India and Pakistan tensions go online

Recorded Future's new report shows the cold war between India and Pakistan has been turning hot in cyber-space.

India and Pakistan tensions go online
India and Pakistan tensions go online

The tepid war between India and Pakistan has moved online, according to a new report by Recorded Future, which has noticed a strong correlation between diplomatic flare ups and cyber-attacks between the two geopolitical rivals. 

The report notes, “The continuing rivalry between India and Pakistan has spilled over into cyber-space, very visibly with hacktivism.” And it notes how “high-profile events and anniversaries often coincide with increased cyber activity”.

One such example started in August 2015, when the Kerala Eco Tourism park in southern India was attacked by Pakistani hackers. In response, the Indian Cyber Pirates, Indian Black Hats and the Mallu Cyber Soldiers attacked 120 Pakistani websites in a revenge attack. 

Similar revenge attacks were seen after the Mumbai terrorist attacks and again after the recent Pathankot terror attack.

Singled out for blame are the PCA, or Pakistan Cyber Army, an active group of nationalist hacktivists with India in their crosshairs. Among the group's favourite targets have been large Indian energy companies, local state governments, transport infrastructure and even law enforcement agencies.

The group has plainly proclaimed its intentions in a statement  released on Pastebin, dated July 2013. The group writes in misspelled English: “This is first public announcement for largest Pakistan independence day operation. we are legion of Pakistani and international independence warriors. we want the hacker world, especially in ###### India to know that warriors are planning spesial independence day part on India and Indian hackers. This party will be for Pakistan and kashmir independence. This will be largest Pakistani cyber attack on Indian hackers and industrys”.

The group is one of the most prominent and active against Indian organisations, continuing the cold interstate conflict online.

Independence days provide high incidences of cyber-attacks with by far the largest spikes in malicious cyber-activity between the countries happening on 14 and 15 August each year. These independence days, the report notes, “create a predictable pattern (at least over the past three years) of attacks and retaliatory strikes by the opposing hacker groups”, adding: “An uptick in such activity before and after this year's independence days shouldn't come as a surprise.”

The British left India in 1947, granting the ‘Jewel of The Empire' independence after nearly 200 years of colonial rule. The independence forces were soon confronted with another political rift within the country, Muslim independence from India.

The same year India was granted independence from the empire, Pakistan too was granted independence from India. But partition was not clean - the actual borders of this new country and that old country were never agreed to the satisfaction of either state. Several regions including Kashmir remained in contest. After several shooting wars and the simmering threat of nuclear conflict, significant tensions remain between the two countries.

One of the principal arenas of the countries' rivalries has been on the cricket green - on the stands and now in cyber-space. Recorded Future note in the report that cyber-attacks between the two countries spike on days when Indian and Pakistani cricket teams compete.

On such example happened in March 2014 when Pakistan defeated India in the Asia cup, and cyber-attacks between the two countries spiked significantly. Recorded Future expects more to come this March when India play Pakistan in Dharamsala.

While the conflict could be considered as much cultural and social as it is geopolitical, Ewan Lawson, a cyber-warfare expert at the Royal United Services Institute (RUSI) suspects a realpolitik component here. He told SCMagazineUK.com he was “not hugely surprised” on reading the report. 

The conscription of hacktivists to carry out the goals of the government is nothing new. The most famous wielder of this particular weapon is, of course, Russia. During the 2008 South Ossetia war in Georgia, “the (Russian) state supplied tools and techniques to hacktivists and encouraged them to attack Georgian web infrastructure”, ending ultimately in the personal website of the Georgian president being defaced with pictures of Hitler.

Pakistan's Inter-Services Intelligence (ISI) agency's influence within and without Pakistan is something of a global open secret. This is plainly evidenced, says Lawson, by the fact that “every time they are unhappy with a civilian government there's a coup organised”.  It is no surprise then, that the ISI might employ hacktivists to attack India over the internet.

Even though these don't really show the signs of a typical APT, like theft of information or direct action, these attacks have great propaganda value: “I think in a lot of cases the effects desired are as much psychological as they are about direct damage, or theft of data, or disruption to services,” Lawson said. 

A 2014 attack on an unidentified German steel mill, is just such an example. In the following investigation, Havex malware was found, a favourite of a group suspected of having strong ties with the Russian government. Lawson suspects this may have been an implicit warning to Germany whose relations with Russia have soured over various sanctions placed against the Putin government.

Though Russia is famous for employing this kind of tactic, Lawson says, “It's always good to see it in another part of the world because it broadens the sense that this is a global challenge now.” 

Sign up to our newsletters