Watchdogs of cyberspace
New Straits Times (8 May 2011)

Security threat in cyberspace is on the rise. ROZANA SANI is relieved that a team of experts is up to the challenge of safeguarding us all

JERRY Lim (not his real name) squints at the email in his inbox. For the second time today, his bank has sent him an urgent message concerning his account. Click on the link, the email says, and verify your account. If you don't respond as required, your account might have been compromised, the authoritative message reads. Just provide your username, password and other important and confidential details, and all will be well...

Lim's forefinger twitches-should he click on it? The email certainly looks legitimate, what with the graphics and the pop-up windows that look exactly like the bank's official site. But only yesterday, his fellow retiree, Hasnah Ramli, told him how she had clicked and responded to a similar email and later, found RM200 missing from her bank account.

So instead of clicking on the link, Lim forwarded it to the Cyber999 Help Centre (cyber999@cybersecurity.my). At the centre, an officer opens the email and notes that it is another in a growing number of such incidents reported in the past two days. He alerts the team of the latest incident and they begin a line of action to verify whether it is a fraudulent website and work towards taking it down.

Cyber999 is one of the services provided for Internet users here to report or escalate computer security incidents by the Malaysian Computer Emergency Response Team (MyCERT). MyCERT is a unit within CyberSecurity Malaysia, which is positioned as the national cyber security specialist under the Science, Technology and Innovation Ministry.

Heading MyCERT is Adli Abdul Wahid, vice president Cybersecurity Responsive Services. An MSc Computer Science in Software Engineering holder, he is a recipient of the Asia Pacific ISC2 Leadership Achievements (ISLA) 2009 in the IT Security Practitioner category and actively involved in various global computer security initiatives, such as the Forum of Incident Response Teams (First), the Asia Pacific CERT (APCERT), the Anti-Phishing Working Group and the Honeynet Project. Adli provides technical and strategic leadership to critical services, such as Cyber999, Malware Research Centre and Digital Forensics for government agencies.

Guardians of the cyberworld Though the MyCERT team may be small and officially, they work office hours, the select group of 20 intrusion analysts, malware analysts, application security analysts, and emergency response professionals are ever ready to be on duty round the clock. MyCERT acts as an independent coordination point for affected Malaysian hosts (hosts referring to define a physical server, workstation or device that resides on a network). This, says Adli, makes it easier for various parties, such as local and international experts, incident response teams, vendors, clients and law enforcement agencies to co-operate and conduct vital technical and remedial action at sites affected by computer security incidents.

"By providing rapid response through problem analysis and solutions, MyCERT defends national interests, organisations and companies by preventing further unauthorised activities and minimising the damage sustained from attacks. MyCERT also publishes advisories when new security incident trends appear to help other organisations to mitigate and reduce further threats. MyCERT plays an advisory role to law enforcement agencies and assists them when required. But MyCERT does not play a policing or regulatory role," he explains.

A typical day begins with a meeting where each service unit highlights any anomaly in the networks they monitor or any spike in reports that they have received. "The Malware Research Centre was launched in 2009. It operates a distributed research network for analysing malware and computer security threats. It also has established collaboration with trusted parties and researchers in sharing threat research information. "The team here does research and development work in mitigating with malware threats. These includes reverse engineering, which is basically breaking something down to understand it. The centre also monitors networks through the distributed Honeynet Project, a leading international security research organisation, dedicated to investigating the latest attacks and developing open source security tools to improve Internet security." Project Honey Pot is a web-based honeypot network which uses software embedded in websites to collect information about IP addresses used when harvesting email addresses for spam or other similar purposes, such as bulk mailing and email fraud. According to Adli, MyCERT has served many industries, including banking and finance, multinational companies, government and education sectors. Various agencies have also enlisted MyCERT's services to co-ordinate a response plan with various parties. These parties can include-but are not limited to-Internet Service Providers, law enforcement agencies and international incident response teams.

"If you are part of an organisation or a member of the public and you have issues that you would like to bring to our attention, please report to MyCERT through email, fax or telephone. MyCERT will respond to your enquiries as soon as possible." Case in point Asked about the trends he has seen throughout his tenure at MyCERT so far, in the early years, a typical cyber attack would be in the form of a denial-of-service attack (DoS attack) or distributed denial-of-service attack (DDoS attack). These are attempts to make a computer resource unavailable to its intended users. Although the means to carry out, motives for, and targets of a DoS attack may vary, it generally consists of the concerted efforts of a person or people to prevent an Internet site or service from functioning efficiently or at all, temporarily or indefinitely. Perpetrators of DoS attacks typically target sites or services hosted on high-profile web servers, such as banks, credit card payment gateways, and even root name servers.

While he would not name names, Adli says they have been a few local high profile organisations that have been crippled by such attacks.

"These days, cyber attacks are more on the personal level. For example, one of the most common forms of fraud is advanced fee fraud, where the victim is sent a message that claims you have won a large sum of money, or that a person will pay you a large sum of money for little or no work on your part. The lottery scam often includes references to big companies. The thing is, for you to receive the prize, you'd have to bank in some money to the sender first. Many fall for this due to the emotions at that point in time. Whatever it is, you have to be wise and think things through-whether it is an online or offline scam," says Adli.

Any information about yourself on social networks is also a gold mine for cybercriminals.

"Don't divulge information that would make you susceptible or damage your image. There is always someone observing for things they can take advantage of," he cautions.

With the rise in mobile lifestyle, smartphones too can be attacked.

"With the rise of Android apps, for example, people are downloading them indiscriminately. It is something that can be utilised to compromise you," he warns.

But, as far as possible, MyCERT intends to at least keep abreast if not stay ahead in the game to protect Malaysians online.

"After all, our mission is to address the computer security concerns of Malaysian Internet users. And to reduce the probability of successful attacks as well as to lower the risk of consequential damage."
   

COPYRIGHT © - CYBERSECURITY MALAYSIA
CONTACT US PRIVACY NOTICE DISCLAIMER SITEMAP