New Delhi: After several Parliamentarians and journalists complained that they received alerts from Apple that their devices have come under a “state-sponsored” hacking attack, experts said that such attacks are virtually impossible to guard against. Unlike traditional cybercriminals, state-sponsored attackers apply exceptional resources to target a very small number of specific individuals and their devices, experts said, which makes these attacks much harder to detect and prevent.
Digital rights activist and MediaNama founder Nikhil Pahwa said that such attacks are sophisticated and there are multiple vectors which make them difficult to combat. “These attacks are difficult to guard against because they could get you to click on a link via any medium — email, SMS, WhatsApp message etc. It could be a message posing as a credit card statement, ecommerce package delivery link, anything. It’s social engineering. It could happen to anyone,” Pahwa said.
Technology lawyer Mishi Choudhary said that when Apple sends such a notification it could mean that the threat is not insignificant. “It means that they suspect an attack that is different from any run of the mill cyber attack but suspects a powerful threat actor. As Apple prides itself on the value of privacy, they have ensured that users will get immediate notifications,” Choudhary said.
Yet it is difficult to find out who did it. Pahwa says that it is virtually impossible to do attribution in these cases. “You can’t ever conclusively prove who has attacked someone with such tools because it is virtually impossible to trace the source. It’s possible to guess, and you can make a probabilistic determination but impossible to prove,” he said.
Lawyer Apar Guota says that some evidence suggests that the government could be involved. “Reports indicate that India has been a ground for deploying Pegasus spyware by NSO Group, an Israeli firm. In October, 2019, state attackers targeted activists, and in July, 2021 they extended their reach to public officials and journalists. The Union Government has not clearly denied these activities in the Supreme Court of India,” said Gupta. He added that investigations by Amnesty, Citizen Lab, and notifications from WhatsApp corroborate its use, suggesting a pattern in India.
He also spoke of the Financial Times report in March this year which stated that India is seeking new spyware contracts starting at approximately $16 million and potentially escalating to $120 million in the next few years.
But what does one do as a precautionary measure? Gupta says that putting a phone on lockdown mode, even though it heavily restricts its usage, is advisable. “Ideally, after doing this, if financially possible, I would swap out the phone and change my Apple ID,” he added.
Chaudhary says that the lockdown mode could be one of the few ways. “Lockdown Mode helps protect devices against extremely rare and highly sophisticated cyber attacks. When Lockdown Mode is enabled, your device won’t function like it usually would. To reduce the attack surface that could potentially be exploited by highly targeted mercenary spyware, certain apps, websites and features will be strictly limited for security, and some experiences may not be available at all,” she said. Pahwa says that changing the SIM card is also advisable.
(Published 31 October 2023, 17:19 IST)