Bangladesh Cyber Security Status in Global Perspective

dhakaCom

Bangladesh Cyber Security StatusGlobal Perspective

Mohammad Fakrul Alam

dhakaCom Limitedfakrul [at] dhakacom [dot] com

http://www.dhakacom.com

Bangladesh Cyber Security Status: Global PerspectivedhakaCom

Agenda

Global Cyber Security StatisticsBangladesh Cyber Security Incidents [few cases]Bangladesh Information Technology and Cyber

Security Status


Cyber Attack Definitions

Cyber-warfare is the use of computers and the Internet in conducting warfare in cyberspace. Computer to computer attack that undermines the confidentiality, integrity or availability of a computer or information resident on it.


Global Cyber Security Statistics

http://www.ppt-vorlagen.de/


Global Security Statistics

SPAM

52.7% 52.9% 38.7%

ANNUAL SPAM TOTALS

2009

[source : Trustwave Global Security Report 2012]

2010 2011



DDoS: Largest Bandwidth Attacks Reported

[source : Worldwide Infrastructure Security Report 2011, Volume VII, Arbor Networks, Inc]

Gbp

s



Application-Layer DDoS Attacks

[source : Worldwide Infrastructure Security Report 2011, Volume VII, Arbor Networks, Inc]

Application-Layer DDoS Attack Methodologies ..

HTTP GET and HTTP POST were the most common application-layer DDoS attack vectors, more sophisticated mechanisms such as Slowloris, LOIC, Apache Killer, SIP call-control floods, SlowPost and HOIC are increasingly prevalent.



Distribution of Attack Techniques

[source : http://hackmageddon.com/2012-cyber-attacks-statistics-master-index/]


Social Media

Twitter / Facebook


Bangladesh Cyber Security Incidents[few cases]



Bangladesh Cyber Security Incidents

Data reported from 1st June, 2012 to 30th November, 2012

Data received from different sensors across the globe.

125580 individual incident , 23131 Unique IP


Hacker Groups

Different hacker group emerge. Bangladesh Cyber Army & Bangladesh Black Hat Hackers

are most active one. Claims that they have collaboration with other underground

hacking group. Hacktivism takes center stage.


Use of Social Media

Facebook, Twitter and other social media were used to organize the attack.


Site Defacement

Site hacked by hacker group named Indishell. Government sites were targeted.


Site Defacement

Site defacement using known techniques like SQL Injection, Metasploit and CMS vulnerability.

64 district web-portals inaugurated on 06 January 2010 while the hackers invaded 19 of them by 21 March/2010.


DDoS Attack

DDoS attack on several financial institutions websites. Reported application layer (HTTP GET Flood) on online

newspaper portal. Attack stays for 72 hours with roughly 5 million packets per second.


Phishing Attack


Information Leakage

Information data leakage in PASTEBIN


Bangladesh Information Technology and Cyber Security Status



Digital Bangladesh

The government published it’s “Vision 2021” which targets the establishment of a resourceful and modern country by 2012 through effective use of information and communication technology called “Digital Bangladesh”.

e-Government framework. Bangladesh Government web portal (

http://www.bangladesh.gov.bd) provides information on the most popular citizen services by the Government of Bangladesh.

http://www.bangladesh.gov.bd/


Digital Bangladesh

Bangladesh Bank is introducing in stages services like e-banking, e-commerce, e-recruitment, e-tendering, mobile banking and automated clearing house service.

Online payment gateways are coming up and credit/debit cards are allowed for transaction.

Approximately 0.8 million mobile banking users. Within 2020 it will be around 50 million which will be 47% of

adult nationality.


Related ACTs

Pornography Regulation Act, 2012 Information & Communication Technology Act, 2006 Bangladesh Telecommunication Regulation Act, 2001


Legal Action

Some identified Cyber Crimes covered by ICT ACT 2006: - Hacking or unauthorized entry into information systems- Publishing or distribution of obscene content in electronic form- Tampering with electronic documents required to be kept under the law- Frauds using electronic documents- Violation of Copyright, Trademark or Patent design- Holdings out threats through e-mail

5 years imprisonment and a fine of up to $0.6 million for offenders for the first conviction.

Could be extended to 10 years imprisonment and $1.2 million as fine for each subsequent offence of the same nature.


Findings

Sites running on CMS are not fully patched and inherently carrying bugs which is quite easy for the hacker to penetrate.

Tools are available in the internet. Lack of proactive monitoring and enforcement of standards. Lack of awareness and most of the incidents were unpublished,

unregistered and un-investigated. There is no defined cyber security strategy in place to manage and

mitigate cyber security incidents in case of a coordinated cyber attack on the Critical National Information Infrastructure (CNII).

There is no comprehensive cyber security law enacted or adopted yet. ICT related crimes are usually treated under the existing penal code.

Very few locally produced cyber security experts.


“To expect the world to treat you fairly,

because you’re a good person, is somewhat like asking a bull not to

attack you, because you’re a

vegetarian!”

- Quote from the Reader’s Digest


Bangladesh Cyber Security Status in Global Perspective

Technology

Transcript of Bangladesh Cyber Security Status in Global Perspective