July issue 2017
War in Cyberspace
In the early hours of April 25, 30 Pakistani government websites were simultaneously hacked. “Charges against Kulbhushan Jadhav are Fictious, Fake and Farcical (sic),” read part of the message on the websites’ homepage.
The attack was claimed by a hacking group, ‘Lulzsec India,’ who said that it was to avenge the death penalty for Jadhav — a self-confessed spy of the Indian Intelligence agency, Research & Analysis Wing (RAW), who was sentenced to death by a military court on April 10.
“There is no evidence of wrongdoing by him. This is an act of ‘PREMEDITATED MURDER.’ Earlier it was SARABJEET, now its KULBHUSHAN JADHAV (sic).
“Warning: If this thing has happened to an INDIAN national today, it can happen to your (Pakistan) national as well (sic). Jai Hind…
“We Love Modi!” Lulzsec India further wrote on the websites.
When contacted on their Facebook page, which is no longer active, Lulzsec India — a team of 11 hackers — said their name is inspired by LulzSec, which hacked the CIA website in 2011. But the group maintains that there is no affiliation between them and the black hat computer hacking group, which was behind the compromise of user accounts from Sony Pictures in 2011, among other high profile cyberattacks. The group maintained that the timing of the attack was designed to highlight Jadhav’s case. “He is innocent. Pakistan should release him,” they said. When asked why they targeted the government websites, the group said it wants to highlight how weak Pakistani cybersecurity is.
“If a group of nobodies like us can take down government websites, imagine what an intelligence agency can do,” they replied. Lulzsec India added that it’s not uncommon for intelligence agencies to deploy professional hackers to initiate cross-border cyberattacks. “We’re sure the Pakistani intelligence agency does it as well. Chinese, Iranian and North Korean hackers are famous in the hacking circles.”
Several officials of the Inter-Services Intelligence (ISI) declined to comment when asked about Pakistan deploying hackers for cyberattacks in other countries.
On New Year’s Eve this year, the website of the Indian National Security Guard (NSG) was hacked. The attack was claimed by a Pakistani group that identifies itself as ‘Alone Injector.’
The group left messages targeting state-backed violence in Indian-administered Kashmir, including ‘Free Kashmir’ and ‘Indian NSG commandos hacked — Pakistan Zindabad!”
In October 2016, ‘Alone Injector’ had taken down the website of National Programme on Technology Enhanced Learning (NPTEL), following Indian claims of “surgical strikes” in Azad Kashmir.
In October last year, Pakistani groups had also hacked into Kashmir-bound Indian planes, tapping into the Jammu Air Traffic Control to play “Dil Dil Pakistan” on many of the planes.
A week before the NSG hack, Pakistani cyber-attackers had also hacked Thiruvananthapuram airport’s website, the capital of the Indian state of Kerala. This prompted Kerala-based ‘Mallu Cyber Soldiers’ to compromise the official websites of Islamabad, Karachi, Peshawar and Multan airports.
“Pakistani techies targeted Indian sites. Such fights are common but now the intensity has increased,” says Kislay Choudhary, a cybercrime expert, adding that “hackers from both countries are compromising important websites with ease.”
In the immediate aftermath of the Lulzsec India attack, a Pakistani group hacked the official websites of at least 10 Indian educational institutes, including four major universities: Delhi University (DU), Indian Institute of Technology, Delhi (IIT Delhi), IIT Varanasi and Aligarh Muslim University (AMU).
The hacker group code named ‘Pakistan Haxors Crew’ posted messages on the website, saying that the attack was in reaction to Lulzsec India targeting the Pakistani Railways website and “in solidarity with the innocent Kashmiri people being killed by the Indian Army!”
It added: “Greetings Government of India, and the people of India. Do you know what your so-called heroes are doing in Kashmir? Do you know they are killing many innocent people in Kashmir?”
Kashmir has been a common theme in hack attacks between India and Pakistan that can be traced all the way back to May 1998, when the Bhabha Atomic Research Centre’s website was targeted. The official website of Pakistan Peoples Party (PPP) was defaced by Indian hacking group ‘[email protected] [email protected]’ in 2014 after party cochairman, Bilawal Bhutto Zardari, had vowed to “take back all of Kashmir.”
According to AFP, attacks on Indian websites had risen from four in 1999 to 72 the next year, while the attacks on Pakistani sites jumped to 18 in 2000, from seven in 1999.
The attacks slowly increased throughout the 2000s, with the cyberwar truly intensifying in 2010 with Pakistan Cyber Army (PCA) and Indian Cyber Army (ICA) intermittently targeting high profile websites across the border. These included the Central Bureau of Investigation (CBI) in India and the Oil and Gas Regulatory Authority (OGRA) in Pakistan, which were breached in 2010.
“The ease with which government level websites are being breached highlights the lack of cyber security in both Indian and Pakistani state institutions,” says Majid Ali, an android developer at the US-based Mobistealth, involved in making spyware.
“I feel they still think it’s all fun and games, with hackers just posting ridiculous messages online. But when airport websites are being hijacked, the information you can gather from the systems ranges from flight timings, to security protocols. If this gets into the wrong hands, we all know what can happen,” he adds.
Kunwar Khuldune Shahid is a journalist and writer based in Lahore.