Even before Pakistan Tehreek-e-Insaf chairman Imran Khan declared victory, allegations of the Pakistanis all-powerful military and the Inter-Services Intelligence (ISI) backing him were doing the rounds. In fact, it was revealed that some Pakistan-based actors involved in an online and offline surveillance of Indian military personnel and diplomats in 2016 targeted civil rights groups and rival political parties during the July general elections.
Even before Pakistan Tehreek-e-Insaf chairman Imran Khan declared victory, allegations of the Pakistanis all-powerful military and the Inter-Services Intelligence (ISI) backing him were doing the rounds. In fact, it was revealed that some Pakistan-based actors involved in an online and offline surveillance of Indian military personnel and diplomats in 2016 targeted civil rights groups and rival political parties during the July general elections.
While the Pakistan elections were keenly followed by the worldwide intelligence community, Indian sleuths were looking for a particular pattern in techniques used by Pakistanis in surveillance of civil rights groups and rival political parties.
Understanding these techniques, the Indian intelligence community hopes, could help thwart a similar attempt by the ISI to interfere in India's general elections next year.
As Pakistan prepared for general elections and a caretaker government took charge, the ISI went full throttle to protect its interests. Amnesty International and US-based mobile security firm Lookout exposed intelligence infrastructure used to target Pakistani political and civil rights groups.
The Indian Intel community was, however, more interested in gathering more evidence on compromised and functional entities which may have been active in India. Sources familiar with this operation in India have confirmed that at least, two high-value active ISI assets were identified in the process and where tracked successfully. Sources believe that the ISI might use the same infrastructure to interfere in the 2019 Lok Sabha elections and hence "information collected during this period is going to be very crucial for Indian interests".
In March 2016, Japanese cyber security and defence company Trend Micro published a report called Op C Major, which revealed that a Pakistan-based actor was targeting Indian military and diplomatic targets using a combination of Android and Windows-based malware to conduct a long-running and successful surveillance campaign against Indian diplomats and military personnel.
Around same time, US-based cybersecurity firm Proofpoint came out with a similar report named Operation Transparent Tribe, which uncovered evidence of an advanced persistent threat (APT) against Indian diplomatic and military resources. The threat, which initially appeared to be a relatively small email campaign sent to Indian embassies in Saudi Arabia and Kazakhstan, eventually turned out be connected to watering hole sites targeting Indian military personnel as well as other campaigns designed to drop a remote access Trojan". According to both the reports, the roots of these campaigns were traced to Pakistan.
Fast forward to Shakacon X IT Security Conference in Honolulu in July 2018, where speakers and attendees from around the globe gathered to exchange latest trends on global cybersecurity and cyberwarfare. In a presentation made by Andrew Blaich and Michael Flossman, who represented Lookout, it was claimed that the same Pakistani actors who were involved in the 2016 operations against foreign diplomats and military personnel were targeting Pakistani civil leaders. The report, which was published earlier on May 15, was named Stealth Mango and Tangelo: Nation state mobile surveillanceware stealing data from military & government officials.
On same day, Amnesty International also published a report revealing how attackers were using fake online identities and social media profiles to ensnare Pakistani human rights defenders online and mark them out for surveillance and cybercrime.
At Shakacon, Blaich and Flossman said, We have analysed over 15 gigabytes of data taken from compromised devices, the majority of which is information that would be relevant to a nation state actor (in Pakistan) performing espionage activities. The compromised data included letters and internal government communications, travel information, pictures of IDs and passports, GPS coordinates of pictures and devices etc.
The Lookout team also claimed that the group or individuals are believed to belong to the Pakistani military and there were enough indications that they were related to Op C Major and Transparent Tribe, which showed how they targeted Indian diplomats and military personnel.
While the Pakistan elections were keenly followed by the worldwide intelligence community, Indian sleuths were looking for a particular pattern in techniques used by Pakistanis in surveillance of civil rights groups and rival political parties.
Understanding these techniques, the Indian intelligence community hopes, could help thwart a similar attempt by the ISI to interfere in India's general elections next year.
As Pakistan prepared for general elections and a caretaker government took charge, the ISI went full throttle to protect its interests. Amnesty International and US-based mobile security firm Lookout exposed intelligence infrastructure used to target Pakistani political and civil rights groups.
The Indian Intel community was, however, more interested in gathering more evidence on compromised and functional entities which may have been active in India. Sources familiar with this operation in India have confirmed that at least, two high-value active ISI assets were identified in the process and where tracked successfully. Sources believe that the ISI might use the same infrastructure to interfere in the 2019 Lok Sabha elections and hence "information collected during this period is going to be very crucial for Indian interests".
In March 2016, Japanese cyber security and defence company Trend Micro published a report called Op C Major, which revealed that a Pakistan-based actor was targeting Indian military and diplomatic targets using a combination of Android and Windows-based malware to conduct a long-running and successful surveillance campaign against Indian diplomats and military personnel.
Around same time, US-based cybersecurity firm Proofpoint came out with a similar report named Operation Transparent Tribe, which uncovered evidence of an advanced persistent threat (APT) against Indian diplomatic and military resources. The threat, which initially appeared to be a relatively small email campaign sent to Indian embassies in Saudi Arabia and Kazakhstan, eventually turned out be connected to watering hole sites targeting Indian military personnel as well as other campaigns designed to drop a remote access Trojan". According to both the reports, the roots of these campaigns were traced to Pakistan.
Fast forward to Shakacon X IT Security Conference in Honolulu in July 2018, where speakers and attendees from around the globe gathered to exchange latest trends on global cybersecurity and cyberwarfare. In a presentation made by Andrew Blaich and Michael Flossman, who represented Lookout, it was claimed that the same Pakistani actors who were involved in the 2016 operations against foreign diplomats and military personnel were targeting Pakistani civil leaders. The report, which was published earlier on May 15, was named Stealth Mango and Tangelo: Nation state mobile surveillanceware stealing data from military & government officials.
On same day, Amnesty International also published a report revealing how attackers were using fake online identities and social media profiles to ensnare Pakistani human rights defenders online and mark them out for surveillance and cybercrime.
At Shakacon, Blaich and Flossman said, We have analysed over 15 gigabytes of data taken from compromised devices, the majority of which is information that would be relevant to a nation state actor (in Pakistan) performing espionage activities. The compromised data included letters and internal government communications, travel information, pictures of IDs and passports, GPS coordinates of pictures and devices etc.
The Lookout team also claimed that the group or individuals are believed to belong to the Pakistani military and there were enough indications that they were related to Op C Major and Transparent Tribe, which showed how they targeted Indian diplomats and military personnel.