CYBER SECURITY ISSUUES AND ETHICAL

HACKING IN PAKISTAN

Arshee Ahmed
Dr. Sadiq Ali Khan

Telecom Engineer
National University of Computer and Emerging Sciences-

Associate Professor

FAST

Department of Computer Science

MS Student Bahria University

Karachi University

ahmed.arshee28@gmail.com

msakhan@uok.edu.pk

Abstract:

advantages of the internet but on the other side the world is at

The objective of this study to embark the light on the issues

regarding cyber security and the preventive measures to be
taken. This paper covers various types of cybercrime, along with

the dangerous zone due to the misuse of the technology. There

are unlimited number of crimes which have been committed
by the use of the internet. There are three broader categories in

deployment of cyber law on international level .Further role of

internet world. The crime in which internet is used as the tool

the social media and Pakistans contribution in the cyber world

of the criminal is called cybercrime. Cybercrimes violate the

have been discussed. This study also focuses on Pakistans role in

law and committed by means of a computer system. Other two

producing highly qualified ethical hackers. The scope of this

broader categories are cyber-attack and cyber warfare. The

study is survey based, the

objective of cyber-attack and cyber warfare is to undermine

results along with interpretations

have been discussed at the end of the paper.

the functions of computer network [1]. While ever growing

demand of the internet, cyber security has been the top issues
around the world [1].The intensity of the cyber crime varies

1. INTRODUCTION
After the advent of the internet, it has been the most efficient
mean of communication. No doubt there are uncountable

from hacking of a email account to the airplane crashes due to

false message to air traffic control system.[1].In cyber crime
criminals can easily hide their identity because there are no
physical limitations and boundaries.

profiles of the celebrities and attractive women[3].Men accept

the friend request from women even if they are complete
stranger [3].You can imagine how convenient it is to get

1.1Cybercrimes in Pakistan:

access to your victims information. There are cases like the

criminal sends messages to the users, claims to be old friend

The rate of cybercrime in Pakistan is less than the first world

of them. He asks for financial assistance claiming that he is in

countries.Because internet usage in not as much wide spread.

the foreign country and has been a victim of robbery[3] The

Majority of the population reside in rural areas where the

lack of awareness will cause SNS users to become the victim

people are not aware of the technology usage.

of fraudulent.

There was an ICT 7th exhibition CONNECT 2012 held in

The trend of online marriages has become so common

Expo Centre Karachi where President Pakistan Information

nowadays. People socialize themselves through these SNS.

Security Association (PISA) and former additional director

The criminals trap girls and play with them. Intelligence

general FIA Ammar Jaffery said The unwillingness of cyber

gathering can easily done with SNS[2].Locative social media

crime victims to pursue cases is the major hurdle in the way of

like Facebook, twitter have been the source to check potential

investigations and action against hackers and criminals in the

targets[2].SNS is also used for propaganda[3].Terrorist can

country. According to him around 200 cases were reported in

easily communicate with the wide audience[3].There was a

2011 including internet fraud, website hacking .The victims do

report generated in 2010.According to the report terrorist

not report against the crime because of the fear of police,

target young people through these SNS and online video

black mailing and personal secrets. There are lots of crimes

games[3].There was a case of Irhabi terrorist in 2005[3].He

which have been committed during the past five years .On

was used to hacking websites and was teaching online hacking

February 16, 2012 FIA arrested a software engineer of a local

skill to other Jihadis [3].In Mexico city, according to a report

institution. The boy was accused for hacking email and

generated in 2009, fraud led is the number one cybercrime. In

Facebook IDs. He was used to blackmail females via

USA Air force, there is enough personal information available

Facebook accounts.The cybercrime of wing of FIA arrested a

in SNS for cyber-attack [3].

man for sending threatening emails to the managing director

of the Karachi Water and Sewerage Board.On May 16,2012
CIA arrested four people and handle them to FIA .Two of

1.3 Types of cybercrimes:

them were carrying Italian passports and had committed

crimes like credit card fraud in Italy.There are uncountable

Pakistan is the bottleneck of following cybercrimes.

number of cybercrimes which take place in our day to day life. Financial Crimes

Cyber pornography
Email Spoofing
1.2 The Role of Social Network Sites:
The SNS plays the vital role in cyber crimes. The sites like
Facebook, twitter are at the top. In SNS one can easily create
false profile [3].The criminal usually create the dummy

Forgery
Cyber defamation
Cyber stalking
Unauthorized access to computer systems or networks:

 Theft of information contained in electronic form

Data diddling

1.4 Ethical Hacking:

Salami attacks
Denial of Service attack

When you design a network, you need to check whether your

Virus/worm attacks

system is capable of fighting all forms of cyber-attacks. In

ethical hacking we test our system by hiring ethical hacker. An

Logic bombs
Physically damaging a computer system

ethical hacker uses all the tools and techniques that hacker
does to exploit the security system. So, it is required for all of

Financial crimes include credit card fraud, money laundering.

the developed and developing countries to produce Certified

Email Spoofing is a mail that appears to be sent from a source

Ethical Hacker.The Professional Development Centre at

but actually some other source is the originator of the email

Riphah

.Forging is the counterfeit of various things like mark sheets

collaboration with EC-Council has launched a certified Ethical

with the help of computers, printers. Cyber defamation is used

Hacker program.

to defame a person by posting defamatory material on sites.

Cyber stalking means

following a person via internet keep

eye on his activities and constantly sending email.

Institute

of

Systems

Engineering

(RISE)

in

In Pakistan, Karachi Kalsoft Company has launched its ethical

hacker program in November 2008 from E council..New
Horizons has also launched its ethical hacking program.

There are crimes in which computer is target of the criminal or

criminal use computer as the tool of their target .Here are
some of the examples .Unauthorized access to computer

1.5 Pakistans contribution in Cyber World:

system network comes under hacking like hacking of

website .Data didding is to play with data. There are Salami
attacks which are used to crash a system. Like attackers send
requests more than the capacity of the system. This causes
system to get crash as it wont be capable of handling
excessive demands. There are other viruses and worms which
stick to the file and computers, causes them damage. Some
viruses are event

dependent. These viruses tend to be

active on particular day. There is a program called Trojan

which is the unauthorized program but looks like the
authorized one and conceals the information .Web jacking also
occurs in Pakistan in which the person takes control over the

In Karachi there are maximum number of internet users then

in Lahore and Islamabad. To compete with the cyber-attacks,
Transaction Ordinance 2002 was passed by the Pakistans
Government for facilitating and monitor all the forms of
communication in electronic media .With the legal frame work
we can now have legal backing of all the documents and day
to day transactions .This IT contribution is the land mark of
the 21st century. The Electronic Crime Act 2004 was prepared
with the collaboration of Ministry of Information Technology
with the electronic transaction order 2002.The act has defined
legislative terms for the following cybercrimes.

website and the site is not in the control of the owner.

Physically damaging

and theft the computer peripherals

is also a cyber-crime.

Criminal access
Criminal data access
Data damage
System damage

 Electronic fraud

Cyber Security is the most serious issue around the world. In

Electronic forgery

April 2007, Estonia suffered a major cyber-attack[4].After

Misuse of devices

which Estonia is contributing in securing cyber space

worldwide. According to Joak AAVIKSOO, Minister of

Misuse of encryption

education and Research Estonia, they have analyzed weak

Malicious code

point in their infrastructure.[4].As per their conclusions their

Cyber stalking

law

Spamming

border

cyberspace[4].And most

Spoofing

enforcements,

line

do

not

hold

of the infrastructure is not under

single body, 80% of web infrastructure is in

Unauthorized interception

in

private

hands[4].In 2008 Estonia has formulated a National Cyber

Cyber Terrorism

Security Strategy[4].The objective of National Cyber Security

National Response Centre is another step taken by the

Government of Pakistan to stop misusing the internet. Under
the General Pervaiz Musharaf government in July 2002, PTA
put orders for cyber caf owners to keep the record of their
customers. The report says, Gen Musharraf says his
government has invested more than 100 million euros in
communications and sharply reduced the cost of connections
and services since 1999.Pakistan has since launched a
program to boost digital technology and information
technology.On April 2, 2003 PTCL announced that internet
operators have been asked to block 400 websites in addition
with earlier 100 sites which contain unethical data. A senior
PTCL official, Zahir Khan, said on April 6, 2003, that access
to nearly 1,800 pornographic sites had been banned and the

Strategy is to ensure cyber security and help private sectors to

develop highly secured standards[4].In Malaysian primary
school, cyber bullying and hacking are the major occurring
crimes[5].There is an Adaptive Information Security Model
which was developed to lessen the gap between what we can
do and control with ICT[6].There are five critical systems
which

ensure

network[6].There

the
are

highly
41

secured

internet

and

crimes

prospered
have

been

analyzed[6].The analyses show that victims were missing in

these five security measures[6] .A penetration test on internet
service provider was conducted in Sweden[7].The purpose of
the test was to discover system vulnerabilities and security
flaws in their infrastructure[7].In Burma just before countrys
first national elections in twenty years, the internet was
shutdown[1]. Offenders usually use public places to commit

make it easier

crimes which hides their identity and where there is no

to do. PTCL also targeted anti- Islamic and

effective legislation..Internet has given birth to terrorist

blasphemous sites.

propaganda. Radicalization can be done using internet

PTCL was thinking of importing software to

[4].Terrorist can edit some video and make it according to

their cause [4].Misconfiguration of websites causes search

2. LITERATURE SURVEY:

With the ever growing technology, its advantages

and disadvantages are increasing too.Technology is
producing several negative impacts on society Internet
hacking is worth noting.

engines to penetrate into website and causes illegal access to

data [8].Search engines need to obey some rules, disallowing
some of the folders, files and images [8].

2.1 Tools used for the crime:

been provided, people have been asked to select multiple

Stuxnet was launched in 2009 and 2010.It was created by USA

and

Israel.Its

target

was

Irans

nuclear

enrichment

plant.Stuxnet spread via usb jacks.Stuxnet was built for not

only just spy the industrial system but also reprogram them.A
research conducted by Symantec showed that its main affected
countries were Iran, Indonesia and India.

answers. The six choices are Greed, Power, Publicity,

Revenge, Desire to access forbidden information and
Destructive mind set. To judge the awareness about the
implementation of cyber laws in Pakistan, peoples level of
knowledge about the deployment of laws have been asked.
Peoples knowledge about occurring of cybercrimes have been
asked to check whether the people have access to such
magazines,

newspaper

and

news. The

next

question

determines what the citizens think regarding the occurring of

Country
Infected computers
Iran
58.85%
Indonesia
18.22%
India
8.31%
Azerbaijan 2.57%
United States 1.56%
Pakistan
1.28%
Others
9.2%

various forms crimes .Several crimes like Financial crimes,

Cyber Pornography, Email related crime, Hacking, Web
Jacking, Sales of illegal articles are listed. The next item
determines whether the targeted persons have been a victim of
the any form of the crime. My other question checks what the
people think about the role of the Ethical Hacker in securing
a system. Upto what percentage a company is secured against

There is another term developed for cyber-attacks, Botnets.

The term Bot originated from robot. Attackers distribute this
software via spam mail.This turns your computer into a bot
.The bot is also called a Zombie.Criminals use botnet to infect
a huge number of computers.

3. METHODOLOGY:
In this research paper I have conducted a survey on the
security issues and ethical hacking..Questions were distributed
in such a way that it covered all of the relevant material. In
first question people knowledge about the cyber-crime was
judged. The purpose of the first question was to determine
how much of the people are aware of this term. The second
question was designed to determine the internet usage among
the people. In my next question I asked whether people
consider cybercrime a threat or not. Because I have studied the
cases in which victim especially females have been black
mailing via social media sites In fourth question the reason
behind committing crime have been asked. Six options have

an attack or crime. According to my research a huge number

crimes are due to the social networking sites. People
consideration regarding the ban of

these SNS have been

judged. I have also determined where the companies stand in

these

five

security

measures

.These

are

Deterrence,

Prevention, Detection, Response and Recovery.

3.1 Results and Discussions:

I have targeted people who are teenagers, are in the age of 20s,
30s and 40s.According to the survey 93% of the people is
aware about cybercrime. While 7% of the people are not
familiar with the term cybercrime. Age does not matter in this
scenario; all depends on your exposure and nature the of job.
Criminals use internet more than the average man because
they use internet to plan their targets, their ways of attack
.Greater the internet usage, greater the chance of people being
turning into criminals. In Pakistan 52% of people use internet
frequently,34% of the people have internet usage more
frequently while only 13% of the people use internet once a
while. basis. Fiqure1 shows graph of the responses.

The result shows that people are familiar with the number of
ways in which a person can used different forms of the crimes
How often you use the internet in your daily routine?

for threatening somebody.

There is some reason behind the scene which turns a noble
man to a criminal. Usually a person commit a cybercrime due
to greed, power, publicity, revenge, desire to access
forbidden information and destructive mindset. The point of
view of the people is as under.

Fig 3.1.1

According to your point of view what is the reason behind

Table 4.1.1 shows the percentage usage of the internet.
Frequently
More Frequently
Once in a while

committing the crime?

54%
34%
13%

PERCENTAGE USAGE OF INTERNET

Table 3.1.1

When it comes to whether the people in Pakistan thinks

Fig 3.1.3

cybercrime is a threat or not.92%of the people consider

cybercrime a threat while 8% people consider cybercrime is
not a threat.

Do you consider cybercrime a threat?

Fig 3.1.2

Greed
Power
Publicity
Revenge
Desire to access forbidden

11%
13%
10%
11%

information
Destructive mindset

31%
23%

shows majority of the citizen in Pakistan are not fully

Result of the views regarding mindset of crime

acknowledged with the cyber laws. About the occurring

various forms of the crime, cyber pornography is the ,most
occurring crime in Pakistan. While Sales of illegal articles(sale

Table 3.1.2

of narcotics, weapons and wildlife is the least occurring

crime.Occurrence of various crimes have been summarized in
The result of the question whether Cyber laws in Pakistan are

table 3.1.4 to table 3.1.9.

being implemented or not, conflicts with my researched

material. Figure 3.1.4 and table 3.1.3 summarizes the result.

Financial Crimes

Do you think in Pakistan there is no particular

Occur Frequently
Occur more frequently

53%

implementation of cyber laws?

24%
21%
2%

Occur infrequently
Has not occurred

Occurrence of Financial Crimes

Table 3.1.4

Cyber pornography
Fig 3.1.4
Occur Frequently
Occur more frequently
Agree
Strongly agree
Disagree
Strongly disagree

47%
34%
19%
0%

49%

Occur infrequently

41%
7%

Has not occurred

4%

Occurrence of Cyber Pornography

Views of the people regarding implementation of Laws

Table 3.1.5

Table 3.1.3

According to the researched material, Cyber laws in Pakistan

have been implemented [see introduction section].But result

Email Related Crimes

Occur Frequently
Occur more frequently

35%

Has not occurred

38%
22%
5%

Occur infrequently
Has not occurred

23%

Occurrence of sales of Ilegal Articles

Table 3.1.9

Occurrence of Email Related Crimes

Table 3.1.6

In my survey, I found majority of the victims of email related

crime. And one person have been a victim of web jacking.
Regarding ethical hacking my findings are 59% of the citizens
think that company gets highly secured approximately 70-80%

Hacking

against all types of attacks after hiring an ethical hacker New

Occur Frequently
Occur infrequently
Has not occurred

40%
19%
1%

methods to combat cyber-attack are being developing and the

criminals are equipping themselves with the new ways of
cyber-attacks. Table 3.1.10 summarizes the result.

Occurrence of Hacking
If an ethical hacker is employed by a company, the

Table 3.1.7

company gets secured against the crime to what extent

Web Jacking
Occur Frequently
Occur infrequently
Has not occurred

34%
36%
9%

Occurrence of Web Jacking

90-100%
70-80%
50-60%

12%
60%
28%

Table 3.1.10

Table 3.1.8

50% of the citizens in Pakistan think that social networking

Sales of illegal Articles
Occur Frequently
Occur more frequently
Occur infrequently

sites should be banned in Pakistan. While 50% of the citizens

26%
20%
31%

are against such bans. Result is as under.

Researches have shown majority of the cyber attackers use

day to day routine. Only those people who have been the

social network sites as the source of the victims private

victim

information. Do you agree these sites should be banned in

measures.Obviously someone belongs to the IT world, he or

Pakistan?

she familiar with the tool to combat cyber-attack. Regarding

of

Pakistans

the

crime

have

taken

some

preventive

role in to combat cyber-attack. Regarding

Pakistans role in securing cyber space is worth noting. FIA

and its regulatory bodies have been performing well in
maintaining legislative law. According to my point of view,
some of the features in social networking sites should be
banned in Pakistan. I am 100% sure that if we ban SNS, 90%
of the cyber security issues will be resolved.Further I
Fig 3.1.5

recommend parents of the teenagers to keep check on your

children.Because this is the age of developing the habit of

50% people go with yes while 50% go with no.

Regarding the five security measures, responses show that
majority of the companies are fully acknowledged about the
importance of security measures and the companies have
deployed such measures in their systems.
4. CONCLUSION
I conclude my research by mentioning that in Pakistan people
are less attentive on cyber security. People are busy in their

misuse of technology.

References

[7] Petter Svenhard & Amir Radaslic A Penetration Test of an Internet

Service Provider ; Copyright Petter Svenhard, Amir Radaslic, 2012. All
rights reserved Bachelor Thesis

[1] Oona A. Hathaway, Rebecca Crootof, Philip Levitz, Haley Nix,Aileen

Nowlan, William Perdue, Julia Spiegel; The Law of Cyber Attack ;

Report, IDE1256 School of Information Science, Computer and Electrical

Forthcoming in the California Law Review, 2012

Engineering Halmstad University

[2] Mindy Chidester ;The Exploitation of Social Media by Clandestine

[8] Rizik M.H Al-Sayyed atel ; Search Engines in Website Security Leak ;

Groups, How Law Enforcement & Intelligent Can Better Utilize Social

World Applied Sciences Journal 20 (5): 753-759, 2012 ISSN 1818-4952

Media, and Legal Concerns to Ensure its Appropriate Use by Government

IDOSI Publications, 2012 DOI: 10.5829/idosi.wasj.2012.20.05.261212

Entities ; A Thesis Presented to the Faculty of San Diego State University In

Partial Fulfillment of the Requirements for the Degree Master of Science in
Homeland Security by Mindy Chidester Summer 2012

[9] Mrs.Yogini A. Kulkarni Mr. Rajendra.G. Kaduskar

[3] Julian Charvat;Radicalization on the Internet;Defence Against Terrorism
Review Vol.3, No2,F all 2010,pp. 75-85 Copyright COE-DAT ISSN:13079190

Department Of Computer Engg., Department Of E &TC Engg.

PVGs COET, PVGs COET, Pune, India Pune, India,; Security against
Malicious Code in Web Based Applications; 978-0-7695-4246-1/10 2010
IEEE DOI 10.1109/ICETET.2010.53

[4] Jaak AAVIKSOO, Minister of Education and Research,Estonia;

Cyberattacks Against Estonia Raised Awareness of Cyberthreats; Defence
Against Terrorism Review Vol.3,No. 2 F all 2010,pp. 13-22 Copyright
COE-DAT ISSN:1307-9190

[10] Eric Ke Wang,Yunming Ye, Xiaofei Xu

Department of Computer Science Harbin Institute of Technology Shenzhen

[5] Maslin Masrom, Nik Hasnaa Nik Mahmood, Othman Zainon, Hooi Lai
Wan, Nadia Jamal ;Information and Communication Technology Issues: A
Case of Malaysian Primary School ; VOL. 2, NO. 5, June 2012 ISSN 22257217 ARPN Journal of Science and Technology 2011-2012. All rights
reserved.

Graduate School, Shenzhen, China, S.M.Yiu, L.C.K.Hui, K.P.Chow

Department of Computer Science
The University of Hong Kong Pokfulam, Hong Kong; Security Issues and
Challenges for Cyber Physical System; 2010 IEEE/ACM International
Conference on Green Computing and Communications & 2010 IEEE/ACM
International Conference
on Cyber, Physical and Social Computing

[6] Jeffy Mwakalinga and Stewart Kowalski; ICT Crime Cases Autopsy:
Using the Adaptive Information Security Systems Model to Improve ICT
Security ; IJCSNS International Journal of Computer 114 Science and
Network Security, VOL.11 No.3, March 2011

10

978-0-7695-4331-4/10 2010 IEEE DOI 10.1109/GreenComCPSCom.2010.36 733