Question of the Week
Why are so many Bhutanese websites being hacked?
— Chimmi P., Mothithang
Answer
Dear Chimmi,
In the last few years, it seems that almost every website in Bhutan underwent surgery by knives of hackers. From RGoB’s main portal (www.bhutan.gov.bt) to BOB, T-Bank, BICMA, RCSC, DPT, Royal Bhutan Police, DrukNet, tour operators, schools... you name it! Now for the news - good and bad.
The good news: The attacks are often simple ones, and the hackers – perhaps bored teenagers sitting in an internet cafe in Tehran or Istanbul – are not professionals. They usually take advantage of well-known software vulnerabilities in the server. In fact, it’s easy to avoid these simple attacks; one only needs to make sure the server software is up to date (much like the Windows Update feature on personal computers). Many webmasters in Bhutan, however, don’t bother to update the server software, and so suddenly the websites display a cryptic message in Arabic (often bundled with an oriental tune).
The bad news: Given the abysmal state of internet security in the country, combined with the fact that more and more sensitive systems and databases are now online, it is difficult to overestimate the amount of damage that can be caused by malicious, professional hackers. The results can be disastrous. Bhutan must start taking cyber security seriously.
“There are no jobs for IT graduates” has become a common mantra these days, and fewer class XII pass outs are choosing the IT route. The fact is, however, that there are jobs – both in Bhutan’s private sector and abroad – for good computer programmers. The problem is not the jobs – it’s the type and quality of the degrees. I recently met a Bhutanese employer in Bhutan who is looking for skilled programmers, but was not able find a single one although he interviewed hundreds of IT graduates, many of whom are decorated with Bachelor in Computer Application (BCA) degrees. I have had similar experiences. There is a limited market for excellent BCA graduates, but a much larger demand for rigorous B.Tech or Computer Science graduates from reputable universities. The end result: while there are jobs for skilled software engineers and coders (as programmers are often known), the current state is that most of the IT graduates are unemployable.
Readers are encouraged to submit technology-related questions to boaz@thimphutech.com
Showing posts with label Internet security. Show all posts
Showing posts with label Internet security. Show all posts
Saturday, May 17, 2014
Saturday, February 1, 2014
Social engineering (K2 #80)
Question of the Week
Is it true that Google Apps is more secure than our current email systems?
— C., RGoB
Answer
Lots of resources are often invested in securing computer systems. We recently read about the government’s plan to use an online service called Google Apps to store and manage email and documents for civil servants. It was mentioned that one of the benefits of using this system is increased protection against hacking, as the government’s existing mail servers are considered more vulnerable. While this may be true, the sad reality is that any system is as secure as its weakest link. And the weakest link in information security is usually human beings.
Movies often depict hackers as geniuses (often in wheelchairs, for some reason) who break into computer systems. The truth, however, is that hackers often do not need to have special technical skills in order to break into computer systems. They need to understand human nature, and they can manipulate people into disclosing confidential information, such as passwords, by various tricks. This is known as “social engineering”. For example, a hacker might call an employee by phone and pretend to be the IT administrator, asking for the password in order to “maintain the account”. Or a hacker might “accidentally” drop a pen drive with malicious software near the premises of a targeted organisation, hoping that a curious employee will find the pen drive and plug it into a computer, thus infecting the organisation’s system.
Social engineering techniques take advantage of common human traits such as curiosity, fear, kindness, trust, and greed. Many of the most successful hackers are brilliant “social engineers”, understanding and manipulating human beings. In Bhutan, the levels of trust are high and people do not tend to be suspicious. While it makes for a wonderful social atmosphere, and is certainly great for the happiness metrics, it also means that rogue people with malicious intent can quite easily take advantage of this cultural psyche. Google Apps security is better than existing ones, but human beings are still the same.
Readers are encouraged to submit technology-related questions to boaz@thimphutech.com
Is it true that Google Apps is more secure than our current email systems?
— C., RGoB
Answer
Lots of resources are often invested in securing computer systems. We recently read about the government’s plan to use an online service called Google Apps to store and manage email and documents for civil servants. It was mentioned that one of the benefits of using this system is increased protection against hacking, as the government’s existing mail servers are considered more vulnerable. While this may be true, the sad reality is that any system is as secure as its weakest link. And the weakest link in information security is usually human beings.
Social engineering techniques take advantage of common human traits such as curiosity, fear, kindness, trust, and greed. Many of the most successful hackers are brilliant “social engineers”, understanding and manipulating human beings. In Bhutan, the levels of trust are high and people do not tend to be suspicious. While it makes for a wonderful social atmosphere, and is certainly great for the happiness metrics, it also means that rogue people with malicious intent can quite easily take advantage of this cultural psyche. Google Apps security is better than existing ones, but human beings are still the same.
Readers are encouraged to submit technology-related questions to boaz@thimphutech.com
Saturday, December 21, 2013
Protecting teenagers (K2 #77)
Question of the Week
How do I make sure that my two teenage boys do not venture into inappropriate websites?
— Craig, Thimphu
Answer
Dear Craig,
The Internet is a fantastic invention. Left without supervision, however, curious children can easily venture into dangerous zones either intentionally or accidentally with a few mouse clicks. During the recently-started winter vacation, some children will spend a lot of time glued to the screen. It is therefore important for parents to protect their children especially during these times. Here are a few things that you, as a parent, can do.
First, use a free service called OpenDNS FamilyShield to filter out child-unfriendly websites. OpenDNS also filters out websites which may contain malicious software. The nice thing about this service is that it does not require any software installation. You will need, however, to make a few simple configuration changes to your Windows or Mac computer (or better yet, your home wireless router, if you have one; this will automatically protect all devices connected to the router). To start, visit goo.gl/t32kW5.
You can also install web filtering software on your Windows or Mac computer. One recommended program is K9 Web Protection, available as a free download at www.k9webprotection.com. In addition to filtering out inappropriate websites, the program allows you to block Internet access during specific times, view reports to monitor web access, and more. You will need to get a license, which is free for home users.
Using these defence mechanisms together will increase protection, but nothing is airtight. At some point - either at home or at a friend’s house or perhaps in an Internet cafe - your children will be exposed to inappropriate material. It’s a good idea to have a candid conversation with them before that happens. Cyberbullying, internet safety and adult material are some topics worth talking about.
Enjoy the winter vacation!
Readers are encouraged to submit technology-related questions to boaz@thimphutech.com
How do I make sure that my two teenage boys do not venture into inappropriate websites?
— Craig, Thimphu
Answer
Dear Craig,
First, use a free service called OpenDNS FamilyShield to filter out child-unfriendly websites. OpenDNS also filters out websites which may contain malicious software. The nice thing about this service is that it does not require any software installation. You will need, however, to make a few simple configuration changes to your Windows or Mac computer (or better yet, your home wireless router, if you have one; this will automatically protect all devices connected to the router). To start, visit goo.gl/t32kW5.
You can also install web filtering software on your Windows or Mac computer. One recommended program is K9 Web Protection, available as a free download at www.k9webprotection.com. In addition to filtering out inappropriate websites, the program allows you to block Internet access during specific times, view reports to monitor web access, and more. You will need to get a license, which is free for home users.Using these defence mechanisms together will increase protection, but nothing is airtight. At some point - either at home or at a friend’s house or perhaps in an Internet cafe - your children will be exposed to inappropriate material. It’s a good idea to have a candid conversation with them before that happens. Cyberbullying, internet safety and adult material are some topics worth talking about.
Enjoy the winter vacation!
Readers are encouraged to submit technology-related questions to boaz@thimphutech.com
Monday, November 18, 2013
Business Opportunities corner: Hack Detection Service
Following up on a previous post on website hacking (and a bunch of related posts on Internet security) it appears that the different IT departments could use some help in detecting hacks.
Business idea #2 is therefore a "hack detection service". The service carefully examines websites of subscribers on a daily basis. If hacking is found, the subscriber is immediately notified.
Needed resources:
Disclaimer: Our ideas are just ideas, not necessarily sound business advice. If this business already exists in Thimphu and we missed it, please let us know! Before rushing to implement the idea, do some research about costs. Create a spreadsheet with the costs and see how much you will need to earn to break even and to make a profit. See if you can survive for a year with no profit and perhaps loss, until the business is more established. The best approach is to consult with organizations that help local entrepreneurs such as the Loden Foundation (see their upcoming crash course on Apr 16-17) or the Youth Development Fund.
Business idea #2 is therefore a "hack detection service". The service carefully examines websites of subscribers on a daily basis. If hacking is found, the subscriber is immediately notified.Needed resources:
- Computer(s) with good Internet connection and a web browser
- A reliable person (or multiple people as the business grows) who goes over subscribers' websites daily
- A notification system (email/phone call/SMS according to the subscriber's needs)
- Basic understanding of website hacking and what it looks like
- Subscribers!
Disclaimer: Our ideas are just ideas, not necessarily sound business advice. If this business already exists in Thimphu and we missed it, please let us know! Before rushing to implement the idea, do some research about costs. Create a spreadsheet with the costs and see how much you will need to earn to break even and to make a profit. See if you can survive for a year with no profit and perhaps loss, until the business is more established. The best approach is to consult with organizations that help local entrepreneurs such as the Loden Foundation (see their upcoming crash course on Apr 16-17) or the Youth Development Fund.
Thursday, November 8, 2012
Friday, October 26, 2012
Another one bites the dust: DPT's website hacked
We've recently blogged about Bhutanese websites that have been secretly hacked . Now Druk Phuensum Tshogpa's website was broken into as well, and probably by the same hackers.
Thursday, October 11, 2012
Hackers enjoy a free ride using RGoB, OAG, TCC, and other Bhutanese websites
It is not a secret that many websites in Bhutan are prone to hacking. Some hackers just enjoy showing off their abilities, and leave a noticeable trace on the website - perhaps a militant message accompanied by loud and scary music. Other hackers are more subtle. They take advantage of a vulnerable website by adding or changing its content in a way that is beneficial to them, but is not easy to detect by a casual visitor.
Case in point: The main portal of the Royal Government of Bhutan, www.bhutan.gov.bt. The portal has a pretty good page ranking by Google (6 out of 10). When a website with a good ranking has links to other websites, Google sees these links as recommendations, and so it improves the ranking of the linked sites.
Apparently, hackers were eager to take advantage of RGoB's ranking. So what did they do? They silently broke into the website and changed the content of pages to include links to websites that they wish to promote.
Take a look at the following source code snippet from RGoB's home page (by the way, if you want to view the source code of any web page, open that page in Google Chrome or Mozilla Firefox, then click Ctrl-U. If you are using Internet Explorer, click on View, then Source).
As you can see, there are some strange links in this page (that's the web addresses starting with http://). Just by looking at the domain names, it is apparent that these links point to websites that are - well, how to put it gently - not very "family-friendly". And there are many more similar links in this page, as well as on many other pages in the RGoB portal. The hackers, by the way, cleverly made sure that these links are readable by search engines, such as Google, but are not visible to humans (that's the style="display:none" part). So just by browsing the page you will not see anything special.
Here is a partial list of other Bhutanese websites that are currently being used in a similar manner, and serving as hosts to parasite links. All these hidden links, by the way, point to Turkish websites.
Hat tip to our reader Anonymuse , who provided the impetus for this post.
Case in point: The main portal of the Royal Government of Bhutan, www.bhutan.gov.bt. The portal has a pretty good page ranking by Google (6 out of 10). When a website with a good ranking has links to other websites, Google sees these links as recommendations, and so it improves the ranking of the linked sites.
Apparently, hackers were eager to take advantage of RGoB's ranking. So what did they do? They silently broke into the website and changed the content of pages to include links to websites that they wish to promote.
Take a look at the following source code snippet from RGoB's home page (by the way, if you want to view the source code of any web page, open that page in Google Chrome or Mozilla Firefox, then click Ctrl-U. If you are using Internet Explorer, click on View, then Source).
 |
| Hackers are taking advantage of RGoB's portal |
Here is a partial list of other Bhutanese websites that are currently being used in a similar manner, and serving as hosts to parasite links. All these hidden links, by the way, point to Turkish websites.
- Office of the Attorney General
- Thimphu City Corporation
- Bhutan Climate Summit
- BCCI
- National Soil Services Centre
- Local Developent Learning Intitute
- Department of Trade
- Bajothang HSS
- Yangchenphug HSS
- Agriculture Marketing and Enterprise Promotion Program
Hat tip to our reader Anonymuse , who provided the impetus for this post.
Saturday, August 25, 2012
Fake twitterer? (K2 #44)
Question of the Week
How can I tell whether a Twitter account is fake or not?
-- Anonymous
How can I tell whether a Twitter account is fake or not?
-- Anonymous
Tuesday, March 20, 2012
DrukNet Servers Still Under Attack
The relentless online attack on Bhutanese websites has not subsided. A shared DrukNet server with the IP address of 202.144.128.218 was recently under attack. I used a service called sameip.org to check which websites are hosted on this server (see below). The service returned a list of 20 websites, including BOB, T-Bank, DPT, Druk Holdings and Investments (DHI), Bhutan Film Festival, Royal Thimphu College, and Bhutan Media Foundation.
Wednesday, March 14, 2012
T-Bank's Website Hacked
Websites in Bhutan are currently under a "hacking crunch". The current victim is T-Bank, one of the country's four commercial banks, whose homepage was hacked a few days ago. Visitors currently receive a "WEBSITE UNDER MAINTENANCE" message, and the page title is "Hacked by H4M4_rEmOeEr".
In addition, the following text appears in the page's source code:
If you're accessing your T-Bank account online, note that the Internet Banking Terms and Conditions contain the following clause:
In addition, the following text appears in the page's source code:Fuck Gov, right-click has been disabledYou can still access the site's other pages, for example the "Accounts & Deposits" page is still here.
If you're accessing your T-Bank account online, note that the Internet Banking Terms and Conditions contain the following clause:
The customer specifically agrees to hold T BANK harmless from any and all claims and agrees that T BANK shall not be liable for any loss, actual or perceived, caused directly or indirectly by government restriction, market regulation, war, strike, virus attack, equipment failure, communication line failure, system failure, data corruption, security failure on the internet, unauthorized access, hacking, theft or any problems technological or otherwise or other condition beyond T BANK’s control, that might prevent the customer from entering or T BANK from executing an instruction, order or direction. Customer further agrees that customer will not be compensated by T BANK for the orders, instructions or directions which could not be executed.My recommendation: Until the level of information security in Bhutan improves, make sure that your bank account is not enabled for Internet transactions.
Thursday, October 20, 2011
RGoB website reportedly hacked by Nepalese group
A new group of Nepalese hackers claims that it broke into the official website of the Royal Government of Bhutan (www.bhutan.gov.bt). The group, calling itself Team Swastika, published a database table that allegedly includes live credentials (user names and passwords) of bhutan.gov.bt accounts. The table is currently posted online in one of the most popular pastebins.
The hacking group also claims to have penetrated the website of the Indian Embassy in Kathmandu. In addition, the group made available a list of 10,000 Facebook user names and passwords, but this list was most likely copied from other online sources.
Check here for more information.
 |
| www.bhutan.gov.bt user credentials (passwords erased) |
The hacking group also claims to have penetrated the website of the Indian Embassy in Kathmandu. In addition, the group made available a list of 10,000 Facebook user names and passwords, but this list was most likely copied from other online sources.
Check here for more information.
Monday, April 25, 2011
Happiness hacked
Yet another cyber-security victim: This time it's the Gross National Happiness (GNH) Commission. GNHC's website was hacked by "SCARYBOYS", who was actually careful to leave a lot of traces. The hacker probably just wanted attention, which made it easy for me to find the breach. But what about the hackers who are trying to create damage and are careful not to leave these kinds of traces?
 |
| Hacked! |
Saturday, April 9, 2011
RBP's website hacked. Time to reconsider online SCS?
The official website of Royal Bhutan Police (www.rbp.gov.bt) was broken into. One of the pages displays a "We Love Iran" message, signed by "Ashiyane Digital Security Team".Saturday, March 12, 2011
Dealing with suspicious files (K2 #10)
Question of the Week
At the end of a system scan with Avira anti-virus software I get a summary report. If there are suspicious files detected or warnings, how do we deal with it?
-- Tandin Wangmo
At the end of a system scan with Avira anti-virus software I get a summary report. If there are suspicious files detected or warnings, how do we deal with it?
-- Tandin Wangmo
Tuesday, September 21, 2010
A few comments on The Journalist article
The Journalist ran an article yesterday on cybercrime and related legislation in Bhutan. This is an area of extreme importance to all nations (see, for example, Pen-drive attacks US military), and its significance will grow exponentially in the upcoming years. Currently, Bhutan remains quite vulnerable to cybercrime.
There are a few comments I would like to make regarding The Journalist piece.
There are a few comments I would like to make regarding The Journalist piece.
- Legislation will not stop Bhutan's vulnerability to cyber-crime. Hackers in Pakistan, China or Bulgaria will not be deterred by Bhutan's cyber-laws. If a pen-drive is infected by a virus, no law will prevent an innocent user from plugging it into the office desktop. And unfortunately, infected emails do not stop at the Phuentsholing checkpoint.
- The article mentions that "many government websites are hacked because they don’t have uninterruptible power supply". I must say that I never heard of this one before, and I would like to know the logic behind it. Hackers most often gain access to systems by taking advantage of software bugs and by means of social engineering. While missing UPSes can cause inconveniences, I cannot see how they can be a major security threat.
- Finally, while the lack of cyber-laws can definitely discourage IT firms or businesses from investing in Bhutan, I cannot see how it will "discourage people from visiting Bhutan".
P.S.: On the Journalist's home page, clicking on the article teaser ("OF LATE, several government and corporate websites have fallen victim to invisible hackers. read more...") brings you to the wrong article. Hopefully this is due to a typo and not to the site being hacked!
Friday, August 27, 2010
Pen-drive attacks US military
Pen-drives are a serious threat to your computer's health. Most computers in Bhutan are infected by malware (MALicious softWARE, such as viruses, worms, and Trojan horses) when a "sick" pen-drive (also known as a "flash drive" or "USB stick") is inserted into your desktop or laptop. Malware can reduce the performance of your computer, use your bandwidth, and in general be quite annoying. But it can also pose a real threat.
It was recently revealed that in 2008, an infected pen-drive was inserted into a laptop belonging to the US military. Once the laptop was infected, classified documents could be transferred to remote servers operated by a foreign government or other covert organization. The malware also spread and contaminated other computers in the military network. This attack, which started in the Middle East, was described by a U.S. official as the "most significant breach" of the U.S. military's computers ever.
Click here for the complete story.
It was recently revealed that in 2008, an infected pen-drive was inserted into a laptop belonging to the US military. Once the laptop was infected, classified documents could be transferred to remote servers operated by a foreign government or other covert organization. The malware also spread and contaminated other computers in the military network. This attack, which started in the Middle East, was described by a U.S. official as the "most significant breach" of the U.S. military's computers ever.
Click here for the complete story.
Sunday, August 15, 2010
Are viruses clogging Bhutan's information highways?
It seems that the number of "healthy" computers in Bhutan can be counted on a single hand. Many computers that I'm running into show clear symptoms of a sick machine, some of them so terminally ill that the only cure is the IT equivalent of a brain transplant, i.e., re-formating the hard disk. Most computer viruses spread when you insert an infected USB drive (also known as pen drive) into your computer. Once infected, your computer starts to slow down or otherwise behave strangely. If you have good and up-to-date anti-virus software installed, this can sometimes protect your computer.
In addition to slowing down your computer and otherwise being a major nuisance, malware (MALicious softWARE, such as viruses, torjan horses, and more) can also use your Internet connection. For example, Trojan horses can steal your files and passwords and send them over the Internet back to the hackers. Rootkits - another type of malware - often use your computer to attack other computers. All this takes place while you're online, and most likely you won't even notice it - although you might be annoyed by the apparently long time it takes for your Facebook wall to load.
Given Bhutan Telecom's consumer broadband prices - about Nu 160 per 1GB - a virus that uses a mere 0.5kB/second will cost you about Nu. 200 a month, assuming the infected computer is connected to the Internet 24 hours a day. If you have several infected computers sharing your Internet connection, your bill will be even higher. My advice: Obviously, always try to keep your computer clean. However, If you suspect a computer infection, turn off the broadband modem or computer(s) when not in use.
And on a national level: Given the increasing number of Internet-connected computers, the poor "health" of so many of them, and the finite international bandwidth, what price - in productivity and otherwise - are we paying for all those bandwidth-gulping computer viruses?
In addition to slowing down your computer and otherwise being a major nuisance, malware (MALicious softWARE, such as viruses, torjan horses, and more) can also use your Internet connection. For example, Trojan horses can steal your files and passwords and send them over the Internet back to the hackers. Rootkits - another type of malware - often use your computer to attack other computers. All this takes place while you're online, and most likely you won't even notice it - although you might be annoyed by the apparently long time it takes for your Facebook wall to load.
Given Bhutan Telecom's consumer broadband prices - about Nu 160 per 1GB - a virus that uses a mere 0.5kB/second will cost you about Nu. 200 a month, assuming the infected computer is connected to the Internet 24 hours a day. If you have several infected computers sharing your Internet connection, your bill will be even higher. My advice: Obviously, always try to keep your computer clean. However, If you suspect a computer infection, turn off the broadband modem or computer(s) when not in use.
And on a national level: Given the increasing number of Internet-connected computers, the poor "health" of so many of them, and the finite international bandwidth, what price - in productivity and otherwise - are we paying for all those bandwidth-gulping computer viruses?
Friday, August 6, 2010
Facebook beggars?
Question #1: Have you received an email from a friend lately saying something like: "I am in Bangkok and lost my wallet and passport. Can you please wire me urgently $200?"
Question #2: Is your friend also your "friend" on Facebook?
If the answers to both questions are "YES", then most likely your friend's Facebook account has been hacked, and your friend is nowhere near Bangkok. A few of our friends have already fallen or nearly fallen into this trap - the lucky ones tried to call their friend's mobile first, and were surprised to hear that they are in their Thimphu office.
Take a glimpse at any computer screen in Thimphu today, and you will mostly see an open Facebook page. The Facebook craze has definitely swept Bhutan like the rest of the world. Now that everyone has more "friends" that they can remember, hackers have found a way to take advantage of your social network. This same scam has been used with hacked email accounts.
To avoid getting your account hacked, make sure to choose a non-trivial password and keep it private. When you receive a "help me! please send me money" request, even if it appears to be from your cousin's genuine email address, it is best to double-check with your cousin using "low tech" such as a phone call.
Tuesday, August 3, 2010
Bhutan Today's website hosting malware?
When visiting www.bhutantoday.bt this morning using Google Chrome, I got the following warning: Visiting this site may harm your computer. It appears that the website has been infected by malware. If you happen to know people at Bhutan Today, kindly let them know. Until their webmaster fixes this issue, it's probably better to read the paper version.
Tuesday, May 5, 2009
Special Talk: "Who’s Spying on My Computer: Internet Security in Bhutan"
Rigsum IT & M Announces a Special Talk:
Who’s Spying on My Computer: Internet Security in Bhutan
The increasing Internet usage in Bhutan presents many opportunities but also entails major cyber threats. This talk is an overview of the computer security challenges facing government, corporate, and private organizations in Bhutan.
Speaker: Boaz Shmueli, President and Founder, MileMaven.com, USA
Date: Friday, 8th may, 2009, at 4:00pm
Venue: BCCI Hall, Thimphu
This talk is open to the general public. Seats are limited. Interested parties are kindly requested to contact the Rigsum Institute at 321466 or email gshmueli@umd.edu.
Note: To download the presentation slides, you will need to login. To open the presentation, you will need a password. The password was given to the talk participants.
Who’s Spying on My Computer: Internet Security in Bhutan
The increasing Internet usage in Bhutan presents many opportunities but also entails major cyber threats. This talk is an overview of the computer security challenges facing government, corporate, and private organizations in Bhutan.
Speaker: Boaz Shmueli, President and Founder, MileMaven.com, USA
Date: Friday, 8th may, 2009, at 4:00pm
Venue: BCCI Hall, Thimphu
This talk is open to the general public. Seats are limited. Interested parties are kindly requested to contact the Rigsum Institute at 321466 or email gshmueli@umd.edu.
Note: To download the presentation slides, you will need to login. To open the presentation, you will need a password. The password was given to the talk participants.
Subscribe to:
Posts (Atom)