What's new

Massive DDOS attack targeting Pakistan's Infrastructure.

Status
Not open for further replies.
100% agree, Pakistan's residential and commercial users are is still using DLink routers which haven't been patched for the uPNP exploit:
View attachment 778792

Example of a NAT Upnp injection script utilised against Pakistani routers previously:
View attachment 778794

Weaponised Urdu Font on a word document:
View attachment 778795
Filename:EOI-Application_Form.inp md5:d9279f628c9f19420f14edf3cfc3123f c2:officeupdater[.]org

Weaponised Word Document using InPage exploit:
View attachment 778797
View attachment 778798

And to top it all off our National Cyber Crime centre's website is still using HTTP protocol.
View attachment 778799
from certified CTO to Cyber Security specialist ...more respect for you :smitten:
 
.
This is a developing story, please wait for official confirmation from trusted sources.
According to our IT minister sahb we have faced more than a million cyber attacks from india in last year or so.

My question is what have we done so far ?

1) We need to start educating babus and civil servants from bottom to top even till PM and COAS level about cyber space and threats/precautions etc.

We need to start offensive ops using APT level offensive groups (**** the laws if india doesn't abide by them why shall we? )

Increase APT level groups from 1 that we have and its subgroup to atleast 5 (of our own) then get Chinese, N.K. Iranian and Turkish hackers and put them with 4 more APT groups on rotatation basis.

Lastly develop a firewall and put your official website servers in Pakistan.
 
. .
i dealth with ddos all the time daily and for almost month bringing my site down.

problem with pakistanis us is they read in books, write research paper.

there are 7 layers in ddos that can attack and could be more.
layer 7 is most common

other can be deal with having by having anti ddos ip address.

anyways as i said reaearch paper wouldnt safe the day its experience
 
.
i dealth with ddos all the time daily and for almost month bringing my site down.

problem with pakistanis us is they read in books, write research paper.

there are 7 layers in ddos that can attack and could be more.
layer 7 is most common

other can be deal with having by having anti ddos ip address.

anyways as i said reaearch paper wouldnt safe the day its experience

Fair enough brother.
 
.
100% agree, Pakistan's residential and commercial users are is still using DLink routers which haven't been patched for the uPNP exploit:
View attachment 778792

Example of a NAT Upnp injection script utilised against Pakistani routers previously:
View attachment 778794

Weaponised Urdu Font on a word document:
View attachment 778795
Filename:EOI-Application_Form.inp md5:d9279f628c9f19420f14edf3cfc3123f c2:officeupdater[.]org

Weaponised Word Document using InPage exploit:
View attachment 778797
View attachment 778798

And to top it all off our National Cyber Crime centre's website is still using HTTP protocol.
View attachment 778799
And the portal doesn't even work 😆
That http thing is a true irony wonder what USA imported advisors are doing about it for ik.
There are no advisors when it comes to Cyber security I hope they take whatever they have in Pakistan and use them we have loads of known names from Shameer Amir to Rafay Baloch who can help govt.

And we need a scouting system to scout out such talent and then train them under supervision of specialists. Goes for many fields.
 
.
And we need a scouting system to scout out such talent and then train them under supervision of specialists. Goes for many fields.
our universities don't have cyber security programs.maybe one and two reputable universities.Also most pakistani students are not willing to go in this field because it doesn't have as much as jobs available as compared to software dev jobs.
 
.
While I fully expect average Pakistanis to suspect India to be behind such attacks, I do find it funny at this turn. GOI is equally (if not more) unprepared in this area; most state institutions including Navratnas have terribly outdated websites and unprepared staff. Even will funded Indian private enterprises are behind their Western contemporaries.
 
.
There was a time Rakuten came to Pakistan to take our best and brightest in the IT sector to Japan, what did the government do to reduce the human capital flight? Nothing!
Our ministry of science & technology in recent past was led by a big mouth lawyer. Guess what was the biggest accomplishment ..... a moon calendar.
Current one is a poet ..... accomplishment .... an electronic voting machine (ofcourse it can't be hacked).
 
. .
While I fully expect average Pakistanis to suspect India to be behind such attacks, I do find it funny at this turn. GOI is equally (if not more) unprepared in this area; most state institutions including Navratnas have terribly outdated websites and unprepared staff. Even will funded Indian private enterprises are behind their Western contemporaries.
Time is changing quickly

 
.
Cyber warfare is the future, I hope Pakistan take some major steps to secure their Financial and Military systems from such attacks.
 
.
This is a developing story, please wait for official confirmation from trusted sources.

Are there no intelligent firewall tiers that would stop the incoming traffic outside of what's needed? The advance firewalls are smart enough to detect DDOS packets being sent and can block a whole country in case of such attempts. I'd guess this took place from your arch-rival?
100% agree, Pakistan's residential and commercial users are is still using DLink routers which haven't been patched for the uPNP exploit:
View attachment 778792

Example of a NAT Upnp injection script utilised against Pakistani routers previously:
View attachment 778794

Weaponised Urdu Font on a word document:
View attachment 778795
Filename:EOI-Application_Form.inp md5:d9279f628c9f19420f14edf3cfc3123f c2:officeupdater[.]org

Weaponised Word Document using InPage exploit:
View attachment 778797
View attachment 778798

And to top it all off our National Cyber Crime centre's website is still using HTTP protocol.
View attachment 778799

Why are they using HTTP? It's unsecure like a baby's diaper........all sensitive financial, government, businesses now use HTTPS, half the issue of hack of DDOS is dead on attempt.
 
.
I guess they forgot to put this

recaptcha_form.png

The muppets dont even know importance of basics such as ssl let alone other measures. Intrusion detection on firewalls and otger services like cloud flare protect from ddos.
 
Last edited:
.
Why are they using HTTP? It's unsecure like a baby's diaper........all sensitive financial, government, businesses now use HTTPS, half the issue of hack of DDOS is dead on attempt.
says by whom?
 
.
Status
Not open for further replies.

Latest posts

Pakistan Defence Latest Posts

Pakistan Affairs Latest Posts

Back
Top Bottom