‘I was raped more than 20 times in three days, they even could have killed me, today I am back to my country alive, I feel like it is my rebirth’ it is the remark of Shefali Begum (not her real name) who was taken to Malaysia promising better job opportunity there. She was working in Pearless Garments Factory near Mirpur Bangla College since January 2016. There she met with a man named Mofizur Rahman Raja, who provoked her to leave her job. He convinced her that he can manage a better job for her in hospitals of Malaysia. Mofizur Rahman Raja along with another man Topu insisted Shefali and her family to opt for a medical visa and hospital attendant job in Malaysia.
They told Shefali might get 50,000 per month there in Malaysia. They asked Shefali to provide 1, 50,000 taka for obtaining visa for her visit to Malaysia. They informed her that the costing was more since it was a medical visa. Though Shefali’s mother was initially reluctant to send her only daughter to a foreign country but compromised her maternal emotions hoping a better future ahead for both Shefali and the family as whole. None of them had any idea of the cruel experience Shefali was about to go through to fulfill the hope and dream of a dignified life. As Shefali enumerates her story like,
‘We gave 10,000 that day and no money receipt was served. As we demanded the receipt they told that they don’t break their promise and always try to help people in need. They asked me to rely upon them and said that it will change my life in good terms. We believed them and gave 1, 50,000 taka within few months. They told us to get my passport ready. In passport office, Raja identified himself as my husband, I objected but he told me that this is necessary to get visa. I believed them as good men with huge business and great mind to help others.
On 18 January 2017 at 12.25 am, we started for Malaysia in Air Asia Flight. Both Raja and Topu was accompanying me. In the Airport Police asked me that where am I heading to. I replied them that I was going to Malaysia with my Husband. Then police asked Raja about my home address, he could not answer properly, I helped him. Police also asked me about Raja’s address and I told accurately. So, police allowed us to go. We were together in individual seats in the flight. Topu was also in the same flight. In Malaysian Airport as well police asked me but I couldn’t say anything. Raja said we were there on tour.
From Malaysian Airport we went to a hotel that took one and an half hour to reach by bus. In the hotel we identified ourselves as husband and wife. On the following day, 20 January 2017, a girl named Bristi came to the hotel and took me to her home. Topu, Raja and another Bangladeshi man named Anwar also went with us. Reaching there I met Apu, another Bnagladeshi man. They raped me one after another soon after reaching there. Previously, Raja also raped me in the hotel room more than once.
They took me one place to another place where many new people including them raped me for several times. The gang also took money from others for that. I tried to resist them but they tortured me ruthlessly.
On 22 January 2017, when we were in Simunia, my physical condition started to worsen with heavy bleeding, so they took me to hospital. They tried to inject me and I resisted. Then hospital people asked Apu about our relationship. Apu introduced him as my husband, but I screamed saying ‘NO’. With that both Apu and Bristi ran away from the hospital. Coming out of the hospital, I went to a nearby garage. I started to cry before a Pakistani man there but he could not understand me. Then, he called a Bangladeshi man, who was passing through the road. I told the person to save me. The agents have brought me here and they will kill me. The Bengali brother made the Pakistani person understand the situation. In the meanwhile, Apu and Bristi showed up there and claimed I am insane, and ran away from home. They also said Apu is my husband. I said ‘no, no, help’. The Pakistani person said something to them I didn’t understand but both of them ran away in a car.
Then a person named Harun came and took me to a shelter home. He gave me dinner and treated me too well. I did not know him before but I felt like I got my brother beside me. I asked him how he knew about me! Then Harun Bhai said some friends from Bangladesh informed him about me. Later on, I came to know it was Ain o Salish Kendra (ASK) who took immediate action after getting informed from my mother and husband about me. ASK requested Harun Bhai who was representative of ‘Tanaganita’ a human rights organization in Malaysia. I was in shelter home till 29 January. They arranged all medical help there for me. And on 30 January I returned to Bangladesh by Bangladesh Airlines’.
Shefali could manage a chance to a new life with the help of ASK and Tanaganita, the organizations which are devoted uphold the human rights. But, there are many more such cases that remain unaddressed in lack of proper information. Appropriate state initiative is a must to bring an end to deadly experiences of girls like Shefali in search of a better life.
1st International Cyber Security Conference Bangladesh, 2017 has been successfully completed
The CIRT team of Bangladesh Computer Council is increasingly creating awareness of the need to seriously address the daunting challenges of protecting their information networks, especially those related to national security and critical infrastructures, from any attacker. Recent developments have shown that there is more to this endeavor than answering technical questions, particularly since many technical problems do not necessarily seem to have solutions. The cyber-security question needs to be placed within a larger framework of international cooperation, norms, and rules for appropriate and responsible state behavior that will ensure the peaceful use of cyberspace.
On this regard, the government in collaboration with cyber security and tech giants has successfully organized an international cyber security conference in the capital on 9 March 2017 aims at taking a coordinated initiative to prevent and check the alarming rise of cyber-attacks. This event was on the occasion of first anniversary of BGD e-GOV CIRT.
Leveraging ICT for Growth, Employment and Governance (LICT) of ICT Division, US based Fire Eye, CISCO, CA Technologies, Microsoft, One World InfoTech, Europe based NRD AS and Bangladesh Based companies NRD Bangladesh Ltd. & REVE Systems has jointly organized the conference at auditorium of Bangladesh Computer Council (BCC).
Mr. Zunaed Ahmed Palak, MP, Honorable Minister of ICT welcomed the participants and thanked them for their attendance. The conference opened with speeches by the honorable minister, who outlined Bangladesh’s views on cyber matters. Keynote Talks then highlighted various national perspectives on cybersecurity before the participants attended their chosen sessions.
In the first Opening Speech, Mr. Zunaed Ahmed Palak, MP stressed the importance of securing the availability, openness, and integrity of the internet through international cooperation at the level of the state, the private sector, and civil society. The Minister noted that the internet and IT infrastructures have brought a wealth of opportunities to the global community by facilitating trade and communication. He emphasized that, from the start, cyberspace has been a global, open network that has reinforced education, technological innovation, and the exchange of knowledge and ideas. Moreover, he argued that this space of freedom, personal development, and economic progress warrants protection. According to Mr. Palak, security and freedom are complementary – without freedom, security could become repressive, and without security, freedom would cease to thrive. Cooperation between international stakeholders is required to manage and preserve a secure and free cyberspace. Consequently, “cyber-diplomacy” discussing and negotiating internationally accepted rules of behavior – is taking place in various international forums and regional organizations which accords with the complexity of the subject.
Honorable secretary of ICT Ministry stated that Cyber security is of paramount importance. Recent cyber attacks in Bangladesh and in the neighboring countries have proven the importance of cyber security. Computer incidence response team was set up last year and he expects that CIRT will continue its good work in handling and security. He hopes the team will keep its focus on its security. Lastly, he thanked the organizers of the conference and wished its success.
Mr Rimanta Žylius, previous Minster of Economy, Lithuania was the first key note speaker. He was responsible for setting up the NRD in Lithuania. He mentioned that the ICT minister is not responsible for security of all institutions. All institutions must protect themselves. He stated that we need to understand where we are going. We need to understand whether our organization’s management is operating it in a secured manner. He asked an important question of “What happens if some rooms go down, it our organization still usable? Have we tested it?” Another important question he asked was that “Does employees who left organization still has access control?” Mr. Zylus also stated the fact that technology alone will never succeed, it needs efforts from the management. Clear mandate and transparent reporting will be essential for its success.
Next, Certificates of Ethical hacking was handed over by Hon. Minister, to the certified ethical hackers of the country. The certified hackers came up to the stage and received their certificates. Afterwards, CID personnel who participated in Oxygen Forensic were handed over the valuable certificates.
BGD e-GOV CIRT team member Mr. Debashis Pal & Mr. Mohammad Ariful Islam presented the second key note speech on Cyber Security trends within the Government of Bangladesh: Case study from BGD e-GOV CIRT. Beginning of the presentation, they had shown BGD e-GOV CIRT activity, registered incident amount & sample case studies from their experience. Two real life cyber-attack demonstration was shown by them. During their presentation, they informed audience if the top management follows international process standards (e.g. ISO 27001, ISO 17799 standards), then if the System architect/system manager follows Critical Security Controls (CSC), if the web application developer follows Open Web Application Security Project (OWASP) developer guide & execution engineer to follow Center for Information Security (CIS) benchmarks, then a good cyber defense strategy will be developed.
One World USA then gave presentation on Cyber Security Imperative.The motto of this keynote speech was “Sooner the threat to the critical infrastructure is detected the sooner we need to take some precautions.” Some of the focus areas of this presentation were Effective vulnerability management, Penetration testing, Privileged account safety and Detection and Rapid response of cyber incidents.
Moritz Raabe, analyst of malicious software and programs of FireEYE presented the malwares in Point of Sales (PoS) machines. He showed how to dissect malicious software by taking malware traffic and analyze to identify set of commands executed by the attacker. He mentioned that malware analytic is different from forensic investigation. Through basic analysis and advanced techniques they have developed the IDA Pro tool for malware detection via signatures.
Cisco made presentation on Security Challenges and Minimizing risks: Best practices highlighting the fact that PoS machines and ATM machines are running in Windows XP which has a lot of vulnerabilities. They also suggested to look into Cisco’s annual security report. The experts highlighted that Cloud will bring forward a lot of challenges. Both from public sector and private sector perspective. Lot of SaaS based services. He stated that Adware was initially designed to earn money. According to Cisco, Budget, compatibility issue, lack of professionals, lack of certification requirements are the main barriers to security.
Reve Systems presented their Alapon software for communication between government officials and sharing of important government files and information. They informed that Alapon’s storage is at BCC data center and it is LI compliant. Directory service for finding government workers is also provided in Alapon. The features of Alapon include Audio and Video Calling, sharing of files, location tracking facility (controlled by the user, optional). The system is secured with RSA, 128-bit key. In the future, 2FA SSH and Black Box for the server will be introduced.
Declaration 2017 on Strengthening Cyber Security
Mr. Tarek Mosaddek Barkatullah, director of Bangladesh Data Center, presented the declaration. Declaration was read and agreed by the participants of the conference. Afterwards incorporating their comments on it and also suggestion, Minister signed the declaration. The signed copy of the cyber security declaration adopted by Bangladesh government can be found here.
Mr. Tarek Mosaddek Barkatullah, director of Bangladesh Data Center then delivered gift to the Honorable Minister of Economy, Lithuania for his contribution to CIRT in Bangladesh. Goal is to develop more secure Digital Bangladesh.
Conference outcome: Food for Thought
From the point of view of the CIRT and BCC, which organized the conference, intense presentations, discussions, and Closing Panels led to the following observations, which should guide the development of further research questions and policy responses:
- The cyberspace is part of the daily life of many citizens, companies, and governments. Cyberspace entails not only ground-based assets and critical infrastructures, but also wireless communication and space-based platforms. Cyberspace is fast-growing and its technological, legal, industrial, political, and military implications have not been fully explored.
- A larger framework, including international cooperation, is needed for the establishment of norms and rules for adequate, responsible state behavior to ensure and guarantee the peaceful use of the cybersphere.
- Passwords should not be simple and needs to be as complicated as possible to make it difficult for the malicious activists to break them.
- There is a wide range of possible measures to prevent the large-scale build-up of offensive cyber attack capabilities and their use, starting with confidence and security building measures in cyberspace and the development of a national code of conduct. However, definitions will need to be agreed in advance. One option for kick-starting this process would be for the country to make unilateral declarations aimed at preventing large-scale harm to the 22 critical infrastructures.
- The attribution of large-scale cyber attacks is not easy, but may be possible under some circumstances. Threat detection and diagnostic forensics therefore can and must be improved. Also there is an increasing need for training on cyber security.
- More and more countries are establishing national security cyber commands. These states should make their cyber doctrines public – explaining their offensive and defensive motives, measures, and resources. Organizations such as the CIRT should continue to organize annual seminars to discuss capabilities and perceptions of national cyber strategies as a further trust-building exercise.
- Individual government organizations should be responsible for protecting cyberspace assets located on their territory. This requires them to cooperate to exchange technical and procedural information about the protection of ICT vulnerabilities, especially in times of crisis. Early warning, quick responses, and adequate stabilization measures are vital; less-developed countries should receive support from technologically advanced nations.
- Despite political and ideological differences, more multi-stakeholder conferences (such as the follow-up events to the Cyber Security Conference 2017) complemented by bilateral and multilateral consultations between governments and, most importantly, regional and international organizations are necessary in the years to come.