The federal government has sent a cybersecurity advisory to ministries and provincial governments to prevent data leaks through the dark web, it emerged on Friday.
The dark web, or darknet, is a part of the internet that lies beyond the reach of search engines. Users are largely anonymous and untraceable and mainly pay with cryptocurrencies like bitcoin.
The advisory, titled ’Leakage of Sensitive Data on Dark Web (Advisory No 53), noted that the anonymity offered by the dark web makes it a “gateway to the world of crime” and constitutes 96 per cent of total data available on the internet.
“Dark/deep web is being used by nefarious mindsets, including criminals, terrorists, Hostile Intelligence Agencies (HIAs) and non-state actors,” it stated.
The advisory lists some of the crimes carried out on the dark web, including:
- Website defamation
- Data dumps
- Accessing personal information of citizens and key appointments via leaked databases
- Financial scams via leaked banking details
- Honey pots to trap civilians and government officials
- Terror financing and money laundering
- Disseminating propaganda
- Recruiting terrorists
- Cross-border collaboration and terrorist support
- Drug, human and weapons trafficking
- Bounty hunting and ransom attacks
“Users are advised to put in efforts to protect personal and official data from being exposed to cybercriminals and further leakage on hacking forums/dark web,” the advisory stated.
It provided a list of guidelines to ensure data safety. These are:
- Stay away from exploring dark web sources
- Remain vigilant while surfing the web
- Never forward, or click a link or pictures shared on email or WhatsApp by unknown sources
- Apply two-factor authentication on all email, social media and banking accounts.
- Never share One-Time Password (OTP) with anyone
- Do not install untrusted software or applications (without digital signature) from third-party sources on Windows and Android/i0S phone
- Do not install unnecessary plugins on browsers except Adblock and Adblock plus
- Always install and regularly update reputed antimalware/anti-virus solution on both Windows/Android phones
- All under command be sensitised not to share personal information, passwords or sensitive information on phone calls
- Phishing calls from unknown numbers must not be trusted and reported to PTA if found suspicious
- To counter social engineering/scam phone calls, always ask relevant questions from the caller and carefully judge him/her to ensure authenticity
The advisory comes months after several audio recordings of conversations between top political leaders, including former premier Imran Khan and incumbent PM Shehbaz Sharif, were leaked online.
Reports at the time stated that a hacker or a collective — that has been involved in previous cyberattacks on behalf of neighbouring India — listed for sale on the dark web a data dump containing conversations from the Pakistani PM Office.
Users claimed that the clips leaked online were shared by the alleged hacker(s) as proof that they were indeed in the possession of sensitive data and set a minimum bid of around 18 BTC, or Etherscan tokens, worth around $345,000.
Some users also suggested that the purported hacker(s) — who originally posted sometime in August 2022 — claimed to have more records, including conversations of both the current and former prime ministers. However, Dawn was unable to independently verify these claims.