Cyberattack on ECP; security alert issued

There has been a cyberattack on the Election Commission of Pakistan (ECP), following which its authorities have issued a security alert.

After the cyberattack, the employees of the commission have been instructed not to use emails.

The security alert tells ECP employees not to open the emails they receive.
It adds that opening their emails can allow hackers to steal the commission’s valuable information.

The ECP officials have been ordered to ignore anonymous emails.

The alert, dated July 6, and written by ECP Information Security Specialist Naveed Ahmed Kandhir, shared a screenshot of an email sent to a commission official that asked the recipient to open an attached RAR file titled “Cabinet”.
The electoral watchdog, referring to the email, said someone was sending them to all the commission’s officials.

The ECP said it was a “ransomware attack” aimed at trying to steal information.
The commission asked its employees not to open such emails, ignore them and report them as spam.

Last month, Pakistan’s national security had once again been compromised because of the negligence at the National Institutional Facilitation Technologies (NIFT).

Cyber attackers managed to breach the security of the cheque-clearing institution, gaining unauthorised access to data and forcing the banking system to resort to a manual system despite the prevalence of digital technology.

Even after seven days since the cyberattack occurred, the NIFT is still in the process of fully restoring its normal operations.

Cheques are being cleared manually nationwide, and digital payment services remain halted.

The NIFT issued a statement claiming that there was no “significant compromise” of its data or systems.

However, the statement suggests that some level of security breach did occur, although it was considered insignificant.

In May this year, Pakistan told a UN Security Council's "Arria-Formula" meeting that a legally-binding instrument that addressed the interests of all states would be the best option to deal with increasing cyber threats to international peace and security,

“Cyberattacks are taking place with increased intensity across the entire spectrum of our social, economic, and political domains, with devastating impact on critical infrastructure and societies,”  Deputy Permanent Representative of Pakistan to the UN, Ambassador Aamir Khan, told the participants of the huddle.

Albania and the US convened a 15-member council meeting on ‘Responsibility and Responsiveness of States to Cyberattacks on Critical Infrastructure’ under the format of the Arria formula, which is named after a former Venezuelan UN ambassador, Diego Arria.

The Arria formula is an informal consultation process that affords the council the opportunity to hear people in a confidential, informal setting. In his remarks, Ambassador Aamir Khan said the Security Council was currently unable to address the problems posed by cyberattacks because of its paralysis.

“Therefore, it would be salient to suggest that only a legally binding instrument tailored exclusively to address the specific conditions and interests of all states would be the best way forward,” he added.

(With input from agencies)