Cyber wars

Black-hat activity in Pakistan has gained a sort of infamy due to cross-border activity in recent years.


Gibran Ashraf April 03, 2011
Cyber wars

How many times have you heard that a friend had to change his or her email account because it had been hacked? Or had to deactivate their Facebook account for the same reason?

In the world of information technology where more and more people are getting connected and information of all sorts is available online, hacking presents a threat like never before.

Leave Your Hat On

Traditionally, hackers have been divided into two groups, known as Black-hats and White-hats. Black hats are those who (mis)use their skills to penetrate websites and networks to obtain sensitive data to further their criminal activities. White-hats, on the other hand, use the same skills to locate vulnerabilities in systems for their clients and then devise a way to fill the gaps.

Hack Attacks

The most common types of hack attacks include Distributed Denial of Service or DDoS attacks where hackers overload the server of a site with too many requests. This is considered an elementary method of attack, and remains one of the most effective if done on a large scale.

Another type of attack involves hacking into websites. This involves breaching the security parameters of a website and gaining access to its administrator panel where the hacker can add or remove information like adding a page which carries a message from the hacker or adding lurid pictures on landing pages.

The last type of attack is very similar to the kind of attack where the hacker penetrates a website and steals information which would otherwise only be available to authorised personnel.

The Virtual War

At least as far as hacking goes, Pakistan doesn’t lag behind the rest of the world. There is a dedicated community of hackers in Pakistan which has been involved in both black-hat and white-hat activities. Black-hat activity in Pakistan has gained a sort of infamy due to cross-border activity in recent years. Faiz Ahmad Shuja, a Pakistani white-hat professional who started out with computers in the late nineties says that black-hat activity, especially cross-border attacks where Pakistani hackers attacked and defaced Indian websites, started somewhere in 1998 soon after the nuclear weapon detonation in India and then in Pakistan. Back then, he recalls, “hacking fell more in the purview of hack-tivism with patriotism being the primary motivation”.

This sort of hack-tivism from both India and Pakistan continued ferociously for the better part of the last 12 years, with activities reaching an all-time high in 2005, when over 200 incidents of hack attacks and counterattacks were launched. The most recent episode was when Indian hackers attacked and defaced 36 Pakistani government websites in early December 2010. This led to a counterattack from a Pakistani hacker group called the Pakistan Cyber Army which hacked into the website of the Indian Central Bureau of Investigation, regarded as one of India’s most secure sites.

The Best Defence

However, Pakistan is not as secure against cyber attacks as it needs to be. Naveed Mansoor, Director of the Monitoring and Evaluation cell for the Planning and Development Department in the Government of Sindh, says that networks and websites in Pakistan regularly face attacks from hackers within and outside the country. A couple of years ago one of the biggest victims of hacking in Pakistan, the National Bank of Pakistan, disclosed that millions of rupees were siphoned off by hackers who had manipulated the bank’s ATM network where any customer attempting to withdraw money from an NBP ATM would be told that a transaction had occurred though no cash would be provided. The “missing” money was then transferred remotely to a set of pre-designated accounts. Mansoor says “unfortunately internet security is not at the top of the government’s list”.

Shuja too agrees that the fragmented black-hat community in Pakistan, barring a small group, has turned on Pakistan and is now increasingly targeting e-commerce establishments along with unsecured telecommunication networks.

Not A Remote Threat

Yet the greatest threat that Pakistan, India or any other country faces is from remote operating groups bent on either disabling or breaking in, spying on, sabotaging or making public classified information stored on websites and networks.

The most frightening example of these types of activities has been the recent “Stuxnet” attacks. The attacks were in the form of a computer worm infection in systems in Iranian nuclear plants which halted scheduled operations between June and September 2010. This strain of software was designed to penetrate, locate and disable only a specific configuration of computers which were directly associated with core operations.

Shuja says: “Hacker groups working with governments to penetrate systems of their enemies multiply their capabilities”. The US has often accused China’s growing “army” of hackers of having state sanction, allowing hackers to break into the Pentagon and steal designs of nuclear weapons in 2005. Around the same time, Chinese companies reportedly passed on a source code from software giant Microsoft to the Chinese government which in turn supplied hackers with it. This culminated in the SQL Slammer worm in 2005 which affected millions of computers globally. And last year Google claimed its servers had been hacked by Honker Union, a highly skilled Chinese hacker group allegedly backed by the Chinese government.

Threats Around The World

The threat to cyber-security has even made US President Barack Obama to sit up and take notice. The US Strategy Command revealed during an international symposium in 2009 that cyberspace was formally recognised as a domain from which to expect attacks. Recording an increase in cyber-attacks by 53 per cent in 2008 with $1 trillion worth of data stolen, the US decided to set up the Cyber Command department which will act as a central command for various cyber-security sections working in the public, and to some extent in the military domains, including the US Air Force Network Warfare Squadron and the cyber-security wing of the Department of Homeland Security with their force of “cyber-warfare combatants”.

As US CYBERCOMM became operational in May 2010, many countries, including Britain, Australia, China, South Korea and Iran, copied the idea and set up similar departments within their government structure. The objective is to focus on internet and network security.

No One Owns The ‘Net

Wikileaks, a group formed in part by hackers, discovered that the most potent weapon since the atom bomb was information. Their effective utilisation of this weapon changed the world. Information was obtained in part using hacking tools to gather some of the nearly 725,000 documents and cables from the US regarding the two warfronts in Iraq and Afghanistan and a large cache of diplomatic cables from US embassies around the world. The “leaks” caused global uproar, and of late have acted as a catalyst of change in Tunisia and Egypt, as well as prompting the US to launch one of its largest ever diplomatic damage control exercises.

In early December 2010, on the eve of the release of Cablegate, the first of some 250,000 confidential diplomatic cables, the first shot in the Wikileaks cyber-war was fired. A ‘patriotic’ hacker going by the alias the ‘Jester’ launched a DDoS attack forcing the main site www.Wikileaks.org to go offline. US based companies like Visa, Paypal and Mastercard were pressured into closing accounts for Wikileaks and Amazon.com removed Wikileaks from its servers. This sparked a massive counterattack from groups supporting Wikileaks. An international group of hackers called “Anonymous” defended Wikileaks by attacking and taking down Visa, Paypal, Mastercard and Amazon.com in their Operation Payback.

The New Atom Bomb

In an interview with me, Representatives of Anonymous made it clear that while their activities may lie in the ‘Grey-hat’ area, “Anonymous is an Internet gathering of those committed to destroying censorship and maintaining freedom of information and speech”. In their support of Wikileaks they say they are “defending their goals. Freedom of information and speech could be considered a mutual want for both parties”.

Regarding their recent ops in Tunisia, Egypt and Algeria they say that “we’re giving the people and governments a message. We’re reminding everyone that regular people (you and I) won’t sit down and let the government slap us around, we won’t let them hide information from us”.

Asked about what the legacy of Operation Payback would be, Anonymous says: “I see Anonymous being feared by governments as we roll our internet freedom ball upon the web and gather public support. I fear the internet may take a turn for the worse in terms of censorship - slowly more rules are becoming enforced, for example the latest FCC release. But one thing I definitely see is more and more people fighting against it.” They maintained that they would work to alleviate public repression in case of a “cyber-war”, fighting multiple sides if they have to.

Former US intelligence chief Michael McConnell, while giving an interview in the February 2010 edition of Information Week likened the devastation from cyber attacks to that from nuclear bombs. Hiroshima changed the world, and so has the internet-based Wikileaks. Anonymous continues its role as a facilitator of change in oppressive nations from cyberspace. And all the while, countries around the world are recruiting hackers in a bid to not only protect breaches which may lead to Cablegates of their own, but to also as an offensive capability against groups like Anonymous and to cripple the infrastructure of their enemy.

OpPayback may have been the first such war to be fought publicly, but it will not be the last. Cyber-warfare is not a hypothetical scenario; it’s a reality and its potency is greater than a nuclear bomb.

PML-N official website hacked

In March 2011 a hacker defaced the official website of the PML-N. The hacker left a message on the website, asking the party’s leaders to refrain from “filling your own pockets.”The page was recovered and restored to its original form shortly after the incident.

President Zardari’s website hacked

In December 2010 the Federal Investigation Agency’s Lahore Cyber Crime Wing arrested a hacker on charges of hacking the personal website of President Asif Ali Zardari. According to officials, the website was hacked in July and was restored within two days. The accused had changed his web name from Adil to ‘Penetrator’ when the Cyber Crime Wing started tracing his location. Adil, who confessed to hacking the site, said he did it ‘for fun’. He was handed over to FIA Rawalpindi for further investigation.

Operation Payback

The Wikileaks saga unleashed a furious debate on access to information online. When Julian Assange was arrested, the hacking community allegedly took revenge on the companies that had refused to support him — and the websites of credit-card giants Visa and MasterCard, and of the Swedish government, were brought down.

Punjab police website hacked

In July 2010 the official website of the Punjab police was hacked by an Indian hacker. The hacker left an anti-Pakistan slogan on the website’s main page.

Operation Aurora

This was a hack attack that began in mid-2009 and continued till the end of the year. Several major corporations were targeted; Google first admitted to having been attacked on a blog in 2010, and said the attack originated in China. Other companies that said they had been targeted include Adobe Systems, Juniper Networks and Rackspace. As a result, Google suggested that it may leave China and close its Chinese offices. Official Chinese media responded stating that the incident is part of a US government conspiracy.

US State Department hacked

In 2007, the cyber systems of Central Command, the State Department, Department of Commerce and NASA were successfully hacked — and they lost millions of pages of classified information.

British Parliament website hacked

A hacker who belonged to Rome and called himself ‘Unu’ invaded the UK Parliament’s website in 2009. He used to examine high profile and reputed websites regularly for probable security flaws — websites of companies such as BitDefender, Kaspersky, Symantec, F-Secure, The Telegraph and British Telecom, and The International Herald Tribute. Unu pointed out flaws in the Parliament’s website, but refrained from leaking sensitive data.

The New York Times hacked

‘Grey hat’ hacker Adrian Lamo hacked into the internal computer network of The New York Times in February 2002. He was able to view personal information on contributors, including Social Security numbers. Lamo also hacked into The Times’ LexisNexis account to research high-profile subject matter. A warrant for Lamo’s arrest was issue in 2003, and in 2004 he was convicted of compromising security at The New York Times and Microsoft, Yahoo! and MCI WorldCom.

‘Solo’ hacks NASA and US military

US authorities accused hacker Gary McKinnon of hacking into about 97 US military and NASA computers over a 13-month period between February 2001 and March 2002. McKinnon, who is said to have used the name ‘Solo,’ was accused of deleting critical files from operating systems, which  shut down the US Army’s Military District of Washington network of 2,000 computers for a day, as well as deleting US Navy Weapons logs, rendering a naval base’s network of 300 computers inoperable. McKinnon the charges, arguing that he had accessed open, unsecured machines with no passwords and no firewalls and that he left countless notes pointing out their many security failings.

Published in The Express Tribune, Sunday Magazine, April  3rd, 2011.

COMMENTS (4)

Khwaja Naveed, Information Security Professional | 13 years ago | Reply The author is not a security professional, but a mere freelance writer and photographer. He has done remarkable job in compiling facts from around the world .. though by copying from other's blogs. However he accomplished his job moderately well in writing on one of the crucial topic in Information Security arena, for newbie readers. Regards, Khwaja Naveed, CISSP, CISM, PMP, ISMS 27001 LA/LI, C|EH Works for SSGC (utility company in Pakistan) as Manager, Information Security
Jack Nauti | 13 years ago | Reply Poorly researched and executed article on way too many points to even make the effort to point out. Was this a high school English project? I wouldn't even know where to start in picking this shoddy thing apart and trying to correct it. Awful.
VIEW MORE COMMENTS
Replying to X

Comments are moderated and generally will be posted if they are on-topic and not abusive.

For more information, please see our Comments FAQ