• August 21, 2007
• Freedom of Expression, News Archives
• Web Desk

“Ismail, I will send you the money that you need, just give me address of the hotel you are staying in” said a friend with a worried voice on the phone.

‘Well, I liked the idea, and I am right at home so send it over quickly? I responded jokingly. ‘You are at home? But you just wrote to me from Nigeria saying that you were there for a conference and have lost all your belongings, and are stranded there needing 3000 dollars to get out…’

Before he could say anything more, I hung up promising to get back to him later. I jumped up to grab my cell phone and started trying to open my email account but it was not accepting the password. I tried a numerous times, yet failed to access my email. With a sinking feeling I rushed to turn on the laptop and get the dial up connection going, again same result, it kept repeating ‘Username and password do not match.’ that was the moment I realised that something nasty has happened. My email account is hacked, in fact ‘phished’, the account which has been my mailing identify for so many years, which had years of my hard work, social and professional contacts was gone into somebody else’s hands.

What really started pinching me in the stomach was the thought that the hacker is now abusing the contact list in the email by sending out SOS messages to friends, acquaintances and colleagues across the world; begging them to send in money. Phones kept ringing the whole week (August 14 to-date), friends called to check my whereabouts, some of them found it funny, others were annoyed; few of them were actually concerned. I did whatever I could do to alert potential targets of the hacker, requesting people to ignore hoax mails from my former email, but not everyone in my contact list had my numbers; neither had I everyone’s contacts with me anymore. One could only hope that those people who had my latest contacts would confirm matters before rushing to send their hard earned money to my Nigerian tormentors.

Since we’ve gotten so used to storing most important information on undependable technology, I felt a deep sense of social loss. I thought of the experts I had met during years of association with the IUCN. Wonderful people I had met, who would be so hard to get through to now. One after another, I kept remembering everyone. Policy experts I had met while working for a legislative strengthening project, politicians, peace activists and academics who I had met at various places – some of whom I was sure I would never meet again. And last but not the least; it had emails of worthy readers of this column who have been so kind in taking out time to give their comments and feedback.

It’s sad how such acts of phishing have become increasingly common. Every day hundreds of email users in the country face similar ordeal inflicted by cyber criminals outsmarting the technology and obviously the not so sophisticated users. Lately media reported that even people like General Jahangir Karamat has their accounts hacked and abused in this manner.

It is important for the public, and also policymakers, to know why such information thefts and frauds take place, and how can one avoid such disasters. I will definitely share with you what happened in my case. But first, let me conclude this story.

After alerting friends, I sent out a message to gmail informing them about my inability to access the email and requesting them to block or disable the email being abused, but so far I have got no response from the gmail people.

This is the downside of going for free email services, and relying on foreign-based servers to host websites. From an information security stand point, it is perhaps much better to go for a local IP products and services, even when it comes with a price.

I also rushed to report the incident to the National Response Centre for Cyber Crimes of the Federal Investigation Agency (FIA). They were courteous but said that they could help only if the hackers were Pakistan-based. However, if the ‘phishing’ happened from overseas, as had happened in my case, all they could do was to refer the case to Interpol. I also approached Interpol officials who have promised to take action as soon as possible.

Pakistan is extremely vulnerable in terms of information security; lack of awareness, legal safeguards and enforcement mandates puts Pakistan’s growing internet community at massive risks. Being a country still grappling with issues of conventional criminal justice system, establishment of effective legal and enforcement capacity, fighting cyber crime may not be a priority area. However, since we have now entered in an age where no business, media and or governance system can function properly without ensuring information security, let us hope that the country would not postpone action on cyber crimes indefinitely.

The writer is based in Islamabad; he has a background in media, public policy and development. Email: gilgit. [email protected]
Source: The News
Date:8/21/2007