“More than 100 cases (of cyber-attack) have been registered with the FIA and are under investigation. We have made several arrests in the case, including that of an international gang last month,” FIA’s director of cybercrime, Mohammad Shoaib, told Geo News.
His comments followed a report from Group-IB, a Moscow-based cyber security firm, which stated that a dump of data containing details of Pakistani debit cards was put up on the dark web for sale.
However, the State Bank of Pakistan (SBP) said that banks themselves were not hacked. It also advised banks to increase their scrutiny.
The issue began surfacing when Bank Islami detected a fraudulent transaction of Rs. 2.6 million ($20,000) on October 27. It then stopped its international transactions temporarily and informed the central bank.
A report released by Pakistan Computer Emergency Response Team (PakCERT) details out the timeline and scale of data leaks. It also supported the SBP’s claim and said that data was most likely leaked through card skimming.
According to the report, the first dump appeared on the site JokerStash with the name “PAKISTANWORLD-EU-MIX-01,” containing over 11,000 records. More than 8,000 records were related to at least nine Pakistani banks.
Later, on October 31, another dumped with additional 11,000 records from customers of 21 Pakistani banks appeared on the dark web. These cards were up for sale from anywhere between $100 to $160.
PakCERT says either some visitors to Pakistan performed the skimming or locals executed the plan with groups outside the country helping them. It urged banks to perform root cause analysis and plug security holes.
The agency is also launching its own investigation to understand more aspects of the data leak.