Daily Times

A security alert was issued on Friday after a cyber-attack on the Election Commission of Pakistan (ECP), a private TV channel reported. The electoral watchdog has urged all employees to take the necessary precautions in the wake of the situation. All ECP staff were ordered not to open emails which could possibly lead to precious data being leaked. The letter dated July 6, titled “Cyber Security Alert” and written by ECP Information Security Specialist Naveed Ahmed Kandhir — shared a screengrab of an email sent to an ECP official that asked the recipient to open an attached RAR file titled “Cabinet”. Referring to the said email, the ECP said that “someone is […] sending the email to all” the ECP officials.

The electoral body said it was a “ransomware attack and trying to steal the information”, and asked its employees to not open the said email, ignore it and report it as spam.

The alleged phishing email — sent to an ECP employee — informed the recipient about a letter, dated July 5, that was attached to the email. It alerted the recipient that “details for the above are not submitted” and asked them to provide the details by July 11.

The email also shared an alphanumeric five-digit passcode without specifying what it was for.

A Google search of a telephone number attributed to the sender did not show any results relevant to the election commission. In January this year, Power Minister Khurram Dastgir had said a “cyberattack on the national grid cannot be ruled out” when detailing the inquiry progress on a countrywide power outage earlier that month.

Notably, last month, Pakistan’s national security had once again been compromised due to negligence at the National Institutional Facilitation Technologies (NIFT). Cyber attackers managed to breach the security of the cheque clearing institution, gaining unauthorised access to data and forcing the banking system to resort to a manual system despite the prevalence of digital technology.

Even after seven days since the cyberattack occurred last week, NIFT is still in the process of fully restoring its normal operations. Cheques are being cleared manually nationwide, and digital payment services remain halted. Last Friday (June 16), the attack forced the national institution to shut down both its data centres in Islamabad and Karachi. NIFT issued a statement claiming that there was no “significant compromise” of its data or systems. However, the statement suggests that some level of security breach did occur, although it was considered insignificant.