Hacking fears shut down FBR websites for 24 hours


The Federal Board of Revenue (FBR) shut down its websites on the eve of Pakistan’s 75th Independence Day for more than 24 hours, fearing Indian hackers may attempt another hack.

The three tax machinery web portals remained unavailable on Saturday evening and Sunday, which disrupted the process of paying and filing tax returns, according to FBR officials and citizens who tried to open these websites.

Iris.fbr.gov.pk – the portal used to file returns – as well as e.fbr.gov.pk and fbr.gov.pk – its main links to taxpayers and the rest of the world – had been closed the day before of Pakistan’s 75th Independence Day, according to officials.

Websites should be up and running by Monday (today) morning before the start of official working hours.

“This is a routine maintenance effort,” FBR spokesperson Asad Tahir Jappa responded, confirming that the websites were down. He did not say when the FBR planned to make these web portals functional.

Interestingly, nearly 10 days ago, the FBR shut down its web portal for routine maintenance and duly informed the public through a notification.

“Building on its continued digitization efforts, the FBR is ready to upgrade its key IRIS system to improve its operation, strengthen its security and add a new graphical user interface,” according to a statement released. in August. 5.

“It is to inform that during this upgrade process, the services of IRIS System will be temporarily unavailable from 10:00 p.m. on August 6 to 10:00 a.m. on August 7, 2022. Therefore, the inconvenience caused is regretted,” according to the statement.

This time, the FBR did not inform the public about the lack of availability of its services.

On August 15, 2021, The Express Tribune exclusively reported that Indian hackers attacked the FBR data center and brought down all official websites operated by tax machinery for over 72 hours.

The FBR had unofficially given two versions of the hack. According to one version, hackers intruded into the system by hacking the logins and passwords of data center administrators. The initial assessment from the technical wing of the FBR was that the hackers broke into the system through the Hyper-V link.

In order to hide its incompetence, the FBR called the hack “unforeseen anomalies during the migration process”.

Last year, Pakistan’s top spy agency warned the FBR of the strong possibility of a cyberattack, but these warnings were ignored, resulting in around half being taken over or shut down. FBR data center virtual machines.

Then Finance Minister Shaukat Tarin confirmed in September last year that Indian hackers attacked the FBR website and that a similar type of Indian attack also took place in 2019.

Tarin said the first level of the FBR website was hacked, but the hackers were unable to access the database. If the hackers had reached the FBR’s data, it could have been hacked.

Although the previous government fired the then FBR president on the grounds that he failed to protect the websites, the data center security officials were never punished. On the contrary, some of them were either promoted or rewarded afterwards.

The FBR and Pakistan Revenue Automation Limited (PRAL) – the backbone of the FBR database – held each other responsible for last year’s attack.

The government also hired an information and security officer to protect the FBR data centers and yet it decided to shut down the websites. This suggests that the FBR still does not see its systems fully protected against cyber attacks, which shows its weakness which can be exploited during any important national event.