Assignment# 03

Name: Mahad Gul & Hassan Askari

Class: BSCS-3A
Enrollment: 01-134182-069 & 01-134182-095
 *PROFESSIONAL PRACTICES ASSIGNMENT 3 & 4 (COMBINED)*
*NOTE: Please submit this assignment on December 16, 2019, *
Tasks for this assignment:
1) Find out about the cyber laws of Pakistan;
2) Find out about the rules and regulations and code of conduct stated by such laws and determine
whether any of these rules can be exercised by the companies against their employees who break the
cyber laws of those companies;
3) Find out that what are the penalties stated in each of those codes and rules;
4) Find out the ratio (average occurrence) of cybercrimes in Pakistan;
5) Find out and list any reported cybercrime in Pakistan (give as much examples and references
regarding this issue as you can);
6) Do you think that Pakistan is save from cybercrimes? Explain in 500 words;
7) Find out about company or companies that provide cyber security solutions in Pakistan;
8) Do you think that cyber security is an emerging field in Pakistan? Please support your answer with
example;
9) List down tools that prevent cyber attackers from accessing your personal data;

A) What is the difference between an antivirus and Internet security tool/solution; And
B) Do you think that a crack version of any security solution keeps your computer save from viruses or
any weak malware intrusion into your computer system?

Assignment 4 (Presentations)

*In Light of Assignment 3 Please keep in mind that this assignment also requires us to make a
PowerPoint presentation of about 13-15 slides regarding the above tasks*
1- Find out about the cyber laws of Pakistan

Answer

Cyber laws for cyber-crimes in Pakistan

 Spreading False Information about an Individual

 Making / Spreading Explicit Images or Videos of an Individual
 Making / Spreading Explicit Images or Videos of Minor
 Child pornography
 Cyber stalking
 Hacking Email / phone for Stalking
 Making Videos/Pics and Distributing without Consent
 Cyber Stalking with a Minor
 Hate speech
 Spamming
 Spoofing
 Malicious Code
 Unauthorized Access to Information System or Data
 Unauthorized copying or transmission of Data
 Interference with information system or data
 Unauthorized copying or transmission of critical infrastructure data
 Interference with critical infrastructure information system or data
 Glorification of an offence
 Online Recruitment, Funding of Terrorism
 Electronic forgery
 Electronic forgery of Critical Infrastructure
 Electronic fraud
 Making, obtaining, or supplying device for use in offence
 Unauthorized use of identity information
 Unauthorized issuance of SIM cards etc
 Unauthorized interception

2-Find out about the rules and regulations and code of conduct stated by such laws and determine
whether any of these rules can be exercised by the companies against their employees who break the
cyber laws of those companies
Answer

Rules and regulations and code of conduct of some of these cyber-crimes are:
Hacking Email / phone for Stalking

If someone monitors a person through mail, text message or any other form of electronic
communication.

Electronic forgery

Whoever interferes with or uses any information system, device or data, with the intent to
cause damage or injury to the public or to any person, or to make any illegal claim or title or to
cause any person to part with property or to enter into any express or implied contract, or with
intent to commit fraud by any input, alteration, deletion, or suppression of data, resulting in
unauthentic data with the intent that it be considered or acted upon for legal purposes as if’ it
were authentic, regardless of the fact that the data is directly readable and intelligible or not.

Spamming

Sending spam emails/SMS without permission of receiver, sending emails without unsubscribe
options
Sending emails with
o harmful fraudulent emails
o misleading email
o illegal email

Hate speech

Preparing or distributing information, through any information system or device that triggers
inter-faith, sectarian or racial hatred.

Unauthorized Access to Information System or Data

Accessing any information system or data with dishonest intents

Some of these laws can be exercised by companies against their employees. For example if an employee
hacks his or her employees email the company can use Hacking email/ phone for stalking law legislated
to act against him similarly they can use unauthorized to access to information system law against an
employee if he/she illegally trespasses into information or data not meant for him to see. Also, if an
employee with a malicious intent starts spamming his/her bosses or any other collogues email or phone
he or she can be acted against by the company using Spamming law in cyber-crime laws.
3- Find out that what are the penalties stated in each of those codes and rules

Answer

 Hacking email/phone for stalking: up to 3 years in jail or up to rs 1 million fine or both

 Electronic forgery: up to 3 years in prison or up to rs250, 000 fine or both.
 Spamming: Three months of prison or fine up to rs5 million or both
 Hate speech: up to seven years in prison or fine or both
 Unauthorized access to information system or data: up to 3 months in prison or up to rs 50,000
fine or both

4- Find out the ratio (average occurrence) of cybercrimes in Pakistan

Answer

Recorded Average cyber-crimes arrests per day in 2018 are 0.572

Where as in 2017 and 2016 they were 0.438 and 0.134.

5- ) Find out and list any reported cybercrime in Pakistan (give as much examples and references
regarding this issue as you can)

Answer

Famous vlogger and social media personality, Umar Khan, popularly known as Ukhano, was
accused of sexual harassment and abusive behavior by multiple women in July 2019. Several
screenshots of the 28-year-old’s conversations with other women circulated on social media,
wherein Ukhano could be seen sharing his obscene pictures and asking for their ‘bold’
pictures in return.

On Saturday night, three months after allegations surfaced, UKhano shared a new video on
social media, sharing the details of events that followed.

He captioned his video, “On 9th July, I was made a target of false allegations. I promised you
all that I will go through the legal channel and after submitting my application in FIA along
with all the evidence and after 3 months of investigation, I have an FIR against false
allegations.”

He concluded his tweet with the hashtag #ukhanofalselyaccused, which was trending on
Twitter as of Tuesday morning. The video showed a series of people claiming that both sides
of the story need to be taken into consideration before accusing an individual, emphasizing
on the difference between harassment and mutual consent.

It went onto show the Assistant Director of FIA, Asif Iqbal, claiming that “If someone tries to
defame an individual, then an FIR will be filed against the prior, after due investigation.”

Lawyer Samaviya Sajjad is also featured in the video, saying that a local website had published
the accuser Dua Asif’s elaborate account of abuse, without verifying her claims.

The vlogger also posted a picture of the FIR on November 10, claiming how he was ‘falsely’
accused. The Federal Investigation Agency’s (FIA) First Information Report (FIR) claims
that following an inquiry of the FIA Cyber Crime Reporting Centre Gujranwala, an FIR has
been registered on the complaint of Umar Khan.

“Consequent upon inquiry, FIA registered the complaint of Mr Umar Khan wherein he alleged
that a lady named Dua Asif, alias, Afrah Asif, Karachi, has started a defamatory campaign
against him through her facebook profile, namely Afrah Asi,” states the FIR.

Ukhano shared this picture with the tweet, “Never make negative comments or spread
rumors about anyone. It depreciates their reputation and yours.”

Aside from sharing the video representing the series of channels Ukhano approached, along
with the FIR, the vlogger also uploaded another video, thanking the people who supported
him.

He claimed in the video that his life had fallen in jeopardy following the ‘false’ allegations,
and he made the videos to educate others about the platforms they should reach out to
under similar circumstances.
Earlier when the social media celebrity had been accused, he had uploaded a similar video,
requesting his followers to hear his side of the story. The video has now been removed from
social media for unknown reasons.

“I’ve worked very hard my whole life, shot several videos and worked with a number
of women. I’m certain I’ve never made any of them uncomfortable.” Ukhano shared in an
earlier video.

Ukhano Harassment Case: Alleged Victim Changes Her Initial Statement

The alleged victim, Afrah Asif has taken it to her official social media to share a new statement.

Afrah has shared that her social media account was hacked and the comments made against
Ukhano, claiming that he had attempted to rape her were not written by her but the hacker.

6- Do you think that Pakistan is save from cybercrimes? Explain in 500 words

Answer

In the age of digital technology, cyberspace is becoming the weapon of crime, terrorism and
conflict, complementing and, at times, replacing the traditional instruments of crime. Pakistan’s
poor cybersecurity arrangements are evident from a few examples. In March 2013, Guardian
revealed through Snowden’s leaks that after Iran, Pakistan was the second most targeted
country for surveillance by the US National Security Agency. Later the same source, reported
that the UK’s intelligence agency Government Communications Headquarters (GCHQ) hacked
into Pakistan’s central communications infrastructure to access commonly used websites.
Microsoft declared that Pakistan received the highest number of malware attacks in the second
half of 2015, while Pakistan’s Senate Committee on Foreign Affairs later found out that the
country was among the top countries under the foreign espionage. With regard to
cybersecurity, this poor state of affairs not only shows the degree of Pakistan’s vulnerability to
cyber threats but also exposes the lack of readiness in terms of legislation, policy and
implementation to counter the threats. Coupled with the external and internal security
challenges, Pakistan’s lack of preparedness in cybersecurity make it a likely target of various
cyber threats which can broadly be divided into four types: Hacking ,Serious and organized
cybercrime, Cyberterrorism, Cyberwarfare.
Hacking is illegal access to computer systems for destruction, disruption or any illicit activity is
the first and most common cyber threats. While the above-mentioned hackers’ activities have
relevance to Pakistan, the Indian hackers apparently acting under the sponsorship and direction
of the Indian state, pose a serious challenge. Since 1998, the Indians have been hacking the
Pakistani government and security agencies’ websites mostly with the Denial-of-Service attacks.
According to the reports, 1600 Pakistani websites were targeted by the Indian hackers between
1999 and 2008. The phenomenon has become more frequent and organized since the
formation of the Indian Cyber Army comprising software professionals in August 2010.In 2013,
a Norwegian cybersecurity firm reported that the Indian hackers had been conducting an
espionage ‘operation hangover’ against Pakistan since 2010. The firm disclosed that the hackers
targeted senior managers of the corporate and government institutions.
The organized and skilled criminals are tempted towards cybercrime. The black market
networks, for instance, Dark Market, are engaged in a variety of cyber-crimes such as theft,
buying and selling of personal data from bank accounts, credit cards, identity numbers and
passwords as well as the trade of botnets. With the increasing trend in e-banking and e-
government, cybercrime is on rise in Pakistan. The country meets the cases of cybercrime on a
daily basis, which may range from account hacking to dangerous attempts like unauthorized
and illegal cash withdrawal or fund transfer.
Cyberspace is becoming an important meeting place for ideologically and politically motivated
terrorists, particularly because this offers them a convenient space to pursue their local and
transnational agendas. In the post-9/11 period, Pakistan suffered the worst form of
politicoreligious extremism and terrorism, particularly at the hands of Tehreek-iTaliban Pakistan
(TTP) and sectarian outfits. This is coupled with ethnic separatism and violence. While the
terrorist organizations in Pakistan have mostly launched physical attacks to play havoc in the
country, they have utilized cyberspace to brainwash/recruit members as well as spread their
narrative.
Cyberwarfare refers to the state-sponsored cyber-attack which is usually well-funded,
organized and conducted by highly skilled personnel. Given an enduring rivalry between the
two neighbors, Pakistan is the most likely target of the Indian cyberwarfare capabilities. The
cyber offence policy has consistently been part of India’s military doctrines.
7- Find out about company or companies that provide cyber security solutions in Pakistan
Answer

Some of companies that provide cyber security solutions in Pakistan are:

 TIER 3
 Deltatechglobal

TIER3
 Tier3 Cyber Security offers solutions and services for…
Cyber Security: To protect and assure your information and reduce your exposure to
security risk in a globally connected world.
Secure Mobility: To enable you to work securely wherever your mission takes
you…across and beyond the enterprise.
Identity Management: To establish trust in people working for you and with you —
now, and in the future.

Deltatechglobal
Delta Tech is Pakistan’s Leading Cyber Security Solution Provider which brings
consulting, next-generation products, and customized training to help your organization
protect against cyber-attacks.

8-) Do you think that cyber security is an emerging field in Pakistan? Please support your answer
with example.
Answer

The growing volume and sophistication of cyber-attacks, the volume of these attacks reaches to
thousands daily. Cyber security researchers have been working for many years to prevent
computers, databases, programs, systems and networks from unauthorized access, attack,
change or destruction. For example
The government set up a first-of-its-kind National Center for Cyber Security at the Air
University in Islamabad, in April this year, with an aim to train the youth in cutting-edge
technology.
Collaborating with numerous national and international organizations, to enhance capacity and
counter this transboundary challenge
9- List down tools that prevent cyber attackers from accessing your personal data
Answer

Some cyber security tools are:

 Gnu PG
 Truecrypyt
 Open web application security project
 ClamAV
 OSSEC
 Snort
 OpenVAS
 BackTrack
A- What is the difference between an antivirus and Internet security tool/solution
Answer

The major difference is that antivirus software scans and detects the virus or any
forms of malware and removes them from the system. Internet security is the one
which has so many advanced features such as Firewall, Phishing detection, Capability to
detect key loggers against malware

B- Do you think that a crack version of any security solution keeps your computer save from viruses
or any weak malware intrusion into your computer system?

Answer

Cracked version of any security solution can have a backdoor in that product itself. It is a
way to compromise your systems.