|Even if communications are adequately encrypted, experts say poor security at the user’s end often compromises their security.—AFP file photo
ISLAMABAD: While the government focuses on fighting terrorism and extremism under the National Action Plan (NAP), another threat seems to be looming on the horizon: cyber warfare. Sources have told Dawn that government assets are now increasingly coming under attack from hackers and subversive elements that may be looking to steal sensitive information or intercept privileged communications.
The threat of cyber attacks really raised the hackles of the country’s security establishment when, just before the recent visit of Chinese president XI Jinping, computers at the country’s Foreign Office (FO) were hit by a cyber attack. The fact that it was the FO’s China desk that was targeted alarmed many and, sources within the department say, intelligence agencies are currently investigating the nature of the attack.
Although an FO spokesperson denied that anything like this had occurred, this account does figure into the larger picture: coordinated cyber attacks against governments, corporations and militaries around the world have picked up steam and some of the world’s leading cyber security firms are attributing a recent spate of state-level cyber attacks to Russian state-sponsored hackers.
In a report titled ‘APT28: A Window into Russia’s Cyber Espionage Operations’, leading US network security firm FireEye has tracked attacks on government, defence and educational infrastructure in at least 26 different countries, including Pakistan. According to the report, Russian hackers used the technique known as ‘phishing emails’, which involves sending a user emails with content of their interest, which usually has a malicious software embedded in it.
FO’s China desk reportedly ‘hacked’ ahead of Chinese president’s visit l Cyber-attacks originating from Russia target sensitive departments, military systems in at least 28 countries, including Pakistan l IT experts, insiders raise questions about local ISPs’ level of preparedness for sophisticated cyber spying l Individual users marked as easy targets, more susceptible to phishing attacks l Telecom official blames bad cyber security within departments, organisations for compromised communications
If the user opens or saves the phishing content, the malware or spyware installs itself into the user’s computer and can then be used to steal information or alter/erase important records. This method, which targets an individual rather than an entire network, affords the hackers a better chance of success.
“Individual user habits are almost never as robust as the measures an organisation or department takes with regard to cyber security,” said Shahzad Ahmed, country director of the digital rights group Bytes For All. According to Mr Ahmed, mobile devices such as phones and tablets were more insecure as compared to personal computers and laptops.
“On a computer, the user may install an anti-virus or anti-malware software. However, users seldom take similar measures when it comes to mobile devices.” In addition, apps and various services that are always running on smartphones can easily transfer user data to a third party without their knowledge, he said.
Other IT experts Dawn spoke to also agree with the perception that mobile platforms are more susceptible to being compromised and fear that the country’s telecom providers, as well as the now-privatised Pakistan Telecommunication Corporation Limited (PTCL) — the country’s largest Internet service provider (ISP) — may not be adequately equipped to counter coordinated attacks by cyber spies.
An IT industry insider told Dawn that, in theory, everything from phone lines to online chats and mobile phone data could be accessed and since telecom companies controlled critical infrastructure in any nation, the impact of an attack against their networks could have far-reaching repercussions.
“There is enough data available that shows that ISPs in particular have been compromised on many occasions by hackers,” the insider told Dawn.
According to an internal security analysis of one of the country’s main ISPs, which was aimed at testing the efficacy of existing firewalls and security measures, at least 850 infected hosts – or users whose computers were infected with malware – were detected on that ISP’s network.
The security analysis noted that certain malware even attempted “outbound communications ... from various international destinations to upload data from within the national network.”
A telecom engineer who has worked for several leading cellular companies in Pakistan told Dawn, on condition of anonymity, that each operator’s security capabilities were put in place as part of the technology solution they purchased from the vendor that supplied their equipment. These vendors include renowned firms such as Nokia-Siemens and Motorola, and the security protocols they design usually come as part of the package.
“There are firewalls in all the right places, but they are a choking point in the network. ISPs such as PTCL see regular attempts – such as denial of service attacks – to compromise their firewalls. However, he was of the opinion that the easiest way to compromise any network’s security was by targeting individuals who had access to the back-end. “If a hacker gains access to, say, my computer, they would be in a position to do even more damage, because they would then have access to the barebones of the communications infrastructure. This is why most vendors have quite stringent security protocols.”
Another IT expert Dawn spoke to painted an even more alarming picture. “One critical threat unique to the telecommunications sector around the world are attacks on leased equipment, such as home routers issued by ISPs. Once the equipment has been compromised, hackers can use it to steal personal data, launch attacks anonymously, store communication records or access services such as international phone calls,” he said.
According to him, mobile service providers were vulnerable as basic information such as an individual user’s location and other metadata, which is part of nearly every communication between a device and the cellular network it is linked to, can be used to track high-value targets and leave them open to the threat of abduction or targeted attacks.
However, a spokesperson for Telenor told Dawn that the company was fully prepared to face such threats and had a complete information security department in place.
“Stringent information security and data protection policies are followed diligently, along with constant monitoring,” the spokesperson claimed.
But a source in the Pakistan Telecommunication Authority (PTA) corroborated the IT experts’ account and admitted that incidents of cyber attacks were increasing. The number of attacks had risen to such levels that the authority had warned ISPs to be vigilant.
A PTA spokesperson told Dawn that, “As one of the stakeholders in cyber security, PTA is aware of the importance of the matter and has advised telecom operators to ensure security of their networks through different measures, one of which is the penetration test.” According to the spokesperson, the penetration test simulates the conditions of a hack and tests for weaknesses within the designated network.
PTCL General Manager for Corporate Communications Imran Janjua also accepted that “International cyber landscape is full of dynamic security threats which are evolving, literally, on a daily basis.”
Mr Janjua clarified that most cyber attacks against government departments or other organisations were made possible “due to vulnerabilities in their web application layer and endpoint infrastructure.”
This means that while the ISP, which is the channel of communication used by such organisations, may be secured, the system at that department where messages originate from, may be compromised and may also infect other systems on the same network.
“Every organization is responsible for their own end-point infrastructure, as well as the security of their network and data.”
However, experts across the board agree that without a coordinated national cyber security strategy, Pakistan had no hopes of combating the kind of sophisticated cyber spying that appeared to be on the horizon.
Malware and spyware
Short for “malicious software”, software used to disrupt computer operation, gather sensitive information, or gain access to private computer systems. Malware acts against the requirements of the computer user. Spyware, on the other hand, can include key logging software, tracking cookies and Trojans, and can run undetected on host computers, feeding information to their operator.
This refers to illegal attempts to acquire sensitive information such as usernames, passwords, and credit card details (and sometimes, indirectly, money), often for malicious reasons, by masquerading as a trustworthy entity in an electronic communication, such as someone you know or regularly correspond with.
Much like the myth of the Trojan Horse of antiquity, trojan horse programmes are generally defined as a type of malware program containing malicious code which, when executed, carries out that typically include causing data loss or theft or possible system harm. Trojans often present themselves as useful or interesting in order to persuade victims to install them on their computers.
Published in Dawn, May 19th, 2015