bangladesh cyber security status in global perspective
DESCRIPTION
Bangladesh Cyber Security Status in Global Perspective presented in Digital World 2012TRANSCRIPT
dhakaCom
Bangladesh Cyber Security StatusGlobal Perspective
Mohammad Fakrul Alam
dhakaCom Limitedfakrul [at] dhakacom [dot] com
http://www.dhakacom.com
Bangladesh Cyber Security Status: Global PerspectivedhakaCom Page 2
Agenda
Global Cyber Security StatisticsBangladesh Cyber Security Incidents [few cases]Bangladesh Information Technology and Cyber
Security Status
Bangladesh Cyber Security Status: Global PerspectivedhakaCom Page 3
Cyber Attack Definitions
Cyber-warfare is the use of computers and the Internet in conducting warfare in cyberspace. Computer to computer attack that undermines the confidentiality, integrity or availability of a computer or information resident on it.
Bangladesh Cyber Security Status: Global PerspectivedhakaCom Page 4
Global Cyber Security Statistics
Bangladesh Cyber Security Status: Global PerspectivedhakaCom Page 5
Global Security Statistics
SPAM
52.7% 52.9% 38.7%
ANNUAL SPAM TOTALS
2009
[source : Trustwave Global Security Report 2012]
2010 2011
Bangladesh Cyber Security Status: Global PerspectivedhakaCom Page 6
Global Security Statistics
DDoS: Largest Bandwidth Attacks Reported
[source : Worldwide Infrastructure Security Report 2011, Volume VII, Arbor Networks, Inc]
Gbp
s
Bangladesh Cyber Security Status: Global PerspectivedhakaCom Page 7
Global Security Statistics
Application-Layer DDoS Attacks
[source : Worldwide Infrastructure Security Report 2011, Volume VII, Arbor Networks, Inc]
Application-Layer DDoS Attack Methodologies ..
HTTP GET and HTTP POST were the most common application-layer DDoS attack vectors, more sophisticated mechanisms such as Slowloris, LOIC, Apache Killer, SIP call-control floods, SlowPost and HOIC are increasingly prevalent.
Bangladesh Cyber Security Status: Global PerspectivedhakaCom Page 8
Global Security Statistics
Distribution of Attack Techniques
[source : http://hackmageddon.com/2012-cyber-attacks-statistics-master-index/]
Bangladesh Cyber Security Status: Global PerspectivedhakaCom Page 9
Social Media
Twitter / Facebook
Bangladesh Cyber Security Status: Global PerspectivedhakaCom Page 10
Bangladesh Cyber Security Incidents[few cases]
Bangladesh Cyber Security Status: Global PerspectivedhakaCom Page 11
Bangladesh Cyber Security Incidents
Data reported from 1st June, 2012 to 30th November, 2012
Data received from different sensors across the globe.
125580 individual incident , 23131 Unique IP
Bangladesh Cyber Security Status: Global PerspectivedhakaCom Page 12
Hacker Groups
Different hacker group emerge. Bangladesh Cyber Army & Bangladesh Black Hat Hackers
are most active one. Claims that they have collaboration with other underground
hacking group. Hacktivism takes center stage.
Bangladesh Cyber Security Status: Global PerspectivedhakaCom Page 13
Use of Social Media
Facebook, Twitter and other social media were used to organize the attack.
Bangladesh Cyber Security Status: Global PerspectivedhakaCom Page 14
Site Defacement
Site hacked by hacker group named Indishell. Government sites were targeted.
Bangladesh Cyber Security Status: Global PerspectivedhakaCom Page 15
Site Defacement
Site defacement using known techniques like SQL Injection, Metasploit and CMS vulnerability.
64 district web-portals inaugurated on 06 January 2010 while the hackers invaded 19 of them by 21 March/2010.
Bangladesh Cyber Security Status: Global PerspectivedhakaCom Page 16
DDoS Attack
DDoS attack on several financial institutions websites. Reported application layer (HTTP GET Flood) on online
newspaper portal. Attack stays for 72 hours with roughly 5 million packets per second.
Bangladesh Cyber Security Status: Global PerspectivedhakaCom Page 17
Phishing Attack
Bangladesh Cyber Security Status: Global PerspectivedhakaCom Page 18
Information Leakage
Information data leakage in PASTEBIN
Bangladesh Cyber Security Status: Global PerspectivedhakaCom Page 19
Bangladesh Information Technology and Cyber Security Status
Bangladesh Cyber Security Status: Global PerspectivedhakaCom Page 20
Digital Bangladesh
The government published it’s “Vision 2021” which targets the establishment of a resourceful and modern country by 2012 through effective use of information and communication technology called “Digital Bangladesh”.
e-Government framework. Bangladesh Government web portal (
http://www.bangladesh.gov.bd) provides information on the most popular citizen services by the Government of Bangladesh.
Bangladesh Cyber Security Status: Global PerspectivedhakaCom Page 21
Digital Bangladesh
Bangladesh Bank is introducing in stages services like e-banking, e-commerce, e-recruitment, e-tendering, mobile banking and automated clearing house service.
Online payment gateways are coming up and credit/debit cards are allowed for transaction.
Approximately 0.8 million mobile banking users. Within 2020 it will be around 50 million which will be 47% of
adult nationality.
Bangladesh Cyber Security Status: Global PerspectivedhakaCom Page 22
Related ACTs
Pornography Regulation Act, 2012 Information & Communication Technology Act, 2006 Bangladesh Telecommunication Regulation Act, 2001
Bangladesh Cyber Security Status: Global PerspectivedhakaCom Page 23
Legal Action
Some identified Cyber Crimes covered by ICT ACT 2006: - Hacking or unauthorized entry into information systems- Publishing or distribution of obscene content in electronic form- Tampering with electronic documents required to be kept under the law- Frauds using electronic documents- Violation of Copyright, Trademark or Patent design- Holdings out threats through e-mail
5 years imprisonment and a fine of up to $0.6 million for offenders for the first conviction.
Could be extended to 10 years imprisonment and $1.2 million as fine for each subsequent offence of the same nature.
Bangladesh Cyber Security Status: Global PerspectivedhakaCom Page 24
Findings
Sites running on CMS are not fully patched and inherently carrying bugs which is quite easy for the hacker to penetrate.
Tools are available in the internet. Lack of proactive monitoring and enforcement of standards. Lack of awareness and most of the incidents were unpublished,
unregistered and un-investigated. There is no defined cyber security strategy in place to manage and
mitigate cyber security incidents in case of a coordinated cyber attack on the Critical National Information Infrastructure (CNII).
There is no comprehensive cyber security law enacted or adopted yet. ICT related crimes are usually treated under the existing penal code.
Very few locally produced cyber security experts.
Bangladesh Cyber Security Status: Global PerspectivedhakaCom Page 25
“To expect the world to treat you fairly,
because you’re a good person, is somewhat like asking a bull not to
attack you, because you’re a
vegetarian!”
- Quote from the Reader’s Digest