Cyber Incident Victim: Islamabad Safe City Authority
Date:
May 2024
Location:
Pakistan
Summary
The Islamabad Safe City Authority's online system was shut down following a hacking attempt that compromised its main server, affecting critical systems including criminal records, complaint management, human resources, and operational software. The intrusion triggered a firewall alert, prompting immediate closure of all logins to prevent further unauthorized access; no backup servers were available to restore functionality. Authorities attributed the breach to vulnerabilities from simplistic login credentials and outdated, unlicensed software. While the Safe City’s camera network remained offline and secure, linked services like e-challan, traffic management, and police facilitation centers were disrupted. Officials confirmed the incident as an attempted breach, with logins suspended for security updates across all user levels.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 3 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On May 23, 2024, unidentified hackers breached the Islamabad Safe City Authority’s online systems by penetrating its main server, which housed criminal records and operational data. The intrusion triggered an automatic firewall alert, prompting authorities to immediately shut down affected servers to contain the breach. Systems taken offline included the Complaint Management System, Criminal Management Record System, Human Resources Management System, and software supporting the Operation Division. With no backup servers available, the shutdown caused complete operational disruption. The IT department disabled all user logins to applications and servers within hours of detection, preventing further unauthorized access. Police officers familiar with the incident confirmed the systems remained offline for at least two days following the initial attack.
Investigations revealed that compromised login credentials – using simple, common IDs and passwords by staff – enabled the breach, compounded by outdated software with expired licenses. The attack impacted interconnected systems including mobile applications, smart police vehicle records, police station operations, video analytics, e-challan services, and the Islamabad Traffic Police database. Thirteen to fifteen servers linked to the F-6 police facilitation center were also affected. Police spokesperson Taqi Jawad confirmed the hacking attempt but emphasized the Safe City camera network, operating on isolated offline systems, remained uncompromised. Response efforts focused on credential resets for all users – including police stations and ranking officers from ASP to DIG levels – though officials provided no timeline for full restoration. Repeated attempts to obtain technical details from Safe City head SSP Shoaib Khan were unsuccessful, with spokesperson Jawad citing ongoing meetings with concerned officers throughout the incident’s documentation period.