Spyware Attacks

Spyware attacks

WhatsApp recently filed a complaint in a USA court accusing spyware company NSO Group and its parent company Q Cyber Technologies of targeting at least 1,400 users across the world. WhatsApp claims it detected the attack in May 2019. Apparently, NSO exploited a “buffer overflow vulnerability in WhatsApp VOIP stack” to send a malware called Pegasus to the target devices. For a malware, Pegasus can do anything. It can seize any data from any mobile device without leaving any trace through just a missed call.

Members spread across at least 20 countries in Africa, Asia, Europe, the Middle East, and North America were affected by the spyware. Targeted users in India included journalists, human rights activists, political dissidents, lawyers, and diplomats.

It has been alleged that government was informed twice about this attack twice before i.e. in May as well as September. However, the Government sources said WhatsApp had given information to CERT-IN, a government agency, in May, but without any mention of Pegasus or the extent of the breach. It also insisted that the information shared was only about a technical vulnerability and had nothing to do with the fact that the privacy of Indian users had been compromised.

Nuclear Power Corporation of India Ltd. (NPCIL) confirmed that a malware had indeed infected its system at the Kudankulam Nuclear Power Plant (KKNPP). According to cyber security experts powerplant was the target of a variant of a virus known as DTrack RAT.

About DTrack RAT

According to the Russian anti-virus and cyber security company Kaspersky, DTrack is a “spy tool” that was discovered by the firm’s researchers “in Indian financial institutions and research centers”.

Kaspersky suggested that DTrack was a variant of a malware known as AMDTrack that was created to “infiltrate Indian ATMs and steal customer card data”.

According to Kaspersky, DTrack is able to download files to infected systems, record key strokes and conduct other actions similar to remote control of the infected systems. The cyber security firm said its list of functions define it as a “spy tool”.

These happenings point towards the vulnerabilities in cyber security infrastructure in developing countries such as India. Lack of technology, research and development, skilled man power, coordination among various agencies and proper response mechanism put critical infrastructure such as powerplants, nuclear establishments, telecommunication etc at risk. There is a need to remove this structural issues.

Also, technological giants such as Facebook and Whatsapp along with developed countries such as U.S and Israel need to take initiative to curb cyber attacks by increasing deterrence and dedicating finance towards this cause. Blame-game needs to stop and a collective approach is required to address cyber security of the world.