The Federal Board of Revenue (FBR) was using a pirated version of the Microsoft Hyper-V software which enabled the hackers to easily breach the tax authority’s system.
According to media reports, a preliminary internal investigation into the recent cyberattack on FBR has revealed that the use of pirated software was one of the reasons why FBR’s system got hacked.
The probe also disclosed that last year in January, Alice Wells, the then chief US diplomat for South Asian affairs, during a four-day visit to Pakistan, accused FBR of using a pirated software and warned the FBR about the possibility of a cyberattack on the tax authority’s system due to the use of a pirated software.
In response to the allegations, the FBR issued an absurd clarification, stating that it was unaware of the situation since Pakistan Revenue Automation (Pvt.) Ltd (PRAL) was the service provider for FBR.
On 12 March last year, PRAL issued a tender, seeking bids for the supply, installation, and configuration of network equipment, servers, data center precision cooling, upgrade and support for storage area network and backup solution, and Microsoft Windows for its Data Center in Custom House, Karachi.
Although PRAL set 13 April 2020 as the deadline for the submission of the bids, it has not yet disclosed the name of the firm that won the bid.
Recently, hackers breached the Microsoft Hyper-V software used by the FBR and took down the official website of the tax authority along with all of its subdomains.
Although FBR restored its official website and all of its tax-related functions, hackers put the FBR’s data on sale on a Russian forum for $30,000.
Following the cyberattack, Finance Minister Shaukat Tareen had issued stern directions to the FBR to carry out a complete appraisal of its system’s vulnerabilities in order to prevent similar incidents in the future.
Speaking exclusively with ProPakistani, Umair Ali Zafar, Principal Security Engineer at Ebryx, explained that hackers sent emails containing malicious documents in the attachments to FBR officials. These emails looked like they came from valid email addresses of the Govt of Pakistan, the Ministry of IT, and Telecom, but they were actually spoofed. The documents were crafted to gain the interest of the receiver, but when opened, infected the system.
Zafar added once a system got affected, it was used to gain access to other systems on the network, which led to the breach of the whole organization. At least since last Tuesday, the access to 1500+ systems of FBR was being sold online while threat intelligence about these emails was circulating since at least early July.