Over the last few days, news of allegedly leaked audio clips from the Prime Minister’s Office has dominated social media and, later, mainstream media in Pakistan. The alleged hacker claims to have 8 GB of data covering 100 hours of audio. According to the hacker, the audios pertain to almost all of the country’s important appointment holders. As a sample, a few short audio clips have been released.
Cyberspace today provides global connectivity in an information environment based on an interdependent network of Information Technology infrastructure and resident data. Every day, it is estimated that at least four to five billion people connect to one or more devices. The widespread use of these systems demonstrates how technology has altered communication, education, business conduct, critical infrastructure management, and government operations. Many countries, including our eastern adversary, are known to be developing offensive cyber capabilities, though none admit it.
Although extensive connectivity has numerous advantages, the freedom to cross international borders has also encouraged many governments to establish organizational structures for national defense and power projection. The ease with which this technology is available has also encouraged many non-state actors to exploit cyber vulnerabilities. Over the last decade, militaries’ cyber units have evolved at an unprecedented rate, and serious cyber-attacks from both state-sponsored and non-state actors have become more common.
Possibilities of Alleged Audio-Clips Leakage in Pakistan:
There are numerous possibilities for communication leakage in the case of alleged audio clips in Pakistan. In official meetings, carrying a hacked mobile phone can be used to record conversations. E-office systems used in workplaces could be another option if the hardware or software is not developed locally, allowing backdoors into the system. Data can also be stolen from any recording equipment installed to record meetings. This is only possible with insider assistance.
If the recorded data is transferred to a server, it can be hacked from the outside as well as stolen by an insider. Another possibility is that a meeting participant purposefully left his phone or video recording on.
Sensitive meetings are typically not recorded on electronic devices. Furthermore, mobile phones are not permitted to be carried in sensitive official meetings for reasons of information security. If E-Systems is used in meetings, the hardware and software should be developed locally or verified by a Pakistani technical authority to ensure their safety and security. When not in use, official meeting rooms are kept locked to prevent the placement of bugging devices.
Furthermore, intelligence agencies are in charge of searching these rooms for any bugging devices. Such meeting rooms are located within the PM office and are (or should be) physically secure. However, one of the audios suggests conversations in the PM’s office or his home, implying that multiple locations in the PM Secretariat may have been bugged.
If the alleged data leak is true, there appears to be more than one violation. Mobile phones were either carried in meetings for intentional recording, or they were hacked, or recording devices were installed in meeting rooms and other important offices. If the recording device was hidden, it begs the question of who could have done it.
Another Threat to National Security:
If this is true, we may never be able to calculate the cost to national security because the Prime Minister’s office is the focal point for all national-level decision-making. The economic, diplomatic, and security implications of the leaked information may never be known. We may also be unable to determine the length of time the information was stolen and who possesses the information.
The fragility of Our Systems:
In any other country, those responsible for such failure would have accepted responsibility and resigned. This, however, is not to be expected in the land of the pure. Some serious data breaches in the SECP, NADRA and Finance Ministry in the past may not have been considered serious enough to demonstrate the vulnerability of our systems to cyber hacking and serve as a wake-up call to concerned offices. Despite the fact that the current incident has catastrophic consequences because the data can be used by hostile states and agencies to harm Pakistan, the government shows no signs of being serious about the issue.
Need to Revise Cyber-Security Policies:
The gravity of the situation, in my opinion, necessitates transcending party politics, organizational interests, and inter-departmental rivalries. A thorough investigation by a professionally capable team is required to assess the loss, the reasons for the data breach, and the identification of the individuals or organizations responsible for this national embarrassment and disaster. The team should also identify flaws in existing cyber security policies within high-level government offices and recommend changes to avoid future incidents.
Failures, causes of failures, and those responsible for failures, on the other hand, must not only be brought to a fair trial but also made public. To remain objective, the investigation must determine the cause of the data loss, and the reasons for the breach, and assign responsibility for the failure. The legality of various individuals’ actions involved in the conversations, as well as the political aspects of the conversations, should be left to the courts and other responsible departments. Because this incident reveals flaws in our systems, it requires thorough and immediate investigation because a nuclear power with 220 million people cannot be left rudderless and insecure in this manner.
