Saturday, February 11, 2023

Data Breaches — National Security Nightmare

Shoaib Taimur, a data scientist, tweeted from his Twitter handle @shobz on February 10, 2023 at 18:22 hours PST:  "Yikes. 7.5 TB data breached from systems of Pakistan's Ministry of Foreign Affairs? One of the leaks is regarding a harassment case. They have shared samples of the data, with the majority being emails". There have been reports of data breaches in Pakistan in the recent past. The data breaches / theft were reported at;

·         The National Database and Registration Authority (NADRA) — the biggest database of the country with every basic record of every individual, dead or alive, with biometrics

·         The Federal Board of Revenue (FBR) — the biggest revenue collection authority of the state

·         The State Bank of Pakistan (SBP) — the regulator of financial markets, banks and custodian of the state reserves

·         The Securities and Exchange Commission of Pakistan (SECP) — the regulator and the registrar of domestic and foreign businesses and enterprises in the country including non-profits. The companies of the Strategic Plans Divisions (SPD) which is responsible for top secret and highly confidential strategic plans also get registered with the SECP

·         Almost all the telecom companies operating in Pakistan

If these reports were true, these breaches or thefts of databases (population, demographic, business, financial, and telecommunications data of Pakistan) can have far-reaching consequences for the country's national security and its people. Below are some specific ways it could be harmful;

Intelligence Gathering: Hostile actors or agencies could use the stolen data to gather intelligence on key individuals, organizations, and infrastructure, potentially compromising the security of the country.

Espionage: Confidential business information, such as trade secrets, intellectual property, and sensitive financial data, could be used by foreign governments to gain an economic advantage over Pakistan.

Cyber Attacks: The stolen data could be used to launch cyber attacks on critical infrastructure, financial institutions, and government agencies, potentially causing widespread disruption and damage. There were rumours of such a cyber-attack when there was a nationwide power outage recently.

Election Interference: Stolen demographic data could be used to manipulate public opinion or interfere in elections, undermining the democratic process and causing political instability.

Financial Fraud: Stolen financial information could be used to commit fraud, such as identity theft or unauthorized access to bank accounts, causing direct financial losses to individuals and potentially destabilizing the country's economy.

For individuals and businesses, the threats include identity theft, impersonation, financial loss, loss of privacy, reputation damage, loss of consumer confidence, regulatory fines, and legal liabilities etc.

 

The recent data breaches in Pakistan pose a direct threat to the national security of the country. The information stored in these databases is highly sensitive and if it falls into the wrong hands, it can be used for malicious purposes that can harm the nation's stability and security. Therefore, it is imperative that the government and relevant organizations take swift action to improve the security measures of these databases and prevent future data breaches. This includes implementing strict security protocols, regularly monitoring systems for potential breaches, and conducting regular risk assessments to identify potential vulnerabilities. Individuals also have a role to play in protecting their personal and financial information by being vigilant and taking necessary precautions such as using strong and unique passwords and monitoring their financial statements for suspicious activities.

References

·         NADRA data leak: The government’s lack of concern over the data leaks is highly concerning | https://tribune.com.pk/story/2331199/nadra-data-leak

 

·         FBR reels under a major ‘cyberattack’ - Data centre compromised, all websites down | https://tribune.com.pk/story/2315712/fbr-reels-under-a-major-cyberattack

 

·         FBR data breach and its consequences | https://dailytimes.com.pk/806935/fbr-data-breach-and-its-consequences/  

 

·         SECP under fire after unprecedented data leak of confidential information | https://thepakistandaily.com/secp-under-fire-after-unprecedented-data-leak-of-confidential-information/

 

·         Zaki Khalid's Thread on Twitter Regarding SECP Data Breach | https://twitter.com/misterzedpk/status/1560797890204901376

 

·         Tension within SECP escalates as it tries to downplay data breach | https://www.thenews.com.pk/print/984987-tension-within-secp-escalates-as-it-tries-to-downplay-data-breach

 

·         Serious breach of cellphone users’ data | https://www.thenews.com.pk/print/1005196-serious-breach-of-cellphone-users-data

 

·         Latest Personal Information of Millions of Pakistanis From All Telcos Goes on Sale | https://propakistani.pk/2022/01/17/latest-personal-information-of-millions-of-pakistanis-from-all-telcos-goes-on-sale/

 

·         Massive Breach: Data of Mobile Phone Users in Pakistan Available online for Free | https://www.phoneworld.com.pk/massive-breach-data-of-mobile-phone-users-in-pakistan-available-online-for-free/

 

·         Link to Shoaib Taimur's Tweet | https://twitter.com/shobz/status/1624036024224448512

 

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)