The Federal Board of Revenue (FBR) has shut down its websites on the eve of the 75th Independence Day of Pakistan for more than 24 hours over fears that Indian hackers might again make a hacking attempt.
The three web portals of the tax machinery remained down on Saturday night and Sunday that disrupted the process of payments and filing of income tax returns, according to FBR officials and citizens who tried to open these websites.
Iris.fbr.gov.pk – the portal used to file returns – as well as e.fbr.gov.pk and fbr.gov.pk – its main links with the taxpayers and the rest of the world – had been shut down on the eve of 75th Independence Day of Pakistan, according to the officials.
The websites are expected to be operational by Monday (today) morning before the start of official working hours.
“This is a routine maintenance endeavour,” Asad Tahir Jappa, the spokesperson for FBR, replied while confirming that websites were down. He did not say when the FBR planned to make these web portals functional.
Interestingly, almost 10 days ago, the FBR had shut down its web portal for routine maintenance and had duly informed the public through a notification.
“Building further on its ongoing drive for digitalisation, the FBR is all set to upgrade its key IRIS system in order to improve its operation, enhance its security, and add a new Graphic User Interface,” according to a statement that it issued on August 5.
“It is to inform that during this upgradation process, the services of IRIS System will be temporarily unavailable from 10pm on August 6 to 10am on August 7, 2022. Therefore, the inconvenience is regretted,” according to the statement.
This time, the FBR did not notify the public about the lack of availability of its services.
On August 15, 2021, The Express Tribune had given an exclusive story that Indian hackers attacked the FBR data centre and brought down all the official websites operated by the tax machinery for more than 72 hours.
The FBR unofficially had given two versions about the hacking. According to one version, the hackers intruded the system by hacking the logins and passwords of the data centre administrators. The FBR technical wing’s initial assessment was that the hackers intruded into the system through Hyper-V link.
In order to hide its incompetency, the FBR termed the hacking as “unforeseen anomalies during the migration process”.
Last year, Pakistan’s premier spy agency had forewarned the FBR about high possibility of a cyber-attack but these warnings were ignored, resulting in either taking over or shutting down about half of the virtual machines of the FBR data centre.
The then Finance Minister Shaukat Tarin had confirmed in September last year that Indian hackers had attacked the FBR’s website and a similar kind of Indian attack also took place in 2019.
Tarin said that level one of the FBR website was hacked, but the hackers were unable to reach the database. If the hackers had reached the FBR’s data, it could had been hacked.
Although, the previous government had removed the then FBR chairman on the pretext of his failure to protect the websites, the officials responsible for the security of the data centre were never punished. Rather some of them were either promoted or given rewards subsequently.
Both the FBR and the Pakistan Revenue Automation Limited (PRAL) – the backbone of FBR’s database – held each other responsible for last year’s attack.
The government has also hired a chief information and security officer to protect the FBR’s data centres and yet it went ahead with the decision of closing the websites. This suggests that the FBR does not still see its systems fully protected from cyber-attacks, which shows its weakness that can be exploited at any important national event.