A number of issues have strained the relationship between India and Pakistan including social, political, economic, and military that resulted in war, and cross border provocation both physical and in the cyber dimension. The Kashmir issue further intensified the already hostile relationship. In contemporary times, cyber played an important role between India and Pakistan, as both prefer to utilize cyber to win small-scale advantages. This new dimension has remained an important tool for hackers and patriots from both sides to express their patriotism and deprecate the enemy.
Cyber between India and Pakistan also act as APT (Advance Persistent threat) in which different high hacking group are linked with state institution and continuously engage in espionage and hacking activities. There is also a risk of cyber conflict between India and Pakistan as both are continuously involved in low-level cyber skirmishes. India had also built its cyber arsenal by drafting its first cyber security policy in 2013, which highlighted protection, prevention, and counter-attack, and an Indian defense cyber agency was created in 2018, which performs these actions.
Understanding the matter better
According to Symantec a security company survey, India was the second most vulnerable state to cyber-attack mainly because of the digitization of its economy, which remains a major concern for cyber espionage and financial crime. While Pakistan remains seventh most vulnerable to cyber-attack mainly because of its growing independency on the internet. According to another survey, a report by the Indian high court commission India loses about 4 billion each year due to cybercrime.
Pakistan also has been facing cyber threat since early 2000 but still lack any proper cyber security policy. Moreover, Pakistan start realizing a cyber dynamic a little bit late, especially after the Snowden leak which underscores USA NSA (National Security Agency) cyber espionage against Pakistan which start inflicting Pakistan to fill this security gap. Pakistan’s first cyber security policy was drafted in 2021which still exists only to the paper neither legislation nor any proper implementation procedure. However, the ministry of science and information technology has drafted several laws.
Moreover, Pakistan’s cyber security understanding and proper policy framework still exist at the beginner level. Pakistani government start considering cyber threats as a potential national security threat in early 2000 and the government drafted its first policy on cyber-related crime ETO ―Electronic Transaction Ordinance. This ordinance was an attempt to regulate cyberspace. Moreover, this law also provided legal cover to most online businesses; e-commerce, etc. With the increase in cybercrime, the government passed a new law ETA―The Electronic Transaction Act to tackle these new cyber-crimes.
ETA dimensions are broader than ETO as it deals with cyber crimes like privacy, and information security issues. Moreover, with the rapid increase in cybercrime government passed a new law in 2007 PECO Prevention of electronic crime ordinance. PECO deals with more advanced and heinous cyber crimes like cyber terrorism, data security, online fraud, forgery, and cyber harassment. In 2016, the government passed another law to deal with the rising and new type of cybercrime with more strict and regressive punishment.
PECA Prevention of electronic crime act mainly focuses on confidential data/information protection and planned cyber-attack using malicious software. While Indian state-backed hackers continuously exploit Pakistan’s cyber vulnerabilities, for example, Horn Bill and Sun Bird for cyber espionage on military and civilian officials. Moreover, CERT and Inter services cyber command centers were established to deal with these issues. Pakistan still has no official cyber security strategy. Cyber war has remained a very handy weapon. It provides a large set of targets that can be engaged at the same time.
Cyberwar remains very relevant in Indo-Pakistan’s case because of its nature, low cost, and ease to conduct, Indian future tech giant with a rising industry of software and hardware provides India technology/strategic edge our Pakistan. India has been exploiting this strategic edge for the last two decades. The common methods used by Indian hackers against Pakistan are website defacement (In which the physical appearance of the website change using D3Lt4 tools), fake news, propaganda, etc.
Social media profiles and pages have been targeted
In spearfishing, an infected email is designed as it comes from an official or trusted resource when the user opens that email whole system gets infected for example FBR and the National Bank of Pakistan case. The use of malware/virus was also reported few common malware used against Pakistan are Hanover malware which is used for cyber espionage against high officials. BAD NEWS a malicious software used against Pakistan in this method of spearfishing technique is used to target the opponent. According to a report by Crowd, strike a cyber-security firm that several android applications were designed for espionage purposes for example zero.
Pegasus malware created by Israeli NSO was also used against Pakistan According to an international investigative journalism report published in July 2021 stated that India uses the Pegasus to spy on about 300 people including journalists, Human rights critique from 2017 to 2019. Moreover, the report also argues that it has one number of Pakistani Prime ministers previously used by him. With the advancement of technology, war has been revolutionized. Cyber is rapidly contributing to modern warfare. The development of technology has brought many positive changes and it poses some serious security threats.
These threats range from individuals’ privacy to states’ national security. With technological development and states, dependency on technology has also transformed the traditional concept of national security and its challenges. This new domain has changed the traditional concept of warfare, as they not only target the military but civilians as well. Pakistan is one of the most vulnerable to cyber-attacks. However, over the period, the Pakistani government tried to regularize the cyber domain but all of these efforts were in vain. Since the early 2000 era, Pakistan has remained the epicenter of cyber-attacks and cyber warfare.
These attacks are from the west including UK espionage on Pakistan, and USA espionage during the Afghan war. India has been attacking the Pakistani cyber domain continuously to disrupt, disable, and propagate fake information. Most of these cyber-attacks carried out against Pakistan were unknown as they lack the proper understanding, and awareness about these types of attacks. However, after the drafting of ECRA and PECA Pakistan finally realized the nature of the threat and tried to regularize the cyber domain. With these new cyber laws, Pakistan not only detects and counters attacks but also curbs hate speech, propaganda warfare, and fake information. The following are the possible solution to these cyber crimes.
Training: The easiest way to enter into the system of any organization is through their employee. Cyber attackers breach security and enter into your computer system through negligence or unawareness of the employee. Hackers send an email having malicious code attached and emails look like they are either from higher authority or from another institution. One of the ways to protect your system from these types of attacks or security breaches is proper training. The employee must check the email, its address, sender ID, intuitions ID, or if possible do contact the concerned institution about the email.
The gap in Policy and Procedure: In contemporary times, no organization is 100% secure. There are always chances of a security breach in cyber security mostly because of the gap in their policy and procedure. The number of cyber security breaches raised in contemporary times is mostly because of weak defensive systems and short-term policies. The security gap, which is created by these weak policies, has remained the main concern for these organizations. According to a survey by Minerva labs in which Six hundred 600-cyber professionals have participated. Among the 600 cyber professional two-thirds of them wasn‘t sure about their security measure to prevent any cyber-attack while about 70% of them believe that their security only prevents less than 70% of infection/malware attack. To avoid these securities gap organization must invest in detective, responsive, and protective technologies.
Using the latest Software: In contemporary times most of the government, as well as private intuition, spent a very minimal or most of them don‘t spend a single penny on cyber security. They more focus on making and increasing their profit than improving security. Using updated software is very important as it improves security loopholes; provides new features for data protection.
End-to-End encryption: In contemporary times, the protection of data and a high-level exchange of information and message are very important. One of the best ways to protect a high-level exchange of information and message is End to end encryption. End-to-End encryption is a cyber-security method to protect the communication between two parties. In end Endencryption, only the sender and receiver can read and view the information. Information is sent from one end of encryption and only the concerned recipient can decrypt it while no other hacker or any internet protocol either accesses it or makes any change to it.
Firewall: A firewall is another way to protect your data from unauthorized access. It protects your data at several levels and determined the level of protection your device needs. A firewall is a gatekeeper of your device. It acts as a monitor of the whole system and not only keeps a check on internet traffic but also blocks unauthorized access.
Data Backup: At the current time, data is the new oil. Protection of sensitive and confidential data from enemy cyber attackers, the cyber professional criminal is very important. If we look at the history of cyber-attacks from the early 1990‘s Moon Light Maze, Solar Sunrise, and Rain of Titans the main objective was always stealing and exploiting sensitive and confidential, sensitive and personal information. Therefore, to protect your data it is very important to have a regular backup of data stored on different devices like USB, Hard Drive or Google Drive
The writer is a Research Officer at the Center for International Strategic Studies (CISS) AJK. The views expressed in this article are the author’s own and do not necessarily reflect the editorial policy of Global Village Space.