How 'Iron Fist' may have exposed vital signs of Pak espionage

[Erica Absetz <eabsetz () opensecurityfoundation org>]

http://www.ndtv.com/article/india/how-iron-fist-may-have-exposed-vital-signs-of-pak-espionage-338620

On Tuesday, an employee of the Home Ministry, Surendra Kumar, was
arrested in Delhi. Sources say that starting April last year, he
shared official documents including a list of Pakistani prisoners in
India with Sumar Khan.

Mr Khan was arrested on February 24 in Rajasthan for allegedly spying
for Pakistan and passing on details of the "Iron Fist" exercise
conducted by the Indian Air Force recently in Pokhran on the border.
He was caught trespassing in a high-security area. According to
sources, he was caught after his calls to Pakistan were intercepted by
the Army Intelligence and the Intelligence Bureau.

Mr Kumar was summoned to Jaipur from Delhi for questioning on Sunday.
Intelligence officials say that Mr Kumar's interrogation has revealed
that he tried to access passwords to important computers in the Home
Ministry, but was unsuccessful.

Investigators say Mr Khan, who lived in Jaisalmer, travelled to Delhi
and other places to meet with Mr Kumar and would pay him for
information in cash.

Mr Khan posed as a visa agent who helped foreigners in Jaisalmer,
where there are many restrictions on foreign tourists because of the
area's Air Force base on the border with Pakistan.

Intelligence officials say Mr Khan was reporting to an ISI officer,
but they also suspect that with Mr Kumar, he was in touch with an
official in the Pakistani embassy in Delhi.

After Mr Khan was arrested, senior officials in the Intelligence
Bureau allegedly received a series of calls made over computers,
asking if he had been caught alone, interpreted as signs of a larger
network that is worried about its identity being breached.

The Bureau has now alerted its officials against sharing information
over the phone without first verifying the caller's identity.
_______________________________________________
Dataloss-discuss Mailing List (dataloss-discuss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://datalossdb.org/mailing_list

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security equips organizations with security intelligence, risk
management services and on-demand security solutions to establish
customized risk-based programs to address information security and
compliance challenges. 

Tenable Network Security (http://www.tenable.com/)
Tenable Network Security provides a suite of solutions which unify real-time
vulnerability, event and compliance monitoring into a single, role-based, interface
for administrators, auditors and risk managers to evaluate, communicate and
report needed information for effective decision making and systems management.