Warmongers, rejoice. The war is on and how. Those who were relieved that there was no cross border firing during Independence Day week, might be surprised. India and Pakistan are fighting a silent war in cyberspace. In the last one week, hacker groups from the two countries have defaced thousands of websites, sent trojans (viruses) to government-operated 'safe' networks, and planted spyware in the bureaucracy's email servers.
According to cyber experts, more than a thousand websites were hacked into and defaced on August 14 and 15, when Pakistan and India celebrated their Independence Days respectively. The day came as a nightmare for some website owners from the two nations. Pakistani hackers were the first to strike on August 14, when they defaced Indian sites. Indians returned fire the next day.
Hackers from both nations hacked into rival websites and posted flags of their countries. Two Pakistani groups, the Pak Cyber Army and PakHaxors took the lead. As per zone-H data, these groups have defaced around 10 to 20 websites. The counter attack from the Indian side was led by Indishell and Indian Cyber Army, who claim to have defaced 1,226 Pakistani websites.
In retaliation, the Pakistani hackers intensified the volume and nature of the attack, resulting in the hacking of the official website of UB group chairman and Rajya Sabha MP Dr Vijay Mallya.
"This is a payback from Pak Cyber Army for the defacement of Pakistani sites! You are playing with fire! This is not a game, kids. We are warning you one last time, don't think that you are secure in this Cyber Space. We will turn your Cyber Space into Hell," the hacked site read.
The Pakistan Cyber Army alleged that HMG, a group of Indian web hackers, had hacked Pakistan's official and important websites in the past. Since 2007, the Pakistan Cyber Army has hacked into several sites, including Oil and Natural Gas Corporation Ltd. Statistics from the Computer Emergency Response Team, an official Indian government organisation that looks into computer security in the country, reveals that more than 4,300 Indian websites have been hacked between January and June 2010.

National days are favourite dates

Cyber crime experts say days of historic importance are a favourite with hackers. "There has been a sudden increase in the number of attacks this week, and the reason could not have been anything other than I-Day. Even the message posted by hackers from both countries carried a tone of jingoism and hatred. Now, hackers have begun expressing their rage on 7/11 and 26/11 too. Zone-H site, where hackers post hacked website screenshots, shows more than 1,000 websites," says cyber crime expert Sunny Vaghela, who assists security agencies in solving cyber crime cases.

What differentiates the cyber war between India and Pakistan from that played out in other countries is the intent. "Elsewhere, attackers may try to steal data or acquire complete control over the infected system and its network. But in the case of India and Pakistan, it's more a display of power and skills. Most of these hackers are young, between 17 and 22, all school and college students," says ethical hacker Ankit Fadia.

In the West, hackers use botnets (groups of computers they have infected with malicious software) to launch an attack. India may not face this grave a problem yet, but it's not long before we could see a high-intensity attack on a website or network that controls economy, transport and communication," says Himanshu Tiwari, cyber crime expert with New Delhi Cyber Cell in Gurgaon. If someone hacks into the system controlling railway crossings, for instance, it's a disaster waiting to unfold. That's reason enough for ordinary Indians to wake up to vulnerability. But at the moment, nobody seems to care much.
According to Fadia's findings, Pakistani hackers are younger and often better than Indians, since the number of websites defaced by them are larger in number. Several of them are based out of Pakistan, but their IP addresses vary from Cardiff in the UK to Texas in the US. Pakistani hackers differ from the Chinese, in that the Chinese hacker works like a spy and enters your computer without letting you know he is monitoring your every move. China has been bombarding Western networks, especially in the UK, for the last 10 years.

What's the modus operandi?

The typical route that hackers take is to attack a shopping website from where they can steal credit card details, following which they buy 'play tune' coupons from the iTunes website. The coupon contains secret codes, using which they can buy songs and movies off the site. Hackers usually sell tickets online in countries where direct iTunes purchase is not available. While selling them, they dish out fake Paypal account details, which they operate using proxy servers of foreign countries, so that they don't get tracked easily, explains Tiwari. And the most crucial skill of the hacker is his ability to cover his tracks.

More VIPs in queue

It's not just Mallya who is on the hacking radar. Since August 15, hackers from both countries have launched mass website defacements resulting in the hacking of Prime Minister Dr Manmohan Singh's website (www.manmohansingh.org) too. All websites of the Rajasthan Government were hacked into by Pakistanis on August 19, 2010, thanks to a loophole in their state transport website that shares a server with other sites, leaving it vulnerable.
"Pakistani hackers enjoy showing off their might, so they go for sites that get decent traffic. Hacking government websites or those belonging to VIPs is the best way to flaunt their prowess," says Vaghela, who reported the matter to the Rajasthan Government.

Type of attack

What's a DDOS attack?

A Distributed Denial-of-Service (DDOS) attack commands other computers to bombard a particular website with requests for data, causing the site to hang. The flood of incoming messages to the target system forces it to shut down, thereby denying service to legitimate users of the system.

A hacker begins a DDOS attack by exploiting a vulnerability in one computer system and making it the DDOS 'master'. It is from this master system that the intruder identifies and communicates with other systems that can be compromised. The intruder loads cracking tools available on the Internet on multiple compromised systems. With a single command, he can instruct the controlled machines to launch one of many flood attacks against a specified target.


Estonia suffered it

In 2007, a group of Russian hackers launched a DDOS attack on Estonia, bringing government, banking and media networks to a halt. ATM machines went dead, and traffic lights didn't work, leading to total chaos.

Active Pakistani hackers community

>Pak Cyber Army

>PakHaxors

>G-Force

>Anti-India Crew (AIC)

India is represented by

>ICW (Indian Cyber warriors)

>ICA (Indian Cyber Army)

>HMG (Hindu Militant Group)

>Indishell

Who was targetted?

>Indian Prime Minister Dr Manmohan Singh

>UB Group Chairman and Rajya Sabha MP Dr Vijay Mallya

>Sadooq Rizvi, Managing Director of Biggdigital (.com), a Bandra-based search marketing service. His site was hacked by a Pakistan-based group that called itself PAKISTANI HACKERS PREDATORS PK

>On July 9, the Mumbai police server cybercellmumbai (.com) was hacked by a Pakistan-based group calling itself Mafia Boyz

cyber war against hackers!

The Indian government is set to launch a severe counter offensive after it faced several attacks on its computer systems especially from the Chinese hackers. The government is now planning to build a network of ethical hackers to spy on the classified data of hostile nations by hacking into their computer systems, according to a report .Information Technology professionals and ethical hackers hired for the purpose will be protected by law, according to the government India has to step up on its cyber offensive to match Chinese and Pakistani hackers breaching Indian cyber networks, Ankit Fadia, India's youngest and first certified ethical hacker had told PTI in May. "The Indian intelligence and military agencies regularly use Indian hackers to carry out counter offensives. However, the quantum of such work being carried out here is a lot less than it is in countries such as China and Pakistan," Fadia said.The government plans to use their technical expertise to plan offensive against spies and block strikes by breaching the security walls of enemy systems, says the report. Cyber experts have been suggesting the need to employ hackers to safeguard India's networks and ensure that the nation's systems are foolproof. They have also pointed out the lack of infrastructure in India to fight cyber crime and cyber terrorism. In April 2010, a cyber group based in China had hacked into India's computer systems to steal sensitive documents from the India Defence Ministry.A new report called 'Shadow in the Clouds' by Canadian and American researchers -- based at the Munk School of Global Affairs at the University of Toronto -- has said that a spy operation called 'Shadow Network' based in China has tapped into top secret files of the Indian government. In the investigations conducted over eight months, the report claimed that systematic cyber espionage was carried out from servers located in China that 'compromised' government, business, academic and other computer network systems in India. The National Technical Research Organisation (NTRO) along with Defence Intelligence Agency (DIA) will be in charge of the cyber-offensive capabilities, says the report. Set up in 2004, the NTRO is a premier apex scientific organization under the National Security Advisor in the Prime Minister's Office.The NTRO acts as an agency for providing technical intelligence to other agencies on internal and external security. The agency is under the control of India's external intelligence agency, Research and Analysis Wing. Under the Indian IT Act, hacking is a punishable offence with imprisonment up to three years, or calls for a penalty of upto Rs 2 lakh, or both. The government will make sure that the IT professional are protected by the law as the work involves ethical hacking. With mounting instances of cyber attacks and espionage, several governments have already formulated an infrastructure to combat this menace.


Cyber threats continue to haunt Internet users across the world. The bad news is that this will continue to wreak havoc taking new forms and approaches. As long as humans are programming computer code, flaws will be introduced, no matter how thorough pre-release testing is. Microsoft's new operating system is no exception, and as Windows 7 hits the pavement and gains traction in 2010, attackers will undoubtedly find ways to exploit its users, says a Symantec report.Security software scammers can take their efforts to the next level, by even hijacking users' computers and rendering them useless. "Cyber terrorism is the next big threat for India. Pakistani cyber criminals are able to deface 50 to 60 Indian websites a day. Though, India leads in IT services, it is lags behind as far as cyber security is concerned," ethical hacker Ankit Fadia said in an interview to Business Standard. The most popular instant messaging will largely be comprised of unsolicited spam messages containing malicious links, especially attacks aimed at compromising legitimate IM accounts. By the end of 2010, Symantec predicts that one in 300 IM messages will contain a URL.Symantec Corp has released its 2010 Security Predictions report. The reports states that malicious programs are actually being created at a higher rate than good programs.
 Here are 14 threats that you must be aware of
1. Anti-virus is not enough


With the rise of polymorphic threats and the explosion of unique malware variants in 2009, the industry is quickly realizing that traditional approaches to antivirus, both file signatures and heuristic/behavioural capabilities, are not enough to protect against today's threats.

We have reached an inflection point where new malicious programs are actually being created at a higher rate than good programs. As such, we have also reached a point where it no longer makes sense to focus solely on analyzing malware. Instead, approaches to security that look to ways to include all software files, such as reputation-based security, will become key in 2010.

2. Social engineering as the primary attack vector

More attackers are going directly after the end user and attempting to trick them into downloading malware or divulging sensitive information under the auspice that they are doing something perfectly innocent.

Social engineering's popularity is at least in part spurred by the fact that what operating system and Web browser rests on a user's computer is largely irrelevant, as it is the actual user being targeted, not necessarily vulnerabilities on the machine.

Social engineering is already one of the primary attack vectors being used today, and Symantec estimates that the number of attempted attacks using social engineering techniques will increase in 2010.

3. Rogue security software vendors escalate their efforts

In 2010, expect to see the propagators of rogue security software scams take their efforts to the next level, even by hijacking users' computers, rendering them useless and holding them for ransom. A less drastic next step, however, would be software that is not explicitly malicious, but dubious at best.

For example, Symantec has already observed some rogue antivirus vendors selling rebranded copies of free third-party antivirus software as their own offerings. In these cases, users are technically getting the antivirus software that they pay for, but the reality is that this same software can actually be downloaded for free elsewhere.

4. Social networking third-party applications will be the target of fraud

With the popularity of social networking sites poised for another year of unprecedented growth, there will be more frauds being leveraged against site users to grow. In the same vein, expect owners of these sites to create more proactive measures to address these threats.

As this occurs, and as these sites more readily provide third-party developer access to their APIs, attackers will likely turn to vulnerabilities in third-party applications for users' social networking accounts, just as we have seen attackers leverage browser plug-ins more as Web browsers themselves become more secure.

5. Windows 7 will come into the cross-hairs of attackers

Microsoft has already released the first security patches for the new operating system. As long as humans are programming computer code, flaws will be introduced, no matter how thorough pre-release testing is, and the more complex the code, the more likely that undiscovered vulnerabilities exist.

Microsoft's new operating system is no exception, and as Windows 7 hits the pavement and gains traction in 2010, attackers will undoubtedly find ways to exploit its users.

6. Fast Flux Botnets increase

Fast flux is a technique used by some botnets, such as the Storm botnet, to hide phishing and malicious web sites behind an ever-changing network of compromised hosts acting as proxies.

Using a combination of peer-to-peer networking, distributed command and control, web-based load balancing and proxy redirection, it makes it difficult to trace the botnets' original geo-location. As industry counter measures continue to reduce the effectiveness of traditional botnets, expect to see more using this technique being used to carry out attacks.

7.URL shortening services become the phisher's best friend

Phishers are able to disguise links that the average security conscious user might think twice about clicking on, because users often have no idea where a shortened URL is actually sending them, .

Symantec is already seeing a trend toward using this tactic to distribute misleading applications and we expect much more to come. Also, in an attempt to evade antispam filters through obfuscation, expect spammers to leverage shortened URLs shorteners to carry out their own evil deeds.

8. Mac and mobile malware will increase

The number of attacks designed to exploit a certain operating system or platform is directly related to that platform's market share, as malware authors are out to make money and always want the biggest bang for their buck.

In 2009, Macs and smartphones targeted more by malware authors, for example the Sexy Space botnet aimed at the Symbian mobile device operating system and the OSX. Iservice Trojan targeting Mac users.

As Mac and smartphones continue to increase in popularity in 2010, more attackers will devote time to creating malware to exploit these devices. 9. Spammers breaking the rules

As the economy continues to suffer and more people seek to take advantage of the loose restrictions of the Can Spam Act, we'll see more organisations selling unauthorised e-mail address lists and more less-than-legitimate marketers spamming those lists.

10. Spam volumes will fluctuate

Since 2007, spam has increased on average by 15 percent. While this significant growth in spam e-mail may not be sustainable in the long term, it is clear that spammers are not yet willing to give up as long an economic motive is present.

Spam volumes will continue to fluctuate in 2010 as spammers continue to adapt to the sophistication of security software, the intervention of responsible ISPs and government agencies across the globe.

11. Specialised malware



Highly specialised malware was uncovered in 2009 that was aimed at exploiting certain ATMs, indicating a degree of insider knowledge about their operation and how they could be exploited.

Expect this trend to continue in 2010, including the possibility of malware targeting electronic voting systems, both those used in political elections and public telephone voting, such as that connected with reality television shows and competitions.

12. CAPTCHA Technology will improve

As this happens and spammers have a more difficult time breaking CAPTCHA codes through automated processes, spammers in emerging economies will devise a means to use real people to manually generate new accounts for spamming, thereby attempting to bypass the improved technology.

Symantec estimates that the individuals employed to manually create these accounts will be paid less than 10 percent of the cost to the spammers, with the account-farmers charging $30-40 per 1,000 accounts.

13. Instant messaging spam

As cyber criminals exploit new ways to bypass CAPTCHA technologies, instant messenger (IM) attacks will grow in popularity. IM threats will largely be comprised of unsolicited spam messages containing malicious links, especially attacks aimed at compromising legitimate IM accounts.

By the end of 2010, Symantec predicts that one in 300 IM messages will contain a URL. Also, in 2010, Symantec predicts that overall, one in 12 hyperlinks will be linked to a domain known to be used for hosting malware.

Thus, one in 12 hyperlinks appearing in IM messages will contain a domain that has been considered suspicious or malicious. In mid 2009, that level was 1 in 78 hyperlinks.

14. Non-English spam will increase

As broadband connection penetration continues to grow across the globe, particularly in developing economies, spam in non-English speaking countries will increase. In some parts of Europe, Symantec estimates the levels of localised spam will exceed 50 percent of all spam.