Tuesday, December 30, 2014

Cyber attack on Afghan Government Websites? Was it really an attack?

Leave a Comment

The news was big, Afghan Government websites attacked by Chinese hackers and reported by an American cyber security research company. Local newspapers and TVs started talking about the issue as if our country was attacked and intruded by China! National Security Council begun investigating the issue. What happened later on, none of us really know!

While everyone was talking about the attack happened, nobody tried to see how did the attack happen and what led to this event. Here i am sharing what i think went wrong.
Firstly, what happened with the government websites is not something i would call an attack. It wasn't an attack, nothing was damaged, it was just one or two lines of javascript code that redirected users to some other websites (yet to be confirmed after getting a copy of that script). This is something i would blame the contractor who developed the government websites.

So, how can a piece of javascript code could be inserted into the javascript code libraries? Afghan Government websites are developed based on a custom made Content Management System (CMS). The CMS allows each government entity running their website in the National Data Center to manage it online, add new content, update existing content and etc. Each government client, manage their website based on a pre-designed template given to them by the web development contractor. All the designs have one thing in common, their basic look and feel (CSS styles etc) in terms of functionalities and hence use a standard CSS and Javascript library for all websites and is hosted in the so called CDN (I call it Content Delivery Network and MCIT call it Centralize Network Delivery).

Somehow, that malicious piece of javascript code, got into the Javascript library and as each government website is browsed, the javascript code is somehow loaded on the client machine browsing the government website. Now depending on what exactly the payload of the script was, it would do something, perhaps track the user, download malicious code in the client PC or something else. From the nature of the script, i could certainly say that it wasn't something that could go deep in the National Data Center and do any harm or steal any data. Under one condition, it could compromise the ANDC hosted data if the client machine which accessed the government websites is infected by some sort of malware making the client machine infected and thus opening it for outsiders to access.

Now, lets see what are the options which can lead an outsider to place that javascript code within the javascript library of ANDC? We have a few options:

Option 1. There was a bug in the government CMS which led the attacker to push a javascript code inside the javascript library. The chances of this option is extremely low. As far as i know, the CMS is secure except a few minor vulnerabilities of which most are already patched.
Before going to the next options, let me tell you about a special type of malware that if installed in a machine is able to automatically append itself to javascript, css and html file codes. I have noticed this alot as we host hundreds of websites in Afghanistan and a few of our customer's computers were infected that way which led them to upload infected html, js and css files on our servers which were later detected by our antivirus and antimalware scanners. So now lets get back to the next options:

Option 2. The ANDC staff computers were infected by the same type of malware as described above which led to the javascript files being infected. Now this could be a possible option if ANDC could confirm wether their staff have access to updating javascript and css codes of the government CMS or not? From what i know, its most likely not as for any design and structural changes which means having access to Javascript, html, code and css of the CMS, government employees have to contact the web development contractor.

Option 3. The computers of the web development contractor's staff were infected with the same type of malware which led the malicious code to be appended into the javascript library which was later on uploaded to the ANDC's servers. This is the likely case from all the three scenarios.

Now going back and and reviewing the case, one can say that such attacks happen mainly due to 2 major reasons which is common in Afghanistan and are:

1.     Use of Pirated Softwares: Thanks to China, Pakistan and Iran, we get tonnes of pirated softwares in the local market. Nobody cares to even think what sort of malwares those softwares come preinstalled with when they install those operating systems in their computers. Most of the private companies and even government run pirated software which leads to infected computers right from the point of installation.

2.     Pirated or cracked Antivirus or not even having a proper antivirus: Most users in Afghanistan does not use proper antivirus solutions. They get cracked antivirus solutions online or from the same pirated software distributors in Afghanistan. Most of the time, these antivirus softwares themselves if cracked could carry malwares, worms and viruses.

Now what can we do to stop this? The government, private companies and even individuals should start practicing bans on pirated softwares. Licensed and clean antivirus solutions should be used particularly as most of these users go online and face threats of thousands of malicious codes that maybe hosted on certain websites they browse.

Overall, i would blame poor practice of information security on the end users more than the possibilities of weak ANDC security!

I would invite all information security professionals to share their ideas on what they think about this. I am a beginner when it comes to information security and please do correct me if i am wrong.


Read More...

Saturday, August 17, 2013

Facebook for Business

Leave a Comment
Facebook is an online social networking service used by billions of people around the work for connecting with each, socialising and sharing their interests and news.

Facebook is increasingly used as a tool for businesses to reach out to their existing customers and potential customers. With the introduction of Facebook Pages, businesses with traditional websites are moving more towards Facebook Pages and better informing their customers. Customers may not regularly visit a company’s website regularly but can stay in touch with new product and service developments by a company through following the company’s page and getting updates on their timeline.

In Afghanistan, more and more businesses are taking advantage of Facebook by setting up Facebook Pages and keeping informed their customers on new product and services development. Examples are MTN Afghanistan, Etisalat Afghanistan, Roshan, AWCC, Jobs.af and many more.

Facebook likes is the online version of word of mouth with one person liking your page, their friends would immediately see a friend’s interest and more likely to like the page.

Jobs.af started utilising Facebook page to keep its Facebook fans informed about new job vacancies. This technique proved very effective in reaching out new job vacancies to jobseekers as jobseekers on Facebook are more likely to check new jobs on Facebook rather than the website. On average, around 25% of visitors on Jobs.af come through new job ads displayed on their timeline.

If your business is not on Facebook yet, it is now time to create a Facebook page for your business and involve your customers and keep them informed about new developments with your company and products and services it offers.

A glance at Facebook users (Estimated around 580,000 users) in Afghanistan
Source: Socialbakers


Facebook recommends 4 steps to business success:
  •   Build your page You can setup a page byclicking here
  • Connect with people  - Invite friends to your Facebook page. Use Facebook ad to inform others on Facebook about your page. Remember, the more likes you have on your page, the higher the degree of people's involvement on your page (multiplier effect)
  • Engage your audience – Remember content is always the king! Relevant contents engages your page fans to like your posts and share it with others which will eventually bring in more Facebook likes
  • Influence friends of friends – When people interact on your page, their friends are more likely to see the activities and further like your page. Use the promote (paid) option to further enhance the reach of your posts to friends of friends 

Good luck with Facebooking for business!
Read More...

Thursday, August 15, 2013

Google Glass likely to be priced at US$299: researcher

Leave a Comment
TAIPEI -- Google Inc.'s eyeglass-shaped mobile computing device will likely be priced at an affordable level when it officially goes on sale, a local researcher at the Topology Research Institute said yesterday.

The device's display component, which will probably be supplied by Taiwan-based Himax Display Inc., will cost between US$30 and US$35 and will account for the biggest share of the total cost in the near term, he said.The Google Glass is expected to carry an initial price tag to consumers of US$299, Topology researcher Jason Tsai told reporters on the sidelines of a local seminar on wearable devices.


Google announced July 22 that it had agreed to buy a 6.3-percent stake in Himax Display, which produces liquid crystal on silicon (LCOS) chips and modules used in devices such as the Google Glass, head-up displays and handheld projectors.

“We believe wearable devices will face the first wave of growth in the coming one to three years due to their innovative features, and will then experience a rapid growth in the next phase when the market becomes more mature,” Tsai said.

According to Topology's projections, the global output value of wearable devices will grow from US$1.2 billion in 2011 to US$18.3 billion in 2018. Research firm IHS Inc. forecast that shipments of smart glasses might increase by 150 percent to 124,000 units this year, driven mostly by sales to developers. The global market for smart glasses could amount to almost 10 million units from 2012 to 2016.

In April 2012, Google announced a trial project for Google Glass, a cross between a mobile computer and eyeglasses that can record video, access emails and messages, as well as surf the Internet.

The eye glass-shaped device is equipped with a camera capable of taking 5-megapixels pictures or recording 720p video, as well as a 12-gigabyte usable memory and Wi-Fi connectivity, according to Google.

Google began shipping the device in April this year to developers who registered as early backers and paid the US$1,500 price tag, aiming to spur innovations in applications that should take Google Glass from early adopters to the mass market.The consumer version of Google Glass is expected to go on sale as early as the end of this year, according to local media reports.

Source:  China Post
Read More...

Possibilities with 3G services in Afghanistan

Leave a Comment
Imagine walking into Gulbahar Center and as soon as you walk into the entrance, you start receiving an SMS or a message on Viber, Tango, or Whatsapp on new promotions or new products you might be interested based on your gender, and age group!

Yes, that is possible now with the 3G! The location sensitive apps may not be seen in Kabul yet but could be hit apps in near future! The benefits could be a lot both for new businesses popping up providing marketing through this new channel, targeting customers based on their locations or even based on a specific context they are using a mix of location and useful information from their social profiles. This is what the e-biz geeks refer to location based services or context sensitive apps.

Apart from the above example, there are unlimited possible apps that could be developed to take advantage of 3G in Afghanistan.

With 3G (always on) comes some privacy concerns as well! Without even realizing, you maybe sending your exact location along with a Facebook message to a friend! Excuses such as I am in a meeting while having a coffee or playing billiard in Wakhan Cafe with a friend may not work if you have a tech savvy wife!

In addition, using certain apps such as Tango can even expose you to strangers nearby and sharing any photos on Tango will make it public to any other Tango user around you!

Interesting enough! Lets see how technology especially the fast moving communications technology changes our lives socially and economically in coming years!



Read More...