Over the past few days, social media initially and later mainstream media in Pakistan have been abuzz with news of alleged leaked audio clips from the Prime Minister’s Office. The alleged hacker has claimed possession of 8 GB data covering audio time of 100 hours. According to the hacker, who has demanded 180 Bitcoin for sale of the data, the audios pertain to almost all important appointment holders in the country. A few short audio clips have been released as a sample. Authenticity of the audio clips and hackers’ claims are yet to be ascertained.
In today’s day and age, cyberspace provides global connectivity in an information environment dependent on interdependent network of Information Technology infrastructure and resident data. Significance of technology and internet access for modern society cannot be understated. It is estimated that at least four to five billion people connect on one or more devices every day. Extensive usage of these systems suggests how technology has changed ways of communication, education, conduct of businesses and management of critical infrastructure and execution of government functioning. Many countries, including our eastern adversary, are known for developing offensive cyber capabilities, though none acknowledges the same.
Although extensive connectivity offers numerous benefits, interconnectivity with freedom to cross international borders has also encouraged many governments to establish organisational set-ups for national defence as well as power projection. Ease of availability of this technology has also encouraged many non-state actors to exploit cyber vulnerabilities. During the last one decade, cyber units have evolved at an unprecedented rate in militaries and serious cyber-attacks from state sponsored and non-state actors have become increasingly frequent.
In the case of alleged audio clips in Pakistan, there are numerous possibilities of communication leakage. Carrying a hacked mobile phone in official meetings can be used for recording of conversations. E-office systems employed in workplaces could be another possibility if the hardware or software is not locally developed, opening the way for backdoors into the system. Data can also be stolen from any equipment installed to record meeting conversations. This can only be possible with insider help. However, if recorded data is transferred to some server, it can be hacked from outside as well as stolen by an insider. Another possibility could be of a member of the meeting intentionally keeping his mobile or video recording on.
As a rule, sensitive meetings are not recorded on electronic devices. Additionally, for reasons of security of information, mobile phones cannot be carried in sensitive official meetings. In case e-systems are used in meetings, the hardware and software should either be locally developed or verified by a Pakistani technical authority for its safety and security. Official meeting rooms are kept locked when not in use to prevent chances of placement of bugging devices. Additionally, intelligence agencies are responsible for scanning these rooms for any bugging devices. Such meeting rooms are well inside PM office premises and are (rather should be) physically secure. However, one of the audios suggests conversations in the PM office or in his house as well, indicating the possibility of bugging of multiple locations in PM Secretariat.
In case this alleged data leak is true, then there seems to have been more than one violation. Either mobile phones were carried in meetings for intentional recording, or they were hacked or recording devices were placed in the meeting rooms as well as some other important offices. If the recording device was placed covertly, it raises a question on who could do it and why intelligence agencies failed to uncover such a massive set up.
If true, we may never be able to estimate the damage caused to national security as the Prime Minister office is the hub of all national level decision-making. We may never be able to estimate economic, diplomatic and security consequences of the leaked information. We may also not be able to ascertain the duration for which the information was being stolen and who all possesses the information.
In any other country, those responsible for such failure would have owned/accepted responsibility and rendered their resignations. However, this is not expected in the land of the pure. Some serious incidents of data breach in the SECP, NADRA and Finance Ministry in the past were possibly not considered grave enough to demonstrate the fragility of our systems to cyber hacking and give a wakeup call to concerned offices. Despite the fact that the present incident is of catastrophic consequences as the data can be used by hostile states and agencies to harm Pakistan, there are no signs of seriousness of the government on the issue.
The seriousness of the matter in my view, requires rising above party politics, organisational interests and inter-departmental rivalries. There is a need for a thorough inquiry by a professionally capable team mandated to assess the loss, reasons for the data breach and identification of the individuals or organisations responsible for this national embarrassment and catastrophe. The team should also identify shortcomings in the existing cyber security policies within high-level government offices and recommend improvements to avert such incidents in the future. However, the failures, causes of failures and those responsible for the failures must not only be brought to fair trial but also be made public. To keep the inquiry objective, it must ascertain the data loss, reasons for the breach and assign responsibility for the failure. The political aspects of the conversations, legality of various individual’s actions involved in the conversations etc. should be left to the courts and other responsible departments. Since this episode highlights weaknesses in our systems, it needs rigorous and immediate investigation because a nuclear power with 220 million people cannot be left rudderless and insecure like this.
The author is a retired Air Marshal of the PAF who served as Pakistan’s Air Advisor at New Delhi from 2002-06, presently working as Advisor to the Chief of Air Staff on CASS and Director Emerging Technologies at the Centre for Aerospace & Security Studies, Islamabad, Pakistan. The article was first published in the Nation.