The document discusses the current state of cyber security in Bangladesh, highlighting various incident trends such as site defacement, phishing, and email threats. It notes the lack of proactive monitoring and standard enforcement, and details specific attacks including DDoS on financial institutions and data leakage incidents. Additionally, it emphasizes the importance of awareness and proper reporting processes for incidents, especially concerning social media interactions.

1. Global Cyber Security trend & impact of
Internet on the society of Bangladesh and it’s
status
Fakrul Alam
CTO
bdHUB Limited
fakrul@bdhub.com
http://bd.linkedin.com/in/fakrulalam
https://twitter.com/rapappu

2. Incident Trends, Bangladesh
Data received from censors maintained by bdCERT

3. 1. Site Defacement
• Site hacked by hacker group named Indishell, Sil3nt Hack3r,
My@nm@r H4acK3rs Unit
• Government sites were targeted (.gov.bd)
• Sites running on CMS are not fully patched and inherently carrying
bugs which is quite easy for the hacker to penetrate.
• Lack of proactive monitoring and enforcement of standards.

4. 1. Site Defacement

5. 1. Site Defacement
• Site defacement using known techniques like SQL Injection,
Metasploit and CMS vulnerability.

6. 2. Phishing Attack

7. 2. Phishing Attack

8. 2. Phishing Attack
whois -h whois.apnic.net 203.112.194.17
mnt-by: APNIC-HM
mnt-lower: MAINT-BD-BTTB
mnt-routes: MAINT-BD-BTTB
mnt-irt: IRT-BTTB-BD
changed: hm-changed@apnic.net 20040323
status: ALLOCATED PORTABLE
changed: hm-changed@apnic.net 20040323
changed: hm-changed@apnic.net 20040401
source: APNIC
irt: IRT-BTTB-BD
address: Data and Internet Service
address: Bangladesh Telecommunications Company Ltd
address: Moghbazar Telephone Bhaban, Dhaka
e-mail: irt@btcl.net.bd
abuse-mailbox: irt@btcl.net.bd
admin-c: HA128-AP
tech-c: MR209-AP
auth: # Filtered
mnt-by: MAINT-BD-BTTB
changed: irt@btcl.net.bd 20110102
source: APNIC

9. 3. Email Threat
• Email threats are increasing.
• Use gmail/hotmail/live email address to send
treat email.
• Sometime we saw use to TOR network for extra
layer of protection.

10. 3. Email Header
whois -h whois.cymru.com 209.85.213.182
AS | IP | AS Name
15169 | 209.85.213.182 | GOOGLE - Google Inc.,US

11. 3. Email Header

12. 3. Reporting Incident
In order for a non-U.S. Government to issue legal process from a U.S.
Jurisdiction, it must use a diplomatic process such as letters
rogatory or the process under the Mutual Legal Assistance
Treaty (MLAT), if one exists between the U.S. And
Bangladesh. Evidence sought by governmental
authorities in criminal matters in Bangladesh must be requested
through the Office of International Affairs, U.S. Department of Justice.

13. 4. Open Resolver / DDoS Attack
• DDoS attack on several financial institutions websites.
• Reported application layer (HTTP GET Flood) on online newspaper
portal. Attack stays for 72 hours with roughly 5 million packets per
second.

14. 4. Open Resolver / DDoS Attack
• Not only NTP / DNS Reflection Attack.
• New protocol are also used (UDP port 1900 UPnP Simple Service
Discovery Protocol)
• Biggest DDoS we report is roughly 2.4Gbps (STM-16)
dig ANY isc.org @OpenResolverIP +edns=0 +notcp
+bufsize=4096
;; Query time: 83 msec
;; SERVER: xxx.xxx.xxx.xxx#53(xxx.xxx.xxx.xxx)
;; WHEN: Tue Feb 10 09:43:54 2015
;; MSG SIZE rcvd: 4002

15. 5. Data Leakage
• Information data leakage in PASTEBIN

16. 6. Prefix Hijack

17. 6. Prefix Hijack
• If you are transit provider
– Make sure you check customer prefix before announce it.
– Do proper prefix & as filter
• RPKI (Resource Public Key Infrastructure)

18. 7. Facebook Incident

19. 7. Facebook Incident

20. Reporting Incident : LEA
• Information for Law
Enforcement Authorities
– https://www.facebook.com/saf
ety/groups/law/guidelines/

21. For End User
• Awareness is very important.
• Think twice before posting it to social media.
• http://www.stopthinkconnect.org/
– Safety Tips for Mobile Devices
– Social Networking & Cyberbullying
– Internet Safety & Security Tips for Parents

22. PEOPLE PRODUCT PROCESS

23. Thank You