Document freedom : what is it and why is it important
Paper. Paper has been with us for thousands of years. With paper, once you learnt how to read a language, you could read any document.
We are now entering the age of electronics. This is a world where most new documents are electronic in form. You cannot read them directly, they are machine readable only and we need hardware and software to do so.
Because we are still at the beginning of this era , we see many and very rapid changes. There are changes in the hardware, in the media and in the form or format of the documents. Even fairly recent documents are at risk of being inaccessible due to changes in technology, for example 5inch floppies are recently used but now difficult to access.
The problem arises when you become dependent on a particular vendor to read a document. Should you need/have to buy a particular machine or licence from a particular vendor to read your phone bill or to file your income tax return?
No.We must be free to use any software we want (including software that we have written ourselves) to handle our documents . This is a basic economic freedom. Any restriction on this is a tax on us and as good Pakistanis we all know that we should avoid taxes :-)
If your vendor needs to increase sales they will release a new incompatible version of their product. For example MS Word 2007 produces documents that are unreadable in MS Word 2000.
If the vendor of your proprietary software decides to discontinue support for their proprietary formats then your documents soon become unusable, unaccesible. This is why truly OPEN standards are important now. This is why we support the use of ODF and the aims of the
ODF Alliance=======================
26 April 2008 is
Document Freedom DayLabels: Economic and Political Security, News Article
National Bank of Pakistan refutes hacking / cyber crime allegations.
So, it was not 'hacking', but 'fraudulent withdrawals'. However the fact is that there is a limit of Rs20,000/- and that is all that a client should be able to withdraw in one day. The attack managed to get Rs20 million from accounts that had zero money in them. Here is an image of the notice published in the papers.
Labels: Banking and Finance, Hack
NBP security was bypassed by using other Banks ATM cards where the accounts had no balance.
====================================================
NBP admits gang withdrew Rs20m in MultanBy Sher Baz Khan
ISLAMABAD, March 15: The National Bank of Pakistan on Saturday said that some people had fraudulently withdrawn Rs20 million from its automated-teller machines (ATMs) in Multan, while the Federal Investigation Agency believes that the bank’s online money providing system has been “hacked”.
While NBP president Ali Raza said the misuse of bank’s ATMs in the industrial zones of Punjab was a mere “glitch” and not a cyber crime, the head of FIA’s National Response Centre for Cyber Crimes (NR3C), Syed Ammar Jafri, told Dawn that the NBP’s ATM service had been hacked and it was a cyber crime.
“That’s why the NBP management has sought the help of NR3C — the FIA’s special wing for combating cyber crimes,” Mr Jafri added.
“Give me three or four days and I will tell you how many people are involved in the crime.” He did not rule out the involvement of those who knew about the security system of NBP’s ATM service.
He said it could also happen to other banks operating in Pakistan, but the NBP had been targeted perhaps for its weak security.
He said the FIA had taken into custody a retired employee of a bank, Amir Abbas, who was being grilled. Amir was arrested in Multan after the NBP management had registered an FIR against him.
Mr Jafri said that without hacking the system it was impossible to withdraw cash from the NBP’s One-Link through cash cards with zero balance. He said that cash cards of two employees of another bank, one of them retired, had been used, which meant that those who withdrew money had hacked the NBP system.
“If the system was not hacked how the ATMs were made to give positive response instead of negative?” he asked.
Sources told Dawn that before the NBP suspended its One-Link service on Friday, the gang had withdrawn money from four branches of the NBP in Islamabad.
However, the bank’s spokesperson said she did not know anything about the misuse of ATMs in the capital.
NBP’s clients can now use only the bank’s own ATM facility after the suspension of One-Link.
The sources said that millions of rupees had been withdrawn from the bank’s branches in Lahore, Sialkot and Faisalabad as well.
An official statement issued by the NBP said that with the bank’s help some culprits had been arrested red-handed while conducting fraudulent withdrawals from ATMs in Multan.
“The gang is currently been interrogated by the FIA and a case has already been registered with the relevant agency,” the statement said.
“The bank hopes to recover the fraudulently withdrawn money from those who perpetuated the fraud.”
The NBP is currently in the process of re-certification of its ATM switch software with One-Link and software vendor which is expected to be completed in two weeks. Soon after the completion of the process, the NBP will restore its links with other banks (14 in number) which are members of the One-Link.
An expert told Dawn that it required at least a thousand transactions (days) to withdraw Rs20 million from the NBP through ATMs which restricted clients to taking out only Rs20,000 per day.
Labels: Banking and Finance, Hack
Looks like an inside job, with an employee subverting the security system of the ATMs.
===============================================
NBP suspends inter-bank ATM service after fraud - By Sher Baz Khan
ISLAMABAD, March 14: The National Bank of Pakistan (NBP) on Friday unilaterally suspended its One-Link service with 14 other banks after finding out that a cyber gang had withdrawn millions of rupees from its different branches through automated-teller machines (ATMs) by cracking the PIN codes and hardware security modules.
Sources told Dawn that the bank had also sought the help of the FIA to determine how the gang had been misusing a couple of “zero-balance” accounts of two employees of another bank, one of them retired, and getting complete command over the ATM system of the NBP.
They said that involvement of some employees of both the banks could not be ruled out as one employee of the NBP headquarters in Karachi, in charge of hardware security of the bank’s online money supply service, had disappeared along with loads of information about private accounts and their ATM PIN codes.
Police have also arrested Amir Abbas, an employee of the Lahore branch of the other bank, one of the 14 banks sharing the ATM service with NBP.
Mr Abbas is being grilled by police while search is on for one Ali Hassan alias Bacha, who is believed to be the chieftain of the gang.
Insiders told Dawn that the bank’s management had detected ‘cyber theft’ of over Rs3 million from its ATMs in Multan and Lahore in recent weeks.
But it was surprised to find similar cases unfolding in its branches operating in the industrial belt of Punjab in Sialkot, Gujranwala and Lahore.
After following the transactions, the bank management found that the same group had withdrawn another over Rs8 million from the NBP’s ATM in Punjab just over the last weekend.
The sources said the hackers had targeted branches of the NBP operating in the industrial areas of Punjab because ATMs of these branches are normally filled to the brim.The NBP management is also busy tracing similar transactions in other parts of the country, perhaps by members of the same gang.
Initial investigations have found that the gang had full command over the entire ATM hardware system of the bank, which means that some employees of the bank’s ATM department had links with the gang and had provided them the data needed to hack the system.
In normal cases, an account holder can withdraw a maximum of Rs20,000 in 24 hours from an NBP ATM. But the hackers had full control even over this function and are believed to have made the machines deliver large sums in one go.
The NBP’s ATM issuance service has already come to a halt for a couple of months, an NBP employee said.
He said the bank had decided not to re-start its One-Link ATM system with all other partner banks without installing a new security system.
The NBP fears massive attacks on its hacked online money supply system across the country forcing it to suspend its One-Link operations for an indefinite period.
The employee said that ironically the NBP had not installed close-circuit cameras to cover its ATMs. Therefore, it is difficult to tell exactly how the gang drew money from the machines.
The NBP authorities are also investigating whether the ATM hacking started when its absconding employee was attending his office or after he had left to be with his accomplices while drawing cash from the machines.
NBP President Ali Reza and some other top officials could not be reached for the official version on the issue.
Labels: Banking and Finance, Hack, Insider
