In what looks to be the second-largest security breach any Pakistani organisation has ever experienced in over a year, the official website of the Export Development Fund (EDF) of Pakistan, an independent entity under the Ministry of Commerce, was compromised.
Exclusive information made available to ProPakistani claims that the data dump, which is over 4GB in size, contains hexed passwords, email records, email history, files, and other critical information. The breach demonstrates how the actor had access to the EDF’s mainframe without difficulty and retrieved official documents from a wide range of categories.
According to the assessment, the website’s security was lax, which made penetration possible.
ProPakistani was tipped through anonymous sources and promptly verified the authenticity of the sample dataset, which also contained confidential information such as meeting minutes, sensitive documents, proposals, documents on proposals, trade information, bidding information, internal communications, dealings with foreign organizations, sensitive correspondence, etc.
Raw snapshots of the hacked data confirm that the hacker is believed to be of foreign origin and is open to selling the data through his Telegram channel at a price tag of $400 or equivalent to Bitcoin.
A few hours after the hack, our channel checks confirmed that the EDF website was restored, but the site started showing former Prime Minister Imran Khan and ex-Commerce Advisor Abdul Razak Dawood as top dignitaries of the government-run entity. After correspondence from ProPakistani, the ministry restored the website with up-to-date information.
In a statement to ProPakistani, Commerce Secretary Saleh Farooqi admitted that there was a brute-force attack on the EDF website and it was hacked. He said that the server was placed at COMSATS and managed by AHamson/COMSATS which has been restored and is now working properly.
The secretary mentioned that the email server has also been reactivated and is now secured. He added that usually, the emails include normal communication amongst the officers along with relevant stakeholders and contain information on projects as well. These are internal communications and do not seem to pose any threat to the operations of the Fund, he added.
He further said that EDF is in direct contact with the service provider and protocols have already been upgraded and more security steps are being taken.
“Hacking is a serious thing but EDF does not deal with our sensitive stuff. Nevertheless, Our own fact finding will be there,” Saleh added.
Giving his take on the data leak, Rawalpindi-based intelligence analyst, Zaki Khalid, said that this incident is another unfortunate testament to the non-seriousness accorded to compliance with cyber security practices.
“Although successive governments have issued guidelines from time to time, there are gaps in implementation. Internal vigilance is apparently missing”, he said.
These hacks have been making headlines in Pakistan of late, with the first major attack coming during the previous government’s tenure. In December 2021, official emails of senior officers of the Ministry of Finance allegedly were compromised in a cyber security breach. As a result, official communication containing sensitive data related to the Ministry of Finance on IMF, FATF, CPEC, and other government departments was compromised.
Last month SECP’s data was recently exposed on the internet. After a timely warning from ProPakistani, SECP removed all the private information that was publicly available on the leaked link.
Implications and Way Forward
While sensitive data was compromised, the hack poses an embarrassing realization that all the trade-related coordination with foreign agencies and embassies lose all credibility once leaked out of the system. Investors develop a certain level of trust when they initiate sensitive correspondence with the Government of Pakistan, and it could take ages for that trust to be rebuilt as a consequence of the country’s failure to maintain the integrity of its records/sensitive information on the internet.
It is widely assumed that these hackers provide economic intelligence to Pakistan’s adversaries by attacking and hacking into the country’s data on the internet. In this case, it would be very easy for some other country to sabotage Pakistan’s trade relations with other countries. All they need to do is buy off the hackers and make their own rules to make life difficult for Pakistan.
Despite these events, the guidelines of the National Telecommunication and Information Security Board (NTISB) aren’t being strictly implemented, and this matter should be urgently addressed. All things considered, institutions need to prioritize national security across all online platforms to manage and secure cyberspace and curb network vulnerabilities. This is a need of the hour, and such matters need to be investigated as a top priority.
A considerable amount of investment and organizational restructuring are required to implement the NCP 2021 to secure the Pakistani government’s IT infrastructure.