Computer Crime Research Center


Fighting cybercrimes as the country goes digital

Date: December 29, 2015

In mid-2008, Israel grew impatient as it still often does over its neighbours. This time it was about the nuclear facility of Natanz in Iran, one that Iran claimed would be used for civilian purposes only. Israel sought help from the US to bomb the Natanz facility by allowing it to use the Iraqi airspace controlled by the US military. Israel also wanted to use the same radio code used by the US military there so that the US Patriot missile defence system would not fire F-16 birds down. But the Bush administration, specially the Secretary of Defence Robert Gates and Admiral Mike Mullen didn't want to open a third war front besides Afghanistan and Iraq where the USA had already been mired knee-deep.

By the end of the year, American cyber gods crafted some lines of a computer programme - Stuxnet, technically called a worm - that would do what the Israeli fighters wanted to do. Destroy Natanz! But Iran kept Natanz disconnected from the internet beforehand fearing such computer virus or worms might be used against it. So the worm programme could not be injected to Natanz computers directly through the internet. CIA and Mossad came up with names of four Iranian organisations that were secretly working with Natanz. First, those companies were infected with Stuxnet. Apparently, employees of the companies, while working at Natanz, unknowingly transferred the worm to some Natanz computers through their pen-drives and disks. Once inside, Stuxnet propagated to other computers of Natanz looking for a Siemens software that controlled the made-in-Iran Fararo motors spinning at the bottom of each centrifuge. The worm altered the German code of Siemens. The controller programme was now 'talking in Hebrew' to the Iranian motors to spin erratically, leaving hundreds of centrifuges broken.

While America and Israel were toasting in celebration, Stuxnet continued to reproduce itself and from Iran it spread across thousands of networks around the world searching for that Siemens programme. Hackers and other cyber warriors, including those of Iran, captured copies of the worm and went through its lines of code. To the shock of the US, they found out that with a little tweak, they could make Stuxnet look for a GE programme running a GE (General Electric) motor running a power plant in the USA, or any programme controlling a gas turbine, or a chemical refinery. Now, a US space station can be destroyed, US railways and airlines can be collapsed, the US defence can be breached and even the global financial market can be shattered by using the very programme America developed!

This is a real-world example of what may happen to a country or the world if cybercrime, cyber war and a lack of awareness of the two continue.

Last year in September, about a hundred of the moon-walking celebrities of the Hollywood came down flat on earth to see their private photos - photos they kept secret in the iCloud or sent to the boyfriends through email or mms - spread over the internet. Police investigation found out that their iCloud accounts were broken in, their emails got out and, in some cases, their cell phones and laptops were hacked in to take photos of the celebrities without their notice! One hacker just googled to answer a celebrity-email-account's secret question, "Who was your first lover?" Being a celebrity has its downsides. Everyone knows everything about you!
Consider yourself lucky for not being a celebrity? But maybe, you have an obsessive-compulsive desire for 'trust'-ing every device your iPhone connects to or keeping Sync or Photostream function 'Always On'! Well, this may bring you celebrity ill-luck.

Now consider yourself an average person. Do you use a mobile phone? Yes! Then there is a 63 per cent chance that you would be a victim of cybercrime. Are you on facebook, twitter or other social networking sites? It's a 63 per cent chance again. You like to access free and public wifi zones! Congratulations! Your chance is 68 per cent! And if you come from an emerging market, you have another 68 per cent chance of being a victim of cybercrime. And if you answer Yes to all these four questions, as most of the readers of this column would, you should do your math. Quickly and seriously.

So, here cybercrime is. One of these days you may find your bank balance dive. You may find your email account hacked, your mobile camera being used to spy on you, your laptop sending your passwords and whatever you type to somebody you never met and never will! And add to that somebody looking into what you search in Google and what websites you browse or some government agency (or worse, hackers) listening in to your skype-calls. So far, as an individual, you had some right to privacy. Not anymore.

Crossing that boundary line of the rights of an individual might not bother many states and governments in today's world. But what's about the security of the state itself, of the government that run it, and of the people that make it? Until now, we considered this to be the rich men's disease - problems that only the developed countries used to face. But with the rapid digitalisation of the systems and infrastructures of the country, it is time we looked for better answers. Over eighteen thousand government offices across the country are coming under the internet this year. Mobile and internet banking is set to take a giant digital leap off the fingertip. Many of the control systems are becoming digital. In Bangladesh, we have already seen cybercrime surfacing as thousands of Facebook profiles get faked or become victims to phishing and confidential company data get hacked.

We have seen credit and debit card passwords stolen by criminals, DDoS attacks on important websites and so on. We could even detect and analyse an idle server of a big company in Dhaka which was used as part of a botnet attack in the famous Sony hacking case a few months ago. During the year 2013, in the Criminal Investigation Department of Bangladesh Police, there were only two cases for which expert computer forensic opinion was sought. In 2014, the number was in the 60s. For 2015, it has already crossed 200, in about eleven months! Cyber cases for which expert opinion was not sought of and the number of crimes not even reported to the police would range in the thousands.

According to the Kaspersky IT Threat Evolution Report published this November, Bangladesh topped the list of the countries with the highest levels of computer infection and was placed fourth among the countries most attacked by mobile malware. You can guess how big a crime it is going to be in near future. In South Korea, every year about ninety thousand people are arrested for cybercrime. Cybercrime also has become one of the top five crimes there. USA lost USD 34 bn last year on cybercrime. China lost 31 bn, India 4.0 bn. India's economy is 10 times bigger than ours. So, what if next year we lose one-tenth of what India lost last year? A mere US$400 million?
It brings us to the question of what we can and should do to contain this explosion of cybercrime. Let's discuss how some other countries are faring in this regard. It is accepted that America, China and Russia are the three cyber superpowers in today's world. If any of them want to destroy your digital landscape now, there's not much to do whichever country you may be. The UK, Germany, France, Israel, Iran, South and North Koreas also have good capabilities when it comes to attacking another country's digital infrastructure. But how vulnerable a country is to cyber-attacks depends also on how much digital infrastructure a country has. For example, each of South and North Korea has similar capabilities to launch a cyber attack on the other. But while South Korea, being the most digitalised country in the world, is prone to huge damages in such cyber attacks while North Korea having one of the least digital infrastructure in the world actually has nothing to lose in a cyber attack! Again, in China internet is strongly controlled by the government. Whenever a foreign adversary launches a cyber attack on the Chinese infrastructure from outside, China may easily cut-off its cybersphere from the outside world and foil the attack.

But in the USA, the fact that the internet is controlled by a number of non-government organisations and that American economy is so much intertwined with the global economy, it might be difficult and time-consuming and even impossible for the US government to cut itself off from the rest of the world. That gives China a huge advantage in a cyber war with the USA, hypothetically.

Beyond the wars, in Bangladesh, there are cybercrimes that we need to be ready to fight and control. As real internet banking gets pace, online fraud, phishing and bank account hacking are bound to soar. As the national data centres get off the ground, our road, rail, metro networks (and maybe, one day, subways) become computerised, power plants and gas distribution facilities and supply chain of food and essentials get fully automated, millions of computers and mobile devices in the private and public sectors join the internet and the average village woman begins to receive the cash sent by her son living abroad with the help of a tiny password, the challenges will grow along the opportunities.

Our young minds at the universities must be funded for research on cyber security, our IT professionals have to be made more and more skilled, the law-enforcement agencies must be trained and equipped with the logistics necessary. As the Chinese and Russian 'hackers' continue to humiliate USA every day and night, countries around the world have learned from the mistake America made honing its cyber-attack capabilities before firewalling its own networks.


Add comment  Email to a Friend

Copyright © 2001-2013 Computer Crime Research Center
CCRC logo