In a concerning development for the Kyrgyzstani government, a Pakistani hacker group called “Team Insane Pakistan” reportedly leaked a database containing the personal information of over 600,000 Kyrgyzstani citizens and local companies on May 22.
The leaked data included personal information, dates of birth, national identity numbers, and home addresses of the victims, reports Al Arabiya.
The list also comprised local civil servants, politicians, and leaders responsible for cybersecurity in the country. Notable figures in the database include Kamchybek Tashiev, head of the State Committee for National Security; Nurlanbek Shakiev, Speaker of the JogorkuKenesh; and Edil Baysalov, Deputy Prime Minister.
This hacking incident was reportedly a response to the May 17-18 riots in Kyrgyzstan’s capital, Bishkek, during which several Pakistani students, along with students from other countries, were targeted by locals over an alleged video depicting a fight between Kyrgyz and Egyptian medical students on May 13.
In addition to Team Insane Pakistan, other Pakistani hacker groups like Silent Cyber Force and Golden Don also targeted critical governmental and private sector systems in Kyrgyzstan.
The intent of these Pakistani hackers was not only to disrupt governmental operations but also to pose significant risks to essential services affecting both citizens and foreign nationals in Kyrgyzstan.
Various media outlets in Kyrgyzstan, along with social media posts on X (formerly Twitter), Facebook, Telegram, and other platforms, widely reported the hacking incident.
Interestingly, Pakistani media avoided reporting the incident to prevent international embarrassment.
Notably, many hacker groups in Pakistan are directly or indirectly funded by the country’s military establishment and intelligence agencies. While their primary target is usually India, these groups are also employed to demonstrate the expanding reach of Pakistan’s security establishment in the cyber domain.
The Pakistani hacker group posted a message on their social media handles, claiming responsibility for hacking websites with the domain “gov.kg” and the Supreme Court of Kyrgyzstan.
In an unverified statement attributed to an “anonymous” author, the group claimed, “This database is not available on the open Internet.
“We hacked the subdomain of the site gov.kg and used a vulnerability in SQL (Structured Query Language) to obtain data from more than 500,000 Kyrgyz. These people targeted our Pakistani brothers. If they do not stop their attacks, we will publish even more data. All gov.kg sites are vulnerable.”
Additionally, the Silent Cyber Force hacker group from Pakistan posted a message titled “Greetings Citizens of The World,” condemning the violence against foreign students and declaring their intention to “take down Kyrgyzstan’s governmental websites and large networks.”
These hacker groups used the Bishkek incident to market themselves and gain sympathy from people in Pakistan and other foreign students to justify their nefarious activities.
But interestingly, despite these threats, the official websites of the targeted institutions in Kyrgyzstan functioned normally when accessed.
This raised questions about the actual capabilities of the Pakistani hackers or potential tactical delays in executing their threats. Local sources in Kyrgyzstan also disputed the extent of the Pakistani cyber-attack, claiming that the “leaked” data had already been published on the internet in 2020.
Salavat Ormoshev, the Executive Director of the Association of Telecom Operators in Kyrgyzstan, told a local media outlet, “These hackers, in the wake of the hype, made such statements because of the events that happened to Pakistani students. They began to promote their hacker group under the hype.”
Reacting to the hacking incident, Kyrgyzstan’s State Agency for Protection of Personal Data confirmed: “The posted 600,000 personal records of citizens of Kyrgyzstan are similar to the information that was published in 2020 as a result of a leak from the Tax Service.”
Additionally, the state agency noted in its statement that they conducted a study which confirmed that “there was no leakage of personal data” from the information systems of the government agencies.
Furthermore, the Ministry of Digital Development in Kyrgyzstan responded to the hacking incident by stating that the agency constantly scans information assets to identify vulnerabilities or unauthorised access, and that all state information systems “were operating as usual” on May 22.
On the other hand, journalists at the “Azattyk” news outlet, after studying the database published by the hackers, found that it contained both outdated and up-to-date information about citizens of Kyrgyzstan.
In particular, the database included addresses and Taxpayer Identification Numbers (TINs) of citizens of the Kyrgyz Republic.
Pakistani hacker groups, their international syndicates, and several Pakistani nationals have been accused of committing various illegal activities, including financial frauds in the cyber domain.
For instance, in 2016, Muhammad Sohail Qasmani, a Pakistani national, pleaded guilty in the United States to laundering over USD 19.6 million on behalf of the perpetrators of a “massive international computer hacking and telecommunications fraud scheme.”
This scheme was led by Noor Aziz, another Pakistani national. The whole episode caused a massive international embarrassment for Pakistan and its policymakers.
Additionally, Pakistani hackers are also involved in other illegal activities such as drug trafficking, weapons trading, selling stolen personal information of Pakistani citizens and foreign nationals, and the production and distribution of child pornography.
The government of Pakistan has failed to control these illegal activities despite passing the Prevention of Electronic Crimes Act (PECA) in 2016, which provides a “comprehensive framework for all forms of cybercrime.”
On the contrary, the Pakistani security establishment uses these hacker groups to target India, Israel, and other Western nations, spreading its malicious propaganda and stealing vital information.
Cyber analysts believe that the recent hacking episode in Kyrgyzstan is another example of Pakistani hacker groups going rogue.
These groups might sell the critical stolen data including the personal information of several Kyrgyzstanis and government officials on the dark web, where it could be used for illegal purposes and jeopardize the country’s security.
This hacking incident will raise alarms in countries that host many students from Pakistan, including Turkey, Armenia, United Kingdom, Australia, and Cyprus.
The host countries need to be watchful of the activities of Pakistani students, who could indulge in violent skirmishes and may result in hacking incidents in the future.
