Cyber Attack From Inside India Hits Pakistan Government

← Back to Stories (view on slashdot.org)

Cyber Attack From Inside India Hits Pakistan Government

Posted by samzenpus on Monday May 20, 2013 @05:14AM from the lets-get-ready-to-rumble dept.

judgecorp writes "Government institutions are among the targets of an attack on Pakistani bodies, which originates in India, according to reports. The campaign is using vulnerabilities in Microsoft software to install the HangOver malware, according to Norwegian security firm Norman Shark (PDF). From the article: 'In the attacks on Pakistani organizations, spear phishing emails were sent out purporting to contain information on "ongoing conflicts in the region, regional culture and religious matters," according to Norman. Norman could not provide direct attribution to the attacks, but its report did note the following: "The continued targeting of Pakistani interests and origins suggested that the attacker was of Indian origin." Snorre Fagerland, principal security researcher in the Malware Detection Team at Norman, told TechWeekEurope it appeared Pakistani government bodies had been attacked.'"

42 comments

Min score:

Reason:

Sort:

If some government were doing that... by icebike · 2013-05-20 05:23 · Score: 4, Insightful

If India were actually behind this, why would it appear to come from India?
If someone else were doing this, wouldn't India be the obvious choice for your final leg?

--
Sig Battery depleted. Reverting to safe mode.
1. Re:If some government were doing that... by interkin3tic · 2013-05-20 05:38 · Score: 4, Insightful
  
  If India were actually behind this, why would it appear to come from India?
  Perhaps because the Pakistanis would blame India even if the government knew it was from someone else, so why bother. TFA also makes it sound like there's no smoking gun implicating the Indian government, so saying "These attacks came from within India!" is probably not enough to bring much international heat on India (or shouldn't anyway, the UN has shown once or twice it doesn't understand how the internet works, or at least that it doesn't care.) TFA also mentions that it's possible someone is trying to make it LOOK like an Indian security firm, while it may not actually be.
  
  Lastly, and perhaps most simply, it could be incompetence.
2. Re:If some government were doing that... by slashmydots · 2013-05-20 05:39 · Score: 3, Insightful
  
  Actually, no IPs were from india it seems to indicate. They said it's against Pakistin, thus it's from India, end of evidence. Talk about idiotic non-journalistic bullshit.
3. Re:If some government were doing that... by Anonymous Coward · 2013-05-20 05:45 · Score: 1
  
  India doesn't care if Pakistan knows it's them. Those two hate each other with a passion. Anything to disrupt the elections.
  BTW, when I read "attack on Pakistani bodies" I thought it was just more rapes in India, this time committed against Pakistani women.
4. Re:If some government were doing that... by Sarten-X · 2013-05-20 06:02 · Score: 2
  
  If someone else were doing this, wouldn't India be the obvious choice for your final leg?
  It would be the obvious choice, but it'd be the wrong one. It would be questioned, as you have, possibly spurring a deeper investigation that reveals India was a scapegoat. If I were doing it, my final leg would be somewhere like China, who would be most likely to assist in an investigation, that reveals my next-to-last leg in the United States, starting an international political mess. Only when the madness of diplomacy settles down will they work back to the drone in India, which by that time has been thoroughly damaged so as to hide any evidence of the attack. Pakistan blames India, while China and the US are both annoyed at having to roll out their diplomatic weaponry.
  
  --
  You do not have a moral or legal right to do absolutely anything you want.
5. Re:If some government were doing that... by bragr · 2013-05-20 06:14 · Score: 3, Insightful
  
  It's just as likely some independent hacker who figures that it is easier to get away with hacking the "enemy". Smart russian hackers don't hack russians, smart american hackers don't hack western targets, smart chinese hackers don't hack chinese targets. Pretty good chance that this is just the same from an Indian perspective.
6. Re:If some government were doing that... by icebike · 2013-05-20 06:15 · Score: 1
  
  It would be the obvious choice, but it'd be the wrong one. It would be questioned, as you have,
  Well, apparently it wasn't questioned by the Tech Week Europe, who published the story, or the security researchers who developed it.
  
  --
  Sig Battery depleted. Reverting to safe mode.
7. Re:If some government were doing that... by Zontar_Thing_From_Ve · 2013-05-20 06:21 · Score: 1
  
  If India were actually behind this, why would it appear to come from India?
  Because they're not really as good at IT as the people who use them as cheap labor realize.
8. Re:If some government were doing that... by Anonymous Coward · 2013-05-20 06:37 · Score: 0
  
  If India were actually behind this, why would it appear to come from India?
  Perhaps because the Pakistanis would blame India even if the government knew it was from someone else, so why bother. TFA also makes it sound like there's no smoking gun implicating the Indian government, so saying "These attacks came from within India!" is probably not enough to bring much international heat on India (or shouldn't anyway, the UN has shown once or twice it doesn't understand how the internet works, or at least that it doesn't care.) TFA also mentions that it's possible someone is trying to make it LOOK like an Indian security firm, while it may not actually be.Lastly, and perhaps most simply, it could be incompetence.
  I have the impression that the lack of smoking gun is due to lawyers taking over the final edit of the report. There are rumors of a much more specific smoking gun version of the report circulating.
9. Re:If some government were doing that... by Anonymous Coward · 2013-05-20 06:54 · Score: 0
  
  Actually, no IPs were from india it seems to indicate. They said it's against Pakistin, thus it's from India, end of evidence. Talk about idiotic non-journalistic bullshit.
  Go behind what the journalist report. The actual report lists a number of evidence pointing to India, and the (front?) Appin Security Group.
10. Re:If some government were doing that... by noh8rz10 · 2013-05-20 07:24 · Score: 2
  
  my intuition is that pakistani hard liners did this in order to influence the election and take voters away from the moderates.
11. Re:If some government were doing that... by Anonymous Coward · 2013-05-20 08:00 · Score: 0
  
  As an Indian, my first reaction was of denial. After reading the report, however, everything seemed so familiar. The numerous trails given away in the report is hardly like the slick Stuxnet worm. It does look like the handiwork of a bungling government servant like Kapil Sibal
  If this is really the state of Indian intelligence, then Pakistan or any other country does not have to worry. These "hackers" have given out more information than they could probably have gathered.
12. Re:If some government were doing that... by Anonymous Coward · 2013-05-20 08:51 · Score: 0
  
  or that there are enough pakistanis that hate the current govt and its ineptness at anything that other then the hurrdurr politicking they expect no reprisels.
13. Re:If some government were doing that... by Tehrasha · 2013-05-20 18:37 · Score: 1
  
  The attack was in the form of a mass spamming of SEO related products, and download links for recently aired TV episodes.
  Source is obvious.
14. Re:If some government were doing that... by xelah · 2013-05-20 23:53 · Score: 1
  
  Wouldn't it make more sense to avoid it looking like India even though Pakistan will blame India, thus making Pakistan's government/army look even more like a bunch of paranoid loons who'd compromise their own politics and security for the sake of being militant over India? Pakistan seem to prefer risking losing territory to the Taliban (by prioritizing India) and doing deals with militants who wish them harm to bait India, rather than actually trying to stabilize their own country. I think it makes no sense for India to encourage an unstable Pakistan (and it's certainly illegitimate), but it's hardly difficult....
Snorre Fagerland by Anonymous Coward · 2013-05-20 05:24 · Score: 1

Next time I get a new cat I am going to call it "Snorre Fagerland." I need to figure out which Monty Python routine included that name now.
Oh, and.... um... now for the gratuitous MS bashing: Microsoft security is bad bad bad! (Social engineering for the win, though.)
proof by Anonymous Coward · 2013-05-20 05:26 · Score: 0

The only "proof" of that it originated from India is... still searching and can't find anything in the article.
1. Re:proof by icebike · 2013-05-20 05:33 · Score: 2
  
  The only "proof" of that it originated from India is... still searching and can't find anything in the article.
  Probably the last-hop IP in the spear phishing mail headers.
  That is the only IP address you can (somewhat) trust, because it is inserted by your own mail server.
  Is it proof?, certainly not.
  
  --
  Sig Battery depleted. Reverting to safe mode.
2. Re:proof by Anonymous Coward · 2013-05-20 06:43 · Score: 0
  
  The only "proof" of that it originated from India is... still searching and can't find anything in the article.
  Don't look in the article, look in the actual report, and keep in mind that there has been obvious lawyer-editing (the disclaimers are screaming that)
sensationalist much? by Cenan · 2013-05-20 05:30 · Score: 4, Informative

From the first article:

Norman could not provide direct attribution to the attacks, but its report did note the following: “The continued targeting of Pakistani interests and origins suggested that the attacker was of Indian origin.”
From the PDF:

None of the information contained in the following report is intended to implicate any individual or entity, or suggest inappropriate activity by any individual or entity mentioned.
Prominently displayed centered on the very first page of the report after the cover.

--
... whatever ...
1. Re:sensationalist much? by icebike · 2013-05-20 05:35 · Score: 1
  
  I'm guessing that is just Standard Ass-Covering Boilerplate(tm) to avoid Norwegian anti defamation laws.
  
  --
  Sig Battery depleted. Reverting to safe mode.
2. Re:sensationalist much? by Cenan · 2013-05-20 08:05 · Score: 1
  
  Yeah I got that - although if they have to cover their asses, maybe they shouldn't be running at full speed with those claims :)
  
  --
  ... whatever ...
Yawn by Anonymous Coward · 2013-05-20 05:35 · Score: 0

And not a single fuck was given that day...
So why can't we just take the leash off india and pull out of the area? Let the problem sort itself out without us.
Re:Can slashdot add? by HornWumpus · 2013-05-20 05:42 · Score: 1

mySQL is a fine database and anybody who complains about it is just a hater. /sarc

--
John McAfee 'It was like that time I hired that Bangkok prostitute; to do my taxes, while I fucked my accountant'
They both have nuclear weapons, India ICBMs by Anonymous Coward · 2013-05-20 05:47 · Score: 0

They are still bitter enemies due to the Kashmir dispute. Even if India is not really at fault, the Pakistanis surely will think they are. Perhaps the Pakistanis will consider it an act of war.
1. Re:They both have nuclear weapons, India ICBMs by Runaway1956 · 2013-05-20 06:28 · Score: 1
  
  Or, maybe the Paks want to provoke a war?
  http://www.aninews.in/newsdetail2/story112519/growing-intolerance-in-pak-occupied-kashmir.html
  There's a lot going on, and I'm nowhere close to pulling it all together. Gotta keep in mind that the Taliban runs half of the country, but instead of Pakistan fighting the Taliban, they're instigating confrontations with India. Strange . . .
  
  --
  "Windows is like the faint smell of piss in a subway: it's there, and there's nothing you can do about it." - Charlie Br
More than meets the eye by benjfowler · 2013-05-20 05:55 · Score: 2

Maybe Pakistan are just bunging on an act as a pretext to attack non-Muslims again?
Or maybe they're telling the truth for once, but it's the Chinese hacking their fair-weather friend? The Chinese have the market cornered on immorality in general, and criminal hacking in particular, so it wouldn't surprise me.
1. Re:More than meets the eye by Anonymous Coward · 2013-05-20 06:40 · Score: 0
  
  Maybe Pakistan are just bunging on an act as a pretext to attack non-Muslims again?
  Or maybe they're telling the truth for once, but it's the Chinese hacking their fair-weather friend? The Chinese have the market cornered on immorality in general, and criminal hacking in particular, so it wouldn't surprise me.
  Immorality? While consensual immorality can be damn annoying non-consensual immorality is at worst a case for the police and justice system while islam is damn close to a valid textbook case of a situation which justifies genocide as a response.
  Who knows maybe the Chinese government are the only ones who will have the fortitude to go through with that? Maybe it has already started in Saudi Arabia? Best of luck to whoever achieves it.
  To any muslims who reads this: convert away from islam to anything or nothing and distance yourself from the filth that is islam because while you yourself might perhaps not be a shitty terrorist, a criminal, an abuser, and/or a liar the chances of your offspring ending up that way is damn high no matter how nice a life they're given: all it takes is for them to actually learn your religion and decide to live it. For each daily explosion, attack, planned attack, rape, robbery, arson, murder or any other of the sick things you do every god-damned day in every country that has welcomed you there are thousands more people on all continents of the globe who increasingly wish you all simply never existed in the first place and who stop thinking of any of you as remotely human no matter how nice you might try to appear on the surface.
i see by Anonymous Coward · 2013-05-20 06:06 · Score: 0

So THAT'S what they've been doing with all those jobs they stole!!!
No, lawyers.. by Anonymous Coward · 2013-05-20 06:26 · Score: 0

.. this is just post-production lawyer speak.
The only thing that unites Pakistan is ... by 140Mandak262Jamuna · 2013-05-20 06:37 · Score: 5, Informative

The only thing that unites Pakistan is the hostility towards India. Basically the country is fragmented into many factions. The state of Balochistan has secessionist rumblings. The political and economic power is with the Punjabi Sunnis. But other muslims like Shia, Ahmadia, Sufis etc feel discriminated and exploited. The descendent of Indian muslims who moved to Pakistan at the time of partition are called pejoratively "mohajirs". The armed forces of Pakistan use eminent domain to allocate itself prime pieces of real estate and other things. Then it sells these properties to "officers' associations". Most of the economy is in the grip of the armed forces. Pakistan never had real control over Northwest Frontier Province. The islamic terrorists groomed by the army to be used in a proxy war with India are difficult to control, and they often turn against the local state government.
Recently they had election and an old disgraced politician named Nawaz Shariff has formed a new government. So as usual they are thumping their chests and beat the war drums in some attempt to unify the country behind him. Hope he calls the yelping dogs off before serious permanent damage is done.

--
sed -e 's/Chuck Norris/Rajnikant/g' joke > fact
Or it's the Pakistan Taliban by Bruce66423 · 2013-05-20 06:56 · Score: 1

Who have been indulging in a lot of terrorism recently, so adding some cyber attacks would merely be broadening their palate. And blaming it on India is always good for misdirection.
Cyber Attack From India: by Anonymous Coward · 2013-05-20 07:40 · Score: 0

That hit Pakistan, which was launched by the CIA's botnet and/or agent's botnet from india.
Slashdot editors are retarded blind sheep.
Strange title by rduke15 · 2013-05-20 08:13 · Score: 1

The title says "Attack from inside India". But the quote only seems to say "Since the target is Pakistan, the attacker can only be India". That doesn't sound like very solid evidence...
Of course, I haven't read the article (yet?), but the summary doesn't really suggest I would learn anything more.
1. Re:Strange title by Anonymous Coward · 2013-05-20 08:39 · Score: 0
  
  The title says "Attack from inside India". But the quote only seems to say "Since the target is Pakistan, the attacker can only be India". That doesn't sound like very solid evidence...
  Of course, I haven't read the article (yet?), but the summary doesn't really suggest I would learn anything more.
  If you really care about the topic, you should read this.
Attack?!? by tqk · 2013-05-20 09:01 · Score: 1

Sending malware laden phishing emails is an attack now? Hmm, what's the appropriate Monty Python line for that ... Oh yeah: Help, help, I'm being oppressed! Come and see the violence inherent in the system! So, now the USA's Cyber-terrorism defenses are going to ramp up to hunt down and "yada yada with extreme prejudice" spammers, script kiddies, and botnet herders?
Wouldn't it be simpler to lobby Microsoft to get them to stop pushing out crappy, vulnerable software?
I think I'll blame the Pakistanis for this whole incident. If they weren't running pirated versions of abysmally maintained/supported software, they wouldn't have fallen victim to this.

--
"Tongue tied and twisted, just an Earth bound misfit ..." -- Pink Floyd.
2003: The risks of a monoculture .. by dgharmon · 2013-05-20 10:45 · Score: 1

"Government institutions are among the targets of an attack on Pakistani bodies, which originates in India, according to reports. The campaign is using vulnerabilities in Microsoft software to install the HangOver malware"

Sep 2003: CyberInsecurity: The Cost of Monopoly

--
AccountKiller
Original report from *last week* by ESET by Aryeh+Goretsky · 2013-05-20 13:15 · Score: 1

Hello,
Norman has done an excellent job with their report on the malware; however, it should be noted that the initial report came from ESET last week at the CARO anti-malware conference:
Targeted information stealing attacks in South Asia use email, signed binaries
I would also like to point out that while it is easy to assume that the Indian government (or someone connected with it) was responsible for these targeted attacks given the seemingly poor job in hiding their tracks (domain name registrations, embedded metadata, et cetera), it could also be a more sophisticated adversary who specifically manufactured those in an attempt to divert attention from themselves. After all, Pakistan shares borders with Afghanistan, China and Iran, and there are other countries who are likely interested as well, for geopolitical and even economic reasons.
Threat attribution is incredibly difficult, and attempts to blame India at this point may not just be foolish, but counterproductive as well.
Regards,

Aryeh Goretsky

--
Dexter is a good dog.
1. Re: Original report from *last week* by ESET by Aryeh+Goretsky · 2013-05-20 20:41 · Score: 1
  
  Hello, Just to clarify, the research was done in parallel by Norman and ESET with collaboration between researchers from both companies. Consider it a team effort. Regards, Aryeh Goretsky
  
  --
  Dexter is a good dog.
Re:Thank you for RTFA by computererds · 2013-05-21 02:10 · Score: 1

I guess it was your turn :)
Folk devil by NewYork · 2013-05-21 05:03 · Score: 1

Google "Religion and IQ"
* Muslim IQ = 104.87
* Hindu IQ = 103.9
Google "National IQ estimates"
* Pakistan = 84
* India = 82
https://en.wikipedia.org/wiki/Folk_devil

--
Casteism