From across the border, a new cyber threat
Besides the older and persistent threat of cross-border terrorism, Pakistan now poses another serious threat to India’s security interests — there have been multiple cyberattacks from Pakistan-based hacker groups, targeting India’s critical infrastructure and government servers. These attacks eclipse the earlier “nuisance value” acts of vandalising Indian websites. The new attacks demonstrate a step-up of Pakistan’s cyber capabilities and work concurrently with its persistent antiIndia cyber disinformation campaigns such as those pertaining to Kashmir and Indian interests in Afghanistan.
In early August, the United States-based cyber security firm, Black Lotus Labs, reported that a Pakistan-origin malware, ReverseRat 2.0 targeted Indian government officials by sending a forged invite for a United Nations meeting on organised crime with a Microsoft Teams link. Its impact is still not known. ReverseRat 2.0 can breach the device of its intended victims, and the malware can remotely click photographs via its webcams, even retrieve files from USB devices plugged into the infected device. According to Black Lotus Labs, this is an advanced version of Pakistan’s earlier malware ReverseRat, detected just two months prior in June, targeting India’s power sector and government departments.
India has been on the radar of Pakistani hackers for some time. In 2020, security researchers from the Ireland-based Malwarebytes Labs cyber security firm noticed attempts from a hacking group, APT36, a Pakistani State-sponsored malicious actor, to infiltrate Indian government, diplomatic and military networks, and honey trap defence personnel for stealing sensitive data related to Pakistani military and diplomatic interests. Its modus operandi involved spear phishing emails with a malicious link, purportedly from the Indian government. The group has been active since 2016, indicating its long cyber espionage campaign.
Pakistan’s recent anti-India cyber activity must be viewed in the backdrop of its new Cyber Security Policy 2021, which seeks to position the country as an important participant in the global conversation on cyber security. While the new policy does not explicitly mention the pursuit of cyber offensive capabilities for pre-emptive use, it does display more teeth in its messaging to Pakistan’s potential adversaries than the earlier Prevention of Electronic Crimes Act, 2016.
Whereas the 2016 Act’s stated objective was to control the escalation of cyber offences in Pakistan and transgressions related to information systems, the most significant assertion in the recent law is that any cyberattack on a Pakistani establishment will hereafter be treated as an assault on Pakistan’s sovereignty and invite suitable retaliation. Unsurprisingly, the document has no clarity on the nature of retaliation, and whether it will be implemented using cyber offensive campaigns or more conventional methods. From India’s perspective, it is more likely that the actual objective of this vagueness is to grant Pakistan flexibility and unpredictability in its actions.
Although Pakistani hacking activities against India lack the sophistication of Chinese state-sponsored hacking groups, it is compensated for by the tenacity of the welldesigned and catchy propaganda unleashed by the Inter-Services Public Relations of the Pakistani Army, such as in the aftermath of the August 2019 abrogation of Article 370 and bifurcation of India’s erstwhile state of Jammu and Kashmir. For this, it utilised fake profiles, cyber trolls, journalists, and Pakistani diplomats, focussing on themes such as alleged human rights violations by Indian security forces in the Kashmir Valley, the plight of ordinary Kashmiris and scaremongering on the possibility of an IndiaPakistan nuclear war. This propaganda gained temporary traction with viral posts and trending Twitter hashtags, but it failed to cause any significant dent in India’s global image.
More critical for India is Pakistan’s status as China’s client State. Pakistan’s propaganda machinery has been busy concocting anti-India propaganda throughout the ongoing India-China border standoff in eastern Ladakh to embarrass India and score brownie points with China. Although there is no material evidence to prove that these actions are carried out at China’s behest, there are suspicions of cooperation between Pakistani and Chinese state-backed hackers in cyberattacks directed against India after the abolition of Articles 370 and 35A. In fact, the Long-Term Plan for the China-Pakistan Economic Corridor identifies information and communications technology infrastructure development as a key area of bilateral cooperation, and while that sounds innocuous enough, don’t rule out collaboration between their deep States for the misuse of technology for geopolitical ends.
It is imperative, therefore, that India prepare to effectively counter the cyber threat from Pakistan. In recent years, India has strengthened its cyber security capabilities by creating institutions such as the Defence Cyber Agency and putting in place policy frameworks like the National Cyber Security Policy of 2013. This has acted as an umbrella policy document that traces a plan for holistic, cooperative and coordinated responses to address cyber security issues within the country. It is now being recast as the National Cyber Security Strategy to take a proactive approach to cyber issues. Universities like the National Forensic Sciences University in Gujarat offer cyber forensics courses. And the National Critical Information Infrastructure Protection Centre has begun working with the public and private sectors to secure critical infrastructure from cyber threats. India will need to be on its guard.
Aditya Bhan is assistant professor, FLAME University Sameer Patil is a fellow for International Security Studies Programme, Gateway House The article is written under the aegis of The Gateway House-FLAME Policy Lab at FLAME University, Pune The views expressed are personal