Pakistan has been under an alarming situation due to increasing cyber-attacks, as a result, our IT industry may have to face some serious challenges within the next few years. In the past, a report, based on malware infection, was officially published by Microsoft, where Pakistan tops the list of countries which are highly vulnerable and infected by malware.
Our non-serious attitude toward cybersecurity is forcing Pakistan toward catastrophic disaster.
It is still unclear how such a sensitive database was left vulnerable for unauthorized use without any significant cybersecurity measures. This could be the biggest data breach in the history of Pakistan as reports claimed that Punjab Information Technology Board (PITB) is responsible for creating vulnerable mobile applications directly connected with the API of NADRA, which can request details of any Pakistani citizen using different means. It is reported that hacktivists were able to gain access to private data, such as the detailed report of any Pakistani including CNIC, call data records (CDR), hotel check-ins, vehicles and registration numbers, criminal records, driving license details, e-police toolkit and much more, which is miserable.
A case study shows that several groups were existent on Facebook and WhatsApp where culprits were selling details of Pakistani nationals for just Rs. 100 posts on such groups exposed images of these applications normally designed for police and other governmental institutes. The fact could not be denied that security was compromised because of the data which was requested by some researchers using those APIs. Some of these groups were years old, which shows how unserious PITB was in monitoring unauthorized access.
Just imagine how easy it would be to manipulate users’ data during electoral reforms in case e-voting machines were used, it would be pointless for the majority of people in Pakistan to understand such type of rigging due to lack of awareness on cybersecurity. Meanwhile, chairman of PITB Umar Saif, rejected data breach claims in a Facebook post stating that “PITB is equipped with a state-of-the-art tier-3 scale data center, modern SOC and a highly qualified security team. Any external cyber-attack or unauthorized access by a user is promptly addressed.”
If PITB had such a qualified security team – why they were unable to prevent unauthorized used by culprits? If such incidents were promptly addressed – why they were not able to take any action against the people who are responsible?
Biggest Data Breach in Pakistan’s History
Pakistan has been under an alarming situation due to increasing cyber-attacks, as a result, our IT industry may have to face some serious challenges within the next few years. In the past, a report, based on malware infection, was officially published by Microsoft, where Pakistan tops the list of countries which are highly vulnerable and infected by malware.
<!– /wp…
Ahmed is a contributing fellow in cyber security, with over 6 years of of experience in the field of cyber security. His skill set includes penetration testing, social engineering, research and development and ethical hacking.
