Classified data stolen from PM Secretariat

[Mogambo]

Classified data stolen from Pak PM's secretariat

ISLAMABAD: A substantial amount of official data of the Pakistan Prime Minister's Secretariat, including some classified documents, has been stolen by persons employed on short-term contracts who accessed a secure computer system.

The kind of classified information that was stolen was not immediately clear though the Dawn newspaper quoted a source as saying that the head of a multi-million rupee project to computerise and safeguard government data had "run away with classified data".

A complaint about the stolen data has been lodged with the executive director of the Electronic Government Directorate by the manager of the information system at the Prime Minister's Secretariat, the source said.

In the complaint, information system manager Farhan Karim Jaskani said: "Mr TR transferred the classified data from PM's secretariat database without prior permission of the joint secretary (admin)...which was later proved in the office of the joint secretary...while the said official (TR) admitted this."

A senior security official described the incident as a serious breach of security.

"The data was stolen from the database server of the PM's secretariat, clearly exposing the weak information security protocols in place," he told the newspaper.

The official said that a strict security protocol for protecting information and the system from unauthorised access, use, disclosure, disruption, modification or destruction was not followed in this case.

Data such as approvals by Prime Minister Yousuf Raza Gilani and his staff and other classified information are stored on the server.

The Prime Minister's Secretariat's officials use the database and email servers extensively but the email server failed to detect the alleged cyber thief, an official said.

Classified data stolen from Pak PM's secretariat-Politics/Nation-News-The Economic Times

 

[sparklingway]

Dawn Report:-

Classified data stolen from PM’s secretariat
By Imran Ali Teepu
Wednesday, 09 Jun, 2010

ISLAMABAD: A substantial part of official data of the Prime Minister’s Secretariat, including some highly classified documents, has been stolen by a couple of people employed on short-term contracts who had managed to access an extremely secure computer system.

It’s not clear what kind of classified information has been stolen from the supposedly secure system, but if the correspondence regarding an internal investigation is to be believed, serious attempts are being made to look into the matter. A source told Dawn on Tuesday: “The head of a multi-million rupee project hired to computerise and safeguard government data has reportedly run away with classified data. A complaint has also been lodged with the executive director of the Electronic Government Directorate by the management information system (MIS) manager of PM’s secretariat about the stolen data.

“Mr TR transferred the classified data from PM’s secretariat database without prior permission of the joint secretary (admin)… which was later proved in the office of the joint secretary… while the said official (TR) admitted this,” MIS Manager Farhan Karim Jaskani said in his complaint.

A senior security official said it was a serious breach of security. “The data was stolen from the database server of PM’s secretariat, clearly exposing the weak information security protocols in place.”

The official said that a strict security protocol for protecting information and the system from unauthorised access, use, disclosure, disruption, modification or destruction was not followed in the case.

The data, mostly containing approvals by the prime minister and his staff and other classified information are stored on the server.

“The secretariat’s officials are using the database and email servers quite extensively, but luckily the email server failed to get an eye of the alleged cyber thief,” an official said.

The staff at the secretariat came to know about the theft when they caught an official of the Electronic Government Directorate copying data on his personal laptop, on the directives of the executive director, in violation of the security clearance policy.

“The laptop was handed over to the individual by senior officials without following prescribed information security measures,” he said.

“You need a centralised database network for strict observation of the data stored on different database servers. But despite having a huge information and communication technology (ICT) network the federal government is without a proper centralised database centre,” an information security expert said.

The expert said the matter should have been immediately reported to the National Telecommunication and Information Security Board (NTISB) working under the cabinet division.

 

[sparklingway]

The person has been caught and has already been interrogated as noted by the report. Hope he has not transferred the data to a secondary cloud source already but at least he will be taken to task. NR3C is quite well equipped in digital forensics and should follow any leakage of data to an outside source. Shouldn't be difficult for them to ascertain and track any leakeges (if any).

Anyways, The National Telecommunication and Information Security Board (NTISB) creates the security protocols and they are quite stringent but like all other rosy regulations and legislation, implementation remains lax. A breach of security will surely spin some heads and a bunch of people might lose their jobs.

Should definitely lead to improvements in security protocols (or lack thereof) and a bunch of severed heads should be presented on the PM's table for this incident.

 

[M8R]

I am sure few Heads are going to roll..