Bangladesh is still unaware of Cyber threat

by Razzak Raza
April 9, 2010

http://www.weeklyblitz.net/655/bangladesh-is-still-unaware-of-cyber-threat

Targeting to make a digital Bangladesh by 2021, we have already stepped into the digital era. Lives will be much easier, quicker and meaningful if we use the digital facilities to perform our day-to-day activities. Once, people did not feel satisfied if a printed newspaper was not at their hands in the morning. Today, the same people feel nasty if the Internet is disconnected. It is very easy to think that we will be in a digital Bangladesh in few years. But very few people imagine that the digitalization without proper security measures will make our lives hell overnight.

On 23 August 2004 an email was sent to the Bangla Daily Prothom Alo threatening to kill Sheikh Hasina, the then Leader of the Opposition in the parliament. Two days latter on 25 August/2004 another email was sent to the Bangladesh Police Headquarters threatening Khaleda Zia, the then Prime Minister, her elder son and some members of the parliament. These were the first cyber crime incidents in Bangladesh which received due attention of the police authority.

In 2008, a Bangladeshi petty hacker named Shahi Mirza occupied the RAB web site. In his confession to the police, Mirza claimed that he hacked not only the RAB web site, but he had been hacking domestic and international web sites also for long time. He invaded at least 21 domestic web sites including the web site of Bangladesh Army.

An analyst of Premium Bank Brokerage House, Mahbub Saroar, robbed nearly five million Taka from the root level investors of the Dhaka Stock Exchange. He disseminated misleading share-tips to his Face Book friends manipulating price of certain shares in the Dhaka Stock Exchange. While in police custody Mahbub provided the law enforces with sensational information about Internet fraudulence.

The Prime Minister inaugurated the opening of 64 district web-portals on 06 January 2010 while the hackers invaded 19 of them by 21 March/2010. This was the last known invasion in government's cyber territory as well as the first criminality by the foreign hackers. However, the news of cyber crime sporadically published in the newspapers at intervals. But like the traditional ones most of the computer related crimes remain unpublished, unregistered and un-investigated.

The petty hacker Shahi Mirza who hacked the RAB web site put forward a pertinent question about our cyber security. "You do not know what the cyber security is or how to protect yourself." He also claimed that if he would hack the RAB web site by changing the Internet Protocol (IP), he could not be traced. One thing is clear from the confession and claim of Mirza that though Bangladesh Police showed some success in detecting hacking business committed inside the country, they are probably unable to trace the same if it is committed from outside the country.

The computer and the Internet system have opened not only wide avenues for the development and humanitarian activities across the world, but it also ushered in a vast wilderness for the criminal section of the society. Unlike the traditional criminals, cyber criminals are sufficiently educated and highly specialized in computer systems and networking. They possess good IQs, too. They can crack into your bank account rendering it empty, steal your valuable information and data from your computers and sell them to your enemies to defeat you in your business and even in your war planning.

The terrorist organizations are the beneficiaries of the Internet communication system. From disseminating motivated information to the innocent public to credit card fraud, the terrorist organizations may use the Internet system in their benefits. Many of the terrorist organizations maintain their own web sites. At least 12 of the 30 groups on the US State Department's list of designated foreign terrorist organizations maintain Web sites on the Internet. Most communications of the Al Queda network are performed through Internet. Even the Bangladeshi terrorist organization JMB does not go less. Although their own web site is still unknown, they have developed Internet specialization among their operators. They used the Internet materials to teach their members bomb-making formulae.

The intensity of cyber crime victimization in Bangladesh is yet to be measured. There are no research or data collection efforts on how much money is lost every year due to cyber criminality. Neither the government nor the non-government organizations have initiated any data-collecting project about it. But many countries of the world collect and preserve statistics on cyber crimes and the monetary loss due to cyber criminality across and outside of their countries. In the United States the total money-loss from the reported cyber fraud is increasing leaps and bounds. According to the US Internet Crime Complaint Center statistics, in 2001 the dollar loss of reported cyber crime was only $17.8 million dollars. But this amount, in 2009, reached at $559.7million dollars. Yet, it is a small portion of the actual loss of money as only 15 percent of cases of cyber fraud are being reported to crime control agencies.

Law Enforcement and investigating agencies across the globe find it difficult to fight against the cyber criminals. Three factors make computer-related crime difficult to address. First, computers have permitted criminals to use highly technical and innovative methods to engage in 'old style' crimes, making it more difficult for the police to identify perpetrators. Second, computer are used to cross jurisdictional boundaries electronically, making it more difficult for detectives to investigate crimes. Issues of jurisdiction have quickly come to the fore in the era of the digital world and the Internet. Third, ' the evidence of these crime is neither physical nor human, but if it exists, is little more than electronic impulses and programming codes.. A single Internet transaction may involve the laws of at least three countries: i) laws of the user country, ii) country where the server is hosted; and iii) merchant/business country with whom the transaction takes place.

With compare to the developing and the third world countries, the developed ones are more infested with cyber crimes. So, to detect and investigate the cyber crime they have been adopting innovative measures. The United States founded the National Infrastructure Protection and Computer Intrusion Program (NIPCIP) in 1998 which continually assesses the threat of computer crime in the United States, warns communities, corporations, and individual when they might be vulnerable to computer-related crime, and investigates incidents involving computer related crimes that fall within the federal government's jurisdiction.

Almost every country developed Computer Emergency Response Team (CERT). The Malaysian Computer Emergency Response Team (MyCERT) operates the Cyber999 Help Center, a public service that provides emergency response to computer security related emergencies as well as assistance in handling incidents such as computer abuses, hack attempts and other information security breaches.

The Chinese government have taken innovative techniques to fight cyber crimes. This country is the home of the second largest number of internet users in the world. Their measures are simultaneously preventive, investigative and propagative. According to reports from Chinese media, two virtual police officers -- one male, one female -- will appear at the bottom of users' browser windows every 30 minutes, a visual reminder that they are being monitored. The virtual long arm of the law will be there to remind users of Internet security -- and to sniff out any activity the Government deems illegal. Many police agencies across the world set up special cyber crime units to fight the Internet crimes. Virtual Police Stations are common in many countries. Even, our neighbouring Indian State, West Bengal started the functioning of a cyber police station.

Cyber-crime is still a low priority to Bangladesh Police. As a whole Bangladesh is not aware of her cyber security. Though computer is becoming a common household item and the number of Internet users has already crossed six millions, very few computer related offences are reported to the police. As our police have not been furnished with modern techniques and technology to investigate even traditional crimes, we cannot expect them to acquire the necessary skills to investigate the most complicated hi-tech computer related crimes.

It is known that there is a Cybercrime Unit in the CID. Some officers were given special training on this purpose, too. But for the want of necessary logistic supports the unit remains dysfunctional. The unit, in fact, exist in the organogram only. The Dhaka Metropolitan Police also formed a three-member Cybercrime Team headed by an Assistant Police Commissioner. Having two constables as his deputies, the Assistant Commissioner has been dealing with cell-phone related petty crimes only. Moreover, there is no initiatives in the police training system which can train sufficient number of police officers investigating Cyber Crime satisfactorily.

The legal provisions to deter the cyber criminals from doing harms to billions of dollars are not sufficient. Bangladesh has enacted the Information and Communication Technology (ICT) Act-2006 with a maximum punishment for the cyber crime up to 10 years of imprisonment or a maximum fine of 1 million Taka or with the both. But the legislation may not be sufficient to effectively fight cyber crime. For, the offences under this act are non-cognizable. That is, the police shall not arrest the alleged offenders without a warrant of arrest. The non-cognizability of an offence gives the perpetrators an upper hand over the victims.

To fight cyber crime we must not impose all liabilities to the government. Computer and Internet system facilitated the non-government organizations a lot. They have the largest interest in cyber security. A survey of the US National Institute of Justice revealed that the business and financial institutions comprises 46 percent of computer crime targets while the government comprises only 8 percent of targets. So, non-government organizations must come forward to augmenting the governmental initiatives with money, logistics and specialized manpower. Mumbai Cyber Lab is a unique initiative of police-public collaboration for training police officers in investigation of cyber crime. Similar initiates have also been taken by other States of India. Bangladesh should follow their suit. The government should welcome outsourcing initiatives to prepare a galaxy of virtual police officers and establish few cyber police stations across the country as soon as possible. These cyber crime fighters should be given specialized training home and abroad. The non-government organizations utilizing computers and Internet system, as their means of business operation should sponsor to send the virtual police officers abroad for advanced training on cyber crime prevention and investigation.

The present government is expected to invest millions of taka to materialize their promise to build a digital Bangladesh. So, the issue of Cyber Security must get due priory and a considerable portion of budget should be allocated for making the police capable of fighting cyber crimes. There is no denying that Cyber-criminals are very much capable of robbing Bangladesh of crores of taka. They can make havoc in our national life at any time. At that time we will find that our stallions are stolen and we will then be very much careful to lock our empty stables. So, let us prepare for the worse before hand. Prevention is, undoubtedly, better than cure.

Related Topics:  Bangladesh News receive the latest by email: subscribe to weekly blitz's free mailing list