US President George Bush is now calling Pakistan one of three “theatres” in the War on Terror, and authorising deadly raids into its territory. But thanks to tough home-grown internet laws and vigilance by its own internet crime fighters, Pakistani cyberspace at least is clean of any jihadi or terrorist group, according to the country’s top cybercrime sleuth.
And Ammar Jaffri, project director of the National Response Center for Cyber Crimes at the Federal Investigation Agency, wants to know why other governments permit terror websites to be hosted by local ISP s, despite the ease of tracing internet servers and the credit card payments made to them.
Contrary to expectations, none of the seemingly infinite numbers of terrorist and jihadi groups using the internet to spread ideology, post messages, recruit followers, solicit funds and exhort violence are hosted in Pakistan, insists Jaffri.
“In Pakistan no one can host a terrorist website. If they do, we’ll get hold of them immediately. No one dares to because they know either we will find them or someone will tell us and we’ll swoop on the service provider immediately.”
Pakistan banned 13 terrorist groups under former president Pervez Musharraf. A report by the Pakistan Institute for Peace Studies identified 25 terrorist or sectarian groups still operating, including reorganised incarnations of the banned groups. But they don’t operate in Pakistani cyberspace, says Jaffri. “Tell me one ISP in Pakistan which is hosting a terrorist website. I can show you 200 websites which are hosted in the US and other Western countries. Just google terrorist websites,” says Jaffri.
Pakistan was among the first countries to legislate cyberspace, and its first cybercrime law, the Electronic Evidence Act 2000, was in place before 9/11. The law was upgraded to the Electronic Transactions Ordinance 2002. In its most recently amended form, the Prevention of Electronic Crimes Act 2007, it is so tough and farreaching that some civil liberties groups consider it draconian. For instance, should any of the 88 million cell-phone subscribers now registered in Pakistan choose to send a lewd text message, they can now look forward to imprisonment for up to seven years. The offence falls under cyberstalking and jail time can go up to 10 years if a minor is involved.
Convicted “cyberterrorists”, a definition that includes anyone hosting a jihadi or terrorist website, can be executed if their actions result in a victim’s death. The first laws were the brainchild of Jaffri, an IT adviser to government and intelligence departments for more than 35 years, who became alert to the potential threat to computer network security while receiving training in the United States a decade ago.
“Pakistan stood against cybercrimes in 2000, much before the advanced world. When I returned from the US in the late 1990s, I looked around at the potential number of internet users in this region, counting China, India, Sri Lanka, Bangladesh – almost half of the world’s population. So I started pressing the government of Pakistan to do something. We came forward with regulations, with laws, we put the right people in the right positions, all much before the Western world.”
Jaffri says it’s obvious that virtually all terrorist organisations are not only using cyberspace, they’re also using qualified IT professionals. He cites a Turkish-based website he browsed last week, on which the group showed videos of its training camps and weapons and invited donations via credit card.
“If you see the websites and quality of services they are providing, it appears that they’ve hired professionals. These groups are fundraising via websites, they’re propagating their ideas via websites. Such websites are hosted on ISPs, they have a web server, they have a network, they have a country, someone is paying money and using a credit card and writing emails to the ISP.”
Terrorist and jihadi sites can still be accessed in Pakistan, but authorities have ensured they are not hosted in Pakistan.
“The question I’d like to pose to Western countries is: ‘Where are the terrorist websites hosted?’ I think they are the best judge. Who is making payments to run the websites? What credit cards are being used for these purposes? Instead of asking us: ‘Where are they [the terrorist groups]?’, I think the technologically advanced world can answer these questions very well. Ask the owners of the credit cards on which the payments are made to the server. Ask Visa and Mastercard.”
According to some estimates, Pakistan’s internet use has boomed to an estimated 22 million users this year, some 13 percent of the population, although the Pakistan Telecommunications Authority puts the number of registered subscribers at 3.8 million. More than 60 ISP s (Internet Service Providers) are operational and some 20,000 websites use the .pk domain.
“We have told other countries’ agencies about the hosting of terrorist websites abroad. We’re interacting regularly with a number of international crime forums, but none of them has ever told us: ‘This website is hosted in your country,'” says Jaffri.
“With some countries it’s not just a lack of online regulation, it’s because they just won’t cooperate. Everything revolves around the economy, around money. I would not spare a single person found responsible for hosting a terrorist website on a server in Pakistan. But how can we move against such a person or group if they are not in Pakistan? The West needs to understand these things.”
With little jihadi-terrorist web hosting to monitor, Jaffri and his team are far busier pursuing cases of identity theft, website hacking, credit card fraud, AT M fraud and hacking for ransom.
About 150 cases of cybercrime have been investigated or prosecuted. At the Center, nearly 60 ICT experts work at banks of computers in the unit’s operations centre, which also boasts a forensics lab staffed by eight computer forensics experts.
Cases currently under investigation include the hacking of a young woman’s profile on a social networking site, a case of AT M fraud in which 20 million rupees ($US 260,000) were withdrawn from several AT Ms of one bank and defacement of banking websites using stolen credit card numbers.
The biggest problem facing Pakistan’s cybercrime fighters is identity theft, says Jaffri, whereby hackers steal a user’s email password and send emails from the victim’s address. Identity theft carries a punishment of up to seven years’ jail with a 500,000 rupee fine. There have been several cases of hackers demanding a ransom for the return of the user’s email identity after they lock the user out of their own email address.