Fighting Cybercrime As The World Goes Digital

Uploaded on 2016-01-18 in NEWS-Cybersecurity News, GOVERNMENT-Law Enforcement, FREE TO VIEW

 What we can and should be done  to contain the explosion of cybercrime?

In mid-2008, Israel grew impatient as it still often does over its neighbours. This time it was about the nuclear facility of Natanz in Iran, one that Iran claimed would be used for civilian purposes only. Israel sought help from the US to bomb the Natanz facility by allowing it to use the Iraqi airspace controlled by the US military. Israel also wanted to use the same radio code used by the US military there so that the US Patriot missile defence system would not fire F-16 birds down. But the Bush administration, specially the Secretary of Defence Robert Gates and Admiral Mike Mullen didn't want to open a third war front besides Afghanistan and Iraq where the USA had already been mired knee-deep.

By the end of the year, American cyber experts crafted some lines of a computer programme - Stuxnet, technically called a worm - that would do what the Israeli fighters wanted to do - destroy Natanz. But Iran kept Natanz disconnected from the internet, fearing that just such computer virus or worms might be used against it. So the worm programme could not be injected to Natanz computers directly through the internet. CIA and Mossad came up with names of four Iranian organisations that were secretly working with Natanz. First, those companies were infected with Stuxnet. Apparently, employees of the companies, while working at Natanz, unknowingly transferred the worm to some Natanz computers through their pen-drives and disks. Once inside, Stuxnet propagated to other computers of Natanz looking for a Siemens software that controlled the made-in-Iran Fararo motors spinning at the bottom of each centrifuge. The worm altered the German code of Siemens. The controller programme was now 'talking in Hebrew' to the Iranian motors to spin erratically, leaving hundreds of centrifuges broken.

While America and Israel were toasting in celebration, Stuxnet continued to reproduce itself and from Iran it spread across thousands of networks around the world searching for that Siemens programme. Hackers and other cyber warriors, including those of Iran, captured copies of the worm and went through its lines of code. To the shock of the US, they found out that with a little tweak, they could make Stuxnet look for a GE programme running a GE (General Electric) motor running a power plant in the USA, or any programme controlling a gas turbine, or a chemical refinery. Now, a US space station can be destroyed, US railways and airlines can be collapsed, the US defence can be breached and even the global financial market can be shattered by using the very programme America developed!

This is a real-world example of what may happen to a country or the world if cybercrime, cyber war and a lack of awareness of the two continue.

Last year in September, about a hundred of the moon-walking celebrities of the Hollywood came down flat on earth to see their private photos - photos they kept secret in the iCloud or sent to the boyfriends through email or mms - spread over the internet. Police investigation found out that their iCloud accounts were broken in, their emails got out and, in some cases, their cell phones and laptops were hacked in to take photos of the celebrities without their notice! One hacker just googled to answer a celebrity-email-account's secret question, "Who was your first lover?" Being a celebrity has its downsides. Everyone knows everything about you! Consider yourself lucky for not being a celebrity? But maybe, you have an obsessive-compulsive desire for 'trust'-ing every device your iPhone connects to or keeping Sync or Photostream function 'Always On'! Well, this may bring you celebrity ill-luck.

Now consider yourself an average person. Do you use a mobile phone? Yes! Then there is a 63 per cent chance that you would be a victim of cybercrime. Are you on facebook, twitter or other social networking sites? It's a 63 per cent chance again. You like to access free and public WiFi zones! Congratulations! Your chance is 68 per cent! And if you come from an emerging market, you have another 68 per cent chance of being a victim of cybercrime. And if you answer Yes to all these four questions, as most of the readers of this column would, you should do your math. Quickly and seriously.

So, here cybercrime is. One of these days you may find your bank balance dive. You may find your email account hacked, your mobile camera being used to spy on you, your laptop sending your passwords and whatever you type to somebody you never met and never will! And add to that somebody looking into what you search in Google and what websites you browse or some government agency (or worse, hackers) listening in to your Skype-calls. So far, as an individual, you had some right to privacy. Not anymore.

Crossing that boundary line of the rights of an individual might not bother many states and governments in today's world. But what's about the security of the state itself, of the government that run it, and of the people that make it? Until now, we considered this to be the rich men's disease - problems that only the developed countries used to face. But with the rapid digitalisation of the systems and infrastructures of the country, it is time we looked for better answers. Over eighteen thousand government offices across the country are coming under the internet this year. Mobile and internet banking is set to take a giant digital leap off the fingertip. Many of the control systems are becoming digital. In Bangladesh, we have already seen cybercrime surfacing as thousands of Facebook profiles get faked or become victims to phishing and confidential company data get hacked.

We have seen credit and debit card passwords stolen by criminals, DDoS attacks on important websites and so on. We could even detect and analyse an idle server of a big company in Dhaka which was used as part of a botnet attack in the famous Sony hacking case a few months ago. During the year 2013, in the Criminal Investigation Department of Bangladesh Police, there were only two cases for which expert computer forensic opinion was sought. In 2014, the number was in the 60s. For 2015, it has already crossed 200, in about eleven months! Cyber cases for which expert opinion was not sought of and the number of crimes not even reported to the police would range in the thousands.

According to the Kaspersky IT Threat Evolution Report published this November, Bangladesh topped the list of the countries with the highest levels of computer infection and was placed fourth among the countries most attacked by mobile malware. You can guess how big a crime it is going to be in near future. In South Korea, every year about ninety thousand people are arrested for cybercrime. Cybercrime also has become one of the top five crimes there. USA lost USD 34 bn last year on cybercrime. China lost 31 bn, India 4.0 bn. India's economy is 10 times bigger than ours. So, what if next year we lose one-tenth of what India lost last year? A mere US$400 million?
 
It brings us to the question of what we can and should do to contain this explosion of cybercrime. Let's discuss how some other countries are faring in this regard. It is accepted that America, China and Russia are the three cyber superpowers in today's world. If any of them want to destroy your digital landscape now, there's not much to do whichever country you may be. The UK, Germany, France, Israel, Iran, South and North Koreas also have good capabilities when it comes to attacking another country's digital infrastructure. But how vulnerable a country is to cyber-attacks depends also on how much digital infrastructure a country has. For example, each of South and North Korea has similar capabilities to launch a cyber attack on the other. But while South Korea, being the most digitalised country in the world, is prone to huge damages in such cyber attacks while North Korea having one of the least digital infrastructure in the world actually has nothing to lose in a cyber attack! Again, in China Internet is strongly controlled by the government. Whenever a foreign adversary launches a cyber attack on the Chinese infrastructure from outside, China may easily cut-off its cybersphere from the outside world and foil the attack.

But in the USA, the fact that the Internet is controlled by a number of non-government organisations and that American economy is so much intertwined with the global economy, it might be difficult and time-consuming and even impossible for the US government to cut itself off from the rest of the world. That gives China a huge advantage in a cyber war with the USA, hypothetically.

Beyond the wars, in Bangladesh, there are cybercrimes that we need to be ready to fight and control. As real Internet banking gets pace, online fraud, phishing and bank account hacking are bound to soar. As the national data centres get off the ground, our road, rail, metro networks (and maybe, one day, subways) become computerised, power plants and gas distribution facilities and supply chain of food and essentials get fully automated, millions of computers and mobile devices in the private and public sectors join the internet and the average village woman begins to receive the cash sent by her son living abroad with the help of a tiny password, the challenges will grow along the opportunities.

Our young minds at the universities must be funded for research on cyber security, our IT professionals have to be made more and more skilled, the law-enforcement agencies must be trained and equipped with the logistics necessary. As the Chinese and Russian 'hackers' continue to humiliate USA every day and night, countries around the world have learned from the mistake America made honing its cyber-attack capabilities before firewalling its own networks.

Our National ICT Policy has been finalised in August 2015. A comprehensive National Cyber Security Policy is also underway. Now we must invest heavily in computer and network security and enhance people's awareness of these new risks and challenges. How well we fare in this challenge will largely define how secure we will be when we become a truly developed Digital Bangladesh.

Ein Newshttp://bit.ly/1kEJ1kV

« Yahoo Will Notify Users of 'state-sponsored' Hacks
North Korea's 'Paranoid' Computer Operating System »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Infosecurity Europe, 3-5 June 2025, ExCel London

Infosecurity Europe, 3-5 June 2025, ExCel London

This year, Infosecurity Europe marks 30 years of bringing the global cybersecurity community together to further our joint mission of Building a Safer Cyber World.

ACIS Professional Center

ACIS Professional Center

ACIS provides training and consulting services in the area of information technology, cybersecurity, IT Governance, IT Service management, information security and business continuity management.

CDW

CDW

CDW is a leading multi-brand provider of information technology solutions to business, government, education and healthcare customers in the United States, the United Kingdom and Canada.

Voyager Networks

Voyager Networks

Voyager Networks is an IT solutions business with a focus on Enterprise Networks, Security and Collaborative Communications.

Chainalysis

Chainalysis

Chainalysis provides blockchain analysis software to prevent, detect and investigate cryptocurrency money laundering, fraud and compliance violations.

Information & eGovernment Authority (iGA) - Bahrain

Information & eGovernment Authority (iGA) - Bahrain

The Information & eGovernment Authority facilitates many services catering to different parts of the community within the IT sector in Bahrain including information security.

PBOSecure

PBOSecure

PBOSecure is a dynamic and progressive IT consultancy company specializing in IT and Industrial Control System (ICS) security.

Kymatio

Kymatio

Kymatio are pioneers in Artificial Intelligence applied to adaptive staff strengthening, cultural change and predictive internal risk analysis.

OurCrowd

OurCrowd

OurCrowd is a leading equity crowdfunding platform for investing in global startups.

AlJammaz Technologies

AlJammaz Technologies

AlJammaz Technologies is the leading Technology Value-Added Distributor, which distributes advanced technology products, solutions and services in area including networking and cybersecurity.

Telstra

Telstra

Telstra is one of the world's leading telecommunications and technology companies, offering a wider range of services from networks and cloud solutions to mobility and enterprise collaboration tools.

EasyDMARC

EasyDMARC

EasyDMARC deliver the most comprehensive product for anyone who strives to build the most secure possible defence system for their email ecosystem.

risk3sixty

risk3sixty

Risk3sixty are information and cyber risk management craftsmen helping build business-first security and compliance programs.

Parablu

Parablu

Parablu is a leading provider of data security and resiliency solutions for the digital enterprise.

Intertec Systems

Intertec Systems

Intertec Systems is an award-winning, global IT solutions and services provider that specializes in digital transformation, cybersecurity, sustainability, and cloud services.

DART Consulting & Training

DART Consulting & Training

DART is a leading cyber training and consultancy company. We enhance our clients’ cyber capabilities by growing and strengthening their frontline defense – the cyber teams.

Cyderes

Cyderes

Cyderes (Cyber Defense and Response) is a global, pure-play, full life-cycle cyber security services provider formed from the merger of Herjavec Group and Fishtech Group in 2022.

Nova Microsystems

Nova Microsystems

Nova's mission is to revolutionize cybersecurity through continuous data analysis and dynamic AI-driven encryption.

Axiotrop

Axiotrop

AXIOTROP is a Cybersecurity firm offering leading services in assessment, remediation, and validation to protect the confidentiality, integrity, and availability of regulated information.