Information Warfare: Pakistan Pushes Poisoned Apps


June 18, 2018: A group of Pakistani hackers, who specialize in surveillance software for parents to track their children (or a spouse) was apparently hired by the Pakistani intelligence agency (ISI, or Inter Service Intelligence agency) to create spyware (Stealth Mango for Android and Tangelo for IOS) versions and then help distribute it to some key government officials and civilians in Afghanistan, India, Iraq, Iran, the United Arab Emirates and Pakistan using Facebook Messenger. This approach uses a lot of “social engineering” as the hackers must contact the target individuals and persuade them to download an app that pretends to be something other than spyware. Most targeted individuals are either not interested or don’t trust the offer. The most secure (resistant to this spyware) cell phone was the iPhone and the spyware would only work on the small number of iPhones that that had been modified (“jailbroken”) to run apps that did not come from the Apple App Store. As usual, the Android phones were much more vulnerable. In any event, it appears that only about a dozen people were persuaded to install the app. That, it turned out, was enough key people to collect a lot of important data.

The Stealth Mango/Tangelo effort was another intelligence-gathering operation that, in this case, collected a lot of sensitive data about American and Australian military and diplomatic activities. Collecting and transmitting the data (without the phone owner being aware) was how Stealth Mango/Tangelo was discovered (by an Australian Internet security company) in early 2018. Stealth Mango/Tangelo needed a lot of permissions on the infected phone in order to work and mostly went after data (documents and photos) as well as messages, location and contact lists. At least 40 GB of material was stolen from the infected phones by the hackers before Google and Apple were informed and victims were notified and the spyware was disabled. But it will be back. Actually, this sort of spyware has been around for quite a while and the latest ISI use of it was just another example.

Moreover, this sort of thing is not unusual for the ISI as Pakistan and India have been using the Internet to spy on each other for decades. Even before the Internet became widely available in the late 1990s there was an ongoing "war" between Indian and Pakistani hackers. Most of this has been little more than vandalism (defacing web pages and the like), but there have been some more serious hacks. It was these nationalistic hackers

Another fun fact is that Pakistan has always had the largest software developer and hacker community of any Moslem country. Early on Pakistan developed a large, and growing, software development industry of its own. In fact, the first known computer virus, the "Brain Virus" was written by Pakistani programmers in the late 1980s. "Brain" was created to help protect software a Pakistani firm had created and was selling, from pirating (illegal copies). But, instead, the Brain virus got out of control, and the rest is history. Pakistan has a lot of homegrown talent for their computer crime operations, and the ISI, to recruit from.

But most Pakistani programmers want to make an honest living with their skills. Despite that the hacking got so bad in Pakistan that in 2008 the government enacted the "Prevention of Electronic Crimes" law. In addition to explicitly describing various Internet-based crimes, and declaring them criminal acts, it also defined cyberterrorism and the penalties for Internet terrorists. If someone causes the death of another because of cyberterrorism, the maximum punishment is execution. But the law only applies to those hacking Pakistanis. While ISI saw this hacking as a problem, it was also an opportunity when used to go after real or imagined enemies. Here Pakistan would follow the example of their Chinese patrons.

When Pakistan passed its Electronic Crimes law there were no smartphones but there was a growing use of the Internet by governments and that led to thing like the 2003 "Titan Rain" incident. This was a massive and well organized attack on American military networks. The people carrying out the attack really knew what they were doing, and thousands of military and industrial documents were sent back to China. The attackers were not able to cover their trail completely, and some of the attackers were traced back to a Chinese government facility in southern China. The Chinese government denied all, and the vast amounts of technical data American researchers had as proof was not considered compelling enough for the event to be turned into a major media or diplomatic episode.

In the wake of Titan Rain, governments around the world began to improve their Internet security. But not enough. The attacks kept coming. Out of China. And the attackers were getting better. In 2005, a well-organized attack was made on the networks of the British parliament. This time, the defense won the battle. Mostly. The carefully prepared hacker emails (with a virus attached), would have fooled many recipients because they were personalized, and this helped prevent network defenses from detecting the true nature of these messages. These targeted emails from hackers were very successful. If the recipient tried to open the attached file, their computer who have hacking software secretly installed. This software would basically give the hacker control of that PC, making it possible to monitor what the user does on the computer, and have access to whatever is on that machine.

While many recipients sense that the "spearfishing" (or "phishing") attack is just that, some don't, and it only takes a few compromised PCs to give someone access to a lot of secret information. This would be the case even if it is home PCs that are being infected. Complaints from American legislators are all about that, as they have discovered office and personal PCs of themselves and their staffers infected.

But many other attacks are only discovered when they are over, or nearly so. The attackers are usually very well prepared, and first, make probes and trial run attacks on target systems. When the attackers come in force, they don't want to be interrupted. And usually, they aren't. The Chinese attackers use techniques similar to those employed by criminal gangs trying to get into banks, brokerages and big businesses in general. Thus it is believed that the Chinese hackers try, as much as possible, to appear like just another gang of cybercriminals. But the Chinese have certain traits that appear more military than gangster.

As more Internet users moved to smartphones so did the hackers. Smartphone users were even more valuable, and vulnerable than users of desktop and laptop computers. In that respect, Stealth Mango/Tangelo is not unique, just the latest.


Article Archive

Information Warfare: Current 2022 2021 2020 2019 2018 2017 2016 2015 2014 2013 2012 2011 2010 2009 2008 2007 2006 2005 2004 2003 2002 2001 2000 1999 



Help Keep Us Soaring

We need your help! Our subscription base has slowly been dwindling. We need your help in reversing that trend. We would like to add 20 new subscribers this month.

Each month we count on your subscriptions or contributions. You can support us in the following ways:

  1. Make sure you spread the word about us. Two ways to do that are to like us on Facebook and follow us on Twitter.
  2. Subscribe to our daily newsletter. We’ll send the news to your email box, and you don’t have to come to the site unless you want to read columns or see photos.
  3. You can contribute to the health of StrategyPage. A contribution is not a donation that you can deduct at tax time, but a form of crowdfunding. We store none of your information when you contribute..
Subscribe   Contribute   Close