Indians hacking into Pakistani computers with promises of defense secrets

[Roybot]

While the Syrian Electronic Army gets all the publicity and the US-China hacking campaigns are now well known, India and Pakistan quietly have their own thing going on. According to two anti-virus firms, ESET and Symantec, Pakistani government agencies have been targeted by spear-phishing attacks—fraudulent emails that trick people into giving up sensitive information—from India for at least two and as long as four years.

Targets receive an email with attached Microsoft Word or pdf documents, with names like pakistandefencetoindiantopmiltrysecreat.pdf (Pakistan defense to Indian top military secret) and pakterrisiomforindian.pdf (Pak terrorism for Indian). The contents of the documents supposedly outline ”India’s ambitious defense policy” and its plans to “fight China and Pakistan at the same time.” Despite the far-fetched nature of the latter scenario, enough people opened the files,which contained malicious code that installed itself on their machines. More baffling yet, they were impressed enough to forward the files on to other hapless victims.

Once installed, the malware can, among other things, log the user’s keystrokes (and thus record messages or passwords), take screenshots of the infected computer’s screen, copy itself to memory sticks, and connect to a remote server from which the computer can be controlled or have more information sucked out of it. But it isn’t a particularly sophisticated attack. According to ESET, the attackers used publicly available tools, allowed the code to add an item to the computer’s system menu (meaning that an alert user would notice something suspicious) and didn’t bother encrypting communications to their server. ESET speculates that the reason for the clumsy approach may be that nothing fancier was needed.

Pakistan is not the only country attacked, though it is host to 80% of ESET’s detections. Among others countries affected are the US, Brazil, Russia and India itself. Although it is hard to prove the attacks originated in India, ESET pointed to timestamps found by its researchers that matched Indian working hours. More incriminatingly, some of the variables within the code were named after Indianisms. One was called “ramukaka”—Ramu is a nickname and kaka means uncle. Another was “malibaba”: Mali is a surname and also a common noun for gardener, while baba is a suffix generally used to address baby boys.

Indians are hacking into Pakistani computers with promises of defense secrets – Quartz

 

[Cherokee]

Hacking such things is good but leaving your signatures is not so good. Use of Ms word exploits in Advanced Persistent Threats ( APt's)is pretty common . And this type of hacking is called spear phishing .

Also this is no where near the level of Stuxnet or Flame or Duqu . They are light years ahead .

 

[474474]

Lol what outdted version of Word they use? Word has a protected view expecially for files form the interwebz
And since pdfs open in chrome any Adobe Reader vulnerability goes out the window.

I was expecting some professional Anon or Lulzsec level stuff, these are just noobs taking advantage of other formats like pdf and word. This is cheap. Even a 15 year old with some common sense won't get hacked this easy.

 

[SQ8]

Fortunately .. most of the sensitive computers aren't connected to the internet.. no emails .. nothing. To use a usb to transport from one computer to the other.. even if its a jpeg.. you go around.. fill a form.. have it cleared by a higher up..takes 30 minutes.. then they issue you a usb from within the house. Then a person accompanies you to the computer from where you copy the file and then take it to the other computer. You sign on a form he carries... then the usb is erased with a format.

Try getting past that paranoia.

 

[Kyusuibu Honbu]

Fortunately .. most of the sensitive computers aren't connected to the internet.. no emails .. nothing. To use a usb to transport from one computer to the other.. even if its a jpeg.. you go around.. fill a form.. have it cleared by a higher up..takes 30 minutes.. then they issue you a usb from within the house. Then a person accompanies you to the computer from where you copy the file and then take it to the other computer. You sign on a form he carries... then the usb is erased with a format.

Try getting past that paranoia.

What about Tempest attack countermeasures?

 

[SQ8]

What about Tempest attack countermeasures?

Not as such implemented for PCs in use at such places.. but then it doesnt matter since the first PC you get to is some 300 yards inside a plethora of thick concrete,steel, jammers and so on and so forth.

It has been catered for in certain field electronics that are now under deployment since the USAF EC-130's are supposedly capable of Tempest Attacks and have apparently been used in the role against Pakistan during the times our "Alliance" was not soo good in the WoT.

 

[Argus Panoptes]

Fortunately .. most of the sensitive computers aren't connected to the internet.. no emails .. nothing. To use a usb to transport from one computer to the other.. even if its a jpeg.. you go around.. fill a form.. have it cleared by a higher up..takes 30 minutes.. then they issue you a usb from within the house. Then a person accompanies you to the computer from where you copy the file and then take it to the other computer. You sign on a form he carries... then the usb is erased with a format.

Try getting past that paranoia.

That is a good procedure, but we should always remember that Stuxnet was uploaded via a USB stick despite similar security.

 

[surya kiran]

Fortunately .. most of the sensitive computers aren't connected to the internet.. no emails .. nothing. To use a usb to transport from one computer to the other.. even if its a jpeg.. you go around.. fill a form.. have it cleared by a higher up..takes 30 minutes.. then they issue you a usb from within the house. Then a person accompanies you to the computer from where you copy the file and then take it to the other computer. You sign on a form he carries... then the usb is erased with a format.

Try getting past that paranoia.

You also have techniques involve sniffing networks (at various levels), rather than targeting a computer. Also, with increasing use of checking emails on mobile phones, that is an added security risk.

I believe, HUMINT is the best form of attack. Bribe the sweeper to fix a interrupt or com port tracker at the back of the computer. You will be astonished at the success rate of such an attack. Nobody checks the backs of their computers. Remove the device after the data is captured and move. Then of course you have passive monitoring where you can simply sniff at a network.

 

[SQ8]

That is a good procedure, but we should always remember that Stuxnet was uploaded via a USB stick despite similar security.

Nobody has similar security.. the levels of paranoia that exist in the Pakistani establishment would put someone suffering from severe paranoid schizophrenia to shame. Here it is on a collective level all the way from top to bottom.
Interestingly though.. there are those computers that are connected to the internet in these offices but they have no interaction with those locked out. Yet somehow there was a recently case of installation requirement for hotspot blocker by some of the carnels and mayers for god knows why

The latest techniques involve sniffing networks, rather than targeting a computer. Also, with increasing use of checking emails on mobile phones, that is an added security risk.

I believe, HUMINT is the best form of attack. Bribe the sweeper to fix a interrupt or com port tracker at the back of the computer. You will be astonished at the success rate of such an attack. Nobody checks the backs of their computers. Remove the device after the data is captured and move. Then of course you have passive monitoring where you can simply sniff at a network.

Quite unlikely, since the sweeper goes through a security check along with his family who is checked by a big muscular guy in a white car with fake plates. You can bribe him all you want, but if he is scared witless there is little that can be done.

 

[surya kiran]

Quite unlikely, since the sweeper goes through a security check along with his family who is checked by a big muscular guy in a white car with fake plates. You can bribe him all you want, but if he is scared witless there is little that can be done.

That was just a suggestion towards usage of HUMINT. nothing to do with sweepers per se

 

[Sugarcane]

Pakistan should pass law for cyber attacks and should declare them an act of war

 

[Argus Panoptes]

Nobody has similar security.. the levels of paranoia that exist in the Pakistani establishment would put someone suffering from severe paranoid schizophrenia to shame. Here it is on a collective level all the way from top to bottom.
Interestingly though.. there are those computers that are connected to the internet in these offices but they have no interaction with those locked out. Yet somehow there was a recently case of installation requirement for hotspot blocker by some of the carnels and mayers for god knows why




Quite unlikely, since the sweeper goes through a security check along with his family who is checked by a big muscular guy in a white car with fake plates. You can bribe him all you want, but if he is scared witless there is little that can be done.

Are you claiming our computer security to be foolproof, Sir? I would respectfully disagree.

 

[SQ8]

Are you claiming our computer security to be foolproof, Sir? I would respectfully disagree.

Not foolproof.. just very difficult through traditional approaches. @surya kiran is actually closer to the idea of HUMINT but he is thinking too low. The way to get into such places is top down, get the top middle manager through his son studying at Boston or NY or offer him a cool £250000-500000 or so. He will vet the guy, bring someone in.. and end up getting info out.

We arent all behind in cybersec as it would seem. The ISI regularly recruits out of NUST ,FAST and other universities..
it now regularly identifies people it knows to have hacking as a hobby. You get a Suzuki Mehran at your university, with guys in white shalwar kameez.. and you go for a ride. If you are in.. then you are in and nobody knows.

What we are still limited on is protecting against HUMINT.. after.. the Pakistan Army Party is still controlled by its leadership and they rely on relations and can be compromised.

Interestingly such HUMINT is still the most effective way to get intel in the sub-continent.
We are .. inherently as "Indians".. much more susceptible than others to the idea of quick money and an easy life.

 

[SQ8]

Moreover, the computers with sensitive information have no available USB or Ethernet/telephone ports. SURPRISE!!!

They have USB and a CD drive. But yes in many cases the networking capability is disabled though hardware.

 

[surya kiran]

Not foolproof.. just very difficult through traditional approaches. @surya kiran is actually closer to the idea of HUMINT but he is thinking too low. The way to get into such places is top down, get the top middle manager through his son studying at Boston or NY or offer him a cool £250000-500000 or so. He will vet the guy, bring someone in.. and end up getting info out.

We arent all behind in cybersec as it would seem. The ISI regularly recruits out of NUST ,FAST and other universities..
it now regularly identifies people it knows to have hacking as a hobby. You get a Suzuki Mehran at your university, with guys in white shalwar kameez.. and you go for a ride. If you are in.. then you are in and nobody knows.

What we are still limited on is protecting against HUMINT.. after.. the Pakistan Army Party is still controlled by its leadership and they rely on relations and can be compromised.

Interestingly such HUMINT is still the most effective way to get intel in the sub-continent.
We are .. inherently as "Indians".. much more susceptible than others to the idea of quick money and an easy life.

Yup, lot of times the best way to get data out is HUMINT. Something a lot of chaps forget in this world of hi-tech.