India-Pakistan rivalry has spilled over into cyberspace through hacktivism and even “state-sponsored” attacks with popular Indian websites more prone to such strikes during high-profile events like cricket matches and Independence Day, a CIA-backed threat intelligence company has said. Analyzing patterns of cyber-attacks around several events like Independence Day, 26/11 and cricket matches, Boston-based Recorded Future in its report suggested many possible motivations and objectives of the cyber activities between India and Pakistan, ranging from loosely- affiliated hacktivist groups defacing symbols and institutions to more coordinated state-sponsored attacks.
“These are nationalistic hacker groups,” Nagraj Seshadri, co-author of the report ‘Hactivisk: India vs Pakistan’, told after the release of the study yesterday, which he said, is based on information extracted from the public domain. “The objective mostly is public embarrassment. If there is a big event, or if there is a big anniversary in the physical world or geo-political context, it is important to be vigilant on the cyber context and be prepared as well when it comes to websites or other cyber assets,” Seshadri said.
According to the report, India and Pakistan’s Independence Days, which fall on August 15 and August 14 respectively, create a predictable pattern (at least over the past three years) of attacks and retaliatory strikes by the opposing hacker groups. An uptick in such activity before and after this year’s Independence Day should not come as a surprise, the report said. Taking a closer look at the activities of the Pakistan Cyber Army (PCA), the report said it has been consistently active at least since the 2007 hacking, defacing and shutting down high-profile Indian websites.
Government and private sites have been targeted by PCA including Indian Oil and Natural Gas Corporation (a Fortune 500 company), Indian Railways, the Central Bureau of Investigation, Central Bank of India, and the State Government of Kerala. In fact, investigations by Recorded Future found that PCA has been publicly posting tutorials on some of its social network groups including Facebook on how to hack or deface an Indian website.
“When we investigate the PCA’s TTPs (tactics, techniques, and procedures) to learn how they operate, we find examples like tutorials on how to set up phishing attacks as shown in this Facebook post,” the report said as it showed a snapshot of the Facebook page. “In some instances the hackers chose to identify themselves for example, the hacker behind India’s Kerala state website defacement in September 2015 identified himself as ‘Faisal 1337’. But this is rare,” it said.