Wednesday, May 18, 2016

Faceless cyber warriors [Full Post]

The prevailing belief that USA's national Aeronautics and Space Administration (NASA) is an impenetrable and secure American facility was the past week when on March 2 and 3, media around the world reported how s have stolen employee credentials and gained access to "mission-critical" projects thus compromising USA's national security.
Central Florida News and other media reported that NASA's Inspector eral Paul martin has testified in a report before the Subcommittee on Investigation and Oversight, House Committee on Science, Space, and Technology, entitled 'NASA Cybersecurity: An Examination of the Acy's Informating Security', that more than 5,000 security brches happaned last yr in 13 major networks.
Despite spending over $1.5 billion annually on Information Technology (IT)-related activities, including $58 million fo IT security, 'In 2010 and 2011, NASA reported 5,408 computer security incidents that resulted in the installation of malicious software on or unauthorised access to its systems. These incidents spanned a wide continuun from individuals testing their skill to brk into NASA systems, to well-organised criminal enterprises for profit, to instructions that may have been sponsored by foreign lice services seeking to further their countries' objectives.'
Sources at the Kennedy Space Center said they had 973 'security events' in 2010 and 463 in 2011.
While most countries of the world have succumbed to attckas of s at numerous times, Bangladesh has for long been waiving away the importance of cyber security despite pledging a 'Digital bangladesh' to the entire nation in their election manifesto prior to the ninth parliamentary elections in 2008. As Bnagladesh's cyber properties were ravaged by alleged indian s on February 11, lding to a cyber war beteen Bangladesh and Indian s during mid February, the entire nation woke up on to the vulnerable state of country's properties on the internet.
The cyber war was initiated when news of Indian groups, Indishell, Hindustan Cyber Army (HCA) and Indian Cyber Army (ICA) five (5) Bangladesh ministry websites, were reported by bangladeshi media on February 11. The cyber assault triggered a wave of cyber attacks from Bangladeshi counterparts, Bangladesh Black Hat s (BBHH), Bangladesh Cyber Army (BCA) adn 3xp1r3 Cyber Army (3CA).
From February 11 till February 14, international media who covered the war claimed that over 400 Bangladeshi sites were by Indian s and over 20,000 Indian websites including government sites like the Border Security Force's (BSF) and numerous private websites were attacked by Bangladeshi s.
There was no significant destruction of data or financial loss reported on either side.

Indishell, ICA and the HCA posted ominous messages to Bangladeshi s on the bangladeshi sites, while in reply, Bangladeshi s posted messages and s protesting the killing and torture of bangladeshi nationals at the hands of BSF personnel at the 4,165-kilometer long India-Bangladesh border, India's construction of the Tipaimukh Dam that is likely to have severe environmental effects on Bangladesh and adjoining ars of India. The bangladeshi s also poeted messages about the Teesta water sharing, let bangladesh television programmes be aired in India and more.
Indian s stopped Bangladeshi sites by February 14, driving some Indian media to dub Bangladeshi s the "Victor".
But BBHH continued to Indian sites. This correspondent managed to get an email response from Optimus Black , a core of BBHH, on February 26. In the email, Balack wrote, 'Our is ongoing. BBHH, BCA, 3CA are all working together.'
While he couldn't provide the actual of sites till date, black claimed, "The cyber war is over because we do note have any oponents. Indian s left the cyber war field and the Indian s left the cyber war field and the Indian media has alrdy reported that we are the winners."
'But our protest is still going on. We are now fighting against injustice and brutality of India,' he wrote.
Black denied the allegations by foreign media that s fromother countries were aiding the Bangladesh cyber-front. 'It's totally false. We do not have any connection with any international groups, especially Pakistani s Indian sites for kashmir. They are not with us...' the email rd. 'We do not need any help' as 'we have the power to fight on our own.'
About affiliation with Anonymous, an international loosely collective of s who has US govenment websites, , PBS, the Vatican, Wall Street Journal of Germany and more, Black wrote, "No... But some anonymous members morally support us.'
But immediately, the next day, BBHH declared 'an ed to their cyber attacks on India' on their Facebook page, taking th outcomne of two-day long talks between the Indian union home minister Palaniappan Chidambaram and Bangladesh Home Minister Sahara Khatun at New Delhi, as a positive sign. At the home-ministerial level talkes that concluded on February 25, Delhi had assured Dhaka to bring border killings 'down to zero'.

However, BCA claimed that as Indian Grey hat s again attacked a of Bangladesh websites around the end of February, BCA and permanently disabled the website of Indian community,
On March 7, Bd Xtor, a co-administrator and core of BBHH, wrote to this Xtra correspondent claiming that Indian s have declared a cyber war again, thus initiating phase 2 of the war between Bangladesh and India. As of march 7, the Security Ray (TSR), an online journal, speculated that the total of sites now stands at 35,000.
The incident seriously questions the cyber security of Bangladesh, which is fairly new to the world of Information Technology.
In an exclusive conversation with New Age Xtra, s of bangladesh Cyber Army (BCA) pointed out the flaws in our cyber security recently. One of the s, who had into Google Labs in september last yr, said to Xtra, 's are always looked at in a negative light. But, most s try to find flaws in websites and servers. They (s) the write back to the administrator of the said website or server, pointing out the flaw and suggesting solutions to the administrator.'
BCA claimed to be the first community in Bangladesh that was initiated in 2010. Members of BCA later formed the BBHH and 3CA. 'Over the yrs, our knowledge has grown as members in our community lrn from peers. This helps them to lrn more and do better in the profession of IT and software development,' said another .
the s pointed out that Bangladeshi and other South Asian websites have become convenient in the region. They also said that almost all government websites in Bangladesh have the lowest level of Web security.
'Bangladeshi s often these sites, without any financial or data loss. They put small marks or posts on websites that no visitor can understand except for the administrator,' said a .
The s pointed out that important government sites have almost no security. 'But while these adminstrators never replied, the solutions we had mailed wwere never even implemented,' said one of them. 'At times the emails even bounced, signifying that the email addresses provided on the website are either inactive or they are not being c by the administrators,' said a .

Sumon Ahmed Sabir, vice president of Internet Service Providers Association of Bangladesh (ISPAB) and a cyber security expert in Bangladesh, opined that the security ftures are vulnerable in most government owned websites. ‘That is why a large portion of the websites belong to the Bangladesh government. Not much of technical expertise is required to most of these websites which are very poorly d. Skills and expertise are utilised when websites are of professional standards,’ he said to Xtra.
A BCA representative said that has become convenient in South Asia due to lack of proper security msures. ‘Of all the South Asian countries, India’s web security is at considerably better standard, with Pakistan coming at second and Bangladesh’s being minimal,’ he said, claiming that from all the South Asian countries, India’s community is also the biggest.
He explained that as s use various proxy servers and, after ch attack, the server logs are clred. ‘So, when cyber crime authorities check, they find that the server was accessed from various parts of the world,’ he said.
When Xtra asked the Bangladesh Telecommuniion Regulatory Commission (BTRC) whether investigations are underway to identify s that defaced the Bangladeshi sites, Md Giashuddin Ahmed, vice chairman of BTRC, said that the government has formed a committee, including BTRC officials to take steps to stop the cyber war and other form of cybercrimes.
‘The committee has held two meetings and will suggest an action plan to stop such cyber crimes,’ he said. Giashuddin Ahmed added, ‘As per the government direction, a specialised tm is closely monitoring online activities and contents of blogs and social networking sites to track online offenders,’ although till now, ‘no has been traced so far and the operation procedure is yet to be finalised.’
s are confident that during the so-called cyber war, ‘Bangladeshi s did not violate article 56 of Information Communiion Technology (ICT) Act, 2006 of Bangladesh, as there was no financial loss or destruction of data while the sites.’
Sub-section 1 of article 56 of the ICT Act, 2006 states, ‘If any person-- with the intent to cause or knowing that he is likely to cause wrongful loss or damage to the public or any person, does any act and thereby destroys, deletes or alters any information residing in a computer resource or diminishes its value or utility or affects it injuriously by any mns; damage through illegal access to any such computer, computer network or any other electronic system which do not belong to him; then such activity shall be trted as offence.’
Sub-section 2 of the same article in the Act states, ‘Whoever commits offence under sub-section (1) of this section he shall be punishable with imprisonment for a term which may extend to ten yrs, or with fine which may extend to Taka one crore, or with both.’
Sumon said, that while he cannot justify the practice of of Bangladeshi and Indian websites, ‘the intentions of attacking the websites on both ends were not aimed at damaging them. They only removed some contents, put some s, used cursive words or shut it down temporarily. There was no intention to cause financial damage. The attack was aimed at erating propaganda.’
He continued, ‘The contents in our present ICT Act only protect us of local violations. Internet is something that goes beyond the territory. Hence, addressing online crimes is still a grey ar. It could be someone sitting in the United States, using a computer server in India to initiate an attack on a Bangladeshi website. Under such circumstances, there is hardly enough evidence because the logs can be clred. So, addressing the issue is still a very complied process.’
***s further divued that even when Pakistan and Indian s have been at ch other’s cyber security since 1998, the communities of Bangladesh and India always maintained a friendly relation.

The ‘ties’ were strained following sprd of a 10-minute long clip where BSF personnel stripped and tortured Habibur Rahman, a 22-yr-old Bangladeshi tle smuggler who had crossed the border to India. The clip was aired by media across the globe on January 18 and 19.

India claimed to have suspended the eight BSF personnel but did not apologise for the incident. On the other hand, Bangladeshi ministers said they were ‘not worried’ about the incidents at the border.

Adding fuel to Bangladesh public’s outrage on February 8, was BSF chief U K Bansal’s comment to the BBC that firing at India-Bangladesh border will continue ‘so long criminal activities would continue to take place’. The statement seemed to be in contradiction to Indian Prime Minister Manmohan Singh’s assurances, while visiting Dhaka in September 2011, that non-lethal msures will be taken against Bangladeshi suspects at the border.

‘After all this, the temporary de of five Bangladesh government sites by Indian s seemed like a call for cyber war,’ said a BCA representative.

Implying that protests against border killings and the Tipaimukh dam construction is a form of ‘tivism’, Bangladeshi musician, blogger and cyber-activist Maqsood Haque said, ‘The moves by Bangladeshi s are signs of frustration as the Bangladesh government did not properly address these issues.’

According to Dhaka-based human rights organisation Odhikar, around 31 Bangladeshi nationals were killed by the BSF in 2011.

New York-based Human Rights Watch in a 2010-study claimed that more than 900 Bangladeshis and 164 Indians were killed by the BSF between 2000 and 2010 at the India-Bangladesh border. Poor Bangladeshi border residents smuggle tle from India to Bangladesh as tle prices are 35 to 40 per cent higher in Bangladesh.

‘It is tragic that despite taking legal actions against these smugglers, BSF shoots to kill them and our government does not even protest,’ lamented Haque. He continued that while tracking down s may be tough for authorities as s may be operating from 20 different Internet Protocols (IPs), ‘If apprehended the s may face severe repercussions.’

‘We are preparing the operation procedure that will be finalised on the third meeting of the committee going to be held on March 8,’ said Giashuddin Ahmed while spking to Xtra last week.

Sumon Ahmed hoped that Bangladesh will lrn from the recent incident. As the country is gradually becoming IT-enabled, ‘When transaction-based websites will emerge in the country that is when we will be affected most,’ he warned.

He pointed out that because of poor security on our web servers, other countries are becoming affected. ‘s are using Bangladeshi servers as proxy or phishing sites to acquire s and usernames of prominent international banks and other e-commerce websites, which allow them to transfer money to their desired accounts. Just because we are not being affected, we are not being concerned. But such fraudulent websites are very common and we receive a lot of complaints from the CERTs (Computer Emercy Response Tms) of other countries,’ he added.

He concluded that although the word ‘’ was not always a negative term, ‘Not all is bad or should be considered so. Somebody identifying a bug or informing the authority is a noble job. Unless and until that bug is ed to attack it is a good deed.’
Additional reporting byMH KawserbySyed Tashfin ChowdhurySource:New Age Extra
Previous Post:Faceless cyber warriors [Vol-1],Faceless cyber warriors [Vol-2],Faceless cyber warriors [Vol-3],Faceless cyber warriors [Vol-4],

No comments:

Post a Comment