ISLAMABAD: The Federal Investigation Agency (FIA) has asked banks to upgrade their cyber security wings as per international standards to protect their system from further attacks by the hackers who recently stole huge sums from accounts.

In a series of meetings, which continued for two days in Karachi, it was decided that banks, including the State Bank of Pakistan (SBP), would maintain a regular coordination and exchange information with the FIA.

Headed by FIA’s cybercrime wing director retired Capt Mohammad Shoaib, the investigation agency team held several meetings with IT officials of different banks, including BankIslami, before heading back to Islamabad.

Law ministry sets up body comprising intelligence officials to formulate recommendations

The meetings were conducted in the wake of recent attacks on bank accounts by the hackers, resulting in illegal transfer of money to different countries.

However, the banking sector claimed that there was no threat to the account holders’ money as the banks would reimburse their money in such case after due inquiry.

According to the FIA team, the recent wave of cyber attacks showed vulnerability of the system and, therefore, the banks were asked to upgrade their IT security as per international standards.

The banks claimed that they were fulfilling the cyber security criteria.

SBP officials informed the FIA at a meeting that broad guidelines had already been issued to all banks. The guidelines allowed banks to upgrade their IT system, the officials said. They said: “It is pertinent to mention that the ultimate responsibility for IT security rests with the board of directors and the senior management of the banks/DFIs. They must ensure that the IT systems in their respective institutions have built-in security capabilities to survive real-world threats. In case banks/DFIs do not have in-house expertise, they may like to engage outside IT consultants to prepare/assist them in IT security planning. Furthermore, the Pakistan Banks Association will also organise training programmes on the subject to enable banks to build up their in-house capacity in this area.”

Talking to Dawn, a senior official of the FIA said that banks should have a “cyber emergency response team” to act independently to counter such attacks, as other teams had to get official permission to react to any reported cyber attack.

“It is clear that there cannot be any such move without connivance of bank employee of any person affiliated with call centre,” said the FIA official, adding that banks needed to invest more in their IT sector and ATM cards had to be encrypted, while any such illegal activity by their staff should be reported to the FIA at the earliest so that the network could be busted.

Apart from the meetings held at the SBP office, the FIA team also held an exclusive meeting in BankIslami to further the probe over the complaint lodged by the bank to the FIA office in Karachi.

The bank acknowledged that a significant amount had been transferred from BankIslami by the hackers based in 45 countries. The FIA demanded the bank share data with the agency so that it could be forwarded to their partner agencies in the countries where the crime had originated.

Subcommittee formed

Meanwhile, the law ministry on Wednesday constituted a subcommittee comprising officials of the Inter-Services Intelligence, Military Intelligence, Intelligence Bureau, FIA and Pakistan Telecommunication Authority to urgently formulate recommendations to deal with all types of electronic crimes and suggest amendments to relevant laws.

The decision was taken at a meeting of the inter-ministerial committee on the Prevention of Electronic Crimes Act, 2016, which was held at the Ministry of Law and Justice.

Minister for Information Technology and Telecommunication Khalid Maqbool Siddiqui, Minister of State for Interior Shehryar Afridi and Parlia­mentary Secretary for Law Maleeka Bokhari also attended the meeting.

They discussed the need for establishing a forensic agency in collaboration with security agencies. Law Minister Dr Farogh Naseem said there was no legal hitch to establish multiple ‘investigating agencies to look into prevention of cybercrimes’.

Published in Dawn, November 15th, 2018