“Cyber security issues in Pakistan”

An overview:

Activity in which computers are a tool, a target or a place of criminal acts. It is also stated
as an instrument to further illegal ends, such as committing fraud, stealing identities and
violating privacy .It also includes traditional crimes in which computers or networks are
used to enable the illicit activity. As the computer has become central to commerce,
entertainment, and government. Cyber crime has grown in importance.

Examples:

• E-mail account of a Federal Minister was hacked.

• Credit cards frauds reach to an alarming level.
• Visiting CEOs of Multinational Companies gets threatening E-mails.
• Financial institutions are the favorite targets of Cyber criminal’s - worst effecting
the technological and progress in the area of e –Commerce.
Online activities are as vulnerable to crime as real life situations are. Law makers, Law
enforcement and individuals need to know how to protect themselves. Though Cyber crime
used to exist way before the innovation of computer, the only difference involves the tools
used to commit the crime.

Some Main types of Cyber Crime are under:

1. Assault by Threat: Threatening a person with fear for their lives or the lives
of their families through Internet e.g. Email, videos or other networks like
Mobile Phones etc.
2. Cyber theft: Using a computer to steal. This includes activities related to
DNS cache poisoning, identity theft, fraud embezzlement and unlawful
appropriation, espionage etc.
3. Cyber terrorism: Premeditated, usually politically-motivated violence
committed against civilians through the use of, or with the help of, computer
technology.
4. Cyber laundering: Electronic transfer of illegally-obtained money with the
goal of hiding its source and possibly its destination.
History of Cyber Crime:

The origins of cyber crime can be traced back to early 60’s, the days without Microsoft
Windows, the Internet, or even the Personal Computer. In 1964, Stewart Nelson, a
student at MIT, used the university’s computer to generate the tones needed to access
their long distance phone service also called as ‘Blue Boxing’.

General Types of Cyber Crimes / Attacks

The following table depicts general types of cyber crimes / attacks.

Type Description / Examples

Financial Lottery announcements, cheating, credit card frauds, money
laundering etc.
Intellectual Software piracy, copyright infringement, trademarks violations, theft
Property of Source code etc.
Email spoofing /Sending e-mails that appear to originate from one source but actually
Spamming is sent by another source.
Hacking Unauthorized access to computer systems or networks, Stealing
information on computer hard disks, making control over websites.
Virus / wormFlooding viruses inside a network to produce associated damage to
Attacks resources.
Denial of ServiceCausing the network resource to crash in response to a flood of
Attack requests by an attacker resulting in denying authorized users access to
the service. A variation to a typical denial of service attack is known
as a Distributed Denials of Service (DDoS) attack wherein the
perpetrators are many and are geographically widespread.

Laws regarding cyber crimes:

Cyber laws:

The legal issues related to use of communications technology, particularly cyberspace,

i.e. the Internet. It is an intersection of many legal fields, like: Intellectual property,
Privacy etc. Cyber laws are an attempt to apply laws designed for the physical world to
human activity on the Internet

Cyber Laws in the World:

o Electronic Commerce Act (Ireland)
 o Electronic Transactions Act (UK, USA, Australia, New Zealand,
Singapore)
o Electronic Transactions Ordinance (Hong Kong)
o Information Technology Act (India)
o Information Communication Technology Act Draft (Bangladesh)

Cyber Laws in Pakistan:

o There are different laws promulgated in Pakistan.

o These laws not only deal with crime of Internet.

o These deal with all dimensions related to computer & networks.
o Two of them are most known.
o They are:
 Electronic Transaction Ordinance 2002
 Electronic / Cyber Crime Bill 2007

The fact is that these laws are only 20% compatible with rest of the world.

Cyber Security Regime in Pakistan, Still a Lot to be done!

The revolution of ICTs (INFORMATION AND COMMUNICATION TECHNOLOGY)
has fundamentally changed societies and sectors and would probably continue to do so in
the foreseeable future. These developments on one side of the coin have given shape to
unprecedented economic and social development, however they have also given birth to
new type of crimes called ‘Cyber Crimes’.

These types of threats are more vulnerable in a sense that they are not restricted by
geographical limitations or national boundaries. Along with encouraging the use of
Information and Communication technologies from their inception, economies are
looking at ways to counteract the consequences simultaneously. Technical measures to
protect communication networks are being implemented with a support of required
legislative measures to prevent and deter cyber attacks.

Cyber Security; Condition in Pakistan:

The cyber crimes of various types in Pakistan have increased in numbers by five times
over the past six years, reported CRI, citing cyber crime investigation officials. Quoting a
Cyber Crime Unit (CCU) official, newswire reported that 224 cases were reported in
2005, 196 cases in 2006, 62 cases were reported to the unit in 2007, 287 cases in 2008
and the ratio dropped in 2009 but in 2010 more than 312 cases were registered in
different categories of cyber crimes. According to the officials, these registered cases are
even less than 10 percent of actual crimes, while other crimes go un-reported, due to lack
of awareness and the law.

There are a number of cyber crimes in Pakistan mainly including cyber pornography, sale
of illegal articles, online gambling, intellectual property crimes, email spoofing, cyber
stalking, forgery, unauthorized access to computer systems/networks, theft of information
contained in electronic form, virus attacks, Trojan attacks, Internet time theft, password
cracking and financial cyber crimes (hacking of ATM card numbers and bank accounts).

Pakistan: A Country without Cyber Law:

Though Pakistan is new member of cyber world i.e. Mobile Networks and Broadband
connections and only few people know about cyber crime but in fact there is no such law
to prevent cyber crimes right now.

One such law called Cyber Crime prevention bill was passed by Pakistan Federal Cabinet
on Jan 17, 2007. The proposed law titled as “Prevention of electronic crimes bill”
offered penalties ranging from six month of imprisonment to capital punishment for 17
types of cyber crimes including cyber terrorism, hacking of websites and criminal access
to secure data. But this proposed law was unable to get tabled in Parliament and in fact
implemented as an ordinance by former President Musharraf on Jan, 07, 2008.

According to Ordinance, the accused could be fined one lack to five lack Rupees or three
to ten years imprisonment or both.

Ordinance was later endorsed twice by PPP government for renewal, until it lapsed in
November 2009 and was never taken care of then. As age of any Presidential ordinance is
only six weeks from the date of its promulgation in Pakistan, there is no such law at this
particular time to prevent cyber crimes in Pakistan.
In absence of any such comparative law there is strong urge on our legislators to pass a
law that can stand the complexities of today’s cyber world and apprehend the accused
instead of accusing people of political revenge and calling them the cause of
government’s own negligence and failure to meet the demands of today’s fast moving
cyber world.

An FIA official in a conversation said that agency has been reminding the concerned
departments about the lapse of ordinance, but apparently they are either busy doing other
businesses or they are deliberately not paying any attention. He said that Cyber Crime
law is supposed to be defined by Ministry of IT and Telecom, as internet domain is fairly
covered by IT Ministry. He further added that it is the need of the hour to get Cyber
Crime Law gets passed from parliament to make it permanent part of Pakistani law.

I recently heard from a friend that you can hack any mobile number and check the record
of sent and received text messages and calls. And the misery is that victim can’t fight his
privacy breach, unless he is a minister and use his influence to impose relevant sections
from penal code on culprit. If this is the situation of crime then one wonders where
government is and it is doing to stop such breach of privacy?

Pakistan has developed a strong institutional and legislative framework with regards to
Cyber Crimes / Security. However, there is a huge room available when it comes to
implementation and execution of security in the cyber world.

Moreover, our telecommunication and Internet service providers have also laid required
procedures for securing their infrastructures. Following text highlights the present status
of Cyber Attacks / Crimes mitigation at National level.

Electronic Transaction Ordinance 2002

ETO was passed by Government of Pakistan with the objective to recognize and facilitate
documents, records, information, communications and transactions in electronic form,
and to provide for the accreditation of certification service providers.

The ordinance also addresses Legal and safe trading aspect in order to protect the
interests of both the buyers and the sellers in the process of electronic sales and
purchases.
Prevention of Electronic Crime Ordinance 2009

PECO was passed by Government of Pakistan with the objective to define cyber crimes
and associated fines / punishment for the criminals.

The Ordinance addresses and lays down legislative terms for the following cyber crimes:

• Criminal data access

• Data damage
• System damage
• Electronic fraud
• Electronic forgery
• Misuse of devices
• Misuse of encryption
• Malicious code
• Cyber stalking
• Spamming
• Spoofing
• Unauthorized interception
• Cyber Terrorism
• Waging cyber war

PECO has completed its age as given in the Constitution of Pakistan. The Ordinance was
required to be re-promulgated in February 2010 which has not yet been executed.
Currently there’s no cyber law in Pakistan.

National Response Centre for Cyber Crimes (NR3C)– FIA :

In order to enforce the Prevention of Electronic Crime Ordinance 2009, Government of

Pakistan established an exclusive subsidiary entity under the Federal Investigation
Agency (FIA) responsible to deal with all types of electronic offences throughout the
country. National Response Centre for Cyber Crimes is working under the following set
of defined objectives:

• To enhance the capability of Government of Pakistan and Federal Investigation

Agency to effectively prevent growing cyber crimes.
• To build a Computer Forensic Laboratory, equipped with Hi-tech tools for
supporting NR3C operations in cyber crime cases.
• To establish a reporting centre for all types of Cyber Crimes in the country.
 • Investigation and prosecution of cyber criminals and to cope with high-tech
crimes.
• To enforce existing laws to combat electronic crime and to protect consumers.
• Develop and maintain expertise investigations of crimes involving high
technology.
• To provide on demand state-of-the-art electronic forensic services and cyber
investigator to Law Enforcement Agencies of Pakistan.
• International liaison/coordination with Law Enforcements Agencies of other
countries.

The wing has a comprehensive set of procedures available to any citizen of Pakistan for
reporting any incident related with Cyber Security / Terrorism.

National Telecommunications and Information Technology Security Board (NTISB)

Previously known as National Communication Security Board (NCSB), the NTISB Wing
at the Cabinet Division Serves as Secretariat to the NTIS Board. NTISB performs
following functions:

• Advise Federal Government on security aspects of the Policies concerning ICT

related services.
• Regulate induction of ICT security systems.
• Periodic inspections of communication centers in the public sectors.
• Administrative control of the Department of Communication security.

It’s apparent that government of Pakistan has done a lot to tackle this new wave of crime.
We have NR3C in place as a cyber police, however, it must be noted that they can’t
execute anyone without legislation. It is the need of the hour to legislate a law for cyber
world with keeping all the elements in mind.

Mr. Ammar Jaffri is currently working with FIA and National Response Center for
Cyber Crimes (NR3C) as Project Director. He quoted that

Banks and multinational companies are already convinced that they should have
Information security officers. There is an acute shortage of information security
specialists in Pakistan. There is an urgent need to introduce international certification like
CISSP etc. Recognized universities should also introduce bachelor and post graduate
degrees in the area of information security. We can also send such skilled manpower
abroad.
Cooperation among governments and between government and industry is the key to
combating crime in cyberspace and making the Internet a safe and secure environment
for e-commerce and communications. The National Response Center for Cyber Crimes
(NR3C) has played an important role in fostering such cooperation. An effort is being
made to develop a working liaison with International organization especially against
plastic money frauds and other financial crimes. In this regard NR3C has initiated to
establish SAARC/CERT. We are also planning to work with Muslim Countries under
OIC-CERT.

Conclusion:

It is concluded that we have some very fine laws and regulations to implement in the
Cyber Space, but the only lacking factor is the implementation of these laws, there are
very rare cases when the these laws have been practiced. Now need is to educate people
regarding what there rights are and the legal strength they have been empowered with.

I think there is an urgent need to create awareness in the general public on the threats of
Cyber Crimes and also to finalize the relevant laws, so that punishment may be given to
all those who are involved in Cyber Crimes.