Cyber Attack From Inside India Hits Pakistan Government 42
judgecorp writes "Government institutions are among the targets of an attack on Pakistani bodies, which originates in India, according to reports. The campaign is using vulnerabilities in Microsoft software to install the HangOver malware, according to Norwegian security firm Norman Shark (PDF). From the article: 'In the attacks on Pakistani organizations, spear phishing emails were sent out purporting to contain information on "ongoing conflicts in the region, regional culture and religious matters," according to Norman. Norman could not provide direct attribution to the attacks, but its report did note the following: "The continued targeting of Pakistani interests and origins suggested that the attacker was of Indian origin." Snorre Fagerland, principal security researcher in the Malware Detection Team at Norman, told TechWeekEurope it appeared Pakistani government bodies had been attacked.'"
If some government were doing that... (Score:5, Insightful)
If India were actually behind this, why would it appear to come from India?
If someone else were doing this, wouldn't India be the obvious choice for your final leg?
Re:If some government were doing that... (Score:5, Insightful)
If India were actually behind this, why would it appear to come from India?
Perhaps because the Pakistanis would blame India even if the government knew it was from someone else, so why bother. TFA also makes it sound like there's no smoking gun implicating the Indian government, so saying "These attacks came from within India!" is probably not enough to bring much international heat on India (or shouldn't anyway, the UN has shown once or twice it doesn't understand how the internet works, or at least that it doesn't care.) TFA also mentions that it's possible someone is trying to make it LOOK like an Indian security firm, while it may not actually be.
Lastly, and perhaps most simply, it could be incompetence.
Re: (Score:2)
Re: (Score:2)
Wouldn't it make more sense to avoid it looking like India even though Pakistan will blame India, thus making Pakistan's government/army look even more like a bunch of paranoid loons who'd compromise their own politics and security for the sake of being militant over India? Pakistan seem to prefer risking losing territory to the Taliban (by prioritizing India) and doing deals with militants who wish them harm to bait India, rather than actually trying to stabilize their own country. I think it makes no sens
Re:If some government were doing that... (Score:4, Insightful)
Re: (Score:2)
Source is obvious.
Re:Thank you for RTFA (Score:1)
Re: (Score:1)
India doesn't care if Pakistan knows it's them. Those two hate each other with a passion. Anything to disrupt the elections.
BTW, when I read "attack on Pakistani bodies" I thought it was just more rapes in India, this time committed against Pakistani women.
Re: (Score:3)
If someone else were doing this, wouldn't India be the obvious choice for your final leg?
It would be the obvious choice, but it'd be the wrong one. It would be questioned, as you have, possibly spurring a deeper investigation that reveals India was a scapegoat. If I were doing it, my final leg would be somewhere like China, who would be most likely to assist in an investigation, that reveals my next-to-last leg in the United States, starting an international political mess. Only when the madness of diplomacy settles down will they work back to the drone in India, which by that time has been tho
Re: (Score:2)
It would be the obvious choice, but it'd be the wrong one. It would be questioned, as you have,
Well, apparently it wasn't questioned by the Tech Week Europe, who published the story, or the security researchers who developed it.
Re:If some government were doing that... (Score:4, Insightful)
Re: (Score:2)
If India were actually behind this, why would it appear to come from India?
Because they're not really as good at IT as the people who use them as cheap labor realize.
Snorre Fagerland (Score:1)
Next time I get a new cat I am going to call it "Snorre Fagerland." I need to figure out which Monty Python routine included that name now.
Oh, and.... um... now for the gratuitous MS bashing: Microsoft security is bad bad bad! (Social engineering for the win, though.)
Re: (Score:3)
The only "proof" of that it originated from India is... still searching and can't find anything in the article.
Probably the last-hop IP in the spear phishing mail headers.
That is the only IP address you can (somewhat) trust, because it is inserted by your own mail server.
Is it proof?, certainly not.
sensationalist much? (Score:5, Informative)
From the first article:
Norman could not provide direct attribution to the attacks, but its report did note the following: “The continued targeting of Pakistani interests and origins suggested that the attacker was of Indian origin.”
From the PDF:
None of the information contained in the following report is intended to implicate any individual or entity, or suggest inappropriate activity by any individual or entity mentioned.
Prominently displayed centered on the very first page of the report after the cover.
Re: (Score:2)
I'm guessing that is just Standard Ass-Covering Boilerplate(tm) to avoid Norwegian anti defamation laws.
Re: (Score:2)
Yeah I got that - although if they have to cover their asses, maybe they shouldn't be running at full speed with those claims :)
Re: (Score:2)
mySQL is a fine database and anybody who complains about it is just a hater. /sarc
Re: (Score:2)
Or, maybe the Paks want to provoke a war?
http://www.aninews.in/newsdetail2/story112519/growing-intolerance-in-pak-occupied-kashmir.html [aninews.in]
There's a lot going on, and I'm nowhere close to pulling it all together. Gotta keep in mind that the Taliban runs half of the country, but instead of Pakistan fighting the Taliban, they're instigating confrontations with India. Strange . . .
Comment removed (Score:3)
The only thing that unites Pakistan is ... (Score:5, Informative)
Recently they had election and an old disgraced politician named Nawaz Shariff has formed a new government. So as usual they are thumping their chests and beat the war drums in some attempt to unify the country behind him. Hope he calls the yelping dogs off before serious permanent damage is done.
Or it's the Pakistan Taliban (Score:2)
Strange title (Score:2)
The title says "Attack from inside India". But the quote only seems to say "Since the target is Pakistan, the attacker can only be India". That doesn't sound like very solid evidence...
Of course, I haven't read the article (yet?), but the summary doesn't really suggest I would learn anything more.
Attack?!? (Score:2)
Sending malware laden phishing emails is an attack now? Hmm, what's the appropriate Monty Python line for that ... Oh yeah: Help, help, I'm being oppressed! Come and see the violence inherent in the system! So, now the USA's Cyber-terrorism defenses are going to ramp up to hunt down and "yada yada with extreme prejudice" spammers, script kiddies, and botnet herders?
Wouldn't it be simpler to lobby Microsoft to get them to stop pushing out crappy, vulnerable software?
I think I'll blame the Pakistanis for
2003: The risks of a monoculture .. (Score:2)
Sep 2003: CyberInsecurity: The Cost of Monopoly [cryptome.org]
Original report from *last week* by ESET (Score:2)
Hello,
Norman has done an excellent job with their report on the malware; however, it should be noted that the initial report came from ESET last week at the CARO [caro.org] anti-malware conference:
Targeted information stealing attacks in South Asia use email, signed binaries [welivesecurity.com]
I would also like to point out that while it is easy to assume that the Indian government (or someone connected with it) was responsible for these targeted attacks given the seemingly poor job in hiding their tracks (domain name registrations,
Re: Original report from *last week* by ESET (Score:2)
Folk devil (Score:1)
Google "Religion and IQ"
* Muslim IQ = 104.87
* Hindu IQ = 103.9
Google "National IQ estimates"
* Pakistan = 84
* India = 82
https://en.wikipedia.org/wiki/Folk_devil [wikipedia.org]