Has Pakistan Developed Cyber Attack and Defense Capabilities?
By RiazHaq
CA
Recent reports of Russian hacks of the American Democratic Party's election campaign staff to influence the outcome of US elections have brought international cyber espionage in sharp focus once again. How many nations have such capabilities? What are their names? Are India and Pakistan among them?
Pakistan is believed to be among a couple of dozen nations with serious cyber espionage capabilities. This belief has been strengthened among the cyber security community since Operation Arachnophobia is suspected to have originated in Pakistan.
Bloodmoney: A Novel of Espionage:
Washington Post columnist David Ignatius frequently writes about the activities of intelligence agencies and often cites "anonymous" intelligence sources to buttress his opinions. He is also a novelist who draws upon his knowledge to write spy thrillers.
Ignatius's 2011 fiction "Bloodmoney: A Novel of Espionage" features a computer science professor Dr Omar who teaches at a Pakistani university as the main character. Omar, born in Pakistan's tribal region of South Waziristan, is a cyber security expert. One of Omar's specialties is his deep knowledge of SWIFT, a network operated by Society for Worldwide Interbank Financial Telecommunication that tracks all international financial transactions, including credit card charges.
Omar's parents and his entire family are killed in a misdirected US drone strike. Soon after the tragedy, several undercover CIA agents are killed within days after their arrival in Pakistan. American and Pakistani investigations seek the professor's help to solve these murders. Ignatius's novel ends with the identification of the professor as the main culprit in the assassinations of the CIA agents.
Operation Arachnophobia
In 2014, researchers from FireEye, a Silicon Valley cyber security company founded by a Pakistani-American, andThreatConnect teamed up in their investigation of the attacks, which feature a custom malware family dubbed Bitterbug that serves as the backdoor for stealing information. Though the researchers say they have not identified the specific victim organizations, they have spotted malware bundled with decoy documents related to Indian issues, according to DarkReading.com.
The reason it was dubbed "Operation Arachnophobia has to do with the fact that variants of the Bitterburg malware detected by the researchers included build paths containing the strings “Tranchulas” and “umairaziz27”, where Tranchulas is the name of an Islamabad-based Pakistani security firm and Umair Aziz is one of its employees.
Operation Hangover
Operation Arachnophobia targeted Indian officials. It appears to have been Pakistan's response to India's Operation Hangover that targeted Pakistan. Investigations by Norway-based security firm Norman have shown that the Operation Hangover attack infrastructure primarily was used as a means to extract security-related information from Pakistan and, to a lesser extent, China.
"Targeted attacks are all too common these days, but this one is certainly noteworthy for its failure to employ advanced tools to conduct its campaigns," said Jean Ian-Boutin, malware researcher at ESET security company. "Publicly available tools to gather information on infected systems shows that the attackers did not go to great lengths to cover their tracks. On the other hand, maybe they see no need to implement stealthier techniques because the simple ways still work."
Attack Easier Than Defense
The fact that cyber attacks so often succeed suggests that it's easier to attack a system than to defend it. By the time such attacks are detected, it's already too late. A lot of valuable information has already been lost to attackers.
However, it's still very important to possess the cyberattack capability as a deterrent to attacks. Those who lack the capacity to retaliate invite even more brazen cyberattacks.
Need for International Treaties
Cyberattacks on infrastructure can have disastrous consequences with significant loss of human life. Disabling power grids and communication networks can hurt a lot of people and prevent delivery of aid to victims of disaster. It's important that nations work together to agree on some norms for what is permissible and what is not before there is a catastrophe.
Summary
About 30 nations, including US, UK, France, Germany, Russia, China, India, Iran, Israel and Pakistan, possess cyber espionage and attack capabilities. Growth and proliferation of such technologies present a serious threat to world peace. There is an urgent need for nations of the world to come together to agree on reasonable restrictions to prevent disasters.
Back to Pakistanlink Homepage
