Dependencies of information systems is rapidly growing all over the world. However, security of these systems is very important as we heavily rely on such automated systems. This research identifies the weak areas of such systems specifically in Pakistan. Why is our public sectors website hacking percentage higher? How to mitigate this risk? This research will also show the impact and provide recommendations.
This study would be useful for all the organizations with little or no security layer and also for those who are not following the best practices.
Invention of Internet has been very effective for communication. This is not only a marketing tool for the organizations but also, a place to store the data in the Information Systems. It has countless advantages including easy access from anywhere around the globe, easy searching and sorting.
Website or Web Applications are normally hosted on the public IP and can be accessed from anywhere; therefore, ensuring the security aspect of information security is very important.
As the utilization of Internet has increased, the cybercrimes rate has also increased. The person who visits the system illegally and accesses the database that contains the information of the organization is commonly known as Cyber Hacker. The intensity of the cybercrime varies from hacking on an email account, social media account to the false information or signal providing to the airplane. Hackers can hide their identity since the physical presence is not mandatory for doing this crime.
Majority of hackers try to do hacking of major sites or applications like government entity instead of focusing on the small business, as the impacts of those sites are high.
Cybercrime rate in Pakistan is low as compared to developed countries. The major reason is that majority of the population still has no access to this technology. Having said that, 2015 can be called the worst year for in terms of hacking of Pakistan based websites. Now is the time to take preventive measures.
All of the major websites were hacked and the hacker(s) tried to give an explanation of this act as well.
Khyber Pakhtunkhwa (KPK) Assembly’s website hacked by some Iranian hackers during the Islamic month of Muharram. University of Sargodha’s website was hacked by a student as a result of his anger towards the management of the university. As a protest of 341 billion relief package for small farmers, farmers of Pakistan websites was hacked. The Lahore High Court website was hacked for the second time .The hacker left a message saying, “The hacking spree would be continued till freedom of Palestine.”
The major incident of 100+ websites hacked by Indian hackers in which over a hundred Pakistani websites including official government portals such as pakistan.gov.pk, president.gov.pk and cabinet.gov.pk were hacked as a payback for crashing the official portal of the Kerala Government. Pakistani Electric Power Company, Pepco, website was hacked and defaced by Pakistani hackers group, Pak Cyber Expert to show their anger over the load shedding in Pakistan. GEO TV website hacked because of the Axact case, spreading hatred and negativity instead of focusing on important news in Pakistan.
Senate Pakistan website hacked by Middle East hacker. The reason is that Pakistan didn’t send our troops in Yeman war.
The hacking of websites of some other countries by Pakistani hackers also happened during this year. Pakistani hackers hacked Indian Music Streaming Service on 29 May, 2015. After PM of India launched Digital India Campaign to reform the country through technology Pakistani hackers defaced the website of Chhatisgarh National Institute of Technology (NIT) on 2 July, 2015. On 27 September 2015 one of the Pakistani hacker hacked the official website of the Government of Kerala, a southern Indian state. The hacker also mocked the poor security that was in place. This is not the first time that Indian and Pakistani hackers are doing this kind of cyber war over the contentious issue of Kashmir.
Laws for cybercrime in Pakistan
The laws which are designed to punish or to control the criminal activities regarding cybercrime are referred to as Cyber Laws. Almost all of the countries have made laws for the prevention of cybercrimes. Cybercrime act created by Australia in 2001, while, UK created the Computer Misuse Act of 1990, and US created the Computer Fraud and Abuse Act of 1988, etc. Hacking has become one of the most violated crime in the world and it is going toward danger day by day.
In Pakistan, Prevention of Electronic Crimes Ordinance, 2008 is implemented to deal with cybercrimes. Under the section 3 of this ordinance, whoever gains unauthorized access to the electronic system illegally, shall be punished of either imprisonment of two years or fine of three hundred thousand rupees or with both.
During this year, National Assembly’s standing committee on Information Technology, has approved a cybercrime bill, which now likely to be presented in National Assembly for approval and soon to become a law of the land. According to this bill there are some amendments regarding the punishment of hacking a government website or unauthorized access to critical information. Under the Section 5, 7 and 8 of the newly proposed bill whoever commits a crime of hacking a Government official website or causes damage to it or stolen information shall be imprisoned up to 14 years or gets a fine up to 50 million rupees or with both.
The rapidly increasing rate of hacking websites in Pakistan is alarming for people and for the government as well. Therefore, some preventive measures must be taken in order to deal with this problem:
Implementation of Cyber-Crime Laws: The proper implementation of cyber laws in the country and ensuring that the hackers get punished according to their crime will help in decreasing the hacking rate in Pakistan.
Dedicated Human Resource for IT Security Measures: The government should announce some vacancies for CSO-Chief Security Officer in order for the properly supervise the security of government official websites. There should be a proper resource for IT security measures.
Prevention from SQL Injections: This is one of the easiest code injection techniques to get into the database. This is commonly used for websites/web applications. The best practices must be used in order to prevent with this technique.
Domain name and hosting
The DNS Configuration plays a vital role in the security of website. In Pakistan, the company which provides government domain that is “.pk” is PKNIC. A hacker can go to the database of PKNIC to enter into any government official website, so it is important to keep a check on your DNS Configuration as well.
Firewall Implementation: Firewall Implementation helps to know where your perimeter security goes, how to manage your firewall, how much you need, what precautions to be aware of and how to maintain your firewall.
Open Source Software: There are many softwares, which are free and open source which carries a lot of hacking risk to your website. Avoid installing those software for your website security.
Use SSL: Secure Socket Layers has to be installed specifically for all web application. This will definitely help to prevent information being read during the transit.
Passwords: The best practices of passwords security is to store in the encrypted values, preferably using one way-hashing algorithm such as SHA. This means you are comparing values with the encrypted values.
Limit File Uploads: Giving rights to the user to upload file is always a risk. Proper screening should be built for all the files incase if you have policy to upload file.
Keeping Software up to date: Keep the software up to date and takes the backup of the data frequently.
Double Authentication: Double authentication is way good idea to prevent the site from hacking. Mark the check on sent notification on every online transaction or login from any other unknown browser. In recent time’s big websites using message services. A code sent to your mobile for the double authentication of Login in to a website.
Tighten Network Security: Internal security has been taken very lightly in most cases, however this is one of the crucial areas for hacking. Hackers can go to the individual computers of the organization and can route to the main servers.
Impact on Economy: Hacking has a very negative impact on country’s economy. The country having high rate of hacking, will not enjoy good IT business throughout the world. Every year, reports of hacked businesses reveal staggering financial losses as a result. The cost of patching the holes in security, repaying customer losses, addressing lawsuits and weathering shutdowns of their systems contributed to those huge numbers.
Impact on Young Generation: Increase rate of hacking has a very negative impact on the young generation. The kids wonder to do something challengeable and experience some new things and harm others as well as themselves.
Impact on Society: The overall impact on the society is very adverse due to hacking. People fear to use Internet or making online transactions or interacting online, which leads the IT industry towards backwardness.
Impact on Organization: Organizations are affected badly due to hacking. It effects the overall reputation of the organization and in some cases it results in financial loss as well.
Data Loss: Hacking often results in a loss of data due to files being deleted or changed. Customer information can be stolen and deleted, or a leak of top-secret information could cause real-world security issues.
Hacking now a day has become one of the major problems of the world. Hacking can be used in the development of the country but the continuously increasing rate of Black Hat hackers is very harmful for the any country. Software Piracy is a crime but because of no proper punishments for such hackers, hacking is increasing in Pakistan. Some hackers do it for fun or adventure while others show their anger or reaction to the world. In both the cases the impact of hacking is very adverse on the society. Hacking is like a cancer that has very negative effects on the society. The security issues faced due to hacking needs some attention. Government should take proper steps and preventive measures in order to control this cybercrime otherwise, the time will come that this cybercrime will result in big disaster for the country.
(The writer is Head of ICT at Institute of Business Administration, Karachi, web: http://ict.iba.edu.pk)