Pakistani and Indian websites are more prone to cyber-attacks during high-profile events like cricket matches and independence days, according to a new report.
The report by Recorded Future titled ‘Hacktivism: India vs Pakistan’ lists independence days of the two countries, the Mumbai attacks on November 26, and even cricket matches between the two countries as events which often coincide with increased cyber activity.
“India and Pakistan’s independence days, which fall on August 15 and August 14 respectively, create a predictable pattern (at least over the past three years) of attacks and retaliatory strikes by opposing hacker groups. An uptick in such activity before and after this year’s independence days shouldn’t come as a surprise,” the report said.
Indian hacker group, Indian Black Hats, claimed responsibility for the January 7 cyber-attack (timeline image below) as revenge for the attack on Pathankot, and the Mallu Cyber Soldiers who said they were avenging the attacks on the Kerala state government website.
“If we widen our view again and look at hackers from Pakistan and India targeting each other over the last seven months, we can see an interesting retaliatory pattern of attacks; the latest major response being Indian hackers avenging the deadly January 2, 2016 attack on the Indian Air Force base in Pathankot.”
The report further states that the website of Swami Vivekanand Subharti University was hacked on March 5, 2014 by a group claiming to be the Pakistan Cyber Army (aka Bangladesh Cyber Army) in response to the expulsion of pro-Pakistan students who had cheered for the Pakistani cricket team after it defeated India in the Asia Cup held in Dhaka, Bangladesh.
According to the report, the Pakistan Cyber Army (PCA) has been consistently active since 2007 and has hacked Indian government and private websites, such as, Indian Oil and Natural Gas Corporation (a Fortune 500 company), Indian Railways, the Central Bureau of Investigation, Central Bank of India, and the State Government of Kerala.
PCA has even put up tutorials on how to set up phishing attacks as shown in the Facebook post below. The report admits that it is hard to establish, but goes on to say that it is indeed a PCA actor who posted this:
In some instances the hackers chose to identify themselves, for example, the hacker behind India’s Kerala state website defacement in September 2015 identified himself as “Faisal 1337”.
The report also discussed the many possible motivations and objectives of cyber activities between India and Pakistan. “These could range all the way from loosely affiliated hacktivist groups avenging attacks by defacing symbols and institutions to more coordinated state-sponsored attacks, which will be covered in a future piece. The Line of Control (aka international border) between the two only serves as a symbol of adversarial tension and certainly not a barrier in the cyber realm.”