The UMG is a consortium created by Radio Free Choson (RFC) and Open Radio for North Korea (ONK), shortwave radio stations targeting North Korea; The Daily NK, an internet periodical reporting on all aspects of North Korea; and OTV, an NGO-based internet television channel. It is the first ever private unification broadcasting station for South and North Korea. They have also received funding from the South Korean government.
The cyber security conference had attendees from over 20 countries around the world, including the United States, the United Kingdom, and a couple other Asian countries. The attendees included high government officials, army personnels, Reuters, and other leaders and professors from the media and technology field.
The core agenda of the conference was to discuss the various risks involved today with cyber security and how to combat them. This matter is of a big concern to South Korea, as they are constantly under attack from the North Korean government, so despite having an extremely developed economy with industry giants like Samsung, Hyundai, and other big names, they are always under the risk of being attacked. They wanted to come together and discuss new policies that could help protect ourselves from these attacks.
As far as I remember, there were about 8 papers presented on several cyber security issues, and my paper was among those, representing Bangladesh. Most of the presenters were IT experts, and the discussions revolved around cyber security issues, in fact most of them even accused North Korea behind major cyber-attacks in their countries.
There were various media reports that North Korea was behind the Bangladesh Bank heist, and that too was a major topic of discussion there.
Programmers are the most important and powerful people in the cyber world, and it takes involvement of expert programmers to carry out the major cyber-attacks that happen around the world frequently. Programming and mathematics are dependent on each other. What North Korea does is they target students from the primary level – they host Math Olympiads, programming fairs, and encourage students to participate in them. From a very young age, they encourage students to become programmers, they nurture their interest in mathematics, and when they find good students, they give them special support to help them become expert programmers. Then they are asked to help the country.
One thing we lack in Bangladesh is a cyber-army. When there’s a cyber-attack, we don’t have an army of people dedicated to protect us from it, but North Korea does. They have selected geniuses in the cyber world and created an army who work around the clock to protect themselves from any cyber threats or attacks. We don’t have that.
Another thing you’ve to keep in mind is that there’s a need for a multicountry communication. Sometimes the attack won’t happen directly, North Korea attacks via the U.S network, which in turn uses say India’s network, before reaching and attacking Bangladesh. It’s like an internationally organized criminal group.
So there needs to be communication between all these countries to safeguard each other from these networks. The thing is, you can’t really predict when these attacks will happen, you can just be prepared at all times. That was another main topic of discussion – how can we protect ourselves from future attacks.
Since 1998, North Korea has been forming a propaganda for cyber security attack, especially against South Korea, and has attacked their offices, databases, channels, and more.
Various investigative and media reports have proven that North Korea was behind the Bangladesh Bank attack. Although we are progressing a lot as a nation in the digital world, through online banking and other digital activities, we simply haven’t done enough to ensure that we are protected in the cyber world. We are far behind in that regard.
We could not recover 66.5 million dollars. Later, the hacking that was reported in the Nepalese bank, which tried to transfer about 4.4 million dollars somewhere else, that too was never solved, and the bank could not recover over $ 580,000 dollars even today.
The pattern is very similar during every bank attack, therefore the fingers point to North Korea. Their targets are on holidays, like they attacked us on a Friday, South Korea was targeted on Thursday, the Philippines was closed on Monday, and then they attacked Nepal during Diwali holidays.
Most of the people who came to the conference had one thing to say – they are in panic. That’s why, South Korea wants to work with all of us together, to create ‘man behind the machines’, who are proficient and can work around the clock, maintaining policies, to protect our countries from these attacks.
Because those who work with security, if they do not have proficient knowledge, only know how to do basic work, they cannot help us in this regard. So, the decision was taken to see how IT literate customers and employees can be utilized to create the perfect banker, who can protect the customers and the bank.
Lack of proper data protection activities is another weakness that our country has in the cyber front. There’s a need for IT experts who are well versed in cyber forensics – where they can trace back an attack after it has happened, to find out where the data came from, what was the method, the source, the data taken, etc. This is an absolute necessity, and only expert programmers, who have a vast amount of knowledge on reporting, programming, security, threats, etc., can carry out such activities, and for that we need to take steps as a nation to ensure we give people the opportunity to become such experts in the field.
It’s not just about Bangladesh. There need to be a coalition between countries like the UK, the US, Bangladesh, India, and others. We need to educate our masses on how to become ace hackers, give them information on how to become hackers; we need to invest more in our IT sector.
See, the thing is, our knowledge in the IT sector, especially for common people, is very backdated. Our universities and colleges need to focus on IT as a subject, we need to encourage our people to understand the various risks and how vulnerable they become when they use mobile apps, digital banking apps, etc., because that’s probably where the attacks are going to come from.
North Korea is now targeting to either steal money from reserves or transfer money from banks. Although South Korea is very alert against such attacks, and is taking proper security measures to protect themselves, countries like ours have leaps to run before we can catch up to that level of protection.
We need to prepare ourselves for protection. Our people need to know the importance of cyber security. We are progressing rapidly in the digital world, yet aren’t taking adequate measures to protect ourselves in that same sector. We need ace hackers, we need 24/7 security measures, only then will our progress really count.
Our policemen and lawmakers need to be made aware, our corporate and business sectors need IT auditors, and cyber forensics teams, cyber monitoring teams. We need to be more enthusiastic as a nation to progress in these sectors.
Cyber monitoring is another field, where experts monitor for attacks, they don’t have proper qualifiers, they just go in with their knowledge using various software to monitor for cyber security. He added that to have a trained team of cyber monitors, we need to implement the use of intelligence software, business software, analytical reporting software, and more.
There’s also IT auditing, and the person doing it is the IT Auditor. These guys are different than your business and tech auditors, those guys can’t track down cyber issues, and they will probably report back that everything’s normal. The IT Auditor is the guy who is completely well versed in everything IT related – from cyber security threats to programming, from monitoring to hacking, this guy needs to be the guru. Or else, nothing matters, the attacks won’t be tracked.
“We want to be Digital Bangladesh 2021, but before that, we need to lay a proper foundation, for experts in the IT sector,” said Alam. “I have trained people who were forced to take up IT, they had no interest, no passion, and therefore could never become experts. This should not be the case. We have to encourage people who are actually interested in the field, then we have to nurture them, invest in them, and help them become experts. They will lay the foundation for a strong future.”
This is what South Korea did – they analyzed past attacks, created IT experts, and then created audit teams, who could predict and protect themselves from future attacks. They are already years ahead of us, whereas we haven’t even begun proper training, or research, into these matters.
We have invested about $ 3.8 billion in the banking sector until 2016 and have been investing around 200 million dollars every year. Last year (2016) online transaction was 1.85 billion. That’s a huge amount of money that we are investing on digital platforms and we are doing this without proper investment in securing these platforms.
Customers are opening online bank accounts, they are hosting online transactions, they are freelancing and doing online-based work, which is all great, but not always secure. As a result, we are also incurring huge losses now and then, losses that we are unable to recover from. Our government needs to step up and look into these matters closely.”
It’s not just the banking sector or the financial sector. Look at social media? We have a huge online presence on social media, our children have a huge presence there, but they’re not safe. They are often victimized on social media platforms, because they’re vulnerable.
Cyber security isn’t all about protection from financial attacks; it’s about protecting our people. The sooner we create a hands-on protection service, the stronger we will be on our way to become a Digital Bangladesh. ■