Indian Cyber Warfare Discussion

The Military Issues & History Forum is a venue to discuss issues relating to the military aspects of the Indian Armed Forces, whether the past, present or future. We request members to kindly stay within the mandate of this forum and keep their exchanges of views, on a civilised level, however vehemently any disagreement may be felt. All feedback regarding forum usage may be sent to the moderators using the Feedback Form or by clicking the Report Post Icon in any objectionable post for proper action. Please note that the views expressed by the Members and Moderators on these discussion boards are that of the individuals only and do not reflect the official policy or view of the Bharat-Rakshak.com Website. Copyright Violation is strictly prohibited and may result in revocation of your posting rights - please read the FAQ for full details. Users must also abide by the Forum Guidelines at all times.
Post Reply
SaiK
BRF Oldie
Posts: 36424
Joined: 29 Oct 2003 12:31
Location: NowHere

Re: Indian Cyber Warfare Discussion

Post by SaiK »

Image
http://www.thehindu.com/news/article231 ... epage=true
How come no chinese in the victim map?
An unidentified Indian government agency was among those hacked into, over a period of two months starting September 2010, a global investigation of targeted intrusions or cyber attacks on governments, corporations and non-profits, by IT security firm McAfee reveals.
SSridhar
Forum Moderator
Posts: 25087
Joined: 05 May 2001 11:31
Location: Chennai

Re: Indian Cyber Warfare Discussion

Post by SSridhar »

ankitash wrote:indiandefence.com is the sister site of defence.pk
defenceforumindia.com OTOH is indic onlee
That explains a few things for me. Thanks.
SSridhar
Forum Moderator
Posts: 25087
Joined: 05 May 2001 11:31
Location: Chennai

Re: Indian Cyber Warfare Discussion

Post by SSridhar »

SaiK wrote:http://www.thehindu.com/news/article231 ... epage=true
An unidentified Indian government agency was among those hacked into, over a period of two months starting September 2010, a global investigation of targeted intrusions or cyber attacks on governments, corporations and non-profits, by IT security firm McAfee reveals.
During Commonwealth Games, there was a huge Chinese hacking.
SaiK
BRF Oldie
Posts: 36424
Joined: 29 Oct 2003 12:31
Location: NowHere

Re: Indian Cyber Warfare Discussion

Post by SaiK »

SSridhar wrote:
ankitash wrote:indiandefence.com is the sister site of defence.pk
defenceforumindia.com OTOH is indic onlee
That explains a few things for me. Thanks.
wow.. the pattern resembles how pakis and bedis run masan grocery stories named "patel brothers" franchise.
wig
BRF Oldie
Posts: 2162
Joined: 09 Feb 2009 16:58

Re: Indian Cyber Warfare Discussion

Post by wig »

meanwhile stuxnet has a new stealthy smart successor that sends data to a server in india. read about it in the telegraph of UK
http://www.telegraph.co.uk/technology/n ... firms.html

excerpts
But while Stuxnet was created to cause physical damage to Iran’s uranium enrichment facilities by surreptitiously adjusting machinery, Duqu is an intelligence-gathering tool.

The new virus’ precise targets have not been disclosed, but they include European firms that make the software that controls power stations and other industrial facilities. By infiltrating their computer networks, it aims to steal confidential information and potentially reveal vulnerabilities that could be exploited in later attacks.

Inside a target network Duqu seeks out sensitive documents and spies on network users’ activities, including the passwords they type into their keyboards. The information is then smuggled out, disguised as ordinary web picture traffic to circumvent security systems, to a “command and control” server located in India.

Analysis of Duqu has revealed it may have been in use since December last year. It is programmed to remove itself from infected systems after 36 days, so nobody can be sure how many firms have been targeted or how much confidential data stolen.
Manish_P
BRF Oldie
Posts: 5414
Joined: 25 Mar 2010 17:34

Re: Indian Cyber Warfare Discussion

Post by Manish_P »

Govt servers used for cyber attacks on China, other countries' networks
Investigators have unearthed a new and deadly pattern of cyber attacks in which Indian government servers have been used by foreign entities to target the computer networks of third countries.
"These attacks are mostly targeted against government networks of various countries," a source said, adding that the attacks were planned in such a way that investigators from the victim countries would believe that they were launched from Indian government servers. Investigators suspect foreign government entities, including intelligence agencies, have a hand in exploiting NIC servers. They say since the attacks were targeted against Chinese government servers too, there is no scope to blame China.
:?:
Even as this new angle to India's IT infrastructure security emerges, a turf battle is raging within the government about who should be protecting it. Sources said both the department of IT and the National Technical Research Organisation - the technical intelligence agency created after the Kargil conflict-had laid claims to being responsible for safeguarding India's IT infrastructure.
Ravi Karumanchiri
BRFite
Posts: 723
Joined: 19 Oct 2009 06:40
Location: www.ravikarumanchiri.com
Contact:

Re: Indian Cyber Warfare Discussion

Post by Ravi Karumanchiri »

U.S. Chamber of Commerce details ‘sophisticated’ 6-month hacking of its computers

Lesley Ciarula Taylor, Staff Reporter

Hackers in China spent at least six months inside the computers of the U.S. Chamber of Commerce and can still break in despite a massive security update, the lobby group said Wednesday.

The Chamber, which lobbies on behalf of almost all major U.S. corporations, described a “sophisticated” hacker attack.

“This was clearly somebody very sophisticated, who knew exactly who we are and who targeted specific people and used sophisticated tools to try to gather intelligence,” said David Chavern, chief operating office of the Chamber.

<SNIP>

&

China Hackers Hit U.S. Chamber
Attacks Breached Computer System of Business-Lobbying Group; Emails Stolen

By SIOBHAN GORMAN

A group of hackers in China breached the computer defenses of America's top business-lobbying group and gained access to everything stored on its systems, including information about its three million members, according to several people familiar with the matter.

<SNIP>
PratikDas
BRFite
Posts: 1927
Joined: 06 Feb 2009 07:46
Contact:

Re: Indian Cyber Warfare Discussion

Post by PratikDas »

wig wrote:meanwhile stuxnet has a new stealthy smart successor that sends data to a server in india. read about it in the telegraph of UK
http://www.telegraph.co.uk/technology/news/8836633/Stuxnet-based-cyber-espionage-virus-targets-European-firms.html
Not just India.
The attackers wiped every single server they had used as far back as 2009 – in India, Vietnam, Germany, the UK and so on. Nevertheless, despite the massive cleanup, we can shed some light on how the C&C network worked.
The Mystery of Duqu: Part Six (The Command and Control servers)
Bolasani
BRFite -Trainee
Posts: 50
Joined: 22 Sep 2005 10:43
Location: Hyderabad
Contact:

Re: Indian Cyber Warfare Discussion

Post by Bolasani »

Hacker Group claims to have hacked India’s military and intelligence servers
The hackers claim to have discovered Symantec’s source code in a hack they conducted on India’s military and intelligence servers. In their online post, the hackers said, “We have discovered within the Indian Spy Program source codes of a dozen software companies,” which the hackers said had signed agreements with an Indian defense program and India’s Central Bureau of Investigation.
They posted images of emails of the U.S.-CHINA ECONOMIC AND SECURITY REVIEW COMMISSION which were intercepted by India as proof of the hack.

Clicky
sum
BRF Oldie
Posts: 10195
Joined: 08 May 2007 17:04
Location: (IT-vity && DRDO) nagar

Re: Indian Cyber Warfare Discussion

Post by sum »

They posted images of emails of the U.S.-CHINA ECONOMIC AND SECURITY REVIEW COMMISSION which were intercepted by India as proof of the hack.
Does this mean India hacked Sino-US communications and this hacked data in turn got hacked by some outsiders? :-?
member_20067
BRFite
Posts: 627
Joined: 11 Aug 2016 06:14

Re: Indian Cyber Warfare Discussion

Post by member_20067 »

http://www.huffingtonpost.com/2012/01/0 ... 90673.html

Symantec Hack Exposes Antivirus Source Code
Symantec Corp, the top maker of security software, said hackers had exposed a chunk of its source code, which is essentially the blueprint for its products, potentially giving rivals some insight into the company's technology.

The developer of the popular Norton antivirus software said the hackers stole the code from a third party and that the company's own network had not been breached, nor had any customer information been affected.
Roperia
BRFite
Posts: 778
Joined: 11 Aug 2016 06:14

Re: Indian Cyber Warfare Discussion

Post by Roperia »

Bolasani wrote:Hacker Group claims to have hacked India’s military and intelligence servers
The hackers claim to have discovered Symantec’s source code in a hack they conducted on India’s military and intelligence servers. In their online post, the hackers said, “We have discovered within the Indian Spy Program source codes of a dozen software companies,” which the hackers said had signed agreements with an Indian defense program and India’s Central Bureau of Investigation.
They posted images of emails of the U.S.-CHINA ECONOMIC AND SECURITY REVIEW COMMISSION which were intercepted by India as proof of the hack.

Clicky
Indian Military Intelligence used Apple/Blackberry backdoors to spy on US-China: WikiLeaks

Source document attached below

Image

Image

Image

Image

Image
member_21708
BRFite
Posts: 284
Joined: 11 Aug 2016 06:14

Re: Indian Cyber Warfare Discussion

Post by member_21708 »

Arun Roperia wrote:Indian Military Intelligence used Apple/Blackberry backdoors to spy on US-China: WikiLeaks
This headline is present only at a pakistan defense site, do you have actual news link which talks about wikileaks confirming this and a link to it?
Roperia
BRFite
Posts: 778
Joined: 11 Aug 2016 06:14

Re: Indian Cyber Warfare Discussion

Post by Roperia »

Here is the link posted by WikiLeaks' twitter handle

https://imgur.com/a/8XoGf/noscript

It was posted some six hours ago (11th place from the top right now).
member_21708
BRFite
Posts: 284
Joined: 11 Aug 2016 06:14

Re: Indian Cyber Warfare Discussion

Post by member_21708 »

Arun Roperia wrote:Here is the link posted by WikiLeaks' twitter handle

https://imgur.com/a/8XoGf/noscript

It was posted some six hours ago (11th place from the top right now).
Thanks Arun
sum
BRF Oldie
Posts: 10195
Joined: 08 May 2007 17:04
Location: (IT-vity && DRDO) nagar

Re: Indian Cyber Warfare Discussion

Post by sum »

From the leaked MI document, it mentions that CBI and MI are jointing targetting PRC communications.

Since when did CBI start conducting external TECHINT?? What are RAW and NTRO doing then? :-? :-?
chaanakya
BRF Oldie
Posts: 9513
Joined: 09 Jan 2010 13:30

Re: Indian Cyber Warfare Discussion

Post by chaanakya »

Its fake. Plain and simple.
Sudip
BRFite
Posts: 378
Joined: 28 Oct 2008 05:42
Location: Paikhana

Re: Indian Cyber Warfare Discussion

Post by Sudip »

Leaked memo suggests India sought backdoor access from mobile device firms to spy on U.S.
An internal memo from India’s Military Intelligence that hackers have posted online suggests that manufacturers of mobile devices have provided “backdoor” access to the Indian government in exchange for access to the Indian market. The manufacturers, referred to collectively in the memo as “RINOA,” include RIM, Nokia, and Apple.

Indian blogger Manan Kakkar, who may have been the first to realize the implications of the memo, wrote late on Friday, “Earlier today I came across scans of a set of documents that are internal communications between the Indian Military. The documents claim the existence of a system known as RINOA SUR. While I did not find what SUR stands for but RINOA is RIM, NOkia and Apple. And this is where things start to get very interesting, according to the set of documents, the RINOA SUR platform was used to spy on the USCC—the US-China Economic and Security Review Commission.”

According to its website, “The U.S.-China Economic and Security Review Commission was created by the United States Congress in October 2000 with the legislative mandate to monitor, investigate, and submit to Congress an annual report on the national security implications of the bilateral trade and economic relationship between the United States and the People’s Republic of China, and to provide recommendations, where appropriate, to Congress for legislative and administrative action.”

The USCC has taken a particular interest in cybersecurity threats emanating from China, which may explain the Indian government’s interest in its deliberations. A story published by the India Times in October, for example, noted that “the bipartisan commission typically goes much further in publicly outlining perceived cyber threats to national security from Beijing than have U.S. administrations, which must deal with other issues on which China’s cooperation is critical.”

Kakkar also suggested a connection between the leaked memo and earlier reports of an attack on Symantec — the makers of Norton Antivirus — by a group of Indian hackers calling itself the Lords of Dharamraja.

A member of the group, known as Yama Tough, boasted at Google+ and Pastebin, “As of now we start sharing with all our brothers and followers information from the Indian Militaty (sic) Intelligence servers, so far we have discovered within the Indian Spy Programme (sic) source codes of a dozen software companies which have signed agreements with Indian TANCS programme and CBI.”
arunsrinivasan
BRFite
Posts: 353
Joined: 16 May 2009 15:24

Re: Indian Cyber Warfare Discussion

Post by arunsrinivasan »

^ for a change am happy to "see" our babooze actually try a chanakiyan strategy. Am sure there are more such events that we are not aware of ....
Craig Alpert
BRFite
Posts: 1440
Joined: 09 Oct 2009 17:36
Location: Behind Enemy Lines

Re: Indian Cyber Warfare Discussion

Post by Craig Alpert »

Fake letter blows lid off hackers’ espionage claim
NEW DELHI: A sensational claim by a hacker group -- that India was secretly granted access to the data networks of Apple, Nokia and Blackberry -- which triggered a formal US investigation, could be based on an elaborate hoax.

Hacker group 'Lords of Dharamraja' claimed that India was granted backdoor access for surveillance of Nokia, Apple and Blackberry phones, and Military Intelligence used it to access communications of a US-China commission.

To prove its claim, the group posted a six-page letter from the Directorate General of Military Intelligence (Foreign Division), which gave details of the information Indian intelligence had accessed from the US-China Economic and Security Review Commission (USCC).

Military and intelligence sources on Wednesday said the letter of the Foreign Division of DGMI was a fake. There was no such communication, nor was there a Colonel Ishwar Singh, who purportedly signed the letter, posted in the division, they said.

Sources also said the intelligence agencies had carried out an elaborate check of the six page letter, and concluded that it was a hoax that tried to mimic the military communication style such as fonts, formatting etc. But there were several dead giveaways in the letter that exposed the hoax.


The USCC, emails of which were part of the purported MI letter, has however ordered an inquiry, according to international media reports.

The six-page letter put up on the net by the hacker group Lords of Dharamraja claimed that the ministry of defence and the smart phone operators had signed an agreement by which Military Intelligence was granted backdoor access in return for these companies' continued presence in the Indian market. The letter said MI and CBI "have been conducting bilateral cellular and internet surveillance operations since April 2011".

Sources laughed off the claims. While CBI carries out federal criminal investigation and has no role in intelligence gathering, MI does not carry out any significant interception and surveillance work. Among military intelligence agencies, it is the tri-service Signal Intelligence which carries out such heavy duty interceptions. Otherwise, it is the Research and Analysis Wing and National Technical Research Organisation that does aggressive interceptions for India.

Lords of Dharamraja had also claimed that it had stolen the source code of Symantec's anti-virus system. "As of now, we start sharing with all our brothers and followers information from the Indian Military Intelligence servers, so far we have discovered within the Indian Spy Programme source codes of a dozen software companies which have signed agreements with Indian TANCS programme and CBI," the group said in a statement posted on a website called Pastebin.
Singha
BRF Oldie
Posts: 66601
Joined: 13 Aug 2004 19:42
Location: the grasshopper lies heavy

Re: Indian Cyber Warfare Discussion

Post by Singha »

unless the us-china group was holding a meeting in new delhi, how does lawful access to cellular network india (no different from that in many other countries incl khan) capture their memos?

SUR = surveillance
member_21708
BRFite
Posts: 284
Joined: 11 Aug 2016 06:14

Re: Indian Cyber Warfare Discussion

Post by member_21708 »

Fake Lords of Dharmaraja

A group of ‘Indian’ hackers calling themselves "The Lords of Dharmaraja" recently broke into government servers and released documents to show that New Delhi was running an elaborate hacking operation targeting US officials.

They made public, among other things, a memo supposedly written by India's Directorate General of Military Intelligence. The memo reveals mobile handset manufacturers, Apple, RIM, Nokia et al., creating a backdoor for Indian authorities to spy on their users.

Lords created a sensation; many rushed to club India with China as a cyber delinquent. ‘Forbes’ said the claims, if proved, were historic, as they would provide the first documented case of state-sponsored cyber espionage.

Several inconsistencies immediately surfaced, casting doubt on the claims. There are ten Indian security agencies with the power to launch technical surveillance. Military Intelligence is not one of them. The hackers also said they found Symantec source code in Indian government servers and made it public with much fanfare; the code turned out to be half-a-decade old, of only vintage value to any self-respecting hacker.

Security publication ‘Infosec’ published an interview with YamaTough, a spokesman of the Lords, who rambles through mutilated words. He says Lords attacked Indian government to force a pro-US tilt in the government!

Yama has a low opinion of Indian officials; after getting hacked they just traced the infected machines and changed passwords, which, however, continue to host the keylogging software inserted by hackers. According to him, Indian officials forward sensitive information to their free Yahoo mails for backups. Not exactly the nerdy kind running a sophisticated cyber espionage operation, as alleged earlier. If he is right, their incompetence may be their best defence.

FBI is probing the surveillance charge on the US officials; but the Lords’ credibility is eroding. More than serving any patriotic cause, it is clear that hackers were trying to embarrass India.


There is a good chance that they are not even Indian. Though it is hard to say where they come from, there are some leads. The Twitter profile picture of the Lords initially had a Tibetan rendering of the Indian God of Death. The MI memo is a likely but an excellent fake, which mimics the torturous language used by Indian babus. Hackers are not known for their love of English language and the fabrication of the memo suggests the involvement of larger, possibly other government agencies, hostile to the growing Indian and US relationship. The mystery is slowly unravelling and it is no longer India’s Wikileak moment as it was initially thought to be.

http://www.deccanherald.com/content/220 ... -blog.html
member_21708
BRFite
Posts: 284
Joined: 11 Aug 2016 06:14

Re: Indian Cyber Warfare Discussion

Post by member_21708 »

Symantec backtracks, admits own network hacked
Warns pcAnywhere users they face increased risk, confirms theft of source code of prominent consumer programs
By Gregg Keizer
January 17, 2012 04:06 PM ET

Computerworld - Symantec today backed away from earlier statements regarding the theft of source code of some of its flagship security products, now admitting that its own network was compromised.

In a statement provided to the Reuters news service, the security software giant acknowledged that hackers had broken into its network when they stole source code of some of the company's software.

Previously, Symantec had denied that its own network had been breached, and instead pointed fingers at an unnamed "third party entity" as the attack's victim. Evidence posted by a hacker nicknamed "Yama Tough" -- a self-proclaimed member of a gang calling itself "Lords of Dharmaraja" -- indicated that the information was obtained from a server operated by the Indian government.

Two weeks ago, Symantec spokesman Cris Paden said that the hacker made off with source code of Symantec Endpoint Protection 11.0 and Symantec Antivirus 10.2, enterprise products between five and six years old.

At the time, Paden downplayed the seriousness of the theft.

Today, however, Paden said that source code of Norton Antivirus Corporate Edition, Norton Internet Security, Norton Utilities, Norton GoBack and pcAnywhere, had been stolen.

Some of those -- Norton Internet Security and Norton Utilities -- are among Symantec's most prominent consumer-grade products.

Symantec missed one bullet, however.

Last Saturday, Yama Tough promised to release more than a gigabyte of the source code for Norton Antivirus -- the hacker did not specify which version -- but he said the group has since reconsidered.

"We've decided not to release code to the public until we get full of it," Yama Tough wrote on Twitter Monday. "1st we'll own evrthn we can by 0din' the sym code & pour mayhem."

In the message, "0din'" likely stands for "zero-daying," meaning attacks launched against unpatched vulnerabilities.

Also on Monday, Yama Tough claimed that he had some or all of the source code for pcAnywhere, a multi-platform remote access suite that Symantec sells.

"PCAnywhere code is being released to blackhat community for 0d expltin!," said Yama Tough, again on Twitter.

Paden confirmed Yama Tough's claim when he told Reuters that pcAnywhere users face "a slightly increased security risk" because of the hacker's activities.

"Symantec is currently in the process of reaching out to our pcAnywhere customers to make them aware of the situation and to provide remediation steps to maintain the protection of their devices and information," Paden said.

Paden did not reply to Computerworld's requests for comment on Symantec's revised statement.
http://www.computerworld.com/s/article/ ... ork_hacked
member_20067
BRFite
Posts: 627
Joined: 11 Aug 2016 06:14

Re: Indian Cyber Warfare Discussion

Post by member_20067 »

Bangladeshis hack 20,000 Indian websites :evil:
A Bangladeshi hacker group Tuesday claimed to have attacked 20,000 Indian websites, including that of the Border Security Force (BSF), after the alleged killing of Bangladeshis by Indian border guards.

The group calling itself 'Bangladesh Black HAT Hackers' wrote on its Facebook fan page: "India hacked our 400 sites in total, we hacked 20,000 sites in total since the war started."
http://gadgets.ndtv.com/shownews.aspx?i ... 0120194478
uddu
BRF Oldie
Posts: 2091
Joined: 15 Aug 2004 17:09

Re: Indian Cyber Warfare Discussion

Post by uddu »

^Propaganda by Jihadis
Pranav
BRF Oldie
Posts: 5280
Joined: 06 Apr 2009 13:23

Re: Indian Cyber Warfare Discussion

Post by Pranav »

x-post from Army thread
Chinese Grad Student Hacks Indian Military Research Firms

By THE NEW YORK TIMES
India’s military preparedness and the possibility of defense breaches has dominated the news after Army chief V.K.. Singh’s letter to Prime Minister Manmohan Singh surfaced recently calling India’s weapons “obsolete.”

Amid a raging debate about who should be blamed for leaking the letter, India’s cyber security is actually under attack, from a Chinese former graduate student who now works for Tencent, China’s leading internet portal company.

A report released Friday by Trend Micro, a computer security firm, “describes systematic attacks on at least 233 personal computers,” Nicole Perlroth writes in The New York Times. “The victims include Indian military research organizations and shipping companies; aerospace, energy and engineering companies in Japan; and at least 30 computer systems of Tibetan advocacy groups, according to both the report and interviews with experts connected to the research. The espionage has been going on for at least 10 months and is continuing, the report says.”

The e-mail “bait” the hackers used to get access to computers is chilling:

Each attack began, as is often the case, with an e-mail intended to lure victims into opening an attachment. Indian victims were sent an e-mail about India’s ballistic missile defense program. Tibetan advocates received e-mails about self-immolation or, in one case, a job opening at the Tibet Fund, a nonprofit based in New York City. After Japan’s earthquake and nuclear disaster, victims in Japan received an e-mail about radiation measurements.

Each e-mail contained an attachment that, when clicked, automatically created a backdoor from the victim’s computer to the attackers’ servers. To do this, the hackers exploited security holes in Microsoft Office and Adobe software. Almost immediately, they uploaded a directory of the victims’ machines to their servers. If the files looked enticing, hackers installed a remote-access tool, or rat, which gave them real-time control of their target’s machine. As long as a victim’s computer was connected to the Internet, attackers had the ability to record their keystrokes and passwords, grab screenshots and even crawl from that machine to other computers in the victim’s network.

Read the full article here.

http://india.blogs.nytimes.com/2012/03/ ... mode=print
Pranav
BRF Oldie
Posts: 5280
Joined: 06 Apr 2009 13:23

Re: Indian Cyber Warfare Discussion

Post by Pranav »

^^^ See the Trend Micro report http://www.trendmicro.com/cloud-content ... _redux.pdf . It is an outstanding piece of detective work. Wonder if DRDO has such capabilities.

BTW, it could be unsafe to open MS Office and PDF attachments if you don't have the latest Windows patches and Adobe Acrobat & Flash version.
Nihat
BRFite
Posts: 1330
Joined: 10 Dec 2008 13:35

Re: Indian Cyber Warfare Discussion

Post by Nihat »

India developing cyber defense program
New Delhi, May 4 (Xinhua-ANI): India is developing a cyber defense program aimed at protecting vital sectors like defense, railways and power, a top military scientist has said.
"The Defense Research and Development Organisation (DRDO) is developing an indigenous technology to ensure networking systems are safe and secure. It has completed 50 percent of the project to protect cyber network in the country from malware and hackers," DRDO Director KD Nayak was quoted by the local media as saying at a two-day seminar in the southern city of Bangalore.

The top scientist said that the remaining 50 percent of the project will be completed soon. (Xinhua-ANI)
wig
BRF Oldie
Posts: 2162
Joined: 09 Feb 2009 16:58

Re: Indian Cyber Warfare Discussion

Post by wig »

Flame: The world's most complex computer virus, possessing a range of complex espionage capabilities, including the ability to secretly record conversations, has been exposed.
http://www.telegraph.co.uk/news/worldne ... posed.html
Kaspersky Labs said the programme appeared to have been released five years ago and had infected machines in Iran, Israel, Sudan, Syria, Lebanon, Saudi Arabia and Egypt.
"If Flame went on undiscovered for five years, the only logical conclusion is that there are other operations ongoing that we don't know about," Roel Schouwenberg, a Kaspersky security senior researcher, said.
Professor Alan Woodward from the department of computing at the University of Surrey said the virus was extremely invasive. It could "vacuum up" information by copying keyboard strokes and the voices of people nearby.
"This wasn't written by some spotty teenager in his/her bedroom. It is large, complicated and dedicated to stealing data whilst remaining hidden for a long time," he said.
The virus contains about 20 times as much code as Stuxnet, which attacked an Iranian uranium enrichment facility, causing centrifuges to fail. Iran's output of uranium was suffered a severe blow as a result of the Stuxnet activities.
Mr Schouwenberg said there was evidence to suggest the code was commissioned by the same nation or nations that were behind Stuxnet and Duqu.
Iran's Computer Emergency Response Team said it was "a close relation" of Stuxnet, which has itself been linked to Duqu, another complicated information-stealing virus is believed to be the work of state intelligence.
It said organisations had been given software to detect and remove the newly-discovered virus at the beginning of May.
Crysys Lab, which analyses computer viruses at Budapest University. said the technical evidence for a link between Flame and Stuxnet or Duqu was inconclusive.
The newly-discovered virus does not spread itself automatically but only when hidden controllers allow it.
Unprecedented layers of software allow Flame to penetrate remote computer networks undetected.
The file, which infects Microsoft Windows computers, has five encryption algorithms, exotic data storage formats and the ability to steal documents, spy on computer users and more.
Components enable those behind it, who use a network of rapidly-shifting "command and control" servers to direct the virus, to turn microphone into listening devices, siphon off documents and log keystrokes.
Eugene Kaspersky, the founder of Kaspersky Lab, noted that "it took us 6 months to analyse Stuxnet. [This] is 20 times more complicated".
Once a machine is infected additional modules can be added to the system allowing the machine to undertake specific tracking projects.
Aaryan
BRFite
Posts: 180
Joined: 28 Sep 2009 00:01

Re: Indian Cyber Warfare Discussion

Post by Aaryan »

Some more Flame... :P :P

http://www.thehindu.com/todays-paper/tp ... 471007.ece
A Russian computer firm has discovered a new computer virus with unprecedented destructive potential that chiefly targets Iran and could be used as a “cyberweapon” by the West and Israel.

Iran appears to have been the main target of the attack and the announcement comes just a month after the Islamic Republic said it halted the spread of a data-deleting virus targeting computer servers in its oil sector.

Kaspersky said the virus was several times larger than the Stuxnet worm that was discovered in 2010 and targeted the Iranian nuclear programme, reportedly at the behest of Western or Israeli security agencies.
Shrinivasan
BRF Oldie
Posts: 2196
Joined: 20 Aug 2009 19:20
Location: Gateway Arch
Contact:

Re: Indian Cyber Warfare Discussion

Post by Shrinivasan »

Aaryan wrote:Some more Flame... :P :P

http://www.thehindu.com/todays-paper/tp ... 471007.ece
A Russian computer firm has discovered a new computer virus with unprecedented destructive potential that chiefly targets Iran and could be used as a “cyberweapon” by the West and Israel.

Iran appears to have been the main target of the attack and the announcement comes just a month after the Islamic Republic said it halted the spread of a data-deleting virus targeting computer servers in its oil sector.

Kaspersky said the virus was several times larger than the Stuxnet worm that was discovered in 2010 and targeted the Iranian nuclear programme, reportedly at the behest of Western or Israeli security agencies.
Russian computer firm, my foot... Kaspersky is all american as hot dogs... Anyway... It is Chindu licking its Commie masters boots...

Wonder how many instances of Flame was found in India...
Aaryan
BRFite
Posts: 180
Joined: 28 Sep 2009 00:01

Re: Indian Cyber Warfare Discussion

Post by Aaryan »

Flame explained
It’s pretty advanced – one of the most sophisticated [examples of] malware we’ve ever seen. Even its size – it’s over 20 megabytes if you sum up all the sizes of the modules that are part of the attacking toolkit. It’s very big compared to Stuxnet, which was just hundreds of kilobytes of code: it’s over 20 megabyes. And the Stuxnet analysis took us several months, so you can imagine that a full analysis of this threat may take us up to a year. So we think it is one of the most sophisticated malware [programs] out there.

It’s also quite unique in the way it steals information. It’s possible to steal different types of information with the help of this spyware tool. It can record audio if a microphone is attached to the infected system, it can do screen captures and transmit visual data. It can steal information from the input boxes when they are hidden behind asterisks, password fields; it can get information from there.Also it can scan for locally visible Bluetooth devices if there is a Bluetooth adapter attached to the local system.
chaanakya
BRF Oldie
Posts: 9513
Joined: 09 Jan 2010 13:30

Re: Indian Cyber Warfare Discussion

Post by chaanakya »

Just tracing some hacking attempts led to the following results.

Code: Select all

IP Information - 119.154.108.51
IP address:                     119.154.108.51
Reverse DNS:                    [No reverse DNS entry per is-dns01.ptcl.net.]
Reverse DNS authenticity:       [Unknown]
ASN:                            17557
ASN Name:                       PKTELECOM-AS-PK (Pakistan Telecommunication Company Limited)
IP range connectivity:          6
Registrar (per ASN):            APNIC
Country (per IP registrar):     PK [Pakistan]
Country Currency:               PKR [Pakistan Rupees]
Country IP Range:               [b]119.152.0.0 to 119.159.255.255[/b]
[b]Country fraud profile:          High[/b]
City (per outside source):      Islamabad, Islamabad
Country (per outside source):   PK [Pakistan]
Private (internal) IP?          No
IP address registrar:           whois.arin.net
Known Proxy?                    No
Link for WHOIS:                 [b]119.154.108.51[/b]
Hacking attempt originated from the last IP.
There is some china connection as well originating from Fujian with IP numbers starting from

27
243
244
112 ?
220

Just for info and be cautious.
Pranav
BRF Oldie
Posts: 5280
Joined: 06 Apr 2009 13:23

Re: Indian Cyber Warfare Discussion

Post by Pranav »

Shrinivasan wrote: Russian computer firm, my foot... Kaspersky is all american as hot dogs... Anyway... It is Chindu licking its Commie masters boots...
No ...
Kaspersky Lab is an international group that operates in more than 100 countries worldwide. The company’s headquarters are located in Moscow, Russia, from which it oversees global operations and business development.

http://www.kaspersky.com/about
Flame uses a man-in-the-middle vector that exploits the Windows update mechanism and a fake Microsoft certificate (http://www.f-secure.com/weblog/archives/00002377.html).

Shows how the only way to be secure for defense / government agencies is to use Linux. All updates should be manually examined in detail and compiled inside India by the GoI cyber-security team (which hopefully exists).
Raveen
BRFite
Posts: 841
Joined: 18 Jun 2008 00:51
Location: 1/2 way between the gutter and the stars
Contact:

Re: Indian Cyber Warfare Discussion

Post by Raveen »

Pranav wrote:
Shrinivasan wrote: Russian computer firm, my foot... Kaspersky is all american as hot dogs... Anyway... It is Chindu licking its Commie masters boots...
No ...
Kaspersky Lab is an international group that operates in more than 100 countries worldwide. The company’s headquarters are located in Moscow, Russia, from which it oversees global operations and business development.

http://www.kaspersky.com/about
Flame uses a man-in-the-middle vector that exploits the Windows update mechanism and a fake Microsoft certificate (http://www.f-secure.com/weblog/archives/00002377.html).

Shows how the only way to be secure for defense / government agencies is to use Linux. All updates should be manually examined in detail and compiled inside India by the GoI cyber-security team (which hopefully exists).
Yes, cause Linux doesn't have any security flaws and doesn't let you spoof a certificate #sarcasm

P.S. MSFT has stopped issuing certs using terminal, and is patching the hole. Zero day exploits exist for all software.
P.P.S. MSFT is one of op 10 contributors of code to Linux, FYI
Pranav
BRF Oldie
Posts: 5280
Joined: 06 Apr 2009 13:23

Re: Indian Cyber Warfare Discussion

Post by Pranav »

Raveen wrote:
Flame uses a man-in-the-middle vector that exploits the Windows update mechanism and a fake Microsoft certificate (http://www.f-secure.com/weblog/archives/00002377.html).

Shows how the only way to be secure for defense / government agencies is to use Linux. All updates should be manually examined in detail and compiled inside India by the GoI cyber-security team (which hopefully exists).
Yes, cause Linux doesn't have any security flaws and doesn't let you spoof a certificate #sarcasm
How are you going to do a man in the middle attack if I am issuing my own updates from my own server with my own certificates from my own certificate authority. All very possible for GoI. Source code for updates can be taken from a provider like Red Hat or Ubuntu, checked, compiled and then put up for distribution.

Obviously one has to assume that this attack had full support of corporate insiders in MS and elsewhere.
nmadhav
BRFite -Trainee
Posts: 19
Joined: 15 Apr 2009 20:32

Re: Indian Cyber Warfare Discussion

Post by nmadhav »

Not necessarily. If the certificate authority is hacked and the certificates stolen, the hackers can then use them to do a man in the middle attack. Since almost all the security is dependent on the integrity of the digital certificates, if they are compromised, in the short term the attacker can install all he wants without detection.Recently a certificate authority was hacked and Man in the Middle attack was performed on various sites including gmail.
https://www.eff.org/deeplinks/2011/09/p ... tar-attack
ArmenT
BR Mainsite Crew
Posts: 4239
Joined: 10 Sep 2007 05:57
Location: Loud, Proud, Ugly American

Re: Indian Cyber Warfare Discussion

Post by ArmenT »

Pranav wrote: Shows how the only way to be secure for defense / government agencies is to use Linux. All updates should be manually examined in detail and compiled inside India by the GoI cyber-security team (which hopefully exists).
:rotfl:
Most linux distros allow binary-only device drivers in the system. Lord only knows what people have put in there. And then there was an attempt to introduce a hole into the wait4() system call in the kernel code a few years ago. Luckily it was caught before too much damage was done, but who knows what else is lurking like this. Link to the hack attempt in case you guys are interested in the actual code inserted. Note that this person who inserted the code did it very cleverly, so that if the caller passes two special option values which are NOT documented as options to be used in the wait4()manual page, the call returns immediately an error code (EINVAL), but also upgrades the caller to root privileges. And the attacker put extra parens around the expression, so that the shady expression (using = instead of == in the if statement) would not cause the C compiler to issue a warning about the expression.

Also, how do you trust the C compiler that you're using to build your OS?? Maybe the backdoor is in there. You might wish to read Ken Thompson's speech called "Reflections on Trusting Trust", where he described a backdoor he'd put into UNIX a long time ago, which went undetected for years (Ken Thompson was one of UNIX's creators). What he'd done was modify the login program to allow anyone who knew a special password to log into the system, regardless of whether they had an account on the system or not. So you figure that you can recompile the login program from the C source code and it should be fixed, right? Well, he put a few lines of code into the C compiler so that it would recognize that it was compiling the login program and reinsert the backdoor into it. So now you figure you have to recompile the C compiler from sources. Well, he put some additional code into the C compiler so that it would recognize that it was compiling itself and reinsert the login backdoor code as well as the code to recognize it was compiling a C compiler back into it. Once he'd crocked the compiler's binary code, he removed the malicious source code from the C compiler and login program and recompiled everything so that the only traces of his hack were in the C compiler binary executable and the source code had no traces of his backdoor.

If you want an OS distro that doesn't allow binary only drivers into the kernel, look no further than http://www.openbsd.org/ :).
Post Reply