Print This Post
11 November 2021, Gateway House

Pakistan is India’s new cybersecurity headache

Cyberattacks from Pakistan-based hacker groups targeting India have increased. The stepped-up cyber activity comes in the backdrop of Islamabad's new cyber security policy and expanded digital cooperation with China. India must bolster its existing abilities in cyber forensics and regulations to counter the enhanced Pakistani threat.

Former Fellow, International Security Studies Programme

post image

In recent weeks, developments in Afghanistan, Pakistan’s uninhibited involvement in setting up the Taliban cabinet and its purported role in escalating violence in Kashmir have held the attention of Indian policymakers.

Beyond this, however, is another serious threat to India’s security interests: multiple cyberattacks from Pakistan-based hacker groups targeting India’s critical infrastructure and government servers. These attacks eclipse the earlier ‘nuisance value’ acts of vandalising Indian websites – a regular Pakistani habit. The new attacks demonstrate a step-up of Pakistan’s cyber capabilities and work concurrently with its persistent anti-India cyber disinformation campaigns like those pertaining to Kashmir and Indian interests in Afghanistan. Now is the time for India to neutralise the Pakistani cyber threat before it assumes menacing proportions.

Pakistan is getting there. In early August, the U.S.-based cybersecurity firm Black Lotus Labs reported that a Pakistan-origin malware called ‘ReverseRat 2.0’ had targeted Indian government officials by sending a forged invite for a United Nations meeting on organized crime with a Microsoft Teams link.[1] Its impact is still not known. ReverseRat 2.0 can breach the device of its intended victims, and the malware can remotely click photographs via its webcams, even retrieve files from USB devices plugged into the infected device. According to Black Lotus Labs, this is an advanced version of Pakistan’s earlier malware ‘ReverseRat’, detected just two months prior in June 2021 targeting India’s power sector and government departments.[2]

India has been on the radar of Pakistani hackers for some time. In 2020, security researchers from Ireland-based Malwarebytes Labs cybersecurity firm noticed attempts from a hacking group, APT36 – a Pakistani state-sponsored malicious actor, to infiltrate Indian government, diplomatic and military networks, and honey trap defence personnel for stealing sensitive data related to Pakistani military and diplomatic interests.[3] Its modus operandi involved spear phishing emails with a malicious link, purportedly from the Indian government. The group has been active since 2016, indicating its long cyber espionage campaign.

Pakistan’s recent anti-India cyber activity must be viewed in the backdrop of its new Cyber Security Policy 2021, which seeks to position Pakistan as an important participant in the global conversation on cybersecurity.[4] While the new policy does not explicitly mention the pursuit of cyber offensive capabilities for pre-emptive use, it does display more teeth in its messaging to Pakistan’s potential adversaries than the earlier Prevention of Electronic Crimes Act, 2016.

Whereas the 2016 Act’s stated objective was to control the escalation of cyber offences in Pakistan and transgressions related to information systems,[5] the most significant assertion in the recent law is that any cyberattack on a Pakistani establishment will hereafter be treated as an assault on Pakistan’s sovereignty and invite suitable retaliation. Unsurprisingly, the document has no clarity on the nature of retaliation, and whether it will be implemented using cyber offensive campaigns or more conventional methods.

From India’s perspective, it may appear that committing to retaliation in the cyber domain might not be sufficient to deter Pakistan’s adversaries given its limited cyber capabilities. But it is more likely that the actual objective of this vagueness is to grant Pakistan flexibility and unpredictability in its retaliation.

Although Pakistani hacking activities against India lack the sophistication of Chinese state-sponsored hacking groups, it is compensated for by the tenacity of the well-designed and catchy propaganda unleashed by Inter-Services Public Relations of the Pakistani Army, such as in the aftermath of the August 2019 abrogation of Article 370 and bifurcation of India’s erstwhile state of Jammu and Kashmir. For this, it utilised fake profiles, cyber trolls, journalists, and Pakistani diplomats, focussing on themes such as alleged human rights violations by Indian security forces in the Kashmir Valley, the plight of ordinary Kashmiris, scaremongering on the possibility of an India-Pakistan nuclear war, etc. This propaganda gained temporary traction with viral posts and trending Twitter hashtags, but it failed to cause any significant dent in India’s global image.

More critical for India is Pakistan’s status as China’s client state. Pakistan’s propaganda machinery has been busy concocting anti-India propaganda throughout the ongoing India-China border stand-off in eastern Ladakh to embarrass India and score points with China.[6] Although there is no material evidence to prove that these actions are carried out at China’s behest, there are suspicions of cooperation between Pakistani and Chinese state-backed hackers in cyberattacks directed against India after the abolition of Articles 370 and 35A.[7] In fact, the Long-Term Plan for China-Pakistan Economic Corridor identifies information and communications technology infrastructure development as a key area of bilateral cooperation, and the commercialisation of the 820-km long Rawalpindi-Khunjerab optical fibre network in February 2019, represents a successful outcome of the same.[8]

It is imperative, therefore, that India effectively prepares to counter the cyber threat from Pakistan. In recent years, India has strengthened its cybersecurity capabilities by creating institutions like the Defence Cyber Agency and putting in place policy frameworks like the National Cyber Security Policy of 2013. This has acted as an umbrella policy document that traces a plan for wholistic, cooperative and coordinated responses to address cybersecurity issues within the country.[9] It is now being recast as the National Cyber Security Strategy to take a proactive approach to cyber issues. Universities like the National Forensic Sciences University in Gujarat offer cyber forensics courses. And the National Critical Information Infrastructure Protection Centre has begun working with the public and private sectors to secure critical infrastructure from cyber threats.

It’s paying dividends. India has improved its ranking on the recently released Global Cybersecurity Index 2020, published by the UN’s International Telecommunication Union, by 37 places, from 47th position in 2018 to 10thposition – above China at 33 and Pakistan at 79.[10] [11]

Sameer Patil is Fellow, International Security Studies Programme, Gateway House.

Aditya Bhan is Assistant Professor, Economics, FLAME University.

This article was exclusively written for Gateway House: Indian Council on Global Relations. You can read more exclusive content here.

For interview requests with the author, or for permission to republish, please contact outreach@gatewayhouse.in.

© Copyright 2021 Gateway House: Indian Council on Global Relations. All rights reserved. Any unauthorized copying or reproduction is strictly prohibited.

References:

[1] https://blog.lumen.com/reverserat-reemerges-with-a-nightfury-new-campaign-and-new-developments-same-familiar-side-actor/

[2] https://blog.lumen.com/suspected-pakistani-actor-compromises-indian-power-company-with-new-reverserat/

[3] https://www.seqrite.com/blog/operation-honey-trap-apt36-targets-defense-organizations-in-india/

[4] http://moitt.gov.pk/SiteImage/Misc/files/National%20Cyber%20Security%20Policy%202021%20Final.pdf

[5] Prevention of Electronic Crimes Act 2016 – Cyber Crime Act Pakistan (lawsofpakistan.com)

[6] See Ladakh Standoff with China: How India Lost over 5000 sq. km? (pakistanperspectives.com), for instance.

[7] Increased Cyber Attacks on India Continue Amid Suspicions of Pak-China Collaboration (news18.com)

[8] China-Pakistan Cyber Security Cooperation – Pakistan Observer (pakobserver.net)

[9] See National Cyber Security Policy 2013: An Assessment | Manohar Parrikar Institute for Defence Studies and Analyses (idsa.in).

[10] https://www.itu.int/dms_pub/itu-d/opb/str/D-STR-GCI.01-2021-PDF-E.pdf

[11] https://www.itu.int/dms_pub/itu-d/opb/str/D-STR-GCI.01-2018-PDF-E.pdf

TAGGED UNDER: , , , , , ,