Pakistan Cyber Profile

Pakistan has a harsh legal landscape based on strict Sharia law, but it is also the home of ambitious young people who strive for Western incomes and rely on access to the Internet for a window on a permissive world. While the older generation that runs the country wants the economic benefit and kudos of technology, they don’t want the part of the Internet that allows porn, gambling, opposing views, or liberal Western ideas.

Pakistan’s leaders want to freeze in medieval morality while garnering the advancements promised by global communications. Thus, Pakistan is both an open and closed society simultaneously. While the older governing class might not understand or like the Internet, they are very good at legislation, and that’s how they strike a balance between their dreams and fears over what the Web could bring.

Internet penetration and availability

According to Hootsuite, 62.34 million of Pakistan’s 223 million people are regular internet users. This gives an internet penetration rate of 27.5 percent. On the other hand, the Pakistan Bureau of Statistics (PBS) calculated an internet penetration rate of 18.94 percent in 2020. However, 2021 has seen a fast expansion of internet penetration, which could explain that difference in statistics.

The growth rate in internet usage is startling and possibly driven by the recent Covid pandemic – the number of internet users rose by 11 million from 2020 to 2021. That means the internet community almost doubled in the space of one year.

Only around 21 percent of Pakistan’s population are regular social media users. According to the Pakistan Bureau of Statistics, the country has a mobile phone penetration rate of 45 percent. The relatively low internet and social media figures show that more than half of device owners use them for phone calls and texts rather than to access the internet.

Previously low levels of internet penetration and a sudden growth with the onset of Covid could be due to a reversal in government policy towards internet access. For example, in large Baluchistan, Pakistan’s biggest state, internet provision was banned until mid-2020. However, this policy changed when the state government shut down all schools and universities in March of that year and moved classes online.

According to a report published in July 2020 by Cable.co.uk, the average cost of a fixed-line Broadband package in Pakistan is $20.43 per month, and the cheapest Broadband plan available costs $4.87 per month. This compares to an average monthly price of $34.78 in the UK and $59.99 in the USA. According to the Pakistan Bureau of Statistics, the average monthly income per household was 35,110 rupees per month in 2019. This is about $203.

There are about 158,000 free WiFi hotspots in Pakistan, according to WiFi Maps. As expected, these hotspots are all located in large urban centers, with Karachi, the country’s largest city, having around 42,000. These are primarily available in cafés and other commercials, public spaces that compete to attract customers.

Internet speeds in Pakistan

As of July 2021, Pakistan ranked 113th on the average mobile internet download speeds of all the countries monitored by the Ookla Speedtest Global Index. That speed is 20.33 Mbps and compares with 190.03 Mbps, which is available in the UAE in the number one slot.

Fixed-line broadband speeds are slower, ranking the country in 162nd position with an average rate of 13.19 Mbps. Monaco is at the top of that table, with an average fixed-line Broadband connection download speed of 256.7 Mbps. For comparison, the USA’s positions in those tables are in 14th place for roaming rates at 91.01 Mbps and 14th for fixed-line broadband speeds at 195.55 Mbps.

Speed test
Speed test results

Digital awareness

The International Telecommunications Union ranks Pakistan 79th globally out of the 185 countries that it covers in the Global Cybersecurity Index 2020. The country’s cybercrime defense strategy is based on the Prevention of Electronic Crimes Act (PECA) of 2016. However, this internet security regime has never been fully implemented with no national response lab or coordinated strategy for public sector protection. Instead, this law tends to restrict the internet freedoms of the general public, giving the government the power to prosecute individuals for all manner of internet crimes.

The Federal Investigation Agencies investigate cybercrimes, and penalties are skewed towards punishing behavior transgressions in the general public rather than discouraging hackers and data thieves. For example, in June 2017, a Pakistani court sentenced Taimoor Raza to death for writing something offensive about the Prophet Mohammed on Facebook; however, under PECA, data theft gets a sentence of up to three years. In addition, the data theft penalty can be substituted with a fine of up to 1 million rupees – that’s about $6,000.

Given the large sums of money that ransomware hackers and data thieves can earn from stolen or hijacked data, there isn’t much of a disincentive provided by the law.

Online anonymity

The Pakistan government doesn’t operate its internet controls. Instead, it relies on its orders to be implemented by Internet service providers. This can result in secretive changes in the availability of categories of websites without any public debate or announcements.

ISPs also carry out tracking and logging of all private internet activity. In addition, PECA gives the government the right to prosecute citizens of Pakistan for accessing a banned website, no matter where they were in the world at the time of access.

Access to privacy tools

The use of a Virtual Private Network (VPN) is controlled both for businesses and private individuals. The Pakistan Telecommunication Authority attempts to detect and block VPN traffic as it passes over public cables. The PTA also requires VPN users to register the systems that they use. Without registration, the use of a VPN is illegal in Pakistan. In addition, permitted VPN services that operate within Pakistan are obliged to log user activity and make those records available to government agencies on demand.

The government’s control over access to information about VPNs, including blocks on the availability of websites promoting or selling VPNs, seems to have been successful. As a result, few people know about the topic ever since the recent surge in uptake of internet service. For example, Google Trends shows that a peak of interest in the topic of VPNs in searches performed in Pakistan at the end of November 2017 has never been matched. Although very few Pakistanis had access to the Web at all at that date compared to today.

Pakistan VPN Google Trends
Pakistan VPN Google Trends

The government’s justification for its blocks on access to websites is that they could provoke sedition, and its bans on VPNs are justified on the grounds of the prevention of terrorism. Data from Google Trends does offer justification for this stance, however. They are taking a look at the map of Pakistan, plotting where the searches for information about VPNs are issued shows that far more inquiries about VPNs are issued in remote, rural provinces and territories known for radical terrorist activities and training.

Pakistan VPN Google Trends
Pakistan VPN Google Trends by region

The Federally Administered Tribal Areas (Khyber Pakhtunkhwa) has 35.5 million and an internet penetration rate of 14.2 percent. Yet, it had the highest incidence of searches for information about VPNs over the past five years. In contrast, the Punjab province, with a population of 110 million and an internet penetration rate of 18.94 percent, had only 65 percent of that traffic volume for VPN searches.

Tor browser, the free privacy system, is relatively unknown in Pakistan. Take a look at the two graphs below, shown side by side, detailing Tor access statistics for Pakistan and the USA for August 2020 to August 2021.

Tor access statistics for Pakistan
Tor access statistics for Pakistan

Roughly speaking, the number of users of Tor per day is around 5,000 in Pakistan but approximately 500,000 in the USA. Of course, the USA has a great many more internet users. However, a daily rate of 5,000 per day in a country of 230 million shows that knowledge of the Tor system is limited to only a tiny tech-savvy elite in Pakistan.

Cybercrime: prevalence and attack types

Despite being woefully unprotected against cybercrime, Pakistan doesn’t seem to be a great target or source of cyberattacks.

Take a look at the image below that shows a portion of the live attack map of A10 Research and illustrates the location of DDoS attack weapons. In other words, these are the locations of the botnet zombies as they launch fake connection requests.

live attack map
Live attack map – Pakistan

The major population centers of Karachi and Lahore barely figure on this map. However, the rural but volatile areas in the North around the borders with Kashmir and Afghanistan show much activity.

The government and its agencies suffer most cybersecurity breaches in Pakistan. These breaches originate from foreign security agencies rather than from hackers. Reports suggest that India and the United States are particularly active in breaking into government IT infrastructure to conduct intelligence research.

Despite not being a source or target for DDoS attacks or malware, Pakistan is one of the largest sources of spam email globally. It ranks in 10th place on the Spamhaus league of countries that host spambots.

Although Pakistani hackers were active at the beginning of the century, the country is now known more as a source of white hat hackers, who perform security research for major corporations worldwide.

Blocked content

The PECA frames the government’s blocks on access to many sites that include those offering gambling and pornography. In addition, sites that provide information about VPNs are also blocked. Blocks are also imposed on specific news pages that criticize the government or communicate LGBT issues.

All local government levels have the right to issue a total ban on internet provision within their boundaries. The national, provincial, and local governments have all be known to periodically block popular social media sites, such a Reddit, Quora, Facebook, Flickr, and Twitter. TikTok and YouTube have also experienced blocks on content and occasional outright total bans.

Tinder and Grindr are permanently blocked. Torrent sites cannot be accessed in Pakistan due to blocks implemented by all ISPs operating in the country. In addition, some online video game platforms and specific online games are subject to bans in Pakistan, and some scientific and medical sites are banned.

A report by the Pakistan Telecommunication Agency in 2019 detailed that 900,000 URLs were blocked in Pakistan at that point. The government launched a new internet censorship plan in 2020 so that 2019 figure is probably low compared to the number of sites currently blocked in Pakistan. The new strategy orders websites to take down content or face fines of up to $3 million. The topics that attract bans are blasphemy, hate speech, threats to national security, terrorist activity, and pornography.

Privacy and data protection

The government of Pakistan realizes that PECA needs to be overhauled; furthermore, torrent and one area of digital activity that it is currently working on is data privacy standards. Just like the EU’s General Data Protection Regulation (GDPR), the Pakistan Personal Data Protection Bill, 2020, will lay down expectations of data protection that mainly focus on personally identifiable information (PII). This bill is still working its way through parliament.

Existing data protection legislation in Pakistan includes the Payment Systems and Electronic Fund Transfers Act, 2007, which enforces protection for financial data in transit. In addition, the State Bank of Pakistan’s Regulations for Payment Card Security is similar to the USA’s PCI DSS standard on protecting financial and payment card information.

There is currently no government agency that oversees data privacy issues in Pakistan. However, the new law includes the stipulation for creating the Personal Data Protection Authority of Pakistan.

Online safety in Pakistan

If you intend to visit Pakistan, don’t assume that being an outsider, Pakistani laws and conventions don’t apply to you. The country has capital punishment on the statute books for a range of crimes. Remember that you can be executed just for a post on Facebook in Pakistan.