17 January 2012

Pakistan: Cyber Warfare and Internet Hacking

The extent of malicious hacking on the internet, in pursuit of political or economic advantage, crime or just plain mischief, threatens to escalate the cost of even basic IT infrastructure. In the emerging economies, organised hacking is now beginning to impede economic growth so much that organised counter-measures are now required. Our Pakistan correspondent describes the problem there, and suggests some solutions.

A few days ago, I heard news that Indian hackers had attacked the official website of one of our major universities, the University of Punjab, and threatened that similar actions would follow. I began investigating the details, and was shocked to discover that this was not the beginning of the story.

Hackers from India and Pakistan have, in fact, been engaged in cyber warfare since 1998, leaving no stone unturned in attacking the websites of their opponents. Both countries blame each other for the initial aggression.

The intensity of the war increased last year in particular; after a reported attack by Pakistani hackers on the Central Bureau of Investigation (CBI), India’s top civilian investigation agency, Indian hackers attacked 40 Pakistani websites.

When I approached the relevant office in Islamabad to find out what measures the country was taking to defend itself from cyber warfare, I learned that Pakistan’s government isn’t taking any tangible measures at all to protect state websites from the looming threat of international hackers, particularly those based in India.

I spoke to a senior official in the Electronic Government Directorate (EGD), the agency officially responsible for monitoring the hacking saga in Pakistan. The official, who wished not to be named because he isn’t authorized to talk to the media, told me, “The government has so far secured only 33 websites belonging to government ministries and departments, out of thousands. And there is no system that can’t be hacked. You can break any kind of lock, and the same is the case with hacking websites.”

“The government never demonstrates seriousness in dealing with the hacking problem, which poses a constant threat to all state and privately-run websites,” he added.

He said that if the government wanted complete security it would have to adopt a unified trap system, firewalls, an intromission protection system (IPS), anti-spyware software, and protection against email-based and DDOS attacks.  

DDOS – sending millions of requests which ultimately result in the shutdown of websites – is the preferred method of attack, because most proprietors, including companies and organizations, can’t afford a security system to protect adequately against it.

A system which can adequately protect your websites from hacking costs around one million rupees, according to the official I spoke to.

Meanwhile, a vendor from Islamabad, who runs a private firm, said, on condition of anonymity, that there are several firms and institutions, such as Faysal Bank and many cellular phone companies, that have spent more than one million rupees each to safeguard their websites from hacking. If the government of Pakistan were to spend such an amount, the issue would be solved for government websites to a great extent.

When I put these examples to my contact at the EGD, he agreed, but said that the government is not in a position to provide such a huge amount. He lamented that in the recent past the websites of the Ministry of Foreign Affairs and the Supreme Court of Pakistan were hacked as a result.

He said that government policy was that all state websites be hosted by the National Telecommunication Corporation (NTC), but that unfortunately not everyone follows this policy, instead hosting their websites abroad or with alternative local providers.

According to the official, “This hacking isn’t a specific problem between Pakistan and India; it is an international issue, which is going to spread and become more sophisticated. However, it does seem to be particularly intense between hackers in India and Pakistan.”

The government, he said, should invest in the security implementation policy provided by the Information Technology Department of the Government of Pakistan, adopting security systems along the lines of those used by private firms but, “unfortunately, it is a totally neglected area so far, with no investment by the government.”

“Let me tell you, frankly, that the government has no power over the ISPs to implement its policy. It tried, in 2009, when the EGD sent Planning Commission-1 to the Ministry of Information Technology, a document initiating a fair implementation of security across the databases and websites of the federal ministries, but again, this couldn’t be approved because of multiple reasons, including self-interest.”

He added that if the government of Pakistan wants to secure its websites then it should also invest in Pakistan’s emerging Information Technology sector, as millions of the country’s young people are trained in the area.

Internet hacking and the Pakistan-India cyber war

My next port of call was Munawar Iqbal, President of Pakistan Computer Association (PCA). As head of the PCA, Iqbal acts as spokesman for computing professionals, putting forward the issues that they’re concerned about to the Pakistani government. He also runs a thriving computer business in the main hub of Islamabad.

Iqbal told me, “As per my information there are two groups of hackers from both countries: one is called the Indian Cyber Army and the other is known as the Pakistan Cyber Army. Both are in competition to hack each other websites. It is totally illegal, and should be stopped in the greater regional and international interest, as well as that of both countries’ people.”

He said that in 2002, hackers in Pakistan hacked as many as 72 Indian websites, while Indian hackers hit almost 70 Pakistani websites. In 2010, the total of Indian websites hacked had increased to 270.

Indian hackers, meanwhile, hacked the websites of the Ministries of Education and Finance, Oil and Gas Corporation Limited (OGDCL), and even the State Bank of Pakistan.

He said that there seem to be some official hands of the two governments behind the hacking story, adding that it is another face of a war that’s taking place with the unseen support of both governments.

“There are established laws on cyber crimes in Pakistan, and there are also international laws to prevent it, but these are either not followed or not implemented. There should be tough punishment for those who break these laws – it would go a long way to controlling the problem.”

He added that there should also be a public awareness campaign to tell individuals and organizations how to protect and secure themselves from hackers, and that the government should work out a multi-pronged policy to create job opportunities for youths who have Information Technology degrees, allowing Pakistan to use their skills to help discourage the cyber crime menace.

“Our country is producing 15,000 to 16,000 IT graduates each year, but only 25 per cent are employed in the sector, and I’m sure the rest of them are squandered in different ways due to lack of job opportunities. If there were more job opportunities, it would reduce the number of these jobless IT graduates, which would discourage the business of hacking in the long-run,” he added.

He said that the hacking isn’t a Pakistan-India specific problem but an international issue which should be tackled at world level.

“Hacking poses a great threat to world peace because every entity and organization is going computerized or online,” he said.    

Iqbal cited the recent, prominent example of Wikileaks, contending that Wikileaks were basically hackers who accessed secret information belonging to the US government.

Concerns From Commerce

In search of a commercial perspective on the problem, I contacted Abid Jan, a trader who owns a computer business in Islamabad’s bustling Blue Area market. He told me, “We ourselves face no particular problem or threat from hackers, but those institutions that have their data online face a great threat.”

He told me that the government should make sure to provide enough online information for businesses to protect themselves from hackers, because most of the time hacking takes place due to lack of information.

“I’m sure there are international laws, but on the ground they aren’t implemented. We also face a real problem from viruses – there should be tangible measures to control their spread as well.”

I also spoke to Arshad Ali, chief executive of a private computer firm, who shared his concerns with me, “Until recently, states used to fight wars just with forces on the ground, but with advances in computing, they’re now being fought through the internet as cyber wars. These days, hackers from almost all countries, including India, are out to fight cyber war against their rivals. Countries want to dismantle and derail each other’s economies through cyber war, in particular. ”

Cyber war and hacking are great threats to international peace and security, he added, citing the example of reports in 2009 that the Pentagon’s $300 billion F-35 project had been attacked, allegedly by Chinese hackers, with several terabytes of information about the aircraft stolen.

A Possible Solution

Ali noted that Pakistan faces significant barriers to reaching a solution. “In Pakistan, government systems aren’t yet automated across the board. Time and energy that could be spent on securing these systems is being wasted keeping records in physical files. Compare that to countries such as China and the U. S., who possess dedicated cyber warfare units. Our government lacks basic automation of its systems, but getting to that point requires considerable investment.”

In the face of the emerging threat, “we neither have proper expertise nor does our IT infrastructure have any advanced systems because of the government’s lukewarm approach to improving Pakistan’s nascent computing field.”

The government, he said, doesn’t take any steps to improve the Information Technology sector, and its condition is pathetic. There is only one unit working on cyber crime, a section of the Federal Investigation Agency (FIA) known as NR3C. On a national level, an Email and Internet Policy was approved in 2005 but it hasn’t been implemented so far.

He said the tragedy is that that cyber-attack tactics are changing almost day-by-day, while Pakistan’s government doesn’t consider coping with the challenge a serious affair.

For example, the Electronic Government Directorate (EGD) has also initiated a project known as the Federal Government IT Security Audit Cell, but it has not yet got approval.

The official suggested that, “if you want to completely protect yourself against hacking, then you will have to follow the ISP policy in letter and spirit.”

He went on to say that, by contrast, most of the big firms and organizations such as private and state-run banks were already investing heavily to protect themselves and secure their websites from hacking.    

Arshad Ali added that central government needs to take some practical steps to create awareness among common users, and should explore measures to secure the websites of leading government institutions.

A Common Perspective

My correspondents were almost unanimous in agreeing that there is the utmost need to allocate more funds to the relevant government departments, so that the constant threat of hacking can be tackled to reduce it to a tolerable level. They echoed that the government should make efforts to accommodate unemployed IT professionals in mainstream employment, which should put the menace of hacking in reverse gear.

Some of those I spoke to also suggested that representatives from the governments of Pakistan and India should come together to develop a joint strategy for discouraging cyber warfare between the two countries. The ideal solution would be for both countries to formulate a shared code of conduct and impose strict rules to discourage individuals and organizations form attempting to harm the cyber-world. At this critical juncture, the UN can also play a tangible role, not just in mediating between India and Pakistan, but across the globe.

Keep up to date with Simple-Talk

For more articles like this delivered fortnightly, sign up to the Simple-Talk newsletter

This post has been viewed 5504 times – thanks for reading.

  • Rate
    [Total: 55    Average: 4.6/5]
  • Share

Alamzeb Khan

View all articles by Alamzeb Khan

Related articles

Also in cyber crime

Cyber Crime

Richard Morris investigates the increasingly sophisticated tactics of an industry that survives and thrives by feeding off the wealth of others.… Read more

Also in Opinion

Relational Algebra and its implications for NoSQL databases

With the rise of NoSQL databases that are exploiting aspects of SQL for querying, and are embracing full transactionality, is there a danger of the data-document model's hierarchical nature causing a fundamental conflict with relational theory? We asked our relational expert, Hugh Bin-Haad to expound a difficult area for database theorists.… Read more

Also in Opinion Pieces

The 2015/2016 Simple-Talk Awards

Once more it is time for our readers to vote on the top nominations for the Simple Talk Awards. Here we list the top nominations and the dazzling award badges. Every vote makes our awards more valuable for the recipients!… Read more

Also in Opinion Pieces

Strengthening the Foundations of Software Architecture

The term 'Architecture' seems to imply a plan that you can't easily subsequently deviate from. It's true that, if you abandon software architecture, you end up with a big ball of mud, but maybe the art of software is to make change much easier by planning how to implement each feature, tackling dependency issues, splitting functionality into small discrete components and considering how they should interact with each other.… Read more
  • Kingston Dhasian

    Political article
    I expected this to be a technical article

    This looks to me to be more of a political article for Pakistani audience with a small attempt to make it look global which fails terribly due to heavy focus on India-Pakistan

    I don’t expect articles of this kind from Simple Talk. Though it is just my opinion, I don’t think anybody likes to read politics in a technical websites.

  • Andrew Clarke

    Re: Political Article
    @Kingston Dhasian
    We first contacted Alamzeb after reading some of his dispatches, because we were struck by his unbiased and often first-hand reporting. This article has opinions, and is clearly in an ‘Opinion’ section of the site. Even so, the idea of a role by the international community in tackling ‘political’ hacking isn’t a partisan stance. Malicious hacking for political ends causes us a number of ‘technical’ problems, so any resolution would be welcome to us, and of interest. As Alamzeb is in Islamabad, and reporting what he sees and hears, he can be forgiven for giving a global problem a local context.

  • Kingston Dhasian

    Political Article
    @Andrew Clarke
    I agree the article was unbiased. But, it concentrates too much into the un-employement in Pakistan and the Pakistani government’s responsibilities and so on which makes it look like a political article.

    As I said, I don’t like political articles in technical websites. I felt as if i am reading a newspaper.

    I have thoroughly enjoyed reading the articles in this site and many of them have been very usefull to me and will continue doing so. Its upto the site owners to decide the content, but I didn’t enjoy the article and so i gave my opinion.

  • Roshan Khan

    Political article
    I thoroughly appreciate the article as there is much technical stuff to be read from the nascent and emerging computer market.
    Things shouldnt be taken in a baised approach or written by a person who is either from India and Pakistan.
    There’s nothing in the article to harm the interests of anyone. We should be sagacious and open-hearted and broad-minded to accept things in greater interest of the people of the region.
    Also there is nothing politics like things but the job of a journalist is that he/she is needed to put the version of the concerned people.
    Once again appreciate the well-written article…

  • David

    Feedback
    After reading the article, and then the comments, I have a few thoughts I wish to share.

    First, criticizing the article because it lacks technical information on a technical site is valid. The fact that this is an opinion page isn’t clear unless you know where to look.

    Since the article was posted in English, I have to compliment the author on his command of that language. Too often technical articles are not useful due to the author not being able to communicate in English properly. I had far more trouble reading the comments than the article, even though a lot of terminology was unfamiliar to me. Great job in that respect.

    Keep in mind that Russia used hacking attacks to shut down Georgia’s ability to communicate prior to invading, so it is impossible to separate politics from this issue.

    Lastly, given the politics of the region, it may have been worthwhile to point out that while Pakistan and India do have this issue with each other, the Chinese are the biggest problem in the world when it comes to attacking other nations electronically. I would bet that further investigation would prove that both countries have far more to fear from their “friendly neighbor” than they realize, and likely should work together on this issue to put a stop to the largest threat in the world, rather than attacking each other in this mannger.

  • Aju Sharma

    Feedback
    The comments irrespective of its nature give a rosy picture to the article itslef. I think that the political touch in the article makes it more interesting and free of much technical wordings as most professionals dont know jargons.
    Articles, particularly opinion pieces, should be written for the interest of every individual not for specific segment of society.
    Interesting website…….

Join Simple Talk

Join over 200,000 Microsoft professionals, and get full, free access to technical articles, our twice-monthly Simple Talk newsletter, and free SQL tools.

Sign up