@Pak Nationalist thank you for this excellent thread. Yes I agree that Pakistan is weaker on the cyber warfare front and this is woefully apparent in out Info Sec sphere but also on how slow our national establishments are to react to false narratives, disinformation and propaganda.
Unlike other nations who have specifically designed teams and entire organisations to focus on cyber warfare, Pakistan is still lagging behind in this sphere, a perfect example of this is twitter, I wrote a detailed assessment of the blowback following the events of Aug 15th in Afghanistan:
As the US military footprint shrinks in Afghanistan, there are concerns going on many fronts, whilst there is huge uproar at apparent human rights abuses in the country, the immediate concerns for the average Afghan remains to be food, shelter, medicine and security. As per reports from the...
defence.pk
I have done a lot of research and study into this subject in my spare time, I am not an information security person but have an interest in the subject. I have also highlighted some of the threats we face from APT (Advanced Persistent Treat) actors here:
I guess they forgot to put this Captha has another rpurpose it's not there to stop ddos attacks.
defence.pk
View attachment 780006
Source:
Social Media Stats Pakistan | Statcounter Global Stats
Some 27% of Pakistan's population use twitter, the lion share of social media users are attracted by Facebook which has 66% of Pakistan's market share. Now with that said, since Aug 15th I have been tracked Anti-Pakistani propaganda on social media, I have documented this and shared this even with FIA, no action has been taken, luckily I have managed to get some of the content removed by constantly bombarding social media companies with emails and evidence [they must hate me
]
In all of this I want to say that ISPR has a strong role to play, sadly just look at the recent ISPR twitter handle, it is silent, this is because Major Gen. Iftikhar is a highly competent officer, but he is not a social media man like his predecessors Gen. Ghafoor and Gen Bajwa.
Whilst there are some commendable efforts by some handles on twitter to counter the narrative, a lot of these accounts lack reach (internationally) and have the problem of being considered paid proxies in the cyber sphere so any rebuttal from them will be considered moot.
Coming back to the cyber security sphere for a moment, the official twitter account for our Computer Emergency Response Team has been dormant for a long time now with no updates:
View attachment 780007
Even the Facebook account for said organisation attracts very little attention from the public with <1000 followers:
View attachment 780008
Comparatively, the FIA which has a cyber crime wing have a decent yet still underwhelming follower base of < 79k people following this account:
View attachment 780009
Pakistan is ranked 79 in the International Telecommunication Development Sector (ITU-D) and has a very poor track record on info-cyber and critical digital/telecom sector security:
About the ITU-D and the BDT
Under Section 40 of the Prevention of Electronic Crime Act, the Federal Government was supposed to nominate a digital forensics laboratory to provide expert opinion to the court independent of the investigative agency which has still not been acted upon.
Furthermore under Section 49 of the same Act, the Federal and provincial governments were tasked with establishing national and regional CERTs (computer emergency response teams) which has not happened, failure and incompetence go hand in hand.
The amount of times I have sat down with IT guys and asked them if they know what Wireshark is and if they run packet tracing on routers and the common answer I get back is, what is Wireshark? With the vast majority of bluechips and government offices now moving to VOIP telecoms, end point security is critical to protect against targeted attack by non-state actors:
View attachment 780010
Furthermore due to the laziness of PTA, the abundance of illegal VOIP operators poses another critical threat to our National Security, allowing terrorist, criminals and foreign threats to create secure channels of telecommunication, or spoof official numbers to target high-profile targets/public:
This can be done very simply by playing around with the 200 OK header: You can gain anonymity using a conventional network by playing around with the invite and 200 OK headers. This can be achieved by configuring a Cisco 877 type router running on a mpls or OPn / Fftp or even adsl network to treat headers with inv and 200ok and send out masking when sending the 180 early media thus bypassing any attempt to peek when dropping calls at the EX or even LN level.
Unregulated Sat TV revivers can be re-engineered using Linux to provide a satellite upload and downstream network bypassing the national monitoring apparatus. Anyone claiming this is not the case is living in cloud lala-land.
We are still using routers in Pakistan both at consumers and commercial users that are vulnerable to injection attacks. How many Pakistan smartphone users know of the threat from AdUps or Smurf Suite and how Mi5 used this to hack Pakistani aged CISCO routers?
Something as simple as that simple mass-produced cheap android smartphone is a listening and data gathering tool in your pocket:
View attachment 780012
AdUps Chinese spyware still on Android phones, including Blu - SlashGear
We haven't really learned any lessons on cyber security from high profile incidents such as the NADRA data breach or the MCB data dump on the dark web in 2018. The majority of Pakistanis are so ill-equipped in terms of cyber security that they constantly walk around with Wifi and Bluetooth enabled on their smart devices, allow me to show you how easy it is for someone with use a De-Auth attack and compromise your phone with $45 worth of tech:
(368) DSTIKE Deauther QUICK Demo - YouTube
Meanwhile it falls on Pakistani citizens and foreign journalists to highlight cases of fake-news/misinformation and false narratives:
Indian Chronicles: deep dive into a 15-year operation targeting the EU and UN to serve Indian interests | EU DisinfoLab
(368) Video game footage is confused for Pakistani Air Force activity in Afghanistan • FRANCE 24 - YouTube
I can go on, but it's like beating a worn drum. In the meantime what has out government done about this? Well they published a glossy report and a National Cyber Security Policy in 2021:
National CYBER SECURITY POLICY 2021 (moitt.gov.pk)
Seems like we are experts at publishing reports, but not acting upon the clear, present threat in our face.
