PHOTO: REUTERS
Suspicions have been raised over the possibility of the entire database of Pakistani nationals falling into the hands of hostile foreign spy agencies through a leak, said the country’s premier intelligence agency here.
The Inter-Services Intelligence (ISI) has shared its apprehensions with the National Data base and Registration Authority chief in writing.
“We [the agency] can’t rule out the possibility of leakage of sensitive database [of Pakistanis] to hostile agencies – the Research and Analysis Wing (RAW), Central Intelligence Agency (CIA) and Mossad,” said a report prepared by the ISI.
A copy of the report available with The Express Tribune suggests that the doubt is based on the ground that “the thumb-digitiser system the registration body uses was purchased from a French company of Israeli origin.”
It also said that through the connective of this important system, deliberately or unintentionally, the database could be leaked to anyone.
Worth around $10 million, the Automatic Finger Print Identification System (AFIS) was purchased by NADRA from a French company, Segem, in 2004. Now, the ISI has claimed that the French-based company is ‘reportedly of Israeli origin’.
NADRA has been advised by the agency to make efforts to develop indigenous software/hardware solutions and still, if needed, such procurements in future should be made from reliable and friendly countries rather than ‘rival’ or hostile countries.
Pakistan is among a few countries that do not recognise Israel as a ‘legitimate state’ and officially there exists no diplomatic relations between the two countries.
NADRA’s spokesperson was asked for his comments over the issue and a questionnaire was sent to him on September 2 but the registration body did not respond it.
However, an official of the media department, who wished not to be named, said, “NADRA neither denies nor confirms receipt of the report from the ISI over the issue.” During background conversations over the issue, some technical experts’ associated with NADRA laughed off the ISI’s claim, saying that it was not based on an understanding of NADRA’s working and its software.
“NADRA database is a closed one, that is, it is not available on [the] internet. So, there are no chances of hacking or leaking,” a senior technical expert claimed. In 2004, he said, NADRA obtained security clearance of the ISI before making this purchase from the said firm. “Indeed, Segem was the only firm until 2004 dealing in such software. In international market, there was no other finger print recognition system available in the world,” he said.
“In 2012, ISI had shared similar doubts and a team of their technical experts had conducted a thorough technical audit of software NADRA was using to ensure system was safe and no leakages or hacking was possible,” he said.
The expert said Segem now worked under the name Segem Morpho, which he claimed, was Pakistan Army’s vendor as well. “NADRA in 2013 also gave the multi-million contract of purchase of smart cards to Segem Morpho,” he added.
Automatic Finger Print Identification System – which has a capacity to verify some seven million finger prints in one second – was handed over to NADRA on September 7, 2004. During a ceremony, held at NADRA headquarters, NADRA former chief Brigadier Saleem Moeen had said NADRA would now have resources to identify any applicant by using its cutting edge technology, thus, eliminating chances of ghost applicants/recipients.
However, the claim of the ex-chairman has turned out to be wrong and thousands of aliens including foreign militants successfully managed to register themselves with the database in connivance with corrupt NADRA officials.
Published in The Express Tribune, September 14th, 2015.
So the world number 1 agency was caught again sleeping since 2004.Recommend
Corruption has almost destroyed Pakistan and now we are getting headaches to set it right. Yes, the question is, if NADRA is not corrupt then how did so many aliens settle in Karachi, Lahore, Peshawar, Quetta, the twin cities and elsewhere in Pakistan? SalamsRecommend
This is why the army should be running our sensitive institutions.Recommend
@the Skunk:
Well said. We don’t need foreign spy agencies. NADRA officials themselves will sell data for a price. Everything and everyone is purchasable for a price as shown by Zardari in his 5 years as Prez. Recommend
The only solution to have NADRA out of political control is to give it a constitutional status.The irony is, this cannot happen without political will of the parties. In all other cases, NADRA is already on the way to become another PIA, WAPDA etc over-staffed by political workers. We expect NADRA to provide services to Election Commission of Pakistan to conduct elections and get rid of the headmasters and corrupt lower judiciary.Recommend
“NADRA database is a closed one, that is, it is not available on [the] internet.”
Amazing ignorance. Does it really matter? At least 4 attack surfaces I can think of.
1- Buy out some NADRA official deputed at backup storage, the easiest and quickest of all.
2- Use some hidden technology very similar to VPRO to get access to data.
3- Install backdoor using technologies similar to STUXNET and then use NADRA network jacking for gaining access to data.
4- Passive monitoring of the NADRA network traffic and rebuilding of databases.Recommend
There’s a “doctor” shakeel afridi and a zardari in every government
department in Pakistan who can sell this country for money
so it’s never a problem for hostile agencies to buy
anything they want in this countryRecommend
The entire NADRA database has been compromised already and American and British agencies have access to all the information. And all this happened in the era of General Musharaf, the so called general of so called guardians of Pakistan. I wish I can abuse him here, but it will be moderated.Recommend
For data leakage to happen, a device or computer do not need to be necessarily connected to the Internet.
My advice to NADRA staff is to please get some information security training from good institute …Recommend
@Jameel ur Rasheed: If your statement is true; then Musharaf must be court marshaled. How dare did he allow access to Americans and Britishers to NADRA’s database? Pakistanis are not a herd of sheep and we must react to such news in a serious manner. Musharaf should also clear his position on this issue, though the then Israeli Prime Minister used to pray for him every day when he was the President of Pakistan.Recommend
NADRA has never got out of caves.Recommend
Who in their right mind ever thinks that ANY information within Pakistan is not for sale? Are we still so naive? When we have leaders like NS and Zardari and Kayani, can anyone truly believe that any information is beyond the reach of ANYONE with the right amount of dollars? Seriously?Recommend
Let’s take a deep breath and not get irrational. Malicious acts are definitely possible in software systems, but the fact that the system was from a vendor in Israel does not necessarily mean that they ‘hacked’ the data, which seems to be the overwhelming opinion.Recommend
Zardari, nawaz and Kiyani nexus weakened Pakistan and turned it into
an easy morsel for its enemiesRecommend
the thumb-digitiser system the registration body uses was purchased from a French company of Israeli origin
.
What does that have to do with anything? Pakistan may obsess about Israel but that doesn’t give credence to Pakistan conspiracy mentality.Recommend
if it was a threat they should not have started it, American CIA already has this db!Recommend
Nadra is a fail institution. They are even issuing numerous CNIC’s to one person. Fail countryRecommend