Cyber Security

Transcription

Cyber Security

|Malaysian Communications and Multimedia Commission|
Cyber Security
NRE EXECUTIVE DISCOURSE
MINISTRY OF NATIONAL RESOURCES & ENVIRONMENT
4 May 2012
Eneng Faridah Iskandar
Digital Security Services Division
SALIENT POINTS
Internet in
Malaysia
Role of
MCMC
Cybercrime &
Security Risks
Cybercriminals
Hiding Their
Tracks
Relevant Legal
Provisions
Action by SKMM
& LEAs
Where are we?
Until 11 April 2012
Who are the players?
Fixed Broadband
Providers
Wireless
Broadband
Providers
Y MAX
Content and
Applications
Facebook in Malaysia
Number of FB
accounts:
12,231,940
17th of 213 countries
around the world
By Age
Penetration
Rate 46.76%
(Total
Population)
72.37%
(Internet Users)
Source: http://www.socialbakers.com/facebook-statistics/
By Gender
Internet in our daily life….
EMAIL
INFORMATION
CHAT
SHOPPING
SOCIAL
NETWORK
DOWNLOAD/
UPLOAD
CONTENT
What’s the attraction?
YOU CAN BE
ANYONE
CHEAP &
FAST
BORDERLESS
A bit about you!
 How many of you have Internet at
home? On your mobile?
 What do you/ your kids like to do
when on the Internet?
 What are your concerns – as an
individual or parent – about the
Internet?
SALIENT POINTS
Internet in
Malaysia
Role of
MCMC
Cybercrime &
Security Risks
Cybercriminals
Hiding Their
Tracks
Relevant Legal
Provisions
Action by SKMM
& LEAs
ROLE OF MCMC
• To regulate according to the :
 Communications and Multimedia Act (CMA)
1998
 Postal Services Act 1991 (PSA)
 Digital Signature Act 1997 (DSA)
 Strategic Trade Act 2010
• Covers telecoms, broadcasters and ISPs; postal
and courier services and digital certification
authorities
ROLE OF MCMC
1. To advise the Minister on
national policy objectives
2. To implement and enforce
communications and
multimedia laws
3. To regulate matters relating to
communications and
multimedia activities not
related to communications and
multimedia laws
4. To consider and recommend
reforms to the communications
and multimedia laws
5. To supervise and monitor
communications and
multimedia activities
6. To encourage and promote
development of the
communications and
multimedia industry
7. To encourage and promote
self regulation
8. To promote and maintain the
integrity of licensees
9. To render assistance to
persons engaged in
communications and
multimedia
10. To carry out any function as
the Minister may prescribe
NOTE: Abbreviated from Section 16 of the
Malaysian Communications and Multimedia
Commission Act 1998 (Act 589)
SALIENT POINTS
Internet in
Malaysia
Role of
MCMC
Cybercrime &
Security Risks
Cybercriminals
Hiding Their
Tracks
Relevant Legal
Provisions
Action by SKMM
& LEAs
WHAT IS CYBERCRIME?
Offences against Confidentiality, Integrity and Availability
•
•
•
•
•
Illegal access to a computer system
Illegal interception
Data interference
System interference
Misuse of devices
Computer Related Offences
• Fraud and forgery
Content Related Offences
• Child Pornography
• Racism
• Sedition
Offences related to intellectual property rights and similar rights
• Distribution of copyrighted music, video and books without owner’s
permission
COMBINATION OF OFFENCES
ICT facilitate the activities
of organized criminal
groups
• Email-based
phishing scam
• Pretending to be
legitimate company
• Seeking to
disclose information
Organized
Cybercrime
Phishing
and
Identity
Theft
•Create propaganda
•Collecting information
•Providing information
•Communication among
terrorist
•Terrorist financing
•Training for real world attacks
Terrorist
use of the
internet
How are cyber crimes committed?
• Malware/Crimeware
–
–
–
–
–
Bots->Botnets
Keyloggers
Virus
Spywares
Trojans/Backdoors
• Exploiting the vulnerabilities
– Operating system-Windows,Linux ,OS X
– Application / Services
• Social Engineering
• Ignorance
15
Hacking
• Unauthorized access / forced entry into a
computer or network system
• Can lead to
– Information stealing->extortion
– Steal/Use available resources-> increase
operation cost
– Information tampering or deletion->shame,
damage to business (cost)
– Planting time bomb for future execution->
attack when it hurts most
16
Denial of Service (DOS)
• Attack targeting on disrupting the service or
resources of the provider until the provider
unable to offer the service
• Usually done using bots called zombies that are
installed in hundreds/thousands (Distributed
DOS) which are controlled by one computer
• Can lead to
– Extortion
– Shame
17
Anatomy of DDOS
18
Phishing
“Imitation is the best form of flattery”
Phishing - misrepresent, cheat and steal relying on “social engineering”
Financial institutions are mostly targeted
Most “phishers” can be found in the US
and Korea. Other places, China, Brazil,
Russia and Canada….
Example of Phishing
 Typical phishing email
 What should you do?
 Forward the email to
antiphishing (at)
cmc.gov.my
 MCMC is a member of
the Internet Banking
Task Force (IBTF)
 Working with
international partners to
take down phishing sites
Identity Theft
• Impersonating victim
in email, chat rooms
and other services
• Can result from
– Hacking
– Phishing/Pharming
• Can lead to
– Harassment
– Crime committed under
your identity
21
Identity Theft
NB. Social networking websites allow multiple registration
of a single name
Identity Theft
NB. Social networking websites also allow creation of
community groups of ‘fan pages/profiles’
Cyber pornography
• Difficult to curb as it is legal in some countries
• Many illegal child porn sites leads to promoting
Paedophilia, or sexual attraction to children by
an adult
• Children (victims) on the internet are lured to
give their addresses by pedophiles
• Some free porn sites are traps that will activate
installation of malware upon visit
24
Offensive Content
• Indecent, obscene, false, menacing, or offensive
content.
• Seditious tendency –
(a)
(b)
(c)
(d)
(e)
(f)
to bring into hatred or contempt or to excite disaffection against any Ruler or against any
Government;
to excite the subjects of the Ruler or the inhabitants of any territory governed by any
government to attempt to procure in the territory of the Ruler or governed by the
Government, the alteration, otherwise than by lawful means, of any matter as by law
established;
to bring into hatred or contempt or to excite disaffection against the administration of
justice in Malaysia or in any State;
to raise discontent or disaffection amongst the subjects of the Yang di-Pertuan Agong or of
the Ruler of any State or amongst the inhabitants of Malaysia or of any State;
to promote feelings of ill-will and hostility between different races or classes of the
population of Malaysia; or
to question any matter, right, status, position, privilege, sovereignty or prerogative
established or protected by the provisions of part III of the Federal constitution or Article
152, 153 or 181 of the Federal Constitution.
25
Cyber Scam
• Targets people to participate in some
foolproof scheme which will return higher
investment
• Usually sent through a convincing email
• Can lead to
– Monetary loss
– Shame
26
Scam email
• The Nigerian National
Petroleum Company has
large contract USD$
40,000,000 and need
non-Nigerian citizen to
do some transaction.
Commission 10%
• But need USD$100,000
first to be legitimate
transferee
• Invest USD$100,000 ->
USD$4,000,000
27
SPAM
• Abuse of electronic messaging systems to
indiscriminately send unsolicited bulk messages
• Advertise some illegal sites selling drugs or
pirated software/movies/music.
• Very irritating and waste of resources
• Main vehicle for spreading virus/malware/trojan
and phishing sites.
• Use of botnets to collect email addresses and
send SPAMs
28
Intellectual Property - Piracy
• Making and distribute
illegal copies of
copyrighted materials like
software, movies, songs
and e-books.
• Heavily perpetrated on
P2P networks and auction
sites
• Websites providing cracks
and serial keys (WAREZ)
29
Cyber Espionage
• Gaining crucial information like trade
secrets, patents and confidential financial
documents about competitors
• Hacking, Backdoor and spyware used.
• Virus can be sent to delete some
important files
30
Cyber Terrorism
• Conduct of terrorism by terrorist using
cyberspace
• Ranging from DDOS attacks to hacking into
Nuclear power plants (possible)
• Using chat rooms and encrypted emails to
coordinate attacks
• Usually aims at the critical infrastructures like
water, electricity and telecommunications to
have the physical effect
31
Critical Infrastructures
STUXNET
32
Estonian Incident
• Started April 2007
• Motive: Protest against reallocation of the
Bronze Soldier
• Russian hackers suspected
• Riots followed by DDOS
• Estonia is a pioneer of "e-government" and
one of the most wired countries in Europe,
crippled
• Government websites, Mobile networks and
Rescue service network attacked
• Forced to shutdown international links
33
34
WIFI hijacking
•
•
•
•
Use of WIFI spots without permission
Crack if encrypted
Harmless crime?
Deprives ISPs revenue and steals bandwidth
35
Why commit cyber crimes?
•
•
•
•
•
•
•
•
Curiosity
Being a hacker is cool?
Abundance of resources and ready made software
Vulnerabilities
Monetary reasons
Malicious reasons
Political agenda
Anonymity and difficult to trace
36
Cybercrime today $$$
• Its mostly about money
• Systems are built superfast to
accommodate commercial
needs
• Information security is not
taken seriously
• Traceability is hard
• Anonymity is easy
Is hacking cool?
• The Orange County Register reports that a
19 year old from Washington state broke
into the Orange County California 911
emergency system. He randomly selected
the name and address of a Lake Forest,
California couple and electronically
transferred false information into the 911
system. The Orange County California
Sheriff's Department's Special Weapons and
Tactics Team was immediately sent to the
home of a couple with two sleeping
toddlers. The SWAT team handcuffed the
husband and wife before deciding it was a
prank. Says the article, 'Other law
enforcement agencies have seen similar
breaches into their 911 systems as part of a
trend picked up by computer hackers in the
nation called "SWATting“-Slashdot
38
Meet Millionaire Spammer
Jeremy Jaynes
• One of the world's biggest spammers
• Earns about an estimated US$500,000 to
US$750,000 a month
• Owns a million-dollar house, a restaurant and a
Maserati
• 16 High speed Internet lines at home with
monthly bill up to US$20,000
• CDs containing more than 384 million emails
addresses
• He works from home
39
Ignorance is not an excuse
Ah Longs ‘book’ customers on Facebook
LOAN sharks are getting tech-savvy — they are now sourcing for
potential customers through Facebook, Nanyang Siang Pau reported.
The daily said the loan sharks had appointed middlemen who would
trawl the social networking site for customers. It quoted Deputy
Inspector-General of Police Tan Sri Ismail Omar as saying that the loan
sharks seemed to be very good at identifying people who had failed to
obtain loans through legal channels. “They will then get in touch with
them through Facebook and convince them to take a loan.”
40
Modern-Day Revenge
• A man in Sweden who was angry with his
daughter's husband has been charged
with libel for emailing the FBI that the
son-in-law had links to al-Qaeda.
• The son-in-law was arrested upon landing
in Florida. He was placed in handcuffs,
interrogated and placed in a cell for 11
hours before being put on a flight back to
Europe
41
Cybervillains for Hire
• You can’t do it, just hire
• 20 millions of mail's = €350 euro
• Starter Kit = €140
– 5 Millions email address with spammer app
configured in your own server
• DDOS attack
– Free for 10 mins
– USD$20 for 1 hour and USD$100 for 24 hours
42
SALIENT POINTS
Internet in
Malaysia
Role of
MCMC
Cybercrime &
Security Risks
Cybercriminals
Hiding Their
Tracks
Relevant Legal
Provisions
Action by SKMM
& LEAs
Methods
Anonymous Surfing  Website hosted
overseas subject to
Anonymous Proxy
privacy laws
Wireless access
 False registration
TOR Network
Use of
Hacked/Servers
IP Spoofing
 Extra territoriality
applies
SALIENT POINTS
Internet in
Malaysia
Role of
MCMC
Cybercrime &
Security Risks
Cybercriminals
Hiding Their
Tracks
Relevant Legal
Provisions
Action by SKMM
& LEAs
RELEVANT PROVISIONS FROM CMA 1998
Section 231
Offence if use
apparatus or device
without authority
Uses any apparatus or device with intent to
obtain information, content, sender or addressee
without an approval from SIRIM
devices, gadgets meant for interception of data
Section 232
Fraudulent use of
network facilities,
network service etc
With intent to avoid payment or fraudulent use of
service or facility: Stealing of telephone lines (PSTN / PCCB)
Cellular cloning
Tapping wireless internet for free service
usage etc
Section 233
Improper use of
network facilities or
network service
Annoying, abusive, threatening, harassing,
obscene:Emails (spamming), SMS, MMS
Website content publishing, posting
Viruses etc
RELEVANT PROVISIONS FROM CMA 1998
Section 234
Interception &
disclosure of
communications
prohibited
Interception of telephone line etc and use of the
information compromising / jeopardizing an ongoing investigation
Section 235
Damage to network
facilities etc
Sabotage of communication infrastructure or
service
Remote Denial of Service (DoS) attack e.g. virus
that damage or halt internet service belonging to
a provider
Section 236
Fraud and related
activity in connection
with access devices
Production, sale or use of devices or software
that can be used to modify a gadget, device to
gain illegal access to a service, content service
etc
E.g. card reader being modified to reader/writer
which can gain access to MyKad database
illegally.
THE DIGITAL
SIGNATURE ACT 1997
Regulate the use of digital signatures
Section 4 - Certification authorities under the
DSA are licensed (also provision on exemption)
Section 67 - Presumptions on digital signatures
INFRINGEMENT OF
COPYRIGHT
Copyright (Amendment) Act 1997
Section 13 (nature of copyright in literacy,
musical or artistic works, films and sound
recordings.
Section 41 (Offence)
COMPUTER CRIMES
ACT 1997
Section 3 (unauthorized access to computer
materials)
Section 4(unauthorized access with intent to
commit or facilitate commission of further
offence
Section 5(unauthorized modification of
contents of any computer)
Section 6(wrongful communications
)
ELECTRIC COMMERCE ACT 2006
& ELECTRONIC GOVERNMENT
ACTIVITIES ACT 2007
Section 6 of ECA and Section 10 of EGAA (legal
recognition of electronic message)
TELEMEDICINE ACT
Practice of medicine using audio, visual and data
communications.
INTERNET
DEFAMATION
Section 500 of the Penal Code
Section 28 of the ISA 1960
ONLINE SEDITION
Section 211 of the CMA 1998
Section 3 and 4 of the Sedition Act 1948
Section 233 of the CMA 1998
Section 8 of Internal Security Act 1960 (any
person who, by word of mouth or in writing
or in any newspaper, periodical, book,
circular or other printed publication or by any
other means spreads false reports or makes
false statements likely to cause public alarm,
shall be guilty of an offence)
Section 211 (prohibition on provision of
offensive content) and Section 233 (Improper
use of network facilities or network service)
of the Communications and Multimedia Act
1998
CYBER PORNOGRAPHY
AND EXPLOITATION OF
CHILDREN
Section 292, 293 and 294 of the Penal Code
Section 5 of Film Censorship Act 2002
Section 31 Child Act 2001
PROSTITUTION AND
OTHER ILLEGAL CYBER
SEXUAL ACTIVITIES
Section 372 (person living on or trading in
prostitution), 372B ( soliciting for purpose of
prostitution) and 373 (suppression of
brothels) of the Penal Code
SPAM
Spam Control Regulation has been finalized
and forwarded to Ministry of Information,
Communications and Culture on 9 February
2010.
CYBER TERRORISM
Penal Code contains provisions that deals with
terrorism that may apply to cyber terrorism as
well
Chapter VIA Sections 130B -130T (incorporated in
Penal Code on 6 March 2007)
CROSS BORDER AND
JURISDICTIONAL ISSUES
Extradition Act 1992
Mutual Assistance in Criminal Matters Act 2002
Reciprocal Enforcement of Judgment Act 1958
SALIENT POINTS
Internet in
Malaysia
Role of
MCMC
Cybercrime &
Security Risks
Cybercriminals
Hiding Their
Tracks
Relevant Legal
Provisions
Action by SKMM
& LEAs
• A cybersecurity monitoring centre initiated by the Malaysian
Communication and Multimedia Commission (SKMM)
• In line with National Cyber security Policy (NCSP) and the
10th National Policy Objective under the Communications and
Multimedia Act 1998 (CMA 1998)
• Provide preventive early warnings to all relevant stakeholders
in Malaysia
• Serves as the national Internet network thermometer to
provide overall understanding of macro cyber threat level with
the involvement and cooperation of both public and private
sectors
SNSC : Watch & Alert
Monitors and analyze
1 Petabytes (1,000,000,000,000,000 Bytes)
MAIN RESPONSIBILITIES
• Network Threat Monitoring and Management
– Recommends threat level for Malaysian network
– Monitor the criticality of threats coming into the local
network
• Incident Management, Network Forensic, Recovery and
Advisory
– Analyze network – forensic
– Provide early warning, handling, advisory and coordination
during incidences
• Vulnerability Management
– Network auditing activities to ensure continuous security
THE BIGGER PICTURE
INTERNATIONAL
SECURITY AGENCIES
DOMESTIC CNIIs
SNSC-ISP Connectivity
Cyber Incidents Detected (2011)
TOTAL: 3,921
Phishing Cases Escalated (2011)
Content-Related Complaints
Content-Related Complaints
TYPE ACCORDING TO MEDIUM
WEBSITE/ BLOG/ EMAIL
SOCIAL NETWORKING
TOTAL COMPLAINTS
2011
1,112
716
1,828
1 Jan-11 Apr 2012
274
239
513
TYPE
OFFENSIVE & MENACING
FALSE
OBSCENE
HACKING
OTHERS
TOTAL COMPLAINTS
2011
789
362
183
196
298
1828
1 Jan-11 Apr 2012
144
148
58
55
108
513
Action Taken (2011)
Investigation under CMA 1998
CATEGORY
YEAR
EMAIL
BLOG
FB/YOUTUBE
WEBSITE
TOTAL
2010
35
13
21
45
114
2011
35
14
23
47
119
11
4
6
12
33
81
31
50
104
266
2012
(UNTIL MAC 2012)
TOTAL
Enforcement Action under S.263(2)
CMA 1998 (2011)
CATEGORY
AGENCY
JAN
FEB
MAR
APR
MAY
JUN
JULY
AUG
SEPT
OCT
NOV
DEC
TOTAL
PHISHING SITE
SKMM/ PDRM
79
83
133
65
79
108
124
74
139
149
119
106
1258
LUCAH
SKMM
124
0
21
0
4
0
0
0
0
0
17
0
166
JENAYAH SYARIAH
JAIN/JAKIM
0
0
2
4
0
0
0
0
0
0
0
0
6
MEDICINE
KKM
0
0
1
0
0
0
0
0
0
0
0
0
1
S233 CMA
SKMM
0
0
0
0
0
0
0
1
0
0
0
0
1
S211 CMA
SKMM
5
1
3
4
9
0
0
0
0
0
0
0
22
COPYRIGHT
KPDNKK
0
0
0
0
10
0
0
0
0
0
0
0
10
FINANCIAL
SSM
0
0
6
0
0
0
0
0
0
0
0
0
6
SECURITIES
SC
1
0
0
0
0
0
0
0
0
0
0
0
1
ONLINE GAMBLING
PDRM
0
0
4
0
0
0
0
0
0
0
0
0
4
209
84
170
73
102
108
124
75
139
149
136
106
1475
Total
CONCLUSIONS
Conclusions
• Continuous and systematic monitoring due to
overwhelming number of web presence
– Issues requiring further action/ feedback
• Pro-active action required:– Reporting to web host/ moderator
– Media engagement through mainstream and alternative
media on issues raised
• Intensify awareness campaign
– SKMM’s “Klik Dengan Bijak” Campaign
– Participation in seminars, conferences etc.
– Media engagement through multi-platforms
Conclusions
Interface with international bodies and organizations to enhance
cooperation and exchange of information, expertise and
intelligence.
Meridian Process
Connecting and Protecting
ASIAN
TELECOMMUNICATIONS
REGULATORS
COUNCIL
APECTEL SECURITY & PROSPERITY STEERING GROUP
INTERNATIONAL COLLABORATION
Chair of ASEAN Telecommunications Regulatory Council (ATRC)
Network Security Working Group
Member of the Security & Prosperity Steering Group (SPSG) of
APEC Telecommunications and Information Working Group
(APECTEL)
Member of Steering Committee of the Meridian (A meeting and
work shop for Governmental and Regulatory bodies responsible for the
protection of critical infrastructure)
Signatory of the Seoul-Melbourne MoU against Spam
Member of the London Action Plan
MoU with RSA (Security Division of EMC) – collaboration to take
down phishing websites for foreign banks hosted in Malaysia
SKMM Contact Information:
nsc@cmc.gov.my
antiphishing@cmc.gov.my
Thank you
General Line : +60 3 8688 8000
Facsimile : +60 3 8688 1009
www.mcmc.gov.my
70

Cyber Security

Transcription

Similar documents

CYBERJAYA

Ekuinas Expands its Education Portfolio with Investment in

Sports 247 Sponsorship of Malaysian Tenpin Bowling Congress

Your partner for multimedia events at Kursaal Bern

Computer

enREDo International Design Network

Brief - Juwita Suwito

Focus Malaysia Dec 14-20, 2013, Roundtable Discussion

- Lab for Media Search - National University of Singapore