'Cyber-terrorism does not pose a significant threat to the Western security' - British expert

Photo: EPA

As global internet community grows by the minute, cyber-security experts continue to wonder how to make internet a safer place. In an interview to the Voice of Russia, Peter Warren, Chairman of Cyber Security Research Institute, UK, shared his thoughts on the issues of cyber-security and cyber-terrorism. According to Mr Warren, the possibility that terrorist organizations will use the internet to fulfill their malicious plans is rather low since a computer attack does not have that ‘chilling effect’ which is so often sought by terrorists.
The threat of cyber-crime, on the other hand, remains very real. In pursuit of greater revenues companies often rush to place their software on the market while being reluctant to check their new products for possible vulnerabilities which all too often serve as entry points for cyber-attacks. To minimize the probability of cyber-crime the expert urges to rethink the whole process of computer industry. Voice of Russia: Many international terrorist groups now actively use computers and the internet to communicate, but cyber-terrorism still remains a relatively rare occurrence. Do you think that terrorist networks might be avoiding the internet? Peter Warren: Yes, apart from for communication and fund-raising purposes, international terrorist groups are actually avoiding the internet at the moment. The reason for such avoidance is that it scares them. One of the primary characteristics of modern terrorist organizations is that they like to be anonymous. The traditional cell structures that they have been running for years helped them to achieve a very high level of anonymity and they do not want to compromise it. Those terrorist networks that have expertise to carry out a cyber-attack are well aware that the very moment they hit the internet they will be running a risk to be tracked and found because such organizations are being quite heavily monitored by the intelligence agencies all over the world. So, what is more likely is that a national-state player – a state with competence – could seek to destabilize an opponent by outsourcing the capability to the terrorist organization. Voice of Russia: Following your line of reasoning, it seems that cyber-violence is a particular kind of state-terrorism. Is this what you are implying? Peter Warren: I would say that this is a very real possibility and it is a very real trend. The only entity that has a capability to carry out an attack on a state’s critical infrastructure is another state. To achieve deniability, such a state could use a terrorist organization as a proxy. Voice of Russia: It is often claimed that the harm from cyber-terrorism can be compared to the harm from a more direct, physical terrorist attack. Would you agree? Peter Warren: That is actually the other issue because of which terrorist organizations are avoiding the internet. It is in the agenda of being a terrorist that you want to cause an outrage that scares people and makes them extremely anxious. The global reaction to 9/11 attacks is the best illustration of what terrorists ideally seek to achieve. Their main aim is to induce terror and it is fairly difficult to do it through the internet. If you are a terrorist organization and you use a virus that deteriorates the performance of the British transport system, for example, then all that this cyber-attack will do is cause a lot of irritation. It will not cause terror. In this respect, at the moment, cyber-terrorism per se does not pose a significant threat to the Western security; cyber-crime does. Voice of Russia: How about the harm that a cyber-attack can cause to a state’s economy or military infrastructure? We all remember how Iran’s nuclear infrastructure was attacked by Stuxnet. Would you say that this is not terrifying enough if a nuclear plant goes astray due to a cyber-attack? Peter Warren: This is the point I was about to come onto. There is now a fairly universal agreement that the Stuxnet attack on Iranian nuclear plant was put together by the joint efforts of the American-Israeli team and was not the work of any terrorist organization. Quite simply, for a terrorist group, such an attack was not ‘terrifying’ enough and was too ‘well-planned’ in a sense that the virus did not go much further than it was intended to. Although there was leakage of Stuxnet to India and some other areas, the attack was still very well-managed for a terrorist act. However, if such tool as Stuxnet got into the hands of genuine terrorists, the consequences could have been much worse. The nuclear reactor could have simply exploded and the damages would have been massive. This is why, as I said before, terrorist organizations with expertise in cyber-attacks are very closely monitored nowadays. Voice of Russia: It is interesting that a person or an organization behind the Stuxnet attack still remains unknown. Although, as you say, there are some speculations about the identity of the initiators, no one knows for sure who the attacker was. Why such difficulty with the perpetrator's identification? Peter Warren: This is one of the main problems with cyber-crime because you never know for sure where the things are coming from. One of the main problems with identification is the profound deficiency in the routing system in the internet. There have been some suggestions about how to fix this, but they all stumble upon the problem of funding. It is estimated that it would cost around eighteen billion dollars to correct the deficiencies. While this is not a considerable sum in terms of eradicating the issue, this budget would have to be agreed on internationally which is very difficult. That said, however, the intelligence agencies in Russia, in the UK, in America have developed a mechanism that allows them to track the virus to its origin. Obviously, the agencies will never tell the press how they do this, but it is known for sure that it is possible to locate the attackers. Voice of Russia: Vulnerabilities in software and computer system configurations provide the entry points for cyber-attacks. How can these deficiencies be minimized? Peter Warren: Vulnerabilities in code is a huge issue. The problem is that the way computer industry has been evolving as a very competitive market, security has always been a very low priority. Companies are constantly worried about what their competitors are doing so they want to rush out their software as quickly as they possibly can with no concern for security. In this sense, to minimize these vulnerabilities, we have to rethink the whole process of computer industry. Companies should not be allowed to place products on the market until these have been checked by cyber-security experts. Voice of Russia: In your opinion, what is the most effective countermeasure against cyber-attacks? Peter Warren: I think that one of the most effective means to prevent cyber-crime is raising public awareness. The other thing that can be done is the introduction of mandatory reporting mechanisms of cyber-crime. At the moment we are in an absolutely terrible state when the people will not even admit that they have been attacked precisely because they do not know how to deal with the problem. The third thing that is absolutely necessary is the creation of a global cyber-crime research organization. Although a European-wide research center has already been created for these purposes, there is a burning need for an international response. Admittedly, this is going to be very difficult to achieve because there is no legal consensus on the universal definition of cyber-crime. There are also some governmental organizations that actually have quite an intimate connection with cyber-crime. In essence, these organizations use hackers as deniable mercenaries which makes them significant intelligence assets. Voice of Russia: What about the social networks such as Facebook and Google+? Do they provide a fertile ground for recruitment of potential cyber-criminals? Peter Warren: Facebook and social media groups do currently provide a relatively fertile area for cyber-crime recruitment insofar as it is quite easy to find sympathizers. However, all the subsequent agreements are made elsewhere due to heavy monitoring of the social networks by the intelligence agencies. Source: Voice of Russia

Read More........→February 08, 2013

Apps installed indifferently can grab confidential information

Every day, the personal security and confidential information of those who travel in the virtual world is being stolen by the tech-giants including business biggies in the world in different ways. And everyone knows that various organizations in the developed world have spread a vast net in the cyber world to make these intentions succeeded through different apps. Many times users unknowingly hand over their information to giant companies. Later they used this information for their own benefit. So far, even the developed countries have not been able to prevent the theft of this information despite their best efforts.

According to the latest data received from BTRC, out of 161.5 million mobile phone users in the country, 102.1 million are internet users. By stealing the personal information of these vast users i.e. population, in a sense, those companies also got to know the real image of the country. This includes not only the personal security of the user but also the security of the country.

For some time now, there has been a lot of talk on Facebook about a photofilter app called LibLab. Many people can be seen editing pictures and uploading them on Facebook through this app. Earlier there was an app named Prisma apps. And another app named TikTok, which has made huge responses around the world. However, behind all this is the theft of information.

Wikileaks was founded in 2006 by Julian Assange. It continued to reveal the most confidential information of the world's top governments one by one. The issue of data theft has been prevalent among cyber experts ever since.

In 2010, Julian Assange released hundreds of thousands of sensitive intelligence documents about the brutal killings of civilians by US forces in Iraq and Afghanistan. That's when he came to the center of discussion in the world media. The United States prosecuted him and sentenced him to life in prison. Ecuador revoked his asylum after six years in the political asylum at the Ecuadorian embassy in London, United Kingdom. Assange is now in Belmas Prison in London. He is also on trial for violating bail conditions.

Meanwhile, the Federal Bureau of Investigation (FBI) took to the field to accuse Russia of colluding with Trump's campaign camp in the 2016 US presidential election. The investigation was led by Attorney Mueller for two years.

In this regard, experts say, big companies are manipulating this information through apps like Photofilter including Prisma or LibLab. In this way, they actually know everything from the user's resume to emotions. So don't install apps without understanding the theme.

That's what experts who have been working on virtual matters for a long time say. They said users need to be aware of this. With this information, criminal activities can also take place.

The chief executive officer of the Star IT Lab at AR International Cyber ​​Security Institute in the United Kingdom has written his opinion on real cybercrime. The cyber expert of Bangladeshi descent commented on the website of the Cyber ​​Police Department of the Criminal Investigation Department (CID) of the Bangladesh Police that giant companies around the world survey people who follow the trend before launching their products. Because they want to do business all over the world with the product. Your own interests are the main concern of these companies. They want to make products according to your taste.

What data is being stolen: Data is being stolen using the structure of your face (which unlocks the device face) or using biometric data. Staying in the account - date of birth, mail, and phone number, relationship status, and area - all these are manipulating all the personal information with the help of Artificial Intelligent Data Grabber (which is linked to Facebook with API).

If you search for a topic through Google or social media, after a while an advertisement for a sponsored article on that topic comes up. When you click, an e-mail comes with unfamiliar contact. At this time, maybe no one thinks or notices - why is this happening?

Real writes - The reason is very simple. You and I are handing over our data to them following the trend. Every keyword we search is stored in the database. These were later used in marketing. This information is sold as an open marketer outside the Surface Web. In addition, this information is often used in various criminal activities. He urged everyone to be aware of this.

Asad al-Hussein, head of Stonebridge Limited, which has been working on the issue for 10 years, also agreed with Real. "If you need any apps, it's a bit safer to get from the Google Play Store," he said. However, the giant company and espionage could not be stopped.

In this regard, the Deputy Inspector General of Police (DIGP) Md. Shah Alam, said "I don't think the issue is getting priority," he told Daily Bangladesh. However, “we are working on various cybercrimes in the country including national security.”

The intelligence official added that it is a "civil issue". Even developed countries like America and Britain could not address these issues. It has been seen that in these cases, the users often hand over the information to them without understanding. There are some prerequisites for using these apps. The user does yes or allow to the terms without understanding. In this way all the information of the user is being stolen by others. This way even the user's microphone can be controlled. He urged everyone to download the apps considering the security first. Source: https://www.daily-bangladesh.com

Read More........→August 04, 2020

US to complete elaboration of cyber war doctrine

A Pentagon document on the US cyber war doctrine will be put on President Barack Obama’s table in the next few weeks. Part of the US military doctrine, the cyber warfare doctrine stipulates launching pre-emptive cyber-attacks against potential enemies.

The doctrine will help the US respond to global cyber security threats and challenges. In fact, Washington reserves the right to carry out cover cyber operations all across the world. It took Pentagon experts two years to map out the doctrine, according to which the US President is authorized to give orders on launching pre-emptive cyber-attacks on any objects on the Internet, which pose a danger to the US’ national security. A cyber-attack means the implantation of multiple pieces of malicious software on the Internet, explains Moscow-based computer expert Ilya Sachkov. This creates a dangerous precedent for international law, he warns. "Such things should be regulated by the UN, Sachkov says, referring to a possible cyber war. A decision on punishing the aggressor should be made by the international community rather than a separate country, something that will comply with a spate of relevant international treaties adopted after World War II." A top-secret document, the cyber warfare doctrine was specifically hammered out by Deputy National Security Advisor for Homeland Security and Counterterrorism John O. Brennan, who will soon become the new CIA director. Earlier, it was Brennan who mapped out rules on using US drones to destroy terrorists. According to The New York Times, the cyber warfare doctrine contains plenty of norms related to using US drones. US experts say that a possible enemy’s financial sector, infrastructure and economy may be hard hit by a US cyber-attack, which can be likened to a nuclear strike in terms of consequences. This is why it is the US President who is authorized to issue an order on staging a cyber-attack. Such an order was reportedly issued by Obama during a secret operation against Iran’s uranium-enrichment facilities in 2010. According to US media, the facilities’ software was seriously damaged by a US cyber-attack at the time. The US Cyber Command led by former National Security Agency chief General Keith B. Alexander was formed in the Pentagon in February 2011. According to the new doctrine, the US Cyber Command is responsible for defining the US’ cyber foes and objects of cyber-attacks. Source: Voice of Russia

Read More........→April 15, 2013