FBR reels under a major ‘cyberattack’

Data centre compromised, all websites down since 2am Saturday

Shahbaz Rana August 15, 2021
There are about 156 disciplinary cases that have been pending for years despite a commitment by Prime Minister Imran Khan to weed out corrupt people from the FBR. PHOTO: FILE


Hackers have attacked Pakistan’s largest data centre run by the Federal Board of Revenue (FBR) and managed to break the hyper-V software by Microsoft, bringing down all the official websites operated by the tax machinery.

“There has been a national crisis like situation since 2.00 am Saturday morning and we may not be out of the woods by Sunday evening,” a senior official said while explaining the gravity of the situation to The Express Tribune on condition of anonymity.

The FBR’s official version was awaited till the filing of the story. “The FBR’s website is temporarily down for scheduled maintenance,” read the website when it was opened.
However, the authority issued a general press release regarding in-progress service optimisation activities at the FBR House Data Center, Islamabad.

The FBR explained that the technical team is currently migrating services. The completion of this migration shall result in the increased overall productivity of FBR IT Operations. This migration is necessary to facilitate the up gradation of the system in order to enhance the best services to our clients, the statement added.

“The stakeholders, who are being provided services from the data centre, are informed that there were unforeseen anomalies during the migration process, which has resulted in the unavailability of services, since early hours of the last night. The FBR team is ensuring restoration of services as soon as possible

to keep the downtime to a minimum. This activity is expected to be completed in the next 48 hours.”
It further stated, “FBR regrets and apologises for any inconvenience this may have caused and appreciates continued cooperation of the stakeholders.”

The official said the cyberattack has affected the virtual environment of the data centre.
“This time the data centre’s virtual machines were attacked and the attackers managed to exploit the weakest link, which is the hyper-V software by Microsoft Inc,” he added.

He said Pakistan has contacted Microsoft that is helping to recover it from the attack.
 “It is cyber terrorism on our Independence Day,” said the official, adding that the attackers have not yet been identified.

“Since the virtual environment has been damaged, we are trying to create a new virtual environment that may take up to two days,” said another official from the information technology department.
“We are trying to restore the websites by tomorrow afternoon and the essential data centre by tomorrow evening, as we do not want to cause more damage by shifting data in haste.”

The sources said the hackers were making attempts to break the data rooms for the last few days and there was also a warning issued that a serious cyber-attack might take place soon. However, the FBR ignored those warnings and finally the hackers managed to take over some of the data.

Another source said the FBR came to know about the attack after the attackers started affecting the environment. The last serious attack on the FBR’s data centre happened on March 23 last year, which remained unsuccessful. But this time they managed to creep in the system, they added.

There has been a national crisis-like situation since 2.00 am yesterday and the country’s shipments have also started getting affected due to the shutdown of all FBR websites and data centres, said the sources.

The attacks come at a time when the government is reviewing a legal proposal to give the National Database Registration Authority (NADRA) access to the FBR’s database.

The FBR’s database is the largest that carries information of trillions of rupees transactions, the details of the wealth and income and expenditures of its citizens.

It also has details about their various personal and business transactions due to various types of withholding taxes that are being deducted on these transactions.

After knowing about the attack, the FBR issued an internal warning: it “experienced a severe cyberattack on our data centers. All applications have been shut down and need support from all teams”.

The sources said the FBR’s technology and data backbone –the Pakistan Revenue Automation Limited (PRAL) –is also down and compromised. The PRAL being a technology company was required to erect firewalls to protect its data centre but it failed to perform the task diligently.

The PRAL administration has gone haywire and appointments in the most important organisation have been made on the basis of favouritism.

Some of the board members instead of restricting themselves to the policy matters are indulged in operational issues that have resulted in grouping with the organisation, the sources said.

Sources pointed out that there was a need to fix responsibility on breach of security system. The FBR has also recently hired a chief information officer for better utilisation and protection of data, the sources added. They said due to the severity of the attack a pressure is also building on the Customs.

The consignments are stuck up at border stations which are of fresh vegetables and courier consignments apart from other goods. People are unable to get the benefit of Active Taxpayers List due to disconnection from the data source.


ikram | 2 years ago | Reply

Unfortunately the services are still down. As an overseas Pakistani tying from Australia i am trying to register myself as filer in Pakistan however it is very shameful that i cant register myself due to the fbr site been hacked. offcourse the fbr dont know the importance of license version of MS products and the rest of the pakistani are facing these issues. This is what the projection of importance of IT to the world and especially to pakistanis from FBR. how will they educate their youth of IT importance and how will they progress...

Replying to X

Comments are moderated and generally will be posted if they are on-topic and not abusive.

For more information, please see our Comments FAQ