What's new

Time to create Pakistan's very own NSA

People instead of Crying everyday about how such an OSINT / Cyber unit is needed in the country should instead put forward ideas on how such an organization should be set up...

Under whose authority should this organization be.....allocated resources, budget, manpower...what should be reporting line what should be chain of command.....where should it be placed, it should be attached to which parent organization....

Crying about the issues is easy---i can cry about all lot of things, finding solution to the problem is the most difficult part....

PDF is an excellent platform, use it to it's potential.
This platform has allowed people to develop their skill sets in various domains, this forum is full of such examples. How far we have come with this forum.

We urge all the members of this forum to use this platform, perform your analysis & share with us. Bring forward the information. We have dedicated threads for Information pool, use those. Research & update the threads of your choice, perform your analysis & we will publish them on Social Media....no one is perfect but learn with time....if i share my initial OSINT work here, people will have a good laugh, but i learned from the mistakes, developed myself further. Images, videos, tweets they will all start talking to you telling you the entire tale with the passage of time....
 
.
People instead of Crying everyday about how such an OSINT / Cyber unit is needed in the country should instead put forward ideas on how such an organization should be set up...

Under whose authority should this organization be.....allocated resources, budget, manpower...what should be reporting line what should be chain of command.....where should it be placed, it should be attached to which parent organization....

Crying about the issues is easy---i can cry about all lot of things, finding solution to the problem is the most difficult part....

PDF is an excellent platform, use it to it's potential.
This platform has allowed people to develop their skill sets in various domains, this forum is full of such examples. How far we have come with this forum.

We urge all the members of this forum to use this platform, perform your analysis & share with us. Bring forward the information. We have dedicated threads for Information pool, use those. Research & update the threads of your choice, perform your analysis & we will publish them on Social Media....no one is perfect but learn with time....if i share my initial OSINT work here, people will have a good laugh, but i learned from the mistakes, developed myself further. Images, videos, tweets they will all start talking to you telling you the entire tale with the passage of time....
Securing, developing and countering Signal, Networks and cyber Security is a part of your country Intel community. I think Pakistan was already working on placing secure lines of communication with China. Chinese are working on developing quantum communication to secure their networks. You can’t be using 3rd party hardware and expect your communication to be secure.

There is a reason Trump is banning Chinese tech companies citing national security.
 
.
we use u.s made equipment like f16s,c130s so it is very difficult to defend against any cyber attack by u.s or israel.We should go for chinese equipment or promote indigenous weapons if want to protect our assets from such attacks,india not has capability of cyber warfare and are much behind although in software technology they are better than us and we need to improve our software engineering capability
 
.
People instead of Crying everyday about how such an OSINT / Cyber unit is needed in the country should instead put forward ideas on how such an organization should be set up...

Under whose authority should this organization be.....allocated resources, budget, manpower...what should be reporting line what should be chain of command.....where should it be placed, it should be attached to which parent organization....

Crying about the issues is easy---i can cry about all lot of things, finding solution to the problem is the most difficult part....

PDF is an excellent platform, use it to it's potential.
This platform has allowed people to develop their skill sets in various domains, this forum is full of such examples. How far we have come with this forum.

We urge all the members of this forum to use this platform, perform your analysis & share with us. Bring forward the information. We have dedicated threads for Information pool, use those. Research & update the threads of your choice, perform your analysis & we will publish them on Social Media....no one is perfect but learn with time....if i share my initial OSINT work here, people will have a good laugh, but i learned from the mistakes, developed myself further. Images, videos, tweets they will all start talking to you telling you the entire tale with the passage of time....

It should be under Military but not ISI. In fact most ideal Force to head this kind of thing in Pakistan is PAF or let say a Vice Air Marshal rank officer. ISI should establish it's own separate Cyber unit. Plus Army and Air Force and Navy should also have their own Cyber commands.

Even if it's established under civilian it should not be that big of a problem or matter of showing egos you can deploy members from all three forces in them. If egos are delaying the creation of such agency than sorry those people are helping enemies of Pakistan. We need this now otherwise get ready when your nuclear plants are destroyed your Military bases are attacked your electricity structure is annihilated and your entire banking system is obliterated by your enemies. Our lack of vision and our false egos are asking for that to happen to us.


Some good lectures on issue of Cyber Warfare
 
.
Want to see the hard work being done by Pakistan's lead agency on cyber crime... Here you go:
View attachment 648125

On a serious note, the biggest threat to Pakistan's critical cyber infrastructure comes from APT (advanced persistent threat) organisations. There are some excellent people doing work in the background but are unsung heroes in the cyber security sphere, Mr. Ammar Jaffri is a good vocal advocate for cyber security and speaker on IOT/security, you should check out some of his work.

Further reading for any interested party:

https://cgss.com.pk/publication/Publications/pdf/Event-Report-Cyber-Security.pdf

https://www.e-pakistan.org/OurEvents/12

So many blaring faults in Pakistan's IT sector. In the age of Google, it should be a crime punishable by lethal injection if you do not install an SSL on your GOVERNMENT WEBSITE.

Oh the horrors of knowing what an absolute FUCKUP the backend would be.

Then I remember the election drama where IK lost his edge after the voting system came crashing down on itself.
 
.
People instead of Crying everyday about how such an OSINT / Cyber unit is needed in the country should instead put forward ideas on how such an organization should be set up...

Under whose authority should this organization be.....allocated resources, budget, manpower...what should be reporting line what should be chain of command.....where should it be placed, it should be attached to which parent organization....

Crying about the issues is easy---i can cry about all lot of things, finding solution to the problem is the most difficult part....

PDF is an excellent platform, use it to it's potential.
This platform has allowed people to develop their skill sets in various domains, this forum is full of such examples. How far we have come with this forum.

We urge all the members of this forum to use this platform, perform your analysis & share with us. Bring forward the information. We have dedicated threads for Information pool, use those. Research & update the threads of your choice, perform your analysis & we will publish them on Social Media....no one is perfect but learn with time....if i share my initial OSINT work here, people will have a good laugh, but i learned from the mistakes, developed myself further. Images, videos, tweets they will all start talking to you telling you the entire tale with the passage of time....

Highly talented professionals and experts offered services to GoP ...both previous and current Govt.....few came here and presented their roadmaps ...but after govts response they went back....

Securing, developing and countering Signal, Networks and cyber Security is a part of your country Intel community. I think Pakistan was already working on placing secure lines of communication with China. Chinese are working on developing quantum communication to secure their networks. You can’t be using 3rd party hardware and expect your communication to be secure.

There is a reason Trump is banning Chinese tech companies citing national security.
I do not know abt signals....but in cyber domain the very first thing is threat realization.... And thn we move forward... From legislations to securing IT infrastructure supply chain .... Etc.

Currently, we haven't been moved from first step....people take cyber security as installing anti virus on PCs
 
.
Any sort of mis-information and information that includes biased agenda or simply put mal-information is the biggest weapon meant to create chaos, anarchy and getting particular malicious agenda achieved. As Pakistanis it is our responsibility to think thousand times before sharing any news.

regards
 
.
Dying on the front line is almost a thing of the past as war online is fast becoming the norm for many disgruntled leaders around the world.
What weapons are used in a cyberwar? Primarily, the weapons are botnets ready to launch distributed denial of service (DDoS) attacks that can cause widespread disruption to critical services or act as resource diverting smokescreen for other activity on the network. Social engineering and spear-phishing techniques are also weaponized to introduce an attacker into an adversary system. The insider threat is a genuine weapon in the cyber warfare armoury. A mole can directly introduce a risk to the network or exfiltrate highly sensitive or secret materials. Stuxnet is an excellent example of how multiple layers of attack can be successfully used. Someone is working within the Iranian nuclear power program knowingly or unknowingly physically inserted a USB stick infected with the Stuxnet worm into an air-gapped system.BlackEnergy, the malware used in a cyberattack that prompted a large-scale blackout in Ukraine in December 2015.The North Korean HIDDEN COBRA, also known as the Lazarus Group. The Sony hack of 2014 and the hack of a Bangladeshi bank in 2016 were pinned on these hackers.

Cyber attacks are being seen as an aspect of what's known as hybrid warfare. For example, in the run-up to an election, "Group A" may engage in efforts to alter sentiment through channels like social media while simultaneously targeting the websites of its main competitors, "Group B" and "Group C", with DDoS attacks or cyber vandalism.

Often, it won't be Group A itself that engages in these activities, but instead, it will outsource to companies that specialize in the spreading of disinformation and hackers for hire. This makes it more difficult to trace back. This is a tactic also seen in state-sponsored cyberattacks, where countries claim an attack originates from "patriotic hackers" acting on their terms without any persuasion or reward from the state. The only cyberweapon that is perhaps even more dangerous and disruptive than the zero-day is the false flag.
ہمارے شہزادوں نے سائبر وار میں اچھا کام کیا تھا جس کی وجہ سے ہندوستان کو بے خوابی کا سامنا کرنا پڑا تھا
https://www.indiatoday.in/india/sto...cks-warfare-india-websites-1693123-2020-06-26
 
.
You may know the answer, has the vulnerability of tr69 protocol been patched on D-Link routers in Pakistan?

If they have phased out tr-064 and implemented best practices for implementing tr-069 i.e Running it on TLS and HTTPS and properly following the guidelines of monitoring the sessions proactively so no unauthorized User can hijack the session through MiTM, then I can say the did the bare minimum . But knowing the lethargic attitudes of PTCL employees, they'd still be running Tr-069 over TCP and cleartext browser protocol i.e simle 3 way handshake instead of SSL/TLS and HTTP instead of HTTPS

Or at worse they'd still be running Tr-064 for Broadband management
 
Last edited:
.
Back
Top Bottom