A recent Forbes article has alleged the Indian government for abusing private technology against China and Pakistan.
Earlier this year, researchers at Russian cybersecurity firm Kaspersky witnessed a cyberespionage campaign targeting Microsoft Windows PCs at government and telecom entities in China and Pakistan, the Forbes article read.
The software used by the digital spies was named Bitter APT, meaning an unknown government agency. The code looked the same as previously seen by a company with ‘Moses’ as its cryptonym.
According to the aforementioned Russian firm, Moses provided a hacking technology known as a “zero-day exploit broker”. Such companies operate in a niche market within the $130 billion overall cybersecurity industry, creating software—an “exploit”—that can hack into computers via unpatched vulnerabilities known as “zero days” (the term coming from the fact that developers have “zero days” to fix the problem before it’s publicly known), the article read.
This allows the culprits to find loopholes in the operating systems or apps to break into them. A similar instance such software was recently used was the infamous attack on SolarWinds in 2020, a $2.5 billion company that provided system management tools for network and infrastructure monitoring to customers like Microsoft, Cisco, and the US government.
Forbes revealed that Moses is an American company named Exodus Intelligence, and Bitter APT, the attacker, is its customer India, or the Indian government.
Normally, Exodus is a cybersecurity firm that has made quite a name for itself and has partnerships with major defense contractors like Darpa, and tech companies like Cisco, and Fortinet.
“… its main product is akin to a Facebook news feed of software vulnerabilities, sans exploits, for up to $250,000 a year,” the article read.
It added, “It’s marketed primarily as a tool for defenders, but customers can do what they want with the information on those Exodus zero-days—ones that typically cover the most popular operating systems, from Windows to Google’s Android and Apple’s iOS.”
Exodus CEO and co-founder Logan Brown has said that he believes that India has bought that feed and weaponized it, adding that he believes, “India handpicked one of the Windows vulnerabilities from the feed—allowing deep access to Microsoft’s operating system—and Indian government personnel or a contractor adapted it for malicious means.”
However, since then, Exodus has barred India from buying any more zero-day research from the company, and the company has worked with Microsoft to fix the vulnerabilities.
Brown said that the customer is not limited to how it uses Exodus’s findings, adding, “You can use it offensively if you want, but not if you’re going to be . . . shotgun blasting Pakistan and China. I don’t want any part of that.”
Kaspersky has claimed that at least six vulnerabilities made by Exodus have been leaked to the world, and DarkHotel, another hacking group in South Korea has been using Moses’ zero days. Co-founder of Exodus said, “We are pretty sure India leaked some of our research,” adding, “We cut them off and haven’t heard anything since then . . . so the assumption is that we were correct,” the Forbes article read.
Other than India, only one other customer has ever gone rogue and thus been cut off according to Brown.
Knowing that its zero-days can be used offensively, Brown’s company could have chosen not to sell to India, a country that’s been accused of abuse of spyware in recent revelations about the global use of tools made by Israel’s $1 billion-valued NSO Group, Forbes writer Thomas Brewster wondered.
Earlier this year, an investigation by 17 media organizations revealed that India was among several countries using an Israeli company’s spyware in attempted and successful hacks of smartphones belonging to journalists, government officials, and human rights activists around the world.
Indian investigative news website The Wire reported that 300 mobile phone numbers used in India — including those of government ministers, opposition politicians, journalists, scientists, and rights activists — were on the list.
The numbers included those of more than 40 Indian journalists from major publications such as the Hindustan Times, The Hindu, and the Indian Express, as well as two founding editors of The Wire, it said.
With the software in India’s hands, chances of exploitation and hacks on anti-Modi elements and rival governments will increase, and that is worrying.