Submit Your Work
Civil Liberties
Internet
Privacy and Surveillance
Wednesday, January 6, 2021

Kashmiris and High-Speed Internet: A Tragic Love Story

This article is by
Vaishnavi Krishna Mohan
Vaishnavi Krishna Mohan
South Asia

Share this article
Download as PDF
Cite this Article

Article Contributor(s)

Vaishnavi Krishna Mohan

Article Title

Kashmiris and High-Speed Internet: A Tragic Love Story

Publisher

Global Views 360

Publication Date

January 6, 2021

URL

People Protesting in Kashmir

People Protesting in Kashmir | Source: Countercurrents

Over sixteen months have passed since the India’s government imposed a ban on high-speed mobile data services in Jammu and Kashmir with the exception of two districts—Ganderbal and Udhampur. This ban has been extended. On 25th December, an order was issued by J&K administration stating that the ban has been extended till Jan 8, 2021. On August 5th, 2019, the central government abrogated Article 370 and Article 35A and mobile internet services were temporarily suspended due to security reasons. However, the suspension of high-speed mobile data services is not seeing an end. This has taken a toll on several businesses and students especially during the pandemic.

Iqra Ahmed—a fashion designer—took over four years to build her fashion brand online. Her clothing brand, Tuv Palav had a great recognition online through social media where Iqra had over 50,000 followers. She used Instagram to promote Kashmiri clothing. In August 2019, when the government revoked the erstwhile state’s constitutional autonomy, the valley saw a communication blackout and Iqra lost a large portion of her customer base. About 5 months later, 2G internet was partially restored, that is in Jan 2020 but social media services like Instagram were still inaccessible.

Iqra Ahmed, fashion designer from Kashmir | Source: Gyawun

In desperation, Iqra and many others like her opted to use Virtual Private Network, or VPN.

VPN allows users to hide their location while browsing the web, effectively helping in circumventing the ban. Kashmir saw a sudden surge of interest in VPN applications a few months after the ban.

According to several residents of Kashmir, the use of VPNs created a tension between civilians and the army. In several regions of South Kashmir, Army personnel allegedly checked the phones of youth for VPN apps. If any such apps were found, the youth were either thrashed or their phones were seized and they were bullied and harassed to collect it from the army camps.

“I was traveling to Shopian (district in J&K) when our cab was stopped at a checkpoint. The army man asked the guy sitting beside me how many VPNs he has on his phone. The guy replied none. ‘You better not have VPNs, otherwise, you know what we will do,’” Shefali Rafiq, a local girl, narrated her experience on Twitter. Using VPN was not a choice made for entertainment but one that was made out of desperation. Several people hadn’t seen the faces of their sons, daughters, parents, siblings and other family members living away from Jammu and Kashmir in months.

For instance, 61-year-old Shameema Banoo hadn’t seen her younger son in over 6 months. Parray, her younger son works at Riyadh, Saudhi Arabia as a hotel manager. “Last time on the evening of August 4th, I saw him through a video call. It was only after six months, on 5th of February, that my elder son brought a VPN application in his phone, by which I got connected with my beloved son,” said Shameema with tears and a smile.

However, several Kashmiris were unaware about the security issues that come with free VPNs. Hackers have breached the bank accounts of several people across the valley. In some cases, when users used VPNs for e-banking, hackers have also managed to withdraw their money. Surfshark, a UK based VPN company conducted a research on free VPNs which revealed that these VPNs can potentially jeopardize more than just user browsing history. Free VPNs build a profitable business model by selling user information to bidders which includes government agencies or authorities. In some cases, third parties were directly allowed to access user information. On the grounds of their study, Surfshark stated that free VPN service providers were culprits of user data abuse.

The people of Kashmir seemed to be unaware of these issues. People who travelled outside Kashmir, came back with seven to eight VPNs as backups as authorities were blocking and barring VPNs every day. The government also cracked down VPN users by filing an open FIR under which over hundreds of suspected users were probed and arrested several for allegedly misusing social media to promote “unlawful activities and secessionist ideology.”

On 4th March 2020, use of social media was legalized in Jammu and Kashmir. Kashmiris didn’t forget about those who supported them during the times of restriction. Kashmiris have developed a strange love for VPN developers past the customs of law. They showed their hospitality and gratitude to all VPN developers. Among several VPNs, LetsVPN was widely used. Kashmiris expressed their kindness by sending chai samovar, a bundle of kangris sonn sund pond (golden coin), besrakh tooker (a basket of sweets) and other gifts to the Canadian based creator of LetsVPN. These are the items that are usually sent by the bride’s family to the to-be in laws as a token of respect.

Another user shared on twitter that the experience of using VPN applications was similar to the Islam holy month of Ramzan, at first, a little hardship is endured but as the days go by, one gets used to it and after the month is over, it is missed badly and dearly.

However, Kashmiris haven’t met their happy endings yet. The ban of high speed mobile data is taking a toll on students. Several students have missed an entire online semester and were even unable to take their exams. Several students wrote to the union education minister, Ramesh Pokhriyal voicing their concerns about the apathy that universities all over India expressed toward the students of Kashmir.

Rashida Bashir, a 20-year-old sociology student from Jamia Millia Islamia, New Delhi said that she and some of her friends were not able to join classes using 2G. “How can we appear in the online examination without any issues?” she questioned. She expressed that JMI asked the students to ensure high-speed, uninterrupted internet connectivity and also that owning a laptop was considered a necessity. She further stated that the students were asked to ensure that they have uninterrupted electricity while taking the exams. She mentioned that everybody did not own a laptop or WiFi connection and she mentioned that Handwara, North Kashmir, her place of residence experienced frequent power cuts.                                                                                  

“My classmates are privileged as the internet comes easy for them. But I have to go through a lot of issues and I’m suffering” said Masoodi. Durdana Masoodi, a student from Miranda House, Delhi said that she reached out to one of her professors for help who understood her problem and agreed to send her the lecture notes. However, that did not resolve the problem. It isn’t easy to download notes on the internet either. Anything over file size one-megabyte would take over an hour to download.

Many students, especially girls in Kashmir dropped out after 10th and 12th grade due to the pandemic which coincided with ban of high-speed internet. Students from Kashmir urged their schools and universities to scrap the autocratic decision to conduct online proctored examinations. They requested the union education minister and universities to consider their situation and sought help to resolve this issue.

It is important to deploy high level of security measures in J&K due to long standing issues with Pakistan and current impasse with China. However, the government must also consider the fact that education of students, careers of many, and livelihood of the people during this pandemic is at stake due to the ban on high speed internet. It should also understand that throttling the internet in J&K, instead of strengthening security, may prove to be more of a security threat by further alienating the people who are adversely impacted by it.

Support us to bring the world closer

To keep our content accessible we don't charge anything from our readers and rely on donations to continue working. Your support is critical in keeping Global Views 360 independent and helps us to present a well-rounded world view on different international issues for you. Every contribution, however big or small, is valuable for us to keep on delivering in future as well.

Support Us

Share this article

Read More

February 4, 2021 5:20 PM

SolarWinds Attack and its implication for U.S. Security: Sabotage or espionage?

SolarWinds, a publicly listed Texas-based company with a value of more than $6 billion, has a very reputed customer list including multiple U.S. government agencies. The company develops softwares for businesses and agencies to help manage and monitor their networks, systems and  IT infrastructure. The company is a service provider to over 425 of the Fortune 500 companies, top 5 U.S. accounting firms, all major U.S. telecom providers, the U.S. treasury, several global universities and educational institutions, the NSA and the White House.

A set of hackers managed to sneak a malicious code into the software update of SolarWinds for a tool called “Orion”. Earlier, in 2020, the hackers had injected malware into the updates of Orion which were released between March and June of 2020. On 5th of Jan, 2021, the Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure security Agency (CISA), the Office of the director of National Intelligence (ODNI) and the National Security Agency (NSA) made an official joint statement stating, "an Advanced Persistent Threat (APT) actor, likely Russian in origin, is responsible for most or all of the recently discovered, ongoing cyber compromises of both government and non-governmental networks". U.S. government agencies like The Pentagon, National institute of Health, FBI, DHS, the Department of Energy and the Department of Veterans affairs were some significant users of Orion. In fact, in August 2020, the Department of Veterans affairs renewed its Orion license in a 2.8-million-dollar order. The Department of Veterans affairs has been heavily involved in COVID-19 relief.

The Orion hack began as early as March 2020. Over 18,000 customers had installed the compromised software which implies that these customers were vulnerable to spy operations throughout 2020. The malware inserted in the updates provided remote access of an organization’s network to the elite hackers. Since the malware was undetected for months, it gave the hackers an opportunity to obtain information from their targets. In fact, the hackers could also monitor emails and other internal communications. FireEye, the cybersecurity company who were the first to discover the breach describes the capability of the malware, from initially lying dormant up to two weeks, to hiding in plain sight by masquerading its investigation as “Orion Activity”. In 2016, Russian Military hackers used a method called “supply chain” to infect companies performing business in Ukraine with a hard-drive wiping virus called NotPetya. This attack is considered to be one of the most damaging cyber-attacks till date. The infiltration tactic used in the current hack is also identified to be similar to the “supply chain” method.

The Orion software framework contained a backdoor that communicated via HTTP to third party servers. Cybersecurity firm, FireEye has been tracking the trojanized version of Orion plug-in as SUNBURST.

FireEye Logo

FireEye described the use of SUNBURST backdoor on one of its blogs published on 13th December 2020. It stated,

“After an initial dormant period of up to two weeks, it retrieves and executes commands, called “Jobs”, that include the ability to transfer files, execute files, profile the system, reboot the machine, and disable system services. The malware masquerades its network traffic as the Orion Improvement Program (OIP) protocol and stores reconnaissance results within legitimate plugin configuration files allowing it to blend in with legitimate SolarWinds activity. The backdoor uses multiple obfuscated blocklists to identify forensic and anti-virus tools running as processes, services, and drivers.”

FireEye described the attack through the SUNBURST backdoor as “highly evasive”. Meanwhile, SolarWinds is facing a class action lawsuit filed by a stakeholder of the IT Infrastructure Management software company in the U.S. District Court for the Western District of Texas on 4th Jan 2021. The lawsuit is filed against SolarWinds’ ex-president, Kevin Thompson and chief financial officer, J. Barton Kalsu on the grounds of violating Federal Securities laws under Securities Exchange Act of 1934. The complaint states that SolarWinds Company failed to disclose that "since mid-2020, Orion monitoring products had a vulnerability that allowed hackers to compromise the server upon which the products ran". The complaint also mentioned that SolarWinds update server had a fairly weak and easily accessible password, ‘solarwinds123’.

Microsoft’s internal security research team found evidence that the same hackers had accessed some internal source code in their company’s systems. Microsoft mentioned that the attempted activities were beyond just the presence of malware SolarWinds code in their environment. Microsoft has “an open source like culture” which allows teams within Microsoft to view the source code. The company acknowledges that it is a threat model but they are downplaying the risk by saying “just viewing the source code should not cause any elevated risk”.

The Russian Hackers have also managed to breach the network of Austin City, Texas. The breach dates back to at-least mid of October 2020. The hackers have seemed to target the U.S. Treasury, Departments of Commerce and Homeland Security, The Pentagon, Cybersecurity firm FireEye, and SolarWinds. The breach of the network of the Austin city is an apparent win for Russian hackers. Theoretically, the compromise could have helped them access sensitive information in accordance with the city governance, elections, city police and by excavating deeper, the hackers can practically burrow inside energy, water and airport networks of the city.

Berserk Bear, the hacking outfit that is currently believed to be behind Austin’s breach appears to have used Austin’s network as grounds to stage larger attacks. Berserk Bear also known as BROMINE inter alia several names is believed to have been responsible for a series of breaches of significant U.S. infrastructures in the past year.

The attacks on SolarWinds, U.S. government and FireEye have been linked to another Russian group called APT29 also popularly known as Cozy Bear. Berserk Bear is allegedly a unit of Russian federal Security Service (FSB). Cozy Bear is known to be affiliated with the Russian Foreign Intelligence Service, or SVR. FSB and SVR are considered to be successors of the Committee of State Security of the Soviet-era which was widely known as the KGB.

The Austin Council seems to have been aware of the breach from October 2020. The FBI and CISA had published an initial advisory warning of “advanced persistent threat actors” (APTs) on October 9th, 2020. The advisory warned the city council of APTs targeting state and local governments. On October 22nd, a follow-up advisory was published in which both agencies accredited the breach to Berserk Bear. CISA published a heat map listing the types of organizations that were breached, scanned or targeted by Berserk Bear. The reputation of Berserk Bear of lurking fit their common pattern of espionage-oriented attacks. Sami Ruohonen, a researcher at Finnish cybersecurity firm F-Secure said that the adversaries have already been in the network for more than a couple of months before someone discovers their existence. Ruohonen also mentioned that this technique is specially preferred by APT groups because, the longer they go unnoticed, the longer they have a remote access to the network. F-Secure, in a report published in 2019, compared Berserk Bear and similar groups to the cyber equivalent of sleeper cells.

The cybersecurity experts have warned Austin city and the U.S that Berserk Bear hackers are not just involved in espionage and sabotage. They can gear up at any moment and create havoc in the United States. These Russian Hackers can cause city blackouts, disturbance in water supply and can even disrupt COVID-19 relief. Vikram Thakur, a technical director at Symantec who has tracked Berserk Bear for years quotes,  “We should be cognizant of the level of information that they have, turning on valves or closing valves, things of that sort — they have the expertise to do it.”

Kevin Thomson, the ex-CEO of SolarWinds | Source: SolarWinds Facebook

SolarWinds replaced their ex-CEO Kevin Thomson with Mr Sudhakar Ramakrishnan. Unlike his predecessor Thomson, who is an accountant by training, Ramakrishnan comes from a security background having led Pulse Secure in the recent past. The new CEO publicly stated that the company will be making 5 critical changes to put security front and center. The company also hired ex-CISA chief Chris Krebs and Facebook’s former security lead, Alex Stamos. Krebs and Stamos work as independent consultants to help the company coordinate its crisis response. Krebs told the Financial Times that it could even take years to uncover the full extent of the hack. On the brighter side, the new CEO mentioned that the company has engaged several cybersecurity experts to assist SolarWinds in its efforts to become more secure.  We can hope that, with better expertise, vision and understanding of threat and vulnerability management, the company is now headed towards a better future.

Read More