If you think your personal details are safe with the National Database Registration Authority (Nadra), you are in for a surprise.
Sensitive data, including key information such as your date of birth, family tree details, and even your fingerprints could be on offer on one of the many WhatsApp groups run by con artists, and at a price that beggars belief.
The extent of the privacy violations doesn’t stop there, as revealed by a recent investigation by the Federal Investigation Agency. The people who are using personal information to scam unsuspecting individuals also have access to people’s call detail records (CDR).
This data is mostly used to register SIM cards from which these scammers would make calls under false pretences in order to dupe the person on the other line, explains Faizullah Korejo, who is an additional director for the Sindh and Balochistan region for FIA’s cyber-crime wing.
“During an intensive operation in rural areas of different districts of Punjab province, 16 cyber criminals were booked on seven different counts,” he revealed during a press conference last week.
The action was taken, said Korejo, after an alarming increase in the number of complaints from bank customers against fake callers who introduced themselves as representatives of the State Bank, the country’s central bank, or as members of the armed forces.
Using the information they had acquired illegally, these conmen tricked bank customers into revealing details of their personal accounts and then drained their account in a methodical manner, with one elderly woman form Karachi deprived of almost Rs2 million within a 24-hour period.
“Initial investigations reveals that all the fake calls were made from a few districts of Punjab, including Gujranwala, Hafizabad and Rahimyar Khan,” he said.
The suspects, currently in FIA custody, revealed that the cell phones used for fake calls were activated using information available on WhatsApp groups.
“I was responsible for providing the biometric machines allotted to cell phone franchises and Haris, a resident of Sahiwal, was the mastermind,” said Hassam, one of the accused who is from Gujranwala.
He claims that he met Haris on a WhatsApp group, where he was added after an interaction with some others on a Facebook group for ‘golden numbers’.
“Haris bought the soft fingerprints of citizens on the same WhatsApp group where I first came across him. He would then ask me to provide the biometric machine to a third individual,” says Hassam, claiming he was unaware of what they did with it next.
According to another official who is a part of the investigation, the accused are holding back key information but the investigators remain confident of connecting the dots. “This is the tip of the dark web substitute that is thriving in Pakistan,” he says, adding that they are looking at the nexus of criminals within government agencies as well as employees of cellular companies and banks who could possibly be working with the conmen.
“Currently, we have people in custody who appear to be small fry and the middlemen, used by the big fish as a layer to conceal their involvement,” he says.
A Nadra official, when asked about the possible breach, expressed surprise. “Stolen fingerprints are quite concerning. It is the sole responsibility of the centralized Data Protection Center located in Islamabad,” he said while requesting anonymity. “The matter in question is out of my jurisdiction.”