Global Cyber Security trend & impact of Internet on the society of Bangladesh and it’s

status

Fakrul AlamCTO

bdHUB Limited

fakrul@bdhub.com

http://bd.linkedin.com/in/fakrulalam

https://twitter.com/rapappu

Incident Trends, Bangladesh

Data received from censors maintained by bdCERT

1. Site Defacement

• Site hacked by hacker group named Indishell, Sil3nt Hack3r,

My@nm@r H4acK3rs Unit

• Government sites were targeted (.gov.bd)

• Sites running on CMS are not fully patched and inherently carrying

bugs which is quite easy for the hacker to penetrate.

• Lack of proactive monitoring and enforcement of standards.

1. Site Defacement

1. Site Defacement

• Site defacement using known techniques like SQL Injection,

Metasploit and CMS vulnerability.

2. Phishing Attack

2. Phishing Attack

2. Phishing Attack

whois -h whois.apnic.net 203.112.194.17

mnt-by: APNIC-HM

mnt-lower: MAINT-BD-BTTB

mnt-routes: MAINT-BD-BTTB

mnt-irt: IRT-BTTB-BD

changed: hm-changed@apnic.net 20040323

status: ALLOCATED PORTABLE

changed: hm-changed@apnic.net 20040323

changed: hm-changed@apnic.net 20040401

source: APNIC

irt: IRT-BTTB-BD

address: Data and Internet Service

address: Bangladesh Telecommunications Company Ltd

address: Moghbazar Telephone Bhaban, Dhaka

e-mail: irt@btcl.net.bd

abuse-mailbox: irt@btcl.net.bd

admin-c: HA128-AP

tech-c: MR209-AP

auth: # Filtered

mnt-by: MAINT-BD-BTTB

changed: irt@btcl.net.bd 20110102

source: APNIC

3. Email Threat

• Email threats are increasing.

• Use gmail/hotmail/live email address to send

treat email.

• Sometime we saw use to TOR network for extra

layer of protection.

3. Email Header

whois -h whois.cymru.com 209.85.213.182

AS | IP | AS Name

15169 | 209.85.213.182 | GOOGLE - Google Inc.,US

3. Email Header

3. Reporting Incident

In order for a non-U.S. Government to issue legal process from a U.S.

Jurisdiction, it must use a diplomatic process such as letters

rogatory or the process under the Mutual Legal Assistance

Treaty (MLAT), if one exists between the U.S. And

Bangladesh. Evidence sought by governmental

authorities in criminal matters in Bangladesh must be requested

through the Office of International Affairs, U.S. Department of Justice.

4. Open Resolver / DDoS Attack

• DDoS attack on several financial institutions websites.

• Reported application layer (HTTP GET Flood) on online newspaper

portal. Attack stays for 72 hours with roughly 5 million packets per

second.

4. Open Resolver / DDoS Attack

• Not only NTP / DNS Reflection Attack.

• New protocol are also used (UDP port 1900 UPnP Simple Service

Discovery Protocol)

• Biggest DDoS we report is roughly 2.4Gbps (STM-16)

dig ANY isc.org @OpenResolverIP +edns=0 +notcp

+bufsize=4096

;; Query time: 83 msec

;; SERVER: xxx.xxx.xxx.xxx#53(xxx.xxx.xxx.xxx)

;; WHEN: Tue Feb 10 09:43:54 2015

;; MSG SIZE rcvd: 4002

5. Data Leakage

• Information data leakage in PASTEBIN

6. Prefix Hijack

6. Prefix Hijack

• If you are transit provider

– Make sure you check customer prefix before announce it.

– Do proper prefix & as filter

• RPKI (Resource Public Key Infrastructure)

7. Facebook Incident

7. Facebook Incident

Reporting Incident : LEA

• Information for Law

Enforcement Authorities

– https://www.facebook.com/saf

ety/groups/law/guidelines/

For End User

• Awareness is very important.

• Think twice before posting it to social media.

• http://www.stopthinkconnect.org/

– Safety Tips for Mobile Devices

– Social Networking & Cyberbullying

– Internet Safety & Security Tips for Parents

PEOPLE PRODUCT PROCESS

Thank You