Misuse of cyberspace

Sunday 7 December 2025 ,

Online Version

Misuse of cyberspace

In today’s digitalized world, cyber space is important but cyber security is probably more if not equally important

Muhammad Zamir

The past few years have witnessed misuse of cyberspace all over the world. It has cast its long shadow on the political arena, on the perceived strategic paradigm related to the national interests of many countries and the financial matrix. In Bangladesh, we have also become victims through the violation of our cyber domain. This has been reflected this year through the cyber heist of Bangladesh Bank reserves and also the use of digitalization and social media for furthering terrorism.
We have also seen allegations of misuse of cyber space by Russia in the past weeks with relation to the Presidential electoral process that is presently underway in the United States. That has drawn the attention of the whole world- watching a campaign that has gained interest because of the controversial allegations made by both the Democrats as well as the Republicans in the continuous revelations coming out because of use of the internet, calling into question future election results and also faith in the democratic process. This process has been exacerbated through damaging revelations by the media of Donald Trump’s clever manipulations which not only enabled him to avoid paying income tax but also details of his sexual activities. Similarly, there have been well-timed disclosures about Hillary Clinton’s misuse of the internet as well as the manner in which the Clinton Foundation is being run.
Many analysts following the US Presidential election are hoping to breathe a collective sigh of relief on 9 November, the day after the election. They are hoping that things will settle down. Unfortunately many cyber experts are of the opinion that the danger is just beginning and the 2016 election is a warning of darker hacks to come.
The evolving scenario has come under close scrutiny because of a recent announcement by the US Director of National Intelligence James Clapper who has pointed out that Russian officials from a high level authorized hacks of the Democratic National Committee and other campaign-related sites. This has of course not been agreed to by Russia. It may be pointed out that this is the first time a foreign power has been charged of having inserted itself directly into an American presidential election. It has been alleged in this context that Russian President Vladimir Putin through such a measure was not just probing the US digital systems but also trying to ascertain how far he could go in sowing distrust within the US Presidential ‘free and fair election’ process, viewed by citizens of the United States as the most important cornerstone of democracy:
FBI Director James Comey has sought to reassure US citizens that the American decentralized voting system was just too "clunky" for any one or two breaches of cyber security to affect the outcome. One is tempted to observe that small changes can also have a big effect. We should not forget that the 2000 US Presidential election was decided by just 537 votes in Florida.
From that point of view, some cyber analysts have indicated that in a tight race cyber actors do not need to create major disruption. In this context, a few of them are suggesting that hacking leading to affecting the voting process in a few counties in Pennsylvania or Florida, two big battleground states that use electronic voting but in some precincts do not use verifiable paper audit trails to confirm results could directly affect results. Other election pundits have also observed that Pennsylvania and Florida are not alone within this template. Thirteen other States apparently also lack paper audit trails in either all or some voting locations. Consequently it is being suggested that even when the race on 8 November might not be very tight, nefarious actors can create confusion by simply casting doubt on the legitimacy of the process in these states. That could be enough.
Some far right American analysts have termed such election hacking as not only provocative but as “acts of war”. Others have however correctly pointed out that such extreme comments can only create more confusion. In any case if the United States is unable to tackle any such problem in the coming days, it will most likely affect their credibility. As a result, US strategists according to media reports are trying to on a priority basis trying to build better defenses, including legislating minimum cyber security standards for party, PAC, and campaign-related websites associated with the Presidential elections. That will include paper audit trails in every State, starting with large battlegrounds. Efforts are also being made to put this in place so that the election process can be resilient even if attacked. One can only hope that those associated with this dynamics will be successful.
Furthering national interest priorities through the use of cyber space is not new. Many countries over the years have used this as a weapon to further their own agenda. It would be useful at this point to recall some of them.
In June 2013 Tom Donilon, the White House National Security Advisor travelled to Beijing and meet with top Chinese officials. The meeting took place just days after a major attack allegedly implicating the Chinese Army was uncovered. According to an American security company Madiant, "Cyber Unit 61398", attached to the People’s Liberation Army was involved in massive operations targeting US government and corporate computers. During these attacks, reams of sensitive information, including results from clinical trials, blueprints, pricing documents, and negotiation strategies were stolen.
These revelations came just two months after an attack in South Korea, where more than 30,000 computers and servers at the country's two largest broadcasters, one cable channel, and three Banks went out of commission and customers were unable to access their accounts for hours. After first pointing fingers at North Korea, and then China, the confused South Korean Communications Commission finally observed that it was difficult to identify the perpetrators. However, following these cyber attacks in the first half of 2013, the national government committed itself to the training of 5,000 new cyber security experts by 2017.
The computer worm known as Stuxnet reportedly also ruined almost one-fifth of Iran’s nuclear centrifuges by disrupting industrial programmable logic controllers (PLCs) in a targeted attack generally believed to have been launched by Israel and the United States although neither has publicly acknowledged this.
In 2007 there was also the TJX customer credit card fiasco when TJX announced that it had been the victim of an unauthorized computer systems intrusion and that the hackers had accessed a system that stored data on credit card, debit card, check, and merchandise return transactions.
In 2013 and 2014, a Russian Ukrainian hacking ring known as "Rescator" broke into Target Corporation computers in 2013, stealing roughly 40 million credit cards, and then attacked the Home Depot computers in 2014, stealing between 53 and 56 million credit card numbers.
In early 2013, massive breaches of computer security by the NSA were revealed, including deliberately inserting a backdoor in a NIST standard for encryption and tapping the links between Google’s data centers. These were disclosed by NSA contractor Edward Snowden.
This has brought to the forefront the need to give more attention to computer security, also known as cyber security. This IT security is the protection of information systems from theft or damage to the hardware, the software, and to the information on them, as well as from disruption or misdirection of the services they provide. It includes controlling physical access to the hardware, as well as protecting against harm that may come via network access, data and code injection, and due to malpractice by operators, whether intentional, accidental, or due to them being tricked into deviating from secure procedures.
This field is of growing importance due to the increasing reliance on computer systems and the Internet in most societies with particular reference to the wireless networks, such as the Bluetooth and Wi-Fi. To this has been added the growth of “smart” devices, including smart phones and televisions.
It is important for everyone to understand that attacks against the computer system may be carried out in different ways. They generally include –the Backdoors method (where a cryptosystem or an algorithm, is used to bypass normal authentication or security controls and to create vulnerability), or the Denial of service attacks method (which are designed to make a machine or network resource unavailable to its intended users), or the Direct-access attack method whereby (an unauthorized user gaining physical access to a computer might be able to directly copy data from it or compromise security by making operating system modifications , installing software worms, covert listening devices or using wireless mice). Attack method may also include Eavesdropping. This is the act of surreptitiously listening to a private conversation, typically between hosts on a network. The FBI and the NSA in the United States have particularly used this method to eavesdrop on the systems of internet service providers. There is also the well known method of Phishing which is used to acquire sensitive information such as usernames, passwords, and credit card details directly from users. Preying on a victim's trust, phishing can be classified as a form of social engineering.
All these methods are used to particularly target Web sites and applications that accept or store credit card numbers, brokerage accounts, and bank account information information These are prominent hacking targets, because of the potential for immediate financial gain from transferring money, making purchases, or selling the information on the black-market. We know that this unfortunate misuse has already been witnessed in Bangladesh with regard to in-store payment systems. ATMs have also been tampered with in order to gather customer account data (PINs) and withdraw funds illegally from individual accounts.
In today’s digitalized world, cyber space is important but cyber security is probably more if not equally important. Smith, Grabosky and Urbas observed in 2004 that computer security is critical in almost any industry which uses computers. Currently, most electronic devices such as computers, laptops and cell phones come with built in firewall security software, but despite this, computers are not 100 percent accurate and dependable to protect our data. It is this factor that has led computer security strategists to recommend that computers need to be protected through well built software and hardware. They believe that by having strong internal interactions of properties, software complexity can prevent software crash and security failure. This should help us in averting all forms of covert attacks.
We also need to address the issue of Conflict of laws with regard to use of cyberspace. This has become a major cause of concern for computer security community. There is today lack of global web regulations and a global base of common rules to judge, and eventually punish cyber crimes and cyber criminals. There is no global cyber law or cyber security treaty that can be invoked for enforcing global cyber security issues. International legal issues of cyber attacks are complicated in nature and this sometimes hinder the local authorities from taking suitable action through laws under which such prosecution can take place. Authorship attribution for cyber crimes and cyber attacks is a major problem for all law enforcement agencies. We have witnessed this through the Bangladesh Bank cyber heist.
Consequently, governments, individually as well as globally, need to take on the required regulatory role.

Muhammad Zamir, a former ambassador, is an analyst specialised in foreign affairs, right to information and good
governance. He can be reached at [email protected]

Comments

Misuse of cyberspace

In todays digitalized world, cyber space is important but cyber security is probably more if not equally important

Muhammad Zamir

The past few years have witnessed misuse of cyberspace all over the world. It has cast its long shadow on the political arena, on the perceived strategic paradigm related to the national interests of many countries and the financial matrix. In Bangladesh, we have also become victims through the violation of our cyber domain. This has been reflected this year through the cyber heist of Bangladesh Bank reserves and also the use of digitalization and social media for furthering terrorism. We have also seen allegations of misuse of cyber space by Russia in the past weeks with relation to the Presidential electoral process that is presently underway in the United States. That has drawn the attention of the whole world- watching a campaign that has gained interest because of the controversial allegations made by both the Democrats as well as the Republicans in the continuous revelations coming out because of use of the internet, calling into question future election results and also faith in the democratic process. This process has been exacerbated through damaging revelations by the media of Donald Trumps clever manipulations which not only enabled him to avoid paying income tax but also details of his sexual activities. Similarly, there have been well-timed disclosures about Hillary Clintons misuse of the internet as well as the manner in which the Clinton Foundation is being run. Many analysts following the US Presidential election are hoping to breathe a collective sigh of relief on 9 November, the day after the election. They are hoping that things will settle down. Unfortunately many cyber experts are of the opinion that the danger is just beginning and the 2016 election is a warning of darker hacks to come. The evolving scenario has come under close scrutiny because of a recent announcement by the US Director of National Intelligence James Clapper who has pointed out that Russian officials from a high level authorized hacks of the Democratic National Committee and other campaign-related sites. This has of course not been agreed to by Russia. It may be pointed out that this is the first time a foreign power has been charged of having inserted itself directly into an American presidential election. It has been alleged in this context that Russian President Vladimir Putin through such a measure was not just probing the US digital systems but also trying to ascertain how far he could go in sowing distrust within the US Presidential free and fair election process, viewed by citizens of the United States as the most important cornerstone of democracy: FBI Director James Comey has sought to reassure US citizens that the American decentralized voting system was just too clunky for any one or two breaches of cyber security to affect the outcome. One is tempted to observe that small changes can also have a big effect. We should not forget that the 2000 US Presidential election was decided by just 537 votes in Florida. From that point of view, some cyber analysts have indicated that in a tight race cyber actors do not need to create major disruption. In this context, a few of them are suggesting that hacking leading to affecting the voting process in a few counties in Pennsylvania or Florida, two big battleground states that use electronic voting but in some precincts do not use verifiable paper audit trails to confirm results could directly affect results. Other election pundits have also observed that Pennsylvania and Florida are not alone within this template. Thirteen other States apparently also lack paper audit trails in either all or some voting locations. Consequently it is being suggested that even when the race on 8 November might not be very tight, nefarious actors can create confusion by simply casting doubt on the legitimacy of the process in these states. That could be enough. Some far right American analysts have termed such election hacking as not only provocative but as acts of war. Others have however correctly pointed out that such extreme comments can only create more confusion. In any case if the United States is unable to tackle any such problem in the coming days, it will most likely affect their credibility. As a result, US strategists according to media reports are trying to on a priority basis trying to build better defenses, including legislating minimum cyber security standards for party, PAC, and campaign-related websites associated with the Presidential elections. That will include paper audit trails in every State, starting with large battlegrounds. Efforts are also being made to put this in place so that the election process can be resilient even if attacked. One can only hope that those associated with this dynamics will be successful. Furthering national interest priorities through the use of cyber space is not new. Many countries over the years have used this as a weapon to further their own agenda. It would be useful at this point to recall some of them. In June 2013 Tom Donilon, the White House National Security Advisor travelled to Beijing and meet with top Chinese officials. The meeting took place just days after a major attack allegedly implicating the Chinese Army was uncovered. According to an American security company Madiant, Cyber Unit 61398, attached to the Peoples Liberation Army was involved in massive operations targeting US government and corporate computers. During these attacks, reams of sensitive information, including results from clinical trials, blueprints, pricing documents, and negotiation strategies were stolen. These revelations came just two months after an attack in South Korea, where more than 30,000 computers and servers at the countrys two largest broadcasters, one cable channel, and three Banks went out of commission and customers were unable to access their accounts for hours. After first pointing fingers at North Korea, and then China, the confused South Korean Communications Commission finally observed that it was difficult to identify the perpetrators. However, following these cyber attacks in the first half of 2013, the national government committed itself to the training of 5,000 new cyber security experts by 2017. The computer worm known as Stuxnet reportedly also ruined almost one-fifth of Irans nuclear centrifuges by disrupting industrial programmable logic controllers (PLCs) in a targeted attack generally believed to have been launched by Israel and the United States although neither has publicly acknowledged this. In 2007 there was also the TJX customer credit card fiasco when TJX announced that it had been the victim of an unauthorized computer systems intrusion and that the hackers had accessed a system that stored data on credit card, debit card, check, and merchandise return transactions. In 2013 and 2014, a Russian Ukrainian hacking ring known as Rescator broke into Target Corporation computers in 2013, stealing roughly 40 million credit cards, and then attacked the Home Depot computers in 2014, stealing between 53 and 56 million credit card numbers. In early 2013, massive breaches of computer security by the NSA were revealed, including deliberately inserting a backdoor in a NIST standard for encryption and tapping the links between Googles data centers. These were disclosed by NSA contractor Edward Snowden. This has brought to the forefront the need to give more attention to computer security, also known as cyber security. This IT security is the protection of information systems from theft or damage to the hardware, the software, and to the information on them, as well as from disruption or misdirection of the services they provide. It includes controlling physical access to the hardware, as well as protecting against harm that may come via network access, data and code injection, and due to malpractice by operators, whether intentional, accidental, or due to them being tricked into deviating from secure procedures. This field is of growing importance due to the increasing reliance on computer systems and the Internet in most societies with particular reference to the wireless networks, such as the Bluetooth and Wi-Fi. To this has been added the growth of smart devices, including smart phones and televisions. It is important for everyone to understand that attacks against the computer system may be carried out in different ways. They generally include the Backdoors method (where a cryptosystem or an algorithm, is used to bypass normal authentication or security controls and to create vulnerability), or the Denial of service attacks method (which are designed to make a machine or network resource unavailable to its intended users), or the Direct-access attack method whereby (an unauthorized user gaining physical access to a computer might be able to directly copy data from it or compromise security by making operating system modifications , installing software worms, covert listening devices or using wireless mice). Attack method may also include Eavesdropping. This is the act of surreptitiously listening to a private conversation, typically between hosts on a network. The FBI and the NSA in the United States have particularly used this method to eavesdrop on the systems of internet service providers. There is also the well known method of Phishing which is used to acquire sensitive information such as usernames, passwords, and credit card details directly from users. Preying on a victims trust, phishing can be classified as a form of social engineering. All these methods are used to particularly target Web sites and applications that accept or store credit card numbers, brokerage accounts, and bank account information information These are prominent hacking targets, because of the potential for immediate financial gain from transferring money, making purchases, or selling the information on the black-market. We know that this unfortunate misuse has already been witnessed in Bangladesh with regard to in-store payment systems. ATMs have also been tampered with in order to gather customer account data (PINs) and withdraw funds illegally from individual accounts. In todays digitalized world, cyber space is important but cyber security is probably more if not equally important. Smith, Grabosky and Urbas observed in 2004 that computer security is critical in almost any industry which uses computers. Currently, most electronic devices such as computers, laptops and cell phones come with built in firewall security software, but despite this, computers are not 100 percent accurate and dependable to protect our data. It is this factor that has led computer security strategists to recommend that computers need to be protected through well built software and hardware. They believe that by having strong internal interactions of properties, software complexity can prevent software crash and security failure. This should help us in averting all forms of covert attacks. We also need to address the issue of Conflict of laws with regard to use of cyberspace. This has become a major cause of concern for computer security community. There is today lack of global web regulations and a global base of common rules to judge, and eventually punish cyber crimes and cyber criminals. There is no global cyber law or cyber security treaty that can be invoked for enforcing global cyber security issues. International legal issues of cyber attacks are complicated in nature and this sometimes hinder the local authorities from taking suitable action through laws under which such prosecution can take place. Authorship attribution for cyber crimes and cyber attacks is a major problem for all law enforcement agencies. We have witnessed this through the Bangladesh Bank cyber heist. Consequently, governments, individually as well as globally, need to take on the required regulatory role. Muhammad Zamir, a formerambassador, is an analyst specialised in foreign affairs,right to information and good governance. He can be reached at [email protected]