Connect with us

Intelligence

Cyber Caliphate: What Apps Are the Islamic State Using?

Published

on

As the argument goes, law enforcement agencies must protect the safety of citizens, and to do so, they must be in contact with representatives of the IT sector. This in turn compels the representatives of mail services, messaging apps, and smartphone manufacturers to contact the authorities and disclose user information. However, excesses do occur, and the founder of the Telegram messaging app Pavel Durov refused to provide the FSB with their encryption keys. Telegram was repeatedly accused of being the messaging application of terrorists, and in the context of the messaging service’s being blocked, the discussion surrounding the rights of citizens to engage in private correspondence grew more heated. The example of the Islamic State, however, only goes to show that militants shall not live by Telegram alone: they act much more competently and work to keep a step ahead of law enforcement agencies. What tools do terrorists actually use and how should we fight against the digital technologies of militants?

Different Goals, Different Weapons

The success of Islamic State militants can largely be attributed to brilliant propaganda work. Depending on their goals, militants have been able to resort to various tools for propaganda, recruitment, and communication between group members. Propaganda includes all the usual tools: videos, online magazines, radio stations, brochures, and posters designed for both Arabic and Western audiences.

Western services have played a cruel joke on Western society, facilitating the distribution of propaganda videos like, for example, one of the most popular clips, “Salil as-savarim” (The Sound of Swords) on YouTube and Twitter as well as through file sharing services such as archive.org and justpaste.it. YouTube administrators repeatedly deleted the videos, but they were simply uploaded once again from new accounts with the number of views driven up by reposting them on Twitter. The use of Twitter for these purposes is discussed in detail in the article “Twitter and Jihad: the Communication Strategy of ISIS”, published in 2015. According to the former national security adviser of Iraq, Mowaffak al-Rubaie, it was in large part thanks to Twitter and Facebook that 30,000 Iraqi soldiers lay down their weapons, removed their uniforms, and abandoned Mosul to jihadis without a fight in 2014. [1].

ISIS has taken into account the mistakes of its jihadi predecessors and has skilfully set its own propaganda up against attempts by the foreign press to portray it in a negative light. However, on a deeper, internal level, militants employ other communication tools more reliable than social networks.

Anonymous Networks

In September 2017, political scientist and member of the non-profit RAND Corporation and the International Centre for Counter-Terrorism at The Hague, Colin P. Clarke suggested that ISIS would most likely continue to use encrypted messaging to organize direct terrorist attacks abroad even if the caliphate were to become a “less centralized entity”.

However, terrorists have already resorted to using such tools for some time now. In early 2015, it became known that ISIS had developed a 34-page manual on securing communications. The document, based on a Kuwaiti firm’s manual on cybersecurity, popped up in jihadi forums. The document also listed those applications considered most suitable for use, such as Mappr, a tool for changing the location of a person in photographs. The Avast SecureLine application facilitates the achievement of similar goals, masking the user’s real IP address by specifying, for example, an access point in South Africa or Argentina in place of, say, Syria.

Jihadis have advised using non-American companies such as Hushmail and ProtonMail for email correspondence. Hushmail CEO Ben Cutler acknowledged in comments to Tech Insider that the company had been featured in the manual, but added that “It is widely known that we cooperate fully and expeditiously with authorities pursuing evidence via valid legal channels”. In turn, CEO of Proton Technologies AG Andy Yen mentioned that besides ProtonMail, terrorists likewise made use of Twitter, mobile phones, and rental cars. “We couldn’t possibly ban everything that ISIS uses without disrupting democracy and our way of life,” he emphasized.

For telephone calls, the manual recommended the use of such services as the German CryptoPhone and BlackPhone, which guarantee secure message and voice communications. FireChat, Tin Can and The Serval Project provide communication even without access to the Internet, for example, by using Bluetooth. The programs recommended by terrorists for encrypting files are VeraCrypt and TrueCrypt. The CEO of Idrix (the maker of VeraCrypt) Mounir Idrassi admitted that “Unfortunately, encryption software like VeraCrypt has been and will always be used by bad guys to hide their data”. Finally, the document makes mention of Pavel Durov’s messaging system, Telegram.

It was a massive information campaign that saw Telegram branded with the unofficial stamp of messaging app of terrorists. Foreign politicians played their part. Three days before the attack on the Berlin Christmas Fair in December 2016, senior members of the House Foreign Affairs Committee urged Durov to immediately take steps to block ISIS content, warning him that terrorists were using the platform not only for propaganda, but also to coordinate attacks. Moreover, Michael Smith, an advisor to the US Congress and co-founder of Kronos Advisory, claims that Al-Qaeda also used Telegram to communicate with journalists and spread news to its followers. Against this backdrop, Telegram reported on the blocking of 78 channels used by terrorists. It was this interest and pressure from the authorities that ultimately caused the militants to seek a replacement for this messaging service.

Monitoring Safety

Telegram representatives have repeatedly claimed that their messaging service is the safest in the world thanks to the use of end-to-end encryption. However, this is at very least doublespeak: end-to-end encryption is used only in secret chat rooms and even then possesses obvious shortcomings, as pointed out by Sergey Zapechnikov and Polina Kozhukhova in their article On the Cryptographic Resistance of End-to-End Secure Connections in the WhatsApp and Telegram Messaging Applications [2]. In particular, due to the vulnerability of the SS7 network, which manifests itself through authorization via SMS, it is possible to access chats. Secret chats cannot be hacked, but you can initiate any chat on behalf of the victim. Secondly, developers violated one of the main principles of cryptography – not to invent new protocols independently if protocols with proven resistance assessments that solve the same tasks already exist. Thirdly, the use of the usual Diffie–Hellman numerical protocol and the lack of metadata security, so that you can track message transfer on the server, add any number from the messaging service’s client to the address book, and find out the time a person came online.

In this context, WhatsApp seems more reliable since it uses end-to-end encryption for all chats and generates a shared secret key using the Diffie–Hellman protocol on elliptical curves. Many terrorists have recourse to this messenger. In May 2015, in “The Life of Muhajirun”, the blog of a woman writing about her and her husband’s trip to Germany, the author wrote about how her husband contacted smugglers by WhatsApp while in Turkey.

In the article Hacking ISIS: How to Destroy the Cyber Jihad Malcolm W Nance; Chris Sampson; Ali H Soufan, the authors recount the story of Abderrahim Moutaharrik, who planned an attack on a Milan synagogue with the intent of fleeing afterwards to Syria. He used WhatsApp to coordinate the attack. Italian police were able to identify the criminal after an audio message was sent.

However, jihadis are skeptical about WhatsApp, and not only for reasons of security. In January 2016, a supporter of jihad, security expert Al-Habir al-Takni, published a survey of 33 applications for smartphones, separating them into “safe”, “moderately safe”, and “unreliable”. WhatsApp ended up at the bottom of the rating. In defence of his opinion, the expert mentioned that the messaging service had been purchased by the Israeli Company Facebook (WhatsApp was bought by Mark Zuckerberg in 2014 for $19 billion, the messenger has 1 billion users worldwide).

In the light of complaints about Telegram and WhatsApp and as laws are tightened, terrorists have become preoccupied with the creation of their own application. In January 2016, the Ghost Group, which specializes in the fight against terrorism, uncovered online an instant messaging service created by militants, Alrawi. This Android application cannot be downloaded on Google Play – it is only available on the Dark Web. Alrawi has come to take the place of Amaq — a messaging service providing access to news and propaganda videos, including videos of executions and videos from the battlefield. Unlike Amaq, Alrawi possesses complete encryption. The Ghost report noted that after American drone strikes destroyed the prominent cybersecurity specialist Junaid Hussain in the summer of 2015, the cyber caliphate’s effectiveness declined dramatically. “They currently pose little threat to Western society in terms of data breaches, however that is subject to change at any time” a spokesperson for the hacker group said in a conversation with Newsweek.

The Game to Get Ahead

Jihadis, like hackers, are often a step ahead of the authorities and in tune with the latest technological innovations. Gabriel Weimann, a professor at the University of Haifa in Israel and the world’s foremost researcher of Internet extremism, noted that terrorist groups tend to be the first users of new online platforms and services. As social media companies lag behind in the fight against extremism on their platforms, terrorist groups become more experienced in modifying their own communication strategies. “The learning curve is now very fast, once it took them years to adapt to a new platform or a new media. Now they do it within months,” said G. Weimann.

These words can be confirmed: every popular service, like WhatsApp or Telegram, has alternatives that jihadis are more than willing to make use of. In the above-mentioned article Hacking ISIS: How to Destroy the Cyber Jihad, the authors list dozens of other services jihadis utilize. For example, Edward Snowden’s favourite application, Signal, has open source code, reliably encrypts information, and allows you to exchange messages and calls with subscribers from your phone book. Signal is community sponsored through grants. According to Indian authorities, ISIS member Abu Anas used Signal as a secure alternative to WhatsApp. Another solution, released in 2014, is the messaging service Wickr, created by a group of cyber security and privacy specialists. It was this application that first made it possible to assign a “life” to a message, ranging from a few minutes to several days. Wickr destroys messages not only on smartphones, telephones, and computers, but also on the servers through which correspondence passes. The program has a function to erase the entire history, and after it has been used messages cannot be restored by any means. Australian Jake Bilardi came across an ISIS recruitment message in Telegram and was to meet with a recruiter through Wickr, though he was detained in time.

Surespot, Viber, Skype and the Swedish messaging system Threema are also mentioned. The latter application deserves to be mentioned on its own — Threema received 6 out of a possible 7 points for security from the Electronic Frontier Foundation (a non-profit human rights organization founded in the U.S. with the aim of protecting, in the era of technology, the rights established in the Constitution and the Declaration of Independence). Jihadis have also called the Silent Circle application a preferred app. After learning of this, the developers tightened security requirements, compelled by the fact that one of the creators, Mike Janke, is a former naval officer. Silent Circle now cooperates with governments and intelligence agencies. Though the list doesn’t end there — Junaid Hussain likewise made use of Surespot and Kik.

Militants have a great number of communication tools at their disposal in accordance with the goals they happen to be pursuing.

But if applications are primarily used on smartphones, other programs exist for laptops and PCs, readily used by both Information Security specialists and jihadis; for example, the Tor browser or T.A.I.L.S (The Amnesic Incognito Live System), a Debian-based Linux distribution created to provide privacy and anonymity. All outgoing T.A.I.L.S connections are wrapped in the Tor network, and all non-anonymous ones are blocked. The system leaves no trace on the device on which it was used. T.A.I.L.S. was used by Edward Snowden to expose PRISM, the US State Program, the purpose of which was the mass collection of information sent over telecommunication networks.

It can be concluded that militants have a great number of communication tools at their disposal in accordance with the goals they happen to be pursuing. Banning or blocking these tools will not ensure victory over the terrorists, though that is not to say the methods should be abandoned altogether. The best method to employ is that of having agents infiltrate terrorist ranks to ensure constant online and offline monitoring.

First published in our partner RIAC

  1. Michael Weiss, Hassan: ISIS: Inside the Army of Terror, ANF, Moscow, 2016
  2. Sergey Zapechnikov, Polina Kozhukhova, On the Cryptographic Resistance of End-to-End Secure Connections in the WhatsApp and Telegram Messaging Applications: NRNU MEPhI, Information Technology Security, Volume 24, No. 4, 2017

Continue Reading
Comments

Intelligence

Somalia: Security Council adopts resolution to keep pirates at bay

Published

on

Suspected pirates wait for members of the counter-piracy operation to board their boat. US Navy/Jason R Zalasky

The UN Security Council on Friday adopted a resolution to combat the continuing threat of piracy off the coast of Somalia, as shipping and protection measures to keep vessels safe, have returned to levels not seen since before the COVID-19 pandemic.

The Secretary-General’s latest report on the situation in the country illustrates that joint counter-piracy efforts have resulted in a steady decline in attacks and hijackings since 2011.

However, although piracy off the coast of Somalia has been “repressed”, the ongoing threat of resurgence remains.

As such – under Chapter VII of the Charter, which provides for enforcement action – the Security Council adopted Resolution 2608, which, among other things, condemns piracy and armed robbery at sea off the Somali coast, underscoring that it exacerbates instability by introducing “illicit cash that fuels crime, corruption and terrorism”.

Making amends

Through its resolution, ambassadors said that investigations and prosecutions must continue for all who “plan, organize, illicitly finance or profit from pirate attacks off the coast of Somalia”.

The Somali authorities were called upon to put in place mechanisms to safely return effects seized by pirates and to patrol the coastal waters to prevent and suppress future acts of armed robbery at sea.

At the same time, they were requested to bring to justice those using Somali territory to “plan, facilitate, or undertake criminal acts of piracy and armed robbery at sea”.

Member States were asked – at the request of the Somali authorities and with notification to the Secretary-General – to strengthen maritime capacity in the country and to appropriately cooperate on prosecuting suspected pirates for taking hostages.

The resolution also encourages the Somali Government to accede to the UN Convention against Transnational Organized Crime, and develop a corresponding legal architecture as part of its efforts to target money laundering and financial support structures on which piracy networks survive.

Authorization to fight piracy

The Security Council renewed its call to States and regional organizations to deploy naval vessels, arms, and military aircraft to combat piracy, and stressed that the importance of international coordination.

At the same time, the resolution authorized – for a further three-month period – States and regional organizations cooperating with Somali authorities, to fight against piracy and armed robbery at sea off Somalia, “for which advance notification has been provided by Somali authorities to the Secretary-General”.

Calls to action

Through its resolution, the Council called upon all States to “take appropriate actions…to prevent the illicit financing of acts of piracy and the laundering of its proceeds…[and] to criminalize piracy under their domestic law”.

Countries were also petitioned to cooperate in the investigation and prosecution of anyone responsible for or associated with acts of piracy and armed robbery off the coast of Somalia, including international criminal networks.

Resolution 2608 welcomed the continued work of the UN Office on Drugs and Crime’s (UNODC) Global Maritime Crime Programme to ensure that those suspected of piracy are prosecuted, and those convicted, imprisoned in accordance with international legal standards.

Finally, the resolution recognized the International Maritime Organization’s (IMO) role concerning privately contracted security personnel on board ships in high-risk areas and welcomed its continued anti-piracy role – particularly in coordination with UNODC, the World Food Programme (WFP), the shipping industry and all other parties concerned.

Continue Reading

Intelligence

ISIS-K, Talc, Lithium and the narrative of ongoing jihadi terrorism in Afghanistan

Published

on

Terrorism

Chinese and Russian efforts are underway to strengthen the Taliban government economically and militarily, along with legitimacy and international recognition. In return, Pakistan is trying to disrupt the Taliban government’s relations with Iran and Tajikistan, as well as with China and Russia. Subsequent to the fall of the previous republican government, following Russia and China, Iran is a major supporter of the Taliban.

Iran plays a significant role in a new intelligence surge launched by major regional players in Afghanistan, which includes ISIS-K campaign against the Taliban government in country. Although Taliban have been able to crush, ISIS-K in several provinces of Afghanistan, but the group was able to mobilize a bunch of other terrorist organizations such as Turkistan Islamic Party, Khetabat Iman Ul Bekhari, Khetabat ultauhied Waljihad, Islamic Jihad Union, Jamaat Ansarullah and East Turkistan Islamic Movement, and The Army of Justice. According to sources on the ground, the group has also established contacts with the resistance front led by Ahmad Massoud to fight Taliban.

Seemingly, the group joined forces with the Resistance Front in northern part of the country to downfall the Taliban particularly in northern Afghanistan.  In addition to defeating the Taliban in the central and southern provinces of Afghanistan, the group has started a sectarian war between the Sunnis and Shiites, which has partly soured relations between the Afghan Taliban and Iran. The group had the support of Pakistan as well as other regional countries and beyond.  Furthermore, Lashkar-e-Taiba fighters entered Afghanistan with the help of the Pakistani army, joining the fight between Sunni and Shia in Afghanistan.  Efforts are underway to start a civil war in the country.  According to the information, ISIS militants have been mostly funded and financed by the Saudi government, as well as other Salafi Gulf States to minimize and even eradicate Shiites in the region.

In accordance with some sources, additional costs are being borne by the United States and Great Britain.  Beside all such financial support, Islamic State (ISIS-K) militants also obtain some funding and thrive through mining and establishing business firms throughout the region.

Let us say, Islamic State militants relatively control the oil reserves in Iraq and they illegally extract it, meantime they have hands on talc and other precious stones in Afghanistan to cover their propaganda campaign expenses. ISIS-K uses the same tactics applied by Taliban during the US occupation; Taliban began illegal mining in Afghanistan to finance their activities in order to wage the war against the US aggression.   During the Taliban’s resistance, Taliban fighters had also a strong financial support from Pakistan, and the Pakistani government accordingly received that financial sustenance from other countries namely western and the Arab world.  However, the Taliban forcibly mined Afghanistan’s lapis lazuli and smuggled it to Pakistan. Under the auspices of the Pakistani government, the gems were shipped to the United States and the European countries.  In return, the Taliban were paid in cash.  Likewise, the Taliban, ISIS chose the same path, and made the most of money via mining in Afghanistan.

Subsequently, the ISIS group has chosen Nangarhar province as its stronghold in Afghanistan, since it has mineral deposits of talc, chromite, marble and other precious and rare earth minerals in addition, the group is also trying to control smuggling routes, to launch cross border terrorism.

 Consequently, ISIS-K endeavors to bring Ghazni province under its control, since a huge Lithium, mine exists in the province. The group is well aware of its preciousness in the world market because the element is mainly used by automotive industries to produce batteries for electric cars.

The anti-corruption network of the former Afghan government reported that the Taliban and the Islamic State together received about 46 million in 2016 thru illegal mining from a single district of Nangarhar province. That is why ISIS has spent millions of dollars in Afghanistan because of holding its campaign and propaganda, allegedly, most of which came from mining.

Furthermore, district governors have been appointed by ISIS for Afghanistan’s 387 major districts, with a monthly salary of up to 80,000 Afghanis.  This is a huge financial burden for the Islamic State, but the Islamic State group’s representatives say that they stick to their words, so that everyone will be paid on time. The ISIS group needs a large amount of financial support to achieve its major goals, but the group is not overstrained financially, because it receives a chockfull financial support.

Conversely, Iran is trying to increase the number of Shiite orientated proxies in the world and especially in Afghanistan to eliminate ISIS-K in return; the Saudi and other Gulf Sates want to prevent it. Therefore, they use ISIS and other associates of the group to counter Iran’s ambitious trans-national agenda; ISIS-K takes advantage of having been provided with huge financial support by anti-Iran camp.

Iran has repeatedly tried to spread Shia religion around the world, most notably at Mustafa International School in Bamko, the capital of Mali in Africa.  There have been several attempts by the Iranian government to convert the students to Shi’ism, an issue that has become the topic of international debate supported by Saudi Arabia.  Finally, all of these events are currently having a direct and indirect impact on Afghanistan and the country’s ongoing security crisis, which will affect the entire region at the end.

Continue Reading

Intelligence

The means to manage cyberspace and the duty of security

Published

on

Over and above the ethical concepts regarding the near future, it is also good to focus on the present. Governments are required to protect their national resources and infrastructure against foreign and domestic threats, to safeguard the stability and centrality of human beings and political systems and to ensure modern services for civilians. Suffice it to recall the chaos that arose some time ago in the Lazio region for the well-known health issues.

Governments must play a key role in developing and leading the local ecosystems, but this national effort must involve many other stakeholders: local businesses, entrepreneurs, multinational companies, local and foreign investors, State agencies, Ministries and academics, people in education, professional institutions and the public at large.

Furthermore, cybersecurity is a national opportunity for developing the local economy and for positioning any country in the international arena as a safe place to establish and develop economic relations between States and companies. It is also important as a regional cyber hub.

Cyber strategy therefore consists in prioritising operational cyber activities with a view to optimising and monitoring the overdevelopment of cyber intelligence that could one day take such turns as to be ungovernable.

This is the reason why investment in technology, local capacity building and resource allocation and concentration are required. This means providing strategic advisory services to government agencies that are seeking to advance cyber security at a strategic and operational level.

It is therefore necessary to work with governments to develop their strategic and operational capabilities in cybersecurity, either at the national or sectoral level, as well as providing comprehensive cyber projects that combine cyber defence and the development of a local cyber ecosystem, based on the models tried and tested by various countries around the world, such as the People’s Republic of China, Israel, the United States of America, etc.

There is a need to specialise in setting up Cyber Units and Cyber Centres (SOC & Fusion Centres) and in developing Cyber Eco-Systems and Cyber Strategies. This means providing various cyber solutions, services and know-how to companies in various sectors, such as financial, industrial, energy, health, technology and many other sectors.

Stable OT (operational technology) security services and strategic advice to companies in the fields of energy, manufacturing, security, medicine, transport, critical infrastructure and many others create the prerequisites for defending cyberspace. As well as helping OT-based organisations integrate cybersecurity into their processes and products. Design, develop and deliver advanced technologies and solutions to protect critical assets in OT environments, such as ICS, SCADA, IIoT, PLC, etc.

In this regard there is a basic need for creating professional IT schools around the world that teach the meaning of cyberspace, and not just how to use Word and other simple Office programs.

The expansion and creation of universities and institutes of cyber knowledge is a starting point from which partnerships are launched with organisations seeking to create their own cyber schools or with academic or educational organisations offering cyber training to their students.

Providing comprehensive solutions for IT schools, enables the training of IT professionals and new recruits in all IT roles, so that hackers do not remain the sole repository of digital truth. Advanced training is a solid starting point for organisations seeking to train their IT professionals. Professionals who can manage and master schemes such as Cyber Defender, Cyber Warrior, Cyber Manager, SOC Analyst, Digital Forensics, Basic Training and many others, including through the use of simulation.

Leading the creation and development of the high-level cybersecurity ecosystem is a duty of States towards the citizens who elect their leaders. The same holds true for seeking and employing highly experienced experts in the various security subject matters, including strategic cyber defence, cyber warfare, cyber intelligence, cyber research and development and cyber strategy, as well as defining training policies for these branches of operation.

Having examined the prerequisites for protecting cyberspace, it is worth addressing the structure of some of the risks faced by institutional network systems.

One of the most typical operations made by hackers relates to the use of client/server technology to combine several computers as a platform to launch DDoS (Distributed Denial of Service) attacks against one or more targets, thus exponentially increasing damage.

A malicious user normally uses a stolen account to install the DDoS master programme on a computer. The master programme will communicate with a large number of agents at any given time and the agent programmes have been installed on many computers in the network. The agent launches an attack when it receives an instruction. Using client/server technology, the master control programme can activate hundreds of agent programmes in a matter of seconds.

A DDoS uses a group of controlled machines to launch an attack on a computer, be it server or client. It is so fast and hard to prevent that is therefore more destructive. If we consider that in the past network administrators could adopt the method of filtering IP addresses against DDoS, it becomes more difficult to prevent such actions today. How can measures be taken to respond effectively?

If the user is under attack, defence will be very limited. If there is a catastrophic attack with a large amount of traffic pouring onto the unprepared user, it will very likely that the network will be paralysed before the user can recover. Users, however, can still take the opportunity to seek defence.

Hackers usually launch attacks through many fake IP addresses. At that juncture, if users can distinguish which IPs are real and which are fake – and hence understand from which network segments these IPs come – they can ask the network administrator to change them. Firstly, the PCs should be turned off to try to eliminate the attack. If it is found that these IP addresses are coming from outside rather than from the company’s internal IP, a temporary investigation method can be used to filter these IP addresses on the server or router.

The solution would be to discover the route through which the attackers pass and block them. If hackers launch attacks from certain ports, users can block these ports to prevent intrusion. After the exit port is closed, all computers cannot access the Internet.

A more complex method consists in filtering the Internet Control Message Protocol (ICMP), a service protocol for packet networks transmitting information regarding malfunctioning, monitoring and control information or messages between the various components of a computer network. Although it cannot completely eliminate the intrusion during the attack, filtering the ICMP can effectively prevent the escalation of the aggression and can also reduce the level of constant damage to a certain extent.

The DDoS attack is the most common attack method used by hackers. Some conventional methods of dealing with it are listed below.

1. Filter all RFC1918 IP addresses. The RFC1918 IP address is the address of the internal network, such as 10.0.0.0, 192.168.0.0, 172.16.0.0, etc. These are not fixed IP addresses of a particular network segment, but confidential local IP addresses within the Internet, which should be filtered out. This method serves to filter out a large number of fake internal IPs during an attack, and can also mitigate DDoS attacks.

2. Use many PCs to resist hacker attacks. This is an ideal response phase, if the user has sufficient ability and resources to enable a defence against hackers who attack and continue to access and take over resources. Before the user is fatally attacked, the hacker has little means to control many PCs. This method requires considerable investment and most of the equipment is usually idle, which does not correspond to the actual functioning of the current network of small and medium-sized enterprises.

3. Make full use of network equipment to protect resources. The so-called network equipment refers to load balancing hardware and software such as routers and firewalls, which can effectively protect the network. When the network is attacked, the router is the first to fail, but the other devices have not yet collapsed. The failed router will return to normalcy after being restarted and will restart quickly without any loss. If other servers collapse, their data will be lost and restarting them is a lengthy process. In particular, a company uses load balancing equipment so that when a router is attacked and crashes, the other will work immediately. This minimizes DDoS attacks.  

4. Configure the firewall. The firewall itself can resist DDoS and other attacks. When an attack is discovered, it may be directed to certain sacrificial hosts, which are able to protect the actual host from the attack. The sacrificial hosts may obviously choose to redirect to unimportant hosts or to those having systems with fewer vulnerabilities than some operating systems and with excellent protection against attacks.

5. Filter unnecessary services and ports. Many tools can be used to filter out unnecessary services and ports, i.e. filter out fake IPs on the router. For example, Cisco’s CEF (Cisco Express Forwarding) can compare and filter out Source IP and Routing Table packets. Opening only service ports has become a common practice for many servers. For example, WWW servers open only 80 ports and close all the others or use a blocking strategy on the firewall.

6. Limit SYN/ICMP traffic. The user must configure the maximum SYN/ICMP traffic on the router to limit the maximum bandwidth that SYN/ICMP packets can occupy. Therefore, when there is a large amount of SYN/ICMP traffic exceeding the limit, this means it is not normal network access, but hacking. In the beginning, limiting SYN/ICMP traffic was the best way to prevent DDoS. Although the effect of this method on DDoS is currently not widely used, it can still play a certain role.

7. Scan regularly. Existing network master nodes should be scanned regularly, checked for security vulnerabilities and new vulnerabilities cleaned up promptly. Computers on backbone nodes are the best locations for hackers to use because they have higher bandwidth. It is therefore very important to strengthen the security of these hosts. Furthermore, all computers connected to the major nodes of the network are server-level computers. Hence regular scanning for vulnerabilities becomes even more important.

8. Check the source of the visitor. Use suitable software to check whether the visitor’s IP address is true. This should be done by reverse-searching the router: if it is fake, it will be blocked. As said above, many hacker attacks often use fake IP addresses to confuse users and it is hard to find out from where they come. Therefore, for example, the use of Unicast Reverse Path Forwarding can reduce the occurrence of fake IP addresses and help improve network security.

As seen above, we need experts who know more than hackers, and this is the duty that States and governments have towards their institutions, but primarily towards their citizens.

Continue Reading

Publications

Latest

South Asia3 hours ago

Bangladesh’s Vaccine Policy: Cooperation beyond Geopolitical Lens

Since its outbreak, the COVID-19 pandemic has led to unprecedented devastation to every nook and corner of the world. Not...

Economy6 hours ago

Fashion Week & Sustainability

Fashion is always fun and constantly evolving. Old fashion styles are still being popular and new trendy styles are being...

Development8 hours ago

Strong Producer Organizations Key to a Vibrant Farming Sector

Scaling up agricultural production among small farmers through clustering and organizing them into cooperatives and various types of producers’ organizations,...

Energy News10 hours ago

Renewable electricity growth is accelerating faster than ever worldwide

The growth of the world’s capacity to generate electricity from solar panels, wind turbines and other renewable technologies is on...

Intelligence12 hours ago

Somalia: Security Council adopts resolution to keep pirates at bay

The UN Security Council on Friday adopted a resolution to combat the continuing threat of piracy off the coast of...

Africa Today14 hours ago

Rights experts call for end to violence against women in Tigray conflict

Experts appointed by the UN Human Rights Council have called for urgent action to end violence against women and girls...

Human Rights16 hours ago

‘Bodyright’ campaign launched, to end rise in gender-based violence online

Corporate logos and Intellectual Property (IP) receive “greater protection online than we do as human beings”, the UN’s women’s health agency that works to end gender-based violence, UNFPA, said on Thursday, launching a new...

Trending