Evaluating the Feasibility of a Pakistan Honeynet Node

Evaluating the Feasibility of a Pakistan Honeynet NodebyFarrukh NaghmanStudent ID: 42601800

SupervisorMilton Baar1AgendaAimReviewing the Methodology AdoptedIntroductionLiterature ReviewAnalysing the Cyber ThreatEvaluating the Feasibility of a Honeynet Node in PakistanRecommendationsConclusion11/05/2012Evaluating The Feasibility of a Pakistan Honeynet Node2AimTo review and analyse literature of the honeynet project and to evaluate its use in setting up a Pakistan node11/05/2012Evaluating The Feasibility of a Pakistan Honeynet Node3Reviewing the Methodology AdoptedFor the comparative analysis, I selectedPakistan as a model developing country, andAustralia as a model developed country.For both these countries, I compared the statistics of Internet attacks,identified and compared existing security measures.And lastly, I carried out the feasibility of implementing a honeynet node in Pakistan.11/05/2012Evaluating The Feasibility of a Pakistan Honeynet Node4IntroductionIn this section, I shall discuss facts about Internet,fundamentals of cyber crime and security, andthe problem statement11/05/2012Evaluating The Feasibility of a Pakistan Honeynet Node5How many here have a fair idea of Internet or cyber security?5

Facts about InternetThe Internet is now fully integrated into daily commercial and personal lives; over 30% of the world population uses the InternetA by-product of the increased public awareness of Internet is an increase in cybercrimeJohn Walker Crime Trends Analysis estimated the cost of cyber crime in Australia to be $US1.2 billion per year

11/05/2012Evaluating The Feasibility of a Pakistan Honeynet Node6

6Fundamentals of Cyber Crime and SecurityCyber Crime is defined as:Any violation which involves the use of computer either standalone or connected to a computer network either a small scale system or system with a global reach, that is, Internet against computers or computer systems and technology enabled crime House of Representative, Standing Committee on Communications, The Parliament of Commonwealth of Australia, June 201011/05/2012Evaluating The Feasibility of a Pakistan Honeynet Node7Fundamentals of Cyber Crime and Security - continuedConventional cyber-security techniques include:-Software firewallHardware firewallAnti-malwareCharacteristics are:-Defensive by designNon-proactive

11/05/2012Evaluating The Feasibility of a Pakistan Honeynet Node8

Fundamentals of Cyber Crime and Security - continuedModern cyber-security techniques include:-Intrusion detection system (IDS), which inspects network activity for suspicious patternsIntrusion prevention system (IPS), which is a pre-emptive approach to identify potential threatsHoneypot, which is a trap for hackersHoneynet is a network of honeypotsCharacteristics are:-Offensive by designProactive11/05/2012Evaluating The Feasibility of a Pakistan Honeynet Node9

What should be happening?What is actually happening?

A by-product of the increased public awareness of Internet is an increase in cybercrime.In developed countries deployment of proactive cyber-security solutions is on the rise.In developing countries, however, computer networks are still equipped with conventional solutions that are not proactive by design.Cybercrimes have no boundaries so efforts to mitigate these crimes should also be similar across the world.Problem Statement11/05/2012Evaluating The Feasibility of a Pakistan Honeynet Node10Literature ReviewIn this section, I shall enumerate the sources that I examined for the projectdescribe the methods used to explore the sources11/05/2012Evaluating The Feasibility of a Pakistan Honeynet Node11Sources ExaminedAustralian SourcesCyber Security Operations Centre (CSOC), Defence Signals Directorate (DSD)Australian Crime CommissionAustralian Institute of CriminologyAustralian Federal PoliceAustralian CERTAustralian Honeynet ProjectSCAMwatch, The Australian Competition and Consumer Commission (ACCC)Pakistani SourcesFederal Investigation Agency (FIA), Government of PakistanNational Response Centre for Cyber Crimes (NR3C), FIAPakistan CERTPakistan Honeynet ProjectRewterz PakistanOther sources from the InternetExpress TribuneDaily Times, andPro Pakistani11/05/2012Evaluating The Feasibility of a Pakistan Honeynet Node12Methods Used to Explore the SourcesFinding academic and non-academic data from the sources of informationCommunicating with Australian and Pakistani sources to collect informationExploring blogs, forums and other websites related to cyber security11/05/2012Evaluating The Feasibility of a Pakistan Honeynet Node13

Analysing the Cyber ThreatIn this section, I shallreview Australian and Pakistan cyber threat, and discuss efforts done by Australia and Pakistan regarding cyber-security11/05/2012Evaluating The Feasibility of a Pakistan Honeynet Node14Australian Threat ReviewThe Australian Crime Commission (ACC)Conducted survey in Australia in 2008; 14 per cent reported computer security incidents amounting to a financial loss estimated up to $649 million.The Australian Institute of Criminology (AIC)

11/05/2012Evaluating The Feasibility of a Pakistan Honeynet Node15

Australian Threat Review continuedAusCERT Australian CERTSCAMwatch - by the Australian Competition and Consumer Commission (ACCC)Recorded following scams in the year 2012Scratchie cardsCarbon price scamsPhone scams11/05/2012Evaluating The Feasibility of a Pakistan Honeynet Node16

Efforts by AustraliaAustralian government announced E-Security review on 2 July 2008. Prime Minister of Australia Hon. Kevin Rudd MP in his first national security statement to the Parliament, on 4 December 2008, identified the cyber-security as one of the top most national priorities.Australian Government Cyber Security Strategy was formulatedAG Cyber Security Strategy turned out to be the backbone of Australian Cyber Security Policy

11/05/2012Evaluating The Feasibility of a Pakistan Honeynet Node17The purpose of the review was the development of a new Australian Government cyber security framework.

17Efforts by Australia - continuedThe Cyber Security Policy resulted in the establishment of:-Australias National CERT1 (CERT Australia)Cyber Security Operations Centre (CSOC)Australian Honeynet Project - a step towards securing Australian cyber space11/05/2012Evaluating The Feasibility of a Pakistan Honeynet Node181 Computer Emergency Response TeamRewterz gives map of Pakistan based sources of malwareCyber-warfare in the Southeast Asian regionMajor players are India and PakistanRecently, involvement of Bangladeshi greyhats have been foundMost of the incidents include websites defacementRecently few incidents also reported data-leaksPakistan Threat Review11/05/2012Evaluating The Feasibility of a Pakistan Honeynet Node19

First incident of this kind took place in year 1997 between Pakistan and Indian hackers that continued for five yearsIn 2008, Indian script kiddie defaced Pakistan government website that triggered a cyber warIn June 2012, Pakistani hacker, in response to a defacement of Pakistani website by a Bangladesh greyhat group, defaced the website of National Curriculum & Textbook Board of Bangladesh19Pakistan Threat Review - continuedMicrosoft Security Intelligence ReportPakistan placed among the countries with high malware detection in the third and fourth quarters of year 2011Microsoft places Pakistan among the five locations with the largest Computers Cleaned per Mile (CCM) increases

11/05/2012Evaluating The Feasibility of a Pakistan Honeynet Node20

Microsoft Security Intelligence ReportVolume 12July through December, 2011

Efforts by PakistanElectronic Transaction Ordinance was passed by the Government of Pakistan in 2002Prevention of Electronic Crime Ordinance was passed by the government in 2009National Response Centre for Cyber Crimes (NR3C) was established under Federal Investigation Agency (FIA) to deal with cyber crimesNR3C is operating with ten different wings11/05/2012Evaluating The Feasibility of a Pakistan Honeynet Node21Efforts by Pakistan - continuedPakistan CERT was performing as national CERT till 2010 but has been inactive after the establishment of NR3C CERT. During the course of the project the websites content has not changed.11/05/2012Evaluating The Feasibility of a Pakistan Honeynet Node22

Efforts by Pakistan - continuedPakistan Honeynet is also an independent, non-profit organization but as the website reflects, this project appears to be inactive11/05/2012Evaluating The Feasibility of a Pakistan Honeynet Node23

Evaluating the Feasibility of a Honeynet Node in PakistanHoneynet analysisExisting facilitiesBenefits of existing facilitiesFinal findings of the analysis11/05/2012Evaluating The Feasibility of a Pakistan Honeynet Node24Honeynet AnalysisExisting Facility, Modus Operandi and CapabilitiesA National Honeypot by NR3C FIA is a welcome step in the right direction but there is still many things to doOfficial website of NR3C is being hosted from central server that is running from outside Pakistan; it requires strict policies to ensure Confidentiality, Integrity and Availability of resourcesPakistan honeynet project is a much needed step but it is not as active as compared to its competitive model, that is, Australian honeynet project11/05/2012Evaluating The Feasibility of a Pakistan Honeynet Node25Honeynet Analysis - continuedPakistan honeynet project is being hosted from the Honeynet Projects central server, located in United States of AmericaTo confirm the location of the servers, I ran few simple Network Scanning checks11/05/2012Evaluating The Feasibility of a Pakistan Honeynet Node26

Honeynet Analysis - continuedBenefits of existing facilitiesPakistans cyberspace has started getting equipped with modern and sophisticated techniquesGovernment and private sectors are concerned about the rising Internet fraud and other threatsIn 2010 more than 312 cases were registered in different categories of cyber-crimes. Most of the crimes are related to the defacement of websites but few cases have been registered where data-leak was observedThere are signs of improved public awareness11/05/2012Evaluating The Feasibility of a Pakistan Honeynet Node27Final FindingsPakistani establishment is operating without cyber-security lawPakistani agencies are not in communication with the honeynet projectPakistani CERT and honeynet projects are inactivePakistan agencies do not own independent honeynet nodeThe Australian honeynet project is also hosted from Pennsylvania, Wayne, US but AFP is running its private honeypotUnlike Pakistani honeynet, Australian honeynet project shares information with Australian law enforcement agencies11/05/2012Evaluating The Feasibility of a Pakistan Honeynet Node28RecommendationsPakistan needs to reinstate cyber security lawPakistan government should develop info sharing with the honeynet projectNR3C should deploy honeypot independentlyNR3C must not operate honeypot without having requisite expertisePakistan needs her national CERT to be activeGovernment must have a check over private security solution providersGovernment must ensure improved general awareness11/05/2012Evaluating The Feasibility of a Pakistan Honeynet Node29Conclusion11/05/2012Evaluating The Feasibility of a Pakistan Honeynet Node30Today, Internet means social interactionSocial interaction means implicit trust that anybody can exploit easilyCyber criminals are increasingly employing sophisticated techniquesThis is the responsibility of the government to harness the full range of resources to help protect government, business and individual AustraliansSummary of the projectConcluding remarksQuestionsCyber-Security is a must Basic cyber security model Implementing National Security Thank You !30