Islamabad, September 22, 2021: Pakistani Federal Ministers for Interior and Information presented forensic evidences accusing India of using cyber terrorism to sabotage Pakistan-New Zealand cricket series.
Flanked on his right by Interior Minister Sheikh Rashid, Information Minister Fawad Chaudhry presented digital forensic evidence at a press conference in Islamabad on Wednesday.
The Pakistani Information Minister showed a few emails sent to New Zealand cricketers and their families which had internet protocol (IP) addresses tracked to India.
Following are the details presented in chronological order:
1. 19 Aug 2021 (Fake Facebook Post): A Facebook post was circulated from fabricated account made in name of Ehsan Ullah Ehsan (ex TTP/ JuA) on social media asking NZ Cricket Board/ government not to send the team to Pakistan, as ISKP has planned to target the NZ team – post not found on FB.
2. 21 Aug 21. Abhinandan Mishra, Bureau Chief of “Sunday Guardian” – (Indian newspaper) published an article “New Zealand Cricket Team may face terrorist attack in Pakistan” based on Ehsan Ullah Ehsan’s fake post. Mishra was also found in contact with Amrullah Saleh, ex Afghan Vice President, prior to publication of said article.
Comment. Projection of threat by publication of an article by the Bureau Chief of a reputed Indian paper based on a fake social media post suggests an orchestrated campaign to scuttle the tour.
3. 24 Aug 21. Martin Guptill’s wife received threat email from ID: firstname.lastname@example.org, threatening to kill Martin Guptill while on tour. Exploitation revealed following:-
a. Subject email ID is not associated with any SMN.
b. Email account generated at 01:05 am, 24 Aug 21 and email sent at 11:59 am, 24 Aug 21 (same day).
c. Purposefully created to generate threat email only; as no other activity is found.
d. Proton mail is a secure service; we have requested Interpol to assist for further probe.
4. Despite all this, NZ Cricket team’s tour was not cancelled.
5. 11 & 12 Sep 21. NZ Cricket Team arrived Pakistan at 2 PM in a chartered flight; remaining T-20 team members reached on 12 Sep 21.
6. Practice Sessions. A detailed program was issued and followed by both teams till cancellation of tour. Both (Pak & NZ) teams carried out practice sessions on 13 & 14 September (4:30 pm to 7:30 pm) at Rawalpindi Cricket Stadium; no threat alert reported. Both teams again carried out practice (4:30 PM to 7:30 PM) on 16 September 21.
7. On 17 September 21, NZ team/ government expressed concern over reported credible threat and cancelled the tour unilaterally without sharing the details of the said threat.
8. 18 Sep 2021. Interpol Wellington intimated Interpol Islamabad about receipt of a threat email to NZ Police from email@example.com at 06:25 am (NZ time), requesting further probe. Exploitation revealed following:-
a. NZ police received threat email at 06:25 am on 18 Sep 21, according to PST 23:25 (11:25 pm on 17 Sep 2021).
b. Email firstname.lastname@example.org was generated at 18:10, 17 Sep 21 (UTC); 2310 hrs/ 11:10 PM (PST).
c. Email sent 15 minutes after ID was created; generated for specific purpose.
d. Email was sent from an associated device in India using VPN showing IP address/ location of Singapore.
e. The device RMX 1971 (Realme) used 13 x email IDs; except Hamza Afridi all other 12 x email IDs have Indian/ Hindi names. Apparently, Hamza Afridi is purposefully used to malign Pakistan; hints involvement of Indian agencies.
f. Subject mobile phone was launched in August 2019 in India; Reliance Jio mobile SIM was registered on this mobile phone on 25 September 2019 indicating single user.
g. Social media co-relation/ exploitation revealed that possible user of this email ID is an Indian Omparkash Mishra from Mumbai, Maharashtra.
9. Timing and text of the threat email suggest that this threat was not the reason for cancellation of the tour but was issued just after the cancellation to malign Pakistan and substantiate the security concerns of NZ/ other touring countries.
10. Abhinandan Mishra wrote another column on 18 Sep 21 titled “Threat of Kabul Airport-like attack led NZ to cancel Pak tour”.
11. Involvement of Indian media/ journalist and Intelligence Agencies in a systematic campaign to malign Pakistan based on concocted/ orchestrated social media campaign indicate malafide intent.
12. Follow up Actions. FIA to contact Interpol/ Proton mail for provision of detail about email@example.com (as we are sure that same agencies are behind this email ID which have sent the threat mail form Hamza Afridi account):-
a. We are in contact with Interpol to provide further details of email IDs.
b. We also request other cricket teams to share security related concerns, if any.
13. Indian Disinformation campaign based on false threat alert led to unilateral cancelation of tour by New Zealand. This is a very serious trend and ICC must take notice of these nefarious/ malicious acts of Indian nationals; otherwise it will adversely impact the “Gentleman’s Game” for many years to come.
A similar threat has been sent to West Indies cricket board from another concocted email ID firstname.lastname@example.org. Pakistani authorities are in the process of investigating.
However, it is interesting to note that nobody in knowledge of Urdu can spell “ehsan” as “ehshan”. This spelling mistake in the ID reflect concocted involvement of HIAs.