Information Warfare: Play Store Pitfalls

Archives

September 2, 2020: An Indian newsmagazine (India Today) uncovered a Pakistani espionage effort carried out via Android apps aimed at fans of the Indian military and police. This development is interesting for two reasons. One, it is possible for an experienced Internet user to investigate and expose online espionage efforts. Second, this particular Pakistani effort sought to get around the increasing awareness in the Indian security services that Pakistan (and China) are constantly developing new techniques that evade such scrutiny. The India Today investigators looked into two Android apps from developer SnowBerry that enable users to depict how the user would look in various Indian military and police uniforms. Indian Army PhotoSuit Editor 2020 and a similar app for police uniforms was available for free on the Google Play Store. A reporter sought to get in touch with SnowBerry, which claimed to be based in Birmingham, England. The reporter, who knew how to dig around in the Play Store and social media sites for additional information, soon discovered that SnowBerry was not based in England, but Islamabad, the capital of Pakistan.

Further investigation found that SnowBerry was one of several fake app developers. One of those claimed to be based in Australia and offered an app for BJP (the current ruling party of India) fans. At that point the India Today investigators went to an Internet security company for help in extracting more information from this suspect app software. It requires special skills and software, which Internet security firms regularly use, to dissect an app. Dissection of the SnowBerry apps revealed that these apps gave SnowBerry access to the users camera, files and other data on the cellphone. This data was transferred by SnowBerry to servers used by hackers. Some of these servers were already on a blacklist that alerted Internet security firms that anyone using these servers was engaged in illegal activities. SnowBerry was gathering photos taken by fans of the Indian military and police and culling that collection for photos of military significance to the Pakistan military. Further investigation showed that the SnowBerry crew were also active on Facebook where they carried out disinformation campaigns and other activities not yet revealed.

This sort of Internet based espionage is part of the Cyber Wars that have been going on between India and Pakistan since the late 1990s. It started in the 1990s as individuals attacked the web sites in other nations in response to diplomatic, ideological or other disputes. This was usually stirred up by some dispute over religion or borders.

When the Internet became a mass media after 2000 the amateur hackers found themselves being displaced by professional hackers who tended to concentrate on stealing money, or information they could sell. In some cases, these professional hackers got involved in national rivalries that had already been going on for a long time. An example of this the decades old online conflict between India and Pakistan. This conflict is unique and deemed a Cyber War for several reasons. First, it has involved numerous attacks on military and government networks to steal information or plant malware that can later be activated to crash the network. Many other attacks are against media to sway public opinion over issues like Pakistani efforts (since the late 1940s) to annex Indian Kashmir or accuse the other side of promoting terror and disorder. As the number of damaging incidents grew the victims began to notice they had something in common.

All this reflects trends in computer hacking, which has gone pro since the late 1990s. One side effect is the creation of many tools and techniques hackers created to carry out these Cyber War attacks. China is a major user of professional hackers for economic, industrial and military espionage. This was a direct threat to India and an inspiration for Pakistan. Both these South Asian nations were slow to get into large scale and professional level hacking but now they are both at it, mainly against each other. Both nations have a lot of local talent (software engineers and proficient amateurs) and for a long time, the attacks were unorganized and mostly directed at low-level activities like defacing websites and engaging in opinion manipulation on a larger and larger scale. Meanwhile, India was subject to more professional attacks by Chinese and North Korean hackers that led to the Indians mobilizing their own hackers, mainly to deal with Pakistan and, to a lesser extent, China. India sees China as the major threat and Pakistan as more a nuisance, but one with nuclear weapons.

With everyone so alert to the professional hackers there were opportunities for low-tech efforts like SnowBerry to join in. SnowBerry is not unique. There are lots of malevolent apps offered to cell phone users, especially those with Android phones. The Apple App store is far stricter in examining new apps. The Google Play Store has had to move in the same direction because the Play Store has become the favorite place for hackers and others with criminal intent to place their apps. Even Apple is constantly finding and removing misbehaving apps. Google has to remove even more malicious apps. Most of these misbehaving apps are in it for the money but a growing number are mainly about espionage.