What's new

FBR was hacked because it was using pirated software

After reading most of the comments here I feel no surprise that people here love to fire their mouths (or rather their keyboards) than use their brains. A person like me, on the other hand, wonders why the IT administration did not procure VMware/Hyper-V licenses; and the only logical answer is: Budget (VMware costs around USD 10,000/socket and Hyper-V is not too far off; a deployment such as FBR may need hundreds of thousands of USD worth of licenses for their systems each year)!

It is not like any of the IT guys would be getting bonuses or rewards for using pirated software but rather the lack of funds due to which some or all the systems were being run on Pirated Software. And yet, even with pirated software (Hyper-V) it makes no sense how the systems could get compromised as the administrator still had the option to apply offline patches and besides, there is a concept of multi-vendor and multi-layered security approach to prevent access to critical systems. This way, even if 1 vendor solution is compromised, the other solution protects the systems while patches are released for vulnerabilities in the first system and vice versa.
Then what about opening the spoofed emails? Literally everyone with a basic understanding of IT and internet security knows not to open links sent via emails. Isn't this a basic precaution?
 
. .
After reading most of the comments here I feel no surprise that people here love to fire their mouths (or rather their keyboards) than use their brains. A person like me, on the other hand, wonders why the IT administration did not procure VMware/Hyper-V licenses; and the only logical answer is: Budget (VMware costs around USD 10,000/socket and Hyper-V is not too far off; a deployment such as FBR may need hundreds of thousands of USD worth of licenses for their systems each year)!

It is not like any of the IT guys would be getting bonuses or rewards for using pirated software but rather the lack of funds due to which some or all the systems were being run on Pirated Software. And yet, even with pirated software (Hyper-V) it makes no sense how the systems could get compromised as the administrator still had the option to apply offline patches and besides, there is a concept of multi-vendor and multi-layered security approach to prevent access to critical systems. This way, even if 1 vendor solution is compromised, the other solution protects the systems while patches are released for vulnerabilities in the first system and vice versa.
The government hopes getting hacked was worth it (saving the license cost).

Anyway getting hacked boils down to either unpatched systems or lack of cyber-security detail. All of which ends in a single point of failure. The user on the system.
Then what about opening the spoofed emails? Literally everyone with a basic understanding of IT and internet security knows not to open links sent via emails. Isn't this a basic precaution?
People click on shady links all the time.

1629485962971.png
 
.
After reading most of the comments here I feel no surprise that people here love to fire their mouths (or rather their keyboards) than use their brains. A person like me, on the other hand, wonders why the IT administration did not procure VMware/Hyper-V licenses; and the only logical answer is: Budget (VMware costs around USD 10,000/socket and Hyper-V is not too far off; a deployment such as FBR may need hundreds of thousands of USD worth of licenses for their systems each year)!

It is not like any of the IT guys would be getting bonuses or rewards for using pirated software but rather the lack of funds due to which some or all the systems were being run on Pirated Software. And yet, even with pirated software (Hyper-V) it makes no sense how the systems could get compromised as the administrator still had the option to apply offline patches and besides, there is a concept of multi-vendor and multi-layered security approach to prevent access to critical systems. This way, even if 1 vendor solution is compromised, the other solution protects the systems while patches are released for vulnerabilities in the first system and vice versa.
dont we have cheap alternatives to these expensive western tools ?
dont we have cheap alternatives to these expensive western tools ?
there is one i saw virtualbox /opensource
 
Last edited:
.
What are the mechanisms now?

Can they be traced? Is the data still for sale?

Increase in ransom cases?

Who the hell will answer these questions?
 
.
The Federal Board of Revenue (FBR) was using a pirated version of the Microsoft Hyper-V software which enabled the hackers to easily breach the tax authority’s system.


Advertisement


According to media reports, a preliminary internal investigation into the recent cyberattack on FBR has revealed that the use of pirated software was one of the reasons why FBR’s system got hacked.



ALSO READ


PCB Finalizes Coaches for All Six Domestic Cricket Associations



The probe also disclosed that last year in January, Alice Wells, the then chief US diplomat for South Asian affairs, during a four-day visit to Pakistan, accused FBR of using a pirated software and warned the FBR about the possibility of a cyberattack on the tax authority’s system due to the use of a pirated software.


In response to the allegations, the FBR issued an absurd clarification, stating that it was unaware of the situation since Pakistan Revenue Automation (Pvt.) Ltd (PRAL) was the service provider for FBR.


On 12 March last year, PRAL issued a tender, seeking bids for the supply, installation, and configuration of network equipment, servers, data center precision cooling, upgrade and support for storage area network and backup solution, and Microsoft Windows for its Data Center in Custom House, Karachi.


Although PRAL set 13 April 2020 as the deadline for the submission of the bids, it has not yet disclosed the name of the firm that won the bid.



ALSO READ


ADB To Provide $235 Million Loan for Development of Highways



Recently, hackers breached the Microsoft Hyper-V software used by the FBR and took down the official website of the tax authority along with all of its subdomains.


Although FBR restored its official website and all of its tax-related functions, hackers put the FBR’s data on sale on a Russian forum for $30,000.

Advertisement


Following the cyberattack, Finance Minister Shaukat Tareen had issued stern directions to the FBR to carry out a complete appraisal of its system’s vulnerabilities in order to prevent similar incidents in the future.


Speaking exclusively with ProPakistani, Umair Ali Zafar, Principal Security Engineer at Ebryx, explained that hackers sent emails containing malicious documents in the attachments to FBR officials. These emails looked like they came from valid email addresses of the Govt of Pakistan, the Ministry of IT, and Telecom, but they were actually spoofed. The documents were crafted to gain the interest of the receiver, but when opened, infected the system.


Zafar added once a system got affected, it was used to gain access to other systems on the network, which led to the breach of the whole organization. At least since last Tuesday, the access to 1500+ systems of FBR was being sold online while threat intelligence about these emails was circulating since at least early July.


==========================

Not only were the idiots using pirated software, after having promised to replace said software 2 years ago - they also opened spoof emails. Ridiculous.

Maa Sadqe jaye 😂

BC govt ko kaho Microsoft or esi companies k sath as a govt deal kare or har mehkame ko original software diye jaye it will be cheap.
After reading most of the comments here I feel no surprise that people here love to fire their mouths (or rather their keyboards) than use their brains. A person like me, on the other hand, wonders why the IT administration did not procure VMware/Hyper-V licenses; and the only logical answer is: Budget (VMware costs around USD 10,000/socket and Hyper-V is not too far off; a deployment such as FBR may need hundreds of thousands of USD worth of licenses for their systems each year)!

It is not like any of the IT guys would be getting bonuses or rewards for using pirated software but rather the lack of funds due to which some or all the systems were being run on Pirated Software. And yet, even with pirated software (Hyper-V) it makes no sense how the systems could get compromised as the administrator still had the option to apply offline patches and besides, there is a concept of multi-vendor and multi-layered security approach to prevent access to critical systems. This way, even if 1 vendor solution is compromised, the other solution protects the systems while patches are released for vulnerabilities in the first system and vice versa.
You can cut a deal with Microsoft and if they had budget constraints then atleast properly check the pirated software 🙄
 
.
Then what about opening the spoofed emails? Literally everyone with a basic understanding of IT and internet security knows not to open links sent via emails. Isn't this a basic precaution?

Do you even know what a successful spoofed email is? Consider a scenario where you are employed by PRAL/FBR and regularly receive emails and attachments from MoIT or MoF or MoFA etc. In this case, you would not generally give a second thought to an attachment from one of the Ministries or Divisions. This would become extremely true if you are expecting an attachment.

Moving on, even genuine emails and attachments can have malicious code which execute when you open the genuine attachment. Is it any wonder why email spoofing and delivery of malicious code through email is still the most successful tool?
The government hopes getting hacked was worth it (saving the license cost).

Anyway getting hacked boils down to either unpatched systems or lack of cyber-security detail. All of which ends in a single point of failure. The user on the system.

Which is why I always advocate keeping users on totally different network (physically different and just just VLAN segregation). Internal DATABASES should always be off the internet with only 1-way traffic coming in from the Web Server. A read-only copy of the production server on a separate VM should return internet queries so that production servers are never compromised.
dont we have cheap alternatives to these expensive western tools ?

The alternatives are just not practical for enterprise environments. This is the reason companies like ORACLE and MS are so very very successful.
 
Last edited:
.
Which is why I always advocate keeping users on totally different network (physically different and just just VLAN segregation). Internal DATABASES should always be off the internet with only 1-way traffic coming in from the Web Server. A read-only copy of the production server on a separate VM should return internet queries so that production servers are never compromised.
You're still left with lost data if the web server is compromised. That includes a LOT of stuff. No other way than to hire top of the line people to sort out your shit. The other alternative is much more expensive.
 
.
You're still left with lost data if the web server is compromised. That includes a LOT of stuff. No other way than to hire top of the line people to sort out your shit. The other alternative is much more expensive.

Minimal lost data, in the event the Web Server is compromised. There is no such thing as a FOOL PROOF system and no top of the line people can prevent attacks. The best a team can do is defend against most of the attacks and react/recover with minimal to no loss in the event of a successful attack!
 
.

Pakistan Defence Latest Posts

Pakistan Affairs Latest Posts

Back
Top Bottom