Sensitive data belonging to KP police has reportedly been compromised and put up for sale on the internet by an international hacker group. A user, claiming knowledge of the compromised data, tweeted; “A foreign-origin hacker is selling 1,400+ official documents including facial records belonging to KP police.”
A foreign-origin hacker is selling 1,400+ official documents including facial records belonging to KP Police. A sample has also been shared. Documents that are for sale can be sorted based on Gender, District, Police Station, Crimes etc
— Zaki Khalid (@misterzedpk) December 29, 2021
Analysts views on the compromised data
There is no official word on the compromised data from KP Police and provincial government but a Rawalpindi-based strategic analyst Zaki Khalid said; “The hacker is based overseas and regularly sells hacked databases of different targets in multiple countries. In this case, he was first observed sharing login credentials for the KP Police access panel in August 2021. It is only recently that he announced compilation and sharing of acquired documents.”
Just a day back, hackers compromised the data of senior officers of the Ministry of Finance who were in a cyber security breach. This is the second high-profile incident involving a data breach of a government institution that took place. NITSB regularly issues advisories to government institutions to ensure they keep their antivirus software and other security protocols updated.
Read more: The Official Data of Ministry of Finance Gets Leaked
Reddit users on KP police data breach
Reddit users slammed Pakistan’s government for taking cyber security lightly and not doing enough for strengthening the cyber security structure. A user wrote; “Honestly, we are doomed if we don’t take it seriously. Our national secrets and deals being out in the open is an embarrassment. Government offices here regularly use Gmail, for sensitive and #topsecret stuff. It’s beautiful.”
Meanwhile, other users exposed the known vulnerability, stating; “Security is not all about access. You can be on the internet and still well secure. There are many ways you can reduce attack surfaces. One thing I noted in the Pakistan Gov IT service is one point of contact. This means somewhere there is a dude with absolute administrative access to absolutely all data. This is because gov like to keep it simple. If there oss has a problem with the computer he will ask for this one guy. Most basic security rules like passwords expiry, strength etc are ignored. Passwords are taped to monitors.”
Source: Pro Pakistani