Here’s How We Got Hacked: Thanks to Warid Telecom

April 17, 2013

303043_10150764865985134_6185086_nIn the last two weeks, dozens of high-profile Pakistan-targeted Facebook pages have been hacked, courtesy of Warid Telecom. We have not only lost a dozen pages in general, but also some business pages including KoolMuzone’s Facebook page with nearly 60,000 likes. Not only are we facing financial losses, our brand is being destroyed over the Facebook. For all those who’re wondering how could Warid be responsible for this? Well, here’s how.

Ever-since people have started making their living over the internet in this part of the world, a lot of things have went wrong primarily because of the lawlessness in the country and especially in the cyber-space. Unfortunately, for the people who work hard in the cyber-space to make an honest-dollar are now being swept away by the group of young skiddies who are not only causing damages to the online industry of Pakistan in general but are also making fun of the lawlessness, this country, the government, FIA and especially NR3C.

The reason why these skiddies have continued to do this for the past 3 years, and are likely to get on with this is the encouragement. The encouragement from the law enforcement agencies. The reason why they have this kind of encouragement is because NR3C has failed to play it’s role. By only having a catchy flash animation in the header doesn’t scare these skiddies away. They are being encouraged because they know the victims of their crimes can not challenge them in the court of law because court of law asks for evidence which sometimes can only be produced by the law enforcement agencies because of the limitations of an individual. Imagine how lucky do these criminals feel when they commit the crimes knowing they are not going to get caught for this. Pakistan has become paradise for the criminals of cyber-space to commit frauds and not get punished for this.

There are more than one groups active at the moment in Pakistan who make their living by hacking Facebook Pages and using them for traffic on day to day basis. Among the two large scale scammers, one group is headed from Sargodha, while the other one is headed from Islamabad. I’m personally the fan of the 24-years old scammer from Islamabad because his ways are quite impressive.

They have used more than one ways to commit their day to day crimes and have to continuously evolve to be able to continue doing this. The need of evolution is because Facebook does a better job on trying to stop them than the law enforcement agencies in Pakistan.

What’s the recent scam, you may ask? The recent scam is the SIM hijacking. A lot of people who are technologically aware have already moved to the 2-step authentication. For those of you who do not know about this, 2-step authentication simply requires a two step process to log in to your online accounts. When the user puts in his password to login, the service then sends the user a text message with a code. The user then needs to input the code received in the text message to login into the service. This is a fool-proof authentication in most parts of the world because only the rightful user has access to his phone. However, in Pakistan, the 2-step authentication is what makes you vulnerable at first place.

In the recent weeks, Warid has issued multiple duplicate SIMs against many numbers, unauthorized, and illegally letting these skiddies not only use your private number, but also allowing the unauthorized user to get access of your Facebook accounts, Google accounts and even bank accounts. While this has continued to happen for many weeks, Warid hasn’t taken responsibility yet, has not made available any information about why and how the SIMs were issued, who issued them and to whom were they issued. Warid’s word on the situation is “we’re still investigating” while the people have suffered millions in losses.

We have already filed complaint against Warid with the PTA and would request anyone with 2-step-authentication to immediately move from Warid to other networks. We would further advise you to use a separate number for the 2-step-auth or not use number at all because even that is safer in Pakistan considering the passwords can be reset using the phone number alone giving hacker the access to your account with just phone number bypassing the password. We will also be raising the issue against Warid on legal grounds in the coming weeks.

If you’re wondering how much money do these groups raise? Safe to say between $10,000 to $100,000¬† per month depending on the size of the group which also tells the amount of loss these groups are causing to everyone else on monthly basis.