The surging threat of cyber-fraud
A major case of cybercrime engulfed Pakistan’s financial hub of Karachi recently. A debit card scam that targeted several consumers of three private banks emerged right before Eidul Fitr, prompting complaints with the Federal Investigation Agency’s (FIA) Cybercrime Unit of strange financial activities.
Hundreds of customers of one of Pakistan’s largest banks reported that they had lost money over the previous few days due to a technical fault with the bank’s services. The targeted customers also said were left in the dark about certain bank transfers, bill payments, and online purchases that were notified to them without their knowledge or approval. The bank’s staff informed the irate clients that their services were experiencing problems and that the bank was working hard to resolve the problems. Customers also stated that their cards had been momentarily disabled.
As the complaints piled up, debit card fraud was suggested as a likely explanation for the shady transactions. This particular type of fraud is committed by robbing and modifying ATMS so that they replicate debit card information whenever a user enters their card into the machine. The card’s key pins are also taken using key loggers, and the cards are then utilised on the Internet.
Overseas thieves utilised compromised data from many debit cards to execute fraudulent financial transactions in foreign currencies to steal from a leading bank in Pakistan that offers online banking services. The financial organisation had to block foreign financial transactions using debit cards for practically all of its customers as a result of the incident.
As the fraudulent transactions were made in dollar denominations instead of Pakistani rupees, any customer who wanted to use a debit card for Internet banking had to first activate the service. Failure to do so resulted in the transaction being denied and online service suspended for the account for safety reasons.
There were multiple fraudulent transactions of minor sums from multiple accounts. However, it was unclear how much money cyber criminals operating from abroad stole from how many bank accounts in Pakistan.
As the use of digital banking has grown in Pakistan over the last two years, data breaches have correspondingly become increasingly common in the country, despite the banking regulator and relevant ministry issuing a strong cyber security strategy. Over the past six months, data breaches have affected not just banks, but also numerous government organisations, such as the Federal Board of Revenue (FBR) and the Ministry of Finance, necessitating the need for both public and private financial institutions to develop and implement a comprehensive strategy to secure their customers and systems from hacking attempts.
Almost all of Pakistan’s banks were hacked in 2018 and huge sums of money were stolen from people’s accounts by the perpetrators. The cyber-security incident exposed over 19,000 card details from 22 Pakistani banks. The discovery came in response to a tip by Group-ib, a multinational cyber security group, which claimed that hackers had exposed a massive number of Pakistani individuals’ credit and debit cards on dark web forums. Among these, krebsonsecurity.com reported that over 8,000 account holders from roughly ten Pakistani banks had lately been sold on the dark web.
K-electric, the city of Karachi’s energy provider, was targeted by a Netwalker ransomware attack in September 2020, which disrupted billing and online services. The attackers stated that unless the management paid a $7 million ransom, all of KE’S customers’ information, including names, addresses, CNICS, NTNS, credit cards, and bank account numbers, would be leaked in the dark web.
Hackers stole the personal information of 260,000 users from a Pakistani music streaming site in January 2021. In August 2021, hackers attacked Pakistan’s largest data center controlled by the Federal Board of Revenue (FBR) and managed to crack the hyper-v software by Microsoft, shutting down all the official websites operated by the tax machinery.
Despite the fact that the FBR’S official website and tax-related operations were restored, hackers sold the FBR’S data for $30,000 on a Russian forum. A cyberattack on the NBP’S servers was detected in the late hours of October 29th and early hours of October 30th, 2021, affecting some of its online services.
At least three other notable cyber-attacks are the Careem security breach in April 2018, which compromised the data of customers from Pakistan and other countries; the attack on Peshawar ATMS in December 2020; and the breach of various websites, including those belonging to the Sindh High Court in July 2021 and PTV Sports in August 2020, among others.
Some senior Pakistani officials’ cellphones were hacked in 2019 for covert surveillance. The attack was carried out using a particular sort of malware known as “Pegasus,” which was purportedly developed by Israeli spyware firm NSO Group.