What's new

Biggest Ever Hack at Finance Ministry Reveals State Secrets

Bratva

Bratva

PDF THINK TANK: ANALYST
Joined
Jun 8, 2010
Messages
13,832
Reaction score
67
Country
Pakistan
Location
Qatar
By Jehangir Nasir | Published Mar 29, 2022 | 7:33 pm

The official data of the Finance Ministry of Pakistan has been leaked in what appears to be the biggest cyber security breach any Pakistani institution has ever faced.In December 2021, a hacker, belonging to an unfriendly country, had claimed to have hacked the official data of the Finance Ministry, which was categorically rejected by the ministry’s spokesperson, Muzammil Aslam. Three months later, the hacker has released some of the sensitive data of the ministry. This data contains confidential information related to other countries, international financial organizations, national institutions, ministries, and divisions.


As a piece of evidence, the hacker behind the breach has shared an email dataset of a Grade-17 official of the Finance Ministry. The dataset ranges from 2014 and 2021. It contains important official communication of the ministry. ProPakistani verified the authenticity of the sample dataset. The contents of the dataset show that the receivers of the emails by the Grade-17 official include China, US, Saudi Arabia, and dozens of other countries.

The emails linked with China include the official communication related to China Pakistan Economic Corridor (CPEC) projects, JF-17 Thunder Block-III, repayment and restructuring of Chinese loans, and other joint ventures between both countries. It also contains details of US loans repayments and restructuring as well as Saudi loans and oil facility.

As for international institutions, the dataset shows communication with the World Bank, Moody’s, International Monetary Fund (IMF), Fitch Ratings, S&P Global, Asian Development Bank (ADB), Credit Suisse, and hundreds of other international financial institutions.
Moreover, the dataset also shows communication with national institutions, ministries, and divisions such as the Defense Ministry, the National Highway Authority (NHA), and dozens of other similar bodies.

Lastly, the dataset also shows all the details of the official meeting minutes of the Finance Ministry.
When contacted by ProPakistani, spokesperson for the Ministry of Finance, Muzammil Aslam, said that the hacker’s claim appears to be untrue and nothing of the sort has come to my notice.

Giving his take on the data leak, Rawalpindi-based strategic analyst Zaki Khalid, said:
This email dataset is one of many purportedly held by the cyber mercenary. He was visibly annoyed by the Pakistani Ministry of Finance’s rebuff of his previous successful intrusion and shared a sample to defend his personal integrity. Moreover, the hacker has indicated that further unspecified sensitive datasets could be leaked in the near future.
Click to expand...
Zaki is of the view that the systems and networks across the Government of Pakistan require regular and comprehensive technical audits to identify and remove vulnerabilities. Training on Cyber Security and Social Engineering fundamentals should be mandatory for all rank and file of government officials, including gazetted officers of the highest rank.


It must be noted here that the National Telecommunication and Information Security Board (NTISB) is responsible for maintaining the systems and networks of the Pakistani government. NTISB regularly issues circulars/notifications to government officials to update their antivirus software and other security protocols.

The federal government needs to prioritize the establishment of a national authority that can manage or secure cyberspace. This is a need of the hour, and such matters need to be investigated as a top priority. Clearly, the guidelines of the NTISB aren’t being strictly implemented and this matter should be urgently addressed by the Cabinet Division which directly falls under the domain of the Prime Minister’s Office.
In 2021, the federal government had also signed the National Cybersecurity Policy (NCP) 2021 into law. The policy declared a cyber-attack on national institutions as an attack on national sovereignty and made it mandatory for robust measures to be taken to consolidate the IT infrastructure of the government.

A considerable amount of investment and organizational restructuring are required to implement the NCP 2021 to secure the Pakistani government’s IT infrastructure. Anti-state elements could jeopardize national security and sovereignty if this data falls into the wrong hands.

Update:​

In a press release issued late in the evening, the Finance Division said that the news item circulating on social media “about hacker attempt on Finance Ministry and leakage of official data“ pertains to an incident of hacking which was reported some three months earlier.
The statement added that “instant steps were taken and a thorough cyber security audit was conducted”.

It further said that “the veracity of the news was not established. Meanwhile Finance Division has put in place numerous measures and protocols to further reinforce cyber security of its IT infrastructure and official data.”

propakistani.pk

Biggest Ever Hack at Finance Ministry Reveals State Secrets

The official data of the Finance Ministry of Pakistan has been leaked in what appears to be the biggest cyber security breach any Pakistani institution
propakistani.pk propakistani.pk
 
This MFeR is to blame.
1648582877922.png
 
SQ8 said:
Unlicensed operating systems where social media and other malicious links are clicked on frequently with no cybersecurity education nor enforcement of such policies - what else was to be expected.
Click to expand...
Just get the government to shift to Linux. It can do everything Microsoft does, better.

This may be the start of regime change operations by targeting state institutions.
 
Bratva said:
By Jehangir Nasir | Published Mar 29, 2022 | 7:33 pm

The official data of the Finance Ministry of Pakistan has been leaked in what appears to be the biggest cyber security breach any Pakistani institution has ever faced.In December 2021, a hacker, belonging to an unfriendly country, had claimed to have hacked the official data of the Finance Ministry, which was categorically rejected by the ministry’s spokesperson, Muzammil Aslam. Three months later, the hacker has released some of the sensitive data of the ministry. This data contains confidential information related to other countries, international financial organizations, national institutions, ministries, and divisions.


As a piece of evidence, the hacker behind the breach has shared an email dataset of a Grade-17 official of the Finance Ministry. The dataset ranges from 2014 and 2021. It contains important official communication of the ministry. ProPakistani verified the authenticity of the sample dataset. The contents of the dataset show that the receivers of the emails by the Grade-17 official include China, US, Saudi Arabia, and dozens of other countries.

The emails linked with China include the official communication related to China Pakistan Economic Corridor (CPEC) projects, JF-17 Thunder Block-III, repayment and restructuring of Chinese loans, and other joint ventures between both countries. It also contains details of US loans repayments and restructuring as well as Saudi loans and oil facility.

As for international institutions, the dataset shows communication with the World Bank, Moody’s, International Monetary Fund (IMF), Fitch Ratings, S&P Global, Asian Development Bank (ADB), Credit Suisse, and hundreds of other international financial institutions.
Moreover, the dataset also shows communication with national institutions, ministries, and divisions such as the Defense Ministry, the National Highway Authority (NHA), and dozens of other similar bodies.

Lastly, the dataset also shows all the details of the official meeting minutes of the Finance Ministry.
When contacted by ProPakistani, spokesperson for the Ministry of Finance, Muzammil Aslam, said that the hacker’s claim appears to be untrue and nothing of the sort has come to my notice.

Giving his take on the data leak, Rawalpindi-based strategic analyst Zaki Khalid, said:

Zaki is of the view that the systems and networks across the Government of Pakistan require regular and comprehensive technical audits to identify and remove vulnerabilities. Training on Cyber Security and Social Engineering fundamentals should be mandatory for all rank and file of government officials, including gazetted officers of the highest rank.


It must be noted here that the National Telecommunication and Information Security Board (NTISB) is responsible for maintaining the systems and networks of the Pakistani government. NTISB regularly issues circulars/notifications to government officials to update their antivirus software and other security protocols.

The federal government needs to prioritize the establishment of a national authority that can manage or secure cyberspace. This is a need of the hour, and such matters need to be investigated as a top priority. Clearly, the guidelines of the NTISB aren’t being strictly implemented and this matter should be urgently addressed by the Cabinet Division which directly falls under the domain of the Prime Minister’s Office.
In 2021, the federal government had also signed the National Cybersecurity Policy (NCP) 2021 into law. The policy declared a cyber-attack on national institutions as an attack on national sovereignty and made it mandatory for robust measures to be taken to consolidate the IT infrastructure of the government.

A considerable amount of investment and organizational restructuring are required to implement the NCP 2021 to secure the Pakistani government’s IT infrastructure. Anti-state elements could jeopardize national security and sovereignty if this data falls into the wrong hands.

Update:​

In a press release issued late in the evening, the Finance Division said that the news item circulating on social media “about hacker attempt on Finance Ministry and leakage of official data“ pertains to an incident of hacking which was reported some three months earlier.
The statement added that “instant steps were taken and a thorough cyber security audit was conducted”.

It further said that “the veracity of the news was not established. Meanwhile Finance Division has put in place numerous measures and protocols to further reinforce cyber security of its IT infrastructure and official data.”

propakistani.pk

Biggest Ever Hack at Finance Ministry Reveals State Secrets

The official data of the Finance Ministry of Pakistan has been leaked in what appears to be the biggest cyber security breach any Pakistani institution
propakistani.pk propakistani.pk
Click to expand...
Been tracking that guy for ages. @Foxtrot Alpha knows about him as well. His identity is in open and yet FIA has no balls to contact interpol and get that PJeet arrested.

I have also asked an other hacker (Pakistani) and guess what ? He said they can do much more but as soon as they do it police or FIA knocks at their door and tells them not to be cyber criminals.

SQ8 said:
Unlicensed operating systems where social media and other malicious links are clicked on frequently with no cybersecurity education nor enforcement of such policies - what else was to be expected.
Click to expand...
It is more than that. That guy has been using social engineering to drop the packages into Pakistani system.

PAC doesn't have any Internet yet few employees of PAC were targeted and data of Mushak and JF17 was leaked.

Enigma SIG said:
Just get the government to shift to Linux. It can do everything Microsoft does, better.

This may be the start of regime change operations by targeting state institutions.
Click to expand...
Wont work. We need to train our employees and strengthen our systems.
 
troll
T.....
 
Last edited by a moderator:
fisher1 said:
This nation believes a superpower America threatens through letters then it’s no surprise that their database is hacked

Who knows maybe the database is also a bunch of letters hahaha
Click to expand...
Letter were sent to ambassador of Pakistan in US you..
 
TheSnakeEatingMarkhur said:
Been tracking that guy for ages. @Foxtrot Alpha knows about him as well. His identity is in open and yet FIA has no balls to contact interpol and get that PJeet arrested.

I have also asked an other hacker (Pakistani) and guess what ? He said they can do much more but as soon as they do it police or FIA knocks at their door and tells them not to be cyber criminals.


It is more than that. That guy has been using social engineering to drop the packages into Pakistani system.

PAC doesn't have any Internet yet few employees of PAC were targeted and data of Mushak and JF17 was leaked.
Click to expand...
Is the data out in the public?
 
I will never understand why such ministries are connected to the www?
 
Jf-17 block 3 said:
ISI should assassinate any Indian hacker who poses a threat to Pakistan’s cyber security.
Click to expand...

ISI can't assassinate traitors at home in the garb of Nawaz, PDM, Zardari, "journalist", NGOs, who are actively working against the very creation of Pakistan for Modi/RSS for a house in London..

You expect the same ISI to conduct operations elsewhere???... Lol

Too much faith in an impotent agency...
 

Similar threads

TheSolution
Indian hacker group, hack into Pakistan's state institution reports.
2 3 4 5 6
Replies
76
Views
7K
INDIAPOSITIVE
INDIAPOSITIVE
N
Pakistan’s IT, banking sectors using 'Indian origin' AI products, services
2
Replies
16
Views
1K
GreatHanWarrior
GreatHanWarrior
Jango
Pakistan’s Spy Agency Buys Israeli Cellphone Hacking Tech
2
Replies
26
Views
2K
HAIDER
HAIDER
Maula Jatt
The govt wants your telco to finance your next smartphone if you can’t afford it. But how?
Replies
2
Views
314
Fish
Fish
GreatHanWarrior
China reveals U.S. invasion of Huawei's servers since 2009
Replies
1
Views
326
Hamartia Antidote
Hamartia Antidote

Latest posts

Pakistan Defence Latest Posts

Pakistan Affairs Latest Posts

Military Forum Latest Posts

Country Latest Posts

Back
Top Bottom