Official Website of NADRA E-Sahulat Gets Hacked, User Data Compromised

Official website of E-Sahulat – financial services platform offering online payment solution for individuals and business – from NADRA was hacked and defaced by Xploiter today.

Instead of defacing the main page, hacker injected a page on server at following locations:

  • http://www.esahulat.org/x.html
  • http://www.esahulat.com.pk/x.html

Mirrors:

A screenshot uploaded by Hacker on his Facebook page hints that he had access to critical financial database on the server.

Here is the screenshot that has critical financial information of E-Sahulat users:

NADRA E-Sahulat Hacked

We are still unclear about the intents behind the defacement as there was no clear message left by hackers on the defaced page, however, it is likely that hackers are hacking and defacing websites to gain attention.

Trend has only worsen with recent hackings of Banks and Financial Institutions. Previously, Soneri Bank, Habib Bank Limited, Allied Bank Limited, Muslim Commercial Bank, Burj Bank and Tameer Bank had been hacked by local hackers.

Here is the screenshot of defaced page of E-Sahulat website:

NADRA Hacked

Via THP

Tech reporter with over 10 years of experience, founder of ProPakistani.PK


  • Pakistani

    What is more alarming is not that the site was hacked but that it is not even hosted in Pakistan! Pakistani citizens data not hosted in Pakistan!

    Wow that’s a first for security.

    It looks like it is hosted at

    dmsb00161.lunarbreeze.com (64.50.165.72) which is 300 msecs away.

    I don’t know who is running the IT at NADRA but he needs to be sacked for exporting Pakistani citizen data and for not providing adequate security also.

    • Patriot

      well as I looked into the issue and investigated in deep, there is no citizen data hosted at this server and only the complaint and ticket issuance system for esahulat franchisees is hosted at this server, which is nothing to do with the NADRA. this is separate entity having no concerns with NADRA prime ID card issuance system. there is not financial or citizen data hosted at this location.

    • zunterfee

      It is verified with 100% authenticity that no citizen data or any critical info was there
      on server. it is
      product offered by NADRA Technologies limited. it is private company and
      providing this website as just simple tool to communicate with their
      franchisees. further after confirming with resource no kind of financial data is there.

      • TruPatriot

        Please. You are NADRA employee and we don’t believe you.
        You should have made the site secure and ProPakistani has proved that data was stolen. It is all available online now.

        There needs to be accountability. Public Accounts Committee and Senate of Pakistan, Supreme Court and Parliament needs to take note.

        We need a change of guard at NADRA IT NOW!!!

  • jahil

    If infants can break into local servers, dont you think US of A can eavesdrop the NADRA CNIC and passports related data bank? A huge slap on the face of those &*^*% who know how to block websites but do not know how to safeguard interests of the country. It includes civil as well as *ahem* institutions. Damn y’all.

    • Pakistani

      Exactly, please see my comment below. The site is hosted outside of Pakistan. Can you believe the jokers we have at NADRA.

      It was much better run at time of Musharraf. It failed under PPP government and now Nawaz Government must fix NADRA again.

      I suggest make some IT Leader like Umar Saif or someone else of his level head of NADRA.

      • Shahid Saleem

        Oh, how little you know. Many government sites were either mirroredd or hosted outside Pakistan in Musharraf era, all because of DDoS attacks from the Indians choking PTCL’s bandwidth (pre-TW1 days).

        • InPakistanForPakistan

          Oh yes you make a lot of sense and everybody else knows ‘little’.

          No other self respecting country in the world keeps their citizens’ data outside of their country.
          Not India, not USA, not Israel, not China. Then why us?

          I suggest you stop posturing and understand the need to keep our citizens data inside of Pakistan.

          We are the 6th largest country in the world and with the 5th largest army. There’s a lot for us to be proud of and don’t need complexed individuals lecturing us about the reasons for our citizens’ data to be outside of Pakistan.

          • Bilal Iqbal

            NADRA’s CNIC record is kept aside instead of KIOSK which is accessible over internet…
            We are conscious about important data of Pakistani citizens and it is in safe hands…
            the matter of e-sahulat is quit different and kept aside due to it’s nature of business and was made accessible to smoothly run the business by franchisees…

          • Shahid Saleem

            Really. Well, I recommend you search archives of this very own site for an article entitled “Laws & Responsibilities”. In it, you’ll find out that in 2007 (and for years before that), the Election Commission hosted their search website (with CNIC numbers, addresses, names, everything) in CANADA. How’s that for “security”?

            I am not talking of theoretical cases, I am talking about stuff THAT HAS ALREADY HAPPENED and HAS HAPPENED IN MUSHARRAF ERA.

            Where were you? Asleep? Or perhaps a child, too young to understand the world? Well, understand it now.

            I suggest you also google for “Where are Pakistani Government websites hosted” and click on the first link (by irfan ahmad). Prepare to be shocked at the percentage of Pakistani government sites hosted outside the country. Then, if you want a bigger shock, consider how many of them are hosted on shared hosting, not even dedicated or VPS. And how many are written in the language I love to make fun of, PHP.

            Security? HAH! What a JOKE.

            • Bilal Iqbal

            • salman

              setup a meeting a with me then I will tell you the abilities of PHP, it’s all about knowledge level and skills. 98% of Pakistani think that PHP vulnerable and a bad language, yes, it is only if you don’t how to configure it and use it. Most PHP jerks are copycats. Meet me, i will tell you weaknesses of ASP.NET, JSP, etc.

              • Shahid Saleem

                I urge you to search for articles mentioning defaced on this website. And tell me why most of them are either PHP or ASP. Lately, a lot are just PHP.

                It’s very simple, if you choose to live in Karachi, you can live in Clifton or you can live in Lyari. Both places have shops where you can buy stuff, houses where you can live, electricity, water, etc. etc. But who would prefer to live in Lyari if they can afford to live in Clifton?

                Same with web frameworks, except the “cost” of using a framework is free no matter what you choose. You can choose to write code in PHP + cake/symphony/zend/wahtever, or you can choose to use better frameworks and better languages. you have to WORK VERY HARD (not use existing idioms, etc) in order to write a hackable site in Java or Python or Ruby or something else. PHP? you have to work hard to secure it.

          • Bilal Iqbal

            e-Sahulat is a service network managed by NTL (NADRA Technologies Limited), an independent body working under NADRA for introducing and running business outside NADRA. All of it’s operations are managed separately and NADRA data warehouse containing National Database is fully secure and managed by highly trained professionals are considered as Pakistan’s third most important strategic asset i.e. Nuclear Assets, Financial Assets and Citizen’s Database and treated accordingly…

            • Shahid Saleem

              Based on recent Snowdon leak, the NSA likely has access to your “secure” financial transactions.

              • Bilal Iqbal

                i never said that this Financial Network is secured…
                i told about National Database about which people are talking…
                the security of eSahulat web server is compromised then NSA might have access to this but National Database is quit different than usual…my dear..
                Don’t be optimistic…

        • pat

          no shahid this not the situation in this case, as my other colleagues stated and i have also checked through a guy this website is just maintaining the ticket solution for franchisees.

          • FuntoBunto

            But why host outside of Pakistan???

        • guest

          shahid plzz leave propakistani.

          • Shahid Saleem

            When are you leaving, “guest”

    • Yasir Mahmood

      Bhai America ko Data Obtain kerne k liyeah Web Hack krne ki zarurat nahi

      As the way like they kidnap the Required Persons from Pakistan and ship them to US ,Only they need is to ask Paki Govt and they will give them irresistibly.

      • salman

        first jumla theek kaha ap ne bs

    • Patriot

      well as I looked into the issue and investigated in deep, there is no
      citizen data hosted at this server and only the complaint and ticket
      issuance system for esahulat franchisees is hosted at this server, which
      is nothing to do with the NADRA. this is separate entity having no
      concerns with NADRA prime ID card issuance system. there is not
      financial or citizen data hosted at this location.

  • Yasir Mahmood

    Maan Gaye Ustaad

    Cheers To Point # 2

  • Hunter

    Hey what if Indian Hack it or if someone hack it to earn
    some money ? msg on deface is quit clear
    [#] F**K Goes to Noob aka Mr.Admin
    I’m Helping to secure Pakistani sensitive servers , I didn’t defaced
    main page bcz I dnt want to stop there services so stop saying that I
    done this for getting fame (Edit ur post), I never disclose databases of
    my previous hacks I only disclose it bcz I saw some noobs saying we
    have only limited access ,

    Regards:- Hunter

  • Shahid Saleem

    I hate to say it, but…coded in PHP.

    • Originative

      so what ? you think PHP is lame? FB is also built using PHP

      • Shahid Saleem

        Sure, I think PHP is lame. Even Facebook own developers think it’s lame. Why else would they write a LOT of internal (some now free) tools in languages other than PHP? Check it out: cassandra (Java), language tools in o’caml and Haskell, thrift (C++), etc. That’s just on their github page.

        Seriously, I don’t understand why PHP lovers cannot explain the HIGH number of security holes in sites in Pakistan in recent months that are written with PHP. Bank sites, government sites, etc, etc. What’s common? Either written in PHP or ASP.

        If the problem is bad developers, then why do they gravitate to PHP? Sounds like PHP is a language to avoid, if you want to work with not-bad coders.

        • Naveed

          Neither PHP / JAVA or any other language is secure, it is most stupidity. Its how it is coded. I have 5 Year of Experience…. as Sr. S/W Developer and I know, how stupid ppl do code in all kind of languages.

          • Shahid Saleem

            Yes. And yet, it seems 7/10 of hacked sites in Pakistan, if not more, are either PHP or ASP. Just scroll over the archives of propakistani and read all the defaced stories.

          • salman

            chlo shukr, koi to prha likha h yahan :-)

        • Originative

          @disqus_oyXjFfSXEI:disqus pointed out the problem it is not the fault of any programming lang its the developer who code it. i don’t know how you come up with the figure that 7/10 hacked sites are in PHP even if that is true…. reason is this people usually use opensource frameworks like wordpress, joomla, etc… and use untrusted plugins mostly free and hence by using such plugin the got hacked.. because they are opensource you can view the source and hence make an attack vector accordingly….

          further if you are a developer you should know people don’t pay well and give short deadlines which is a major reason why security is not integrated…

          • Shahid Saleem

            Security is a process, not something you can buy or download and integrate into your product. You get people who don’t plan for security FROM THE BEGINNING and you get the current mess.

            • Originative

              acha bhai tu jeet ja… Khush :P

        • salman

          setup a meeting a with me then I will tell you the abilities of PHP,
          it’s all about knowledge level and skills. 98% of Pakistani think that
          PHP vulnerable and a bad language, yes, it is only if you don’t how to
          configure it and use it. Most PHP jerks are copycats. Meet me, i will tell you weaknesses of ASP.NET, JSP, etc.

        • salman

          facebook is not coded in normal PHP you use in WAMP and XAMPP, facebook developers did a lot customization in PHP interpretor that you jerk ass people can’t understand.

  • Shahid Saleem

    What people DO NOT SEEM to understand, is a defacing of a site is STUPID, AND BORING. These people are amatuers.

    What the real criminals do is break into the site and steal the data and make sure they have a backdoor or two to return whenever they want. They DO NOT attract attention to themselves with a defacing.

    Now I want you to think. Think of all the bank sites, of all the government sites that MAY HAVE been broken into but we have no idea of because they (criminals) were smart enough not to deface it. Sites can be broken into for years without being noticed. And even when they are noticed, the site administrator/government/whoever will like to cover it up by quietly closing the holes and telling no one. The Public DO NOT HAVE A RIGHT TO KNOW ACCORDING TO THEM.

    We’ll never know how much & how often our data is stolen.

    • sol658

      esahulat is the separate business and these people are not loading any citizen database there. national citizen database is highly secured and in the secure hands. this is not the case

  • zunterfee

    yes it is verified with 100% authenticity that no citizen data was there on server. and this esahulat is not directly related to NADRA, it is product offered by NADRA Technologies limited. it is private company and providing this website as just simple tool to communicate with their franchisees.

    • poorman

      @:disqus u right buddy…probably thats why hacker left the site without mentioning any solid reason….as per my links no critical info was there on the server

    • TruPatriot

      Please NADRA needs new IT team. If you are NADRA employee and you are saying 100% authenticity then I’m sorry you have no credibility. Just because you say you are secure and no data was stolen, why should the Pakistani public believe and trust you?

      Your sites were hacked. You were caught sleeping at the wheel.

      There needs to be accountability now. This is not YOUR data it the PEOPLE OF PAKISTANs DATA so please you and Mr. Yasir Mehmood and Patriot – all NADRA employees please stop fooling the Pakistani peoples.

      • Bilal Iqbal

        check out complete comments posted above and feel the difference between NADRA data base hosted in National Data ware House and the tool offered for running a business… did you ever noticed that this was not govt domain and SSL was not there for all… it is quit different thing offered outside the NADRA resources for running business…

  • zunterfee

    It is verified with 100% authenticity that no citizen data or any critical
    info was there on server. it is product offered by NADRA Technologies limited.
    it is private company and providing this website as just simple tool to
    communicate with their franchisees. further after confirming with resource no
    kind of financial data is there.

  • bbsums

    exactly buddies we exaggerate the things without knowing the details

  • Salman Ansari

    Aamir: the mirror link on your post is a known Malware injector (go this site via Chrome and see). Please take this link off before someone is compromised!

    Salman

    • aamir7

      Thank you Salman Sb for confirming this.

  • PRALBETTER

    PRAL should take over NADRA. They have more competent people. They have built Weboc system at low cost and much better quality than NADRA applications.

    Pakistan Zindabad PRAL Zindabad.

    • Bilal Iqbal

      ha haha…
      good joke my dear.. PRAL is struggling for survival and you are talking about taking over NADRA.. are you OK….???
      Check out recent agreement of NHA for eToll Plazas where NADRA is taking over…. what do you say about it…

  • salman

    koi faeda ni hay bhai ye sb discuss krne ka ab, faltu log faltu e rahenge…

    • zain

      there is have my good frind who teach mee hacking
      [email protected]
      im vary intrust in hacking

  • a Pakistani Expat

    nadra has not demonstrated any credibility so far as far as the systems developed by them and now the data hacking!!!!! All overseas Pakistanis are cursing nadra and their technology whenever they have to apply for passport or CNIC renewal. Why don’t they plan to fix that rather than getting on new ventures?

    Their overly corrupt bosses who have criminal intentions of looting Pakistani money by making FBR reject fully functional systems and buy third class software developed by the companies owned by these rascals. I am glad that these people have been thrown out of their positions in FBR and soon their supporters will also be kicked out of nadra.

    Of projects owned and won by nadra! I am sure this is contributed to the bribes paid by the corrupt in incompetent IT team who is very god at such things.

    nadra stop fooling Pakistanis in around the globe because everyone knows you are the biggest fools yourself.

    You have been wasting national money for your foolish plans like developing integrated tax management system. If you want to reply here, DO MENTION what happened to the tax management software being developed by you recently and if it has been shelved, how much national money was wasted there. Who gave you mandate to do so!!!

    Wish this white elephant named nadra was drowned in Arabia ocean.

    Long live Pakistan.