November 21, 2018

Confusion looms over alleged hacking of banking data in Pakistan

ISLAMABAD: It seems as if the controversy involving the Pakistani banks is not going to be over soon as Federal Investigation Agency, FIA, alleged that the data of almost all the Pakistani banks had been stolen.

Talking to Dawn, the FIA’s Cybercrimes Director retired Captain Muhammad Shoaib claimed that “According to a recent report we have received, data from almost all Pakistani banks has been reportedly hacked.” He also claimed that the data was “hacked” by a group of “international hackers”.

However, the State bank of Pakistan, SBP, rejected these reports in a press release. It said: “There is no evidence to this effect nor has this information been provided to the SBP by any bank or law enforcement agency.”

When asked about the recent revelations by a Cyber Security firm PakCert about the alleged sale of  19864 debit card details over dark net, the SBP spokesperson reportedly termed the data of the report as “fake” but also said that the data shared in the PakCert report needed to be verified by the banks. He said that in order to verify them, the banks would have to purchase the data from dark net, then go through it to match with data they they had in their own data base. If the data matched, the next stage would be to assess if any abnormal transactions had been reported. “The banks might carry out some sort of verification at their end, but until that is done, there is no way to say that this is authentic information” in the threat intelligence report produced by PakCert.” he said while talking to Dawn.

Meanwhile, FIA has written letters to the banks and a meeting with the heads of the banks and FIA is on the cards for next week.

In the midst of these allegations about alleged hacking or breach of data,  PakCert’s CEO Qazi Muhammad Misbahuddin emphasized while talking to DRM that the data was exposed possibly either at the compromised ATMs or other places where the hackers had installed skimming devices.

On the other, some banks flatly rejected the idea that they had been victims of any breach.  As reported by The Nation,  Allied Bank, Askari Bank and MCB emphasized that their data was “secure”. While Askari Bank claimed that no such incident had been reported to them, MCB stated that not a single customer had been affected.

These assurances run contrary to the data shared in the PakCert’s  Threat Intelligence report according to which 493 debit cards of Askari Bank, 741 cards of Allied Bank and 1125 cards of MCB are on sale on the dark net.

Written by

Talal Raza is a Program Manager at Media Matters for Democracy. He has worked with renowned media organizations and NGOs including Geo News, The Nation, United States Institute of Peace and Privacy International.

No comments

leave a comment