CYBER CRIME, CYBER SECURITY AND BANGLADESH

                                                                                                                                                man ,r,      (

                                                                                                                                             Md.Shahinur Rahman

                Divisional Engineer

         (Engineering Administration)

                                                                                                                                                                                             Central office,BTCL,Dhaka

Internet is undoubtedly the most crucial technology of the modern world, the useful applications of it have not only  made our life easier than ever before, it  also plays a very important role in education, entertainment &  business. But it has its negative aspects also. It has ushered in  vast world for the criminal section of the society. The biggest threat of the internet is the security threat. Now Cyber crime & cyber security breaches are worth on estimated 105 billion dollars globally. So the issue of cyber crime and cyber security must get a due priority.

Computer or Cyber crime may include broader terms like hacking, copying of copy righted materials, child grooming, stealing and misuse of confidential or private information of someone else, making a computer virus or a bug or a malware with an intention to plot at someone’s computer or a network in order to gain a benefit or to take revenge or another cause which makes someone do such an act is a computer or cyber crime.

                                               

Cyber crime refers to all activities done with criminal intent in cyberspace. These fall into three slots.

• Against persons
• Against Business and Non-business organizations
• Crime targeting the government

Cyber crime is the unlawful act wherein the computer information technology is used either as a tool or a target  or both. Cybercrime covers many crimes. The computer itself is a tool that may be used  for an unlawful act. This kind of activity usually involves modification of a conventional crime by using computers. The following are the examples of cybercrime-

Financial crime: Financial crimes include cheating, credit card frauds, money laundering etc.

Cyber Pornography: Cyber Pornography includes pornographic websites, pornographic magazines produced by using computer and the Internet to download and transmit pornographic pictures, photos, writings etc

.

Sale of

Illegal Articles: Sale of illegal articles includes sale of narcotics, weapons and wildlife, illegal medicine etc. This can be by posting information on websites, auction websites and  bulletin boards or simply by using e-mail communications. Many of the auction sites are believed to be selling cocaine in the name of honey.

Online Gambling : There are millions of websites, all hosted on servers abroad that offer online gambling. In fact, it is believed that many of these websites are actually fronts for money laundering .

Intellectual Property Crimes: These  include software piracy, copyright infringement, trademarks violations, theft of computer source code etc.

E-mail spoofing: A spoofed email is  that email which appears to originate from one source but actually has been sent from another source. This can also be termed as E-mail forging.

Forgery: Counterfeit currency notes, postage and revenue stamps, mark sheets etc. can be forged using sophisticated computers, printers and scanners.  This is becoming a booming business now a days.

 Cyber Defamation : This occurs when defamation takes place with the help of computers and or the Internet e.g. someone publishes defamatory matter about someone on  websites or sends e-mail to his friends containing defamatory information.

Cyber Stalking :Cyber stalking involves  a person’s movements across the Internet. The person sends the message on the bulletin boards frequently to the victim. He can enter  chat rooms and disturb  the victim by constantly sending emails.

There is another kind of cyber crime that is called technical cyber crime. These are classified as follows -

Unauthorized access : Some body can do access in to the computer systems or Networks activity for which he is not authorized to do so. This  is commonly known  as hack

ing.

Thef

t of information contained in electronic form: By this crime, some body gets access in to the  computer  systems or Networks activity  of another person. Then he collects information stored in computer hard disks and removes the information. This is called Theft of information contained in electronic form.

E-mail bombing: E-mail bombing occurs when a large number of emails sent to the victim’s computer. As a consequence the victim’s email account or mail servers might cra

sh.

 Dat

a diddling: This kind of  attack involves altering the raw data just before it is processed by a computer and then changing it back after the processing is completed

Salami attacks: Salami attack is one kind of financial crime. Here the computer program is altered. The alteration is so insignificant  that in a single case it remains completely unnoticed e.g. A bank employee inserts a program into bank’s servers that deducts a small amount from the account of every customer.

Denial of service Attack : The computer resource receives so many requests which it can not handle . This crashes the computer resource. As a result the computer resource denies giving proper service to the authorized users. Another kind of denial of service  attack is known as Distributed Denial of  Service(DDOS) attack. Here the perpetrators are many. They are geographically widespread.

 Virus attack: viruses are one kind of  programs that attach themselves to a computer or a computer  file and then they  circulate themselves to other files and to other computers on a network . They usually affect the data on a computer either by altering or deleting it .

Worms attack: Worms are  unlike viruses. It  does not need the host to attach them. They make functional  copies of themselves. They do this repeatedly  till they eat up all the available space on a computer’s memory.

Logic bombs: These are event dependent programs. These programs are created to do something only when a certain event occurs. Some viruses may be termed logic bombs because they lie dormant all through the year and become active only on a particular date(Like Chernobyl virus).

Trojan attack :It is an unauthorized program which functions from inside of a computer. It  conceals what  it is actually doing .There are many simple ways of installing a Trojan in someone’s  computer.

Internet Time Theft: It is a kind of cyber crime. Here an unauthorized person uses internet hours but payment made by another person. It is a theft of internet hours by using log in name & password from various places causing wrongful loss of internet hour of other users.

Web jacking : It  occurs when someone forcefully takes control of a website by cracking the password. After that he changes it. The actual owner of the website does not have any more control over  his website. He does not know what appears on that website.

Theft of computer system: It is a kind of offence which involves the theft of a computer, some parts of computer or a peripheral attachment  to the computer.

Physically  damaging a computer system: It is a crime that  is committed by physically damaging a computer or its peripherals.

The table below  shows an average percentage of Cyber crime cases in America in 2008 .

Offense	Percent
Fraud (auction, investment, Credit /debit card etc.) Forgery (currency, cheque, identification etc.) Larceny (theft of physical goods, intellectual  property,  telecommunication  services etc.)	79.3 %
Criminal threatening (cyber bullying, stalking, harassment etc.)	8.5   %
Online enticement of minors/ child pornography	4.9   %
Cyber attacks (intrusions, hacking, unauthorized access et c.) C yber squatting (registering , trafficking in or using a domain name with bad faith intent to profit from the goodwill of a trademark belonging  to someone else)	1.9   %
Others	1.9   %
Violent crimes (assault, murder, rape, robbery etc.)	1.3   %
Drug related (possession, trafficking etc)	1.0   %

Effects of Cybercrimes :

Cyber crime affects more than the financial integrity of a business. There are many real and damaging consequences associated with internet crime. The losses are various types, Li

ke-

Loss o

f Revenue:-One of the main effects of cyber crime on a company is a loss of revenue. This loss can be caused by an outside party who obtains sensitive financial information, using it to withdraw funds from an organization. It can also occur when a business's e-commerce site becomes compromised while inoperable, valuable income is lost when consumers are unable to use the site.

Wasted time:- Another major effect or consequence of cyber crime is the time that is wasted when  IT Personnel must devote great portions of their day handling such incidences. Rather than working on productive measures for an organization, many IT staff members spend a large percentage of their time handling security breaches and other problems associated with cyber crime.

Damaged Reputations:-In cases where customer records are compromised by a security breach associated with cyber crime, a company's reputation can take a major hit. Customers whose credit cards or other financial data become intercepted by hackers or others infiltrators lose confidence in an organization and often begin taking their business elsewhere.  

Reduced Productivity:-Due  to the  measures that  many companies must implement to counteract cyber crime, there is often a negative effect on employee's productivity. This is because, due to security measures, employees must enter more password and perform other time consuming acts in order to do their jobs. Every second wasted performing these tasks is a second not spent working in a productive manner.

CYBER CRIME COUNTERMEASURES

Due to above mentioned consequences cyber security should be maintained. There are a variety of different technical countermeasures that can be deployed to thwart cyber criminals and harden system against attack. Firewalls, network or host based are considered the first line of defense in securing a computer network by setting Access Control Lists (ACLs) determining which what services and traffic can pass through the check point.

Antivirus can be used to prevent  propagation of malicious code. Most computer viruses have similar characteristics which allow for signature based detection. Heuristics such as file analysis and file emulation are also used to identify and remove malicious programs. Virus definitions should be regularly updated in addition to applying operating system hotfixes, service packs and patches to keep computers on a network secure.

Cryptography techniques can be employed to encrypt information using an algorithm commonly called a cipher to mask information in storage or transit. Tunneling for example will take a payload protocol such as Internet Protocol (IP) and encapsulate it in an encrypted delivery protocol over a Virtual Private Network (VPN), Secure Sockets Layer (SSL), Transport Layer Security (TLS), Layer 2 Tunneling protocol (L2TP), Point  to Point Tunneling Protocol (PPTP) or Internet Protocol Security (IPSec) to ensure data security during transmission. Encryption can also be employed on the file level using encryption protocols like Data Encryption Standard (DES), Triple Data Encryption Algorithm (3DES) or Advanced Encryption Standard (AES) to ensure security of information in storage.

Additionally, network vulnerability testing performed by technicians or automated programs can be used to test on a full-scale or targeted specifically to devices, systems and passwords used on a network to assess their degree of secureness.  Furthermore network monitoring tools can be used to detect intrusions or suspicious traffic on both large and small networks.

Physical deterrents such as locks, card access keys or biometric devices can be used to prevent criminals from gaining physical access to a machine on a network. Strong password protection both for access to a computer system and the computer’s BIOS are also effective countermeasures to against cyber criminals with physical access to a machine.

 The threat is advancing quicker than we can keep up with it. The threat changes faster than our idea of the risk. It’s no longer possible to write a large white paper about a risk of a particular system. So according to the nature of threat we  have to  take the decision. By maintaining the proper security we can not say that the system is fully secured. So the system can compromise,  in that case we need cyber expert & cyber forensic lab that can help to detect the cyber criminals and to ensure punishment  accordingly by  cyber laws.

Targeting to make a digital Bangladesh by 2021, we have already stepped into the digital era. Lives will be much easier, quicker & meaningful if we use the digital facilities to perform our day to day activities. Once, people did not feel satisfied if a printed newspaper was not at their hands in the morning. Today, the same people feel nasty if the internet is disconnected. It is very easy to think that we will be in a digital Bangladesh in few years. But very few people imagine that the digitalization without proper security measures will make our lives hell overnight.

On 23 August 2004 an email was sent to the Daily prothom- Alo threatening to kill Sheikh Hasina,  the leader of the opposition in the parliament. Two days later on 25 August, 2004 another email was sent to the Bangladesh Police Headquarters, threatening Khaleda Zia, the Prime minister, her elder son and some members of the parliament. These were the first cyber crime incidents in Bangladesh which received due attention of the police authority.

The Prime minister inaugurated the opening of 64 district web portals on 6 January, 2010 while the hackers  invaded 19 of them by 21 March, 2010. This was the first cyber criminality by the foreign hackers. However, the news of cyber crime is sporadically published in the newspapers at interval. But like the traditional ones most of the computer related crimes remain unpublished, unregistered and uninvestigated.

The computer and the internet system have opened not only wide avenues for the development and humanitarian activities across the world, but they have also ushered in a vast world for the criminal section of the society. Unlike the traditional criminals, cyber criminals are sufficiently educated & highly specialized in computer systems and networking. They possess good IQs too. They can crack into your bank account rendering it empty, steal your valuable information and data from your computers and sell them to your enemies to defeat you in your business and even in your war planning. The terrorist organizations are the beneficiaries of the internet communication system. From disseminating motivated information to the innocent public to credit card fraud, the terrorist organizations may use the internet system in their benefits. Many of the terrorist organizations maintain their own web sites. Most communications of the AL Queda networks are performed through the internet. Even the Bangladeshi terrorist organization JMB does not go less. Although their own web site is still unknown, they have developed internet specialization among their operators. The intensity of cyber crime victimization in Bangladesh is yet to be measured. There are no research or data collection efforts on how much money is lost every year due to cyber criminality. Neither the government nor the non government organizations have initiated any data collecting project about it. But many countries of the world collect & preserve statistics on cyber crime and the monetary loss due to cyber criminality across & outside of their countries. Many countries have been adopting innovative measures to detect and investigate the cyber crime. Almost every country has developed  Computer Emergency Response Team(CERT). The Malaysian developed  Computer Emergency Response Team(MyCERT) which operates the Cyber999 help centre, a public service that provides emergency response to computer security related emergencies as well as assistance in handling incidents such as computer abuses, hack attempts & other information security breaches.

The Chinese government has taken the innovative techniques to fight cyber crimes. Their measures are simultaneously preventive, investigative & preoperative. According to  reports from Chinese media ,two virtual police officers –one male, one female will appear at the bottom of user’s browser windows every thirty minutes, a visual reminder that they are being monitored. Many police agencies across the world set up special cyber crime units to fight the cyber crimes. Virtual police stations are common in many countries. Even our neighboring state, west Bengal started the function of cyber police station.

Cyber crime is still a low priority in Bangladesh. As a whole Bangladesh is not aware of her cyber security. Though computers are becoming  common house hold items and the number of internet users have already crossed thirty millions, very few computer related offences are reported to the police. In Bangladesh there is no Computer Emergency Response Team(CERT), no cyber police or virtual police to handle the incidents such as computer abuses, hack attempts and other information security breaches. It is known that there is a cyber crime unit in CID headed by a DIG. Some officers were given  special training on the purpose but for the want of necessary logistic support the unit remains nonfunctional. They have been dealing with cell phone related petty crimes only. The legal provisions to deter the cyber criminals from doing harm to billions of dollars are not sufficient. Bangladesh has enacted the Information and Communication Technology ACT-2006 with a maximum punishment for the cyber crime up to ten years of imprisonment or maximum fine of one crore taka or with the both. But the legislation may not be sufficient to effectively fight cyber crimes, For the offences under the act are non cognizable i.e the police can not arrest the alleged offender without the warrant of arrest. The non cognizance of an offence gives the perpetrators an upper hand over the victims. To fight cybercrime we must not impose all liabilities to the government. Computer and Internet system have facilitated the non government organizations a lot. They should have the largest interest in cyber security. So non government organizations must come forward to augmenting the governmental initiatives with money, logistics and specialized manpower. Mumbai  Cyber Lab is a unique initiative of public-private collaboration  in investigation of cyber crime. Bangladesh should follow their suit. The government should  welcome outsourcing initiatives to prepare a galaxy of virtual police officers and establish  few cyber police stations across the country as soon as possible. These cyber crime fighters should be given specialized training home and abroad. Introduction of cyber crime tribunals should be done at least in divisional headquarters of Bangladesh as early as poss

ible.

The

present government is expected to invest millions of taka to materialize their promise to build a digital Bangladesh. So the issue of cyber security must get a  due priority and a considerable portion of budget should be allocated to ensure the cyber security. There is no denying that cyber criminals are very much capable of robbing Bangladesh causing the loss  of crores of taka. They can make a havoc in our national life at any time. At that time we will find that our stallions are stolen and we will then be very much careful to lock our empty stables. So, let us prepare for the worst beforehand. Prevention is undoubtedly better than cure.  

References/Sources:

1. The daily Jugantor

2. www.en.wikipedia.org/wiki/cyberwarfare

3. www.ists.dartmouth.edu/cyberwarfare.pdf

4. www.digitalworld.org.bd/cyber-security-cyber-crime

5. www.ngccd.org/pdfs/pubs/cybercrime

6. www.lawteacher.net/criminology/essays/computer-crime