Biggest Ever Hack at Finance Ministry Reveals State Secrets

By Muhammad JuniadPublished On 06 Jan 2023

The official data of the Finance Ministry of Pakistan has been leaked in what appears to be the biggest cyber security breach any Pakistani institution has ever faced.

In December 2021, a hacker, belonging to an unfriendly country, had claimed to have hacked the official data of the Finance Ministry, which was categorically rejected by the ministry’s spokesperson, Muzammil Aslam.

Three months later, the hacker has released some of the sensitive data of the ministry. This data contains confidential information related to other countries, international financial organizations, national institutions, ministries, and divisions.

As a piece of evidence, the hacker behind the breach has shared an email dataset of a Grade-17 official of the Finance Ministry. The dataset ranges from 2014 and 2021. It contains important official communication of the ministry.

ProPakistani verified the authenticity of the sample dataset. The contents of the dataset show that the receivers of the emails by the Grade-17 official include China, US, Saudi Arabia, and dozens of other countries.

The emails linked with China include the official communication related to China Pakistan Economic Corridor (CPEC) projects, JF-17 Thunder Block-III, repayment and restructuring of Chinese loans, and other joint ventures between both countries. It also contains details of US loans repayments and restructuring as well as Saudi loans and oil facility.

As for international institutions, the dataset shows communication with the World Bank, Moody’s, International Monetary Fund (IMF), Fitch Ratings, S&P Global, Asian Development Bank (ADB), Credit Suisse, and hundreds of other international financial institutions.

Moreover, the dataset also shows communication with national institutions, ministries, and divisions such as the Defense Ministry, the National Highway Authority (NHA), and dozens of other similar bodies.

Lastly, the dataset also shows all the details of the official meeting minutes of the Finance Ministry.

When contacted by ProPakistani, spokesperson for the Ministry of Finance, Muzammil Aslam, said that the hacker’s claim appears to be untrue and nothing of the sort has come to my notice.

Giving his take on the data leak, Rawalpindi-based strategic analyst Zaki Khalid, said:

This email dataset is one of many purportedly held by the cyber mercenary. He was visibly annoyed by the Pakistani Ministry of Finance’s rebuff of his previous successful intrusion and shared a sample to defend his personal integrity. Moreover, the hacker has indicated that further unspecified sensitive datasets could be leaked in the near future.

Zaki is of the view that the systems and networks across the Government of Pakistan require regular and comprehensive technical audits to identify and remove vulnerabilities. Training on Cyber Security and Social Engineering fundamentals should be mandatory for all rank and file of government officials, including gazetted officers of the highest rank.