What's new

Biggest Ever Hack at Finance Ministry Reveals State Secrets

Bratva

PDF THINK TANK: ANALYST
Joined
Jun 8, 2010
Messages
13,832
Reaction score
67
Country
Pakistan
Location
Qatar
By Jehangir Nasir | Published Mar 29, 2022 | 7:33 pm

The official data of the Finance Ministry of Pakistan has been leaked in what appears to be the biggest cyber security breach any Pakistani institution has ever faced.In December 2021, a hacker, belonging to an unfriendly country, had claimed to have hacked the official data of the Finance Ministry, which was categorically rejected by the ministry’s spokesperson, Muzammil Aslam. Three months later, the hacker has released some of the sensitive data of the ministry. This data contains confidential information related to other countries, international financial organizations, national institutions, ministries, and divisions.


As a piece of evidence, the hacker behind the breach has shared an email dataset of a Grade-17 official of the Finance Ministry. The dataset ranges from 2014 and 2021. It contains important official communication of the ministry. ProPakistani verified the authenticity of the sample dataset. The contents of the dataset show that the receivers of the emails by the Grade-17 official include China, US, Saudi Arabia, and dozens of other countries.

The emails linked with China include the official communication related to China Pakistan Economic Corridor (CPEC) projects, JF-17 Thunder Block-III, repayment and restructuring of Chinese loans, and other joint ventures between both countries. It also contains details of US loans repayments and restructuring as well as Saudi loans and oil facility.

As for international institutions, the dataset shows communication with the World Bank, Moody’s, International Monetary Fund (IMF), Fitch Ratings, S&P Global, Asian Development Bank (ADB), Credit Suisse, and hundreds of other international financial institutions.
Moreover, the dataset also shows communication with national institutions, ministries, and divisions such as the Defense Ministry, the National Highway Authority (NHA), and dozens of other similar bodies.

Lastly, the dataset also shows all the details of the official meeting minutes of the Finance Ministry.
When contacted by ProPakistani, spokesperson for the Ministry of Finance, Muzammil Aslam, said that the hacker’s claim appears to be untrue and nothing of the sort has come to my notice.

Giving his take on the data leak, Rawalpindi-based strategic analyst Zaki Khalid, said:
This email dataset is one of many purportedly held by the cyber mercenary. He was visibly annoyed by the Pakistani Ministry of Finance’s rebuff of his previous successful intrusion and shared a sample to defend his personal integrity. Moreover, the hacker has indicated that further unspecified sensitive datasets could be leaked in the near future.
Zaki is of the view that the systems and networks across the Government of Pakistan require regular and comprehensive technical audits to identify and remove vulnerabilities. Training on Cyber Security and Social Engineering fundamentals should be mandatory for all rank and file of government officials, including gazetted officers of the highest rank.


It must be noted here that the National Telecommunication and Information Security Board (NTISB) is responsible for maintaining the systems and networks of the Pakistani government. NTISB regularly issues circulars/notifications to government officials to update their antivirus software and other security protocols.

The federal government needs to prioritize the establishment of a national authority that can manage or secure cyberspace. This is a need of the hour, and such matters need to be investigated as a top priority. Clearly, the guidelines of the NTISB aren’t being strictly implemented and this matter should be urgently addressed by the Cabinet Division which directly falls under the domain of the Prime Minister’s Office.
In 2021, the federal government had also signed the National Cybersecurity Policy (NCP) 2021 into law. The policy declared a cyber-attack on national institutions as an attack on national sovereignty and made it mandatory for robust measures to be taken to consolidate the IT infrastructure of the government.

A considerable amount of investment and organizational restructuring are required to implement the NCP 2021 to secure the Pakistani government’s IT infrastructure. Anti-state elements could jeopardize national security and sovereignty if this data falls into the wrong hands.

Update:​

In a press release issued late in the evening, the Finance Division said that the news item circulating on social media “about hacker attempt on Finance Ministry and leakage of official data“ pertains to an incident of hacking which was reported some three months earlier.
The statement added that “instant steps were taken and a thorough cyber security audit was conducted”.

It further said that “the veracity of the news was not established. Meanwhile Finance Division has put in place numerous measures and protocols to further reinforce cyber security of its IT infrastructure and official data.”

 
This MFeR is to blame.
1648582877922.png
 
Unlicensed operating systems where social media and other malicious links are clicked on frequently with no cybersecurity education nor enforcement of such policies - what else was to be expected.
Just get the government to shift to Linux. It can do everything Microsoft does, better.

This may be the start of regime change operations by targeting state institutions.
 
By Jehangir Nasir | Published Mar 29, 2022 | 7:33 pm

The official data of the Finance Ministry of Pakistan has been leaked in what appears to be the biggest cyber security breach any Pakistani institution has ever faced.In December 2021, a hacker, belonging to an unfriendly country, had claimed to have hacked the official data of the Finance Ministry, which was categorically rejected by the ministry’s spokesperson, Muzammil Aslam. Three months later, the hacker has released some of the sensitive data of the ministry. This data contains confidential information related to other countries, international financial organizations, national institutions, ministries, and divisions.


As a piece of evidence, the hacker behind the breach has shared an email dataset of a Grade-17 official of the Finance Ministry. The dataset ranges from 2014 and 2021. It contains important official communication of the ministry. ProPakistani verified the authenticity of the sample dataset. The contents of the dataset show that the receivers of the emails by the Grade-17 official include China, US, Saudi Arabia, and dozens of other countries.

The emails linked with China include the official communication related to China Pakistan Economic Corridor (CPEC) projects, JF-17 Thunder Block-III, repayment and restructuring of Chinese loans, and other joint ventures between both countries. It also contains details of US loans repayments and restructuring as well as Saudi loans and oil facility.

As for international institutions, the dataset shows communication with the World Bank, Moody’s, International Monetary Fund (IMF), Fitch Ratings, S&P Global, Asian Development Bank (ADB), Credit Suisse, and hundreds of other international financial institutions.
Moreover, the dataset also shows communication with national institutions, ministries, and divisions such as the Defense Ministry, the National Highway Authority (NHA), and dozens of other similar bodies.

Lastly, the dataset also shows all the details of the official meeting minutes of the Finance Ministry.
When contacted by ProPakistani, spokesperson for the Ministry of Finance, Muzammil Aslam, said that the hacker’s claim appears to be untrue and nothing of the sort has come to my notice.

Giving his take on the data leak, Rawalpindi-based strategic analyst Zaki Khalid, said:

Zaki is of the view that the systems and networks across the Government of Pakistan require regular and comprehensive technical audits to identify and remove vulnerabilities. Training on Cyber Security and Social Engineering fundamentals should be mandatory for all rank and file of government officials, including gazetted officers of the highest rank.


It must be noted here that the National Telecommunication and Information Security Board (NTISB) is responsible for maintaining the systems and networks of the Pakistani government. NTISB regularly issues circulars/notifications to government officials to update their antivirus software and other security protocols.

The federal government needs to prioritize the establishment of a national authority that can manage or secure cyberspace. This is a need of the hour, and such matters need to be investigated as a top priority. Clearly, the guidelines of the NTISB aren’t being strictly implemented and this matter should be urgently addressed by the Cabinet Division which directly falls under the domain of the Prime Minister’s Office.
In 2021, the federal government had also signed the National Cybersecurity Policy (NCP) 2021 into law. The policy declared a cyber-attack on national institutions as an attack on national sovereignty and made it mandatory for robust measures to be taken to consolidate the IT infrastructure of the government.

A considerable amount of investment and organizational restructuring are required to implement the NCP 2021 to secure the Pakistani government’s IT infrastructure. Anti-state elements could jeopardize national security and sovereignty if this data falls into the wrong hands.

Update:​

In a press release issued late in the evening, the Finance Division said that the news item circulating on social media “about hacker attempt on Finance Ministry and leakage of official data“ pertains to an incident of hacking which was reported some three months earlier.
The statement added that “instant steps were taken and a thorough cyber security audit was conducted”.

It further said that “the veracity of the news was not established. Meanwhile Finance Division has put in place numerous measures and protocols to further reinforce cyber security of its IT infrastructure and official data.”

Been tracking that guy for ages. @Foxtrot Alpha knows about him as well. His identity is in open and yet FIA has no balls to contact interpol and get that PJeet arrested.

I have also asked an other hacker (Pakistani) and guess what ? He said they can do much more but as soon as they do it police or FIA knocks at their door and tells them not to be cyber criminals.

Unlicensed operating systems where social media and other malicious links are clicked on frequently with no cybersecurity education nor enforcement of such policies - what else was to be expected.
It is more than that. That guy has been using social engineering to drop the packages into Pakistani system.

PAC doesn't have any Internet yet few employees of PAC were targeted and data of Mushak and JF17 was leaked.

Just get the government to shift to Linux. It can do everything Microsoft does, better.

This may be the start of regime change operations by targeting state institutions.
Wont work. We need to train our employees and strengthen our systems.
 
troll
T.....
 
Last edited by a moderator:
This nation believes a superpower America threatens through letters then it’s no surprise that their database is hacked

Who knows maybe the database is also a bunch of letters hahaha
Letter were sent to ambassador of Pakistan in US you..
 
Been tracking that guy for ages. @Foxtrot Alpha knows about him as well. His identity is in open and yet FIA has no balls to contact interpol and get that PJeet arrested.

I have also asked an other hacker (Pakistani) and guess what ? He said they can do much more but as soon as they do it police or FIA knocks at their door and tells them not to be cyber criminals.


It is more than that. That guy has been using social engineering to drop the packages into Pakistani system.

PAC doesn't have any Internet yet few employees of PAC were targeted and data of Mushak and JF17 was leaked.
Is the data out in the public?
 
I will never understand why such ministries are connected to the www?
 
ISI should assassinate any Indian hacker who poses a threat to Pakistan’s cyber security.

ISI can't assassinate traitors at home in the garb of Nawaz, PDM, Zardari, "journalist", NGOs, who are actively working against the very creation of Pakistan for Modi/RSS for a house in London..

You expect the same ISI to conduct operations elsewhere???... Lol

Too much faith in an impotent agency...
 

Pakistan Affairs Latest Posts

Back
Top Bottom