Pakistani cyber security firm Tranchulas has reportedly been stealing information from the Indian government and defence establishments, reports ET Tech. The information came to light through a two year investigation by the US-based IT security firm FireEye.
According to FireEye, Tranchulas, which claims to have helped the Pakistani government prepare for cyber warfare, sent emails to Indian government officials containing malicious code. The firm used terms like ‘Salary hike for government employees’, Devyani Khobragade’, and Sarabjit Singh’ in the subject line to entice government officials to open these mails. On opening the attachment, a malware would infect the computers and collect data and send it back to the attackers. FireEye mentions that the firm used VPSNOC, a Pakistan-based virtual private server service provider, which leased US hosting services to target Indian establishments exclusively.
The malware has been active since early 2013 with the name of a Tranchulas employee, Umair Aziz, mentioned in its code, said FireEye. The firm mentioned it confronted Tranchulas over the issue in July 2013, post which it claims that different variants of the malware with modified names have surfaced.
FireEye claims that the cyber attacks by the Pakistani firm were still active, however, the Indian government denied any knowledge of this. The Indian government states that it has seen cases of website hacking, but only websites that hold publicly known data. The government also acknowledged that it had seen many attacks targeting government and defence establishments, but mentioned it is ‘very hard to ascertain the actual source’.
Consequences: While the Indian Government claims that only public data has been collected, it should be noted that malware infecting computers typically has as much privilege as the user and can usually access whatever data the user can. As such, if these computers indeed have ‘sensitive’ information, it may well have been stolen. The only real way to protect oneself from malware infection stealing data is to prevent a malware infection in the first place.
Gemalto saga: Last month, SIM card provider Gemalto had admitted that the hacking operation by the NSA and GCHQ did happen between 2010 and 2011. According to the company, India was among the nine countries where mobile operators were targeted. The hacking of Gemalto’s internal network by American and British was based on documents provided by whistleblower Edward Snowden.
NSA snooping: In June last year, we had reported that India may be working with the NSA to intercept email, chat, VPN data, VoIP and voice call records among others. This was also based on documents that were released by Edward Snowden. According to these documents, India is an “Approved SIGINT partner” with the NSA.
Another document leaked by Snowden showed that the Indian embassy in US was also monitored. The NSA used implants (sensors and recording devices), screen grabs, created images of disks and used ‘data from magnetic emanations’ to carry out the monitoring.