close
Thursday March 28, 2024

Pak cyber security and cyber crime

By Senator Rehman Malik
November 19, 2018

The present era has now become dependent of IT based facilities. It is an amazing fast and continuous development in multidimensional communication both in audio and video. The international community has become highly dependent of this new technology but at the same time the criminals have also invented the faster technique of hacking to commit crimes.

Pak nation witnessed the most recent Cyber-attack on the banking data where many have been deprived of millions of rupees by online transfer of money from one account to the other. In addition to it, the fast growing use of “apps” has totally changed the way of life and it is taking over almost everything one does. An app is a software that can be executed as you can download it or have direct access to it by using your mobile phone or any other internet device. The first ever app was created by Apple App Store launched in July 2008, a year after the first iPhone was released as it launched 500 apps after its release.

The IT business progressed rapidly as the software development has produced countless millionaires. Bill Gate happened to be the pioneer of the IT industry. The Silicon Valley is a main trading and promoting hub of Cyber industries. The growing IT and Cyber industries have brought a revolution in the field of electronics, which is becoming the integral part of almost every growing industry.

The word cyber means “virtual Reality”. It technically is a connection with electronic communication networks, especially the internet mother of media connectivity. The cyber technology revolves around the internet technology involving the flow of information in cellular phones, computers and video game consoles etc. The internet has taken our world by storm as it plays a huge role in our lives today. Even the car we drive or TV we watch today is a part of cyber technology because they have access to internet.

The revolution and advancement of cyber-technology have both positive and negative effects on our daily lives. We are able to get information at our fingertips through cyber technology. These elements of Cyber technology revolution may seem to be as exceedingly amazing but they also bring about certain problems such as cyber-bullying, identity theft and loss of private data etc. All of these threats are known as Cyber-attack, Cyber-crime or Cyber-theft in the internet world and all of us are familiar with the terms.

Cybercrime is a crime done over the web using a computer, or a networked device. Any crime committed using a computer or automated system including Identity theft, harassing, phishing, impersonating or maligning someone on social network sites, stealing money from accounts online, hacking into someone’s computer, ATM or mobile data, developing fake websites, posting someone’s personal content or data without their permission in order to harm their reputation or relationships and ransom etc. are some of the many examples of cyber-crimes.

Cyber security wall is a virtual wall created to protect information on main gateways of telecom hardware, computer, networks, programmes, content and data from unauthorised access, cyber-attacks or threats that are aimed for exploitation or theft. Cyber security covers four major areas of involving Cyber-crime; Application Security, Information security, Disaster security and Network security etc.

There are several hacking tools and softwares that are designed to assist with hacking for hacking purposes. For example: Nmap, Nessus, John the Ripper, p0f, Winzapper, mSpy, Bribes, ActiveX and iKeyMonitor etc.

Apparently, there has not yet been any foolproof security tool designed to keep your networks and computers safe from cyber-attacks but there are different measures we can take to keep our online life safe and secure i.e. By turning on firewall feature of your router. Use a good anti-virus software. Shop only from secure online websites. Keep your credit cards and bank account details to yourself as the major scams are on stolen data.

You need to set up strong passwords on your social accounts. Turn on spam blockers and keep your information secure. By encrypting your data.

Following are 5 of the biggest and most significant international cyber-crimes and data breaches of all times that pose threat to our business, privacy and governments.

In 2000, a 15 year old guy, Micheal Calce caused a mischief in Cyberspace. He was a high-school student in Canada when he carried out a cyber-attack on number of high profile commercial websites including CNN, Amazon, eBay and Yahoo, which resulted in $1.2 billion damage. For being underage, he was sentenced to only eight months of open custody and his online access also got limited by the court.

The most infamous than famous cyber-crime is the tragic case of Aaron Schwartz, the brilliant and young American Internet hacktivist who was arrested in 2011 for unlawfully downloading and publishing academic journals at MIT. He was wildly overcharged by federal prosecutors and 35 years of imprisonment resulting in his suicide in 2013.

Another most widespread cyber-attack ever hit the NHS computer systems in mid-2017. The hackers managed to gain access to the UK's medical system. The virus named “WannaCry” was spread through email in the form of attachments as once a user clicked on it, all files would be locked spreading the virus through computers and demanding money in order to gain access again. Around 300,000 computers were infected by “WannaCry” and the NHS remained down for a number of days, when a 22 year old security researcher from Devon managed to find the kill switch and regained access to the system.

In 2015, for a period of two years around 650 million euros were stolen from banks around the world when Russian based hackers used malware to infiltrate banks' computer systems and gathered personal data. They successfully impersonated online bank staff to authorise fraudulent transfers, and also dispensed cash from ATM machines without a bank card.

In 2014, famous entertainment company Sony Pictures were hit with a crippling virus by Cyber-crime group Guardians of Peace (GOP) in a blackmail attempt. Around 100 terabytes of sensitive data got stolen in the attack. It was alleged that the attack was carried out after North Korea's disapproval of the film 'The Interview'.

The film characterised the President Kim Jong-un and contained a plot where main characters plotted to assassinate him. The case was investigated by US agencies, which claimed that North Korea had authorised the cyber-attack in order to prevent the film from releasing.

In 2017 January, a number of UK high street banks, including Lloyds Bank faced a denial-of-service (DoS) attack by the hackers. During the attack, more than 20 million UK accounts were blocked and as a result, customers were unable to send payments or check their balance online.

Incidents of cyber-hacking on Govt’s data:

China is known to be the home to cyber spies and hackers, which more than any other country in the world has stolen more secrets from businesses and governments. The primary cyber-aggression of China has always been towards the US making it a serious threat of espionage to US, Russia, Iran and North Korea.

The first operation that Chinese hackers conducted against the US was in 1999 during the Kosovo conflict, when the US bombed the Chinese embassy in Belgrade accidentally killing three Chinese reporters. In retaliation, the patriotic hackers planted messages denouncing “Nato’s brutal action” on a number of US government websites.

Despite India’s reputation for being an IT and software powerhouse, around 13,301 cyber security breaches were reported in 2011. The biggest cyber-attack that the country had faced took place on July 12, 2012 in which hackers broke into the email accounts of 12,000 people including high officials from Defence Research and Development Organisation (DRDO), the Indo-Tibetan Border Police (ITBP), Ministry of Home Affairs, and the Ministry of External Affairs.

On June 2010, Iran’s nuclear facility in Natanz was infected by Stuxnet, a cyber worm, as it was subjected to cyber-attack. However, it was believed that it was a combined effort of Israel and the United States but no one claimed responsibility for it. The worm had destroyed Tehran’s 1000 nuclear centrifuges and set the country’s atomic ability back to at least two years.

The virus infected over 60,000 computers as it was spread beyond the plant.

On March 7, WikiLeaks published a data cache, which contained 8,761 documents that have been allegedly stolen from the CIA. The documents involved alleged spying operations and hacking tools. Revelations included bugs in Windows, iOS and Android vulnerabilities, and the ability to turn some smart TVs into listening devices.

Some hackers consistently keep forcing their entry into any Cyber/IT based hardware by cloning it or breaking the password. The incidents in the past show that most of the professional hackers have been produced by India both at private and official level. Second most expert hackers are from Russia.

The most recent indicators and incidents show that Israel is now taking the lead in hacking and spying. We are at present extending Cyber dependence but without proper counter measures against the Cyber-attack.

In recent past our country has faced various cyber breaches on individual as well as on state level and we do not yet have an efficient countering measure. The major attack of the year began in mid-October with Bank Islami, now it has taken a rapid pace across the whole country. Individuals continue to lose money from their bank accounts of different banks and the major cause for concern is that banks are hiding the information about these cyber robberies. A total of 19,864 cards of 22 Pakistan banks have been compromised in this attack till now. People have also been receiving scam calls by hackers impersonating bank staff to make reveal their bank account details.

Unfortunately, there is no law on Cyber security, which needs to be brought in to safeguard the firewalls of our organisations which are prone to cyber-attacks. Ironically, the first ever Cyber Crime bill that was passed on August 11, 2016 by Pakistan’s lower house, the National Assembly, as the Prevention of Electronic Crimes Act, 2016, is controversial in its terms. The law has worried human rights and pro-democracy activists through its over broad language against the freedom of speech.

The law also allows the authorised officers to have access to anyone’s computer and personal data whenever they want during investigation. It also gives unlimited authorities to the PTA to decide as to what is legal or illegal.

The law has provided 7 years of imprisonment sentence to those planning, recruiting or funding terrorism or propaganda online against the state. Hence, the sections of the Bill prove that the law only gives unfair prosecutions to the handlers of the state as no provisions have been set up to protect the privacy and sensitive data of the individuals.

Hence, the above discussions entail that all the above networks and data systems are unsecured unless they are secured through foolproof security.

There is no law in Pakistan against those who break the security firewalls to steal the import data including the bank record. It is theft and its trial needs substantial digital evidence including attempt to enter in the database. It is, therefore, need of the time that Parliament bring new law only on Cyber security for the protection of national and private data including the bank database.

Although we do have a Cyber Act but we may bring a separate act on Cyber security or add another Cyber security chapter relating to proper Cyber security in the act to cope with the issues. Pakistan definitely needs an effective “National Cyber Security Act “to protect its people from local and alien Cyber hackers.

The writer is Chairman of think tank "global eye" & former interior minister of Pakistan. @Email: rmalik1212@gmail .com, Twitter @Senrehmanmalik, @GlobalEye_GSA, WhatsApp +923325559393