After conducting a preliminary internal investigation on the recent FBR cyber-attack, it has been discovered that the use of pirated software was one of the reasons why FBR’s data got hacked. Following the revelation, FBR has issued a clarification on the news aired by leading news channels concerning the employment of pirated software by the revenue board for its systems.
The Cause of FBR Cyber-Attack is the Usage of Pirated Software
The federal bureau was using a pirated version of the Microsoft Hyper-V software which facilitated the hackers to easily breach the tax authority’s system. To which the FBR explained that the IT assistance for the federal and provincial tax jurisdictions such as FBR, Sindh Revenue Board (SRB), Punjab Revenue Authority (PRA), etc, are being implemented by the Pakistan Revenue Automated Pvt Limited (PRAL), which further involves maintaining the data centers.
Read more: Shaukat Tarin to Take Third-Party View on FBR Cyber-Attack
According to FBR, there are numerous software products in the data centers, which are being employed to execute different purposes such as cyber security, virtualization, firewall, etc, it said. Key firms whose products are being utilized included Oracle, Microsoft, VMware, Kaspersky, etc. The FBR clarified that the licensed versions of these softwares have been acquired. It also stated the original license of the product remains intact if the support to the software terminates.
Nevertheless, at times the support for these services may not get renewed in a convenient form due to impending circumstances. The FBR further clarified that in 2019, the problem of VMware licensing was raised by the US government, which was approached by obtaining the necessary licenses after following the relevant methods as laid down in the Public Procurement Regulatory Authority (PPRA) rules. For more than a year now no such concern regarding VMware has emerged, the FBR added.
US Diplomat Had Warned FBR of a Possible Cyber Attack
In addition to this, the investigation also revealed that last year in January, Alice Wells, the then chief US diplomat for South Asian affairs, while a four-day visit to Pakistan, cited FBR of using a pirated software and informed the FBR about the possibility of a cyberattack on the tax authority’s system due to the application of a pirated software.
Read more: Post Cyber Attack on FBR, Hackers Are Selling Network Access on Russian Dark Web Forums: HackRead
FBR Denies Knowing Any Prior Information Concerning a Possible Attack
In response to the accusations, the FBR published an unreasonable clarification, declaring that the agency was unaware of the condition since Pakistan Revenue Automation (Pvt.) Ltd (PRAL) was the service provider for FBR. Following the FBR cyberattack, Finance Minister Shaukat Tarin had issued strict directions to the FBR to perform a complete assessment of its system’s vulnerabilities in order to deter similar occurrences in the future.
Source: Pro Pakistani