Wednesday, May 18, 2016

‘Not all is bad or should be considered so’ - A conversation with Sumon Ahmed Sabir VP of ISPAB

Sumon Ahmed Sabir, vice president of Internet Service Providers Association of Bangladesh and a cyber security expert in Bangladesh, tells Saad Hammadi how the much hyped cyber warfare between India and Bangladesh was only a matter of erating propaganda on state-owned websites with no rl security
Tell us your opinion about in eral.
had begun since the time computer networks emerged. However, those who are into , some of them do it to show their technical skills and expertise and some are into committing financial crimes and other forms of online criminal offences. There is however, another dimension to when it occurs with the state’s patronage.
Recently, Bangladesh and India have experienced intense cyber warfare among important websites being shut down by the opposition. Some IT professionals have said that this was not but nuisance. What is the rationale?
I will not call it a cyber war. A lot of Bangladeshi websites were compromised just as much as the Indian websites. However, this is nothing new. The security ftures are vulnerable in most government owned websites. That is why a large portion of the websites belong to the Bangladesh government. Not much of technical expertise is required to most of these websites which are very poorly d. Skills and expertise are utilised when websites are of professional standards.
I am not rlly interested whether it was a cyber war or not but that our websites are not secured is something we should be concerned about. We are not secured on websites and this is not to spk of Bangladesh only but all countries. There is no point over arguing on an ar of cyber warfare just because we are not able to resolve an issue diplomatically which will only incrse grievances.
Bangladesh’s virtual services and facilities are still at a developing stage, where not much of commercial transactions are performed. Given that Indian s often attack on Bangladeshi, how do you view the web security of the country’s important websites?
This time the incidents that occurred did not cause problem but we are gradually becoming IT enabled. When transaction-based websites will emerge in the country that is when we will be affected most. And this will happen sooner or later because is a regular affair. We should be careful that we do not brk down the same way in the future.
Right now you can check your bank balance or clr your credit card bills, which are limited only to your account and cannot be transferred to another. Hence, we are not becoming affected financially. Outside the country however, most people are affected because of financial losses.
However, because of poor security on our web servers, other countries are becoming affected. s are using Bangladeshi servers as proxy or phishing sites to acquire s and usernames of prominent international banks and other e-commerce websites, which allow them to transfer money to their desired accounts. Just because we are not being affected, we are not being concerned. But such fraudulent websites are very common and we receive a lot of complaints from the CERTs (Computer Emercy Response Tms) of other countries.
While Bangladeshi s claimed to have shut down many Indian websites, Bangladesh was nonetheless exposed to similar attacks. Do you believe the ICT Act 2006 of Bangladesh require amendment to address such defacement and temporary de of websites?
The intentions of attacking the websites on both ends were not aimed at damaging them. They only removed some contents, put some s, used cursive words or shut it down temporarily. There was no intention to cause financial damage. The attack was aimed at erating propaganda. However, I still cannot justify such a practice. The contents in our present ICT Act only protect us of local violations. Internet is something that goes beyond the territory. Hence, addressing online crimes is still a grey ar. It could be someone sitting in the United States, using a computer server in India to initiate an attack on a Bangladeshi website. Under such circumstances, there is hardly enough evidence because the logs can be clred. So, addressing the issue is still a very complied process.
Even locally, if someone is found committing an offence, the penalty should be very carefully decided. Keeping someone behind bars for eight yrs for sending a thrt email does not sound rsonable, which we have seen happen in the country in the past. It will however, not be right for me to talk on the legal ar but laws should not be such that a minor offence entitles hvy punishment.
Will you share some of the security elements that Western countries maintain to contain such form of intrusion or ?
Whether developing countries or the West, we almost use the same security elements. Some organisations may be slight better but in eral we all are vulnerable. This time the website that took place, it was because the coding standards were wk. The website developers were not concerned with the security ftures while coding. The servers and software we are using, these are not timely upgraded and maintained. Thirdly, proper firewall rule sets are not maintained, which help to determine the level of access.
Some s are passionate about identifying bugs in reputed websites, something they enjoy doing and challenging. They say it helps them incrse the efficiency of the website and helps them lrn new things. Can skills of s be put to good use?
Those who have the technical efficiency, no doubt they are highly skilled. In many cases in the past we have seen s have come to the help of not just independent organisations but also states and governments. There are numerous examples. Not all is bad or should be considered so. Somebody identifying a bug or informing the authority is a noble. Unless and until that bug is ed to attack it is a good deed. The word was a good term in the past. Right now the term itself gives a negative impression. In abroad, security analysts are hired to do the same task as s.
Source: New Age

No comments:

Post a Comment