Finance Minister Shaukat Tarin has decided to take a third-party view before taking any action in case of the worst ever cyber-attack that brought down the Federal Board of Revenue’s (FBR) data centre for more than 72 hours.
The fresh information revealed that Pakistan’s premier spy agency had forewarned the FBR about high possibility of a cyber-attack, sources told The Express Tribune on Monday. But these warnings were ignored, resulting into either taking over or shutting down about 360 virtual machines of the FBR data centre, said the sources.
The 360 machines are almost half of total virtual machines, indicating the extent of damage caused to the data.
Based on technical inputs and initial findings, the FBR has submitted a report to the finance minister about the cyber-attack that took place before 2:00 am on August 14, said the sources.
“I will review the report and take third-party view before taking any action”, said Shaukat Tarin on Monday while responding to a question sent by The Express Tribune. The minister had been requested to comment whether he would take any action in case of data hacking of FBR since a report had been submitted to him.
The sources said that the premier intelligence agency had warned the FBR on Wednesday that a cyber-attack may take place on its data centre. They sources said that after that the FBR chairman had a discussion about precautionary measures.
To a question on whether he issued any instructions to shutdown systems to avoid data hacking, FBR Chairman Asim Ahmad replied, “No such instructions were given by me. In such circumstances, systems are not shutdown but very closely monitored, which was being done.”
Hackers attacked Pakistan’s largest data centre run by the FBR and managed to break those, bringing down all the official websites operated by the tax machinery.
In a press statement issued on Monday, the FBR said that “all applications having public interface have been operationalised and running smoothly”. These operationalised projects include FBR website, Paysis website, eFBR website, IRIS website, AJK IRIS website; IMS web service, PRA web service and Tax Asaan Mobile application, stated the FBR.
The sources said that the Pakistan Revenue Automation Limited (PRAL), which provides technical support to the FBR and also houses the data, took a lenient view of the threat. This was despite the fact that the Chief Information Technology Officer (CIO) who has been hired from HSBC bank, had pointed out system vulnerabilities and the possibility of its hacking after assuming his responsibilities few months ago.
The FBR’s is the largest database that carries information of trillions of rupees transactions, details of wealth and income and expenditures of its citizens. It also has details about their various personal and business transactions due to various types of withholding taxes that are being deducted on these transactions.
The sources said that the hackers had managed to “intrude” in almost 360 virtual machines and shut them down. They said that till Monday evening nearly half of these machines have been restored. All the current data that was in these machines at time of the attack has been lost, said the sources.
They said that in its initial report, the FBR and its technical wing has recommended reviewing the licenses regimes of all the software that it operates. It has also been recommended to review the relationship with Microsoft Inc, they added.
They said that the hackers intruded the system by hacking the login and passwords of the data centre administrators. This was done through Microsoft software.
The FBR’s technical wing’s initial assessment was that the hackers intruded in the system through Hyper-V link.
Another report, having names of government and private cyber security experts, stated that attackers targeted multiple Pakistani government organisations using spear phishing emails. Ultimately it affected the virtual environment by dismantling or destroying the virtual environment that was part of the infrastructure.
This report further stated that some systems were compromised, and attacker did had access to them through lures used email info stolen from the actual website of the Pakistan government and the subject used by this email was National Cyber Security Policy Draft.