Cyber World is Not in Safe Hands

Saleem Shahab

While hoisting national flag, Shahrukh Khan was leading a great procession. In the middle of the road, Indian Security personnel had erected barriers to stop him. The strange thing: Sharukh was hoisting the Pakistani Flag. After reading the above lines you must say, impossible. Yes, it is impossible in the real world but not in cyber world where once India and Pakistan were unofficially engaged in cyber war and some Pakistani hackers did all. In much the same manner, Indian hackers hacked an important Pakistani website and filled it with absurdities.

In 2007 annual report, the Internet security company McAfee is said to have stated that approximately 120 countries have been developing ways to use the Internet as a weapon and target financial markets, government computer systems and utilities. More importantly, private groups and people can also start Cyberwarfare to serve their vested interests.

The report “In the Crossfire: Critical Infrastructure in the Age of Cyberwar”, has been commissioned by McAfee and authored by the Center for Strategic and International Studies (CSIS).

It goes without saying Cyber Warfare is the use of computers and the Internet in conducting warfare in cyberspace. Much to the dismay of cyber people, Governments, their militaries, law enforcement, the private sector and criminals are creating cyber warriors across the globe. Alarmingly, a highly skilled cyber terrorist alone can play havoc on wide scale and a cyber attack can not be checked with guards, gates and guns.

According to a survey of 600 IT security executives from critical infrastructure enterprises worldwide, more than half (54%) have already suffered large scale attacks or stealthy infiltrations from organized crime gangs, terrorists or nation-states. No doubt, to check this malpractice, legislation is made time and again but the vulnerability of their IT sector has increased over the years. It would not be wrong to say world IT industry is growing among fear and mistrust.

Only 20% of 600 IT security executives think their sector may be safe from serious cyberattack in the coming years. The very basis and foundation of the world’s critical infrastructures is reliability and availability instead of security. Further, owing to globalization, computer networks are at once interconnected with corporate IT networks and are accessible from anywhere in the world.

Unlike a typical warfare which remains restricted to some battlefields, mountain ranges, or coastlines of the rival countries, Cyber warfare may cover all aspects of the Internet from the backbones of the web, to the Internet Service Providers, to the varying types of data communication mediums and network equipment. In fact, the cyber warfare terrain encompasses the cities, communities, and the world in which we live.

"Cybercrime is now a global issue," said Jeff Green, senior vice president of McAfee Avert Labs. "It has evolved significantly and is no longer just a threat to industry and individuals but increasingly to national security." According to a report, China is at the forefront of the cyber war. It said China has been blamed for attacks in the United States, India and Germany. China has repeatedly denied such claims. It is self-evident that the future attacks would be even more sophisticated."Attacks have progressed from initial curiosity probes to well-funded and well-organised operations for political, military, economic and technical espionage," the report said. James Mulvenon, director of the Center for Intelligence and Research in Washington said "The Chinese were first to use cyber-attacks for political and military goals". Governments must urgently strengthen their defenses against industrial espionage and attacks on infrastructure.

The report further revealed the huge staggering cost and impact of cyberattacks on critical infrastructure such as electrical grids, oil and gas production, telecommunications and transportation networks. The average estimated cost of downtime associated with a major incident is $6.3 million per day. It is imperative for interconnected organizations to gird up their loins for any mishap conducted by cyber terrorists. One can imagine cyber attack upon the critical infrastructure like public transportation to energy to telecommunications where cyber attack can bring about extensive economic disruptions, environmental disasters, loss of property and even loss of life.

There are several methods of attack in cyberwarfare; Cyber espionage, Web vandalism, date pilferage, propaganda, denial-of-Service Attacks, equipment disruption, compromised counterfeit hardware etc. The term “Cyber espionage” we use for the act or practice of obtaining sensitive, proprietary or classified information from individuals, competitors, rivals, groups, governments and enemies also for military, political, or economic advantage using illegal exploitation methods on internet, networks, software and or computers. Similarly, the term ‘Web vandalism’ we use for attacks that deface web pages or denial-of-service attacks. This is normally swiftly combated and of little harm. The term ‘propaganda’ for political messages are spread through or to anyone with access to the internet or any device that receives digital transmissions from the Internet to include cell phones, PDAs, etc. In the same way, data pilferage is classified information that is not handled securely can be intercepted and even modified, making espionage possible from the other side of the world.

Since 1991, there is a series of cyber attacks to critical infrastructure. In April 2009, reports surfaced that China and Russia had infiltrated the U.S. electrical grid and left behind software programs that could be used to disrupt the system. The United States Department of Homeland Security works with industry to identify vulnerabilities and to help industry enhance the security of control system networks. The Indian government recently claimed that hackers based in China had tried to infiltrate computers in the office of its prime minister in New Delhi. During a period of tension with Moscow in 2007, Estonia was subjected to a cyber attack when government computers were jammed, causing financial losses worth millions of pounds. In December 2009, South Korean media reported that North Korean hackers may have stolen secret information from Oplan 5027, which is United States and South Korea's operational plan for defense of South Korea in the event of a North Korean invasion. The federal government of the United States admits that the electric power transmission is susceptible to cyberwarfare.

Pearl Harbor was a preemptive strike against the US Pacific Fleet, which considerably degraded the US Naval capability for several years. So the question arises, what can make a computer attack strategic? In 2007, the United States government suffered an "an espionage Pearl Harbor" in which an "unknown foreign power...broke into all of the high tech agencies, all of the military agencies, and downloaded terabytes of information." The Wall Street Journal highlighted how Russian and Chinese intelligence agencies have already planted malware in the power grid. Then there was the Idaho National Lab Aurora video, where they demonstrated that a generator SCADA system can remotely be hacked to blow up the generator.

Contrary to blitzkrieg being the war idea of twentieth century, we can anticipate that cyberwar may be the idea of the twenty first century. Cyberwar is not merely a new set of operational techniques. It is emerging, in our view, as a new mode of warfare that will call for new approaches to plans and strategies, and new forms of doctrine and organization. Cyberwar may be fought offensively and defensively, at the strategic or tactical levels. It will span the gamut of intensity, from conflicts waged by heavy mechanized forces across wide theaters, to counterinsurgencies where "the mobility of the boot" may be the prime means of maneuver. Cyberwar may require speedy flows of information and communications. If the opponent is blinded, it can do little against even a slow-moving adversary. Cyberwar may imply a new view, not only of what constitutes "attack," but also of "defeat." In the best circumstances, wars may be won by striking at the strategic heart of an opponent's cyber structures, his systems of knowledge, information, and communications.

Owing to global war on terror, the world’s military infrastructure is at growing risk from sophisticated hackers. It is believed that the threat posed by terrorists and hackers involved in cyberwarfare is a priority for defence chiefs. Many governments are facing a potent and ill-understood new threat from terrorists and hostile powers in the shape of cyber warfare, military and security, experts have warned. John Chipman, the director-general of the International Institute of Strategic Studies, said: "Despite evidence of cyber attacks in recent political conflicts, there is little appreciation internationally of how to assess cyber conflict. We are now, in relation to cyber warfare, at the same stage of intellectual development as we were in the 1950s in relation to possible nuclear war."

A British government report says Network attacks are "growing in seriousness and frequency". To overcome that risk, the Green Paper just published by the British Government has stated that part of the forthcoming Strategic Defence Review will focus on the risks posed by technology in enemy hands. At the moment, it is believed that insurgents with the right electronic capability could jam weapons systems and intercept classified communications during military missions. According to an expert, cyber warfare may be used to disable a country's infrastructure, meddle with the integrity of another country's internal military data, try to confuse its financial transactions or to accomplish any number of other crippling aims.

Cyberterrorism became center of public eye in the late 1980s. The millinum bug was by no means a cyber attack but the public fear showed the terrorists a way to terrorize the people. Cyberterrorism can have a serious large-scale influence on significant numbers of people. It can weaken countries' economy greatly, thereby stripping it of its resources and making it more vulnerable to military attack. Cyberterrorism was featured in Dan Brown's Digital Fortress. The Japanese cyberpunk manga, Ghost in the Shell (as well as its popular movie and TV adaptations) centers around an anti-cyberterrorism and cybercrime unit. In its mid-21st century Japan setting such attacks are made all the more threatening by an even more widespread use of technology including cybernetic enhancements to the human body allowing people themselves to be direct targets of cyberterrorist attacks. Cyberterrorism is defined as “the premeditated use of disruptive activities, or the threat thereof, against computers and/or networks, with the intention to cause harm or further social, ideological, religious, political or similar objectives.

One example of cyberterrorists at work was when terrorists in Romania illegally gained access to the computers controlling the life support systems at an Antarctic research station, endangering the precious lives of 58 scientists. However, the culprits were stopped before damage actually occurred. In October 2007, the website of Ukrainian president Viktor Yushchenko was attacked by hackers. A radical Russian nationalist youth group, the Eurasian Youth Movement, claimed responsibility. In 1999 hackers attacked NATO computers and they flooded the computers with email and hit them with a denial of service (DoS). The hackers were protesting against the NATO bombings in Kosovo. Businesses, public organizations and academic institutions were bombarded with highly politicized emails containing virulent viruses.

By going through all, we can understand the importance of computer security issues. There are many similarities between computer and physical security. In recent past, serious financial damage has been caused by computer security breaches. To understand the techniques for securing a computer system, it is important to understand the various types of "attacks" that can be made against a system. Figures in the billions of dollars have been quoted in relation to the damage caused by malware such as computer worms like the Code Red worm, but such estimates may be exaggerated. Individuals who have been infected with spyware or malware likely go through a costly and time-consuming process of having their computer cleaned. Spyware is considered to be a problem specific to the various Microsoft Windows operating systems. These threats can typically be classified into one of these seven categories; Exploits, Eavesdropping, Social engineering and human error, Denial of service attacks, Indirect attacks, Backdoors and Direct access attacks.

1. Exploits

An exploit is a piece of software, a chunk of data, or sequence of commands that take advantage of a bug, glitch or vulnerability in order to cause unintended or unanticipated behavior to occur on computer software, hardware, or something electronic (usually computerized).

2. Eavesdropping

Eavesdropping is the act of surreptitiously listening to a private conversation. Even machines that operate as a closed system can be eavesdropped upon via monitoring the faint electro-magnetic transmissions generated by the hardware such as TEMPEST.

3. Social engineering and human error

Malicious individuals have regularly penetrated well-designed, secure computer systems by taking advantage of the carelessness of trusted individuals, or by deliberately deceiving them, for example sending messages that they are the system administrator and asking for passwords. This deception is known as Social engineering.

4. Denial of service attacks

Unlike other exploits, denial of service attacks are not used to gain unauthorized access or control of a system. They are instead designed to render it unusable. Attackers can deny service to individual victims, such as by deliberately guessing a wrong password three consecutive times and thus causing the victim account to be locked, or they may overload the capabilities of a machine or network and block all users at once. These types of attack are, in practice, very hard to prevent, because the behavior of whole networks needs to be analyzed, not only the behaviour of small pieces of code.

5. Indirect attacks

An indirect attack is an attack launched by a third party computer. By using someone else's computer to launch an attack, it becomes far more difficult to track down the actual attacker. There have also been cases where attackers took advantage of public anonymizing systems, such as the tor onion router system.

6. Backdoors

A backdoor in a computer system (or cryptosystem or algorithm) is a method of bypassing normal authentication, securing remote access to a computer, obtaining access to plaintext, and so on, while attempting to remain undetected. The backdoor may take the form of an installed program (e.g., Back Orifice), or could be a modification to an existing program or hardware device.

7. Direct access attacks

Someone who has gained access to a computer can install any type of devices to compromise security, including operating system modifications, software worms, key loggers, and covert listening devices. The attacker can also easily download large quantities of data onto backup media, for instance CD-R/DVD-R, tape; or portable devices such as keydrives, digital cameras or digital audio players. Another common technique is to boot an operating system contained on a CD-ROM or other bootable media and read the data from the harddrive(s) this way. The only way to defeat this is to encrypt the storage media and store the key separate from the system.

To check these illegal ways, we need computer and network surveillance which is an act of performing surveillance of computer and network activity. Today, computer surveillance programs such as ECHELON and Carnivore are widespread and almost all internet traffic is closely monitored for clues of illegal activity. The vast majority of computer surveillance involves the monitoring of data and traffic on the Internet. In corporate surveillance, the data collected is most often used for marketing purposes or sold to other corporations, but is also regularly shared with government agencies. It can be used as a form of business intelligence, which enables the corporation to better tailor their products. Furthermore, the data can be sold to other corporations, so that they can use it for the aforementioned purpose. Or it can be used for direct marketing purposes, such as the targeted advertisements on Google and Yahoo.

Saleem Shahab  is the Editor monthly Techno Biz and a prolific write. He can be reached here.

Don't Cheat in the Digital Age

“It was kind of a joke,” when a French online journalist tweeted the gossip that French President Nicolas Sarkozy was cheating on his wife, Carla Bruni, and she was cheating on him. She had no idea if it was true, but the “news” spread internationally as it was repeated by reporters and gossip sites, and Sarkozy had to issue an angry denial during a press conference in London. Twitter users treat the service as a social networking site, but legally, it’s considered a platform just like a newspaper or TV show and therefore subject to libel laws. By repeating the rumors, journalists—even if they were tweeting in a personal, not professional capacity—gave more credibility to the story. The fake-scandal scandal provoked much debate in France over Twitter’s legal status, with some users saying the site should be considered personal so people can say anything on it without repercussions. Legal experts, however, say that’s not the case.

Read it at Times Online

E-Attention

This article appeared in monthly Techno Biz Magazine Jan-Feb 2010 double issue

Use of social media applications is being debated across the World Wide Web. Fans support the usage of tools like Blog, tweet, Facebook to break down barriers between businesses, public servants and ordinary people to discuss ideas and gather feedback. Trend watchers and analysts still see the social media tools as time wasting diversions. It is in this milieu that in the attention age, we need to look at the fast growing social media usage in our own, still low tech, corporate and public sectors.

Avatar Fame

Most of the people living online are recognized by the avatar they use. Like nicks, avatars have become a very creative genre. There are many different ways; one of the best that I use id Gravatar. Set your avatart there and it will automatically surface when you use a particular email while putting your comments on any blog.

It is simple; go to “Go get yourself a Gravatar (http://en.gravatar.com) and click on the button that says, “Get your Gravatar today”. Enter your email address. Upload the avatar you’d like to use. It will let you crop it and size it as you see necessary so it looks good in that little square. Done!

Now on, when you leave a blog comment, your avatar image will automatically follow you there and post a picture next to your comment. It is recommended to use the same avatar that you use on Twitter and your other social media sites since your blog comments are an extension of your personal brand (though I am still using different).

Blog, Tweet, Update Facebook at Work

Blog, tweet, update Facebook -- that's the message the Australian government is sending its bureaucrats as part of a push to break down barriers between public servants and ordinary people. Instead of seeing the social networking tools as time-wasting diversions, a government-commissioned draft report on new media wants them used to discuss ideas and gather feedback.

The report says public agencies should engage "more energetically" with Web 2.0 applications, examples of which include Facebook, the online encyclopaedia Wikipedia and video-sharing site YouTube.

The report said interactive media provided "unprecedented opportunities to open up government decision-making to the community". But it acknowledged the greatest impediment to its broader use was the culture of government, which can tend towards secrecy and which was protective of the copyright on policy.

"Access to work tools like web-based email, collaborative work spaces and instant messaging create powerful new possibilities for collaboration particularly where collaborators are physically apart," it said.

"Likewise Twitter, Facebook and blogs provide access to professional information and conversation. Yet not enough public servants have work access to these building blocks of Government 2.0."

Indeed, none of the public servants on the taskforce preparing the 'Engage: Getting on with Government 2.0' report had access to instant messaging despite the fact that it was an important tool for other task force members, it said.

The report also noted that one public servant responded to a call for colleagues to engage in robust work discussion online with: "Ha -- we can't get to FaceBook, YouTube, Flickr, or most common discussion forums where I work."

Today's Web Users

In this attention age, the web users are feeling so overwhelmed and ‘digitally-social'

Adopting Social Media

Social Media systems such as blog, wikis, social networks, podcast, videos, photos, social bookmarking, micro-blogging, and message forums have become an important new way to publish information, engage in discussion increase social interactions, and establish interest-base communities on the internet.

Their reach and impacts are significant, with tens of millions of people producing contents on a daily basis across the glob. Universities, Schools, traditional print and broadcast media, Government, Public and NGOs are now working deeply to understand how to adapt and use social media effectively.

Online users, both generations ‘X’ and ‘Y’, are determining how social media technology can improve their lives and give them more voice in the world.

In this interesting time we should must better understand the information ecosystem of these new publication methods in order to make them more useful, trustworthy and reliable.

We are moving towards a time when all media will be social (Matt Dickman 2009).

Blogging Trends

My opinion on history of blogging as well as some perspective on the newer trends related to blogging were documented as a part of research project back in 2006. Here are some of the questions and my answers that still hold good:

1) When and how did blogging start in Pakistan?

It started when some Pakistani techies found free blogging platforms. From techies, blogging spread to some non techies, mostly those who worked on computers and the Internet and then students.

2) When and why did you start your own blog?

I started in 2003. Primarily I wanted to publish my book on blog. It posted the entire book and in the process I learnt the fun. Then on, I am maintaining multiple blogs, some professional and some personal.

3) You have written a lot about blogging. When did you start writing about blogs, and what was your major inspiration to do so?

My inspiration: To popularize blogging in Pakistan. I wrote my first column on blogging Promotion in Spider back in 2003. I also wrote some columns in Dawn.com.

4) Do you think blogging has been around in Pakistan for quite a long period of time and only became more popular in the last 4/5 years when it became 'newsworthy?'

Who says blogging is popular in Pakistan. It is not. And I don’t see it getting popular anytime soon.

5) How do you foresee the future of blogs here in Pakistan? Do you think this is just a fad which will die out when someone new and novel comes about, or do you feel that blogs are a class of their own and are here to stay?

Blogs are here to stay, but I see them only in a select circle.

6) How do you compare Pakistani blogs to foreign ones? I can guess from the links and comments on your blog that you have access to quite a few foreign blogs as well?

Any foreign blogger can be as purpose less. But I know many good blogs with a lot of substance. In Pakistan, blog potential is not being still used.

7) You have written an article or two on why people blog. Having done an extensive survey both times, what conclusions have you come up to as to why Pakistani people are blogging?

In my surveys, I targeted foreign Pakistani bloggers but found answers from foreign bloggers instead. Most of them came up with some valuable reason to blog -- earning money, selling, reaching out friends and relatives and also throwing some flames.

8) In the past few years there has been a spurt of educational, political and metro blogs. What do you think are the pros and cons of these new types of blogging?

Any type is useful, you have to have purpose.

9) I noticed in one of your posts you had written that you wouldn't want someone you know in real life to visit your blog and know it is YOU who are writing it. May I ask why you are so concerned about privacy?

I don’t write anything that I don’t want others to know about. I fantasize elsewhere.

10) To what extent do you think the government has the right to censor blogs, with reference to the recent ban on blogspot domain?

Recent ban is not implemented properly in the first place. If the government wanted to ban some particular blogs for a reason (in this case government had a reason, and I support that), they should have banned that site. Banning all sites hoisted Blogspot is no good, and that too is not implemented well. I can still write, edit and read my blogs on blogspot. Every one can.

11) To what extent has the Pakistani blogosphere taken up political and educational blogging? Do you feel we're more inclined towards personal blogging?

I only see a few political and even fewer educational blogs.

My Social Logics

A wise person once said that human beings are social animals. This axiom surely rings true for those who have integrated information technology into their lives and are forever online. Now, with the advent of cyber networking, the term socialisation is taking on a whole new meaning.

Internet marketers say that social networking is one of the fastest growing online trends. The number of social networking sites seems to be growing daily. Nielson/NetRatings issued a study in May this year showing that the “top 10 social networking sites saw traffic grow 47 per cent over the last year, with MySpace seeing the biggest growth (367 per cent increase) and MSN Spaces (286 per cent) being second on the list. Hosted blogging systems were included in the study,” reads the report.

So how does it work? Social networking sites allow users to create free online profiles where they can display biographical information, photos, hobbies, interests, swap information, throw trolls and flames, and much more. After completing an online profile, users can connect or network with other users’ profiles. As they connect with more and more people, their network keeps expanding. By adding just a few friends to their network, users can end up being connected to thousands of other people across different cultures and societies. These networks can then be used for fun, for bringing together specific groups and arranging activities, and also for serious business networking.

The social networking trend through technology started back in 1998 when Amazon.com acquired PlanetAll. That was a pioneer site, providing the foundation of sharing contact information, basic biographies, and expanding networks through friends’ networks. This was followed by a mushrooming growth of social sites. Now social networking websites claim to have attracted millions of registered users across the globe. That is one reason marketers are looking at these sites with interest.

Like many others, I have been paying attention to social networking on three different sites — Orkut, Facebook and Gather — in the past couple of weeks. I have answered more requests to be “friends” than I ever did in the past and I have been looking at other people’s friends to see if I know anyone. I have also asked a few to join my network of friends. Who does not need more friends? In addition to this activity, I have been reading about other people’s experiences.

Orkut is still an invite-only website popular among Pakistani students and young people, in general. Facebook has been opened to common users only recently and is not yet well-known in this part of the world. Previously, Facebook was for students of educational institutions that were registered with the service. Gather is more erudite and a newer launch.

Orkut does a few things in different ways by trying to deal with different human emotions. It is faster than other similar social networking sites. Unlike most services focusing on promoting a single type of social connection, Orkut allows three aspects of users’ lives: personal, social, and professional. Killers like karma ratings, communities or flagging through “hot” and “crush” lists make it different (call it cool). Everything else is almost the same: the user interface with photo thumbnails and many other features are similar to that of Friendster and its predecessors.

Initially, only 1,200 invitation were sent out mostly to Google staffers. The rest followed through invitation by initial members. Orkut, like all social networking services, has been designed to promote a set of predetermined behavioural traits instead of enabling users to do what seems most interesting and useful to them. Email me if you still need Orkut invitation.

Facebook is another extremely popular site among students in a more connected world. Now open to everyone, Facebook was founded in 2004 by Mark Zuckerberg of Harvard University. It kept expanding to schools, colleges and universities over time. None of the Pakistani universities were on the network though.

On September 11, 2006, Facebook announced that it would officially open to all internet users, a move that was hardly met with approval by current users. Soon after, Facebook opened registration to anyone with a valid email address. It “is a social utility that connects you to the people around you,” reads the home page of the service. One of my online friends told me that the service now lets anyone sign up outside the listed networks. Thus, I joined.

Another comparatively recent entry in the ever-growing list of social networks is Gather. This site has combined features of weblogs and social sites. What’s more Gather members are paid for their participation with “Gather Points” or cash for most frequent contributors. Though at the moment the “Gather team is working out system to make payments to members in most countries including Pakistan,” explained a Gather staffer when I asked about payments.

“Gather is a place for you to connect with people who share your passions. It is a place where you can contribute thought, art, commentary, or inspiration,” writes Thomas Gerace, founder and CEO.

What are the reasons to flock on social networking sites, besides massaging one’s ego and reaching out to kindred spirits? Peter Kollock looked into the motivations for participating in online communities and interactive sites. In his research paper titled “The economies of online cooperation: gifts and public goods in cyberspace”, he outlined three motivations: “Anticipated reciprocity — the expectation that one will receive useful help and information in return. Indeed, there is evidence that active participants in online communities get more responses. Increased reputation — in general, individuals want recognition for their contributions. Sense of efficacy — individuals may contribute valuable information because the act results in a sense of efficacy... a sense that they have had some effect on this environment.”

Here in Pakistan, we are just beginning to get ready to jump on social networking bandwagon. User interest in social networking websites is growing with an increase in members — a great starter in a conversation that will go on for quite some time.
Where is your cyber social circle?