A Pakistan based cyber group has targeted Indian military personnel and has stolen 16 gigabytes worth of data that includes scanned pictures of passports, photo IDs, tax related information, salary slips and strategic and tactical documents related to the Indian Army from at least 160 Indian military officers, non-military attachés and consultants stationed across India and other parts of the world. The primary targets of the hackers are field officers in the Indian military, including officers of the rank of brigadiers, colonels, lieutenant colonels, majors and some lieutenants. Their computers were hacked after sending them emails with subject lines and texts that were familiar to them.
Trend Micro, a Tokyo headquartered security software company, has made this information public and has released photographs that show that photo IDs, tactical documents and passport copies of officials have been stolen by the cyber attackers. Trend Micro says that these attacks have originated from Pakistan.
These details, since they have been stolen, pose a big security risk as terrorist organisations can easily use them to infiltrate an Army installation, impersonate military personnel online and sell tactical plans to interested state and non-state buyers.
In one such case, the military attaché of a foreign country, assigned to India, received an email from what was shown as Defence Minister Manohar Parrikar on 26 January 2016. Once the unsuspecting officer opened the “pdf” file, his system got infected with a Trojan, which also infected the main server connected to the victim and took screenshots, recorded audio, stole files and logged the keys entered by the user. Trend Micro came across this cyber stealing while it was monitoring other targeted campaigns. What has come as a surprise to cyber security experts is that despite not being particularly sophisticated, these hackers were still able to get sensitive information from restricted sources within the Indian government.
Like most such cyber attackers, the perpetrators used emails as their point of entry and as per the investigation by Trend Micro, the attackers had a very good idea regarding what the individual targets were interested in and what “subject line” they were most likely to click on.
India’s Computer Emergency Response Team (CERT), a body under the Ministry of Communication and Technology, responsible for “enhancing India’s communication and information infrastructure through proactive action and effective collaboration”, seems to be oblivious of this cyber attack. CERT’s website, which is supposed to carry security bulletins every month, does not mention this attack. Its annual report too was last updated on the website in 2014. The security advisories issued by CERT available on its website were mostly confined to bugs in Microsoft products.