The Details On Operation Hangover

0  comments

Source: CIA Factbook
Source: CIA Factbook

Norman Shark produced a research report in May of 2013 detailing “Operation Hangover,” which was an espionage network being conducted in India. The infrastructure is roughly 4 years old and was designed to carry out spying operations against Pakistan. Some other organizations were exploited, including the Norwegian telecom corporation Telenor, who hired Norman Shark to conduct the investigation.

The technique involved embedding malware inside a Microsoft Word file that would run an executable file when opened. The documents were designed and labeled in such a way, that it would appear to be proprietary documents from the Telenor organization.

The control servers had privacy protection on the domains and the robot.txt files were configured to stop web crawling. The researchers were able to find a few correlations between domains that allowed them to develop a domain map.

The exploits used in this attack, were all known attacks and none of them contained zero day technology.

They were able to track a few domains who had misconfigured privacy protection back to registers in New Delhi India. Other domains were registered in the Netherlands.

The researchers found details about the suspected malware developers on Elance. For further details, you can read the full report.

Telenor Financial Dealings In Pakistan
Telenor Financial Dealings In Pakistan

Telenor is a Norwegian telecommunications provider specializing in Eastern Europe and Central Asia. They provide mobile and Internet services to Pakistan, which would be the reason why they would be the target of an espionage campaigned designed to steal data about Pakistan’s government. (page 6)

Telenor and the Pakistani Tameer Bank have recently formed a partnership to provide mobile banking solutions to rural residents of Pakistan, which they state in an April 2013 press release.

There are also researchers who believe that spyware designed to infiltrate Mac computers could also be tied to this operation. The spyware has the ability to transmit screen shots back to a control server. You can read more about the Spyware here.

Following WWII, Pakistan was created after a separation from India in order to establish a Muslim oriented nation, with India focusing on being a Hindu Nation. This led to violent migrations between different cultures, hostility, and territory disputes that exist to the present day.

The population of Pakistan is 193,238,868 using roughly 365,813 Internet hosts with the .pk domain. In 2009 they had over 20 million active Internet users. For more information about Pakistan, you can visit the CIA World Fact for additional data.

Pakistan Today picked up the story, publishing the information as a Indian sponsored cyber-attack. One comment from the reader raises the question of why Pakistan doesn’t have a government funded cyber-security force. Another comment says that the Indian hackers are state-sponsored.

Reader's comment on the cyber attack
Reader’s comment on the cyber attack

 

 

 

 

 

 

Reader comment argues for creation of government funded cyber-security force
Reader comment argues for creation of government funded cyber-security force

 

 

 

 

 

 

 

Resources:

Official Operation Hangover Report 

Telenor’s Financial Report 

Telenor Press Release On Pakistani Banking Partnerships

F-Secure’s Article on OSX Spyware

Article Connecting The OSX Spyware To Operation Hangover 

CIA World Factboook: Pakistan

Pakistan Today Article on Operation Hangover

Partition of India – Wikipedia

{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}

You may also like:

Dedicated Vs. Non-Dedicated HIPAA Security Officer
What is a Dedicated and Non-Dedicated HIPAA Security Officer?
What are the primary responsibilities of a HIPAA Security Officer?
What is a HIPAA Security Officer?

Subscribe now to get the latest updates!

>