Commerce Ministry’s EDF Website Faces a Massive Data Breach
The official website of the Export Development Fund (EDF) of Pakistan, an independent entity under the Ministry of Commerce, was hacked. It appears to be the second-largest security breach any Pakistani institution has ever experienced in almost a year.
Exclusive information made available until now depicts that the data dump, which is over 4GB in size, contains hexed passwords, email records, email history, files, and other critical information. The breach demonstrates how the actor had access to the EDF’s mainframe without difficulty and extracted official records from a wide range of categories.
According to the assessment, the website’s security was lax, which made penetration possible.
the veracity of the sample dataset, which also included sensitive data including meeting minutes, documents, proposals, and documents on proposals, as well as data on trade, information about bids, internal communications, interactions with foreign organizations, sensitive letters, etc.
Raw data snapshots show that the hacker is likely foreign-born and willing to sell the stolen information for $400 or the equivalent in Bitcoin through his Telegram channel.
It was reported that the EDF website had been restored a few hours after the attack, although the site had begun to include former prime minister Imran Khan and ex-commerce advisor Abdul Razak Dawood as its key officials. Following feedback from ProPakistani, the government updated the website once more.
Saleh Farooqi, the secretary of commerce, acknowledged that the EDF website had been hacked and subjected to a brute-force attack. He said that the server, which had been restored and was now operating properly, had been installed at COMSATS and was run by Ahamson/COMSATS.
The email server has also been activated and is now secured, according to the secretary. He continued by saying that emails typically contain information on projects as well as routine correspondence between officers and pertinent parties. These are internal communications, and they don’t seem to He added that the service provider and EDF are in direct contact, that protocols have already been changed, and that additional security measures are being implemented.
Hacking is a big issue, but EDF doesn’t handle our critical information. However, Our own fact-finding team will be there, Saleh continued.
The hack shows how the assailant obtained simple access to the EDF’s mainframe and extracted official papers from numerous categories. The examination found that the website’s security was poor and that intrusions were possible.
Raw data snapshots indicate that the hacker is eager to sell the stolen material for $400 or the equivalent in Bitcoin via his Telegram channel. He is most likely an outsider.
These hacking have recently made headlines in Pakistan, with the first significant attack occurring under the previous administration. Senior Ministry of Finance personnel’ official emails allegedly fell victim to a cyber security attack in December 2021. As a result, official correspondence containing private information about the IMF, FATF, CPEC, and other government agencies was compromised.
Data from SECP from last month was recently made public online. ProPakistani issued a timely alert, and SECP promptly deleted all the private data that was exposed on the hacked link.
According to information from a local news blog, the EDF website’s lax security allowed for the intrusion. Additionally, it is claimed that the threat actor has access to 4GB of data, which includes files, hashed passwords, email records, email history, etc. It also includes other private information of the state that is sensitive, such as meeting minutes, sensitive correspondence, proposals, proposals on proposals, trade information, information on bids, internal communications, interactions with foreign organizations, etc.
The hacker gained access to the mainframe of EDF and used that to acquire data from several categories. The hacker is foreign-born, as evidenced by the raw screenshots of the stolen data, and he is eager to sell the material through his Telegram channel for $400 or its equivalent in Bitcoin.
Way Forward
Despite the exposure of sensitive information, it is embarrassing to realize that once the system was breached, all trade-related coordination with foreign agencies and embassies lost all credibility. When investors commence sensitive correspondence with the Government of Pakistan, they establish a certain amount of trust. As a result of the nation’s failure to maintain the integrity of its records/sensitive material on the internet, it may take a very long time to rebuild that trust.
It is widely believed that through attacking and hacking into Pakistan’s online data, these hackers give economic intelligence to Pakistan’s enemies. It would be quite simple for another nation to damage Pakistan’s commercial connections with other nations in this situation. All they have to do to make life difficult for Pakistan is buy off the hackers and impose their own laws.
Despite these incidents, the National Telecommunication and Information Security Board’s (NTISB) recommendations are not being fully followed, and this issue needs to be rectified very soon. In order to manage, safeguard, and reduce network vulnerabilities, institutions must prioritize national security across all online platforms. This is an urgent requirement, and these issues must be looked into right away.
The NCP 2021 must be put into place in order to secure the IT infrastructure of the Pakistani government, which will entail a substantial investment and organizational reorganization.
Website Restored
According to the most recent information, both the email server and the EDF website have been completely operational. The emails, according to the secretary of commerce, comprise routine correspondence between executives and other important parties, which doesn’t appear to jeopardize the fund’s operations. The hacking of the EDF website, according to intelligence analyst Zaki Khalid, is just another disappointing illustration of how carelessly cyber security compliance is handled. “There are ongoing implementation gaps, notwithstanding the occasional recommendations made by subsequent governments. Internal monitoring is obviously weak,” he continued.
Conclusion
Despite these incidents, the National Telecommunications and Information Security Board’s (NTISB) recommendations are not being fully carried out, and this needs to change right away. To manage, monitor, and lessen network vulnerabilities, institutions must prioritize national security across all online platforms.
These challenges must be resolved right away because they are an absolute necessity.
To protect the Pakistani government’s IT infrastructure, the NCP 2021 must be implemented, which will require a substantial investment and organizational change.
You can also invest in other famous and most in demand housing societies, such as , Blue World City, Rudn Enclave, 7 Wonders City Peshawar, Taj Residencia, Kingdom Valley, New Metro City Gujar Khan, Forest Town Rawalpindi, University Town Rawalpindi, ICHS Town, Park View City Islamabad, Multi Gardens B17 Islamabad and Nova City Islamabad.
Al Sadat Marketing please contact 0331 1110005 or visit https://alsadatmarketing.com/
Few more real estate housing schemes which are trending now a days in Islamabad by including: Faisal Town Phase 2, Prism Town Gujar Khan, New City Paradise, Eighteen Islamabad, 7 Wonders City Islamabad, Capital Smart City, Silver City Islamabad, The Life Residencia, Faisal Town Islamabad, Islamabad Golf City, Islamabad Model Town and Marble Arch Enclave.
Al Sadat Marketing is an emerging Real Estate Agency headquartered in Islamabad, Pakistan. With over 10+ Years of experience, Al Sadat Marketing is providing its services and dealing all trending housing societies projects in different cities of Pakistan. Islamabad Projects, Rawalpindi Projects, Gujar Khan Projects, Burhan Projects, and Peshawar Projects etc.
Book Your Plot Now: +92 331 111 0005