2020 is often called the Year of Digital Pandemic since it registered the largest number of hacking incidents in recent memory. This year is not far behind as even the most sophisticated systems across the world can’t claim to be fully secure.
With this in mind, system hacking in Pakistan should not come as a surprise. The country is in the process digital modernisation in key departments and ministries and the transition from the old to the new has its own vulnerabilities.
Yet not every incident can be treated as a run-of-the-mill job by devious minds, practitioners of malwares; some have serious security and financial implications.
That explains why the recent hacking of the system of Pakistan’s Federal Board of Revenues (FBR) — the national nerve centre of revenue collection, tabulation and documentation of taxation related inflows and outflows — is creating waves.
Large scale of disruption
The hackers attacked the FBR data centre and caused to down all official websites operated by the tax machinery for more than 72 hours. The attack was identified immediately because of the scale of disruption that it caused. There were hectic efforts to restore the websites and locate the damage done.
The system came back to normal life after days of frenetic attempts. Officials don’t know yet if the attack was able to alter the core data base, temper with records or outrightly deleted/destroyed some of them. For now, there are sighs of relief all around that the ordeal is over.
FBR’s officials claim that they acted with swiftness and were able to thwart this massive invasion. Other bodies such as the Pakistan Revenue Automation Limited, that deal with protection of the systems, are also satisfied that the reaction has been fairly potent and effective. Yet doubts and questions remain.
There is no clarity on how the hackers did scale such solid walls of filters as claimed by the tax body. Some reports claim that the hackers “intruded the system by hacking the login and passwords of the data centre administrators.” The reports also cite another possibility: The FBR’s technical wing’s initial assessment was that the hackers intruded in the system through Hyper-V link.
Modernising Pakistan's digital systems
This confusion should have been removed by now and precise mode of attack and the abuse of vulnerabilities should have been identified. Moreover, there has been a consistent global financial assistance made available to FBR to modernise its digital systems.
World Bank loans worth millions of dollars have been earmarked for the purpose. The digitisation drive has been in the works since the 90s. The global assistance is made available because FBR’s work is crucial to turning around a deficits-afflicted economy and create fiscal space for human development-related and other projects.
The government’s reliance on digitisation can be gauged from the fact that the federal cabinet recently moved all its work online and created a paperless environment in the Prime Minister’s Office.
The finance ministry aims to raise over 250 billion rupees worth of revenue this year by installing nearly 62 thousand new Point of Sale machines that atomise sales and the taxes that need to be paid. With so much riding on digitised data base, the hacking incident looks like a major lapse.
Some reports suggest that the World Bank assisted digitisation efforts were allowed to momentarily slip and that created the window of hacking opportunity for those waiting to cause a breakdown. A report even claimed that the intelligence services had sent out timely warnings of a major cyberattack being planned.
And it is not just the economy that now relies on digital assumptions. Politics too has become technology-centred ever since the government started to push the idea of shifting voting for nearly eleven hundred million voters onto electronic voting machines.
The opposition alleges the system may be open to exploitation while the government claims that is the path to complaint-free polls.
Between this sparring of fear and expectations lies a long path strewn with hackers, both local and international.
If FBR’s systems are sitting ducks, can new voting machines be safe? A satisfactory answer to the query will only be available if and when the details of the attack that brought down FBR’s websites are made available. A technical issue is now overloaded with political overtones.
Syed Talat Hussain is a prominent Pakistani journalist and writer. Twitter: @TalatHussain12