A two year long research and spying by a US-based IT firm FireEye has affirmed that a Pakistan-based cyber security firm has stolen crucial information from India, that of its government and defence establishments reports ET.
The Pak firm used leased US hosting services while holding India as a target. FireEye said, the findings revealed that India remains a vulnerable target for cyber attacks even after documents leaked by whistleblower Edward Snowden exposed widespread spying by US National Security Agency.
The firm, that has close ties with Islamabad based firm Tranchulas, to bait Indian officials had subject lines in their malware laced emails with terms like ‘Sarabjit Singh’, ‘Devayani Khorbragade’, ‘Salary hikes for government employees.’ The malware content in the emails thus reached the Indian official machinery and managed to steal confidential data.
The malware identified by FireEye has been active since early 2013 with the name of a Tranchulas employee, Umair Aziz, in its code. FireEye said that, after it confronted Khan over this issue in July 2013, different variants of the malware with modified names have surfaced.
The US firm has told the Indian Government that the data is being still stolen, however, this does not seem yet like an eye opener to the government. The Indian Govt has plainly denied having any knowledge of the attack saying, “It is incorrect. We have only seen cases of website hacking.
However, they hold only public data,” said Dr. Gulshan Rai, director-general of the Indian Computer Emergency Response Team, or ICERT. As we know, Dr. Gulshan Rai is now all set to be India’s first cyber chief. Its time for this new genre of government officials to work out solutions an take help offered by security intelligence agencies, rather than acting stubborn and ignoring warnings.
A senior officer from the Indian intelligence bureau has however agreed that they were under cyber threat. He said on condition of anonymity, “We have seen many such attacks targeting Indian government and defence establishments, but in cyber space it is very hard to ascertain the actual source.”
FireEye has also stated that Tranchulas has claimed to help Pak to infuse the malware-infected emails in the inboxes of Indian government officials. Manish Gupta, senior vice president at FireEye said in a statement, “They are essentially penetrating Indian government accounts to find out what the Indian government is up to. They are also targeting defence organizations. Some of the things that could be important to them could be what kind of weapons does India have, where are these weapons deployed, how many people are deployed in these regions, what is the s organization structure, are there any military exercises planned.”
Tranchulas has not accepted nor denied the attack. The company said that it offers a service called the offensive cyber initiative to both government and private organisations, which helps them build up cyber warfare and also offers cyber defence. CEO Zubair Khan said in an email, “We’ve had no contact with (FireEye), so I have no idea about their motivations vis-a-vis their reporting on us. Clearly, they are one of the best security research firms out there and we respect their talents in this regard.”
Cyber attacks are a common rage in India, and have only increased with time and tide. As per ICERT’s statistics, until mid-2014, more than 60,000 incidents were recorded. Earlier this month, Prime Minister Narendra Modi called upon the Indian IT Industry to focus on meeting the global challenge of cyber-security. The pieces of information provided by foreign nations whose servers are used by the attackers should act like an alarming wake up call for the Indian government.
[Image Source: Shutterstock.com]
Old news. Yawn. This story was covered in the press last year.