Anything can be bought and sold on the dark web, including audio clips, purportedly involving Pakistan Prime Minister’s conversations. And the going rate is $3.5 million. The security breach has the Pakistan government in a tizzy, especially after reports that data from all government and private websites that were hacked last year are available on the dark web.
As cyber security experts sound out warnings, questions are being raised about Pakistan’s current state of cybersecurity. Kokab Zuberi, director of Forensic Research and Services Centre, Lahore Garrison University, told The Tribune that hackers use digital currency, but tracing them is an uphill task. “Our experts are working day and night and God-willing one day we will definitely get success and our cyber security will be impenetrable,” he told the news media organisation.
Over 100-hour-long conversations, not just of PM Sharif but also of his family and other party members are reportedly up for auction. PTI leader Fawad Chaudhary has called this a ‘major security lapse’ and criticised the country’s security agencies. Another PTI leader Mirza Shahzad Akbar called the audio leak an inside job by government officials themselves, rather than a hack.
While the news of the breach has taken the country by storm, Pakistan’s failing cybersecurity efforts are not coming to light for the first time. Pakistan is one of the top 10 most vulnerable States when it comes to cybersecurity, according to a study.
Also read: Pakistanis stand by minister Marriyum Aurangzeb after London hecklers call her ‘thief’
A recurring problem
Earlier this month, the government itself berated its cybersecurity agencies, labelling them ‘incompetent,’. Techjuice, a Pakistani news outlet reported that the data of all Pakistani citizens, which is stored on the Federal Board of Revenue (FBR) website, was hacked twice just recently in the last quarter.
On the eve of Pakistan’s 70th Independence Day in 2017, the websites of the Ministry of Defense, Ministry of Water and Power, Ministry of Information, Ministry of Environment Change and Ministry of Food Security were defaced by hackers. Pakistan had alleged it was a job of Indian hacker. In 2010, another large scale attack was recorded where 36 government websites had been hacked making most of them inaccessible.
In 2018, nearly 20,000 debit and credit card information from 22 Pakistani banks was stolen in a mass skimming operation. The Pakistan Computer Emergency Response Team (PakCERT), a monitoring group, suggested that this information had been shared on the dark web. The same year saw cyberattacks yet again, against the Pakistan Air Force, called Operation Shaheen. Cylance, a state sponsored agency, claimed in a report that the ‘White Company’ group has been targeting those in the Air Force, as a part of their long-term strategy, which includes phishing emails with trojans and malware.
Pakistan’s Naval Public Relations Bureau faced a similar challenge in 2019. After China, Advanced Persistent Threat (APT) organisation “Rattlesnake” was discovered attacking Pakistan’s Navy for stealing confidential information by planting misleading documents.
Also read: Pakistani celebrities partying in Canada are being attacked for ignoring floods at home
Is it a lack of legislation?
While it may be easy for the government to just label cybersecurity agencies as ‘incompetent,’ the lack of legislation around the same might be the bigger problem. A strong national cyber policy or body needs to be on the horizon, to be able to counter this endless slew of attacks on the government, the citizens’ data and even the energy sector.
Pakistan’s 2016 cybercrime law, Prevention of Electronic Crimes Act, might not be as comprehensive as it needs to be. Further mandates of government departments and other industries can make the country more tight-knit and resistant to such attacks.
Experts are hopeful that Pakistan’s recent National Cyber Security Policy 2021 might be able to achieve just that. With the policy’s emphasis on deterrence, Pakistan’s cyber-ecosystem might just be better at tackling these attacks.
Information Technology expert Shahzad Ahmed told Dawn that there are no leads yet on the issue of Shehbaz Sharif’s conversations being leaked, but he blamed the lack of government policy as one of the leading causes of the breach. He hoped that this incident would act as a wake-up call for the government officials.