By

Ammar Jaffri
Former Additional DG, FIA
&
Currently Chairman Cyber Security
Task Force of Senate Defense
Committee
Scheme of Presentation
Cyber Space Opportunities and Challenges for Pakistan.

Use of Technology by Terrorists & Criminals

Preparing for Cyber Pearl Harbor

Remaining Secure in Cyber Space …. how

Need for Regional and International cooperation for

securing the Cyber Space

Secure Internet for Sustainable development in Pakistan.

2
 Introduction.. About My Self
• Former Additional Director General FIA and Pioneering
Head of National Response Center for Cyber Crimes.

• Currently Heading Cyber Security Task Force of Senate

Defense Committee.

• Chairman ICTs for Development Task Force of

Ministry of Science & Technology.

• Representing Pakistan in Number of Global Initiatives

on ICTD & Cyber Security
 Use of Cyber Space . Future Trends and
Opportunities.

• By 2025 ….. WWW TO WWE

a) Eight Billion on line users.
b) World would be ‘ Hot Spot ‘.
c) IoT would create new opportunities.
d) Computers would be 64 times faster.
e) Big Data in 2025 would be like ‘Oil’
f) ICTD would be the only option.
g) AI & VRs would Create New Jobs …
h) Crypto Currencies .. Fast adoption.
 World around us is Changing Fast
• Change is a law of nature... Internet has
brought the biggest change in History.
• From Evolution To Re
• From Industrial Revolution to VRs
• From Stone Coin To BitCoin
• From THINGs of Internet To Internet
Things.. What is Next !!!

5
 World around us is Changing Fast
(Cont’d.)
• Our increasing Dependence on of Social
Networks & VOIP Communication

• Without Secure Internet Good

Governance/ Development is NOT Possible

• On-Line learning is changing the

Traditional knowledge Systems
6
 Correspondingly Increasing
Challenges.
• Increasing dependence on Latest
Technologies without Core Understanding.

• We took 60 years to build existing Internet

infrastructure … who uses it now at this
advanced stage ?????

• Criminals have their own dedicated

Communication networks. 7
 Pro-active Defense Approach
• US declared Cyber Space as fourth front for
defense since long. Others followed …..
• Flip side of technology is always there we
need to strike a balance
• We need to be pro-active to combat the
misuse of Internet, Terrorists & Criminals
have already adopted its usage for their
purposes.

8
 Use of Technology by Terrorists &
Criminals
• Historical linkages between advancements
& latest trends in crimes.

• Criminals always take advantage of

Change.

• Attacks on Face book & other Social Media

(Cyber Criminals have organized to identify
soft targets and vulnerable segments. 9
Use of Technology by Terrorists
& Criminals (Cont’d.)
• Use of mature technologies by criminals.

– Technologies in the hands of Terrorists.

– Much before Law enforcement drug dealers

had satellite phones in USA.

– Today criminals have their own Secure Mobile

communication networks ( Encrypt )
10
 Threat Landscape.
• Due to use of latest technologies, ability of one to affect
many is scaling up exponentially….Equally for good or
bad purposes..

• Use of Robots and remote control devices (Drones ) by

Criminals is understandable. ( Recent arrest of Alqada
Drone expert in Karachi )

• 3D printing an opportunity and a challenge.

• Linkages between terrorists and traditional criminals.

11
 From Cyber Crimes to Cyber
Terrorism / Warfare
• Initial success of cyber criminals
encouraged terrorists to use cyber space.
• Anonymity, low cost & scaling up
immediately are other support factors.
• Terrorists are using the cyber space for the
same purposes for which we are using it.
• Attacks on Financial Institutions are
increasing . ( Renent example of
BanglaDesh)
12
 From Cyber Crimes to Cyber
Terrorism / Warfare (Cont’d.)
• Anonymous in action.

• Advanced Persistent Threats. (APTs)

• Stuxnet was the real game changer.

• Cousins of Stuxnet: Duqu, Flame, and

Shamoon and many More …
13
 From Cyber Crimes to Cyber
Terrorism / Warfare (Cont’d.)
• New technologies have changed the way
terrorist organizations used to` operate.
Terrorists relies on global communications for:
– Command and Control
– Communications
– Propaganda & PsyOps
– Recruitment
– Fundraising
– Data mining
Internet as a Tool for Command &
Control
The same advantages the
Internet brings to the general
public and to business are
useful to international terrorist
groups:
– speed
– Security
– Global linkage
Critical infrastructure protection: a vital
need for National Security
• Our Legacy Industrial Control Systems
were not designed with security in mind.

• Predictive Maintenance in ICS may have

backdoor.

• Global Coordination of terrorists....their

presence everywhere. ( Inside Threats )
16
Critical infrastructure protection: a vital
need for National Security (Cont’d.)
• Terrorists are operating with a cause and
has the corresponding conviction.

• Threats are normally from Insiders......

• Interdependence of Systems is a
requirement but Threat also. Weak Link
• Technology based Local & Global co-
operation is Needed for tracking Criminals17
 Need for global cooperation to
combat Cyber Warfare
• Internet by default is Global. We cannot
survive in isolation.

• Global presence of terrorists & criminals in

Cyber space need Joint efforts by ALL.
• Need to understand Internet components
spread through out the world.
• Botnet Mitigation ..
 Need for global cooperation to
combat cyber Warfare
• Pakistan need to have some Global Legal
Infrastructure in place ( Under Interpol )
• Attackers are many but defenders are less ( Cyber
Warriors ). Many Countries already have

• Friendly Countries with Cyber Knowledge may be

approached. ( Cyber Diplomacy )
• Interdependence on other Countries is
increasing Fast … We need to watch our Interest.
 Some Recent Cyber Threats to
Pakistan ( June 2017)
• Multiple IP addresses particularly from
China have been probing Pakistan
cyberspace actively and looking for
vulnerabilities to exploit.
• Attacks of different nature that
materialized and had a major impact have
been observed coming from Russia, China
and Germany.

20
Attacks on Pakistan Cyber Space
• Among the detected malwares that are
most active in Pakistan cyberspace, 98.29%
activity has been observed for
NetWorm.Win32.Kido.ih
• An infamous worm that hogs network
resources and is spread by exploiting
Microsoft OS specific Vulnerabilities
• Information Collected by Sensors

21
 Attacks on Cyber Space of
Pakistan
• The correlated information from different
sensors reveals that there were more than
606729 number of connection attempts to
Pakistan cyberspace from all over the
world.
• More than 63163 unique IP addresses
tried to establish a connection with
deployed sensors through-out Pakistan for
at-least one time.
22
 Attacks of Cyber Space of
Pakistan
• After thorough automated analysis and
correlation, most of these connection
attempts were classified as malicious
and were doing intense scanning for
figuring out running services (particularly
the vulnerable ones) over Pakistan
cyberspace.

23
 Cyber Attacks Continued …
• One of the Top IP address that established
most number of connections was found to
be 92.42.107.186 with more than 59579
connections. The origin of this IP address
was found to be Switzerland.
• One of the top IP addresses that initiated
most Malware attacks was found to be
37.115.209.228 with more than 21277
successful attacks. Origin - Ukraine
24
Preparing for Cyber Pearl Harbor
• Information Warfare is an Evolving Battlefield

• Cyber attacks appear a good way to gain tactical

advantage during the opening moments of any
war conflict ( Bytes Before Bullets ).

• They surprise by their very nature -- attacks are

so diverse that it is hard to predict what the next
attack will look like or where it will occur.

25
Preparing for Cyber Pearl Harbor
(Cont’d.)
• Like what we saw in Pearl Harbor on December 7, 1941,
some candidates for a cyber "Battleship Row," may be
- core routers;
- undersea cables;
- strategic communications;
- Air defense;
- Electricity nets;
- Classified nets/financial nets;
- DNS Servers / IoTs
- Operating system....Many more
26
Preparing for Cyber Pearl Harbor
(Cont’d.)
• A successful attack on any of these targets could
have tangible Military value.

• May cause panic among the civilian population.

• As with Pearl Harbor, a successful attack would

delay a counterattack ( A Surprise )
• Cyber attack may help to capture real-world
territory from which attacker could then play
defense.
27
Preparing for Cyber Pearl Harbor
(Cont’d.)
• As a prelude to any major war in the future, we may see
some kind of Cyber Pearl Harbor, developed in a secret,
air-gapped training room before anyone gets to see it.

• In cyber war, the gap between perception and reality is

increasing fast. Cyber attacks do not generally cause
physical damage or human casualties.

• They are likely to be effective only when used by a side

with traditional military firepower, or they invite a
counter attack and attacker may regret.
28
Preparing for Cyber Pearl Harbor
(Cont’d.)

• By analogy, hackers are closer to pirates

than infantry.
• Hackers can cause havoc with hit-and-run
tactics, but they are at a disadvantage in a
set-piece battle.
• Finally, in cyber war, everyone is
vulnerable to retaliation ( In Panic ).
29
Some vital aspects of Cyber Warfare

• Cyber Warfare is not only real but threat is

increasing day by day. ( Current Global Situation)
• Governments alone can not face the challenge.
• Existing Cyber Infrastructure is a settled Path way
for Criminals also. Who Take the Lead is a
Million Dollar question.
• Element of surprise, none of us has prior
experience.
• Counter Measures are not only technical in
nature, many other Factors ????
30
 Vital aspects of Cyber Warfare
• USE of WWW is a great tool of Cyber warfare,
but at the same time Cyber Criminals would also
attack this infrastructure specially Critical one.

• Keywords of Counter Cyber Warfare are.

a) Preparation with coordination.
b) R&D ( Shared / dedicated efforts may be made
c) Improvements /Testing and align with change
d) Regional & Global Cooperation
e) Bring closer Public Private partnership.
31
 Secure Internet For Sustainable
Development.
• To promote use of Information and
Communication technologies (ICTs) for
rapid development of education, health,
economic empowerment and good
governance, we need to make the cyber
space secure.
• Secure use of ICTs at gross root level is key
for rapid development in un-served areas.

32
 Way Forward (Cont’d.)
• Coordination between technology leaders
& Public sector organizations.

• Need to promote Public/Private

partnerships.

• Academia & Industry Must join hands

together for R&D. ( Demand Driven )
33
 Way Forward (Cont’d.)
• Learning Curve of Information Security is
different from IT Security, Un-learn before
we learn new trends.
• Need for implementing International
Standards in Information Security. Same
language to be understood by every one.

• Industry Certifications instead of Vendor

Certifications.
34
 Way Forward (Cont’d.)
• Cyber Security Policy … Local & Regional.

• SOPs & Steps to follow in Cyber

Emergencies. ( Re-action time would be
limited )
• Regular R & D and Identification of new
threats as a standard procedure.
• Understanding Role of CERTs .
35
 Way Forward (Cont’d.)
• Working with International CERTs.

• Sharing of threats on Internet is Mutual.

• Importance of internet Censors

• Cyber Drills / Cyber Scouts

36
 Way Forward (Cont’d.)
• Working with ISOC and other
International fora of Internet like ICANN,
WSIS and Internet Governance.

• Need for coordinated working with ISPs

under an pre-defined arrangements, they
are the first responders.
• Security of our Industrial Control Systems.
37
 Way Forward (Cont’d.)
• Joint Working for security of Critical
Infrastructures.
• Government organizations alone can not
handle the cyber crisis.
• Public private partnerships is the key.
• Capacity building of law enforcement &
Intelligence organizations.
• Shared use of Costly resources like Forensic
Labs / Tool kits for field investigations. 38
 Way Forward (Cont’d.)
• Capacity building of legal community.

• People-Process-Products (PPP).

• Availability of relevant laws.

• Need for Priority Communication.

• Cyber Insurance
39
 Need For Regional Cooperation
• Cyber Criminals belong to No Country.
• In Cyber Space Regions have similar
Challenges and solutions.
• Regional Cooperation would lead to better
Global Cooperation
• Establish a Web of Trust between Cyber
Security Professionals of our region and
combat with Cyber Criminals jointly.
IP Registry Systems & DNS systems.
40
 Last Words ….
• Expertise in Forensic Sciences at all Levels.
• Governments and Civil Societies are
already working together – We just need to
include Cyber Security agenda
• Cyber Diplomacy ???? Need of the Hour
• Understand Cyber Green, Bytes for all,
APCERT / ISACA / ISOC / IPNIC …. etc
We may start initially by Joint Cyber Drills
41
 Questions
Ammar@brain.net.pk
0300-8551479

42