How Pakistan Brought Cyberwar to Kashmir

May 17, 2022 Topic: Pakistan Region: Asia Blog Brand: Techland Tags: PakistanKashmirCyberwarTerrorismEncryptionIndia

How Pakistan Brought Cyberwar to Kashmir

In the future, terrorist organizations and their Pakistan-based handlers are likely to improvize and intensify their use of cyber operations.


India and Pakistan have fought four wars over Kashmir since 1947. In addition to the full-fledged conventional wars, Pakistan has sponsored and supported a proxy insurgency in Kashmir over the last three decades. The proxy war began by supporting terrorist organizations like the Jammu-Kashmir Liberation Front (JKLF) and Hizbul Mujahidin (HM). However, over the last three decades, the proxy war has evolved and become highly sophisticated and complex: the rapid spread of the internet and mobile phones led planners within Pakistan’s Inter-Services Intelligence (ISI) to realize the potential of information technology revolutions in Kashmir.

Notably, both India and Pakistan cannot be directly blamed for all cyberattacks in which they target officials, business groups and individuals, and foreign state institutions. Instead, they prefer to operate with front groups. Netscout, a U.S.-based tech company, identified six Indian and three Pakistani advanced persistent threat (APT) groups, which as per the company’s findings were state-backed hackers. India-linked APTs included Lucky Elephant, Donot Team, Patchwork Group, and Sidewinder Group, and the Pakistani group was called Transparent Tribe. Reportedly, both sides made massive use of phishing to lure targets into opening infected emails, messages, and files to steal classified information. In 2019, when the tension between the two nuclear adversaries was at its peak, such attacks increased manifold.


Beginning of the Internet Era in Kashmir

Until 2010, Kashmir was more or less a localized conflict theatre that successfully evaded internationalization for decades, thanks to the deft handling by the Indian intelligence agencies and the absence of social media. However, by 2007-2008, social media was fast becoming popular among ordinary citizens in Kashmir. As a result, Facebook, youtube, and Twitter became the new channels to vent out frustration, resentment, and anger. All this coincided with the Arab Spring in the middle east toppling many dictatorships and giving Islamist forces a new lease of life. The events in the Middle East made their way to Kashmir through social media and significantly impacted the popular consciousness. Among India’s security establishment, it is largely agreed that from 2010 onwards, Kashmir witnessed the undercurrents of internationalization in several ways. Wahhabi Islam emerged as a significant force replacing the moderate local versions of Islam. Local affiliates of AQ and ISIS emerged on Kashmir’s jihadist landscape. Kashmir’s militancy was fast becoming highly Islamist. In all this, the internet revolution played a crucial role. Having realized the potential of the cyber domain, Pakistan began investing heavily in the cyber domain in its Kashmir operations.

Encrypted Communication Apps and Terrorist Groups

For Pakistan’s intelligence officials, the cyber domain had multiple uses ranging from highly clandestine terrorist group communications on encrypted applications to massive disinformation campaigns and espionage activities. Kashmir’s terrorist groups were always receptive and progressive about adopting technological advancements. Even in the 1990s, satellite phones and wireless sets were commonly used by terrorist cadres diverted from the Afghan theatre to Kashmir. Terrorists had made good use of mobile phones; however, the security agencies could bring them under surveillance through wiretapping over time. The arrival of encrypted communication applications like WhatsApp, Telegram, and Signal was like a revolution that made terrorist groups elusive and presented a major challenge to Security Forces (SFs). Tracing their locations and successful encounters became difficult until Indian agencies received Pegasus from Israel. It led to the massive use of technical intelligence (TECHINT) in counterterrorism operations that traditionally depended majorly on human intelligence (HUMINT). Access to such technological advancements completely altered the nature of counterterrorism in Kashmir. The success rate in encounters significantly increased, and if measured purely by the indicator of the number of terrorists neutralized, the SFs got terrific success from 2016 onwards. However, the traditional HUMINT-based tools of the tradecraft like infiltration and exfiltration always ensured a better understanding of the internal dynamics of the terrorist groups, which was now missing.

After the Pulwama investigation, in which U.S. agencies helped Indian agencies retrieve WhatsApp messages of Jaish cadres involved in the Pulwama attack, some terrorist groups became skeptical of WhatsApp. They shifted to more secure applications like Telegram and Signal. Then, they switched to advanced customized apps designed by Pakistan’s intelligence agencies. Many of them, such as “Calculator” and “Skipe,” have no online presence on the Google Play Store, making them even more shadowy and clandestine. Skipe is equipped with advanced features like Voice over Internet Protocol (VoIP), which enables the user to make regular calls to other numbers. After the foreign terrorist cadres cross into Kashmir, they get in touch with their handlers, weapons distributors, and coordinators technically referred to as Over Ground Workers (OGWs), who help the foreign militants and the locals cadres download such customized communication applications. After that, all communication with Pakistan-based handlers occurs through those customized apps. These applications have robust safety and encryption features. Only if one has access to servers can the chats be retrieved. If the servers are located in a country with dubious links with terror outfits, it becomes almost impossible to decode these chats. 

For example, lately, Kashmiris have downloaded BiP, a Turkish encrypted communication app. Turkey has always supported Pakistan on Kashmir, and its intelligence agencies have links with global jihadist organizations. Lately, many Kashmiri separatists have found shelter and jobs in Turkey. Turkish state entities hosted leaders of Jamaat-i-Islami, an Islamist organization that has supported Kashmir’s accession to Pakistan and, in popular parlance, the intellectual arm of Hizbul Mujahedeen, a Kashmiri terrorist organization. Given Turkey’s alleged linkages with Kashimir’s separatist and jihadist groups, it can be immensely challenging for Indian security agencies to retrieve such chats if needed.

After the internet ban following the abrogation of India’s Article 370, i.e., regarding Kashmir’s special status, the terrorist groups bypassed the ban by using virtual private networks (VPNs). Over time, many other innovations became part of the routine use, such as The Onion Router (TOR)-based apps such as Conion. Besides, terror groups are increasingly exploring the use of the dark web, making it difficult to monitor them. Reportedly, some foreign terrorist cadres use Satsleeve, a device that can link one’s phone to a satellite, turning a regular phone into a satellite phone.

Subversion, Sabotage, and Espionage

Pakistan’s cyber operations are not confined to clandestine communication domains within the terrorist groups. Cyber operations have fulfilled several other objectives, including sabotage, espionage, and subversion. Reportedly, Pakistani cyber jihadis run an army of social media handles that are used to spread hatred against India. For example, during the encounters with militants holed up in a house in any village, hordes of messages and videos go viral to incite and mobilize people at the encounter site to disrupt a legitimate security operation by pelting stones at SFs. Reportedly, the same strategy was being planned to mobilize people against the abrogation of Article 370 and orchestrate violent civil unrest, along the lines of the 2016 civil unrest following the terrorist commander Burhan Wani’s encounter death.

Moreover, if a small group of saboteurs had incited people into a civil revolt, the SFs would have had to suppress it harshly, which might have involved civilian killings. This possibility was the reason the government chose life over liberty and imposed a long communication lockdown in Kashmir after its August 5, 2019, decision. Troll armies are also used to attack anti-separatist voices that favor development. They are accused of being traitors and working with the Indian intelligence agencies, after which they are targeted and killed by terrorist groups.

Pakistan cyber jihadis also run proxy online blogs and websites which regularly publish separatist and extremist material. One such example is the case of the “Kashmir Fight” blog. Until recently, before it was banned and its key persons were arrested, it had become notorious for orchestrating murders of pro-India voices and being involved in character assassination of anti-separatist voices. It was believed that if the blog content targeted any individual for being pro-India, very soon that person would be killed by terrorist groups. The blog had spread terror among the civil rights activists, think tanks, academics, and journalists who opposed militancy. Famous journalist Shujaat Bukhari was killed after his name appeared on the blog. Civil rights activist and lawyer Babur Qadri was assassinated after he was accused of being pro-India on this blog. Besides, cyber operations also shape the global narrative against India by selectively posting provocative pictures, getting them retweeted, and running hashtags. 

After the Modi government came to power, Islamabad’s cyber warriors have also focussed on portraying the Kashmiri jihad, hitherto seen as a bilateral dispute between India and Pakistan, in the framework of Hindu-Muslim polarization. Terrorist groups effectively use rampant acts of communal violence and polarization in other parts of India to radicalize local Kashmiris on communal and religious lines. In Europe, Pakistan’s intelligence services targeted dissidents through communication apps. A Paris-based Baloch dissident close to one of the tribal heads of Balochistan informed this author that, when he received a message to download an app viz. “Siko” messenger app, he realized that it was a trap to bug his phone and monitor his location and movement. Later, he found that Pakistan’s Inter-Services Intelligence (ISI) was using such applications to bug the phones of all Baloch dissidents who were involved in anti-Pakistan advocacy in Europe, to track and eliminate them.