident criticism of Hong Kong democracy activists and American foreign policy. By coordinating without seeming to, it created an appearance of organic shifts in public opinion — and often won attention.

The accounts were amplified by a major media network in Panama, prominent politicians in Pakistan and Chile, Chinese-language YouTube pages, the left-wing British commentator George Galloway and a number of Chinese diplomatic accounts.

A separate pro-Beijing network, uncovered by a Taiwanese investigative outlet called The Reporter, operated hundreds of Chinese-language websites and social media accounts.


Riaz Haq said...

Real or Fake, We Can Make Any Message Go Viral: Amit Shah to BJP Social Media Volunteers
"We can keep making messages go viral, whether they are real or fake, sweet or sour," the BJP president boasted.


https://thewire.in/politics/amit-shah-bjp-fake-social-media-messages

“In the elections that took place in Uttar Pradesh a year ago, BJP’s social media workers made two big WhatsApp groups. One had 15 lakhmembers, the other 17 lakh. This means a total of 31 lakh. And every day at 8 am they would send ‘Know the Truth’. In which the truth about all the false stories printed in the newspapers about the BJP was given via WhatsApp, and it would go viral. And whichever paper had carried these stories, ordinary people, and social media, would get after them, that why have you printed lies, you should print the truth. And by doing this, slowly, the media became neutral.

“But we had a volunteer who was smart. As I said, messages go from bottom to top and and top to bottom. He put a message in the group – that Akhilesh Yadav had slapped Mulayam Singh. No such thing had happened. Mulayam and Akhilesh were 600 km apart. But he put this message. And the social media team spread it. It spread everywhere. By 10 that day my phone started ringing, bhaisahab, did you know Akhilesh slapped Mulayam…. So the message went viral. One should not do such things. But in a way he created a certain mahaul (perception). This is something worth doing but don’t do it! (Crowd laughs) Do you understand what I am saying?This is something worth doing but don’t do it! We can do good things too. We are capable of delivering any message we want to the public, whether sweet or sour, true of fake. We can do this work only because we have 32 lakh people in our WhatsApp groups. That is how we were able to make this viral.”

Riaz Haq said...

Abhay Aggarwal 3rd degree connection3rd
Media Monitoring, Public Relations, Digital Marketing, Content, Infographics, Video, Web and Mobile Apps Development
Toronto, Ontario, Canada Contact info

Press Monitor

https://www.linkedin.com/in/abhay-aggarwal/?originalSubdomain=ca


Press Monitor is India's leading media monitoring service.

Press Monitor services are used by President of India, Prime Minister of India, all the ministries of the Indian government, all Indian embassies worldwide, statutory bodies, regulatory bodies, public sector undertakings, multinational companies and Indian enterprises.

---------


Abhay Aggarwal
Media Monitoring, Public Relations, Digital Marketing, Content, Infographics, Video, Web and Mobile Apps Development

More

Message

Abhay Aggarwal
Abhay Aggarwal 3rd degree connection3rd
Media Monitoring, Public Relations, Digital Marketing, Content, Infographics, Video, Web and Mobile Apps Development
Toronto, Ontario, Canada Contact info

Press Monitor
500+ connections

Message

More
About
Nearly 24 years experience in dealing with senior executives and business leaders. Two decades experience involving application of mind and discretion.

Strong understanding of business issues at national and international level. Daily interaction with news over 24 years.

Ability to lead complex projects from concept to fully operational status. Have handled projects in the UK, India and working closely with the government of Seychelles.

Goal-oriented individual with strong leadership capabilities. Managing team of 60 people with very little staff turnover. Many employees have stayed for more than 10 years.

Ability to do business in an international environment cutting across geographies, ethnic backgrounds, and languages.

Specialties: Business representation in the UK, News Aggregation Services, Web-based application development

-------------


Abhay Aggarwal
Media Monitoring, Public Relations, Digital Marketing, Content, Infographics, Video, Web and Mobile Apps Development

More

Message

Abhay Aggarwal
Abhay Aggarwal 3rd degree connection3rd
Media Monitoring, Public Relations, Digital Marketing, Content, Infographics, Video, Web and Mobile Apps Development
Toronto, Ontario, Canada Contact info

Press Monitor
500+ connections

--
Nearly 24 years experience in dealing with senior executives and business leaders. Two decades experience involving application of mind and discretion.

Strong understanding of business issues at national and international level. Daily interaction with news over 24 years.

Ability to lead complex projects from concept to fully operational status. Have handled projects in the UK, India and working closely with the government of Seychelles.

Goal-oriented individual with strong leadership capabilities. Managing team of 60 people with very little staff turnover. Many employees have stayed for more than 10 years.

Ability to do business in an international environment cutting across geographies, ethnic backgrounds, and languages.

Specialties: Business representation in the UK, News Aggregation Services, Web-based application development