Sunday 29 January 2012

A self driving car

Just imagine what technology can do for you. A self driving car.

Hence, in the future, we won’t need a driving license coz the car will take you to your destination by just programming it.

Most probably, by key in your destination…say…KLCC GPS coordinate.

So, KLCC will need to advertise their coordinate so that all their patrons would be able to enter it in their car system.

Want to buy this car? Mmmmm…a BMW...I can't afford it coz it is very expensive in Malaysia :(

Saturday 28 January 2012

CyberSecurity Malaysia warns against phishers on Twitter


Please take note of this important notification by CyberSecurity Malaysia.

Whenever you receive any message or email, please double check for its authenticity.

Fake websites look so REAL! Please be suspicious and cautious!
_________________________________________________________________________________________

CyberSecurity Malaysia warns against phishers on Twitter

http://thestar.com.my/news/story.asp?file=/2012/1/28/nation/10557828&sec=nation
(TheStar Online 28 January 2012).

PETALING JAYA: If you receive a tweet from someone you know, saying that some people are talking bad about you on a particular website, watch out. It's likely to be an attempt to glean your Twitter account login, password and personal details.

Whatever you do, do not go to the site that's listed in the tweet.

CyberSecurity Malaysia has confirmed that this is a phishing attack.
Phishers are unscrupulous people, who try to trick Internet users into revealing the details of their online accounts.

In this case, clicking on the link in the tweet will take you to what looks like a Twitter log-in screen.

A message will then pop up telling you that your Twitter session has timed out, asking you to log-in again.

“The phishers are mimicking Twitter's URL with the address http://itvviter.com and we found that the site is being hosted in China,” CyberSecurity Malaysia said.

The phishing site will also redirect users to Twitter's actual app authentication site at https://twitter.com/oauth/authenticate to dupe users into thinking that the earlier site is legitimate.

If the phisher gets your log-in and password, he can hijack your Twitter account and personal information.

He will also have access to the people you follow or who follow you.

Friday 27 January 2012

One of the world's best computer virus hunter! Mikko Hypponen.

Let's listen to his talk...informative, interesting, scaring and most importantly...it creates the awareness.
Coz most of us unaware of this vulnerability and threat!

Virus, trojan, worm, rootkit...malwares...

Thanks Mikko.

Wednesday 25 January 2012

iPhones Sales - The late Steve Jobs must be very happy!

If Steve is still around, he must be a very happy man. Why?

More than 37 million iPhones were sold! This is really amazing.
128% increase over the first fiscal quarter of 2011.

Not only iPhone but iPad and Mac sales are doing fine as well.

This performance is due to the product itself. A good product that touches everyone heart. It is worth more than a phone…with state of the art applications…and sometimes it can also be a trend, prestige and list may go on and on…

But let’s us see what’s coming after this…coz I guess the performance of Apple to date is due to Steve’s legacy.

Of course, it is not a one man job but I still believe in any success we need an extra ordinary leader that could guide extremely talented followers.

For more info on Apple’s business performance, please refer to this url http://www.zdnet.com/blog/btl/apple-3704-million-iphones-sold-in-q1/67867?tag=mantle_skin;content.

Sunday 22 January 2012

Pwned iPhones and iPads

Whether you want to jailbreak your devices is entirely up to your discretion. Most probably you will ruin its warranty. So, you must know what you are doing…and what the jailbreak software does…

Whatever it is…I’ve great respect for the software developer in creating the jailbreak software. It could manipulate iPhones and iPads internals security. This is not easy because you need good knowledge on the device internals, hardware and software capabilities.

And, those in Apple might not like it.


But to the naïve users are you sure you wanna do it? Are you aware on what is being manipulated?

My advice is…follow your conscience.

Friday 20 January 2012

Are we addicted to Facebook? Most probably!

Quite interesting topic isn’t it? Suddenly on the eve of Chinese New Year The StarOnline (20 January 2012) wrote about Facebook.
1) Disconnected from real life 
http://thestar.com.my/news/story.asp?file=/2012/1/20/nation/10300867&sec=nation
2) Hooked on Facebook
http://thestar.com.my/news/story.asp?file=/2012/1/20/nation/10300481&sec=nation
3) Bosses face problem with workers wasting time on FB
http://thestar.com.my/news/story.asp?file=/2012/1/20/nation/10300866&sec=nation

I’m sure some may agree and other quarters would disagree. Well, human being thinking is complicated and as a matured person (educated and etc) you have the liberty to make your own decision on what to say and what not to say on Facebook…and how much time you spend commenting or writing on your “wall”

I seem to agree on the above findings and have some empirical facts on it. Also, posted write-ups on Facebook.

http://aswamiariffin-cybercsimalaysia.blogspot.com/2011/10/facebook-cases-in-malaysia.html
http://aswamiariffin-cybercsimalaysia.blogspot.com/2012/01/it-is-sad-day-for-google-facebook-and.html

Think deeply about this issue and I’m sure your subconscious mind will tell you the answer.

Whatever it is...Facebook is awesome and you must use it wisely! 

Wednesday 18 January 2012

How to Coach CyberCSI

It is without doubt the existence of cyber space is very important to human kind progression. One of the examples is the broadband penetration. Empirical study has shown that it contributes to the economic growth.

But, at the same time, we heard a lot about cyber incidents. This unpleasant experience can be categorized into scam, harassment, hacking, spam, phishing and the list goes on. Some are aware on the potential threats in the cyber world but the vast majority (naïve netizens) is not.

So, is the cyber sphere safe? It is for certain not. Nothing is secured in this world. This is a reality.

Thus, we have good and bad sides of the cyber revolution. It is just like a cat and mouse game. There is no end and final solution.

The netizens must be educated to safely maneuver in the cyber space and the perpetrators must be brought to justice. However, it is a daunting task for the public prosecutor to spearhead a cyber crime case. The honorable judge is not spared in this electronically complicated circumstance.

Therefore, we need skillful digital forensics analysts so that they can to be consulted by the public prosecutor. Furthermore, the judge can listen to a well articulated analysis outcome. Technical complexity can be exquisitely translated into plain language without those confusing jargons. If not, it is difficult to win a case with digital evidence.

Nonetheless, it is not easy to train a digital forensics analyst. A study done by Malinowski [1] is quite interesting whereby the author looks into the training possibilities. Some of the areas covered are as follows:

• Roles – Technician, Policy Maker (Manager), Professional and Researcher
• Selection of Personnel
• Trainings
• Supplements
• Certifications

Also included is a Computer/Network Forensics (CNF) matrix that differentiates the role with education and training achievements. Among others, it provides the difference between a professional/specialist and researcher. According to the matrix, a researcher is a person possessing the skills and knowledge of the professional having additional capability of extending the body of knowledge in the field.

There are many considerations to coach a full fledge digital forensics analyst (please refer to my posting on A Full Fledge Digital Forensics Analyst http://aswamiariffin-cybercsimalaysia.blogspot.com/2012/01/full-fledge-digital-forensics-analyst.html). Development plan must be devised and budget set aside in order to achieve the objective.

[1] C.Malinowski. “Training the Cyber Investigator,” in Digital Crime And Forensics Science In Cyberspace, P.Kanellis, E.Kiountouzis, N.Kolokotronis and D.Martakos, 2006, pp. 311-333.

Saturday 14 January 2012

It is a sad day for Google, Facebook and Twitter!

Do you know that netizens shared too much information over the social networking? What is the reason behind it? Have you got an answer?

According to TheStar Online on 14 January 2012, 75% respondents agreed on the above phenomena. This study was done by McCann Truth Central, the global thought leadership unit of McCann.(http://thestar.com.my/news/story.asp?file=/2012/1/14/nation/10263122&sec=nation)

Why is this happening? Their personal information is all over the “wall”. Are the netizens lonely? Isn’t there something else better to do?

Well, this behavioral may be good or bad depending on one’s perspective. There is no right or wrong. But things will get soured if they are involved in a “tragedy”.

Tragedy means monetary lost due to internet lover, scams and etc. Some have committed suicide because they are ashamed of those words being posted in the cyber world. To make things worst, let me ask you one simple question, can you delete it?

So, who should be responsible here? Google, Facebook or Twitter?

However, in separate news, India government agrees to prosecute Facebook and Google. (http://www.google.com/hostednews/afp/article/ALeqM5jwPEhfWgknwwJzIIOltn5C8uoohA?docId=CNG.15df2dc3685d51e65aadd309680eff3c.751)

Oh my god…what happened (and I don’t want to comment here, lack of details)?

According to the sources, a case over obscene content posted online. The charges are fomenting religious hatred and spreading social discord.

But, in the US, Michelle Obama joins Twitter revolution for her husband‘s reelection campaign. She has quickly snapped up tens of thousands of Twitter followers. 80,000 followers in a few hours! (President Obama followers are close to 12 million). Isn’t this amazing?
(http://www.google.com/hostednews/afp/article/ALeqM5jgslDQUyk9HXs_W3zuXmzvRrPpIg?docId=CNG.c9687deb6fb8a59038ba423f8c404610.131)

From the above, we can see two sides of the coin. What is the conclusion? Are we civilized netizens? Is Google, Facebook and Twitter bad? I think you have the answer …

Wednesday 11 January 2012

Nigerian Scams is one of Malaysia top 10 commercial crimes

For more info, please refer to this site (English reader must google translate it but may not be accurate).

http://www.hmetro.com.my/articles/Bomohkelentong/Article/

And, watch the video below for further understanding on their modus operandi.


Tuesday 10 January 2012

Datuk Seri Anwar Acquitted: The Importance of Evidence Integrity and Expert Witness

When I read the StarOnline on 10 January 2012 regarding Datuk Seri Anwar’s case, I’m appalled on the court’s verdict. Well, don’t misunderstand me here. I’m not going to comment at all on the verdict (especially on political sentiment) but merely to share on my knowledge and experience in processing and analyzing evidence (digital) to be adduced in the court of law. This posting is considered for academic purpose and a lesson learned!

Now, let us recap the verdict given by the honorable judge.

According to the StarOnline report, Justice Datuk Mohamad Zabidin Mohd Diah said the court could not be 100% certain after going through the evidence that the integrity of the DNA samples had not been compromised.
(Case background info: http://thestar.com.my/news/story.asp?file=/2012/1/10/nation/10233746&sec=nation)

The above finding is quite interesting, isn’t it? Nevertheless, this posting has nothing to do with any of the on going cases but only to share with the readers on the situation and challenges faced by a digital forensics analyst who analyzes the so called “digital evidence”.

In my years of experience as the Head of Digital Forensics Department/Senior Specialist at CyberSecurity Malaysia (until 2010, and I’m on PhD study leave now), we are very particular on the cases that we handled. In fact, when we started providing digital forensics service (the pioneer in Malaysia); apart from the tools, facilities and trainings, first we devised our own Standard Operating Procedure (SOP) on how to process and analyze an exhibit. The chain of custody, analysis preparation, method, tools, legal requirements and whatnot are all being addressed in the SOP. This is to ensure the process integrity which is very important (Digital Forensics Department of CyberSecurity is now ASCLD/LAB accredited, www.ascld-lab.org/cert/ALI-195-T.pdf).

With the SOP, the integrity of the evidence itself is at the same time being protected. E.g. when the evidence is being sent to us, the item is physically assessed on its condition and all the details must be clarified with the investigating officer. It can be seen through this process, the chain of custody is being established which is mandatory if not can be easily questioned during the trial.

No matter on which side a digital forensics analyst is on, both, the prosecution and defense will have their own strategies and plans. But you, as the analyst, must adhere to the SOP and legal requirements in order to protect yourself from being “attacked” or in the legal realm jargon is to "discredit" your work. Thus, the work must not be sloppy and every detail in the SOP must be followed through or you suffer bad reputation as an expert witness.

Whether the evidence is with quality or not is immaterial to you (unless you are assisting at the crime scene to collect relevant evidence, normally the investigation officer is responsible for the evidence collection). I must stress that the quality of analysis is the utmost value to the person who conducted the analysis. Of course, at the end of the day the analyst would want some tangible results from quality evidence.

I must say it is a daunting responsibility and constantly under pressure. It is not an easy job for a digital forensics analyst but challenging and interesting. There are so many technicalities to be considered during the evidence analysis.

Eventually, the digital forensics analyst will be called as expert witness after the submission of report. The difference between expert and lay witness is the former gives opinion evidence and the latter gives factual evidence. Opinion of an expert is based on the facts in a case and must be proved by admissible evidence. This scenario may be related to the issue of admissibility of expert evidence under the Evidence Act. This is on the ground that the courts need a computer expert to testify on the digital forensics evidence tendered in a criminal proceeding.

In Malaysia, acceptance of expert opinion is regulated by Section 45 of the Evidence Act 1950 which provides:
45. Opinions of experts
(1) When the court has to form an opinion upon a point of foreign law or of science or art, or as to identity or genuineness of handwriting or finger impressions, the opinions upon that point of persons specially skilled in that foreign law, science or art, or in questions as to identity or genuineness of handwriting or finger impressions, are relevant facts.
(2) Such persons are called experts.

Some of the preparations in giving expert witness testimony are as follows.
• Understanding of the available acts
• Review and validation of all findings
• Statement taking and your legal standing
• Prosecution approach in the case
• Presentation style in the court
• Court testimonial and cross examination
• Post-mortem analysis

From my readings [1] and meetings, an expert witness in Malaysia is not entirely different from other countries. However, it is difficult to discuss and put everything in this writing. A talk on Digital Evidence Integrity and Expert Witness may possibly at least take a day.

[1] S.C.Schroeder. “How to be a Digital Forensic Expert Witness” in Proceedings of the First International Workshop on Systematic Approaches to Digital Forensic Engineering (SADFE’05), 2005.

Sunday 8 January 2012

A Full Fledge Digital Forensics Analyst

I think analyzing volatile data is very interesting. There is a lot of stuff you can discover during the analysis. The best part is password recovery. And, you can do it on both systems – Windows and Linux. The basic principle is about the same.

Some of the things that you can analyze are as follows:
1) Memory dump
2) Running processes
3) Timestamps
4) Network connections
5) Users and many more…to detect anomaly…e.g. rootkit and virus

Apart from the above, you can carry the normal forensics works such as disk and network analysis. Then you can continue with file analysis or famously known as malware forensics. With all these technical capabilities, you can upgrade your skills to conduct analysis on mobile devices, applications and some other electronics devices.

I’ve stress on the importance to grasp the knowledge on operating systems and hardware design. These are the trades you need to become a full-fledged and gud Digital Forensics Analyst. Of course programming skill would be an added advantage.

Thursday 5 January 2012

Intricacies and challenges of the prospective data recovery market

According to Sobey et al. [1] the worldwide data recovery market in 2005 is about US$100 million. Most probably, in 2011, the market has doubled or tripled to about US$300million.

The figure could be higher due to the ever increasing amount of digital data from year to year. Netizens are relying on digital media for saving their important data.

To the business minded people, this could be translated into monetary or more appropriately termed as “profitable venture”. Presumably, the production and usage of hard disk have increased every each year. Therefore, the business opportunity to recover failed or damaged hard disk is inevitable.

On average the cost for a data recovery is US$500. The fees can go higher depending on the file systems (raid, server and etc) or other symptoms such as mechanical rattling noise.

This is reasonable because data recovery is difficult before, now and in the future. The dependency on hard disk for storing vast amount of digital data has made its technology to be complicated. Worse still, the technical specification is unavailable.

One of the complexities is the hyper-tuned hard disk to increase its density. The said technology has made a data recovery specialist life misery albeit its business and research prospects. At the same time, digital forensics also suffers the same fate. Sometimes, the case digital evidence is irrecoverable.

Research literature on data recovery is scarce and this further aggravates the situation. Data recovery expertise is always considered a trade secret. This predicament can only be improved through research effort and the cost can be quite high.

In 2008, CyberSecurity Malaysia has established a data recovery facility to expedite the digital forensics case analysis. It is proven with data recovery facility and expertise both logical and physical error can be corrected.

But, this achievement must be managed properly. As indicated above, the hard disk technology is getting intricate and this will pose new challenge. The logical recovery of complicated file system such as NTFS, EXT2/3 or proprietary is only the second hurdle.

First, a data recovery analyst must be successful in performing physical recovery which consists of electrical and mechanical parts. The handling must be steady when doing component transplant e.g. head stack in a clean environment.

Firmware and system area corruptions are other obstacles to overcome. Now, the conventional way of getting a donor from a duplicate drive is no longer workable. The servo, preamp and read channel parameters of hyper tuned hard disks for optimization are indeed complicated and different.

This is the reason Sobey is proposing drive independent data recovery. It covers the system area algorithm development and drive electronics replacement. With this, only the media of the original hard disk is required without relying on other components. The signal processing and analysis are indeed very technical but practical.

To date, this is the only good reference that I could find on data recovery and it is encouraged more research to be pursued in this area.

[1] C.H.Sobey, L.Orto and G.Sakaguchi. “Drive-Independent Data Recovery: The Current State-of-the-Art.” The IEEE Transactions on Magnetics, 2007.

Tuesday 3 January 2012

Malware forensics - Are we safe in the cyber realm? Are you infected? Any solution?

I don’t know how to start when I want to write this posting. There are so many things to cover and it is as broad as the ICT itself. However, it is very important and needs to be explained.

All of us know that ICT has been a revolution but most probably unaware of its inherent weaknesses/vulnerabilities/etc. Well, nothing is perfect, isn’t? And, those naïve netizens are the usual cyber victims due to technology imperfection/flaw.

As a result, the bad guys aka cyber predators are always on the hunt and always one step ahead. Some cyber incidences are quite straightforward (social engineering e.g. through facebook) and some aren’t (developing malicious software for attack).

Please read this link to get some info on malware infections. http://www.securelist.com/en/blog/457/Monthly_Malware_Statistics_April_2011

How to know if you are infected - take note of the computer virus symptoms:
- Bad sectors
- Unusable files
- Disk volume changes
- File size changes
- New files created
- Some system applications are unavailable
- Antivirus is not working
- Computer is behaving weirdly or rebooting/crash
- And above all, it becomes very3 slow…

So, how do the netizens defend themselves? The least that they can do is by installing antivirus software and update it regularly.

On the contrary, the general netizens don’t even know what an antivirus really does let alone what is a virus. What is malware…trojan, worm, malicious code and rootkit? This is so technical and we don’t have any other choice accept to install the antivirus (host ids can be another option).

Some may be curious and they will passionately do an analysis/experiment on the malware. It is not expensive though to conduct this static/dynamic analysis because some of the tools are freely available (http://technet.microsoft.com/en-us/sysinternals/default). Maybe you need to invest buying some desktop pc and switch.

The issue is without any doubt complicated. Who is to be blamed, the ICT developers or the netizens?

Are you scared? We should be!