Pakistani Hackers Selling
Pakistan Mobile User Data Publicly
Pakistani hackers had been actively seen on main stream media for defacing portals (defacing means to put their own page on the root domain) and penetrating into many countries servers to extract sensitive information. Such tactics are very common among hackers and they are usually employed by government intelligence agencies to serve spying purposes.
Latest news are emerging that a team of hackers has got over millions of Pakistani mobile users data containing their CNIC information (CNIC is term used for Pakistan National ID Card), name, home address including Pakistani politicians like Mr. Khwaja Saad Rafiq who is currently Railway minister.
Its really disturbing to see such massive amount of data is sold on internet and its certainly a security thread to the country itself. Currently no group has claimed the responsibility, and the government should have been closely monitoring this issue at the highest priority level.
To get massive amount of data is not possible without penetrating into a server if it has security flaws or it may be some insider of a company has provided that much bulk of data.
Every body needs privacy and don’t want to share their information with the whole world without their knowledge or approval. That’s where you see all TOS (Terms of service) on all websites where you are registering and sharing data to accept their way of how they will use your information. But selling your public information publicly is rather a very serious offense according to international and Pakistan laws.
What should be done ? Our proposal …
To describe a problem doesn’t solve the problem itself. The core solution of the problem lies in its analysis. The investigation should be started with gathering information about all registered companies and organization processing user data with aforementioned data set. The major organization that holds such data are NADRA (Pakistan National Database Registration Authority), major cellular operators such as Telenor, Mobilink, Ufone, Warid, Zong and all banks. After that each company servers needs to be tested for security vulnerabilities which are exposed directly to the public internet without intermediate firewall. There are lots of tools on internet or security companies which provides certain frameworks with tools to run on servers to check for latest hundreds of thousands of vulnerabilities. If all the servers are intact, the operator controlling servers should be investigated for their involvement.
Unfortunately if these hackers really penetrated some servers then it may not be possible to find their tracks as they use linux rootkits which includes a set of tools to not track any footprints during their intrusion in the system. It includes their IP addresses (of course it will be some third party servers and not their real IP addresses), commands execution, SQL commands and a lot more.
There are certainly thousands of things that could be done to improve server security and avoiding any potential breaching of an individual or organization sensitive systems. The only thing it requires is a security expert which we never take seriously.