Click here to monitor SSC
  • Av rating:
  • Total votes: 51
  • Total comments: 6
Alamzeb Khan

Pakistan: Cyber Warfare and Internet Hacking

17 January 2012

The extent of malicious hacking on the internet, in pursuit of political or economic advantage, crime or just plain mischief, threatens to escalate the cost of even basic  IT infrastructure.  In the emerging economies, organised hacking is now beginning to impede economic growth so much that organised counter-measures are now required. Our Pakistan correspondent describes the problem  there, and suggests some solutions.

A few days ago, I heard news that Indian hackers had attacked the official website of one of our major universities, the University of Punjab, and threatened that similar actions would follow. I began investigating the details, and was shocked to discover that this was not the beginning of the story.

Hackers from India and Pakistan have, in fact, been engaged in cyber warfare since 1998, leaving no stone unturned in attacking the websites of their opponents. Both countries blame each other for the initial aggression.

The intensity of the war increased last year in particular; after a reported attack by Pakistani hackers on the Central Bureau of Investigation (CBI), India’s top civilian investigation agency, Indian hackers attacked 40 Pakistani websites.

When I approached the relevant office in Islamabad to find out what measures the country was taking to defend itself from cyber warfare, I learned that Pakistan’s government isn’t taking any tangible measures at all to protect state websites from the looming threat of international hackers, particularly those based in India.

I spoke to a senior official in the Electronic Government Directorate (EGD), the agency officially responsible for monitoring the hacking saga in Pakistan. The official, who wished not to be named because he isn’t authorized to talk to the media, told me, “The government has so far secured only 33 websites belonging to government ministries and departments, out of thousands. And there is no system that can’t be hacked. You can break any kind of lock, and the same is the case with hacking websites.”

“The government never demonstrates seriousness in dealing with the hacking problem, which poses a constant threat to all state and privately-run websites,” he added.

He said that if the government wanted complete security it would have to adopt a unified trap system, firewalls, an intromission protection system (IPS), anti-spyware software, and protection against email-based and DDOS attacks.  

DDOS - sending millions of requests which ultimately result in the shutdown of websites - is the preferred method of attack, because most proprietors, including companies and organizations, can’t afford a security system to protect adequately against it.

A system which can adequately protect your websites from hacking costs around one million rupees, according to the official I spoke to.

Meanwhile, a vendor from Islamabad, who runs a private firm, said, on condition of anonymity, that there are several firms and institutions, such as Faysal Bank and many cellular phone companies, that have spent more than one million rupees each to safeguard their websites from hacking. If the government of Pakistan were to spend such an amount, the issue would be solved for government websites to a great extent.

When I put these examples to my contact at the EGD, he agreed, but said that the government is not in a position to provide such a huge amount. He lamented that in the recent past the websites of the Ministry of Foreign Affairs and the Supreme Court of Pakistan were hacked as a result.

He said that government policy was that all state websites be hosted by the National Telecommunication Corporation (NTC), but that unfortunately not everyone follows this policy, instead hosting their websites abroad or with alternative local providers.

According to the official, “This hacking isn’t a specific problem between Pakistan and India; it is an international issue, which is going to spread and become more sophisticated. However, it does seem to be particularly intense between hackers in India and Pakistan.”

The government, he said, should invest in the security implementation policy provided by the Information Technology Department of the Government of Pakistan, adopting security systems along the lines of those used by private firms but, “unfortunately, it is a totally neglected area so far, with no investment by the government.”

“Let me tell you, frankly, that the government has no power over the ISPs to implement its policy. It tried, in 2009, when the EGD sent Planning Commission-1 to the Ministry of Information Technology, a document initiating a fair implementation of security across the databases and websites of the federal ministries, but again, this couldn’t be approved because of multiple reasons, including self-interest.”

He added that if the government of Pakistan wants to secure its websites then it should also invest in Pakistan’s emerging Information Technology sector, as millions of the country’s young people are trained in the area.

Internet hacking and the Pakistan-India cyber war

My next port of call was Munawar Iqbal, President of Pakistan Computer Association (PCA). As head of the PCA, Iqbal acts as spokesman for computing professionals, putting forward the issues that they’re concerned about to the Pakistani government. He also runs a thriving computer business in the main hub of Islamabad.

Iqbal told me, “As per my information there are two groups of hackers from both countries: one is called the Indian Cyber Army and the other is known as the Pakistan Cyber Army. Both are in competition to hack each other websites. It is totally illegal, and should be stopped in the greater regional and international interest, as well as that of both countries’ people.”

He said that in 2002, hackers in Pakistan hacked as many as 72 Indian websites, while Indian hackers hit almost 70 Pakistani websites. In 2010, the total of Indian websites hacked had increased to 270.

Indian hackers, meanwhile, hacked the websites of the Ministries of Education and Finance, Oil and Gas Corporation Limited (OGDCL), and even the State Bank of Pakistan.

He said that there seem to be some official hands of the two governments behind the hacking story, adding that it is another face of a war that’s taking place with the unseen support of both governments.

“There are established laws on cyber crimes in Pakistan, and there are also international laws to prevent it, but these are either not followed or not implemented. There should be tough punishment for those who break these laws - it would go a long way to controlling the problem.”

He added that there should also be a public awareness campaign to tell individuals and organizations how to protect and secure themselves from hackers, and that the government should work out a multi-pronged policy to create job opportunities for youths who have Information Technology degrees, allowing Pakistan to use their skills to help discourage the cyber crime menace.

“Our country is producing 15,000 to 16,000 IT graduates each year, but only 25 per cent are employed in the sector, and I’m sure the rest of them are squandered in different ways due to lack of job opportunities. If there were more job opportunities, it would reduce the number of these jobless IT graduates, which would discourage the business of hacking in the long-run,” he added.

He said that the hacking isn’t a Pakistan-India specific problem but an international issue which should be tackled at world level.

“Hacking poses a great threat to world peace because every entity and organization is going computerized or online,” he said.    

Iqbal cited the recent, prominent example of Wikileaks, contending that Wikileaks were basically hackers who accessed secret information belonging to the US government.

Concerns From Commerce

In search of a commercial perspective on the problem, I contacted Abid Jan, a trader who owns a computer business in Islamabad’s bustling Blue Area market. He told me, “We ourselves face no particular problem or threat from hackers, but those institutions that have their data online face a great threat.”

He told me that the government should make sure to provide enough online information for businesses to protect themselves from hackers, because most of the time hacking takes place due to lack of information.

“I’m sure there are international laws, but on the ground they aren’t implemented. We also face a real problem from viruses - there should be tangible measures to control their spread as well.”

I also spoke to Arshad Ali, chief executive of a private computer firm, who shared his concerns with me, “Until recently, states used to fight wars just with forces on the ground, but with advances in computing, they’re now being fought through the internet as cyber wars. These days, hackers from almost all countries, including India, are out to fight cyber war against their rivals. Countries want to dismantle and derail each other’s economies through cyber war, in particular. ”

Cyber war and hacking are great threats to international peace and security, he added, citing the example of reports in 2009 that the Pentagon’s $300 billion F-35 project had been attacked, allegedly by Chinese hackers, with several terabytes of information about the aircraft stolen.

A Possible Solution

Ali noted that Pakistan faces significant barriers to reaching a solution. “In Pakistan, government systems aren’t yet automated across the board. Time and energy that could be spent on securing these systems is being wasted keeping records in physical files. Compare that to countries such as China and the U. S., who possess dedicated cyber warfare units. Our government lacks basic automation of its systems, but getting to that point requires considerable investment.”

In the face of the emerging threat, “we neither have proper expertise nor does our IT infrastructure have any advanced systems because of the government’s lukewarm approach to improving Pakistan’s nascent computing field.”

The government, he said, doesn’t take any steps to improve the Information Technology sector, and its condition is pathetic. There is only one unit working on cyber crime, a section of the Federal Investigation Agency (FIA) known as NR3C. On a national level, an Email and Internet Policy was approved in 2005 but it hasn’t been implemented so far.

He said the tragedy is that that cyber-attack tactics are changing almost day-by-day, while Pakistan’s government doesn’t consider coping with the challenge a serious affair.

For example, the Electronic Government Directorate (EGD) has also initiated a project known as the Federal Government IT Security Audit Cell, but it has not yet got approval.

The official suggested that, “if you want to completely protect yourself against hacking, then you will have to follow the ISP policy in letter and spirit.”

He went on to say that, by contrast, most of the big firms and organizations such as private and state-run banks were already investing heavily to protect themselves and secure their websites from hacking.    

Arshad Ali added that central government needs to take some practical steps to create awareness among common users, and should explore measures to secure the websites of leading government institutions.

A Common Perspective

My correspondents were almost unanimous in agreeing that there is the utmost need to allocate more funds to the relevant government departments, so that the constant threat of hacking can be tackled to reduce it to a tolerable level. They echoed that the government should make efforts to accommodate unemployed IT professionals in mainstream employment, which should put the menace of hacking in reverse gear.

Some of those I spoke to also suggested that representatives from the governments of Pakistan and India should come together to develop a joint strategy for discouraging cyber warfare between the two countries. The ideal solution would be for both countries to formulate a shared code of conduct and impose strict rules to discourage individuals and organizations form attempting to harm the cyber-world. At this critical juncture, the UN can also play a tangible role, not just in mediating between India and Pakistan, but across the globe.

Alamzeb Khan

Author profile:

Alamzeb Khan is an Islamabad-based freelance journalist with over eight years of experience, including arranging and covering the news of the World Trade Order (WTO), emerging terrorism, and other economic and political issues since 2003. He's worked with some of Pakistan’s leading media organizations, such as the Frontier Post, Khyber Mail International and the Pakistan Broadcasting Corporation, and tried his hand as a staff reporter, sub-editor and anchorman.

Search for other articles by Alamzeb Khan

Rate this article:   Avg rating: from a total of 51 votes.


Poor

OK

Good

Great

Must read
Have Your Say
Do you have an opinion on this article? Then add your comment below:
You must be logged in to post to this forum

Click here to log in.


Subject: Political article
Posted by: Kingston Dhasian (view profile)
Posted on: Thursday, February 02, 2012 at 2:42 AM
Message: I expected this to be a technical article

This looks to me to be more of a political article for Pakistani audience with a small attempt to make it look global which fails terribly due to heavy focus on India-Pakistan

I don't expect articles of this kind from Simple Talk. Though it is just my opinion, I don't think anybody likes to read politics in a technical websites.

Subject: Re: Political Article
Posted by: Andrew Clarke (view profile)
Posted on: Thursday, February 02, 2012 at 4:51 AM
Message: @Kingston Dhasian
We first contacted Alamzeb after reading some of his dispatches, because we were struck by his unbiased and often first-hand reporting. This article has opinions, and is clearly in an 'Opinion' section of the site. Even so, the idea of a role by the international community in tackling 'political' hacking isn't a partisan stance. Malicious hacking for political ends causes us a number of 'technical' problems, so any resolution would be welcome to us, and of interest. As Alamzeb is in Islamabad, and reporting what he sees and hears, he can be forgiven for giving a global problem a local context.

Subject: Political Article
Posted by: Kingston Dhasian (view profile)
Posted on: Thursday, February 02, 2012 at 11:31 PM
Message: @Andrew Clarke
I agree the article was unbiased. But, it concentrates too much into the un-employement in Pakistan and the Pakistani government's responsibilities and so on which makes it look like a political article.

As I said, I don't like political articles in technical websites. I felt as if i am reading a newspaper.

I have thoroughly enjoyed reading the articles in this site and many of them have been very usefull to me and will continue doing so. Its upto the site owners to decide the content, but I didn't enjoy the article and so i gave my opinion.

Subject: Political article
Posted by: Roshan Khan (not signed in)
Posted on: Monday, February 06, 2012 at 3:28 AM
Message: I thoroughly appreciate the article as there is much technical stuff to be read from the nascent and emerging computer market.
Things shouldnt be taken in a baised approach or written by a person who is either from India and Pakistan.
There's nothing in the article to harm the interests of anyone. We should be sagacious and open-hearted and broad-minded to accept things in greater interest of the people of the region.
Also there is nothing politics like things but the job of a journalist is that he/she is needed to put the version of the concerned people.
Once again appreciate the well-written article...

Subject: Feedback
Posted by: David (view profile)
Posted on: Monday, February 06, 2012 at 11:33 AM
Message: After reading the article, and then the comments, I have a few thoughts I wish to share.

First, criticizing the article because it lacks technical information on a technical site is valid. The fact that this is an opinion page isn't clear unless you know where to look.

Since the article was posted in English, I have to compliment the author on his command of that language. Too often technical articles are not useful due to the author not being able to communicate in English properly. I had far more trouble reading the comments than the article, even though a lot of terminology was unfamiliar to me. Great job in that respect.

Keep in mind that Russia used hacking attacks to shut down Georgia's ability to communicate prior to invading, so it is impossible to separate politics from this issue.

Lastly, given the politics of the region, it may have been worthwhile to point out that while Pakistan and India do have this issue with each other, the Chinese are the biggest problem in the world when it comes to attacking other nations electronically. I would bet that further investigation would prove that both countries have far more to fear from their "friendly neighbor" than they realize, and likely should work together on this issue to put a stop to the largest threat in the world, rather than attacking each other in this mannger.

Subject: Feedback
Posted by: Aju Sharma (not signed in)
Posted on: Tuesday, February 07, 2012 at 1:17 AM
Message: The comments irrespective of its nature give a rosy picture to the article itslef. I think that the political touch in the article makes it more interesting and free of much technical wordings as most professionals dont know jargons.
Articles, particularly opinion pieces, should be written for the interest of every individual not for specific segment of society.
Interesting website.......

 

Top Rated

We don't need Source Control: we're Database Developers
 As part of our long-running series of articles where we ask working database developers how database... Read more...

The Proposals Conundrum
 When you work for a small software development (or any services) company, one of the major challenges... Read more...

David Heinemeier Hansson: Geek of the Week
 Ruby on Rails, the open-source web application framework, grew out of David Heinemeier Hansson's work... Read more...

Alex Payne: Big in the IT Business
 Alex Payne worked on developing Twitter for three years. When he started, it was a small side-project:... Read more...

Seth Godin: Big in the IT Business
 Seth Godin has transformed our understanding of marketing in IT. He invented the concept of 'permission... Read more...

Most Viewed

The Future of Reflector
 Simple Talk asked freelance writer Bob Cramblitt to sit down with the two people behind the agreement... Read more...

Linus Torvalds, Geek of the Week
 Linus Torvalds is remarkable, not only for being the technical genius who wrote Linux, but for then... Read more...

Bad CaRMa
 From hope and euphoria, to desperation, firings and the ultimate demise of a company. Tim Gorman charts... Read more...

Driving up software quality - the role of the tester
 Have you ever wondered what a software tester does? Helen Joyce, test engineer at Red Gate software... Read more...

Don Knuth and the Art of Computer Programming: The Interview
 Fifty years after starting the 'Art of Computer Programming', (TAOCP), Don Knuth is still working hard ... Read more...

Why Join

Over 400,000 Microsoft professionals subscribe to the Simple-Talk technical journal. Join today, it's fast, simple, free and secure.