After a series of denials and refutations, K Electric, the largest power supplier of Pakistan’s southern business capital, finally admitted to a cyber-attack last September. Since then, officials of KE have been talking about consultations with international security experts and local authorities to handle the situation finally admitted to a cyber-attack last September. Since then, officials of KE have been talking about consultations with international security experts and local authorities to handle the situation.After a series of denials and refutations, K Electric, the largest power supplier of Pakistan’s southern business capital,The attack disabled various customer focused facilities including one to lodge complaints related to power outages and technical faults. When customers complained that they were unable to avail KE’s 118 helpline, 8119 SMS service and KE Live App, the company had to make an admission.
The news of this attack spread after an information security and technology publication, BleepingComputer, informed its readers that KE,owned largely by Abu Dhabi based Al Abraj Group, was hit by Netwalker ransomware. Initially the hackers demanded $3.8m—to be paid in bitcoin cryptocurrency—to undo the damage they had done. They also threatened to escalate the ransom money to $7.7m if their demands were not met within a week.
The Netwalker group has been very active in launching digital attacks. Reportedly, they sped up their activities by hiring aspiring hackers and focused their attention on enterprises as their targets. The attacks rose at a phenomenal rate. Within five months of their operation they grossed a whopping $25m in ransom payments and on the way they hacked hospitals, schools, businesses and even governments all over the world. The same group hit Argentinian government and Equinix, demanding $4m.
Hackers are ruthless in the way they operate. If businesses and companies do not pay heed to their ransom demands, they usually divulge the information on the dark web which is the hub of all illicit activities.
This revelation can fetch a sizable amount to the hackers and can mean a lot of hassle to consumers and damaged reputation to the company.
K Electric maintains records of consumers in considerable detail. Names, addresses, ID card numbers, NTN information besides financial data are stored with the company. The presence of NIC data can provide access to names, place of birth, address and mothers’ maiden name which can expose the consumers to identity theft. K Electric has data of over 2.5m customers and over 10,000 employees.
Technology experts insist that the country and its judicial system is helpless because of an absence of legislation and redress. Although legal experts speak of Pakistan Data Protection Bill, but it does not provide any protection to the victims.
When news of KE’s breach broke out in September of 2020 and the date of ransom payment expired,more than 8.5GB of stolen data was discovered on the dark web. At first KE denied that any such incident had taken place. But the fact was totallydifferent. As an immediate measure to wriggle out of the crisis, KE tried to reroute the customers through a staging site which is no more than a clone of the live portal. These sites are usually built to test changes and new features of the actual site. However, the staging sites operate behind the scene and are usually hidden from search engines. The idea to take customers to the clone site was fraught with difficulties. Not long after resorting to the makeshift remedy, the power supplier had to look for alternative and permanent solutions.
Perhaps KE was content in the belief that it had backed up the data which would allow the power supplier to restore the sites and services to old position. But experts agreed that a bruised reputation is not as easy to restore.
KE’s sensitive data is not just restricted to information about individual and corporate consumers. KE’s website also maintains and archives data pertaining to the company’s organizational communications including those with the banks. Add to it data related to email services and the hacking incident can be seen as a sinister plot to cripple the services of the power supplier.The criminal aspect of the breach aside, the KE also must share the blame for being unprepared to handle the crisis. In fact the power supplier appeared powerless and clueless. The troubling fact is that the Netwalker breach wasn’t the first incident. An earlier cyber-attack should have prompted the organization to equip itself with considerable level of preparedness.
After the incident, KE acquired the services of security experts to reclaim the website and restore all the services offered by the portal and availed by no less than 2.4m consumers. To make further amends and to save face as well, the power supplier knocked the door of Federal Investigation Agency (FIA) regarding the hacking incident.
A press release by the power supplier made its appearance soon after the dust settled. “Customer data had remained intact and secure and KE initiated the restoration of those services that had been isolated, while adhering to cyber security guidelines,” and that “the power utility would like to clarify that it is not negotiating with any entity in this regard”.
The statement read, “K-Electric, the sole electricity provider to the city of Karachi and its adjoining areas was the target of a ransomware incident in the first week of September. The power utility would like to state that all critical customer support functions and services such as bill payment solutions and the 118 call center remained operational. However, a few non-critical services were immediately isolated as a precautionary measure to ensure the integrity of information systems and servers.” “KE’s internal IT teams responded quickly to the incident and initiated consultations with international IT security experts and also collaborated with local authorities in line with prevalent cybersecurity protocols. Following internal forensic investigations, the company confirmed that customer data had remained intact and secure and initiated the restoration of those services that had been isolated, while adhering to cybersecurity guidelines.
The press release added that “the power utility has also initiated a series of critical updates and activities on its IT Infrastructure, applications and users’ systems. These activities include security software updates, antimalware/antivirus updates, data protection and further strengthening of network security. Additional initiatives have also been planned and are being implemented to minimize the exposure of threats/vulnerabilities/attacks in the future.”
The KE incident provides a historical perspective on how a breach can get deep inside a system and threaten smooth operations. This incident is a textbook case of lessons that must be learned.
And remembered.