Highlights

• Four officers of Lieutenant General-rank were the target of malicious email.

• None of the targets opened the mail or clicked on the links used as a trap.

• The server and IP address of the hackers are located in Germany.

The cyber security team of Indian Army has uncovered a coordinated attempt to hack into the computers of its senior officers with decoy emails that purportedly contained links of “their sex videos”. At least four officers of Lieutenant General-rank posted at South Block headquarters were the target of the malicious bid, Mail Today has learnt.

Hackers often use links of dubious websites to inject malwares in their victim’s system. These malware are designed to disrupt, damage or gain unauthorised access to a computer, and may steal critical information stored therein.

“The malicious email was analysed for nefarious designs and it was found to have a data stealing malware of the remote access trojan (RAT) variant. Once this malware is injected in a system, all the information available on it can be stolen by hackers sitting far away from mainland India,” highly-placed officers in the Army told Mail Today.

IP ADDRESS TRACED TO LOCATION IN GERMANY

“To lure the receiver, the said email contained a hyperlink which read ‘leaked video of Lt Gen****’. If the user clicked on the link, he would be directed to a malicious website which could potentially infect the system with malwares,” Army sources said.

The nationality of the hackers is not yet known but the Army unit has traced the server and the Internet Protocol address to a location in Germany. “It could have been anybody including a neighbour country or the Russians, who are quite active internationally these days,” the officers said.

The cyber unit has brought the mails to the notice of the authorities concerned in the Corps of Military Intelligence. Sources in the Army intelligence wing said if the hackers had succeeded in stealing information, they could use it to blackmail their victims as was tried in the past.

The database of the hackers was found to be sound as they had sent these mails to several junior officers also across the country. “Luckily for the force, none of the targets opened the mail or clicked on the links used as a trap,” the sources said.

ARMY ISSUES STATEMENT TO WARN OFFICERS

The Army has also raised an alert among its personnel against such emails. It is also using the social media in to convey to its officers and men against clicking or viewing the email hyperlink.

In a statement issued to the officers and men, the Army said: “Do not open the attachment or the hyperlink and delete the mail from your inbox. The website http://ghavcloud.com and IP address 91.205.173.3 should be blocked at all internet firewall/personal to disrupt the malware’s access to its command and control server.”

The force has also advised its personnel to sanitise their computers if they had by mistake accessed the link in the messages widely circulated among the social media groups of Army personnel.

The file provided in the hyperlink has a high resemblance with Adobe Flash Player installer but it contains a malware designed to masquerade the original software. Army sources said the hacking attempts could be averted only because of the awareness levels amongst the officers and men due to regular campaigns by authorities in the past.

VIRTUAL HONEY TRAPS FOR DEFENCE PERSONNEL

After a few incidents of virtual honey-trapping by Pakistani agents, the Army has been on an overdrive to educate its personnel. One example of this is evident in calling an official Army telephone number, which plays a recorded message about the need to be careful from foreign agents who have been trying to extract information by all means at all the times.

There have been several cases where ISI operatives were using women profile to lay virtual honey traps for defence personnel. In December 2015, Indian Air Force (IAF) personal Ranjith KK was arrested from Punjab’s Bathinda city after he allegedly passed on secret information to the Pakistani agency.

The spies had created a fake profile in the name of Damini McNaught, who claimed to be an executive of a UK-based media firm. McNaught claimed that she required IAF-related information for an article she was writing for a news magazine but was actually working for the Pakistani ISI.