August 13, 2013

More non-state based cyber-warfare between Indians and Pakistanis

The Oslo (Norway) based Norman Security group reported cyber-warfare between non-state Indian entities dubbed HangOver against Pakistani users in this report .

Pakistani users included the Pakistani subsidiary of Norwegian telco Telenor - see

The usual ambiguity over "who done it" but the likelihood that state based attackers would be more difficult to detect applies.

This Norman report was carried (minus graphics, computer code and other technical detail) in the South Asian media including the following report in the Indian Express, May 21, 2013 :

'Sophisticated' Indian cyberattacks targeted Pak military sites: Report

Manu Pubby : New Delhi, Tue May 21 2013

"Cyber analysts in Norway have claimed that hackers based in India have been targeting government and military agencies in Pakistan for the last three years, extracting information of national security interest to India.

The "sophisticated" attacks originated from an extensive, "non-state" cyberattack infrastructure, and used decoy links, including those that referred to this year's beheading incident on the Line of Control and rebel movements in the Northeast, as bait, according to a report released Monday by the Oslo-based Norman Shark group.

The alleged cyberattack network — referred to as "Operation HangOver" in the report — was apparently unearthed as cyber analysts investigated an industrial espionage attack on the Norwegian telecom firm Telenor.

The report has not identified the Pakistani agencies that were targeted, but has hinted that these included several sensitive military targets that would be of interest to India. The primary goal of the network seems to have been "surveillance against national security interests", says the report.

The report says there is no evidence of "state sponsorship" for Operation Hangover. But it names several private Indian hacker groups, including those based in New Delhi, as being behind the attack.

The hackers allegedly exploited vulnerabilities in software to plant Trojans in computers across the world, primarily in Pakistan, that then extracted information and sent it back over the Internet.

There are no details yet on how much data might have been leaked, but the report claims that the network became active in 2010, peaked last year, and continues to be active currently.

"Based on analysis of IP addresses collected from criminal data stores discovered during the investigation, it appears that potential victims have been targeted in over a dozen countries, most heavily represented by Pakistan, Iran, and the United States. Targets include government, military and civilian organisations," the report says.

The Trojans planted by the network were inadvertently downloaded by users who viewed files or photographs pertaining to Indian military and rebel movements. A Pakistan government site was infected, for example, after a picture of soldiers praying near the Siachen glacier was downloaded, says the report.

Another link that was allegedly used for infection was an article and satellite image of the Mendhar area on the Line of Control that saw heightened tension this year after the beheading of an Indian soldier by Pakistani army regulars.

Other baits were related to rebel movements in Punjab and Nagaland.

"The attackers went to great length to make the social engineering aspects of the attack appear as credible and applicable as possible," the report says."

No comments: