On Saturday, police officials, familiar with the matter, disclosed that the online system of the Islamabad Safe City Authority was rendered offline following a hacking attempt. According to the officials who unveiled the incident, the attack transpired two days earlier, prompting the shutdown of the system, reports Dawn.
On Thursday, hackers infiltrated the primary server, gaining access to vital data and records, notably those linked to criminal databases. As a countermeasure, servers overseeing the Complaint Management System, Criminal Management Record System, Human Resources Management System, and several operational software and applications were promptly deactivated.
Despite the system’s firewall, engineered to notify authorities of unauthorized access attempts, officials disclosed a lack of backup or alternative servers to sustain the functionality of the software and applications. This deficiency necessitated their immediate shutdown.
Following the incident, the authority’s IT department proceeded to disable all logins to the software and applications, which serve as crucial gateways to various servers and operational software.
An officer emphasized that this breach was not a conventional hacking occurrence but rather stemmed from the exposure of login credentials. These credentials were compromised due to officials employing simplistic and easily deduced passwords. Furthermore, the system’s software and applications were found to be outdated, with expired licenses, amplifying its vulnerability.
Encompassing a broad spectrum of services, the impacted system comprises mobile applications, records of smart police vehicles, data from police stations, video analytics, operations of Islamabad Traffic Police, e-challan data, and criminal records.
Notably, the Safe City camera management system operates on distinct lines, ensuring its security. Being offline, it remains impervious to penetration without valid credentials.
Upon reaching out for comment, police spokesperson Taqi Jawad verified the hacking attempt and highlighted that the firewall promptly issued an alert, leading to the precautionary measure of shutting down all logins. He clarified that in the interest of security, all logins have remained disabled for the past forty-eight hours to facilitate updating credentials, thereby impacting access for numerous police personnel.
