Cyber security deficiency led to data theft at SECP, report finds

Published August 29, 2022
Logo of the Securities and Exchange Commission of Pakistan. — Photo courtesy: SECP website
Logo of the Securities and Exchange Commission of Pakistan. — Photo courtesy: SECP website

ISLAMABAD An initial report suggests that the data stolen from the Securities and Exchange Commission of Pakistan’s web­site recently was mainly due to the absence of a proper and updated cyber security mechanism.

A group of hackers scrapped off data of the commission’s directors by using a weak digital link at its website. The initial report, however, suggested the hacking could have been averted had the department conducted in time a test known as “vulnerability and penetration testing” for its website and IT systems, which was due in February this year. Incidentally, the SECP has yet to carry out the test.

While the data scrapped from the SECP website incl­uded the names of companies and their directors, three items of crucial back-end information were siphoned off by the hackers — the CNIC numbers, permanent addresses and names of the directors’ fathers.

Some of this information has been placed at a website, www.companieshouse.pk, and the SECP, with the cooperation of the Pakistan Tele­communication Authority (PTA), has been able to close it down. The authorities have been asked to cancel the domain registration of companieshouse.pk.

Meanwhile, a federal government agency, the Nati­onal Telecommunication and Information Security Board (NTISB), has approached the SECP for a briefing on the matter. The briefing is scheduled for Sept 1.

Sources told Dawn that the NTISB had requested a security agency to be part of the briefing as it was aimed at ensuring data safety in all government departments as well as in regulatory bodies. The NTISB advises the federal government on security aspects of information and telecommunication technology. Its board includes heads of Nadra, PTA and NTC.

Although the SECP has not confirmed it, sources in the government say NTISB experts have already started the preliminary work and the second phase of investigations, including the ground check of SECP, will be conducted after the SECP briefing.

In reply to a question, an official said the quality assurance team had executed the initial vulnerability scan and all weak links at the website had been strengthened.

“All the application programming secret keys used for data exchange with government entities have been changed, and a third-party security audit firm to conduct an independent Vuln­erability and Penetration Testing (VAPT) of website has been hired,” a spokesperson said.

Debate continues at senior levels in the SECP over conducting an independent inquiry over the hacking not only to determine flaws in cyber security but also to ensure that none of the human resource in the commission was linked with the data siphoning by hackers.

Published in Dawn, August 29th, 2022

Follow Dawn Business on Twitter, LinkedIn, Instagram and Facebook for insights on business, finance and tech from Pakistan and across the world.

Opinion

Editorial

Disregarding CCI
Updated 04 Nov, 2024

Disregarding CCI

The failure to regularly convene CCI meetings means that the process of democratic decision-making is falling apart.
Defeating TB
04 Nov, 2024

Defeating TB

CONSIDERING the fact that Pakistan has the fifth highest burden of tuberculosis in the world as per the World Health...
Ceasefire charade
Updated 04 Nov, 2024

Ceasefire charade

The US talks of peace, while simultaneously arming and funding their Israeli allies, are doomed to fail, and are little more than a charade.
Concerning measures
Updated 03 Nov, 2024

Concerning measures

The govt must seek political input and consensus on the changes it is seeking to make and be open about its intentions.
Short-lived relief?
03 Nov, 2024

Short-lived relief?

POLICYMAKERS must be jumping with joy. At the close of the first quarter of FY25, the budget posted a consolidated...
Brisk spread
03 Nov, 2024

Brisk spread

THE surge in polio cases has reached distressing levels with a tally of 45 last reported, after two cases emerged in...