> Pakistan's spy agencies can monitor at least 4 million mobile phones at a time through its Lawful Intercept Management System (LIMS), while a firewall known as WMS 2.0 that inspects internet traffic can block 2 million active sessions at a time, Amnesty said.
> The two monitoring systems function in tandem: one lets intelligence agencies tap calls and texts while the other slows or blocks websites and social media across the country, it said.
> In court, Pakistan's defence ministries and intelligence agencies denied running or even having the capacity for phone tapping. But under questioning, the telecom regulator acknowledged it had already ordered phone companies to install LIMS for use by "designated agencies."
> Amnesty said the firewall uses equipment from U.S.-based Niagara Networks, software from Thales DIS, a unit of France's Thales, and servers from a Chinese state IT firm. An earlier version relied on Canada’s Sandvine.
> Niagara told Reuters it follows U.S. export rules, does not know end users or how its products are used, and only sells tapping and aggregation gear.
> Amnesty said the phone tapping system was made by Germany’s Utimaco and deployed through monitoring centres run by UAE-based Datafusion.
> Datafusion told Amnesty that its centres are only sold to law enforcement and that it does not make LIMS, while AppLogic Networks, the successor to Sandvine, said it has grievance mechanisms to prevent misuse.
> Media reports say that data of all SIM holders, including Interior Minister Naqvi, was sold at Google.
> They further said that information regarding mobile location was being sold for Rs500 (USD 1.78), mobile data record for Rs2,000 (USD 7.10) and details of foreign trips for Rs5,000 (USD 17.76).
> A couple of months ago, the National Cyber Emergency Response Team of Pakistan (PKCERT) issued an advisory warning that the login credentials and passwords of more than 180 million internet users in Pakistan have been stolen in a global data breach, urging people to take immediate protective measures. Media reports said PKCERT had identified the global breach involving a publicly accessible, unencrypted file containing more than 184 million unique account credentials.
> “The breach exposed user names, passwords, emails and associated URLs tied to major social media services, as well as government portals, banking institutions, and healthcare platforms worldwide,” the reports said quoting the PKCERT’s advisory.
> In March 2024, a Joint Investigation Team (JIT) formed to probe a data leak from the National Database and Registration Authority (Nadra), told the interior ministry that the credentials of as many as 2.7 million people had been compromised between 2019 and 2023.
ryzvonusef•5h ago
ryzvonusef•5h ago
https://www.dawn.com/news/1940395/interior-minister-forms-bo...