Islamabad’s Safe City Authority experienced a significant disruption when its online system was breached by hackers, prompting an immediate shutdown.
The Safe City Islamabad Project, initiated by the PPP-led government and backed by a Chinese government concessional loan, aimed to enhance the capital’s surveillance and security capabilities with the installation of 1,950 CCTV cameras, a bomb-proof command center, a 4G communication network, and advanced monitoring systems such as facial recognition technology.
This unforeseen event has raised concerns over the security and the vulnerability of the system, as law enforcement officials scramble to assess the damage and restore operations.
Islamabad’s Safe City Authority Breach and Initial Response
The breach revealed several systemic weaknesses within the Safe City Authority’s digital infrastructure. Hackers successfully infiltrated the primary server, gaining unauthorized access to databases containing criminal records and sensitive information.
While the system’s firewall did issue an alert upon detecting the intrusion, the absence of backup servers and contingency plans forced a complete shutdown of the affected software and applications.
The assault compromised several integral systems, including the Complaint Management System, Criminal Management Record System, and Human Resource Management System, along with software and applications vital for the Operation Division.
The compromise of these systems impacted several critical services tied to the Safe City initiative. This includes mobile applications, smart police vehicle records, police station data, video analytics, Islamabad Traffic Police, e-challan systems, and records from the operations division. Approximately 13 to 15 servers provided by the police facilitation center F-6 were also affected.
An officer highlighted to Dawn, Pakistan’s largest English newspaper, that this incident was not a typical hacking scenario involving stolen login credentials. Instead, the system’s vulnerability stemmed from the use of simple and common login IDs and passwords by officials, making it easier for hackers to gain access. Additionally, many of the software and applications were found to be outdated or with expired licenses, further compromising the system’s security.
Despite the breach of several systems, the Safe City cameras’ management system that operated independently through offline direct lines, remained secure, demonstrating the effectiveness of isolated systems in safeguarding against such attacks.
Police spokesperson Taqi Jawad confirmed the intrusion as an attempted breach that triggered the firewall’s alarm but stated that appropriate precautionary measures had been taken. “All logins have been closed for the past two days to change them, including those of police stations and officers at various ranks,” he stated.
Jawad refrained from sharing further specifics on the server shutdowns as he stated they were still pending technical feedback
Controversy Over Islamabad’s Safe City Authority
Islamabad’s Safe City project has been a source of serious controversy, with several litigations over contract transparency and cost inflation, leading the Supreme Court’s order to cancel the initial contract with Huawei in 2012.
The contract was later renegotiated, and the project resumed under the PMLN (Pakistan Muslim League) government, with the command center becoming operational in 2016. By 2016, 1,805 cameras were installed, and as of 2021, 95% remained functional.
Despite the extensive infrastructure, police sources claimed in 2022 that the system had not prevented any incidents or facilitated any arrests, raising questions about its effectiveness.
Due to financial strain, Pakistan and China Eximbank signed several debt suspension agreements from July 2020 to December 2021, temporarily suspending principal and interest payments under the concessional loan agreement. Tragically, the project’s director was found dead in July 2022 in an apparent suicide.
The successful breach of the authority’s systems draws additional controversy towards the project, which was intended to be a cornerstone of Islamabad’s security infrastructure but has encountered several operational, legal, and financial setbacks.
Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.