Pakistani spies fear up to 100 million citizen records may have been stolen

A report by Pakistan’s main intelligence agency warns that the personal records of up to 100 million Pakistanis may have been stolen by foreign intelligence agencies due to the alleged links of a software vendor with Israel. The Inter-Services Intelligence directorate (ISI), Pakistan’s premier spy agency, said that the software used by the National Data base and Registration Authority (NADRA), which issues national identity cards on behalf of the government of Pakistan, is not secure and should be replaced by an “indigenous” software product.

Established in 1998 as the National Database Organization, NADRA operates under Pakistan’s Ministry of the Interior. Its main mission is to register and fingerprint every Pakistani citizen and supply every adult in the country with a secure Computerized National Identity Card. This has proven to be a Herculean task in a country of 182 million, of whom just over half are over the age of 18. Consequently, the NADRA electronic database contains files on over 96 million Pakistanis, making it one of the world’s largest centralized databases.

But the ISI warned in a recently authored report that the NADRA database may have been compromised through the software that the agency uses to digitize and store fingerprints. According to the Pakistani newspaper Express Tribune, which published a summary of the ISI report on Monday, “the thumb-digitiser system [used by NADRA] was purchased from a French company of Israeli origin”. The report refers to the Automatic Finger Print Identification System, known as AFIS, which NADRA has been using since 2004. The software was purchased for close to $10 million from Segem (now called Morpho), a leading global vendor of identity software. The company is based in France, but the ISI report states that has connections with Israel, a country that Pakistan does not officially recognize and has no diplomatic relations with. Because of that, says the ISI report, the entire content of NADRA’s database may have been accessed by the Israeli Mossad, the United States Central Intelligence Agency, India’s Research and Analysis Wing, and other spy agencies seen as “hostile” by Islamabad.

Officials from NADRA refused to respond to the Express Tribune’s allegations, or to acknowledge that the ISI had indeed contacted the agency with concerns about the AFIS database. But a NADRA senior technical expert, who spoke anonymously to the paper, claimed that the ISI’s concerns were unfounded, since NADRA’s servers were not connected to the World Wide Web and were therefore impossible to access from the outside. Another NADRA official told the Express Tribune that Segem was the only international vendor of fingerprint recognition systems in 2004, when NADRA purchased the software product. Additionally, the Ministry of the Interior successfully sought ISI’s approval prior to purchasing the software. Last but not least, NADRA officials pointed out that the Pakistani Armed Forces are also using Segem software products.

http://intelnews.org/2015/09/15/01-1775/