By Q Y Azher
The recent cyberattack on the Federal Board of Revenue’s (FBR) system – albeit one of the biggest incidents in the history of the country – is not the first of its kind. It has raised serious concerns over the level of cyber security of the state-owned institution and the weak alert policy, which compromised the data of millions of taxpayers.
ALSO READ
Here’s the Real Reason Why FBR’s System Got Hacked
In the digital world, while the opportunities are unlimited, cyber security is also indispensable. As the world begins to get more and more digitized, hacking attacks are also increasing in numbers and intensity. Pakistan is no different.
Here is a recap of the recent major incidents of hackers’ attacks in Pakistan.
Federal Board of Revenue (FBR)
Most recently, the country’s tax collection authority suffered a cyber security breach after its software – Microsoft Hyper-V – was not timely updated. The details of the breach showed that while the hackers were not able to entirely breach the system, they did manage to paralyze and slow down FBR’s operations for several hours, along with obtaining possession of confidential data of taxpayers. The FBR data center was attacked, and all the official websites operated by the tax machinery were brought down for more than 72 hours.
Although FBR restored its official website and its tax-related functions, hackers put the FBR’s data on sale on a Russian forum for $30,000.
ALSO READ
Hackers Are Selling Access to FBR’s Systems Online
PATARI
Merely a couple of months ago in June, Patari, a famous Pakistani music streaming website, had been hacked, which resulted in the leak of the personal data and credentials of more than 257,000 users.
The database containing the personal information of these users was then leaked online on English and Russian hacker forums.
The hackers managed to catch Patari when they were exposing their database backup on a misconfigured MongoDB database back in May this year.
Patari was informed of the misconfiguration in their database, but since the company did not respond, the hackers leaked all the information online.
K-Electric
K-Electric, the company managing the generation, transmission, and distribution of power to a metropolitan, was hit by a cyberattack last year.
The attackers threatened the management to pay a ransom of $7 million, or they would leak the information of KE’s customers on the dark web, including customers’ names, addresses, CNICs, NTNs, credit cards, and bank accounts details. Hackers could sell this data on the dark web, leaving millions of K-Electric consumers vulnerable to online threats.
The company’s internal operations were also hurt as a result of this attack, including internal communication links and banking channels.
When the KE did not give in to hackers’ demands, they dumped nearly 8.5 GB of the stolen data on the dark web, putting innumerable customers at risk.
ALSO READ
Cybersecurity and Data Privacy are a Challenge for Pakistan’s Digital Journey: Report
Meezan Bank
The banking sector has also been at the receiving end of such attacks. Meezan Bank’s database of 69,189 bank cards was put for sale on the dark web in February 2019. The data breach cost the bank data worth $3.5 million. However, reportedly the bank’s management was quick to respond and asked its customers to change their details, mainly the PIN code, including other security measures to prevent them from losses.
The consumers were saved from the financial losses, but the weakness of the banking system was exposed.
BankIslami
In November 2018, Pakistan’s banking industry suffered a unique form of cyber attack. Data of almost all Pakistani banks was breached, affecting nearly 20,000 banking customers, causing significant financial losses to the banks.
For instance, BankIslami reported that the attack caused over $6 million in losses to the bank, including suspension of the specific operations, particularly the online banking service.
The hack was majorly targeted towards debit card users, who were notified of cash withdrawals from their accounts (without their consent and knowledge) through automated text messages from the system.
Besides, tens of thousands of debit card details of bank’s consumers were being sold on the dark web. As a result of this attack, details of nearly 11,000 debit cardholders from 22 Pakistani banks were uploaded to the dark web.
ALSO READ
New Data Protection Bill to Prevent Social Media Platforms from Using Data Without Consent
Other Attacks
At least three other instances of notable cyber attacks can be seen from the security breach of Careem in April 2018 that compromised data of customers from Pakistan, including various countries; the attack on ATMs in Peshawar in December 2020; and the breach of various websites, including those belonging to Sindh High Court in July 2021, and PTV Sports in August 2020, etc.
To counter this rising instance of cyberattacks, public and private sector institutions should strengthen their cyber security system with all possible means with the help of professionals and technological tools.
