FBR reels under a major ‘cyberattack’
Data centre compromised, all websites down since 2am Saturday
Hackers have attacked Pakistan’s largest data centre run by the Federal Board of Revenue (FBR) and managed to break the hyper-V software by Microsoft, bringing down all the official websites operated by the tax machinery.
“There has been a national crisis like situation since 2.00 am Saturday morning and we may not be out of the woods by Sunday evening,” a senior official said while explaining the gravity of the situation to The Express Tribune on condition of anonymity.
The FBR’s official version was awaited till the filing of the story. “The FBR’s website is temporarily down for scheduled maintenance,” read the website when it was opened.
However, the authority issued a general press release regarding in-progress service optimisation activities at the FBR House Data Center, Islamabad.
The FBR explained that the technical team is currently migrating services. The completion of this migration shall result in the increased overall productivity of FBR IT Operations. This migration is necessary to facilitate the up gradation of the system in order to enhance the best services to our clients, the statement added.
“The stakeholders, who are being provided services from the data centre, are informed that there were unforeseen anomalies during the migration process, which has resulted in the unavailability of services, since early hours of the last night. The FBR team is ensuring restoration of services as soon as possible
to keep the downtime to a minimum. This activity is expected to be completed in the next 48 hours.”
It further stated, “FBR regrets and apologises for any inconvenience this may have caused and appreciates continued cooperation of the stakeholders.”
The official said the cyberattack has affected the virtual environment of the data centre.
“This time the data centre’s virtual machines were attacked and the attackers managed to exploit the weakest link, which is the hyper-V software by Microsoft Inc,” he added.
He said Pakistan has contacted Microsoft that is helping to recover it from the attack.
“It is cyber terrorism on our Independence Day,” said the official, adding that the attackers have not yet been identified.
“Since the virtual environment has been damaged, we are trying to create a new virtual environment that may take up to two days,” said another official from the information technology department.
“We are trying to restore the websites by tomorrow afternoon and the essential data centre by tomorrow evening, as we do not want to cause more damage by shifting data in haste.”
The sources said the hackers were making attempts to break the data rooms for the last few days and there was also a warning issued that a serious cyber-attack might take place soon. However, the FBR ignored those warnings and finally the hackers managed to take over some of the data.
Another source said the FBR came to know about the attack after the attackers started affecting the environment. The last serious attack on the FBR’s data centre happened on March 23 last year, which remained unsuccessful. But this time they managed to creep in the system, they added.
There has been a national crisis-like situation since 2.00 am yesterday and the country’s shipments have also started getting affected due to the shutdown of all FBR websites and data centres, said the sources.
The attacks come at a time when the government is reviewing a legal proposal to give the National Database Registration Authority (NADRA) access to the FBR’s database.
The FBR’s database is the largest that carries information of trillions of rupees transactions, the details of the wealth and income and expenditures of its citizens.
It also has details about their various personal and business transactions due to various types of withholding taxes that are being deducted on these transactions.
After knowing about the attack, the FBR issued an internal warning: it “experienced a severe cyberattack on our data centers. All applications have been shut down and need support from all teams”.
The sources said the FBR’s technology and data backbone –the Pakistan Revenue Automation Limited (PRAL) –is also down and compromised. The PRAL being a technology company was required to erect firewalls to protect its data centre but it failed to perform the task diligently.
The PRAL administration has gone haywire and appointments in the most important organisation have been made on the basis of favouritism.
Some of the board members instead of restricting themselves to the policy matters are indulged in operational issues that have resulted in grouping with the organisation, the sources said.
Sources pointed out that there was a need to fix responsibility on breach of security system. The FBR has also recently hired a chief information officer for better utilisation and protection of data, the sources added. They said due to the severity of the attack a pressure is also building on the Customs.
The consignments are stuck up at border stations which are of fresh vegetables and courier consignments apart from other goods. People are unable to get the benefit of Active Taxpayers List due to disconnection from the data source.