What's new

Biggest Ever Hack at Finance Ministry Reveals State Secrets

Bratva

Bratva

PDF THINK TANK: ANALYST
Jun 8, 2010
13,700
66
22,510
Country
Pakistan
Location
Qatar
By Jehangir Nasir | Published Mar 29, 2022 | 7:33 pm

The official data of the Finance Ministry of Pakistan has been leaked in what appears to be the biggest cyber security breach any Pakistani institution has ever faced.In December 2021, a hacker, belonging to an unfriendly country, had claimed to have hacked the official data of the Finance Ministry, which was categorically rejected by the ministry’s spokesperson, Muzammil Aslam. Three months later, the hacker has released some of the sensitive data of the ministry. This data contains confidential information related to other countries, international financial organizations, national institutions, ministries, and divisions.


As a piece of evidence, the hacker behind the breach has shared an email dataset of a Grade-17 official of the Finance Ministry. The dataset ranges from 2014 and 2021. It contains important official communication of the ministry. ProPakistani verified the authenticity of the sample dataset. The contents of the dataset show that the receivers of the emails by the Grade-17 official include China, US, Saudi Arabia, and dozens of other countries.

The emails linked with China include the official communication related to China Pakistan Economic Corridor (CPEC) projects, JF-17 Thunder Block-III, repayment and restructuring of Chinese loans, and other joint ventures between both countries. It also contains details of US loans repayments and restructuring as well as Saudi loans and oil facility.

As for international institutions, the dataset shows communication with the World Bank, Moody’s, International Monetary Fund (IMF), Fitch Ratings, S&P Global, Asian Development Bank (ADB), Credit Suisse, and hundreds of other international financial institutions.
Moreover, the dataset also shows communication with national institutions, ministries, and divisions such as the Defense Ministry, the National Highway Authority (NHA), and dozens of other similar bodies.

Lastly, the dataset also shows all the details of the official meeting minutes of the Finance Ministry.
When contacted by ProPakistani, spokesperson for the Ministry of Finance, Muzammil Aslam, said that the hacker’s claim appears to be untrue and nothing of the sort has come to my notice.

Giving his take on the data leak, Rawalpindi-based strategic analyst Zaki Khalid, said:
This email dataset is one of many purportedly held by the cyber mercenary. He was visibly annoyed by the Pakistani Ministry of Finance’s rebuff of his previous successful intrusion and shared a sample to defend his personal integrity. Moreover, the hacker has indicated that further unspecified sensitive datasets could be leaked in the near future.
Click to expand...
Zaki is of the view that the systems and networks across the Government of Pakistan require regular and comprehensive technical audits to identify and remove vulnerabilities. Training on Cyber Security and Social Engineering fundamentals should be mandatory for all rank and file of government officials, including gazetted officers of the highest rank.


It must be noted here that the National Telecommunication and Information Security Board (NTISB) is responsible for maintaining the systems and networks of the Pakistani government. NTISB regularly issues circulars/notifications to government officials to update their antivirus software and other security protocols.

The federal government needs to prioritize the establishment of a national authority that can manage or secure cyberspace. This is a need of the hour, and such matters need to be investigated as a top priority. Clearly, the guidelines of the NTISB aren’t being strictly implemented and this matter should be urgently addressed by the Cabinet Division which directly falls under the domain of the Prime Minister’s Office.
In 2021, the federal government had also signed the National Cybersecurity Policy (NCP) 2021 into law. The policy declared a cyber-attack on national institutions as an attack on national sovereignty and made it mandatory for robust measures to be taken to consolidate the IT infrastructure of the government.

A considerable amount of investment and organizational restructuring are required to implement the NCP 2021 to secure the Pakistani government’s IT infrastructure. Anti-state elements could jeopardize national security and sovereignty if this data falls into the wrong hands.

Update:​

In a press release issued late in the evening, the Finance Division said that the news item circulating on social media “about hacker attempt on Finance Ministry and leakage of official data“ pertains to an incident of hacking which was reported some three months earlier.
The statement added that “instant steps were taken and a thorough cyber security audit was conducted”.

It further said that “the veracity of the news was not established. Meanwhile Finance Division has put in place numerous measures and protocols to further reinforce cyber security of its IT infrastructure and official data.”

propakistani.pk

Biggest Ever Hack at Finance Ministry Reveals State Secrets

The official data of the Finance Ministry of Pakistan has been leaked in what appears to be the biggest cyber security breach any Pakistani institution
propakistani.pk propakistani.pk
 
SQ8

SQ8

ADVISORS
Mar 28, 2009
37,376
454
82,730
Country
United States
Location
United States
Unlicensed operating systems where social media and other malicious links are clicked on frequently with no cybersecurity education nor enforcement of such policies - what else was to be expected.
 
Sinnerman108

Sinnerman108

SENIOR MEMBER
Jul 20, 2009
7,880
-5
8,395
Country
Pakistan
Location
Saudi Arabia
This MFeR is to blame.
1648582877922.png
 
crigar

crigar

FULL MEMBER
Feb 2, 2019
199
0
418
Country
Pakistan
Location
Pakistan
we are a nation of jotte khanhe wali qoum. jub tuk jhotte na kahin sadhe nai hote. can't believe we don't have a cyber security policy nor we a cyber security institute when nations around the world have had these cyber apparatus for the past 40 years. hum log latt kha k he saikte hain
 
Enigma SIG

Enigma SIG

SENIOR MEMBER
Feb 20, 2009
4,862
0
6,577
Country
Pakistan
Location
Pakistan
SQ8 said:
Unlicensed operating systems where social media and other malicious links are clicked on frequently with no cybersecurity education nor enforcement of such policies - what else was to be expected.
Click to expand...
Just get the government to shift to Linux. It can do everything Microsoft does, better.

This may be the start of regime change operations by targeting state institutions.
 
TheSnakeEatingMarkhur

TheSnakeEatingMarkhur

SENIOR MEMBER
Dec 26, 2018
3,303
10
3,537
Country
Pakistan
Location
United Kingdom
Bratva said:
By Jehangir Nasir | Published Mar 29, 2022 | 7:33 pm

The official data of the Finance Ministry of Pakistan has been leaked in what appears to be the biggest cyber security breach any Pakistani institution has ever faced.In December 2021, a hacker, belonging to an unfriendly country, had claimed to have hacked the official data of the Finance Ministry, which was categorically rejected by the ministry’s spokesperson, Muzammil Aslam. Three months later, the hacker has released some of the sensitive data of the ministry. This data contains confidential information related to other countries, international financial organizations, national institutions, ministries, and divisions.


As a piece of evidence, the hacker behind the breach has shared an email dataset of a Grade-17 official of the Finance Ministry. The dataset ranges from 2014 and 2021. It contains important official communication of the ministry. ProPakistani verified the authenticity of the sample dataset. The contents of the dataset show that the receivers of the emails by the Grade-17 official include China, US, Saudi Arabia, and dozens of other countries.

The emails linked with China include the official communication related to China Pakistan Economic Corridor (CPEC) projects, JF-17 Thunder Block-III, repayment and restructuring of Chinese loans, and other joint ventures between both countries. It also contains details of US loans repayments and restructuring as well as Saudi loans and oil facility.

As for international institutions, the dataset shows communication with the World Bank, Moody’s, International Monetary Fund (IMF), Fitch Ratings, S&P Global, Asian Development Bank (ADB), Credit Suisse, and hundreds of other international financial institutions.
Moreover, the dataset also shows communication with national institutions, ministries, and divisions such as the Defense Ministry, the National Highway Authority (NHA), and dozens of other similar bodies.

Lastly, the dataset also shows all the details of the official meeting minutes of the Finance Ministry.
When contacted by ProPakistani, spokesperson for the Ministry of Finance, Muzammil Aslam, said that the hacker’s claim appears to be untrue and nothing of the sort has come to my notice.

Giving his take on the data leak, Rawalpindi-based strategic analyst Zaki Khalid, said:

Zaki is of the view that the systems and networks across the Government of Pakistan require regular and comprehensive technical audits to identify and remove vulnerabilities. Training on Cyber Security and Social Engineering fundamentals should be mandatory for all rank and file of government officials, including gazetted officers of the highest rank.


It must be noted here that the National Telecommunication and Information Security Board (NTISB) is responsible for maintaining the systems and networks of the Pakistani government. NTISB regularly issues circulars/notifications to government officials to update their antivirus software and other security protocols.

The federal government needs to prioritize the establishment of a national authority that can manage or secure cyberspace. This is a need of the hour, and such matters need to be investigated as a top priority. Clearly, the guidelines of the NTISB aren’t being strictly implemented and this matter should be urgently addressed by the Cabinet Division which directly falls under the domain of the Prime Minister’s Office.
In 2021, the federal government had also signed the National Cybersecurity Policy (NCP) 2021 into law. The policy declared a cyber-attack on national institutions as an attack on national sovereignty and made it mandatory for robust measures to be taken to consolidate the IT infrastructure of the government.

A considerable amount of investment and organizational restructuring are required to implement the NCP 2021 to secure the Pakistani government’s IT infrastructure. Anti-state elements could jeopardize national security and sovereignty if this data falls into the wrong hands.

Update:​

In a press release issued late in the evening, the Finance Division said that the news item circulating on social media “about hacker attempt on Finance Ministry and leakage of official data“ pertains to an incident of hacking which was reported some three months earlier.
The statement added that “instant steps were taken and a thorough cyber security audit was conducted”.

It further said that “the veracity of the news was not established. Meanwhile Finance Division has put in place numerous measures and protocols to further reinforce cyber security of its IT infrastructure and official data.”

propakistani.pk

Biggest Ever Hack at Finance Ministry Reveals State Secrets

The official data of the Finance Ministry of Pakistan has been leaked in what appears to be the biggest cyber security breach any Pakistani institution
propakistani.pk propakistani.pk
Click to expand...
Been tracking that guy for ages. @Foxtrot Alpha knows about him as well. His identity is in open and yet FIA has no balls to contact interpol and get that PJeet arrested.

I have also asked an other hacker (Pakistani) and guess what ? He said they can do much more but as soon as they do it police or FIA knocks at their door and tells them not to be cyber criminals.

SQ8 said:
Unlicensed operating systems where social media and other malicious links are clicked on frequently with no cybersecurity education nor enforcement of such policies - what else was to be expected.
Click to expand...
It is more than that. That guy has been using social engineering to drop the packages into Pakistani system.

PAC doesn't have any Internet yet few employees of PAC were targeted and data of Mushak and JF17 was leaked.

Enigma SIG said:
Just get the government to shift to Linux. It can do everything Microsoft does, better.

This may be the start of regime change operations by targeting state institutions.
Click to expand...
Wont work. We need to train our employees and strengthen our systems.
 
Bleek

Bleek

FULL MEMBER
Dec 21, 2021
1,488
0
1,896
Country
Pakistan
Location
United Kingdom
TheSnakeEatingMarkhur said:
Been tracking that guy for ages. @Foxtrot Alpha knows about him as well. His identity is in open and yet FIA has no balls to contact interpol and get that PJeet arrested.

I have also asked an other hacker (Pakistani) and guess what ? He said they can do much more but as soon as they do it police or FIA knocks at their door and tells them not to be cyber criminals.


It is more than that. That guy has been using social engineering to drop the packages into Pakistani system.

PAC doesn't have any Internet yet few employees of PAC were targeted and data of Mushak and JF17 was leaked.
Click to expand...
Is the data out in the public?
 
Clutch

Clutch

ELITE MEMBER
Aug 3, 2008
13,735
5
19,851
Jf-17 block 3 said:
ISI should assassinate any Indian hacker who poses a threat to Pakistan’s cyber security.
Click to expand...

ISI can't assassinate traitors at home in the garb of Nawaz, PDM, Zardari, "journalist", NGOs, who are actively working against the very creation of Pakistan for Modi/RSS for a house in London..

You expect the same ISI to conduct operations elsewhere???... Lol

Too much faith in an impotent agency...
 

Users Who Are Viewing This Thread (Total: 5, Members: 2, Guests: 3)

Similar threads

ghazi52
Cabinet gives the green light to cyber security policy
Replies
2
Views
648
WarKa DaNG
WarKa DaNG
Bilal9
Bangladesh in final stages of clearing cyber security strategy
Replies
0
Views
205
Bilal9
Bilal9
M
Pakistan Post unable to clear Rs40bn electricity bills
Replies
0
Views
157
maithil
M
Aspen
Israel hit by biggest ever cyberattack in Israeli history
Replies
0
Views
171
Aspen
Aspen
Abu Shaleh Rumi
  • Article
PM Sheikh Hasina to announce universal pension plan.
2
Replies
16
Views
634
Bilal9
Bilal9

Latest posts

Pakistan Defence Latest Posts

Pakistan Affairs Latest Posts

Military Forum Latest Posts

Country Latest Posts

Top Bottom