3Cs OF Cyberspace and Pakistan

Introduction: A Global Threat

Cyber technology and IT have made individual life easy and augmented state
institutions‘ efficiency and performance because of the enhanced
interconnectedness. But, it has also opened a pandora box of vulnerabilities by
posing threats to individual privacy and national security. Advancements of the
unmanned aerial and other combat vehicles, automation of the war machinery,
and reliance on C4ISR (command, control, communication, computers,
intelligence, surveillance, and reconnaissance) have expanded the vulnerabilities
of states that can be exploited by other states and non-state actors using the
cyber technological tools.

CYBER SPACE IN PAKISTAN

UN Conference on Trade and Development‘s Information Economy Report ranked

Pakistan at the ninth number in the world for its booming digital economy.

Pakistan Telecommunication Authority (PTA) notes that there are 113 million
3G/4G subscribers (with a penetration of 51.43%) and 116 million Broadband
subscribers (with a penetration of 52.79%) in Pakistan.

Federal Investigation Agency (FIA) noted in 2021 that the cybercrimes —

financial frauds, harassments, fake profiles, defamation, and hacking — have
increased eighty-three per cent in the three years. Social media provided the
biggest platforms on which cyber-attacks were carried out. Moreover, the
enhanced connectivity of the governmental institutions with the cyberspace,
especially their opening of the social media accounts, aggravated the already
precarious situation.

Cyber-attacks (3Cs)
1. Cybercrime
2. Cyber terrorism
 3. Cyber warfare.

Cyberspace

 An abstract space where flow of data transpires through communication

infrastructures.

According to the US Department of Defense

 A global domain within the information environment consisting of the

interdependent network of IT infrastructures and resident data, including
the internet, telecommunications networks, computer systems and
embedded processors and controllers

Cyber security
Cyber security which refers to detecting, protecting and responding to any kind of
cyber attack .

IBM defines

The practice of protecting critical systems and sensitive information from digital
attacks

cyber security restrict unauthorized

 accessing
 changing
 deleting
 destroying
 editing

1.Cybercrime
Cybercrime is related to the activities of individual hackers or groups, who carry
out cyber attacks on government and private intuitions for personal financial
gains.
National Response Centre for Cyber Crime (NR3C)

It defines a cybercrime as any activity commissioned via computer, digital devices

and networks used in the cyber realm, and is facilitated through the internet
medium.

Objective of cybercrime

 theft of the data or money

 cracking
 cyber-bullying
 cyber-harassment
 cyber stalking
 cyber pornography
 money laundering
 piracy, and/or phreaking

Cybercrime tools

 Malicious codes
 Trojan horse

Reported cases

With the easy access to the internet and advanced gadgets, FIA notes that around
102,356 cybercrime complaints were filed in only one year (2021).After
verification of the complaints, 1202 cases were registered under PECA and around
1300 arrests were made.

Reasons of unreported crimes

 considering crime of minor nature, such as uploading someone else‘s

pictures on social media without the explicit consent
 Females facing harassment are again less inclined to report the crimes
because of the societal pressures
 Users of the cyber services may not even know the existence of the FIA
Cyber Wing or NR3C
How Pakistan can address these issues

In order to address these issues, Pakistan can launch awareness campaigns about
the cyberspace in the society. Individuals should know their rights as well as
responsibilities and it is the duty of the state to help them in this regard.

2. Cyber Terrorism
The US Department of State, now, considers it to be

a premeditated, politically motivated violence perpetrated against non-

combatant targets by sub-national groups or clandestine agents.

Objective

Creating fear in the state/society in order to achieve the political objectives

Practices of Cyber terrorists

Veerasamy details six practices of the cyber terrorists:

a) ‘Denial of Service (DoS) attacks and Distributed Denial of Service attacks (DDoS)

b) Web defacement which may include negative or derogatory comments against

the government, political parties or other religious organisations

c) Misinformation campaigns

d) Theft or corruption of critical data-unauthorised access to sensitive information

with the goal of accessing, stealing or destroying data

e) Exploitation of system vulnerabilities (to cause unavailability, loss of service,

misrepresentation)

f) Virus attacks which cause system failover, unavailability or disruption of

services.

Types of attack

o attack on the gateway of an organization

 o attack on an organisation‘s information systems
o attacks on an organisation‘s core operational systems for example,
industrial control systems

Cyber space and terrorist organization

 Cyberspace also provides an important medium to the terrorist groups to

propagate, recruit, communicate, and plan terrorist attack
 In Pakistan terrorist organisations such as ISIS, Al-Qaeda, and Hijab-ul-
Tahrir expand their radical agenda through the cyberspace, specifically
through the social media
 Terrorist, extremist, and radical organisations have their social media
handles on Facebook, YouTube, and Twitter
 Hizbul-Islam and Jaish-e-Muhammad, for instance, use the social media
platforms to expand their outreach and create attraction for the jihadists‘
life
 Terrorist groups have also made use of cartoons for the children in order to
expand their ideology
 Twitter and Facebook banned hundreds of thousands accounts for
supporting the terrorist groups

3.Cyber Warfare
Cyber warfare involves coordinated attacks by one state or its institutions against
another state or its ancillaries using the cyberspace with the objective of causing
damage and disruption

According to US Department of Defence

Cyber warfare is an armed conflict conducted in whole or part .It includes cyber
attack, cyber defence, and cyber enabling actions.

Cyber espionage
Cyber espionage relates to stealing sensitive data through digital means. Trojan
horses are the most effective means available for the cyber espionage.

For example, Pegasus is spyware developed by an Israeli organisation, has been

bought by several states to spy on their own citizens and those belonging to other
states.

report further noted that ten prime ministers, three presidents, and one king
became targets of the Pegasus software including Pakistan‘s Imran Khan, France‘s
Emanual Macron and Morocco‘s King Mohammad

 China Cyber Power

China and the US have extensively engaged against each other in the cyber
domain.

The US alleges that China launched one of the major cyber attacks against its
Department of Defence and Pentagon with the name Titan Rain

As per the report, China remained successful in copying F-35 fighter jet designs.
Besides it is also alleged that China remained successful in getting the designs of
‘B-2 stealth bomber, the F-22 jet, space-based lasers, missile navigation and
tracking systems, as well as nuclear submarine/anti-air missile designs

 US Cyber Power

National Security Agency (NSA) of the US has specialised sections dedicated to

spying, disrupting and destroying computer and related/attached infrastructures
anywhere in the world. I

It has capacity to infiltrate anywhere world and launch cyber attacks, steal data,
gather information, and perform any function as is demanded by the American
intelligence agencies.

US Cyber warfare on Pakistan

  NSA also hacked Pakistan‘s National Telecommunication Corporation (NTC)
using the SECONDDATE malware in order to spy upon the Green Line
Communications used by its VIP civilian and military leadership
 NSA used other viruses as well to spy on Pakistanis leadership.

India Cyber warfare on Pakistan

 India sponsored Advanced Persistent Threat (APT) group, Confucius,

deployed Hornbill and SunBir to spy on officials related with Pakistan
military and nuclear infrastructure.
 India extracted sensitive data such as SMS, geolocation, emails, and data
even from the encrypted applications such as WhatsApp or Blackberry
messenger
 Leyden notes that Indian capability, capacity and operations of cyber
espionage have increased manifold in the recent years against Pakistan,
China, and other South Asian, Middle Eastern and Southeast Asian states
 India is also using cyberspace to provoke anti-sate sentiments and
launching cyber-attacks against Pakistan.
 In 2010, only Indian Cyber Army hacked around thirty-six Pakistan
government websites, including those of Pakistan Navy, National
Accountability Bureau, Ministry of Foreign Affairs, National Assembly of
Pakistan

Conclusion
Cyberspace is rapidly contributing to the modern warfare. The development of
technology has brought many positive changes and it poses some serious security
threats as well. The 3-Cs of the cyberspace ( cybercrime, cyber terrorism, and
cyber warfare) are posing serious threats to the states Pakistan is one of the most
vulnerable states facing cyber attacks in the form of cybercrimes, cyber terrorism
(both sponsored by states and non-state actors), and cyber warfare. Western
states and India remained the main state actors targeting Pakistan‘s cyberspace.
India and Indians specifically have remained active in attacking the Pakistani
cyberspace to disrupt, disable and destroy its computer systems and attached
ancillaries. They have also remained very active in propagating fake information
and trying to destabilise the state and society. Though Pakistan through
Prevention of Electronic Crimes Act (PECA) has tried to regulate its cyberspace
against cybercrime and to some extent against cyber terrorism .It really needs to
develop its own capabilities to face the threats posed by all the possible cyber-
related threats in order to protect its citizens and national interest, specifically in
the domain of hate speech, propaganda, fake information, network and data
security and critical infrastructures. Moreover, it needs to develop capacity and
capability of different governmental institutions to help protect them against the
cyber attacks. For that it may establish dedicated cyber wings (though of the
smaller level) in every governmental institution and then ensure effective
coordination between them through a centralised cyber institution that may
coordinate all the activities transpiring in the Pakistani cyberspace and helping
them prepare against all the cyber related attacks.