Cyber vandalism: Turkish hacker claims gaining access to NADRA, FIA servers

Eboz is targeting Pakistani websites to demonstrate his skills to country’s hackers.

Farooq Baloch December 15, 2012


The Turkish hacker – who recently defaced Google Pakistan’s webpage along with 284 other .pk domains – has claimed to have access to the National Database and Registration Authority (Nadra) and the Federal Investigation Agency’s (FIA) servers, potentially acquiring personal data of millions of Pakistanis.

According to a TechCrunch (TC) report published on December 13, the hacker, Eboz, had hacked the servers of PKNIC, the internet registry that manages top level domains for Pakistan on November 24, thereby defacing and hundreds of other websites with similar domains.

In a recent interview with TC, a reputable website for technology news and analysis, the hacker made fresh claims that he has access to Nadra and FIA servers. The former stores all the personal information of every Pakistani citizen, while the latter’s database contains confidential information that, if leaked, could pose a threat to national security.

According to the report, Eboz, between 17 to 21 years of age, is targeting Pakistani websites to demonstrate his hacking skills to Pakistani counterparts.

“Pakistani hackers are claiming to be [the] ‘world’s best hackers’,” he told the author of the report in the interview, which was conducted via instant messaging service. He particularly mentioned Pakistani hackers zombie_ksa and script-kiddie, who, he said, have hacked Google a few times.

“I do this to show them they are not [the] only ones hacking big targets on the planet,” the hacker said. “I also gained access to NADRA and FIA Pakistan, NADRA which holds information on every citizen in Pakistan, and [the] FIA which has every record of crime in Pakistan, [it is a] pretty good compilation,” he added.

Explaining how he gained access to these websites’ servers, Eboz said he used different methods. Pakistan is not as secure as it claims to be, he said. “SQL [SQL Injection, a technique used to attack a website] can be used to inject and spawn shell/backdoors,” he added.

Responding to a question about the defacement of the hacked websites, Eboz said he first hacks into a website, then extracts important information. After extracting the confidential data, he defaces the site, “Sometimes for political reasons, or maybe just for fun.” Describing what he does with the stolen data, he said that he hacked mass accounts from social networking giant Facebook and sold them on some forums to earn money.

When questioned about the credibility of his claim and whether he was the same hacker who defaced, Eboz shared the bug he used to take down the websites with TC. But it did not publish it on his request.

FIA, NADRA’s versions

When contacted, an FIA official said their data was secure and their website protected. He, however, said he could give a detailed response on Monday [December 17].

Issuing a statement, NADRA said that such claims of hackers were baseless and its core products and services were intact and enough security controls were implemented to safeguard citizens’ data.

Published in The Express Tribune, December 15th, 2012. 


anwar | 9 years ago | Reply

Totally believable story knowing the capabilities of NADRA. but the Turkish competence is not believable. It must be an Israeli posing as a Turk

Savvy | 9 years ago | Reply

NADRA's website does not contain any citizen database...It's mere website with superfluous introductory stuff about the authority. NADRA uses the most secured software systems which Pentagon and FBI are currently using. Even Hacker's father can't have a fig of access to NADRA's database that is not on internet, except mere website.

Replying to X

Comments are moderated and generally will be posted if they are on-topic and not abusive.

For more information, please see our Comments FAQ


Most Read