Tech giant Apple on Tuesday, October 31 issued a statement saying that it does not attribute “state-sponsored attack” alerts to any specific state-sponsored attacker. This came after several Opposition MPs reported receiving messages from Apple warning them of “state-sponsored attackers trying to remotely compromise” their iPhones.
However, the statement is not a denial of a state-sponsored attack, says Nikhil Pahwa, founder of MediaNama, a platform that reports on technology policy in India. “Apple hasn’t conclusively denied that there is a state-sponsored actor involved over here. They have said that there is no specific state-sponsored actor they can attribute it to, that doesn’t mean that there wasn’t an attack,” Nikhil said.
“Apple does not attribute the threat notifications to any specific state sponsored attacker. State-sponsored attackers are very well-funded and sophisticated, and their attacks evolve over time. Detecting such attacks relies on threat intelligence signals that are often imperfect and incomplete. It’s possible that some Apple threat notifications may be false alarms, or that some attacks are not detected. We are unable to provide information about what causes us to issue threat notifications, as that may help state-sponsored attackers adapt their behaviour to evade detection in the future,” the statement said.
Nikhil explained that it is very difficult in cyber forensics and cybersecurity to attribute a cyber attack to a particular entity or individual because the attack could come from multiple sources, having bounced across multiple jurisdictions. “Attribution and jurisdiction are two of the most difficult aspects of online cyber law. It’s important to remember that it’s next to impossible to attribute an attack to a particular entity, unless an entity claims it. And even if someone claims it, it’s impossible to prove that they did it,” he added.
He further said that an investigation needs to be carried out to at least rule out that it was not the Indian government that carried out the attack. Since it was an attack on people who are politically involved, such as opposition MPs, journalists, and even a few BJP members, an investigation into the funding must take place, he added. “The investigation should check if there has been any purchase of any equipment, whether there has been any contract with any cybersecurity firm that has software like Pegasus or predator or net wire, whether there is any bandwidth, leased line connectivity for deploying such attacks that have been run by our government.
“The investigation is only to prove that our government may not have done this. It could also be a third-party state actor, it could be China, we don't know. The point is we will probably never know. But the investigation will at least ensure that it’s not our government that has done this and use this as a mechanism for bringing about surveillance reform in the country.”
Meanwhile, reacting to reports about the alerts from Apple, Ashwini Vaishnaw, Minister for Railways, Communications, Electronics and Information Technology said, “We are concerned by the statements we have seen in media from some MPs as well as others about a notification received by them from Apple. The notification received by them as per media reports mentions about ‘state-sponsored attacks’ on their devices. However much of information by Apple on this issue seems vague and non-specific in nature. Apple states these notifications maybe based on information which is ‘incomplete or imperfect’. It also states that some Apple threat notifications maybe false alarms or some attacks are not detected.”
“The Government of Bharat takes its role of protecting the privacy and security of all citizens very seriously and will investigate to get to the bottom of these notifications. In light of such information and widespread speculation, we have also asked Apple to join the investigation with real, accurate information on the alleged state sponsored attacks,” the Minister added.