Cyber Safety Awareness

Bahrain British Business Forum

21 February 2012

Ahmed J. AldoseriCyber Safety Director, TRA Bahrain

ECSA, CEH, CEI, RHCI, RHCE, MCSE, MCSA, A+, CQS-Security, Law Student

Agenda Overview

1

•Bahrain Market Numbers

2

•Benefits of the Internet

3

•Threats

4

•Solutions

5

•Emphasis on Children

6

•Questions…

7

•TRA’s SafeSurf DVD Initiative

1

•Bahrain Market Numbers

Bahrain’s Market

242,000 Fixed Lines

107,000 Wimax subscribers

1.7 million Mobile phone subscriptions

290,000 Broadband

Subscribers

694,000+ Internet Users

128,000 Mobile Broadband

Subscribers

Sources: TRA analysis Internet World Stats

2

•Benefits of Need for The Internet

Internet: Requirement or Luxury?

Maslow’s Hierarchy of Needs

Internet?

Internet Use

• Work

• Entertainment

• Study

• In short: the Internet improves our way of life!

So what do we do on the Internet?

Creating a web page

Purchasing or ordering goods or services

Internet banking

Telephoning over the Internet/VoIP

Interacting with general government Organizations

Keeping viruses, spyware and adware off your computer

Getting information from general government organizations

Playing or downloading video games or computer games

Posting information or instant messaging

Downloading software

Getting information related to health or health services

Education or learning activities

Downloading movies, images, music, watching TV or video, or listening to radio or music

Sending emails with attached files

Reading or downloading on-line newspapers or magazines electronic books

Getting information about goods or services

Sending or receiving e-mail

Social networking sites

7%

12%

12%

14%

15%

21%

24%

26%

27%

28%

29%

34%

35%

37%

37%

39%

69%

70%

Internet Activities

Internet Usage Frequency

73%

4%5%

18%

Within last 3 monthsBetween 3 months and a year agoMore than a year ago

Source: Nielsen/TRA survey, January 2012

Internet Usage in Bahrain - Adults

• Study conducted in 2010 (816 Adults)– Generally experienced

Internet users– Low Internet security

awareness– High level of trust– Frequently exposed to

negative online experiences

– No sources of reliable information for Internet advice

18-29 30-39 40-49 50-59 60-71

42.6%

31.0%

15.9%

8.4%

2.0%

Adults Surveyed

Source: TRA Analysis, 2010

Online Risk-Taking Behaviour of Adults

Series10

50

100

150

200

250

300

350 317292

260

146

290

Opened an email attachment that wasn’t from a trusted source

Received a virus from an email or a download

Posted personal information on a website

Shared personal information with someone they only met online

None of the above

Source: TRA analysis

Why is Cyber Safety relevant?

• High level of trust placed upon technology

• Relatively new area of crime legislation

• Constantly changing digital threats

• Security is by and large not a priority for many

• Potential for damage is huge!

3

•Threats

Online Dangers

Threats• Identity Theft• Account Theft• Confidentiality Breach• Participation in illicit

activities• Denial of Service• Defacement• …

Attack Venues• Email• Instant Messaging• Drive-by Attacks• Advertising Banners• Massive Traffic• Smart Phones (and apps)• Illegal Software• Wireless Connectivity• …

Sample Threats – Med Scams

Sample Threats - Phishing

Sample Threats – Spear-phishing

• Special form of phishing

• Targets a single individual

• Rate of success is much higher than normal phishing attempts

• Very difficult to defend against

• Example…

Example Spear-phishing EmailDear Ahmed,

My name is Khalid, I’m subscribed to your website’s mailing list. I called your office earlier but you weren’t at your desk. The receptionist said you are the person to speak to, so I asked for your email address.

I’ve visited your website recently to look for regulatory information pertaining to number portability, and was shocked to find such a government organization hosting highly objectionable files concerning recent events in Bahrain! This is highly irregular and is damaging Bahrain’s reputation! I hope no one in the media noticed this…

A sample PDF from your website is attached for your quick reference. As a Bahraini citizen I urge you to kindly remove such files as soon as possible.

Best wishes,

Khalid

Telecoms Consultant

From: Khalid_1976@gmail.comTo: aaldoseri@tra.org.bhSubject: TRA’s Website

Identity Theft

Lotteries

• Congratulations! You’ve won $50,000,000/-!!!

• How such frauds work…– Fees– Compromising computers

• Sample real stories…– Sample #1: “Microsoft told me I won…”– Sample #2: “The caller said he was from a local mobile

operator…”

Mobile Security Issues

• Smart phones of all types are great targets!

• You may receive a text message “from your operator” with new settings…– If installed, malicious software is installed

• Leads to disclosure of…– Bank account details– Contact lists– Messages

• Unverified applications are a favorite source– Jailbreaking (iOS)– Open Market (Andriod)– Windows Mobile– Symbian

Defacement

Microsoft India retail website defaced – Arabian Gazette, 14 Feb 2012

Hacktivism

4

•Solutions

General Advice

• Awareness, education, and some more awareness!– Need to recognize, and accordingly act, on the importance of cyber

safety

• Do not freely share your personal information online

• Procure legitimate software from trusted offline and online sources

• Ignore emails and attachments from untrusted sources, and be wary with trusted sources

• If it looks suspicious, or too good to be true, it probably is!

• Be wary of public wireless networks, and secure your own

Some More General Advice

• Do not use information in public IDs (e.g. email addresses) that will give away personal information– Such as ceo@company.com, 36107107@email.com, etc.

• Use strong passwords that only you would remember– Do not use names, dates, phone numbers, pet names, etc.– Example of a strong password: I L0ve the BBBF!

• 16 characters long, yet easy to remember• Includes upper and lower case, special characters, and numbers• Near-impossible to ‘crack’

• Install and keep up-to-date protection software (Antivirus, Internet Security, Firewall, …)– On your computer, laptop, phone, …

• Never click on links within emails; instead, type the address manually

Advice for Businesses

• Establish and enforce a corporate security policy– Passwords– Securing data storage and transmission– Document classification

• Ensure security is built-in, not bolted-on– Security should be considered throughout your IT architecture– Only deal with contractors that are security-conscious– Get audited and certified!

• Prepare for recovering from disasters– Test your preparations– Ensure at a minimum that critical staff can continue working

• Empower your technology staff with the tools and resources to do their job

Food for thought…

• It is possible to deter a hacker, and to make it very difficult for him to succeed, but it is impossible to stop him…

• Prevention is ideal, but detection is a must

• There really is someone out there trying to guess your passwords

• The one thing worse than not being secure, is having a false sense of security

5

•Emphasis on Children

Children and the Internet (1/2) – TRA 2010 Study

• Daily usage of the internet an average of 2.5 – 3.5 hrs

• Homework, playing games or to interact with other people.

• Use apps; including instant messaging, chat rooms, games, blogging and Social Networking Sites (SNS)

• There is no real understanding of what is meant by personal information

• Children do not share their online experience with adults

Children and the Internet (2/2) TRA 2010 Study

• Most parents do not participate in online activities with their children

• Most children have unsupervised access to the internet and there was little significant variation by nationality, religion, age or gender

• Cyberbullying is a problem identified by young people and teachers

• “Teacher humiliation” on SNS is becoming problematic

• Teachers feel they lack the skills as many young people are more computer literate than they are

• There is no formal internet safety training at schools

• Children are reluctant to seek advice out of fear of being reprimanded

ALERT! ALERT! ALERT!

Older children (14 – 18) take the most

risks; sharing personal information with strangers and

opening email attachments from an unknown sources.

43% of children surveyed had met

with an online contact who they

had not met in person before.

Advice for Parents

• Communicate– The first thing you should do is talk to your children about what they should

and should not do online– Befriend them; show your interest in what they do

• Get involved– Talk to your children and understand the ways they are using the Internet

and mobile phone

• Be aware– Your child may as likely cyberbully as be a target of cyberbullying. Be alert

to your child seeming upset after using the Internet or mobile phone

• Learn how– Use safety tools on a particular service or program. Most services have

block or ignore buttons, privacy settings, etc.

Some More Advice for Parents

• Remind your child– Don’t respond to bullying messages – at least not in anger– People, not computers, should be their best friends

• Take precautions– Make use of parental software– Review the activities of your child every now and then– Keep the computer in a common, well trafficked, room

• Keep the evidence– If you feel the threats or cyberbullying is serious, report it

to the police

Advice for Children

• Respect others– You can’t see the impact of your words or images on other people, so it is important to show

respect

• Think before you send– What you post online could stay there forever!

• Keep your personal information to yourself– Treat your password like your toothbrush! Only give personal information (mobile number,

website address) to trusted friends

• Block the bully– Learn how to block or report someone who is behaving badly, and don’t retaliate or reply in

anger

• Save the evidence– Learn how to keep records of offending messages, pictures or online conversations

• Make sure you tell– Please talk to an adult you trust – your parents, older sibling, or your teacher.

6

•TRA’s SafeSurf DVD Initiative

SafeSurf DVD

DVD Objectives

Provide free antivirus software

Help identify risks

Educate & make aware

Raise level of ICT

literacy

Make it a part of everyone's life

Positive experience

Explore the benefits

“The DVD will raise the level of awareness on how to interact with other internet users and will teach the user to explore the

internet in order to create, to share, to participate, to communicate and to transact Safely and Securely”

DVD Features

The DVD will be narrated in the top 5 languages that are used in the Kingdom of Bahrain with additional resources available in all languages, catering for those who might be illiterate and not able to read.

• 1st of it kind• Interactive • Narration + Subtitles • Platform neutral• Very Informative & Useful resource

Translation & Narration Recording

1. Arabic2. English3. Malayalam 4. Bengali5. Urdu

Snapshots of the DVD

And we’re done!

For more information about TRA Bahrain please visit

www.tra.org.bh

Questions?

Ahmed Aldoseri

Cyber Safety Director

Tel: +973 1752 0000,

Email: aaldoseri@tra.org.bh