Tee Emm on Pakistan Next Gen Issues

PKNIC, the entity responsible for the global top level domain of Pakistan (.pk), is reportedly down for the past 8 hours. This is the latest in the series of now very ‘old pains’ that have now become synonymous with the domain controlling body.

While this do not have any immediate affect on the globally operating domains under the .pk ccTLD for now (due to the way the DNS system works), users trying to reach the site for updating their domain records or paying for their domains will be facing problems.

It is most likely that the problems would be resolved and we will see the site back soon.

However, once again, this incident points towards the weakness of PKNIC as a user-focused entity. Despite being run as a commercial operation, PKNIC has not been able to fulfill the basic need of communicating with their paying users such as providing them with a representative office or officer one can reach, a helpline one can dial, a blog that keeps its users informed about the latest with the entity and so on.

This lack of communication has been shedding a very bad light to its name. Unless PKNIC addresses the basic need of communicating with its paying users in ways that are a norm of today, it would only be normal and logical for the general public to view every move of PKNIC with doubts.

In an age where dozens, if not hundreds, of offshore companies having their ‘touchable’ operations going on in Pakistan, there is no reason why PKNIC which holds the linchpin of the Pakistani cyberspace can’t have a reachable and touchable representation in Pakistan.

I sincerely believe that this will help PKNIC and its users.

Haris Shamsi who represents among various other entities, Pakistan IPv6 Task Force, reported the proceedings of a recent PTA meeting in Islamabad that discussed a rather extensive 9 point agenda that included exciting stuff like putting up an IX, introduction of IPv6 in Paksitan etc. ‘Bringing back’ PKNIC to Pakistan (a topic we have earlier discussed here and here) topped the agenda list.

PTA had been receiving complaints about PKNIC from various of its customers and of recent, the regulatory body has reportedly made contacts with PKNIC management (that happens to be outside Pakistan) in what is being described as ‘a thick regulatory tone’. Interestingly, PKNIC does not come under any existing service definition of PTA and being a company established outside Pakistan, is immune to any serious regulatory influence. This is despite the fact that the body (PKNIC) is responsible for managing the digital linchpin of Pakistani business and digital citizen life, the domain names that end with a .pk.

Hearing from those who were part of the meeting, it appears that there is a thrust towards ‘bringing it back’ to Pakistan. Without proper thoughts and debates around the subject, such a thrust would be highly ‘misplaced’ and is bound to create more problems than it aims to solve. Also, probably for the first time, PKNIC ’sent’ two representatives, one of which was a lawyer named Barrister Omer to a PTA initiated meeting.

PKNIC and Pakistan is a sweet & sour story. Very (very) briefly, here is some background:

First the good things about these people: PKNIC’s early owners (it has reportedly changed a couple of hands, I am short on this data) put Pakistan on the TLD early on way before lots and lots of other countries were on the net. They have managed the whole thing without any serious, sustained outage for the .pk TLD as a whole. I can’t remember that in the past 11 years at least I have seen a major ‘not there’ issue with them. However, stories of customers getting high-rates, bad support and 100% irrelevant ‘collateral damage’ outages on their business production sites are abound. They have no real office in Pakistan, no staff (the Barrister mentioned by Haris deserve a photograph on flickr so the millions of PKNIC customers can, for the first time, put a face to the name of the company that is responsible for their digital identity linchpin). The processes and policies at PKNIC were initially closed door but later went through a corporate whitewash to include a number of stakeholders. Domain disputes and hijacking were the most dreaded aspects of life of a PKNIC customer due to various reasons. PKNIC continued to offer free .gov.pk domains to GOP requirements where, reportedly, the only requirement was a letter (not an email!) sent to them on the official letter head of the government agency and the domain get registered and activated. Electronic payments at PKNIC (something we take for granted while dealing with something as ‘nety’ as domain registration) arrived quite late .

Brining PKNIC back to Pakistan is logical and desirable. But how and when? What would the rules be? What is the collective track-record of Pakistan (regulatory and industry combined) in terms of Internet Governance? Are we ready to face an ‘Network Solutions/ICANN’ and post ICANN issues in a Pakistani light?

Some people (including this scribe) are of the view that PKNIC’s obscure and non-customer-friendly thorns aside, the consistency of the service might have heavy attribution to the fact that the body was being managed outside Pakistan in a rather ‘private’ matter. Of course this is highly debatable and views and proves are welcome.

My strictly personal views are that PKNIC is doing a good job and unless we are 100% sure that we can snatch the responsibility from them and run it on our own without making a joke of our digitalselves, we should not proceed in the direction of a total ownership change. My own suggestion in this regard is to let PKNIC continue the operations but bring them under some regulation net. Let there be some customer service benchmarks set for them, pricing would be next and so would be the issue of physical presence of the DNS server inside (and their backups outside) Pakistan.

Network Admins of Pakistan will be discussing this topic among the technical ranks to arrive at some recommendations which will subsequently be presented to the people in Islamabad.

Dear PKNIC,

Can we have a telephone number we can call you when there is an urgent need to do so? Yesterday, a fellow ISP had a problem in their domain record that apparently occurred at PKNIC’s end. The NS glue records were changed. The site disappeared. The emails were not going through. It was a sorry sight to see him ask around everyone about a PKNIC support telephone number they might know about. Of course he was short on luck.

We all know PKNIC doesn’t believe in having a public number to serve its paying customers.

In this era of voice over IP, unified communications, Instant Messaging and cheap (for North American businesses) BPO services, it is hard to believe that one of the core digital era services of an entire country like Pakistan would not have anything besides an email address to serve thousands of customers who are charged a fee for the service.

I am not debating how small or big the PKNIC fee structure is. I know PKNIC serves government and military domains for free (by the way, showing respect for the powerful used to be a shame in the past). I know PKNIC tries to remain democratic in its process development. I know PKNIC pays a lot to its DNS hosting company. We’d ben on these issue before too.

I am just asking one question: Can we have a number to call PKNIC in times of distress?

Last we checked, for business outfits, customers used to be the king. Or did I miss the news about PKNIC changing its status to a charity during the recent past?

PKNIC has been a great service to Pakistan. It was there when not a lot of people knew how essential a service it is for Pakistan and its digital future. Please make a phone number available for your paying customers.

I promise I wont be calling just to say ‘hi’.

An Otherwise Satisfied PKNIC Customer

Cisco Systems Pakistan is holding a seminar focusing on the requirements for improving backbone security on May 3, 2007 at Karachi. The seminar will cover the following:

• Features and techniques available to help improve security by hardening the core network
• Security best practices, security recommendations, and router features to mitigate direct infrastructure attack
• Deployment of specific features and using them to improve backbone security.

Date: May 3, 2007
Venue: Diplomat IV Marriott Hotel, Karachi
Speaker: Yusuf Bhaiji CCIE #9305 (R&S and Security)

You can register by sending email to marketing contact Nabil Rana (nabrana@cisco.com.NOSPAM) and Areej Qureshi (arquresh@cisco.com.NOSPAM).

Strategy Page, without citing any of its sources, is saying that the Government of Pakistan is putting up more dollars for countering cyber-crimes - this time specifically for local use. From the article (see entire text here):

Internet based crime and terrorism activity became a growing problem in Pakistan, and the government realized that it needed a Cyber War capability that worked. Now the government has announced that it will spend several million dollars to equip and staff a proper operation to deal with Cyber Crime.

Dawn reported today that:

Mobile phone companies are reported to have earned billions of rupees within six hours soon after the cellphone virus rumour spread across the country last week. According to market sources, the mobile companies generated record revenue.

While the ’scam’ nature of the event might be true as we suspected earlier, the number is dumb. Even to make Rs 1 billion, 50 million users must spend Rs 20 on this scam each to reach the 1B mark. Anyone living in Pakistan with a cell phone knows that both these numbers are crazy.

Realistic numbers could be ‘a few million‘ - 5 million users spending Rs 5 on average on this scam (one call and two text messages).

The hoax took the nation by storm. And it actually became a social virus much to the delight of whoever must have released it in the first place. And true to the traditions of the ‘Jinn in London Mosque‘ and ‘Bomb Blast at Grumander’ news, this was aired on the TVs only to be later declared as a hoax in the slides.

We saw a number of interesting things happening out there. As if the constant calls from friends and knocks at the office room from colleagues was not enough, my doctor wife wore the most serious and somber of the faces I have seen on her in the past seven years when she asked me: ‘What will happen now?’ - taking the troublesome news item as a ground reality in the first place. And every tech savvy person in my circle had similar stories to tell about from their respective surroundings.

On the face of it, it seems a bad situation that we had the hoax getting so successful in the public. However, this very event once again proved the fact that the nation has truly gone cellular in the past few years with everyone - okay ‘almost’ everyone - having a piece of this convenience. We cannot blame the masses for the lack of technical acumen to separate a hoax from a real trouble - this is how the general public behaves the world over. The other silver lining very much visible was the voluntary squad of techies that stood up and fought the hoax in a distributed manner. This again is a sign of the youngsters getting a hang on the technology and its possibility brackets.

Since the majority of the hoax message talked about ‘an unknown or weird’ number being the culprit, I am tempted to ponder on the possibility of this being an attempt to curb illegal voice termination where it is given that the origination number would be hidden behind a dummy number which generally is also weird and distinct from regular numbers that we receive during the day. Of course, such an measure to counter illegal call termination would be silly for it will have a production cycle of days if not hours but it seems probable that for as long as the hoax caused the greatest panic, illegal calls were probably not terminated into Pakistan

Another thought that quickly hit after we saw the panic waves around the network was whether the industry has now reached a state of stability and harmony to do a structured search from the SMS records of the six cellular operators and make an attempt to track where the stuff started from in the first place. Even if we are too late, or the records are too many or the stuff originated out of Pakistan, an effort in this direction will sure teach us a thing or two. Internet is even more complex and multi-partied and yet virus and malware writers do get identified when efforts are put in. This would be more productive than the pacifying announcement by PTA on the same topic.

And finally, since a lot of friends were debating whether there is a possibility of this being crafted by the cellular operators in the first place for increased SMS traffic between their users, I can only confirm that this is a long established practice in the operators to ’seed’ interesting and most-likely-to-be-forwarded messages to small number of customers every now and then only to see a ripple effect of the messages moving around the network, brining in revenue.

PTA is telling us that their new initiative to curb cell phone crime will be active from 30th September 2006.

Chairman PTA said that the mobile operators have already been directed to install Equipment Identity Register (EIR) system which enables a stolen or snatched cell phone to be blocked through its International Mobile Equipment Identity (IMEI) which is a unique number of every cell phone in the world. The Chairman said that once this system starts functioning, the magnitude of this menace will be decreased significantly.

Given the extent of the problem, the media is also building high expectation of this announcement which needs some scrutiny. The effort relies on two concepts:

• That everyone will press *#06# and will record the unique IMEI number of his/her cell number and that he/she shall be able to retain it in a safe place and report it to the police when/if the phone gets stolen
• That everyone owning a cellular phone is comfortable in registering his/her cell phone loss with the local police
• That the IMEI is something that cannot be changed on the phone

International Mobile Equipment Identity or IMEI for short is supposed to be unique on each of the GSM phone in the world. However, as it turns out, IMEI can be forged. Given the expertise of the local cell phone market wizards, the EIR set up is going to be of little use.

An old entry of Setp 2004 of ITU Daily, an article titled ‘Crime Prevention for Mobile Networks’ makes interesting reading. While noting that SIM cards are hard to replicate (i.e. reproduced illegally) because of the advanced encryption algorithms employed in the formation of SIM, IMEIs can be re-programmed and forged easily.

When an attempt is made to connect a stolen phone to any network, the IMEI can be interrogated and, if the operator is connected to the CEIR, it will register as stolen and the handset barred from making or receiving any calls. However, a major weakness of this approach has been the fact that some IMEIs are are neither unique nor as secure as they could be.

BBC’s news archive of 2002 record comments from all top cellular companies (BT, Vodafone, Organe, Virgin Mobile etc) confirming that we should not bind high expectations from the EIR (or the CEIR as it is called elsewhere) set up. The BT-Cell rep says “New IMEIs can be programmed into stolen handsets and 10% of IMEIs are not unique.”

Because of the way the IMEI is stored on cell phones (permanent vs writable memory space), phones may or may not be reprogrammed to change their original IMEI. Bad news: Most of the models from Nokia (most popular brand in Pakistan) can be re-programmed.

Nokia phones that can be unlocked: 1100, 1101, 1110, 1600, 2100, 2300, 2600, 2650, 2652, 3100, 3120, 3200, 3220, 3210, 3230, 3300, 3310, 3330, 3410, 3510, 3510i, 3650, 3660, 5100, 5110, 5130, 5140, 5146, 5210, 5510, 6020, 6021, 6030, 6100, 6101, 6110, 6111, 6130, 6150, 6170, 6210, 6220, 6230, 6230i, 6250, 6260, 6310, 6310i, 6510, 6600, 6610, 6610i, 6650, 6670, 6800, 6810, 6820, 6822, 7110,  7200, 7210, 7250, 7250i, 7260, 7270, 7280 7600, 7610, 7650, 7700, 7710, 8210, 8310, 8800, 8810, 8850, 8890, 8910, 8910i, 9110, 9110i, 9210, 9210i, 9300, 9300i, 9500, and N-Gage, N-Gage QD

Someone please show PTA the worldwide marketplace of GSM Phones Programming and Reverse Engineering.

Pakistan’s Underground Hacking Convention - Pakcon 2006 - has issued Call For Papers with last date for CfP being 15
October, 2006.

What is Pakcon ? As per the announcement:

PAKCON III will be a 1-day event. There will be a single track with “normal” talks as well as “lightening” talks presented by renowned, skilled and knowledgeable computer and information security professionals from the world over.

The event will take place in December 2006 in Karachi.

Juniper Networks is organizing a full day (9:00 am to 4:00 pm) seminar titled ‘Juniper Secured and Assured Networking Seminar’ on 14th September 2006 at Karachi Sheraton Hotel. Registration can be done online here. Juniper is finding its share of the upswinging market in Pakistan where increased IT and Telecom spendings have even earned a dedicated Cisco Systems country office in Islamabad.

Readers might be interested to know that Juniper Networks secured deals with Ufone, Transworld Associates, and NTC recently for the provisioning of core routers. Juniper Networks is also reported to be looking to fill up a position of Systems Engineer to be stationed in Pakistan to enhance the support the company offers to its service provider customers.