To become cyber defender in cybersecurity by Megat Muazzam Abdul

Mutalib

The second session of the program is about security. The invited speaker is Mr. Megat Muazzam
bin Abdul Mutalib from CyberSecurity Malaysia. CyberSecurity Malaysia provide specialized
cyber security services and continuously identifies possible areas that may be detrimental to
national security and public safety. They also required to support as well as provide technical
assistance and training service for national crisis management. There are many functions of
CyberSecurity Malaysia which are:

1) National cyber security policy implementation

2) National technical coordinate centre
3) Cyber threat research and risk assessment
4) Security quality management service
5) Information security professional development
6) Cyber emergency service
7) Malaysia’s computer emergency response team (MyCert)

Today the world is witnessing widespread adoption of digital technologies and constant
evolving of cyber threats. To stay ahead, we need sufficient and competent cyber security people.
Malaysia continue to adopt evolutionary and innovative approach in capacity building programs.
As part of regional community, Malaysia’s efforts in capacity building are also to strengthen
regional cyber security. Regional community to collaborate and combine ideas to stay ahead of
rapidly changing cyber threats. Industry professionals are required to constantly train and re-train
to upgrade their skills and knowledge while keeping abreast with the latest changes in the global
information vectors. Hence requiring multi-stakeholders partnership.

Cyber security is a cyber defender of the criminal case or culprit of the internet abuse or
else. The core function of cybersecurity Malaysia are as a National cyber security policy
implementation. Cyber security also functions as national technical coordination center. Other than
that, the function of cyber security. There are four division of core services. First is cyber security
emergency service. Second, security quality management service. Next, info security professional
development and outreach and lastly, strategy engagement and research. There are a few examples
of incident that usually happened in real life which are incident handling, cyber early warning,
technical coordination Centre and malware research center. The hotline to be called for help is
Cyber999@cybersecurity.my. There are cyber threats also evolving for examples spreading virus
with large scale to the specific target attack or else.

CyberSecurity Malaysia generates some ideas such as they create CyberSafe program for
everyone. This is initiative to educate and also to enhance awareness of the general public on the
technological and social issues facing internet users, particularly on the dangers of getting online.
The objectives of CyberSafe program are:

1) Internet safety is everyone’s responsibility.

2) Enhance internet safety awarenss.
3) Practice safe online habits.
4) CyberSafe as reference and Cyber999 as help centre.

Cyber threats evolves with technology. For example, large scale, wide spreading incident
such virus, outbreak transform to specific targeted attack, or powerful tool such as Botnet and
Stuxnet. Next, script kiddies or crackers now become professionals and criminals in cyber threats.
For the motivation that for fun, peer recognition, it is now for economic gain, industrial espionage,
and cyber terrorism.

The trend nowadays, the cyber threats is involving of women and children. For example,
the cyber threats that involving women are cyber blackmail, webcam, fraud, cyberviolence,
internet mule and prostitution. Example of internet mule is a victim who receives stolen funds
using his or her bank account and then transfer those funds to criminal overseas. The cyber threats
that involving children such as cyber harassment, cyber bullying, cyber stalking, pornography,
cyber sexual grooming and kidnapping. There are a few types of cyber attack which are web
defacement, confident info leak and distributed denial of service (DDOS) attacked. There are many
incident of cyber security that related to threats such as intrusion, spam, cyber harassment, fraud
and malicious code. For intrusion, it is actually hacking in other words. Spam is actually unwanted
advertisement on the internet which it sent to the internet user randomly. For fraud, it is actually
the thief uses internet to scam or trick someone to gain money or something using social media
such as chatroom in Facebook, Whatsapp and Instagram. They also can trick by send email to
someone. Cyber content related threats such as threats to national security, seditious, child porn
and defamation also always occurs nowadays. Defamation occurs when defamation takes place
with the assistance of PCs and/or the Internet. E.g. somebody distributes defamatory issue about
somebody on a site or sends messages containing defamatory data. Digital stalking implies
following the moves of a person's action over web. It tends to be finished with the assistance of
numerous conventions accessible such as email, talk rooms, client net gatherings.

Classification of Cyber Crimes

Cybercrimes can be classified in to 4 major categories which are:

I. Cybercrime against Individual

II. Cybercrime Against Property
III. Cybercrime Against Organization
IV. Cybercrime Against Society

There are four types of cybercrimes against individual which includes email spoofing,
spamming, cyber defamation and harassment & cyber stalking. A spoofed email is one in which
e-mail header is forged so that mail appears to originate from one source but actually has been sent
from another source. Spamming means sending multiple copies of unsolicited mails or mass e-
mails such as chain letters. Cyber defamation occurs when defamation takes place with the help of
computers and / or the Internet. E.g. someone publishes defamatory matter about someone on a
website or sends e-mails containing defamatory information. Cyber stalking means following the
moves of an individual's activity over internet. It can be done with the help of many protocols
available such at e- mail, chat rooms, user net groups.

Cyber crimes against property are credit card fraud, intellectual property crimes and
Internet time theft. Online fraud and cheating is one of the most lucrative businesses that are
growing today in the cyber space. Credit card fraud is a wide-ranging term for theft and fraud
committed using a credit card or any similar payment mechanism as a fraudulent source of funds
in a transaction. The purpose may be to obtain goods without paying, or to obtain unauthorized
funds from an account. Credit card fraud is also an adjunct to identity theft.
 Intellectual property is any innovation, commercial or artistic, or any unique name, symbol,
logo or design used commercially. Intellectual property is protected by patents on inventions,
trademarks on branding devices, copyrights on music, videos, patterns and other forms of
expression and trade secrets for methods or formulas having economic value and used
commercially. Intellectual property (IP) crime is a generic term used to describe a wide range of
counterfeiting and piracy offences. Trademark (counterfeiting) and copyright (piracy)
infringements are serious IP crimes that defraud consumers, threaten the health of patients, cost
society billions of dollars in lost government revenues, foreign investments or business profits and
violate the rights of trademark, patent, and copyright owners. These include software piracy: illegal
copying of programs and distribution of copies of software, copyright infringement, trademarks
violations and theft of computer source code. Internet time theft comes under hacking. It is the use
by an unauthorised person, of the Internet hours paid for by another person. The person who gets
access to someone else’s ISP user ID and password, either by hacking or by gaining access to it
by illegal means, uses it to access the Internet without the other person’s knowledge.

Cyber crimes against organization include unauthorized accessing of computer, denial of

service, virus attack, email bombing, salami attack, logic bomb, Trojan Horse and data diddling.
Unauthorized accessing of computer is accessing the computer/network without permission from
the owner. It can be of 2 forms: Changing/deleting data: Unauthorized changing of data and
Computer voyeur: The criminal reads or copies confidential or proprietary information, but the
data is neither deleted nor changed. Denial of service is when Internet server is flooded with
continuous bogus requests so as to denying legitimate users to use the server or to crash the server.
Virus attack is a computer program that can infect other computer programs by modifying them in
such a way as to include a (possibly evolved) copy of it. Viruses can be file infecting or affecting
boot sector of the computer. Worms, unlike viruses do not need the host to attach themselves to.
Email bombing means sending large numbers of mails to the individual or company or mail servers
thereby ultimately resulting into crashing. Salami attack happens when negligible amounts are
removed and accumulated in to something larger. These attacks are used for the commission of
financial crimes. Logic bomb is an event dependent programme, as soon as the designated event
occurs, it crashes the computer, release a virus or any other harmful possibilities. Trojan Horse is
an unauthorized program which functions from inside what seems to be an authorized program,
thereby concealing what it is actually doing. Data diddling involves altering raw data just before
it is processed by a computer and then changing it back after the processing is completed.

A few technical skills that required us to learn which are learn the operating system, learn
the coding language, learn the assembler and shell coding and learn how to write exploit for
Metasploit. We need to spend few years mastering fundamentals which get involved as many
systems, applications, platforms, programming language and many mores. Internet safety is
everyone responsibility. We must practice save online habit and enhance internet safety awareness
before being a part of cyberbully. There is some technical skill that we must such as learn the
operating system, learn the coding language and learn some shell coding. Some example of online
fraud is online shopping scam, auction fraud, lottery and parcel scam. There are a few tips to avoid
online shopping scam, for example avoid making purchase using social media. Then, check the
company whether it is registries or not.

The demand for the cybersecurity workforces is expected to rise to 6million by 2019, with
a projected shortfall of 1.5million. There are so many incidents occur involve cybersecurity
between 1997-2016 such as intrusion, spam, cyber harassment, fraud and malicious code. Risk of
cyber threats to digital citizen comes in various forms which is technology related threats and cyber
content related threats. Example of technology related threat are hack threat, intrusion, malicious
code and spam. Example of cyber content related threats are threats to national security, seditious
speech, child porn and fake news.