FBR Victim of a Cyberattack
The largest data center in Pakistan – controlled by the Federal Board of Revenue (FBR) – was compromised by hackers who managed to disrupt Microsoft’s Hyper-V software, consequently affecting websites operated by tax machinery as well as the country’s shipments.
The Hyper-V software is a native hypervisor that allows creation of virtual machines on 32-bit and 64- bit Windows Operating Systems. The attack directly affected the virtual environment.
“This time the data center’s virtual machines were attacked and the attackers managed to exploit the weakest link, which is the Hyper-V software by Microsoft Inc,” an official said in a statement to a local newspaper.
According to the official, Pakistan also contacted Microsoft to help recuperate following the unfortunate incident that took place on the country’s Independence Day.
The website informed the visitors of the attack saying “The FBR’s website is temporarily down for scheduled maintenance.” A press release was issued soon after notifying about the mitigation and optimization activities being done at the FBR House data center in Islamabad.
“There has been a national crisis like situation since 2.00 am Saturday morning and we may not be out of the woods by Sunday evening,” said the official.
The FBR team kept its clients in the loop saying that a technical team is involved in the migration of services which should result in more streamlined IT Operations and also that the migration is an essential part to mitigate the damage and guarantee better overall protection.
“The stakeholders, who are being provided services from the data center, are informed that there were unforeseen anomalies during the migration process which have resulted in the unavailability of services, since early hours of the last night. The FBR team is ensuring restoration of services as soon as possible to keep the downtime to a minimum. This activity is expected to be completed in the next 48 hours. FBR regrets and apologises for any inconvenience this may have caused and appreciates continued cooperation of the stakeholders,” said FBR in a statement.
Another official said that setting up of a new virtual environment was under way and might take up to two days. “We are trying to restore the websites by tomorrow afternoon and the essential data centre by tomorrow evening, as we do not want to cause more damage by shifting data in haste.”
It is still unknown who the culprits behind the cyber crime were and what motivations they held but local sources say that FBR did receive alerts of a potential threat but chose to ignore them while some report that the FBR became aware of the attack only after the hackers managed to break in.
The FBR holds critical information regarding transactions of hundreds of billions of rupees, both personal and business since different types of withholding taxes apply on these transactions.
Pakistan Revenue Automation Limited (PRAL), a company which is considered pivotal in FBR’s technological domain, is reportedly also compromised after failing to timely protect its data center in the wake of the attack. PRAL is a victim of bad organizational politics which has triggered the creation of several groups within the organization.
The increasing pressure on FBR saw the law enforcement agency hire a new chief information officer in hopes of better protection of data.
