Pakistan’s Minister for Information Technology, Awais Ahmed Khan Leghari, presented a new policy aimed at countering cyber terrorism last week. He said he was primarily concerned with protecting national government websites from national or international attacks.
A committee set up to combat cyber terrorism threats to businesses and the government in Pakistan met three times last week to thrash out issues surrounding Pakistan’s growing online security concerns.
Numerous high-profile cyber attacks over the last few months appear to be politically motivated.
In January this year the official website of Ufone – the first mobile telephone service of the public sector and a subsidiary of the state-owned phone company Pakistan Telecommunication Company Limited (PTCL), was hacked by a group calling themselves the "National Data Security Agency of Pakistan" (NDSA).
The hackers left behind a web address stating Ufone’s company website has been made temporary unavailable "to protect it from Indian hackers" at: http://www.geocities.com/angel_2001_pk/ndsa/ufone.html.
The PTCL has since been working with the government to quickly implement measures to mitigate the risks of Denial of Service (DOS) attacks as well as drawing up a road-map for a new national online security policy.
A senior Ufone official, Salamat Ali, denied the attack has affected the provision of service to mobile phone customers. He said: “PTLC has certain securities which ensure the network of cellular phones cannot be disturbed."
He added the company would "definitely take action against the hackers" as they had attempted to cause damage.
Also in January, Pakistan’s official national website was victim to a hacking attack.
A message informing visitors the hack had taken place included an e-mail address – firstname.lastname@example.org – and a mailing address in New Delhi.
The infected message instructed thousands of computers to conduct a distributed denial-of-service attack aimed at the homepage of the Islamic Republic of Pakistan (pak.gov.pk). The virus also forced another Pakistani official site – infopak.gov.pk – to suspend service.
Asif Rashid Bhatti, director of an IT firm eZam Technologies, said: “Information security is a continuous concern with the exception of the banking or financial institutions.
“Many big systems users are still not consistently focusing on this issue,” he added.
Bhatti said: “According to Lloyd’s of London insurance syndicate, the ‘ILoveYou’ computer virus cost businesses throughout the world over $15 billion in lost productivity. In addition to losses from such hacking incidents, a number of countries are developing offensive cyber capabilities that could be used as part of a deliberate attack on an adversary.”
A spokesman for Pakistan’s Ministry of Information Technology, said: “The government will provide resources to implement the committee’s recommendations to improve network security via the new security policy as soon as possible.”