There have been multiple reports leaked from various credible sources about NSA & GCHQ hacking into Pakistan’s critical infrastructure. One of the first reports that was made public was in June 2015 published by Intercept which highlighted GCHQ’s infiltrating PTCL’s Core Routers and hence allowing them not only intercept every single user’s traffic but it also had abilities to re-route the traffic to their passive collection systems.

This report was followed up by another roughly one year back, which pointed out that NSA had gained access to Pakistan’s National Telecommunications Corporation (NTC) using Malware known as “SECOND DATE”

Part of this was confirmed in October 2016, when a group known as “Shadow Brokers” leaked list of hosts that were compromised as a part of NSA’s operation.

The leaks also reveal a step by step guide on how NSA compromised Mobilink’s network including the CDR Servers (Call Data Records) in 2006.

From the evidence obtained, it is very clear that NSA & GHCQ both have had significant amount of interest in hijacking Pakistan’s critical infrastructure.

OUR ANALYSIS

As per various leaks, Edward Snowden reveals a couple of NSA’s deadliest weapons, most notable being Quantum-Insert attacks in order to carry out targeted attacks. The hijacking of Pakistan’s ISP provides a great aid in Quantum-Insert attacks. As per one of the leaked documents confirms this attack was being utilized in order to infect a target located in Miran Shah. We have posted a detailed technical analysis of Quantum-Insert attacks here.