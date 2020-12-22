What's new

Pakistanis sensitive details with NADRA, Watsapp are not Safe

Pakistanis sensitive details with NADRA, Watsapp are not Safe

Pakistan’s ‘dark web’ sells your sensitive personal details for peanuts

WhatsApp groups sell fingerprints for a few hundred rupees
The FIA arrested gangs in Punjab last week that revealed they bought fingerprints on WhatsApp groups. Image: SAMAA Digital

If you think your personal details are safe with the National Database Registration Authority (Nadra), you are in for a surprise.

Sensitive data, including key information such as your date of birth, family tree details, and even your fingerprints could be on offer on one of the many WhatsApp groups run by con artists, and at a price that beggars belief.

The extent of the privacy violations doesn’t stop there, as revealed by a recent investigation by the Federal Investigation Agency. The people who are using personal information to scam unsuspecting individuals also have access to people’s call detail records (CDR).

This data is mostly used to register SIM cards from which these scammers would make calls under false pretences in order to dupe the person on the other line, explains Faizullah Korejo, who is an additional director for the Sindh and Balochistan region for FIA’s cyber-crime wing.

“During an intensive operation in rural areas of different districts of Punjab province, 16 cyber criminals were booked on seven different counts,” he revealed during a press conference last week.

The action was taken, said Korejo, after an alarming increase in the number of complaints from bank customers against fake callers who introduced themselves as representatives of the State Bank, the country’s central bank, or as members of the armed forces.

Using the information they had acquired illegally, these conmen tricked bank customers into revealing details of their personal accounts and then drained their account in a methodical manner, with one elderly woman form Karachi deprived of almost Rs2 million within a 24-hour period.

“Initial investigations reveals that all the fake calls were made from a few districts of Punjab, including Gujranwala, Hafizabad and Rahimyar Khan,” he said.

The suspects, currently in FIA custody, revealed that the cell phones used for fake calls were activated using information available on WhatsApp groups.

“I was responsible for providing the biometric machines allotted to cell phone franchises and Haris, a resident of Sahiwal, was the mastermind,” said Hassam, one of the accused who is from Gujranwala.

He claims that he met Haris on a WhatsApp group, where he was added after an interaction with some others on a Facebook group for ‘golden numbers’.


“Haris bought the soft fingerprints of citizens on the same WhatsApp group where I first came across him. He would then ask me to provide the biometric machine to a third individual,” says Hassam, claiming he was unaware of what they did with it next.

According to another official who is a part of the investigation, the accused are holding back key information but the investigators remain confident of connecting the dots. “This is the tip of the dark web substitute that is thriving in Pakistan,” he says, adding that they are looking at the nexus of criminals within government agencies as well as employees of cellular companies and banks who could possibly be working with the conmen.

“Currently, we have people in custody who appear to be small fry and the middlemen, used by the big fish as a layer to conceal their involvement,” he says.

A Nadra official, when asked about the possible breach, expressed surprise. “Stolen fingerprints are quite concerning. It is the sole responsibility of the centralized Data Protection Center located in Islamabad,” he said while requesting anonymity. “The matter in question is out of my jurisdiction.”

Personal Information of 115 Million Pakistani Mobile Users Up For Sale on the Dark Web

A Pakistani cybersecurity company has come across a data dump containing information of 115 million Pakistani Mobile phone users currently up for sale on the dark web.

The cybercriminal, who is a VIP member of the dark web forum where the advertisement has been placed, has set the asking price for this data dump at 300 Bitcoins (BTC) or $2.1 million.

According to the advertisement description, the telecom database was hacked this week.
Database is freshly hacked this week. That data was still being updated as I took the data down. Beautifully organized in a CSV with headers for your pleasure.
Click to expand...


Rewterz’s Threat Intelligence team has analyzed some of the samples from the telecom database up for sale on the notorious dark web. The data includes personal information of the users such as names, contact numbers, residential addresses, CNIC numbers, and NTN numbers.




The Threat Intelligence team has noted that financially motivated threat actors are active in Pakistan and organizations with outdated cybersecurity infrastructure have become an easy target of these actors.

The team further notes that it is unclear for now whether only single or more telecom companies have fallen victim to the cybercriminals. It cannot be said with certainty as well whether this data has been stolen as a result of a single breach or multiple breaches over time.

According to the given sample’s visible results, the latest data is from 2014 and none of the latest number schemes (0317, 0308 etc.) are mentioned. It is entirely possible that the data is old and the claim is false.

That said, none of the telecom operators have notified their customers that their data has been compromised. It could be because either the companies are unaware of the breach, the data is actually old or they have deliberately chosen to keep their customers in the dark.

If the data leak is new it will rais serious questions on the protocols telecom companies are following regarding data security and privacy.

Via: Rewterz Information Security

FBR Website Can Expose Your Address, Bank Details and Much More!

Federal Board of Revenue’s online NTN verification system is alarmingly offering an open opportunity to spammers, marketing agents, advertising agencies and general public to grab personal and sensitive information of any taxpayer.

All you need to have is just the CNIC number of any individual to get the sensitive information about his business, home address, business address, bank accounts, attorneys, business managers/directors and much more.

FBR’s This privacy nightmare is exposing all taxpayers to those who can easily misuse this extremely private information for their illicit acts.

Here is how it works:
Now, the worse part is that anyone can append your tax information that too so easily without requiring anything.

This is very alarming situation and FBR needs to enhance the security of website at earliest. We hope that authorities concerned show their interest in resolving the issue at earliest.

Everyone knew watsapp is not safe, what is government doing to stop 220 million Pakistani from getting exploited, what campaign and new alternatives government of Pakistan is providing>??
 
