On Saturday, police officials familiar with the incident disclosed that the Islamabad Safe City Authority’s online system was taken offline following a hacking attempt. According to officials, the attack occurred two days earlier, leading to the system shutdown, as reported by Dawn.
On Thursday, hackers infiltrated the primary server, gaining access to vital data and records, notably those linked to criminal databases. In response, servers overseeing the Complaint Management System, Criminal Management Record System, Human Resources Management System, and several other operational software and applications were promptly deactivated.
Despite the system’s firewall, designed to alert authorities of unauthorized access attempts, officials revealed a lack of backup or alternative servers to sustain the functionality of the software and applications. This deficiency necessitated their immediate shutdown.
Following the incident, the authority’s IT department disabled all logins to the software and applications, which are crucial gateways to various servers and operational software.
An officer emphasized that this breach was not a conventional hacking incident but resulted from the exposure of login credentials. These credentials were compromised due to officials using simplistic and easily deduced passwords. Additionally, the system’s software and applications were outdated, with expired licenses, increasing its vulnerability.
The impacted system encompasses a broad spectrum of services, including mobile applications, records of smart police vehicles, data from police stations, video analytics, operations of Islamabad Traffic Police, e-challan data, and criminal records.
Notably, the Safe City camera management system operates on distinct lines, ensuring its security. Being offline, it remains impervious to penetration without valid credentials.
When reached for comment, police spokesperson Taqi Jawad confirmed the hacking attempt and highlighted that the firewall promptly issued an alert, leading to the precautionary measure of shutting down all logins. He clarified that in the interest of security, all logins have remained disabled for the past forty-eight hours to facilitate updating credentials, impacting access for numerous police personnel.
