The Turkish hacker – who recently defaced Google Pakistan’s webpage along with 284 other .pk domains – has claimed to have access to the National Database and Registration Authority (Nadra) and the Federal Investigation Agency’s (FIA) servers, potentially acquiring personal data of millions of Pakistanis.
According to a TechCrunch (TC) report published on December 13, the hacker, Eboz, had hacked the servers of PKNIC, the internet registry that manages top level domains for Pakistan on November 24, thereby defacing google.com.pk and hundreds of other websites with similar domains.
In a recent interview with TC, a reputable website for technology news and analysis, the hacker made fresh claims that he has access to Nadra and FIA servers. The former stores all the personal information of every Pakistani citizen, while the latter’s database contains confidential information that, if leaked, could pose a threat to national security.
According to the report, Eboz, between 17 to 21 years of age, is targeting Pakistani websites to demonstrate his hacking skills to Pakistani counterparts.
“Pakistani hackers are claiming to be [the] ‘world’s best hackers’,” he told the author of the report in the interview, which was conducted via instant messaging service. He particularly mentioned Pakistani hackers zombie_ksa and script-kiddie, who, he said, have hacked Google a few times.
“I do this to show them they are not [the] only ones hacking big targets on the planet,” the hacker said. “I also gained access to NADRA and FIA Pakistan, NADRA which holds information on every citizen in Pakistan, and [the] FIA which has every record of crime in Pakistan, [it is a] pretty good compilation,” he added.
Explaining how he gained access to these websites’ servers, Eboz said he used different methods. Pakistan is not as secure as it claims to be, he said. “SQL [SQL Injection, a technique used to attack a website] can be used to inject and spawn shell/backdoors,” he added.
Responding to a question about the defacement of the hacked websites, Eboz said he first hacks into a website, then extracts important information. After extracting the confidential data, he defaces the site, “Sometimes for political reasons, or maybe just for fun.” Describing what he does with the stolen data, he said that he hacked mass accounts from social networking giant Facebook and sold them on some forums to earn money.
When questioned about the credibility of his claim and whether he was the same hacker who defaced google.com.pk, Eboz shared the bug he used to take down the websites with TC. But it did not publish it on his request.
FIA, NADRA’s versions
When contacted, an FIA official said their data was secure and their website protected. He, however, said he could give a detailed response on Monday [December 17].
Issuing a statement, NADRA said that such claims of hackers were baseless and its core products and services were intact and enough security controls were implemented to safeguard citizens’ data.
Published in The Express Tribune, December 15th, 2012.