global cyber security trend & impact of internet on the society of bangladesh and it’s status
TRANSCRIPT
Global Cyber Security trend & impact of Internet on the society of Bangladesh and it’s
status
Fakrul AlamCTO
bdHUB Limited
http://bd.linkedin.com/in/fakrulalam
https://twitter.com/rapappu
1. Site Defacement
• Site hacked by hacker group named Indishell, Sil3nt Hack3r,
My@nm@r H4acK3rs Unit
• Government sites were targeted (.gov.bd)
• Sites running on CMS are not fully patched and inherently carrying
bugs which is quite easy for the hacker to penetrate.
• Lack of proactive monitoring and enforcement of standards.
1. Site Defacement
• Site defacement using known techniques like SQL Injection,
Metasploit and CMS vulnerability.
2. Phishing Attack
whois -h whois.apnic.net 203.112.194.17
mnt-by: APNIC-HM
mnt-lower: MAINT-BD-BTTB
mnt-routes: MAINT-BD-BTTB
mnt-irt: IRT-BTTB-BD
changed: [email protected] 20040323
status: ALLOCATED PORTABLE
changed: [email protected] 20040323
changed: [email protected] 20040401
source: APNIC
irt: IRT-BTTB-BD
address: Data and Internet Service
address: Bangladesh Telecommunications Company Ltd
address: Moghbazar Telephone Bhaban, Dhaka
e-mail: [email protected]
abuse-mailbox: [email protected]
admin-c: HA128-AP
tech-c: MR209-AP
auth: # Filtered
mnt-by: MAINT-BD-BTTB
changed: [email protected] 20110102
source: APNIC
3. Email Threat
• Email threats are increasing.
• Use gmail/hotmail/live email address to send
treat email.
• Sometime we saw use to TOR network for extra
layer of protection.
3. Email Header
whois -h whois.cymru.com 209.85.213.182
AS | IP | AS Name
15169 | 209.85.213.182 | GOOGLE - Google Inc.,US
3. Reporting Incident
In order for a non-U.S. Government to issue legal process from a U.S.
Jurisdiction, it must use a diplomatic process such as letters
rogatory or the process under the Mutual Legal Assistance
Treaty (MLAT), if one exists between the U.S. And
Bangladesh. Evidence sought by governmental
authorities in criminal matters in Bangladesh must be requested
through the Office of International Affairs, U.S. Department of Justice.
4. Open Resolver / DDoS Attack
• DDoS attack on several financial institutions websites.
• Reported application layer (HTTP GET Flood) on online newspaper
portal. Attack stays for 72 hours with roughly 5 million packets per
second.
4. Open Resolver / DDoS Attack
• Not only NTP / DNS Reflection Attack.
• New protocol are also used (UDP port 1900 UPnP Simple Service
Discovery Protocol)
• Biggest DDoS we report is roughly 2.4Gbps (STM-16)
dig ANY isc.org @OpenResolverIP +edns=0 +notcp
+bufsize=4096
;; Query time: 83 msec
;; SERVER: xxx.xxx.xxx.xxx#53(xxx.xxx.xxx.xxx)
;; WHEN: Tue Feb 10 09:43:54 2015
;; MSG SIZE rcvd: 4002
6. Prefix Hijack
• If you are transit provider
– Make sure you check customer prefix before announce it.
– Do proper prefix & as filter
• RPKI (Resource Public Key Infrastructure)
Reporting Incident : LEA
• Information for Law
Enforcement Authorities
– https://www.facebook.com/saf
ety/groups/law/guidelines/
For End User
• Awareness is very important.
• Think twice before posting it to social media.
• http://www.stopthinkconnect.org/
– Safety Tips for Mobile Devices
– Social Networking & Cyberbullying
– Internet Safety & Security Tips for Parents