What's new

Time to create Pakistan's very own NSA

We are not even in a position to detect APT attacks with current setups ....:cry:..There is sheer lack of Cyber threat realization ...
 
.
All the people here who are following developments around the world specially related to defence have clearly noticed various nuclear plants in Iran and other stuff getting blown up again and again specially in past ten days. These are clearly the result of Israel and USA cyber attacks like they did few years ago in form of STUXNET. They seem to be back on track and using Cyber Warfare to cause the damage for which until few years ago you needed to carry out a physical attack or sabotage to achieve that.

Therefore either we I mean Pakistan could try to keep our eyes shut and simply choose to ignore the threat of cyber warfare which if not now, will be knocking on our doors soon or we could establish our own dedicated agency which does following jobs.

  1. Cyber Warfare
  2. Cyber Defence
  3. SIGNIT
  4. OSINIT
  5. Helping other Government agencies and private companies in establishing their cyber wings and how to secure their data and protect themselves from cyber attacks.
Yes we have budget constraints but we have to start with whatever we have otherwise good luck in future wars.

@jaibi @Horus @Slav Defence @WebMaster @Tipu7 @Sulman Badshah @Arsalan @BLACKEAGLE @PanzerKiel @Foxtrot Alpha @cabatli_53 @Suff Shikan @syed_yusuf @Rafi @MastanKhan @Blacklight


Cyber is the next RMA (Revolution in Military Affairs). Cyber will be the primary (maybe even the only) determinant of victory in the next world war, when it comes. This has become amply clear to many militaries by now.

The thing with cyber however is that it is not like existing mil technologies or domains. Advancement in cyber is not tied to the breadth and depth of advanced technologies possessed by a country, but it is tied to the quality of human resources a country has developed.

Another very different thing with cyber is that it is not a capability which requires huge capital investments. A new fighter procurement program today will cost billions or tens of billions of dollars. A top notch cyber capability will not require more investment than a few hundred millions of dollars.

Finally, one more key difference is that cyber is essentially a civilian sector capability. Cyber is a domain where civilian teams, private sector companies and small startups are the frontline warriors. Uniformed soldiers will not be any use in this domain. This is a conops that is very different and very unfamiliar to military planners. But it is probably the most important thing to keep in mind while trying to acquire any cyber capability.

A cyber division of an army can be loosely compared to a general staff. The bulk of its work, the planning and preparation, the exercises and the training, are done during times of peace. When war breaks out, the job will just be to put the previously developed plans in practice, make suitable amendments, and draw on pre-existing resources to implement the plans.
 
.
US NSA and British GCHQ has thoroughly "Penetrated" Pakistani Networks so much so they almost know what's what of Pakistan Network. Here are some of the glaring examples of this and last decade.

SNOWDEN ARCHIVE
——THE SIDTODAY
FILES
SIDtoday is the internal newsletter for the NSA’s most important division, the Signals Intelligence Directorate. The Intercept released four years’ worth of newsletters in batches, starting with 2003, after editorial review. From the documents and the accompanying articles available in this

https://theintercept.com/snowden-sidtoday/


A Success Story, In Which the MSOC Takes On a Pakistani GSM Network
SUMMARY
In March 2006, analysts working at the Misawa Security Operations Center discovered two Pakistani GSM cell phone infrastructure links and began sustained collection. In the following months they discovered and began spying on a total of 14 links. These GSM links "enable development and reporting on al-Qaeda senior leadership, which primarily uses GSM and C2C (computer-to-computer) modes of communication."

https://theintercept.com/snowden-sidtoday/5987479-a-success-story-in-which-the-msoc-takes-on-a/

The United States' clandestine National Security Agency (NSA) allegedly spied on top civil-military leadership in Pakistan using malware, The Intercept reported.

Malware SECONDDATE allegedly built by the NSA was used by agency hackers to breach "targets in Pakistan’s National Telecommunications Corporation’s (NTC) VIP Division", which contained documents pertaining to "the backbone of Pakistan’s Green Line communications network" used by "civilian and military leadership", according to an April 2013 presentation document obtained by The Intercept.

https://theintercept.com/2016/08/19/the-nsa-was-hacked-snowden-documents-confirm/

Pakistan NTDC GREEN ROOM VIP Division Layout Obtained by NSA SIGINT DIVISION
https://www.documentcloud.org/documents/3031638-Select-Slides-FINAL-PMR-4-24-13-Redacted.html


British e-spy agency hacked network routers to access almost any internet user in Pakistan

https://theintercept.com/2015/06/22/gchq-reverse-engineering-warrants/


Doing SIGINT in Pakistan
SUMMARY
A SID intern from the Pakistan Branch was deployed to work at Special Collection Service sites in Islamabad and Lahore

https://theintercept.com/snowden-sidtoday/3676115-doing-sigint-in-pakistan/




 
.
It won’t happen. The current generation of folks at helm have no idea about this. They’ve tried to implement this in very meagre attempts .. to tip toe into it. But other than getting servers installed , there’s not much else they’re capable of.

Getting serious about cyber would need real world investment into maths, science / tech and education from the grounds up.. we are busy with doing anything but that. So, yep, not going to happen.
 
Last edited:
. .
Our cyber policy currently seems to be "what we cant see doesn't exist ". Whats the use of all that Humint when you are gonna lose that advantage over a simple landline conversation.
All this is fine with our aging elites but PUBG ban is a must bcz that is a national security threat.

Our cyber policy currently seems to be "what we cant see doesn't exist ". Whats the use of all that Humint when you are gonna lose that advantage over a simple landline conversation.
All this is fine with our aging elites but PUBG ban is a must bcz that is a national security threat.
BTW i wonder why Americans or Israelis have not attacked our critical infrastructure yet or maybe they are just sitting on it waiting if we go openly against them.
 
.
US NSA and British GCHQ has thoroughly "Penetrated" Pakistani Networks so much so they almost know what's what of Pakistan Network. Here are some of the glaring examples of this and last decade.

SNOWDEN ARCHIVE
——THE SIDTODAY
FILES
SIDtoday is the internal newsletter for the NSA’s most important division, the Signals Intelligence Directorate. The Intercept released four years’ worth of newsletters in batches, starting with 2003, after editorial review. From the documents and the accompanying articles available in this

https://theintercept.com/snowden-sidtoday/


A Success Story, In Which the MSOC Takes On a Pakistani GSM Network
SUMMARY
In March 2006, analysts working at the Misawa Security Operations Center discovered two Pakistani GSM cell phone infrastructure links and began sustained collection. In the following months they discovered and began spying on a total of 14 links. These GSM links "enable development and reporting on al-Qaeda senior leadership, which primarily uses GSM and C2C (computer-to-computer) modes of communication."

https://theintercept.com/snowden-sidtoday/5987479-a-success-story-in-which-the-msoc-takes-on-a/

The United States' clandestine National Security Agency (NSA) allegedly spied on top civil-military leadership in Pakistan using malware, The Intercept reported.

Malware SECONDDATE allegedly built by the NSA was used by agency hackers to breach "targets in Pakistan’s National Telecommunications Corporation’s (NTC) VIP Division", which contained documents pertaining to "the backbone of Pakistan’s Green Line communications network" used by "civilian and military leadership", according to an April 2013 presentation document obtained by The Intercept.

https://theintercept.com/2016/08/19/the-nsa-was-hacked-snowden-documents-confirm/

Pakistan NTDC GREEN ROOM VIP Division Layout Obtained by NSA SIGINT DIVISION
https://www.documentcloud.org/documents/3031638-Select-Slides-FINAL-PMR-4-24-13-Redacted.html


British e-spy agency hacked network routers to access almost any internet user in Pakistan

https://theintercept.com/2015/06/22/gchq-reverse-engineering-warrants/


Doing SIGINT in Pakistan
SUMMARY
A SID intern from the Pakistan Branch was deployed to work at Special Collection Service sites in Islamabad and Lahore

https://theintercept.com/snowden-sidtoday/3676115-doing-sigint-in-pakistan/

Want to see the hard work being done by Pakistan's lead agency on cyber crime... Here you go:
Rest my case.png


On a serious note, the biggest threat to Pakistan's critical cyber infrastructure comes from APT (advanced persistent threat) organisations. There are some excellent people doing work in the background but are unsung heroes in the cyber security sphere, Mr. Ammar Jaffri is a good vocal advocate for cyber security and speaker on IOT/security, you should check out some of his work.

Further reading for any interested party:

https://cgss.com.pk/publication/Publications/pdf/Event-Report-Cyber-Security.pdf

https://www.e-pakistan.org/OurEvents/12
 
.
PTA is busy trying to block and spy on their own citizens' VPNs while the world is looking at our every move because of our horrible cyber capabilities. We are extremely lucky to have China and their enormous capability to back us up. Their cyber capability is the reason India can never go to war with them, because it is so good that China can shut down all of India with cyber attacks and win the war without firing a bullet if they must.
 
.
Want to see the hard work being done by Pakistan's lead agency on cyber crime... Here you go:
View attachment 648125

On a serious note, the biggest threat to Pakistan's critical cyber infrastructure comes from APT (advanced persistent threat) organisations. There are some excellent people doing work in the background but are unsung heroes in the cyber security sphere, Mr. Ammar Jaffri is a good vocal advocate for cyber security and speaker on IOT/security, you should check out some of his work.

Further reading for any interested party:

https://cgss.com.pk/publication/Publications/pdf/Event-Report-Cyber-Security.pdf

https://www.e-pakistan.org/OurEvents/12

Just to add one more organization into this mix. If you have heard about them. Infogistics Pvt Limited. Located in Lahore. Deals heavily in Information Security.

https://infogistic.com/home/

They have conducted Projects for Pakistan Intelligence community as far as I know. In addition to that, they Did a 3 Year project with Qatar Largest Government Organization to help them get the ISO 27001 which successfully resulted into this.

MME’s Information Systems receives ISO Certificate

24 Oct 2019 - 8:07


QNA
The Information Systems Department of the Ministry of Municipality and Environment (MME) has obtained the certificate of information security management system according to the international standard / EN ISO 27001: 2013 / issued by the International Organization for Standardization (ISO).

By obtaining this certification, the Information Systems Department has met all the international requirements and standards required for the international quality control system in accordance with ISO 27001, in the context of its modernization, development and application of international best practices to ensure the security and integrity of data and information, especially with the continuous expansion witnessed by the Ministry of Municipality and Environment in the digital transformation of its services in all its sectors

https://www.thepeninsulaqatar.com/a...-Information-Systems-receives-ISO-Certificate
 
.
It won’t happen. The current generation of folks at helm have no idea about this. They’ve tried to implement this in very meagre attempts .. to tip toe into it. But other than getting servers installed , there’s not much else they’re capable of.

Getting serious about cyber would need real world investment into maths, science / tech and education from the grounds up.. we are busy with doing anything but that. So, yep, not going to happen.
NSA, RAW, etc rely on a level of inquisitiveness and critical thinking our 'uncles in charge' don't tolerate, ever. It's DOA. As with most things, for Pakistan/Pakistanis to compete, the ones who are in charge of our affairs must change.
 
.
NSA, RAW, etc rely on a level of inquisitiveness and critical thinking our 'uncles in charge' don't tolerate, ever. It's DOA. As with most things, for Pakistan/Pakistanis to compete, the ones who are in charge of our affairs must change.

Everything new comes off as a threat, to their tenures and settled ways of thinking. Hence, we can forget about bringing about a change. The fact that majority of them do not even understand the modern electronic battlefield, is yet another issue.
 
.
Just to add one more organization into this mix. If you have heard about them. Infogistics Pvt Limited. Located in Lahore. Deals heavily in Information Security.

https://infogistic.com/home/

They have conducted Projects for Pakistan Intelligence community as far as I know. In addition to that, they Did a 3 Year project with Qatar Largest Government Organization to help them get the ISO 27001 which successfully resulted into this.

MME’s Information Systems receives ISO Certificate

24 Oct 2019 - 8:07


QNA
The Information Systems Department of the Ministry of Municipality and Environment (MME) has obtained the certificate of information security management system according to the international standard / EN ISO 27001: 2013 / issued by the International Organization for Standardization (ISO).

By obtaining this certification, the Information Systems Department has met all the international requirements and standards required for the international quality control system in accordance with ISO 27001, in the context of its modernization, development and application of international best practices to ensure the security and integrity of data and information, especially with the continuous expansion witnessed by the Ministry of Municipality and Environment in the digital transformation of its services in all its sectors

https://www.thepeninsulaqatar.com/article/24/10/2019/MME’s-Information-Systems-receives-ISO-Certificate

You may know the answer, has the vulnerability of tr69 protocol been patched on D-Link routers in Pakistan?
 
.
i have been working with some org..and participated in few conferences ...I ended with tears while looking at the strategy they were pursuing ...totally misdirected and waste of money.....those who do not know computers beyond MS Office were heading the affairs....

Can't list down here..how miserable our IT infrastructure...Very very disturbing...my few friends in PDF know ...as we have already covered it up in detail.
 
.
i have been working with some org..and participated in few conferences ...I ended with tears while looking at the strategy they were pursuing ...totally misdirected and waste of money.....those who do not know computers beyond MS Office were heading the affairs....

Can't list down here..how miserable our IT infrastructure...Very very disturbing...my few friends in PDF know ...as we have already covered it up in detail.
Than we are heading for national disaster. We need to work together and hard to get the message to highest level. Send ministers and Armed Forces head letters and messages on twitter. Those who have connections in Armed Forces also need to raise this issue over and over again.
 
.
Than we are heading for national disaster. We need to work together and hard to get the message to highest level. Send ministers and Armed Forces head letters and messages on twitter. Those who have connections in Armed Forces also need to raise this issue over and over again.
Its a lost cause those babas sitting up there wont act until someone siphons off millions from their bank accounts to off shore banks. They cant get their head around the basic idea that a computer not connected to internet can be hacked pushing them on a national cyber security policy is a lost battle.
 
Last edited:
.

Latest posts

Back
Top Bottom