Tag: Cybersecurity

  • IT ministry demands Rs20 billion to improve country’s cybersecurity, social media

    IT ministry demands Rs20 billion to improve country’s cybersecurity, social media

    The federal government has sought Rs20 billion for the next fiscal year to improve the country’s cybersecurity and manage social media. According to the proposal, the government will only allow social media platforms to operate if they establish local offices.

    The Ministry of Information Technology has demanded Rs20 billion for the Digital Information Infrastructure Initiative (DIII) in the 2024-25 fiscal year budget, according to government sources who spoke to The Express Tribune.

    The Express Tribune requested comments from the Ministry of Finance and the Ministry of Information Technology, but they did not respond. Government sources also revealed that Rs15 billion has already been allocated as a technical supplementary grant to the information technology ministry for the current fiscal year.

    However, the total cost of the DIII project, which is equipped with Chinese technology, is Rs38 billion. The government is spending a significant amount this year, and the remaining amount has been requested for the next fiscal year.

  • Google to tighten security against spammers targeting Gmail users

    Google to tighten security against spammers targeting Gmail users

    Google announced on Tuesday that it is implementing stricter measures to combat spam messages targeting Gmail users. Under these new measures, senders who exceed a daily threshold of 5,000 messages to Gmail users will be required to include a one-click unsubscribe button in their emails.

    Additionally, they must undergo email address authentication to confirm ownership of their domain name and prevent IP address spoofing.

    Furthermore, Google has introduced a policy where it may withhold delivery of messages from senders whose emails consistently receive a high spam marking rate, falling below a “clear spam rate threshold” of 0.3 per cent, as assessed by Google’s Postmaster Tools. Google has also enlisted Yahoo to adopt these changes, which are set to take effect in February 2024.

    These actions underscore the ongoing battle between major tech companies and spammers who exploit open systems like email for fraudulent purposes, causing annoyance to users. While machine learning has been employed for years to combat spam, it remains a constant struggle as spammers continuously develop new tactics to bypass filters.

    In a blog post, Google’s product manager, Neil Kumaran, likened these changes to a necessary tune-up for the email ecosystem, emphasising that email security, user-friendliness, and spam prevention require ongoing collaboration and vigilance from the entire email community.

    It’s worth noting that Google’s adjustments may also impact legitimate marketers who rely on email for customer engagement, particularly the requirement for a convenient unsubscribe option. In 2022, approximately half of all emails sent were estimated to be spam, according to Kaspersky Anti-Virus.

  • Massive data breach: 2.2 million Pakistani citizens’ personal information for sale online

    Massive data breach: 2.2 million Pakistani citizens’ personal information for sale online

    According to a report from Geo News, the personal data of 2.2 million Pakistani citizens has been compromised and put up for sale online. This breach occurred when hackers gained unauthorised access to a private company-made database that is utilised by hundreds of restaurants. 

    The hackers have even gone so far as to display some citizens’ data as samples in their online sale advertisement. In their claim, the hackers asserted, “We have hacked the databases of over 250 restaurants,” and they listed numerous food outlets. 

    The compromised citizen data includes contact numbers and credit card details. The affected software is widely used by many restaurants across the country. Furthermore, details such as the number of transactions and the amounts paid by citizens are available for purchase online. 

    The hackers are demanding 2 Bitcoins in exchange for the compromised citizen data, which equates to approximately $54,000, considering that one Bitcoin is valued at $27,000 based on market sources. In Pakistani rupees, this amounts to over Rs15 million. 

    As of now, the Federal Investigation Agency’s (FBR) cybercrime circle has not received any complaints regarding this incident. 

    It is worth noting that the federal government recently issued a directive advising all information technology (IT) and financial institutions, including regulators, to avoid collaborating with, installing, or using Indian-origin artificial intelligence (AI) and information and communication technology (ICT) products.  

    This advisory was issued due to concerns that these products could pose a constant, concealed, and force multiplier threat to Pakistan’s critical information infrastructure (CII). 

    The government shared this cybersecurity advisory with federal and provincial ministries and sectoral regulators. The advisory highlighted that globally, AI products and services are widely employed by various industries, including the financial and banking sectors, to accelerate their growth. 

    The document also noted that the fintech sector in Pakistan, along with some banks, was engaged with Indian-origin companies that offered IT products, cybersecurity solutions, and AI solutions.  

    The use of Indian security products and solutions was considered a potential threat to Pakistan’s CII, particularly the banking sector, due to the possibility of backdoors or malware collecting logs, data traffic analysis, and personal identifiable information (PII).  

    Additionally, it pointed out the risk of direct Indian ingress into Pakistan’s CII through technical means and access control with passive monitoring capability. 

  • Govt issues warning to be cautious with Indian tech products 

    Govt issues warning to be cautious with Indian tech products 

    The government has warned information technology (IT) and financial institutions, including regulators, to avoid using artificial intelligence (AI) and information and communication technology (ICT) products from India. They say these products could pose a serious threat to Pakistan’s critical information systems. 

    According to Geo News, this warning came through a cybersecurity advisory shared with federal and provincial ministries and regulators. The advisory noted that AI and ICT products from India are used worldwide, especially in the financial industry, to help businesses grow. 

    However, it pointed out that some Pakistani fintech companies and banks are working with Indian firms that offer IT, cybersecurity, and AI solutions. The government is concerned for two main reasons: 

    Indian products could have hidden “backdoors” or malicious software that collects data, including personal information. 

    There might be direct access to Pakistan’s critical systems by Indian entities, allowing them to monitor and control these systems. 

    Read more:

    The government has asked all ministries and regulators to make sure their affiliated organisations and licensees understand the risks of using Indian products. Instead, they suggest consulting with the Pakistan Software House Association (P@SHA) to find affordable alternatives from local tech companies. 

    Two years ago, a US company called Exodus Intelligence claimed that India used its software vulnerabilities to spy on Pakistan and China. 

  • Pakistan launches its own WhatsApp-like messaging platform called Beep

    Pakistan launches its own WhatsApp-like messaging platform called Beep

    Federal Minister for Information Technology Syed Amin Ul Haque unveiled ‘Beep Pakistan,’ the country’s own messaging app, to serve as an alternative to the popular platform WhatsApp. The app was introduced during a launching ceremony, where Minister Haque emphasised its significance for Pakistan’s IT industry.

    During the initial 30-day trial run, ‘Beep Pakistan’ will facilitate internal communication between the Ministry of IT and Communication and the National Information Technology Board (NITB). In subsequent phases, the app will be rolled out to all government departments and eventually made available to the general public across the country.

    Minister Haque acknowledged that while neighbouring countries like India and Bangladesh had already introduced alternative messaging apps, Pakistan was still making a crucial stride in the right direction. He highlighted the app’s unique selling point, assuring users that it will be 100% secure, with its servers and source code residing in Pakistan.

    The app boasts an array of features, including data sharing, audio calling, video calling, and conference calling capabilities. Its focus on data security and privacy resonates with the nation’s growing concerns regarding cybersecurity.

    Praising the efforts of the National Information Technology Board (NITB), Minister Haque expressed pride in Pakistan’s successful creation of a WhatsApp alternative. The app’s development signifies the country’s ambition to bolster its domestic IT industry and reduce dependency on foreign platforms.

    According to Brecorder, beyond messaging app developments, Minister Haque highlighted the Ministry of IT’s broader initiatives. Over the last 3.5 years, the ministry has spearheaded 83 new projects, investing a total of Rs77 billion across Pakistan. These projects primarily targeted second- and third-tier cities to enhance connectivity and digital infrastructure in remote areas.

    Additionally, the Ministry of IT has been actively promoting digital literacy and skills development among young Pakistanis. As of now, over 3.3 million children have received digital skills training, empowering them with valuable knowledge for the digital era.

    The government has also demonstrated its commitment to nurturing the startup ecosystem through the establishment of three new National Incubation Centres (NIC) during Minister Haque’s tenure. These centres provide vital support and resources to budding entrepreneurs and innovators across the country.

    As ‘Beep Pakistan’ begins its trial phase, expectations are high for the app to gain traction among government officials and eventually become a popular communication tool for citizens. With an emphasis on security, user-friendly features, and localization, the app aims to carve its own path in the digital landscape of Pakistan.

  • New laws to fight cybercrime in Pakistan: Cabinet passes e-safety and data protection bills

    New laws to fight cybercrime in Pakistan: Cabinet passes e-safety and data protection bills

    In a significant development, the federal cabinet of Pakistan granted principle approval to two crucial pieces of legislation on Wednesday, which are expected to have a far-reaching impact on digital rights, e-commerce, and the digital economy of the country.

    The first bill, named the E-Safety Bill 2023, aims to tackle and prevent online crimes such as cyberbullying, online harassment, and blackmailing. To enforce the provisions of this bill, the cabinet also greenlit the establishment of a regulatory authority known as ‘The E-Safety Authority.’ This authority will be responsible for registering and monitoring websites, web channels, YouTube channels, and existing media houses’ websites. The main objective behind this initiative is to safeguard the rights of citizens, businesses, as well as public and private institutions from online harassment and blackmail.

    Presently, the Pakistan Telecommunication Authority (PTA) has the authority to monitor content and enforce relevant laws online, while the Federal Investigation Agency (FIA) handles cybercrime-related cases. However, the proposed E-Safety Authority will take charge of the front-end monitoring of all websites, promptly addressing violations and imposing penalties. This measure is deemed necessary due to the rapid pace at which cybercrime incidents occur, often exceeding the FIA’s investigative capacity, while the PTA’s role is primarily limited to regulatory functions for internet and telecom service providers.

    According to Dawn, the second bill, titled the Personal Data Protection Bill 2023, focuses on protecting user data and preventing the unauthorised use of information systems. The bill will apply to all types of online services, including online shopping platforms, various companies, and social networking websites operating in Pakistan. It aims to safeguard consumers’ data and ensure that it is not misused or illegally accessed.

    As per the official statement, “personal data” under the proposed legislation refers to any information directly or indirectly related to an identifiable individual, encompassing sensitive or critical personal data. The bill mandates all entities collecting or maintaining data, digitally or non-digitally operational in Pakistan, to register themselves locally and appoint a data protection officer. The National Commission for Personal Data Protection (NCPDP) will oversee the registration process and will establish sub-offices in provincial capitals and other necessary locations within six months of the bill’s passage.

    However, the approval of the Personal Data Protection Bill 2023 has raised concerns among international bodies representing internet-based platforms. The Asia Internet Coalition (AIC), through its Managing Director Jeff Paine, highlighted that the bill’s current form falls short of international data protection standards and imposes unnecessary complexities that may increase the cost of doing business and hinder foreign investment. The requirement for “critical” data to be stored locally and the restriction on cross-border transfer of other personal data could potentially limit access to global digital services for Pakistanis.

    In response to these concerns, the AIC has called for more transparent stakeholder consultations by the government. Digital rights campaigner and Meta board member, Nighat Dad, expressed similar sentiments, stating that while the bill addresses important issues, the lack of consultations is undemocratic.

    Despite concerns from international bodies, an official from the IT ministry defended the legislation, emphasising that the government’s primary responsibility is to protect Pakistan’s interests and its citizens. He asserted that commercial entities’ apprehensions are primarily driven by their business concerns.

    The approval of these significant bills marks a crucial step towards enhancing digital rights and data protection in Pakistan. As the nation progresses into a more digitally interconnected era, finding a balanced approach that addresses concerns from both local and international stakeholders will be crucial for the country’s digital economy and growth.

  • Russian officials urged to abandon iPhones over spying concerns

    Russian officials urged to abandon iPhones over spying concerns

    Russian officials have been advised to stop using iPhones due to unverified accusations made by the country’s intelligence service.

    The Financial Times reported that, commencing July 17, employees within Russia’s trade ministry will be prohibited from utilising iPhones during work hours. Other ministries, including one currently undisclosed, are reportedly planning to follow suit, along with the state oil company, Rostec.

    The decision to distance themselves from Apple products initially emerged in March when the Kremlin instructed officials to abandon the use of these devices due to concerns surrounding potential vulnerabilities exploited by US hackers.

    Subsequently, in June, the Russian government accused Apple of collaborating with US intelligence agencies, an allegation firmly refuted by the company.

    The accusation stemmed from a report by a cybersecurity firm, asserting that iPhones running outdated versions of iOS had been infected with malware, rendering them susceptible to eavesdropping, as reported by The Washington Post.

    Despite the claims made by Russia’s Federal Security Service (FSB), no substantiating evidence has been presented, and independent security experts have found no indication that Apple has incorporated any form of “backdoor” exemption into the device’s encryption.

    This is not to imply that no genuine security vulnerabilities exist. Following Russia’s allegations, Apple swiftly responded by releasing software patches for its iOS system, acknowledging the role played by researchers at the Moscow-based Kaspersky Lab in identifying these weaknesses.

    It is worth noting that the ban on official usage will not impact the general public. Apple withdrew from the Russian market in the wake of last year’s full-scale invasion of Ukraine. Nonetheless, Apple products continue to be imported from other countries.

    The iPhone 14 is listed by MTS, Russia’s largest cellphone provider, with a price tag slightly exceeding $1,200, while a comparable model retails for $999 in the United States.

  • Teen hacker causes millions in damages to Uber, Revolut, and Grand Theft Auto maker

    Teen hacker causes millions in damages to Uber, Revolut, and Grand Theft Auto maker

    During proceedings at a London court, prosecutors disclosed that a member of the hacking group Lapsus$, who is a teenager, successfully breached the security systems of Uber and fintech company Revolut.

    The individual in question, identified as Arion Kurtaj, allegedly gained unauthorised access to the personal information of approximately 5,000 Revolut customers in September 2022, while also inflicting damages amounting to nearly $3 million on Uber.

    Furthermore, the prosecution claims that Kurtaj proceeded to target Rockstar Games shortly after, hacking into their systems. In a Slack message addressed to all Rockstar staff, he purportedly threatened to disclose the source code of the highly popular video game franchise, Grand Theft Auto, which was under development for a forthcoming installment.

    Additionally, Kurtaj stands accused, alongside an unnamed 17-year-old co-defendant, of engaging in a blackmail scheme against BT Group (BT.L), the largest broadband provider in Britain, and EE, a prominent mobile network operator. This illicit activity reportedly took place between July and November 2021, during which the accused demanded a ransom of $4 million.

    Prosecutors assert that the duo, considered “key players” within Lapsus$, conducted a cyberattack on chipmaker Nvidia Corp (NVDA.O) in February 2022. They allegedly sought payment from Nvidia to prevent the public release of the company’s data.

    During the trial, prosecutor Kevin Barry revealed that the 17-year-old defendant had breached the cloud storage of the City of London Police, mere weeks after being apprehended in connection with the BT and EE hacking incident.

    According to Barry, Kurtaj later embarked on a solo cybercrime spree, commencing with the targeting of Revolut and subsequently Uber, followed by the intrusion into Rockstar Games’ systems.

    Kurtaj’s mental fitness to stand trial has been assessed by psychiatrists and found inadequate. Consequently, the jury will evaluate whether he committed the alleged acts, rather than delivering a traditional guilty or not guilty verdict.

    The charges leveled against Kurtaj encompass a total of 12 offenses, including three counts of blackmail, two counts of fraud, and six charges under the Computer Misuse Act.

    Meanwhile, the 17-year-old defendant is currently being tried for two counts of blackmail, two counts of fraud, and three charges under the Computer Misuse Act related to the hacking of BT and Nvidia. The defendant denies these charges but has previously pleaded guilty to two offenses under the Computer Misuse Act and one count of fraud.

  • Meta blocks over 1,000 malicious URLs disguised as ChatGPT and AI tools

    Meta blocks over 1,000 malicious URLs disguised as ChatGPT and AI tools

    The internet is becoming more hazardous as the number of scams on the internet increases. Social media giants are now alerting users to fraudulent ChatGPT apps that are circulating on the internet. It is essential for users to be vigilant and only download ChatGPT apps from reliable sources.

    Meta has identified scammers exploiting people’s interest in ChatGPT by enticing users to download harmful apps and browser extensions. Cybercriminals are taking advantage of people’s curiosity and trust in ChatGPT to launch attacks, using tactics similar to those used in cryptocurrency scams.

    Meta has discovered about ten malware families that pose as ChatGPT and other similar tools. These malware strains are used to compromise accounts across the internet. Once a user downloads the malware, the malicious actors can launch an attack and keep updating their methods to bypass security protocols.

    Meta’s Q3 2023 security report states, “Over the past several months, we’ve investigated and taken action against malware strains taking advantage of people’s interest in OpenAI’s ChatGPT to trick them into installing malware pretending to provide AI functionality.” The company has detected and blocked over 1,000 unique malicious URLs from being shared on their apps, protecting unsuspecting users from falling prey to these cyberattacks.

    Furthermore, Meta has reported these malicious URLs to their industry peers at file-sharing services where malware is hosted, enabling them to take appropriate action to protect their users and networks. Meta has taken significant steps to combat the threat posed by malware strains posing as ChatGPT and similar tools.

    Cybercriminals are also using other websites such as LinkedIn, Chrome, Edge, Brave, and Firefox to deceive people. Meta has taken action against nine groups worldwide who are attempting to influence people secretly and steal information.

    Meta advises people to be cautious and ensure that the things they download are safe. They recommend that people only download things from trusted sources.