Fighting Cybercrime As The World Goes Digital

 What we can and should be done  to contain the explosion of cybercrime?

In mid-2008, Israel grew impatient as it still often does over its neighbours. This time it was about the nuclear facility of Natanz in Iran, one that Iran claimed would be used for civilian purposes only. Israel sought help from the US to bomb the Natanz facility by allowing it to use the Iraqi airspace controlled by the US military. Israel also wanted to use the same radio code used by the US military there so that the US Patriot missile defence system would not fire F-16 birds down. But the Bush administration, specially the Secretary of Defence Robert Gates and Admiral Mike Mullen didn't want to open a third war front besides Afghanistan and Iraq where the USA had already been mired knee-deep.

By the end of the year, American cyber experts crafted some lines of a computer programme - Stuxnet, technically called a worm - that would do what the Israeli fighters wanted to do - destroy Natanz. But Iran kept Natanz disconnected from the internet, fearing that just such computer virus or worms might be used against it. So the worm programme could not be injected to Natanz computers directly through the internet. CIA and Mossad came up with names of four Iranian organisations that were secretly working with Natanz. First, those companies were infected with Stuxnet. Apparently, employees of the companies, while working at Natanz, unknowingly transferred the worm to some Natanz computers through their pen-drives and disks. Once inside, Stuxnet propagated to other computers of Natanz looking for a Siemens software that controlled the made-in-Iran Fararo motors spinning at the bottom of each centrifuge. The worm altered the German code of Siemens. The controller programme was now 'talking in Hebrew' to the Iranian motors to spin erratically, leaving hundreds of centrifuges broken.

While America and Israel were toasting in celebration, Stuxnet continued to reproduce itself and from Iran it spread across thousands of networks around the world searching for that Siemens programme. Hackers and other cyber warriors, including those of Iran, captured copies of the worm and went through its lines of code. To the shock of the US, they found out that with a little tweak, they could make Stuxnet look for a GE programme running a GE (General Electric) motor running a power plant in the USA, or any programme controlling a gas turbine, or a chemical refinery. Now, a US space station can be destroyed, US railways and airlines can be collapsed, the US defence can be breached and even the global financial market can be shattered by using the very programme America developed!

This is a real-world example of what may happen to a country or the world if cybercrime, cyber war and a lack of awareness of the two continue.

Last year in September, about a hundred of the moon-walking celebrities of the Hollywood came down flat on earth to see their private photos - photos they kept secret in the iCloud or sent to the boyfriends through email or mms - spread over the internet. Police investigation found out that their iCloud accounts were broken in, their emails got out and, in some cases, their cell phones and laptops were hacked in to take photos of the celebrities without their notice! One hacker just googled to answer a celebrity-email-account's secret question, "Who was your first lover?" Being a celebrity has its downsides. Everyone knows everything about you! Consider yourself lucky for not being a celebrity? But maybe, you have an obsessive-compulsive desire for 'trust'-ing every device your iPhone connects to or keeping Sync or Photostream function 'Always On'! Well, this may bring you celebrity ill-luck.

Now consider yourself an average person. Do you use a mobile phone? Yes! Then there is a 63 per cent chance that you would be a victim of cybercrime. Are you on facebook, twitter or other social networking sites? It's a 63 per cent chance again. You like to access free and public WiFi zones! Congratulations! Your chance is 68 per cent! And if you come from an emerging market, you have another 68 per cent chance of being a victim of cybercrime. And if you answer Yes to all these four questions, as most of the readers of this column would, you should do your math. Quickly and seriously.

So, here cybercrime is. One of these days you may find your bank balance dive. You may find your email account hacked, your mobile camera being used to spy on you, your laptop sending your passwords and whatever you type to somebody you never met and never will! And add to that somebody looking into what you search in Google and what websites you browse or some government agency (or worse, hackers) listening in to your Skype-calls. So far, as an individual, you had some right to privacy. Not anymore.

Crossing that boundary line of the rights of an individual might not bother many states and governments in today's world. But what's about the security of the state itself, of the government that run it, and of the people that make it? Until now, we considered this to be the rich men's disease - problems that only the developed countries used to face. But with the rapid digitalisation of the systems and infrastructures of the country, it is time we looked for better answers. Over eighteen thousand government offices across the country are coming under the internet this year. Mobile and internet banking is set to take a giant digital leap off the fingertip. Many of the control systems are becoming digital. In Bangladesh, we have already seen cybercrime surfacing as thousands of Facebook profiles get faked or become victims to phishing and confidential company data get hacked.

We have seen credit and debit card passwords stolen by criminals, DDoS attacks on important websites and so on. We could even detect and analyse an idle server of a big company in Dhaka which was used as part of a botnet attack in the famous Sony hacking case a few months ago. During the year 2013, in the Criminal Investigation Department of Bangladesh Police, there were only two cases for which expert computer forensic opinion was sought. In 2014, the number was in the 60s. For 2015, it has already crossed 200, in about eleven months! Cyber cases for which expert opinion was not sought of and the number of crimes not even reported to the police would range in the thousands.

According to the Kaspersky IT Threat Evolution Report published this November, Bangladesh topped the list of the countries with the highest levels of computer infection and was placed fourth among the countries most attacked by mobile malware. You can guess how big a crime it is going to be in near future. In South Korea, every year about ninety thousand people are arrested for cybercrime. Cybercrime also has become one of the top five crimes there. USA lost USD 34 bn last year on cybercrime. China lost 31 bn, India 4.0 bn. India's economy is 10 times bigger than ours. So, what if next year we lose one-tenth of what India lost last year? A mere US$400 million?
 
It brings us to the question of what we can and should do to contain this explosion of cybercrime. Let's discuss how some other countries are faring in this regard. It is accepted that America, China and Russia are the three cyber superpowers in today's world. If any of them want to destroy your digital landscape now, there's not much to do whichever country you may be. The UK, Germany, France, Israel, Iran, South and North Koreas also have good capabilities when it comes to attacking another country's digital infrastructure. But how vulnerable a country is to cyber-attacks depends also on how much digital infrastructure a country has. For example, each of South and North Korea has similar capabilities to launch a cyber attack on the other. But while South Korea, being the most digitalised country in the world, is prone to huge damages in such cyber attacks while North Korea having one of the least digital infrastructure in the world actually has nothing to lose in a cyber attack! Again, in China Internet is strongly controlled by the government. Whenever a foreign adversary launches a cyber attack on the Chinese infrastructure from outside, China may easily cut-off its cybersphere from the outside world and foil the attack.

But in the USA, the fact that the Internet is controlled by a number of non-government organisations and that American economy is so much intertwined with the global economy, it might be difficult and time-consuming and even impossible for the US government to cut itself off from the rest of the world. That gives China a huge advantage in a cyber war with the USA, hypothetically.

Beyond the wars, in Bangladesh, there are cybercrimes that we need to be ready to fight and control. As real Internet banking gets pace, online fraud, phishing and bank account hacking are bound to soar. As the national data centres get off the ground, our road, rail, metro networks (and maybe, one day, subways) become computerised, power plants and gas distribution facilities and supply chain of food and essentials get fully automated, millions of computers and mobile devices in the private and public sectors join the internet and the average village woman begins to receive the cash sent by her son living abroad with the help of a tiny password, the challenges will grow along the opportunities.

Our young minds at the universities must be funded for research on cyber security, our IT professionals have to be made more and more skilled, the law-enforcement agencies must be trained and equipped with the logistics necessary. As the Chinese and Russian 'hackers' continue to humiliate USA every day and night, countries around the world have learned from the mistake America made honing its cyber-attack capabilities before firewalling its own networks.

Our National ICT Policy has been finalised in August 2015. A comprehensive National Cyber Security Policy is also underway. Now we must invest heavily in computer and network security and enhance people's awareness of these new risks and challenges. How well we fare in this challenge will largely define how secure we will be when we become a truly developed Digital Bangladesh.

Ein Newshttp://bit.ly/1kEJ1kV

« Yahoo Will Notify Users of 'state-sponsored' Hacks
North Korea's 'Paranoid' Computer Operating System »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Bastille

Bastille

Bastille’s patented software and security sensors bring visibility to devices emitting radio signals (Wi-Fi, cellular, IoT) in your organization.

GE Digital

GE Digital

GE Digital is a leading software company for the Industrial Internet. Products include Industrial Cyber Security for Operational Technology (OT).

Trusted Knight

Trusted Knight

Trusted Knight is a leading provider of security software solutions focused on defeating newly developed malware and crimeware trojans.

Secudos

Secudos

SECUDOS is an innovative appliance technology and services provider focused on IT security and compliance.

GOVCERT.lu

GOVCERT.lu

GOVCERT.lu is responsible for the treatment of all computer related incidents jeopardising the information systems of the government and defined critical infrastructure operators in Luxembourg.

Portuguese Institute for Accreditation (IPAC)

Portuguese Institute for Accreditation (IPAC)

IPAC is the national accreditation body for Portugal. The directory of members provides details of organisations offering certification services for ISO 27001.

Alpine Security

Alpine Security

Alpine Security provides penetration testing, security assessments and cybersecurity training services.

Simply Hired

Simply Hired

Simply Hired is a job search engine that collects job listings from all over the web, including company career pages, job boards and niche job websites.

Australian Cyber Collaboration Centre (Aus3C)

Australian Cyber Collaboration Centre (Aus3C)

The Australian Cyber Collaboration Centre (Aus3C) is committed to building cyber capacity and securing Australia's digital landscape.

Voodoo Security

Voodoo Security

Voodoo Security is a specialized information security consulting firm focused on security assessments, risk and compliance analysis, and cloud security.

Tetra Tech

Tetra Tech

Tetra Tech is a cybersecurity leader with extensive experience in supporting enterprise-wide programs and systems across multiple business lines from industrial control systems to health IT.

Toka Group

Toka Group

Toka empowers government agencies with critical and previously out-of-reach digital forensics, force protection and Intelligence capabilities, tackling the fields' most pressing challenges.

Centre for Cyber Security Research & Innovation

Centre for Cyber Security Research & Innovation

The Centre for Cyber Security Research & Innovation is Nepal's First Academic Research Institute to focus on understanding the overall Information Security of Nepalese Organizations.

VENZA

VENZA

VENZA is a data protection company that can help organisations mitigate their vulnerabilities and ensure compliance, keeping guests and their data safe from breaches.

ConductorOne

ConductorOne

ConductorOne is building the identity security platform for the modern workforce.

StealthMole

StealthMole

StealthMole is a deep and dark web threat intelligence company that delivers a cloud-based, unified platform for digital investigation, risk assessment, and threat monitoring.