ESET, a Slovakian anti-virus firm, last week published a blog post detailing successful Indian attempts to breach computers in Pakistan. Symantec, another anti-virus company, quickly followed suit with a post that said, among other things, that several online security companies had been keeping an eye on the intrusions. This morning, Norman, a Norwegian data security firm, and the Shadowserver Foundation, a voluntary organisation, released a lengthy report into what they are calling “Operation Hangover.”
The report confirms many of ESET’s findings, including the use of defense-related material as bait, Indian names within the code, and the relatively unsophisticated nature of the attacks in that they used only previously known vulnerabilities. It also identified some targets, including Telenor, a Norwegian telecom company with operations in India, and Bumi PLC, a mining firm. Other possible targets listed are academic institutions in China, individuals in Indian secessionist movements, British restaurants, and the Chicago Mercantile Exchange. The list of targets is baffling in its diversity.
According to the report, the operation displays “evidence of professional project management,” with “multiple developers [who] are tasked with specific malware deliverances.” In other words, the managers of the project hired freelancers.
While the authors found no evidence of state involvement, targets appear to be related to national security interests—hence the interest in Pakistan—and in industrial espionage. They conclude, “We have no visibility into whether the attacks were done on behalf of others, and if so who commissioned them or whether all attacks were commissioned by one entity or by several.” The very idea suggests a likelihood that just as India became the world’s favorite destination for software outsourcing, the perhaps same could perhaps be true of commissioned data breaches.