Possible widespread surveillance of sikhs, says blackberry report.
Cyber-espionage appears aimed at Sikh activists
A new report from BlackBerry details widespread international cybersurveillance and hacking by a mercenary group, some of which appears to have been directed at Sikh activists in Canada.
In the report released this week by Waterloo, Ont.based Blackberry, a shadowy cadre of hackers called BAHAMUT engages in a variety of cyber-espionage activities, ranging from malware to fraudulent smartphone applications and disinformation campaigns.
Eric Milam, the vice-president of research operations at Blackberry, explained the report ties together a variety of different espionage activities that researchers have looked into over the years — and pulls them all together to pin them on one entity.
“You see all these things from an attack perspective that really aren’t naturally together and wouldn’t make sense from a nation- state perspective,” Milam told the National Post in an interview. “This is obviously what we consider a hack- for- hire mercenary group,” he said.
“It’s all really around espionage.”
Much of BAHAMUT’S activity, Blackberry reports, involve disinformation campaigns against political activism, but also targets a wide range of international targets, reaching into the upper echelons of the Turkish ministry of foreign affairs, Saudi Aramco — the stateowned oil and gas firm — and multiple human rights NGOS and activists.
“Blackberry observed them focus narrowly on high- ranking government officials and titans of industry in India, the Emirates, and Saudi Arabia, as well as in more dragnet fashion on those who advocate for Sikh separatism or support human rights causes in the Middle East,” says the report.
Blackberry concludes the “lack of discernible pattern or unifying motive” means the group is likely a “hackfor- hire” mercenary group. Their network of activities include malicious apps in the Google Play store and Apple IOS store, fraudulent news websites and personas.
Much of its activities are concentrated in South Asia and the Middle East.
Compared to other hacking operations, BAHAMUT is distinguished in its “exceptional tradecraft” by building “original, painstakingly crafted websites, applications, and personas,” the report says.
“Across a dizzying array of industries and global cities, BAHAMUT fashions a convincing veneer of legitimacy” and “distorts consumers’ perception of reality,” the report says.
Milam explained these tactics mean BAHAMUT can receive information from users’ phones and computers. A password- saver app, for example, can communicate back password information. As well, even if BAHAMUT isn’t interested in what’s on your phone, that information could be used to get into other password-protected spaces, such as company portals.
“The main goal was really to target people, or people within an organization that they wanted to target, gather as much information about them as they could, gain access to the credentials that they need to maybe directly access portals or logins of the organization itself,” said Milam.
Phishing schemes are common, for example, said Milam. The progression towards offering phishing and hacking for hire are significant, he explained.
“It’s a really, really organized, well- thought- out, wellplanned threat actor,” said Milam. “Hack for hire I think is just going to continue to grow.”
One such organization being targeted was Sikhs for Justice, registered as a non- governmental organization in Canada and New York. BAHAMUT was behind a campaign against a 2020 referendum on the secession of the Punjab region from India that was organized by Sikhs for Justice.
A variety of websites and social media accounts were used to harvest information from those seeking information about the Sikhs for Justice campaign.
Jay Grewal, a director of Sikhs for Justice in Toronto, said this is an explicit attack on the rights of Canadians and the right to self determination and a disinformation campaign against them.
“We are Canadians, we are exercising our freedom of expression,” said Jay Grewal. “This foreign entity is targeting us ... yes, it is targeting Canadians.”
the main goal was really to target people.