Pakistan’s Export Development Fund (EDF), an independent agency within the Ministry of Commerce, itself has its official website hacked in whatever is the country’s second-worst security breach in the past year and a half.
LahoreHerald has exclusive information that suggests the over 4GB data dump has potential uses for passwords, email records, email histories, files, and other sensitive information. The breach shows that the actor has full access to the EDF’s mainframe and easily stole official records from a wide range of departments. The findings imply the website’s defenses aren’t strong, which makes privacy breaches easier.
The sample dataset has sensitive information like meeting minutes, proposals, documents about proposals, trade information, bidding information, internal communications, dealings with foreign organizations, sensitive correspondence, etc. LahoreHerald found out about it from anonymous sources and confirmed its authenticity right away.
The hacker is likely from another country, and screenshots of the raw data show that he is willing to sell the information through his Telegram channel for $400 or the equivalent in Bitcoin.
Checks of our channels showed that the Commerce Ministry EDF website became back online a few hours after the attack. But it now gave the wrong impression that the organization’s top leaders were former Prime Minister Imran Khan and former Commerce Advisor Abdul Razak Dawood. After getting a letter from ProPakistani, the ministry updated its website.
Commerce Secretary Saleh Farooqi told LahoreHerald that another way to hack the EDF website is with a brute-force attack. He said that the server, which is broadcast at COMSATS and managed by AHamson/COMSATS, is mostly fixed and is now working as it does.
He said more by saying that emails are often how officers and other important people talk to each other and share information about projects. Said that these contacts are internal and appear not to pose a threat to how the Fund works.
He also said that EDF is always talking to the service provider and that new security measures are already in place.
It’s not funny that hackers can get private information. But you can rest assured that EDF has nothing to do with our information. But we’ll look into it ourselves,” Saleh said.
Expert on data leaks and Rawalpindi resident Zaki Khalid said that this case shows how little people care about cyber security.
“Even though different governments have put out instructions from time to time. There are still holes in the way it works. “It seems like there isn’t enough internal vigilance,” he said.
The first big attack of this kind happened under the last government and since then. It is all over the news in Pakistan. In December 2021, there was a cyber security breach at the Ministry of Finance. Which made the emails of high-ranking officials in the department available to the public. This led to the release of confidential information sent by the Ministry of Finance to the International Monetary Fund (IMF). The Financial Action Task Force (FATF), and the China-Pakistan Economic Corridor (CPEC),
Early this month, the SECP database is first put online by mistake. In response to the early warning from LahoreHerald. SECP quickly did get rid of all information that it uses to figure out who keeps clicking on the link.
What happened and what will happen next
Even if it’s embarrassing to admit, since the attack, all trade-related collaboration with foreign agencies. Embassies have lost all credibility because sensitive information is shared. When investors talk to the Government of Pakistan in private, they do so with a certain amount of trust. If that law does lose, it can take years or even never get it back.
Many people think that by attacking and hacking into Pakistan’s online data. These hackers are giving Pakistan’s enemies information about its economy. In this case, it is easy for a rival country to mess up Pakistan’s business relationships. If they paid off the hackers and made their own rules. It is easy for them to make life hard for Pakistan.
Despite these improvements, the recommendations of the National Telecommunications and Information Security Board (NTISB) aren’t always taken into account. This is a big problem that requires immediate attention right away. All things considered, institutions must put national security first on all online platforms if they want to manage. Secure cyberspace and reduce network vulnerabilities. Right now, it’s very important to look into these kinds of things.
A lot of money and changes to the state of things always do put the NCP 2021 into action and protect the IT infrastructure of the Pakistani government.