The official data of the Finance Ministry of Pakistan has been leaked in what appears to be the biggest cyber security breach any Pakistani institution has ever faced.
In December 2021, a hacker, belonging to an unfriendly country, had claimed to have hacked the official data of the Finance Ministry, which was categorically rejected by the ministry’s spokesperson, Muzammil Aslam.
Three months later, the hacker has released some of the sensitive data of the ministry. This data contains confidential information related to other countries, international financial organizations, national institutions, ministries, and divisions.
As a piece of evidence, the hacker behind the breach has shared an email dataset of a Grade-17 official of the Finance Ministry. The dataset ranges from 2014 and 2021. It contains important official communication of the ministry.
ProPakistani verified the authenticity of the sample dataset. The contents of the dataset show that the receivers of the emails by the Grade-17 official include China, US, Saudi Arabia, and dozens of other countries.
The emails linked with China include the official communication related to China Pakistan Economic Corridor (CPEC) projects, JF-17 Thunder Block-III, repayment and restructuring of Chinese loans, and other joint ventures between both countries. It also contains details of US loans repayments and restructuring as well as Saudi loans and oil facility.
As for international institutions, the dataset shows communication with the World Bank, Moody’s, International Monetary Fund (IMF), Fitch Ratings, S&P Global, Asian Development Bank (ADB), Credit Suisse, and hundreds of other international financial institutions.
Moreover, the dataset also shows communication with national institutions, ministries, and divisions such as the Defense Ministry, the National Highway Authority (NHA), and dozens of other similar bodies.
Lastly, the dataset also shows all the details of the official meeting minutes of the Finance Ministry.
When contacted by ProPakistani, spokesperson for the Ministry of Finance, Muzammil Aslam, said that the hacker’s claim appears to be untrue and nothing of the sort has come to my notice.
Giving his take on the data leak, Rawalpindi-based strategic analyst Zaki Khalid, said:
This email dataset is one of many purportedly held by the cyber mercenary. He was visibly annoyed by the Pakistani Ministry of Finance’s rebuff of his previous successful intrusion and shared a sample to defend his personal integrity. Moreover, the hacker has indicated that further unspecified sensitive datasets could be leaked in the near future.
Zaki is of the view that the systems and networks across the Government of Pakistan require regular and comprehensive technical audits to identify and remove vulnerabilities. Training on Cyber Security and Social Engineering fundamentals should be mandatory for all rank and file of government officials, including gazetted officers of the highest rank.
It must be noted here that the National Telecommunication and Information Security Board (NTISB) is responsible for maintaining the systems and networks of the Pakistani government. NTISB regularly issues circulars/notifications to government officials to update their antivirus software and other security protocols.
The federal government needs to prioritize the establishment of a national authority that can manage or secure cyberspace. This is a need of the hour, and such matters need to be investigated as a top priority. Clearly, the guidelines of the NTISB aren’t being strictly implemented and this matter should be urgently addressed by the Cabinet Division which directly falls under the domain of the Prime Minister’s Office.
In 2021, the federal government had also signed the National Cybersecurity Policy (NCP) 2021 into law. The policy declared a cyber-attack on national institutions as an attack on national sovereignty and made it mandatory for robust measures to be taken to consolidate the IT infrastructure of the government.
A considerable amount of investment and organizational restructuring are required to implement the NCP 2021 to secure the Pakistani government’s IT infrastructure. Anti-state elements could jeopardize national security and sovereignty if this data falls into the wrong hands.
Update:
In a press release issued late in the evening, the Finance Division said that the news item circulating on social media “about hacker attempt on Finance Ministry and leakage of official data“ pertains to an incident of hacking which was reported some three months earlier.
The statement added that “instant steps were taken and a thorough cyber security audit was conducted”.
It further said that “the veracity of the news was not established. Meanwhile Finance Division has put in place numerous measures and protocols to further reinforce cyber security of its IT infrastructure and official data.”
Lawre lag gae…
Jahan har edara main nalaiq sifaarshi tuttoo bety hon wahan yahi haal ho ga.
jese halaat chal rahy ha ksi din ye news be aye gi ke endian hackers ne Pakistan ke nuclear project ka data hasil ker lia. afsos ha iss mulk ke sath isi mulk ke log kya ker rahy hain
where is the data? how can we access that data? and which platform hacker leaked that data?