CYBER SECURITY ISSUUES AND ETHICAL HACKING IN PAKISTAN

Transcription

1 CYBER SECURITY ISSUUES AND ETHICAL HACKING IN PAKISTAN Arshee Ahmed Telecom Engineer National University of Computer and Emerging Sciences- FAST MS Student Bahria University Dr. Sadiq Ali Khan Associate Professor Department of Computer Science Karachi University Abstract: The objective of this study to embark the light on the issues regarding cyber security and the preventive measures to be taken. This paper covers various types of cybercrime, along with deployment of cyber law on international level.further role of the social media and Pakistan s contribution in the cyber world have been discussed. This study also focuses on Pakistan s role in producing highly qualified ethical hackers. The scope of this study is survey based, the results along with interpretations have been discussed at the end of the paper. 1. INTRODUCTION After the advent of the internet, it has been the most efficient mean of communication. No doubt there are uncountable advantages of the internet but on the other side the world is at the dangerous zone due to the misuse of the technology. There are unlimited number of crimes which have been committed by the use of the internet. There are three broader categories in internet world. The crime in which internet is used as the tool of the criminal is called cybercrime. Cybercrimes violate the law and committed by means of a computer system. Other two broader categories are cyber-attack and cyber warfare. The objective of cyber-attack and cyber warfare is to undermine the functions of computer network [1]. While ever growing demand of the internet, cyber security has been the top issues around the world [1].The intensity of the cyber crime varies from hacking of a account to the airplane crashes due to false message to air traffic control system.[1].in cyber crime criminals can easily hide their identity because there are no physical limitations and boundaries. 1

2 1.1Cybercrimes in Pakistan: The rate of cybercrime in Pakistan is less than the first world countries.because internet usage in not as much wide spread. Majority of the population reside in rural areas where the people are not aware of the technology usage. There was an ICT 7th exhibition CONNECT 2012 held in Expo Centre Karachi where President Pakistan Information Security Association (PISA) and former additional director general FIA Ammar Jaffery said The unwillingness of cyber crime victims to pursue cases is the major hurdle in the way of investigations and action against hackers and criminals in the country. According to him around 200 cases were reported in 2011 including internet fraud, website hacking.the victims do not report against the crime because of the fear of police, black mailing and personal secrets. There are lots of crimes which have been committed during the past five years.on February 16, 2012 FIA arrested a software engineer of a local institution. The boy was accused for hacking and Facebook IDs. He was used to blackmail females via Facebook accounts.the cybercrime of wing of FIA arrested a man for sending threatening s to the managing director of the Karachi Water and Sewerage Board.On May 16,2012 CIA arrested four people and handle them to FIA.Two of them were carrying Italian passports and had committed crimes like credit card fraud in Italy.There are uncountable number of cybercrimes which take place in our day to day life. 1.2 The Role of Social Network Sites: The SNS plays the vital role in cyber crimes. The sites like Facebook, twitter are at the top. In SNS one can easily create false profile [3].The criminal usually create the dummy profiles of the celebrities and attractive women[3].men accept the friend request from women even if they are complete stranger [3].You can imagine how convenient it is to get access to your victim s information. There are cases like the criminal sends messages to the users, claims to be old friend of them. He asks for financial assistance claiming that he is in the foreign country and has been a victim of robbery[3] The lack of awareness will cause SNS users to become the victim of fraudulent. The trend of online marriages has become so common nowadays. People socialize themselves through these SNS. The criminals trap girls and play with them. Intelligence gathering can easily done with SNS[2].Locative social media like Facebook, twitter have been the source to check potential targets[2].sns is also used for propaganda[3].terrorist can easily communicate with the wide audience[3].there was a report generated in 2010.According to the report terrorist target young people through these SNS and online video games[3].there was a case of Irhabi terrorist in 2005[3].He was used to hacking websites and was teaching online hacking skill to other Jihadis [3].In Mexico city, according to a report generated in 2009, fraud led is the number one cybercrime. In USA Air force, there is enough personal information available in SNS for cyber-attack [3]. 1.3 Types of cybercrimes: Pakistan is the bottleneck of following cybercrimes. Financial Crimes Cyber pornography Spoofing Forgery Cyber defamation Cyber stalking Unauthorized access to computer systems or networks: 2

3 Theft of information contained in electronic form Data diddling Salami attacks Denial of Service attack Virus/worm attacks Logic bombs Physically damaging a computer system Financial crimes include credit card fraud, money laundering. Spoofing is a mail that appears to be sent from a source but actually some other source is the originator of the .forging is the counterfeit of various things like mark sheets with the help of computers, printers. Cyber defamation is used to defame a person by posting defamatory material on sites. Cyber stalking means following a person via internet keep eye on his activities and constantly sending . There are crimes in which computer is target of the criminal or criminal use computer as the tool of their target.here are some of the examples.unauthorized access to computer system network comes under hacking like hacking of website.data didding is to play with data. There are Salami attacks which are used to crash a system. Like attackers send requests more than the capacity of the system. This causes system to get crash as it won t be capable of handling excessive demands. There are other viruses and worms which stick to the file and computers, causes them damage. Some viruses are event dependent. These viruses tend to be active on particular day. There is a program called Trojan which is the unauthorized program but looks like the authorized one and conceals the information.web jacking also occurs in Pakistan in which the person takes control over the website and the site is not in the control of the owner. Physically damaging and theft the computer peripherals is also a cyber-crime. 1.4 Ethical Hacking: When you design a network, you need to check whether your system is capable of fighting all forms of cyber-attacks. In ethical hacking we test our system by hiring ethical hacker. An ethical hacker uses all the tools and techniques that hacker does to exploit the security system. So, it is required for all of the developed and developing countries to produce Certified Ethical Hacker.The Professional Development Centre at Riphah Institute of Systems Engineering (RISE) in collaboration with EC-Council has launched a certified Ethical Hacker program. In Pakistan, Karachi Kalsoft Company has launched its ethical hacker program in November 2008 from E council..new Horizons has also launched its ethical hacking program. 1.5 Pakistan s contribution in Cyber World: In Karachi there are maximum number of internet users then in Lahore and Islamabad. To compete with the cyber-attacks, Transaction Ordinance 2002 was passed by the Pakistan s Government for facilitating and monitor all the forms of communication in electronic media.with the legal frame work we can now have legal backing of all the documents and day to day transactions.this IT contribution is the land mark of the 21 st century. The Electronic Crime Act 2004 was prepared with the collaboration of Ministry of Information Technology with the electronic transaction order 2002.The act has defined legislative terms for the following cybercrimes. Criminal access Criminal data access Data damage System damage 3

4 Electronic fraud Electronic forgery Misuse of devices Misuse of encryption Malicious code Cyber stalking Spamming Spoofing Unauthorized interception Cyber Terrorism National Response Centre is another step taken by the Government of Pakistan to stop misusing the internet. Under the General Pervaiz Musharaf government in July 2002, PTA put orders for cyber café owners to keep the record of their customers. The report says, Gen Musharraf says his government has invested more than 100 million euros in communications and sharply reduced the cost of connections and services since 1999.Pakistan has since launched a program to boost digital technology and information technology.on April 2, 2003 PTCL announced that internet operators have been asked to block 400 websites in addition with earlier 100 sites which contain unethical data. A senior PTCL official, Zahir Khan, said on April 6, 2003, that access to nearly 1,800 pornographic sites had been banned and the PTCL was thinking of importing software to make it easier to do. PTCL also targeted anti- Islamic and blasphemous sites. 2. LITERATURE SURVEY: With the ever growing technology, its advantages and disadvantages are increasing too.technology is Cyber Security is the most serious issue around the world. In April 2007, Estonia suffered a major cyber-attack[4].after which Estonia is contributing in securing cyber space worldwide. According to Joak AAVIKSOO, Minister of education and Research Estonia, they have analyzed weak point in their infrastructure.[4].as per their conclusions their law enforcements, border line do not hold in cyberspace[4].and most of the infrastructure is not under single body, 80% of web infrastructure is in private hands[4].in 2008 Estonia has formulated a National Cyber Security Strategy[4].The objective of National Cyber Security Strategy is to ensure cyber security and help private sectors to develop highly secured standards[4].in Malaysian primary school, cyber bullying and hacking are the major occurring crimes[5].there is an Adaptive Information Security Model which was developed to lessen the gap between what we can do and control with ICT[6].There are five critical systems which ensure the highly secured and prospered network[6].there are 41 internet crimes have been analyzed[6].the analyses show that victims were missing in these five security measures[6].a penetration test on internet service provider was conducted in Sweden[7].The purpose of the test was to discover system vulnerabilities and security flaws in their infrastructure[7].in Burma just before country s first national elections in twenty years, the internet was shutdown[1]. Offenders usually use public places to commit crimes which hides their identity and where there is no effective legislation..internet has given birth to terrorist propaganda. Radicalization can be done using internet [4].Terrorist can edit some video and make it according to their cause [4].Misconfiguration of websites causes search engines to penetrate into website and causes illegal access to data [8].Search engines need to obey some rules, disallowing some of the folders, files and images [8]. producing several negative impacts on society Internet hacking is worth noting. 4

5 2.1 Tools used for the crime: Stuxnet was launched in 2009 and 2010.It was created by USA and Israel.Its target was Iran s nuclear enrichment plant.stuxnet spread via usb jacks.stuxnet was built for not only just spy the industrial system but also reprogram them.a research conducted by Symantec showed that its main affected countries were Iran, Indonesia and India. Country Infected computers Iran 58.85% Indonesia 18.22% India 8.31% Azerbaijan 2.57% United States 1.56% Pakistan 1.28% Others 9.2% There is another term developed for cyber-attacks, Botnets. The term Bot originated from robot. Attackers distribute this software via spam mail.this turns your computer into a bot.the bot is also called a Zombie.Criminals use botnet to infect a huge number of computers. been provided, people have been asked to select multiple answers. The six choices are Greed, Power, Publicity, Revenge, Desire to access forbidden information and Destructive mind set. To judge the awareness about the implementation of cyber laws in Pakistan, people s level of knowledge about the deployment of laws have been asked. People s knowledge about occurring of cybercrimes have been asked to check whether the people have access to such magazines, newspaper and news. The next question determines what the citizens think regarding the occurring of various forms crimes.several crimes like Financial crimes, Cyber Pornography, related crime, Hacking, Web Jacking, Sales of illegal articles are listed. The next item determines whether the targeted persons have been a victim of the any form of the crime. My other question checks what the people think about the role of the Ethical Hacker in securing a system. Upto what percentage a company is secured against an attack or crime. According to my research a huge number crimes are due to the social networking sites. People consideration regarding the ban of these SNS have been judged. I have also determined where the companies stand in these five security measures.these are Deterrence, Prevention, Detection, Response and Recovery. 3. METHODOLOGY: In this research paper I have conducted a survey on the security issues and ethical hacking..questions were distributed in such a way that it covered all of the relevant material. In first question people knowledge about the cyber-crime was judged. The purpose of the first question was to determine how much of the people are aware of this term. The second question was designed to determine the internet usage among the people. In my next question I asked whether people consider cybercrime a threat or not. Because I have studied the cases in which victim especially females have been black mailing via social media sites In fourth question the reason behind committing crime have been asked. Six options have 3.1 Results and Discussions: I have targeted people who are teenagers, are in the age of 20s, 30s and 40s.According to the survey 93% of the people is aware about cybercrime. While 7% of the people are not familiar with the term cybercrime. Age does not matter in this scenario; all depends on your exposure and nature the of job. Criminals use internet more than the average man because they use internet to plan their targets, their ways of attack.greater the internet usage, greater the chance of people being turning into criminals. In Pakistan 52% of people use internet frequently,34% of the people have internet usage more frequently while only 13% of the people use internet once a while. basis. Fiqure1 shows graph of the responses. 5

6 How often you use the internet in your daily routine? The result shows that people are familiar with the number of ways in which a person can used different forms of the crimes for threatening somebody. There is some reason behind the scene which turns a noble man to a criminal. Usually a person commit a cybercrime due to greed, power, publicity, revenge, desire to access forbidden information and destructive mindset. The point of view of the people is as under. Fig Table shows the percentage usage of the internet. According to your point of view what is the reason behind committing the crime? Frequently 54% More Frequently 34% Once in a while 13% PERCENTAGE USAGE OF INTERNET Table When it comes to whether the people in Pakistan thinks cybercrime is a threat or not.92%of the people consider cybercrime a threat while 8% people consider cybercrime is not a threat. Fig Do you consider cybercrime a threat? Fig Greed 11% Power 13% Publicity 10% Revenge 11% Desire to access forbidden information 31% Destructive mindset 23% 6

7 shows majority of the citizen in Pakistan are not fully Result of the views regarding mindset of crime Table The result of the question whether Cyber laws in Pakistan are being implemented or not, conflicts with my researched material. Figure and table summarizes the result. acknowledged with the cyber laws. About the occurring various forms of the crime, cyber pornography is the,most occurring crime in Pakistan. While Sales of illegal articles(sale of narcotics, weapons and wildlife is the least occurring crime.occurrence of various crimes have been summarized in table to table Financial Crimes Do you think in Pakistan there is no particular implementation of cyber laws? Occur Frequently 53% Occur more frequently 24% Occur infrequently 21% Has not occurred 2% Occurrence of Financial Crimes Table Fig Agree 47% Strongly agree 34% Disagree 19% Strongly disagree 0% Cyber pornography Occur Frequently 49% Occur more frequently 41% Occur infrequently 7% Has not occurred 4% Occurrence of Cyber Pornography Views of the people regarding implementation of Laws Table Table According to the researched material, Cyber laws in Pakistan have been implemented [see introduction section].but result Related Crimes 7

8 Occur Frequently 35% Occur more frequently 38% Occur infrequently 22% Has not occurred 5% Has not occurred 23% Occurrence of sales of Ilegal Articles Table Occurrence of Related Crimes Hacking Table Occur Frequently 40% Occur infrequently 19% Has not occurred 1% In my survey, I found majority of the victims of related crime. And one person have been a victim of web jacking. Regarding ethical hacking my findings are 59% of the citizens think that company gets highly secured approximately 70-80% against all types of attacks after hiring an ethical hacker New methods to combat cyber-attack are being developing and the criminals are equipping themselves with the new ways of cyber-attacks. Table summarizes the result. Occurrence of Hacking Table If an ethical hacker is employed by a company, the company gets secured against the crime to what extent. Web Jacking Occur Frequently 34% Occur infrequently 36% Has not occurred 9% % 12% 70-80% 60% 50-60% 28% Occurrence of Web Jacking Table Table Sales of illegal Articles Occur Frequently 26% Occur more frequently 20% Occur infrequently 31% 50% of the citizens in Pakistan think that social networking sites should be banned in Pakistan. While 50% of the citizens are against such bans. Result is as under. 8

9 Researches have shown majority of the cyber attackers use social network sites as the source of the victim s private information. Do you agree these sites should be banned in Pakistan? Fig % people go with yes while 50% go with no. day to day routine. Only those people who have been the victim of the crime have taken some preventive measures.obviously someone belongs to the IT world, he or she familiar with the tool to combat cyber-attack. Regarding Pakistan s role in to combat cyber-attack. Regarding Pakistan s role in securing cyber space is worth noting. FIA and its regulatory bodies have been performing well in maintaining legislative law. According to my point of view, some of the features in social networking sites should be banned in Pakistan. I am 100% sure that if we ban SNS, 90% of the cyber security issues will be resolved.further I recommend parents of the teenagers to keep check on your children.because this is the age of developing the habit of misuse of technology. Regarding the five security measures, responses show that majority of the companies are fully acknowledged about the importance of security measures and the companies have deployed such measures in their systems. 4. CONCLUSION I conclude my research by mentioning that in Pakistan people are less attentive on cyber security. People are busy in their 9

10 References [1] Oona A. Hathaway, Rebecca Crootof, Philip Levitz, Haley Nix,Aileen Nowlan, William Perdue, Julia Spiegel; The Law of Cyber Attack ; Forthcoming in the California Law Review, 2012 [7] Petter Svenhard & Amir Radaslic A Penetration Test of an Internet Service Provider ; Copyright Petter Svenhard, Amir Radaslic, All rights reserved Bachelor Thesis Report, IDE1256 School of Information Science, Computer and Electrical Engineering Halmstad University [2] Mindy Chidester ; The Exploitation of Social Media by Clandestine Groups, How Law Enforcement & Intelligent Can Better Utilize Social Media, and Legal Concerns to Ensure its Appropriate Use by Government Entities ; A Thesis Presented to the Faculty of San Diego State University In Partial Fulfillment of the Requirements for the Degree Master of Science in Homeland Security by Mindy Chidester Summer 2012 [8] Rizik M.H Al-Sayyed atel ; Search Engines in Website Security Leak ; World Applied Sciences Journal 20 (5): , 2012 ISSN IDOSI Publications, 2012 DOI: /idosi.wasj [9] Mrs.Yogini A. Kulkarni Mr. Rajendra.G. Kaduskar [3] Julian Charvat; Radicalization on the Internet ;Defence Against Terrorism Review Vol.3, No2,F all 2010,pp Copyright COE-DAT ISSN: [4] Jaak AAVIKSOO, Minister of Education and Research,Estonia; Cyberattacks Against Estonia Raised Awareness of Cyberthreats; Defence Against Terrorism Review Vol.3,No. 2 F all 2010,pp Copyright COE-DAT ISSN: Department Of Computer Engg., Department Of E &TC Engg. PVG s COET, PVG s COET, Pune, India Pune, India,; Security against Malicious Code in Web Based Applications ; / IEEE DOI /ICETET [10] Eric Ke Wang,Yunming Ye, Xiaofei Xu [5] Maslin Masrom, Nik Hasnaa Nik Mahmood, Othman Zainon, Hooi Lai Wan, Nadia Jamal ; Information and Communication Technology Issues: A Case of Malaysian Primary School ; VOL. 2, NO. 5, June 2012 ISSN ARPN Journal of Science and Technology All rights reserved. Department of Computer Science Harbin Institute of Technology Shenzhen Graduate School, Shenzhen, China, S.M.Yiu, L.C.K.Hui, K.P.Chow Department of Computer Science The University of Hong Kong Pokfulam, Hong Kong; Security Issues and Challenges for Cyber Physical System; 2010 IEEE/ACM International Conference on Green Computing and Communications & 2010 IEEE/ACM International Conference [6] Jeffy Mwakalinga and Stewart Kowalski; ICT Crime Cases Autopsy: Using the Adaptive Information Security Systems Model to Improve ICT Security ; IJCSNS International Journal of Computer 114 Science and Network Security, VOL.11 No.3, March 2011 on Cyber, Physical and Social Computing / IEEE DOI /GreenCom- CPSCom