Cyber Security in the Global Village and Challenges for Bangladesh

Dr. Kudrat-E-Khuda (Babu)

With the rapid penetration of the Internet and other information and communication technology worldwide, cyber-crime is emerging as a threat to personal data stored in computers and likely to affect the entire data systems. Even the United States, one of the most technologically advanced countries, is also subjected to such crimes. Bangladesh, being a less developed country, is also at the risk of cyber-crimes that might jeopardize the country’s national security. As the incumbent government eyes to ensure internet connectivity at all government institutions by 2021 upholding the motto of ‘Digital Bangladesh’, more and more national and multinational companies are offering online services to their services through the internet following the government’s agenda. From shopping to Banking, all are just a click away with the higher rate of internet penetration. However, criminals are also using the online platform where they are committing various sorts of criminal activities including phishing, hacking, and stealing personal data. Hence, the state-owned, as well as private organizations, might fall prey to cyber-attacks which might affect the lives of the entire population. Moreover, the country’s 90 percent of software is unlicensed that also intensifies the risk of cybercrimes thanks to their compromised security issue. In addition, the recent tug of wars between Bangladeshi and Indian hackers impacted the diplomatic relations between the two nations. More importantly, there have been scores of media reports saying that terror groups use online platforms for financing and maintaining intra-group communications. In this context, the existing laws and government moves against cyber-crimes are apparently very scanty to combat the burgeoning threat.

Cyber Security in the Global Village

As the Internet connects virtually every human being living on the planet, a new coinage terming the global citizens as netizens. Cyber threats are no longer being seen as national security concerns, they are indeed global phenomena. Cybercrimes pose harm not only to individuals or specific target groups even to the states. Cybercriminals tend to exploit any potential loopholes at networks, systems, data, and operators to garner money. According to B. Williams, there are four Cybercrimes groups. First of all, cyber-criminals just after the money. Such an example came in April 2013 when the U.S. stock market suffered $130 billion in minutes only because of a hacked Twitter news stream propagating a false story of an explosion at the White House. Second, the competing organizations pursuing sensitive knowledge or intellectual property that could exploit them over others. In both the civil and security industries, this is worrying. A Russian crime organization recently cumulated the largest documented set of stolen internet data, consisting of 1.2 billion usernames and combinations of passwords, more than 500 million email addresses. Thirdly, an insider de facto might pose a threat from within. Recent breaches of IT systems ranging from Iran’s nuclear facilities to thousands of American diplomatic cables have underscored the importance of ensuring cyber-security in the Information Age. Cybercrimes because of their transnational nature and anonymity of the criminals are more exacerbating and their potential damage is disproportionate. 

While a striking issue in its very own right, cyber-crime forecasts the inescapable clashes that will emerge from the close contact facilitated by the Internet between diverse cultural practices. The emergence of the Information Age has created an unparalleled network between people all over the world and also established connectivity at organizational scales. Intra-organizational and governmental communications have never been so rapid, cheap, and specific as the internet has taken the whole process of connectivity to an unprecedented dimension. Even information transmission to non-networked is also facilitated by common software platforms. Such connectivity, while helpful to all, comes at a potential cost. Globally governments and associations are while encountering umpteen cybersecurity occurrences, focusing on the management of cybersecurity threats and dealing with their fallout. For some associations, the most common cybersecurity threat is the danger of classified data being gotten to and possibly abused by an outside or potentially antagonistic party i.e. data breaches. One of the key difficulties in reacting to data breaches is that information, ruptured from one or more jurisdictions, can be passed instantly to other jurisdictions. The transboundary nature of occurrences can make investigating a data breach, distinguishing our alternatives for managing the breach, a mind-boggling and overwhelming procedure. This is particularly so on the grounds that speed is quite often a basic factor in exacting a compelling response. In the Asia Pacific region, there has been a rush of new digital security enactment in recent years, Governments establishing bodies to regulate or monitor digital security, and governments and controllers regularly issue guidelines/reports on this. For example, Indonesia and Singapore both launched cyber agencies in 2015, Japan approved the Cyber Security Basic Act, and a report on cyber resilience was issued by the Australian Securities and Investments Commission. Laws or guidelines on these matters are being formulated out of the blue for different nations in the Asia Pacific. Also countries, for instance, the United States, where the Justice Department released in April 2015 its “Best Practices for Victim Response and Reporting of Cyber Incidents”, are adding to already existing frameworks of cybersecurity guidelines. Despite the intensive and exhaustive administrative action, there is, sadly, no combined approach to cybersecurity regulation or potential legal recourse with regards to data breaches in the Asia Pacific. Subject to change under varying jurisdictions, data breaches may include responsibilities under data protection laws, employment/labor laws, equal rights and obligations, equity rules, corporate governance, fiduciary duties, and business or sector-specific legislation, in addition to cybersecurity laws. When data is believed to have been moved out of a jurisdiction, in some jurisdictions, state laws on national secrets can come into force. Similarly, local knowledge of responsibilities in each nation and how each applicable regulator or court works by and by is crucial for reacting to an episode of the data breach and knowing the legal remedies could be accessible and which would be better. Utilizing this learning can help the clients to examine data ruptures, to distinguish obligations, to devise plans to limit the further revelation of the data and moderation of impact or harm, and to recognize, where accessible, lawful solutions for recouping the information or loss related with the information rupture. Many of the Government’s websites use international servers and foreign vendors. As a result, these are always in a vulnerable position and at risk of being sabotaged by the system’s insiders. Potentially the fourth strategy is the biggest threat to our national security. This relates to a state-sponsored cyberattack aimed at undermining a national security framework such as critical infrastructure or important national economic components to some degree in order to achieve strategic advantages over that specific country. In this context, the instance of China can be cited. Some of the powerful countries in the world such as the U.S., U.K., France, Germany, and India always consider China as a potential threat to cybersecurity and charged the country in connection with espionage for gaining strategic advantages. In 2007, it is confirmed that China launched a series of network-based cyberattacks on the above-mentioned countries. In addition, these countries do have greater military ambitions to boost the capacity of the country to engage in the information or cyber warfare, if necessary in the near future.    

 

Cyber Violence against Women in Bangladesh

In Bangladesh, women are lopsidedly subjected to violence and harassment; cyberbullying to pornography are mentionable phenomena that are facilitated by the internet and other electronic devices. While the extension of Information and Communication Technology and burgeoning Internet infiltration is considered positive markers of development in the country, yet their association with certain existing socio physiological settings and insufficient legal protections have paved the way for extensive cyber brutalities against women. By and large, the type of this glaring infringement of human rights ranges from cyberstalking, vengeance pornography, cyberbullying, and trolling. Women are the primary targets of hostile and frequently forceful lewd gestures and disparaging messages on the internet from unidentified and counterfeit sources. Doctored nude pictures of women alongside spam, sex-act recordings, rape threats, and obscene proposition have turned into the new standard of social media. Mobile telephony has taken internet penetration by storm with the number of active internet connections in Bangladesh hit 90.5 million in August 2018, of them, 80.47 million are connected with mobile internet. The ever-increasing internet penetration and mobile phone devices have seen an upsurge in Facebook use. Of the 29 million registered Facebook users, 86% use mobile phones to access the social media networking site. Women population constitutes 1% of cell phone and internet subscribers. Young women in Bangladesh are more likely to be victims of sexualized and abusive online violence in nature. Though legal framework and organizational protection are feeble, a sizeable number of women lodge formal complaints in connection with badgering, abuse, and violence emanating from cyberspace. Cybercrime has been reported by 73 percent of women internet users. The Cyber-Help Desk of the government’s Information and Communication Technology Division has received more than 17,000 complaints as of December 2017, 70% of complainants being women.

Exposure to pornographic content among the youths, whether intentional or unintentional, aggravates the other associated risks, for example, picture-based maltreatment of users where women are exceedingly victimized. In the digital world, with around 78% of cases of doctored photos containing pornographic contents, women are found to be the victims. It can be noted that nearly 77% of teenagers in the country regularly watch pornography. In June 2019, the Bangladesh National Women Lawyers’ Association reported that badgering remained an issue and inadequate preventive and counteracting laws caused some young women to drop out of their classes or works because of trauma and stigma. The establishment of complaint committees and the installation of complaint boxes at educational institutions and workplaces mandated by the directive of the court have rarely been implemented. Very often social media accounts are hacked with malicious intent. The criminals usually upload manufactured indecent photos of the victims, send provocative messages to the victims’ contacts (i.e. Facebook friends) in order to disparage and humiliate them. Some of the key motives of these perpetrators include smearing the victims, taking revenge, coercing them to establish physical relationships, pressing for hush money, physically torment the victims, and so on. A pattern is seen while reviewing the lawsuits, investigations, and media reports of cyber violence against women in Bangladesh. Most commonly the perpetrators establish consensual physical contact with the victims earning their trust. They film the intimate moments with hidden cameras installed in the scenes, it is obvious if the pattern of these heinous crimes is observed closely. Unfortunately, it doesn’t stop here, the criminals then go on to blackmail the victims and coerce them to gain their ill motives. Those clips are used later in order to force the victims to submit themselves to the will of the criminals demanding continuation of physical relationships and hush money. Meanwhile, criminals often record the nefarious acts of rape and film the incidents. Those video recordings are used later by the perpetrators to silence the victims to abuse them furthermore. Those recordings are most commonly released on the internet despite submissions of the victims making them traumatized and stigmatized in society. There are reports of deaths by suicide as the victims feel utterly helpless and do not find any headway. Another pattern is also noticed where vindictive ex-husbands and lovers post intimate videos or photographs on the internet to satisfy their grudges. As young women are less experienced with the internet they are most vulnerable to falling prey to the traps of cybercriminals.

 

Challenges to Bangladesh

The major concern for Bangladesh is that most of the software used in the country is pirated. In such a situation, it a big challenge for the country to protect its cyberspace in the poor infrastructural system. In Bangladesh, around 90% of software is pirated. Right now, it has become a common practice and culture among the country people of using the pirated software, leading its cyberspace to the most vulnerable position in the cybersecurity domain. This is the major challenge the country is facing right now, but its consequences and impact cannot be ignored. Apart from the concern, there are some other serious challenges for cybersecurity in Bangladesh that cannot be ignored any longer. According to Bangladesh Telecommunication Regulatory Commission (BTRC), in August 2018, the number of active internet connections in Bangladesh reached 9, 05 crores, which a matter of thanks to the introduction of around 18 lakh new connections to the network in one month. Among these, 8.47 crore connects to mobile internet, 57.33 lakh connects to fixed broadband internet while the rest use WiMAX. The total number of active Internet connections exceeded the seven-crore plateau in April 2017, the six-crore mark in August 2016, five crore in August 2015, and four crores in September 2014, respectively. Such rapid growth of internet users in Bangladesh has put the country’s financial sector under persistent cyber threat. In such a situation, it is an urgent need for strong in-built cybersecurity in Bangladesh. A small group of experts who work regularly on cyber-threat intelligence, data security, and encryption is also in desperate need.

To understand the challenges, first of all, we need to be conscious of the dimension of the cyber-crimes we are facing in our daily life. This may break it up into four groups. First, Cyber-crimes against people, such as: hacking or cracking, unlawful/unauthorized entry, illegal surveillance, data intrusion, e-mail spoofing, spamming, cheating, and fraud, abuse, and cyber-slaughter, slander, drug trafficking, virus transmission. And worms, infringements of intellectual property, abuse of machine and network resources, Internet time and information theft, forgery, denial of services, dissemination of pornographic materials, etc. The second is property-related cybercrime, such as the robbery of credit card money, intellectual property violations, Internet time theft, etc. The third one is organized crime. Examples of these crimes include unauthorized control/download over network resources and websites, posting of indecent/obscene content on web pages, virus assault, e-mail bombing, logic the bombing, trojan horse, data dodging, download blocking, theft of valuable belongings, terrorism against government organizations, vandalizing the infrastructure of the network, etc. Fourth and the last group of cyber-crimes is taking place against Bangladesh’s society or social values. Such crimes include forgery, online gambling, prostitution, pornography (especially child pornography), financial crimes, and youth pollution by indecent exposure, web jacking, etc.

In Bangladesh, pornography is one of the major concerns in terms of the country’s social culture and moral values. We can now communicate with anyone anywhere in the world and share or exchange our cultural values, thanks to the rapid digital expansion and globalization. From the cultural perspective, many harmful elements of different country’s culture easily can intrude to our own culture due to the diffusion of culture. Pornography is a very untoward element for the country’s culture where adult education is not welcomed even. Bangladesh police are receiving a huge number of complaints of demanding ransom by threatening with secret nude video footage and photoshopped pornographic photos, according to the lawmen. Most of the victims are teenage girls. Besides, women and children are also being targeted by criminals. When any crime is conducted from abroad, then it would be considered as ‘dual criminality’. That means the crime is considered in both countries.  But there is a complexity to deal with the crime like pornography as such crimes [in the context of Bangladesh] may not be considered as crimes in many countries like the U.S. in every case. In such a situation, the victims in Bangladesh will have to face difficulties to deal with such crimes. On the other hand, transnational crimes like child pornography, which are considered crimes in both countries and every country, can be dealing with international cooperation. Here an instance can be given of such an issue.

Several years back, Tipu Kibria, a well-known child litterateur in Bangladesh, was arrested by police red-handed for child pornography. He used street male kids in his home and lab to make pornographic videos and photo shooting for girls. He had already assaulted some 400-500 street kids at the time he was arrested by police for his filthy ambition. Throughout these illegal activities, he has two assistants to help him out, and police found 13 foreign buyer names from Tipu Kibria who regularly paid him for weekly supplies via foreign or online banking transactions. Bangladesh police also believe that there might also be several other manufacturers other than Tipu Kibria. We may therefore explicitly state that pornography is a major concern regarding cybersecurity in Bangladesh. Cybersecurity threat, especially for the financial transaction including e-commerce and online banking is also a grave concern for Bangladesh. Besides, transnational crimes like drug smuggling, trafficking, terrorism, etc. are other big challenges to Bangladesh’s cybersecurity. Due to the lack of proper cybersecurity measures, Bangladesh is also facing a serious concern of cyber threats in the banking sector.

In February 2016, Hackers stole $101 million from Bangladesh’s central bank account with the Federal Reserve Bank of New York using the SWIFT payment network for fake orders. Cyber heist is one of the world’s greatest cyber-crimes. If Bangladesh fails to take proper measures and adopt strong security policies, the country’s banking sector may become the further victim of such cyber heists in the coming days. Widespread use of credit cards and that electronic payment methods often risk a large number of private customer details, such as bank account name, bank account number, cell phone, e-mail ID, etc. Law enforcement agencies are often receiving complaints or cases of direct or indirect cyber threats to financial transactions through online banking. On February 12, 2016, Eastern Bank, a private bank in Bangladesh 21 Suspicious card transactions found. A fraudster with a fake EBL card used one of United Commercial Bank Limited’s ATM Booths, which set off the alarm in UCBL’s network, causing the crime ring to unravel. On February 25, Dhaka Metropolitan Police said that the investigation of the ATM Card scam case has brought up names of various hotel travel agencies and some bank officials. The lawyers also detained a German citizen in connection with ATM fraud, and three official City Bank, a local private bank. Piotr was wanted in 3-4 countries on fraud charges, and according to police, we would be seeking information from those countries through Interpol.

Hacking or unauthorized intrusion into a computer system without the owner or user’s permission is also a concern for cybersecurity in Bangladesh. Hackers most of the time targeted the financial websites of both the government and prominent privates organizations. Lack of adequate cybersecurity know-how, Bangladesh is in a more difficult position to tackle cyber-piracy by a weak cyberinfrastructure network such as reliance on international server system providers, etc. Data-stealing is another concern in Bangladesh. The leak of the Bangladesh War Crime Tribunal’s verdict (partially) in 2014 is an example of the data-stealing. The data of the tribunal leaked through Skype’s voice recording. It was a major backlash for the Bangladesh government and exposed the vulnerability of the Bangladesh cybersecurity arena. Besides, the cybersecurity of social media platforms especially Facebook, Twitter, and Linkedin are in grave threat in Bangladesh. Though Bangladesh police, Bangladesh Telecommunicate Regulatory Commission have strengthened monitoring and established separate monitoring teams recently, such hacking of social media accounts are happening frequently till February 2019. Hackers are targeting mostly prominent personalities, celebrities, and females and taking money from the victims threatening of tarnishing their social image. 

Taken everything into account, the issue of cybercrimes is emerging as a global phenomenon that poses potential threats to the national security of any country and Bangladesh is no exception to that rather the issue of cybercrimes is more worrying for the country in the context of globalization. Because of the absence of advanced cybersecurity tools and people’s ignorance in handling tech gadgets coupled with a lack of awareness of cybersecurity threats might have disastrous impacts on the country. In addition, the country’s laws seem inadequate to safeguard the cyberspace of the country. International collaboration, enhancing technical know-how, gaining expertise, and campaigning on people’s preparedness on how to deal with cybersecurity threats are some of the remedial aspects the country may take into consideration to combat ever-looming cybersecurity threats. The sharp increase in cyber-crimes in Bangladesh and all over the world validates the propositions that the issue of cyber-crimes is undeniable though some argue may that the cyber threats may not be the possible near-future scenario for Bangladesh. Finally, on a note of conclusion, it can be stated that the time is ripe for Bangladesh to take pre-emptive and counteracting measures to thwart the threats posed by cybercriminals.

 

Dr Kudrat-E-Khuda (Babu), Associate Professor and Head, Department of Law, Daffodil International University; Climate Activist at the Greenpeace International and Associate Member at the Centre for the Study of Global Human Movement, University of Cambridge (UK). He can be reached at: kekbabu@yahoo.com