E Security Vol 36 1 2014

ii
e-Security | Vol: 36-(1/2014)

© CyberSecurity Malaysia 2014 - All Rights Reserved
A MESSAGE FROM THE CEO OF CYBERSECURITY MALAYSIA
Greetings and thank you for reading the 36th Edition of the e-Security Bulletin. This July issue is the first
of two editions for 2014, with the other one to be published in December.
The e-Security is a platform for internal staff to contribute to the cyber security community by sharing their
knowledge in the form of literature. The articles contained in this bulletin cover a variety of topics about
cyber security matters, whether technical or generic in nature. Hence, the bulletin is hoped to appeal to all
members of cyber community, not only to those highly involved in the technical aspects of cyber security.
Furthermore, the e-Security bulletin is a bilingual publication. Several articles are in English while a few
more are presented in the local language, Bahasa Malaysia.
I would like to thank and commend all contributors for their nobility of sharing invaluable knowledge with
others and also for their continuous support. Keep writing and keep sharing!
We’re proud of our contributors and their selfless act in sharing knowledge and information. This is because we believe in leading by example. It’s
hard to think of a better example we could set than that of a responsible global citizen.
We look forward to continuing to bring you latest opinions and articles on various issues as well as keeping you updated on industry news.
Thank you and warmest regards,
DR. AMIRUDIN ABDUL WAHAB

Chief Executive Officer, CyberSecurity Malaysia
Greetings,
Hello and welcome to the eSecurity Bulletin 1/2014!
With great pleasure, the editorial team has gathered an interesting variety of articles for ‘santapan minda’, a
Malay saying which means “food for thought”.
This time around, we grouped the articles into four categories: General interests, Current trends, Special, and Experiential.
General interests (Informative), such as “Mengenali Apakah Itu APT” (What is Advanced Persistent Threats),
“Pengenalan kepada Phishing” (Introduction to Phishing).
Current trends consist of articles on social media, cloud security, mobile security, critical infrastructure
protection, web intrusion and defacement, as well as Job Scam Modus Operandi.
The Special section contains more technical articles, such as the forensic analysis on SMS Timestamp,
Steganography Substitution System Methods, and Measuring Security Awareness.
Experiential – which, for me personally is the most interesting category, comprises articles written by staffs who are hands-on and practicing cyber security
on a daily basis. They are not always from a technical background; hence, the articles would attract a large reader’s base. For instance, we have the “The
Personal Data Protection Act 2010: Challenges to Comply”, which brings you behind the scenes of the challenges in implementing PDPA in CyberSecurity
Malaysia within a tight deadline. The Human Resources Security is another experiential sharing article, which would be truly valuable not only to HR
personnel but also to any employer and bosses who wish to ensure that their employees or subordinates comply with their organisation’s security policy.
We had a great time putting all these articles together to feed your hungry minds, so to say.
Thank you for your continuous support to the eSecurity Bulletin. For further inquiries you can reach us via this email: info@cybersecurity.my
Last but not least, I would like to convey the editorial team’s utmost appreciation to all our contributors. Your articles are not only invaluable knowledge
sharing but the articles also imparts useful tips on how to stay safe online.
Safe surfing everyone……and happy reading!

Be Smart! Be Safe!
Best regards,
Lt Col Mustaffa Ahmad (Retired),
Editor
PUBLISHED AND DESIGNED BY

CyberSecurity Malaysia,
Level 5, Sapura@Mines,
No. 7 Jalan Tasik, The Mines Resort City,
43300 Seri Kembangan,
Selangor Darul Ehsan, Malaysia.
1. MyCERT 1st Quarter 2014 Summary Report 01
2. Job Scam Modus Operandi 04
3. Migrating to ISO/IEC 27001:2013 At Your Fingertips 08
4. A Review on Steganography Substitution System 12

Methods
5. Transition to ISO/IEC 27001:2013 18
6. Knowledge Hoarding versus Knowledge Sharing: 21

A Transformation
7. Securing Your Smartphone. Why It Is Important? 24
8. Geotagging/Location Sharing-Warrantless Surveillance 25
9. Illicit Activities Gaining Ground In Web 2.0 29
10. Information sharing through social networking sites: 32

Just how much is too much?
11. Human Resources Security 35
12. The Personal Data Protection Act 2010: 39

Challenges to Comply
13. Getting to know Honeypot 41
14. Social Networking: Security and Privacy 44
15. Developing the Nation's Competency Skill Sets for 49

Forensic Document Examiners
16. The Importance of Cloud Computing 51
17. Measuring Security Awareness 55
18. The Trend of Intrusion Defacement 59
19. Cloud Security Principles: What You Should Ask Your Cloud 64
Service Provider
20. A Forensic Analysis on SMS Timestamp 67
21. Cryptography 70
22. Hantu Internet 71
23. Mengenali Apakah Itu APT 75
24. Antivirus 79
25. Mengenal Apa Itu Emel Phishing 82
26. Pendayaan Sistem Nama (DNS) 87
READERS’ ENQUIRY
Outreach and Corporate Communications, Level 5, Sapura@Mines, No.7 Jalan Tasik, The Mines Resort City, 43300 Seri Kembangan
PUBLISHED AND DESIGNED BY
CyberSecurity Malaysia,
Level 5, Sapura@Mines,
No. 7 Jalan Tasik, The Mines Resort City,
43300 Seri Kembangan,
Selangor Darul Ehsan, Malaysia.
MyCERT 1st Quarter 2014 Summary Report
1
By | Sharifah Roziah Mohd Kassim
Introduction percent decrease of the total incidents

2,069 compared to quarter 4 (Q4) 2013.
The MyCERT Quarterly Summary Report The highest decrease in incidents is
provides an overview of activities carried fraud with 239 incidents lesser than the
out by the Malaysia Computer Emergency previous quarter.
Response Team (hereinafter referred
to as MyCERT), a department within Figure 1 illustrates the number of
CyberSecurity Malaysia. These activities incidents that are classified according to
are related to computer security incidents the Categories of Incidents for Q4 2013
and trends based on security incidents and Q1 2014.
handled by MyCERT. This summary
report highlights statistics of incidents Quarter
Incidents
handled by MyCERT in Quarter 1 (Q1) Categories of Incidents Q4 Q1 %
2014 according to categories, security 2013 2014
advisories and other activities carried Content Related 9 9 0.5

out by MyCERT personnel. The statistics Cyber Harassment 145 143 7.4
provided in this report reflect only
DoS 1 6 0.3
the total number of incidents handled
by MyCERT and not elements such as Fraud 1033 794 41.3
monetary value or repercussions of such Intrusion 333 401 20.9

incidents. Intrusion Attempt 37 38 2.0
Malicious Codes 348 430 22.4

Computer security incidents handled by
Spam 157 95 4.9
MyCERT are those that occur or originate
within the Malaysian constituency. Vulnerabilities Report 6 6 0.3
MyCERT works closely with other local Figure 1: : Comparison of Incidents between Q4 2013 and Q1 2014
and global entities to resolve computer
security incidents.
Figure 2 illustrates the number of incidents
according to the Breakdown of Incidents by
Incidents and Trends Q1 2014 Classification for Q1 2014.
Reported incidents to MyCERT are from

various parties within the constituency
as well as foreign ones. These parties
include home users, private sector
bodies, government sector agencies,
security teams from abroad, foreign
CERTs, Special Interest Groups (SIG)
including MyCERT’s proactive monitoring
on several cyber incidents.
From January to March 2014, MyCERT,

via its Cyber999 service, handled a total
Figure 2: Breakdown of Incidents by Classification in Q1 2014
of 1,922 incidents. This represents 7.1

Figure 3 illustrates the percentage of code incidents that infected Malaysia. Upon
incidents handled according to categories in receiving the feeds, MyCERT will respond by
2 Q1 2014. notifying the network and IP owner of the
infected IPs.
The third highest incident reported to

Cyber999 is intrusion with 401 incidents.
Compared to the previous quarter, intrusion
incidents increase by 68 or by 20.4 percent.
As was in the previous quarters, web
defacements or web vandalism that is part
of intrusion incidents was still a continuous
occurrence. Based on these findings, the
majority of web defacements were due to
vulnerable web applications or unpatched
Figure 3: Percentage of Incidents in Q12014 servers involving web servers running on IIS
and Apache. The majority of the defacement
In quarter 1 (Q1) 2014, the most number attacks were using SQL Injection and cross-
of incidents reported is fraud representing site scripting (XSS) methods.
a 41.3 percent of the total number of
incidents. Throughout the year 2013, fraud MyCERT observed for Q1 2014 a total of 175
has been the most reported incident. A total .MY domains being defaced, representing
of 794 fraud incidents were received in this a 60.1 percent of total defacement incident
quarter, from organisations and home users. of .MY domains in Q1 belonging to various
Most of the fraud incidents reported involved sectors such as private, educational and
phishing, job scams, fraud purchases and government. MyCERT responded to web
Nigerian scams. defacement incidents by notifying respective
Web Administrators to rectify the defaced
MyCERT predict that fraud will continue to websites by following our recommendations.
grow and always be among the most reported
incident. Because of that, MyCERT advised Figure 4 shows the breakdown of domains
Internet users to be precautious and always defaced in Q1 2014.
adhere to best practices when they purchase
goods online. Users must ensure that the
transaction is made with trusted parties
and never simply transfer money to a seller
without prior checking on the status of the
seller.
The second highest incident reported is

malicious code, which increased about
23.6 percent. The total malicious code
incident reported for Quarter 1 2014 is 430. biz - 1.0% my - 5.8%
com - 33.3% net - 2.4%
Throughout the year 2013 and including
com.my - 37.8% net.my - 0.3%
this quarter, malicious code is among the edu.m - 7.2% org - 3.1 %
top three incidents reported to Cyber999. gov.my - 7.2% org.my - 1.7%
This is because MyCERT received continuous y
feeds from external parties about malicious Figure 4: : Percentage of Web Defacement by Domain in Q1 2014

The situation related to MH370 had Other Activities
contributed to an increase in incidents
3
reported in Q1 2014. The related incidents
In Q1 2014, MyCERT personnel had
were defacements and malicious codes. The
conducted several talks, presentations and
total defacement incidents related to MH370
trainings at several locations. This included
was 61 but only one .gov site was involved.
a talk at Agensi Nuklear Malaysia about
The most TLD that related to this incident
WiFi security, training collaboration with
was .com.my with 29 incident. Malicious
UKM and a talk at APCERT AGM conference
code incidents that was connected with
in Taiwan on 18-21 March 2014.
MH370 concerned Facebook Apps. When a
user clicked on such apps, his/her computer
Besides the talks/presentations, MyCERT
will be infected with malicious codes.
personnel had also conducted several
Incident Handling training sessions for
Meanwhile, Cyber harassment incidents saw
a slight decreased of 1.4 percent for this corporate and government organisations
quarter, representing a total of 143 incidents. this quarter.
Harassment incidents generally involved
cyber stalking, cyber bullying and threats. Conclusion
Social networking sites such as Facebook,
Twitter, emails and chat programmes such as In conclusion, the number of computer
Yahoo Messenger, Skype have become popular security incidents reported to MyCERT
avenues for cyber harassment as they are this quarter had decreased by 7.1 percent
becoming popular communicating channels as compared to the previous quarter. But
on the Internet. MyCERT warns users to be very there is an increase in several incidents
precautious with whom they communicate on like intrusion and malware. There is also
an event related increase in the MH370
the net especially with unknown people and
tragedy, especially on defacements.
be ethical on the Internet.
MyCERT advices users and organisations
to be vigilant of the latest computer
Advisories and Alerts
security threats and to take measures to
protect their systems and networks from
In Q1 2014, MyCERT issued a total of
these threats.
12 advisories and alerts with two alerts
involving MH370, which was on Malware
Internet users and organisations may
Related to Missing Malaysia Airlines MH370 contact MyCERT for assistance. Our details
Plane and Missing Malaysia Airlines MH370 are listed below:
Plane Found Hoax. The other alert and
advisory was on Microsoft Ending Support Malaysia Computer Emergency Response
for Windows XP and Office 2003, Critical Team (MyCERT)
Vulnerability in Microsoft Internet Explorer E-Mail: cyber999@cybersecurity.my
9 and 10, Security Update for Adobe Flash Cyber999 Hotline: 1 300 88 2999
Player and a New Zero-Day Exploit. The Fax: (603) 8945 3442
Alert and Advisory comes with descriptions, 24x7 Mobile: 019-266 5850
recommendations and references. SMS: Type CYBER999 report <email>
<report> & SMS to 15888
Readers can visit the following URL on http://www.mycert.org.my/
advisories and alerts released by MyCERT:
http://www.mycert.org.my/en/services/ Please refer to MyCERT’s website for latest
advisories/mycert/2014/main/index.html updates of this Quarterly Summary.￭

Job Scam Modus Operandi
4
By | Juanita Abdullah Sani & Sarah Abdul Rauf
It’s not hard to find someone who has been tempted by the offers. Especially
among those who are struggling to make ends meet.
Introduction ways that a particular criminal performs

a crime. The modus operandi for a job
An Internet user opened his email scam is by emails, websites and phone
today and read an email that stated numbers. The scammers will send emails
he successfully landed a job in a well- to victims stating that they have been
known company offering salary that shortlisted for certain particular jobs
was triple his current one. Without and they need to provide their personal
thinking twice and worried that the job information to the scammer. The victims
offer would be given to someone else, will communicate back and forth with
he immediately replied to the email and the scammers using emails. To make the
gave his personal information. Without application more authentic the scammers
realising, he was actually duped by an will create websites that imitate the
online scammer. This type of scam is original companies that they claim they
known as job scam. represent and provide phone numbers
so that victims can call the numbers to
Job scams or employment scams verify the applications. Eventually some
have been massively circulated since charges are imposed as processing fees
the year 2011 in Malaysia. There are to the wishful jobseekers to secure and
various online scams but this type of obtain the jobs. Once the scammers have
scam is unique as it targets job seekers received the money, they will disappear
by posing as someone of authority and cannot be contacted. Based on
from the recruitment department of MyCERT’s experiences in dealing with job
selected companies. The industries scams, several victims have even lost
that are most likely being targeted thousands of ringgit in value to these
by job scams are Oil & Gas, Hotel and scammers.
Hospitality activities.
As email is a major tool for this scam,
Modus Operandi MyCERT has gathered a few of these emails
that have been used by the scammers. The
Modus operandi refers to the usual email samples are shown in Table 1 below.
Gmail Yahoo Outlook

asstrecuitmentmanager petronas.oilgasklmy300 workatpetronas2013
petronas.oilgasklmy2013 foreign.affairs_consultant noorhamidassociates
petronas.oilgasklmy2002 petronas.oilgasklmy22 petronasoil.my
job.headhanter petronas.oilgasklmy342

petronas.oilgaskl20 petronas.oilgasklmy112
petronasoilmalaysiajoboffers petronas.oilgasklmy811 5
petronas.oilgask12018
petronas1petronas.oil
Table 1: List of emails used by job scamers
The emails in Table 1 are just samples Internet location.

of the various emails used by these
scammers. Other than Gmail, Yahoo Other email services like Yahoo will
and Outlook, these scammers also use most likely reveal the IP address of the
other email services like Hotmail, MSN sender from the email’s full headers.
or spoofing emails of the companies Due to that, the scammers’ location can
they imitate. An example of these email be detected by the technical assistance
services is an email from <officemail@ of an Internet Service Provider (ISP)
petronascompanymy.com>. together with Law Enforcement officers.
On the other hand, Hotmail does not
Based on Table 1, MyCERT has observed disclose the originating IP of a sender.
that Gmail or Google Mail are amongst
the favorite emails used by scammers. Similar to email addresses, scammers will
This is because when one uses the repeatedly used the same phone number
normal web interface for Gmail, the for their modus operandi. One distinct
person is interacting with Gmail itself, characteristic for the phone number
not the Internet's email protocol. The is that the scammers will use mobile
first time the email enters the email numbers instead of fixed line numbers
protocol is when the email is sent from so that their personal information and
the Gmail server--so that is the first IP location is untraceable. Internet users
address that appears in the email header. who receive this kind of email, should
IP address (Internet Protocol address) know the emails are fake based on the
is a series of numbers that identifies a phone numbers as most companies will
digital device such as our computers. not provide mobile numbers as their
IP address works likes a home address, official contact points. Samples of phone
it allows data to arrive at the correct numbers are shown in Table 2 below.
Contact Number
60102145427 60162758426 60163949679
601126160959 60166752993 61116211192
60163148642 60163148642 61116211192
601126160958 61115586342 60143182568
Table 2: List of mobile numbers used in Job Scams
Finally, to make the job application email job application emails may appear to
more authentic, the email will be sent come from the Foreign Affairs Ministry,
by someone who appears to be the head as these job scammers aim to target
of the human resource department or an foreigners.
attorney who manages the application
or even someone from the Ministry of The above modus operandi (MO) of using
Foreign Affairs. In certain cases, the emails, mobile numbers and websites

6 are the common and popular methods
for scammers to operate job scams.
In several MyCERT investigations, we
discovered that there is a new MO that
is being circulated. The scammer will
use instant messaging or IM for a job
interview, amongst the reasons is that IM
provides no valid contact information.
The other new MO is texting, whereas in
a real situation, a valid hiring manager
will not be texting with any potential
employee.
Figure 2: Job scam statistics for 2011 until 2013
Statistics Th e m ost j ob sc a m i m person a t i o n

rev ol v es a rou n d a wel l - k no w n
c om pa n y i n t h e Oi l & G a s i n d us t r y
Throughout the year 2013, MyCERT ba sed i n M a l a y si a . M y CE RT a ss um e s
received a total of 151 incidents related t h a t i t i s bec a u se t h e sa l a ry offe re d
to job scams. Figure 1 below shows the by t h a t c om pa n y i s m u c h hi g he r
monthly distributions of job scam in a s c om pa red t o a n y ot h er s m a l l
2013. c om pa n i es. Nev ert h el ess, t h e M O fo r
a n y j ob sc a m i s a l m ost t h e sa me no
m a t t er wh a t t h e c om pa n y a p p e a r s
t o be. Fi gu re2 bel ow l i st s t a rg e t
i n du st ri es by j ob sc a m m ers.
Figure 1: The graph depicting job scam incidents in 2013
Figure 2 shows the comparison of job

scam incidents between 2011 and 2013.
The spike in job scam incidents was in
2012 where there were a total of 388
incidents. However, scammers will
always find ways to improvise the MO
and Internet users should always stay
alert to these changes. alert to these Figure 2: Job scam Target Industries in 2013
changes

Recommendation web address may not reflect or bear 7
the organisation’s name.
MyCERT has released an alert regarding Users who receive suspicios emails and
the job scam back in 2012 that can need assistance, can report to Cyber999
be referred to by Internet users. They at the contact details listed below:
may look out for the "red flags" listed
below in suspicious emails that offers E-Mail : mycert@mycert.org.my or
jobs, and once they identified these cyber999@cybersecurity.my
"red flags", they can just ignore such Telephone: 1-300-88-2999 (monitored
emails and never respond to them. during business hours)
Facsimile: +603 89453442
• Real companies will conduct an Mobile: +60 19 2665850 (24x7 call
incident reporting)
interview before offering a job and
SMS: CYBER999 REPORT EMAIL
not just offer it via email.
COMPLAINT to 15888
Business Hours: Mon - Fri 08:30
• Look out for the scammer’s email
-17:30 MYT
address. A contact email address
Web: http://www.mycert.org.my ￭
being used is not a primary
domain. For example, a Recruitment
Department using a Yahoo! or Gmail
email address.
References:
• There may be inaccuracies and 1. h t t p : / / w w w. m y c e r t . o r g . m y / e n / s e r v i c e s /
inconsistencies in the emails and the advisories/mycert/2012/main/detail/913/index.
fake websites. For example spelling html
and grammatical errors.

2. h t t p s : / / s u p p o r t . g o o g l e . c o m / m a i l /
answer/1198107?hl=en
• The fake websites will have
inaccurate physical addresses and 3. https://productforums.google.com/forum/#!topic/
gmail/L3dqotgK3Po
telephone numbers that belong to
mobile numbers. Real websites will 4. http://www.merriam-webster.com/dictionary/
have correct physical addresses and modus%20operandi
will never use mobile numbers as
their contact points. 5. https://www.flexjobs.com/blog/post/new-job-
scams-and-how-to-avoid-them/
• Fake job emails will also request 6. MyCERT Definitions of Incidents http://www.
users to bank in a certain amount mycert.org.my/en/services/report_incidents/
of money to the fraudsters as cyber999/main/detail/799/index.html
processing fees for the jobs. A real
7. MyCERT Service Level Agreement (SLA) http://www.
job offer will never request for any mycert.org.my/en/services/report_incidents/
processing fee. cyber999/main/detail/800/index.html
• Look out for the web address. The 8. http://cybersafe.my/guidelines.html

Migrating to ISO/IEC 27001:2013 At Your
8
Fingertips
By | Nooraida Aris
Digital environments have changed so much over the past years that
some degree of obsolescence was inevitable.
Malaysia is one of the countries which

1. Introduction have adopted the ISO/IEC 27001 ISMS
certification. As of December 2012, there
ISO/IEC 27001 Information Security are 100 ISMS certified organisations in
Management System (hereinafter referred to Malaysia (refer to Table 1).
as ISMS) is a management system standard
for information security. The standard Table 1: Number of ISO/IEC 27001 certified
specifies the requirements for establishing, organisations in several countries (Source:
implementing, operating, monitoring, w w w. i s o . o r g / i s o / h o m e / s t a n d a r d s /
reviewing, maintaining and improving certification/iso-survey.htm)
information security for organisations.
ISMS
ISO/IEC 27001 is the backbone for the ISO/
Country Cerifications
IEC 27000 series and it includes important as of 2012
clauses such as management commitment, Japan 7199
risk management, training and awareness,
United Kingdom 1701
and continuous improvements. By
India 1600
implementing ISMS and being an ISO/
China 1490
IEC 27001 certified organisation, an
Romania 866
organisation may enjoy advantages such
Chinese Taipei 855
as improved organisational governance
Spain 805
structure, better management of
Italy 495
information security risks, compliance to
business, legal and regulatory requirements Germany 488
and enhanced incident management. USA 415
Hungary 199
Since ISO/IEC 27001 first became an Netherlands 190
international standard in 2005, there has Korea 181
been a very large increase in the number Australia 113
of ISO/IEC 27001 certified organisations Hong Kong 110
in the world. According to statistics Malaysia 100
from the International Organisation for Thailand 96
Standardization (ISO), ISO/IEC 27001 Mexico 75
certificates issued in 2006 was 5,797 and Philippines 66
the number of certificates exceeds 18,000 Singapore 65
in 2012. In addition, the overall adoption Canada 62
by countries show an increase of 60 Vietnam 44
percent; showing 64 countries in 2006 to Indonesia 35
103 countries in 2012.

ISO/IEC 27001 was revised and only recently Clause 6 Clause 6
published on 1st October 2013. The revised Internal ISMS audits Planning 9
version, known as ISO/IEC 27001:2013 Clause 7 Clause 7
Information Security Management System Management review Support
(ISMS) - Requirements, replaces the old ISO/ of ISMS
IEC 27001:2005 ISMS - Requirements which Clause 8 Clause 8
has been the main reference since 2005. ISMS improvement Operation
Clause 9
To ensure continuous compliance to ISO/IEC Performance
evaluation
27001, it is necessary for organisations with
Clause 10
existing ISO/IEC 27001:2005 certification to Improvement
migrate to the revised ISO/IEC 27001:2013.
This article provides an overview of the
changes in ISO/IEC 27001 since 2005, and In addition, the risk assessment
guidance for organisations to migrate to approach in this standard is more flexible
ISO/IEC 27001:2013. as compared to the previous version.
Requirement for risk assessment in ISO/
2. What's new in ISO/IEC IEC 27001:2013 does not require that
27001:2013? assets, threats and vulnerabilities to be
identified. Thus, organisations are free
to select whichever risk assessment
The first major change is the structural methodology that suits them. As
change. This is to align the standard to organisations may have an existing
other management system standards enterprise risk management approach,
published by ISO. The new structure of this will allow organisations to have a
ISO/IEC 27001:2013 mirrors the high common risk assessment methodology
level structure of the management system even for information security risk
standards. Thus, the four mandatory assessment.
clauses in ISO/IEC 27001:2005 have
now been increased to eight clauses The other significant change to ISO/
(refer Table 2). The new structure will IEC 2700:2013 is in Annex A. Annex A
make it easy for organisations that have defines information security controls
achieved ISO/IEC 27001 certification and the control objectives. This annex
to achieve other management system remains in ISO/IEC 27001 but the number
standard certifications such as ISO of controls is reduced from 133 to 114
9001, ISO 14001, etc. due to several controls being combined
together. The number of control areas is
Table 2: Mandatory clauses in ISO/IEC now 14. They are:
27001
A.5 Information security policies,
Mandatory Mandatory A.6 Organisation of information
clauses in ISO/IEC clauses in ISO/IEC security,
27001:2005 27001:2013
A.7 Human resources security,
Clause 4 Clause 4
A.8 Asset management,
Information Security Context of the
organisation A.9 Access control,
Management System
A.10 Cryptography,
Clause 5 Clause 5 A.11 Physical and environmental
Management Leadership
responsibility security,

10 A.12 Operations security, training sessions. Personnel who
A.13 Communications security are in charge of ISMS should attend
A.14 System Acquisition, development relevant training sessions to have a
and maintenance, better understanding of these new
A.15 Supplier relationships, requirements in ISO/IEC 27001:2013.
A.16 Information security incident Examples of the relevant training
management, programmes are 'Introduction to ISO/
A.17 Information security aspects of IEC 27001:2013' and 'Migration to ISO/
business continuity, and IEC 27001:2013'.
A.18 Compliance.
Next, organisations which have
Refer to Figure 1 for the overall view implemented ISO/IEC 27001:2005
of the new ISMS requirements and are advised to conduct a thorough
information security controls in ISO/ gap analysis. This is due to several
IEC 27001:2013. requirements and controls that have
been added, reviewed or deleted in
Figure 1: Requirements and information the revised ISO/IEC 27002:2013. By
security controls in ISO/IEC 27001:2013 conducting a thorough gap analysis, the
organisation will be able to assess the
gap between the current implemented
ISMS and the new ISO/IEC 27001; and
understand additional actions that are
needed to be taken to comply with the
new ISO/IEC 27001. They will also be
able to develop a detailed plan with
timeline for the ISO/IEC 27001:2013
migration.
Furthermore, organisations should

review their current documents; as
And lastly, the contents of standard has most probably they need to change and
been revised and improved overall in update their documents to suit to ISO/
the hope that it is better understood IEC 27001:2013. One document that
by organisations. For example, in ISO/ must be updated is the Statement of
IEC 27001:2005 version, the topics for Applicability (SOA). An SOA is a document
conducting ISMS review were scattered describing the control objectives and
in various clauses, but in this new controls that are relevant and applicable
standard, the topics were grouped to the organisation's ISMS. SOA lists
together under Clause 9 Performance all information security controls that
Evaluation. organisations have implemented and
should be implementing. If there are
3. How to migrate to the new new information security controls
ISO/IEC 27001:2013? from ISO/IEC 27002:2013 that should
be implemented, the SOA should
be updated to reflect this change.
Firstly, organisations are recommended Furthermore, there are also a possibility
to send their relevant personnel for for organisations to develop new policy

and procedure with regards to the new when trying to better understand the 11
ISO/IEC 27001. requirements and controls in the revised
ISO/IEC 27001:2013.
Finally, the necessity to conduct
adequate awareness briefings to all 5. When is the deadline
relevant employees and external. The to migrate to ISO/IEC
purpose is to educate employees on 27001:2013?
the changes and brief them on their
additional roles and responsibilities
(if any). Awareness to external parties Organisations which are currently
should involve vendors and contractors. certified with ISO/IEC 27001:2005
should not be worried as they will not
4. What are guidelines that need to migrate to the new ISO/IEC
can help to migrate to ISO/IEC 27001:2013 immediately. There will be
27001:2013? a transition period for migration to ISO/
IEC 27001:2013 so that all tasks will be
done in an orderly manner. According to
There is a document called Standing International Accreditation Forum (IAF)
Document 3 (SD3), which was produced 27th General Assembly (held in Seoul
by the Working Group 1 (WG1) of on 25 October 2013), a two year period
Subcommittee 27 (SC27) that can provide from 1 October 2013 (which is the date
guidelines to organisations intending of ISO/IEC 27001:2013 publication)
to migrate to ISO/IEC 27001:2013. is allowed for migration to ISO/IEC
The purpose of SD3 is to show the 27001:2013 (source : IAF Resolution
corresponding relationship between the 2013-13 – Endorsing a Normative
2005 versions of ISO/IEC 27001 and Document). This means the last date for
ISO/IEC 27002 and the 2013 versions of organisations to comply with ISO/IEC
ISO/IEC 27001 and ISO/IEC 27002. 27001:2013 is on 30 September 2015.
This SD3 document contains three
tables: Conclusion
• Table A: Comparison between

ISO/IEC 27001:2013 and ISO/IEC Organisations are advised to start their
27001:2005 ISO/IEC 27001:2013 migration activities
• Table B: Comparison between now and not wait until the last minute.
ISO/IEC 27002:2005 and ISO/IEC Organisations are also advised to work
27002:2013 closely with their certification body (CB)
• Table C: Comparison between in order to ensure a smooth migration
ISO/IEC 27002:2013 and ISO/IEC to ISO/IEC 27001:2013. Guidance
27002:2005 provided in this article can be used
as reference. By ensuring continuous
The SD3 document is freely downloadable. compliance to ISO/IEC 27001, it is
Please refer to this URL http://www. hoped that organisations will be able to
jtc1sc27.din.de/sixcms_upload/ continue managing information security
media/3031/SD3.pdf. Organisations in their organisations efficiently and
should be able to refer to these tables effectively ￭

A Review on Steganography Substitution
12
System Methods
The recent development of new robust techniques has now caught the eye of the
privacy-craving public.
By | Nor Azeala binti Mohd Yusof, Abdul Alif Zakaria, Hazlin Abdul Rani, Nik Azura Nik Abdullah
1.0 Introduction intensities are used to hide the

information.
Nowadays, digital communication has b. Audio Steganography: The audio is

become an essential part of our modern used as the carrier. It has become very
infrastructure. A lot of applications are significant medium due to voice over
Internet-based and this situation demands IP (VOIP) popularity.
the security of data confidentiality and
integrity so as to ensure that sensitive data c. Network Steganography: The cover
and information on the Internet is protected object is used as the network protocol
against unauthorised access. There are and protocol is used as carrier.
various techniques that can be used to
protect sensitive information. One of such d. Video Steganography: The video is
technique is by using steganography. used as carrier for hidden information.
Unlike cryptography, steganography is the
art of hiding and transmitting secret data. e. Text Steganography: Using general
However, it is not intended to replace technique, such as number of tabs,
cryptography but to compliment it. The white spaces, capital letters, just like
goal of steganography is to hide sensitive Morse code and etc.
information in a cover so that no one can
guess the existence of such information. Each technique embeds a message inside
The message will be inserted into the cover a cover. Various features characterise
by modifying the nonessential pixels of the method’s strength and weaknesses.
the cover (Amirtharajan et. al., 2010). The importance of each feature depends
on the application. Al-Ani et. al. (2010)
classifies steganography systems into five
2.0 Steganography Techniques, characteristics which are capacity, robustness,
Characteristics, And Types undetectable, invisibility, and security.
Basically, there are three types of

In order to obtain security, there are many steganography (Al-Ani et. al., 2010).
suitable steganographic techniques that
can be used. It depends on the type of the a. Pure Steganography - does not
cover object (Hussain and Hussain, 2013). require prior exchange of some
These known steganographic techniques secret information before a particular
are: message is being sent. This type of
steganography is more preferable for
a. Image steganography: The image is most application. Figure 1 shows how
used as the cover object and pixel Pure Steganography works.

al., (2010) has classified steganography
13
into six categories namely substitution
systems, transform domains, spread
Figure 1: Pure Steganography
spectrum techniques, statistical methods,
distortion methods, and cover generating
b. Secret Key Steganography - the methods. However, only steganography
sender chooses a cover and embeds substitution systems will be discussed
the secret message into the cover using further in this article.
a secret key. It is similar to symmetric
cipher in cryptography. Figure 2 shows
how Secret Key Steganography works.
Substitution System Methods
The basic idea of this substitution

systems is to encode secret information
by substituting insignificant parts of
Figure 2: Secret Key Steganography the cover with secret message bits. The
information can be extracted if the receiver
has knowledge of the positions where
c. Public Key Steganography - requires
secret information has been embedded. By
two keys which are private key and
using this substitution system, the sender
public key. The public key is used in
assumes that it will not be noticed by a
the embedding process and stored
passive attacker since only minor changes
in a public database while the secret
and modifications were made during
key is used to reconstruct the secret
the embedding process. Steganography
message.
substitution systems are divided into eight
methods (Johnson et. al., 2000) shown in
There are several approaches to classify
Figure 3. Each method will be discussed in
the steganography system. Al-Ani et.
the following subsections.
Figure 3 : Steganography Substitution System Methods
A. Least significant bit substitution
Message and cover will be in binary

form which only contains ‘0’ and ‘1’ bits.
Figure 4 below shows the position of
the most significant bit (MSB) and the
least significant bit (LSB) in a binary
Figure 4 : Binary Representation
representation.

The embedding process starts by choosing the embedding process. Figure 6 below
14
the cover elements and performing the is an illustration of the pseudorandom
substitution operation on them. The permutation method.
least significant bits of the cover will
be exchanged with the bit of message.
This method allows more than one
message bits to be stored in the two least
significant bit of the cover. This process
is illustrated in Figure 5. In this example,
the cover contains all ‘0’ bits, while the
bit message contains all ‘1’ bits.
Figure 6 : Pseudorandom Permutation
C. Image Downgrading and Covert

Channels
Image downgrading is a special case of

a substitution system. It could be used
to exchange images covertly. They are
Figure 5 : LSB Substitution
usually used for “leaking” information.
Covert channels in operating systems
In order to extract the secret message, the allow processes to communicate “invisibly”
least significant bit of the selected cover- and possibly across different security
elements will be extracted and lined up. zones specified by a security policy.
However, the sequence of element indices Images act both as secret messages and
used in the embedding process must be covers. In this method, a cover image and
accessible by the receiver. By using this a secret image have an equal dimension.
method, information can be hidden with The sender exchanges the four least
little impacts to the carriers. Because of significant bits of the cover’s grayscale
the simplicity of applying it into image values with the four most significant bits
and audio, this method is now common of the secret image. The receiver extracts
to steganography. the four least significant bits of the secret
image. Four bits are sufficient to transmit
a rough approximation of the secret image
B. Pseudorandom Permutation since the degradation of the cover is not
visually noticeable in many cases. This
process is illustrated in Figure 7 below.
In this method, a sequence of element
indices will be generated by using a
pseudorandom generator. Then the secret
messages will be stored into the cover
according to the bit position determined
by the previous generated sequence.
Therefore, the secret message bits can
be distributed randomly over the whole
Figure 7 : Image Downgrading and Covert Channels
cover if all cover bits can be accessed in

D. Cover-regions and Parity Bits presented. Information is encoded in the
15
way the colours are stored in the palette
In this method, a pseudorandom sequence because the palette does not need to
of disjoint cover-regions will be generated. be sorted in any way. There is sufficient
A stego-key is used as the seed and only capacity to encode a small message, since
one bit of the secret message will be stored there are N! different ways to sort the
in a whole cover-region rather than a single palette. All techniques which use the order
element. During the embedding process, of a palette to store information are not
disjoint cover-regions are selected. Each robust. An attacker can destroy the secret
encodes one secret bit in the parity bit. message by simply sorting the entries in a
A parity bit of a region can be calculated different way.
by modulo the total numbers of ‘1’ with
2. If the parity bit does not match with The other technique encodes information
the secret bit to encode, one of the least in image data. Any approach of changing
significant bits in the cover region will be the LSB of some image data fails because
flipped. The parity bits of all the selected neighbouring palette colour values need
cover-regions are calculated and lined up not be perceptually similar. Colours with
to reconstruct the message at the receiver similar luminance values may be relatively
(Bandyopadhyay and Banik, 2012). This far from each other but it may generate
process is illustrated in Figure 8 below. very noticeable artefact (Wang et. al.,
2005). However, colour values can, for
instance, be stored according to their
Euclidian distance in RGB space:
d = √(R2+G2+B2)
Figure 8 : Cover Regions and Parity Bits
Another approach would be sorting

E. Palette-based Images the palette entries according to their
luminance components since the human
visual system is more sensitive to change
This method emphasises the use of a in the luminance (intensity) of a colour.
subset of colours from a specific colour
The LSB of colour indices can safely be
space that can be used to colorise the
image as follows:- altered after the palette is sorted.
a. A palette specifying N colours as a

list of indexed pairs (i, ci), assigning a F. Quantisation and Dithering
colour vector ci to every index i.
b. The actual image data which assign a Quantisation and dithering of digital
palette index to every pixel rather than images can be used for embedding
its colour value. secret information. Some steganographic
systems operate on quantised images (Al-
There are two techniques to be implemented; Ani et. al., 2010). Definition of quantisation
it’s either manipulating the palette or the is reviewed in the context of predictive
image data. The first technique encodes coding. Prediction of the intensity of each
information in the palette. LSB of the pixel is based on values of the pixel in a
colour vectors transfer information similar specific neighbourhood. Outcome of the
to the substitution methods previously prediction may be a linear or nonlinear

function of pixel values surrounding H. Unused or Reserved Space in Computer
it. A discrete approximation of the Systems
16 difference signal is obtained by feeding
calculated difference between adjacent
Steganography implementation in these
pixels into a quantiser. Each quantisation
techniques takes advantage of unused or
step will introduce a quantisation error.
reserved space to hold covert information
Additional information in steganography
without perceptually degrading the carrier.
is transmitted by adjusting the difference
Under Windows 95 operating system,
signal.
32Kb of minimum space is allocated to
a file. For a file with the size of 1 Kb, an
G. Information Hiding in Binary Images additional 31Kb is said to be “wasted”
because it has been unused. Information
can be hidden without being noticed in
It is difficult to implement this technique the directory.
due to the fact that changing one bit in
a binary image is easy to detect as it Another technique is implemented
change the colour from black to white or by creating a hidden partition that is
the opposite (Al-Jaber and Sabri, 2003). unnoticeable if the system is started
This technique can be divided into two normally (Viswam, 2010). Unused space
different techniques. The first hiding exists in the packet headers of TCP/
scheme encodes secret information using IP packets that are used to transport
the number of black pixels in a specific information across the Internet. There
region. The colour of some pixels is are six unused (reserved) bits in the TCP
changed so that the desired relation holds. packet header and two reserved bits in the
If neighbouring pixels have the opposite IP packet header. In each communication
colour, modification will be carried out channel, thousands of packets that are
to those pixels. Modifications are carried transmitted provide an excellent covert
out at the boundaries of black and white communication channel if left unchecked.
pixels in sharp contrasted binary images.
The other technique uses a combination 4.0 Conclusion And Future

of run length (RL) and Huffman encoding. Projects
The fact that in a binary image successive
pixels have the same colour with high
probability is utilized in RL techniques. Some of the substitution system methods
Modification of the least significant bit of are facing problems during the embedding
RL is carried out to ensure that information process. The substitution system methods
can be embedded into a binary, run-length that are ridden with problems are listed in
encoded image. Table 1 below.
Method Problem
Which way should the cover sequence be chosen?
If secret message is shorter than cover elements, sender can leave all
other elements unchanged. It may cause different statistical properties
in the first part (modified cover-elements) and second part (unchanged
Least Significant Bit cover-elements) of the cover-elements.
It changes far more elements than the transmission of the secret would
require. Therefore the probability that an attacker will suspect secret
communication increases.

Pseudorandom One index could appear more than once in the sequence, since there is
Permutation no output restriction of pseudorandom number generator. This event is
called as “collision”. It will try to insert more than one secret message 17
bit into one cover-element, thereby corrupting some of them.
Image Downgrading and Information downgrading due to declassify or downgrade information
Covert Channels by embedding classified information into objects with a substantially
lower security classification.
Palette-based Images All methods which use the order of a palette to store information are
not robust since an attacker can simply sort the entries in a different
way and destroy the secret message.
Table 1: Problems in some Substitution Methods
Due to the listed problems, changes and

improvements to the current techniques 6. Yadav R., Saini R., and Kamaldeep. 2011.
Cyclic Combination Method for Digital
need to be done. The weaknesses of the
Image Steganography with Uniform
current techniques give some ideas to Distribution of Message. Advanced
develop better embedded techniques Computing: An International Journal
using steganography substitution system (ACIJ). 2(6): 29-43.
methods.
7. Sumathi C.P., Santanam T., and
Umamaheswari G. 2013. A Study of
Various Steganographic Techniques Used
References for Information Hiding. International
Journal of Computer Science &
Engineering Survey (IJSES). 4(6): 9-25.
1. Johnson N.F., and Katzenbeisser S.C.
2000. A survey of Steganographic 8. Kayarkar H. and Sanyal S. 2012. A Survey
techniques. Information hiding on Various Data Hiding Techniques
Techniques for Steganography and and Their Comparative Analysis. ACTA
Digital Watermarking. Norwood: Artech Technica Corviniensis. 5(3).
House, INC.
9. Wang H. and Wang S. 2004. Cyber
2. Al-Ani Z.K., Zaidan A.A., Zaidan B.B., Warfare: Steganography and
and Alanazi H.O. 2010 Overview: Steganalysis. Communications of the
Main fundamentals for Steganography. ACM. 47(10)
Journal of Computer. 2(3): 158-165.
10. Petricek V. (2001). Information Hiding
3. Amirtharajan R., Akila R., and and Covert Channels. Proceeding of
Deepikachowdavarapu P. 2010. 14th Annual Student Week of Doctoral
A Comparative Analysis of Image Students, Prague.
Steganography. International Journal of
Computer Applications.2(3): 41-47. 11. Bandyopadadhayl S.K. and Banik B.G.
(2012). International Journal of Emerging
4. Kaur R., Singh R., and Singh B., and Trends & Technology in Computer Science
Singh I. 2012. A Comparative Study of (IFETTCS). 1(2): 71-74.
Combination of Different Bit Positions
in Image Steganography. International 12. Wang X., Yao Z., and Li C. (2005). A
Journal of Modern Engineering Research Palette-Based Image Steganographic
(IJMER). 2(5): 3835-3840. Method using Colour Quantisation. IEEE
International Conference. 2.
5. Hussain M. and Hussain M. 2013.
A Survey of Image Steganography 13. Viswam D. 2010. Steganography. Seminar
Techniques. International Journal of Report, School of Engineering, Cochin
Advanced Science and Technology. 54: University of Science & Technology Kochi.
113-123

Transition to ISO/IEC 27001:2013
18
By | Razana Md Salleh, Wan Nasra Wan Firuz, Nahzatulshima Zainudin, Rafidah Abdul Hamid, Sharifah Norwahidah Syed Norman
Introduction For organisations that will be implementing

ISMS after 1st of October 2013, it is
encouraged to immediately conform to the
The first revision on ISO/IEC 27001 was new 2013 version. For existing certified
finally published in Quarter 4 of 2013. This organisations, the transition period given
has caused a stir in the older standard (2005 by the International Accreditation Forum
version) certified organisations as well as for (IAF) is two years from the release date.
organisations that are planning to be certified in The deadline for conformance to the new
the near future. Currently, there are 169 certified standard is 1st of October 2015.
organisations from local certification bodies in
Malaysia. As a certification body, CyberSecurity iv. What if my organisation is already
Malaysia (CSM) receives numerous questions certified with the old 2005
pertaining to the transition period and the standard? Do I have to do it all
adoption of this new version. Therefore, this over again?
article provides a general overview regarding The new 2013 revision is geared to focus
the transition to ISO/IEC 27001:2013 from more on the ability to measure the ISMS. A
the perspectives of a certification body. The subsection focusing on measurement has
information is summarised in a Q&A format been created to support this. It provides
based on frequent questions that were posed guidelines on how to evaluate information
to CSM. security performance. There are also a few
new terms introduced such as “Risk Owner”,
i. When was it published? previously known as “Asset Owner”;
The new revised standard ISO/IEC “Stakeholders” is now named as “Interested
27001:2013 was published on the 1st of Parties” and “Documents and Records” is
October 2013. now called “Documented Information”. A
few additional documents may need to be
ii. Is the previous ISO/IEC developed to address the new requirements;
27001:2005 still valid after 1st whereas a few other documents could be
October 2013? dropped. Table 1 will provide you with
No. The new version cancels and replaces a minimum set of documents required to
the ISO/IEC 27001:2005 version. However, fulfil the 2013 version.
existing certified organisations are given
two years to migrate from version 2005 to Organisations are also encouraged to
version 2013. prepare a transition plan and submit it to
the relevant certification body. This will
iii. W hen do I have to conform to the help the certification body to analyse the
new 2013 revision? requirements and plan visits.
ISO 27001:2013 clause

Scope of the ISMS 4.3
*Documents Information security policy and objectives 5.2, 6.2
Risk assessment and risk treatment 6.1.2
methodology

Statement of Applicability 6.1.3 d)
Risk treatment plan 6.1.3 e), 6.2 19
Risk assessment report 8.2
Definition of security roles and A.7.1.2, A.13.2.4
responsibilities
Inventory of assets A.8.1.1
Acceptable use of assets A.8.1.3
Access control policy A.9.1.1
*Documents Operating procedures for IT A.12.1.1
management
Secure system engineering principles A.14.2.5
Supplier security policy A.15.1.1
Incident management procedure A.16.1.5
Business continuity procedures A.17.1.2
Legal, regulatory, and contractual A.18.1.1
requirements
Records of training, skills, experience 7.2
and qualifications
Monitoring and measurement results 9.1
Internal audit program 9.2
*Records Results of internal audits 9.2
Results of the management review 9.3
Results of corrective actions 10.1
Logs of user activities, exceptions, and A.12.4.1, A.12.4.3
security events
Table 1: Minimum set of documents and records required by the new 2013 revision
v. What are the documents and implementation?

records that need to be produced If you are at the early stages of implementing
for the new 2013 revision? the 2005 version, and unlikely to go
Many organisations used to complain about through the certification audits before 1st
the amount of documents they had to October 2014, it is better to pursue the
produce for the 2005 version; however the new standard ISO/IEC 27001:2013.
new 2013 revision omits quite a number
of those documents. For example, there is vii. What are the other changes in
no requirement to develop an “ISMS Policy” the new 2013 revision?
but an “Information Security Policy” will • The new version of ISMS emphasises on
suffice. See Table 1 for the minimum set business requirements and expectations
of documents and records required by the of interested parties. It aims to add
new 2013 revision. This is by no means a greater economic opportunities to the
definitive list of documents and records – business community. To allow this to
any other documents are to be added to happen, the PDCA model has been
improve the level of information security. removed.
• The revised version has 113 controls,
vi. I am currently implementing the as opposed to the original 133 controls
2005 version and will go through in the 2005 version. There is now
certification audits in the near 14 control domains in the current
future. What about my current version; compared to the previous 11

control domains (Figure 1). segregation between the selected controls and
• The risk has been aligned with ISO Annex A. As such, we look forward to see the
20
31000:2009 (Risk Management— new 2013 implementation.
Principles and Guidelines), making the
risk assessment requirement more
general. It is no longer necessary
to identify assets, threats and
vulnerabilities. However, if the risk
methodology uses an approach based
on assets, threats and vulnerabilities, it
is acceptable too.
• When implementing ISMS, the controls
must first be determined in the Figure 2 : Different situations in utilizing controls
risk treatment process, before from Annex A
comparison is made with Annex A.
2013
A.5. Security policy
2005
A.5. Security policy
viii. What happens after the
A.6. Organisation of
information security
A.6. Organisation of
information security
transition period ends?
A.7. Asset management A.7. Human resource security
A.8. Asset management
On the 1st of October 2015, two years after
A.8. Human resource security
A.9. Physical and A.9. Access control publication of the new version, all certified
environmental security A.10. Cryptography
access control A.11. Physical and organisations are expected to be in full
A.10. Communications and environmental security
operations management A.12. Operations security compliance with ISO/IEC 27001:2013 and
A.11. Access control A.13. Communication security New
A.12. System acquisition, A.14. System acquisition, chapters have new certificates issued. On the 2nd of
development and development and introduced
maintenance maintenance October 2015, all certificates referring to ISO/
A.15. Supplier relationships
A.13. Information security
incident management A.16. Information security IEC 27001:2005 or MS ISO/IEC 27001:2007
A.14. Business continuity
management
incident management
A.17. Information security
will become invalid and withdrawn.
A.15. Compliance aspects of business
continuity management
A.18. Compliance
Conclusion
Figure 1 : The New Controls Added to ISO 27001:2013 Annex A
as opposed to the old version
Meeting the requirements of the new standard

has never been easier. However, this new
*Controls from Annex A can be excluded if
version has been revised through practical
the organisation concludes there are no risks experiences from the older version, making
or other requirements which would demand it more flexible and giving more freedom on
the implementation of a control. how to implement it. For further details, kindly
contact csm27001@cybersecurity.my.￭
In the new 2013 version, controls must first
be determined in the risk treatment process
before comparison is made with Annex A. Reference:
These controls can come from other best
practices or sector specific standards. There 1. The All New ISO 27001:2013 – Nothing Much to
would be three different situation where the Worry, http://www.cyberintelligence.my/blog/
controls from Annex A can be utilised as 2. Checklist of Mandatory Documentation
depicted in Figure 2. In the first situation, the Required by ISO/IEC 27001 (2013 Revision),
Information Security & Business Continuity
there is a 100 percent overlap between the
Academy
selected controls and Annex A. In the second
3. Certified Organisation Register - http://
situation, there is a partial overlap between csm27001.cybersecurity.my/org-cert.html
the selected controls and Annex A. Finally, 4. QMS Certification - http://www.malaysian-
in the third situation, there is a 100 percent certified.my/

Knowledge Hoarding versus Knowledge
Sharing: A Transformation 21
It is essentially collaboration intelligence – giving us ideas and ways to

optimise what we never had before.
By | Zaleha Abd Rahim
Introduction be considered as a disease within

the information ecosystem of an
organisation. Knowledge hoarding is
We often hear someone proclaim, "Why an evil twin of knowledge sharing
should I share my knowledge? If I am and is often considered as the result
the only one who knows how to do of bad knowledge management or an
this, my position is secured and the unhealthy informational environment.
management can never fire me". This There are several reasons why people
is a fundamental and common problem are reluctant to share knowledge such
that exists in a workplace because as:
this type of person used knowledge
as 'insurance' plan. However, this • People perceive knowledge as power
knowledge hoarding attitude is the that makes them feel secure, safe and/
most serious cost which may stifle an or powerful. They hope to benefit in
organisation especially when it involves terms of dollars, power and credibility
innovation. Knowledge is essential for from having exclusive knowledge.
knowledge-based organisations and
knowledge sharing is critical for these • There are no incentives or rewards
organisations to survive in the 21st for sharing knowledge. Most
century. Most organisations tend to rely organisations reward staff for what
on staffing and training in order to stay they know and not what they share.
competitive. Therefore, organisations
need to find ways on how to transfer • Professionals are afraid to reveal
expertise and knowledge from experts or take any risks that they might
to novices who need to know. In other not know something or be shown
words, organisations must consider a wrong and this will make them feel
transformation culture from knowledge embarrassed.
hoarding to knowledge sharing.
• People perception that sharing
knowledge will reduce his/her own
value, prestige or recognition.
Hoarding Knowledge
• Lack of understanding and appreciation
Knowledge hoarding exists when on the value of sharing knowledge.
someone knows something but
is either unwilling to share what • Too busy and even with the best
they know or at least disclose the intentions do not develop a habit of
source of their knowledge. It can knowledge sharing.

22
• Lack of clarity on issues of cultural transformation to turn into
confidentiality which can lead to either successful business innovation and
withholding information that can be solving critical issues.
helpful or sharing it inappropriately.
Listed below are several benefits in
sharing knowledge:
What is Knowledge Sharing?
• Cost effectiveness where new
knowledge is developed and then re-
Knowledge sharing is an activity used by many people
through which knowledge (i.e.
information, skills, or expertise) is • Enhancement of effectiveness and
exchanged among people, friends, or efficiency by spreading good ideas
family members, a community or an and practices
organisation. By knowledge sharing
employees can contribute to knowledge • Time saving where we learn from our
application, innovation, and ultimately own mistakes and those of others
the competitive advantage of an
organisation. Advancements in ICT • When we share problems, our obtain
and communications connectivity has emotional relief and this will decrease
multiplied the potential for knowledge tension
sharing and wealth creation. Research
has shown that knowledge sharing is • Solving problems brings people
positively related to cost reduction, together and this will strengthen
speedier project completion, resolving professional bonds and connections
critical issues just in time, spikes
in team performance, innovation • Increase in innovation and new
capabilities and increase performance discovery as well as excitement,
in sales growth and revenue from new engagement and motivation
products or services.
• A feeling of satisfaction much
like giving charity or making a
Benefits of Knowledge Sharing contribution to society
• Respectful ways of using knowledge

Knowledge sharing within a workplace
- with attribution and permission
is one of the most critical cultural
and this will benefit the person who
values of an organisation. If we share
generates the knowledge and the
knowledge and good practices with
person who shares it
others, this may lead in increasing
employees’ productivity without
increasing costs in the areas of time
Environment for Constructive
and training. Knowledge sharing is
more than giving pertinent information
Knowledge Sharing
to others within the organisation. It is
sharing knowledge to enable positive Trust is the key element in knowledge

23
sharing. Employees may not be being so naive and reveal absolutely
willing to share their knowledge everything. If you have a great idea,
especially work-related knowledge if don't simply share the idea with your
they believe that hoarding knowledge competitor either internal or external.
will assist them in furthering their On the other hand, don't try to develop
careers or if they feel ill-treated at the idea on your own and don't sit
work. Therefore, organisations should on it for fear of it being stolen from
create environment where ideas you. Identify a right mechanism and
and assumptions can be challenged techniques to share the idea and get
without fear and where diversity of the recognition.
opinion is valued and appreciated over
commonality or compliance. In today's digital world, hoarding
knowledge ultimately erodes your
• Create habits or routines for sharing power. If you know something that
such as in meetings and informal is very important or new knowledge
gatherings such as 'Cafe Ilmu', Book discovery, the way to get power is
Chat, Roundtable Discussions, etc. actually by sharing it. As the old saying
goes, the knowledge shared with the
• Move from a reactive to proactive right intent can do wonders for any
sharing culture - change your person or organisation. ￭
mentality of knowledge sharing
from a need to know to a need to
share. Most of us would not care References:
less about leaving a legacy behind
the organisations when they leave.
1. Sheng Wang and Raymond A. Noe,
In fact, the concept of leaving a
"Knowledge sharing: a review and directions
legacy behind is more rewarding for future research", Human Resource
when the knowledge you shared is Management Review, Volume 20, pp. 115-
reused by others, even when you 131, 2010
are not there anymore.
2. h t t p : / / c o p b i b l i o g r a p h y. w i k i s p a c e s . c o m /
file/detail/Barrier+and+Benefits+to+Knowl
• Create opportunities for edge+Sharing.doc
serendipitous conversations
especially in a very informal ways 3. h t t p : / / w w w . e x a m i n e r . c o m / a r t i c l e /
such as coffee corners, brown hoarding-knowledge-job-security-for-
employees-or-bad-for-business
bags, 'Sembang Teh Tarik' or even
designed for virtual serendipity. 4. http://thepoint.gm/africa/gambia/article/
effective-knowledge-sharing-and-its-
benefits
Summary
5. h t t p : / / w w w . c i t e h r . c o m / 3 6 7 7 3 8 -
importance-knowledge-sharing-
organizations.html
Knowledge sharing is not about blindly
sharing every bit of knowledge you 6. http://www.elsua.net/2010/09/06/why-is-
have; or giving away your ideas; or knowledge-sharing-important-a-matter-of-
survival/

Securing Your Smartphone. Why It Is
24
Important?
There is a need to bridge the gap between a user’s choice of device and the
demanding management and security they require.
By | Kamarul Baharin Khalid
Advances in communication Instagram, etc., which you can now

technology have created an explosion access at your fingertips. These apps
on how we can reach and communicate give you easy access for updating,
with each other. Several years back, reading and surfing websites. Email
the only main function of a phone apps stores all your communications
were to call and to send short text with others whether they are private
messages. However, nowadays, we or not. Not forgetting any document
have smartphones that functions you store on the smartphone either
similar to mini computers with copied from your computer or
functions that enables us to run our extracted from your emails. Your daily
whole lives on it. These tools have life events are stored on these apps in
become a necessity and increasingly the smartphone.
useful. In fact, our digital life resides
on and can be accessed via these With these information, anyone who
devices that makes our smartphones have access to your smartphone,
a huge mine of data about us. No could have access to your daily private
doubt, this is potentially sensitive life information as well. One possible
and damaging. Therefore, securing threat that can harm you if your
our smartphones is not just necessary private life information is exposed is
but a necessary practise. identity theft. For example, if others
can access your Facebook app, they
can post on your Facebook wall or
Contact apps stores all your personal
your friend's wall as if you are the
and business contact numbers and
one who is posting it. This act may
addresses. SMS apps stores all your
well take place along with other apps
text messages. Calendar apps stores
like email, SMS, etc. Another possible
all your appointments, birthdays,
threat is Blackmailing. For example,
anniversaries and events. Reminder
if your photo apps are accessible to
apps stores your daily to do list such
others, they can use your private
as picking up the kids, taking pills,
photos for their own benefits.
etc. Note apps stores all your personal
notes like usernames, passwords, Therefore, it is advisable to switch
bank account numbers, etc. Camera/ on or enable the security features
Photo apps stores all your private, that are available in your smartphone
personal and family pictures and also just to prevent others from easily
locations where these pictures were accessing your private information.
taken. Social networking apps install Some security features are not built-
applications such as Facebook, Twitter, in the smartphone itself but can be

added by installing a 3rd party security can install it using a 3rd party anti-theft
25
app. security app. Most security software
for mobile comes with this feature.
One of the basic security feature that By default, this security system is off.
comes with most smartphones is You need to switch it on.
the lock screen pattern or passcode.
This security feature, if enable, will One more security feature that you
lock the smartphone with a pattern can enable on your smartphone is
or passcode when it is not in use. remote wipe. This is your last security
A few smartphones can even lock defence for your private data on the
certain apps from running using this smartphone. This feature can wipe or
security feature. When enabled, your erase your data remotely through SMS
smartphone will be protected with the or Web access. If your smartphone
pattern or passcode and a user need is stolen and cannot be traced,
to enter the right code correctly in activate this security feature so that
order to unlock or run the locked apps. all your private data will be erased
Without unlocking the smartphone or automatically as if your phone is
able to run apps, your private data will newly bought and you don't have to
be protected. worry about your private data being
access by others.
Another security feature that you can
enable on your smartphone is the By enabling these security features
tracking security system. This system does not mean that your data is
can track where your smartphone is 100 percent secure. However, these
currently located and with its alarm security features will at least delay the
sound, you can find where your process by making it harder for others
smartphone is located if it is misplaced. to access your private data inside your
But not all smartphones have this smartphone. A little security is better
feature built-in. If it is not built-in, you than none. ￭

Geotagging/Location Sharing-Warrantless
26
Surveillance
By | Mohd Rizal bin Abu Bakar
Introduction The trend of getting as many likes,

friends and followers on social media
accounts is a magnet in attracting
Have you ever felt like you are being unwanted attention. And with
watched online? unwanted attention, comes dangerous
consequences.
Without realising it, every user on
the Internet, specifically on social Many will think that without
networking sites, are being watched. In geotagging/location sharing features,
real time. social networking will not be able
to function as it should; which is to
How long has it been since you sieved share everything with your friends and
through your friends/followers list and followers.
thought, “Do I know this guy?”
So what is it about geotagging? And
Yes, those who carefully approve friend why is it dangerous?
requests or followers have a lesser
chance of getting an unknown profile Geotagging/Location Sharing
on Facebook or Twitter looking at your
every post, shares, likes and check-ins.
But those who are in the dark need to Location sharing is a feature developed
re-evaluate these ‘friends/followers’ to complement social networking sites.
and take a good look at your social This feature allows users to share
media account settings. Privacy in their GPS based locations from their
social networking, it seems, is not its smartphones and tablets via their
best virtue. favourite social networking apps, such
as Facebook and Twitter.
In recent years, there have been multiple
cases of cyber stalking. Although we In other words, it complements
rarely hear or see these in the news, Facebook posts or Twitter tweets by
it does not mean stalking individuals providing friends and followers with a
online is not a serious crime. ‘shout out’ stating-I am here/I posted
this photo from here.
With more features developed for the
Internet’s latest craze, social networking Because the main feature of the
sites such as Facebook, Twitter and technology is to complement social
Instagram, many users have forgotten networking, developers of these apps
one of the dark side of socialising always have the feature turned on by
online-location sharing. default. Which is not always a good
thing.

Stalking Carrie Bugbee think much of it and laughed it off, but 27
it was replied with a snarl and insults. In
shock, Bugbee hung up the telephone.
Careless usage in using the technology
can be highly dangerous, which was Apparently, the stalker had used a
proved in the case of Carrie Bugbee website called PleaseRobMe.com (now
(Seville, 2010), a social media- defunct) a website which was created to
marketing strategist from BigDeal PR, a do the opposite of what had happened
public relations company based in the to Carrie Bugbee-to warn Internet users
United States. of the dangers of geotagging/location
sharing apps.
As a social media expert in marketing
services and products online, Bugbee PleaseRobMe.com does this in the most
is a regular user of geotagging. She peculiar way-the website publicised
has multiple social media accounts the location data from users of social
and many friends and followers-7,164 networking sites. In Bugbee’s case, the
Twitter followers, 1,197 Facebook website had served its purpose; albeit
friends and more than 500 connections the incident.
on LinkedIn to be exact and regularly
shares her posts, tweets, and photos Because geotagging in smartphones
online. and tablets is greatly assisted by the
fact that these devices are mobile and
Naturally, as a social media strategist, most have data connections available
Carrie Bugbee jumped on the bandwagon all the time, unwary social media users
of geotagging as a user. What happened are able to use their favourite apps to
next completely floored her view of update their statuses anywhere and at
professionalism in terms of social anytime.
media marketing and as an individual/a
common Internet user. Consider this geotagging statistics
conducted by Pew Research Center for
In February of 2010, Bugbee ‘checked- 2011-2013 (ZICKUHR):
in’ (a geotagging term) using Foursquare
on her phone to a local restaurant where • 74 percent of adult smartphone
she was having lunch with a friend. users get directions or other
Now, here comes the scary part. information based on their current
location.
A waitress came over and told Bugbee she
had a call on the restaurant telephone. • 12 percent of smartphone users
Thinking it was an emergency, she use geosocial services such as
answered the call and an unknown male Foursquare to check-in to certain
voice was on the other line told her that locations and share that information.
she should not use Foursquare, as the
app could reveal to the public where • 30 percent of adult social media
she lived. users use at least one of their
accounts setup to include their
Thinking it was a prank, Bugbee did not location in posts.

28
The survey also found that the number Conclusion
of “check-in” services have declined
from 18 percent to 12 percent since Ever since the stalking incident, Carrie
2012 but is still widely used. Foursquare Bugbee stopped using Foursquare, hired
“check-in” services have declined a babysitter and probably sleeps with
compared to Facebook “Places”. her lights on.
There has not been a proper survey on The website PleaseRobMe.com was shut
why the use of Foursquare geosocial down months after the stalking of Carrie
service declined. However, this is Bugbee. A few more similar incidents
most probably due to the fact that suggested that the website was more
Facebook has more features compared informative to stalkers and criminals
to Foursquare and triple the amount instead of the average users.
of users. Another possible reason is
that Facebook has more concentration Besides PleaseRobMe.com, another
on general content compared to the site called ICanStalkU.com was created
singular focus of user location of in May of the same year. The web
Foursquare. searches automatically for geotagged
photos attached on Twitter tweets and
generates a location message which is
Geotagging-Look on the bright then published for public viewing.
side
The technology of geotagging is and will
be the next big thing for social media
Despite the fact that the technology can web applications. As social media giants
be misused, geotagging can be a useful such as Facebook, Twitter and Google+
feature/tool for Law Enforcement. include the feature, many more will follow
suit and as a result, will leave digital
While the stalkers and would be criminals footprints of every user all over the web,
are going through social media accounts which can be both good and bad.
of potential victims (they themselves as
a user), law enforcement agencies are In conclusion, geotagging is a love or
also using location based information to hate technology. Indulging in social
track them down. networking does not mean you have
to share everything with everyone.
Douglas Salane, a Director at the Center If you decide to use it, use it wisely.
for Cyber Crime Studies (also former FBI Just a friendly reminder, if you get an
and Manhattan District Attorney) stated anonymous call telling you to stop telling
“one of the most useful devices for law people where you are and what you are
enforcement is a cell phone.” (Seville, doing, that person is probably doing you
2010). a big favour.
However, the debate of the technology If that happens, you should probably
could be used to snoop on the privacy ‘check-out’ of social media, hire a
of Internet users and help curb criminal babysitter and sleep with your lights
activities online is still in a gray area. on. ￭

Illicit Activities Gaining Ground In Web 2.0
29
The unregulated virtual world has arrived accompanied by contradictory powers and
promises throwing out of balance our laws, public polices, economics and morality.
By | Zahri Yunos, Nurul Husna
A few years back, it would be hard to evil, encourages or incites crime, or leads
imagine the impact the Internet has to public disorder. Menacing content
had on our modern lives. Nowadays, here also includes hate propaganda,
advanced development in Information which advocates or promotes genocide
and Communication Technology (ICT) or hatred against an identifiable group
has opened up many opportunities or dissemination of information which
for businesses, economics, inspired may be a threat to national security or
creativity, increased the quality of life public health and safety. An example
and improved relationships. However, of menacing content would be bomb-
at the same time, it has also created making instructions and information
opportunities for those with devious and statements with regards to possible
ambitions to cause havoc and harm. terrorist attacks.
Cyberspace can be a powerful tool for
perpetrators such as extremists and Illicit Activities in Web 2.0
terrorist groups to promote extremist
ideology and propaganda materials. There have been numerous studies by
researchers in Europe, the Middle East
Extremists and terrorist groups use the and North America analysing these illicit
Internet medium for illicit activities such activities.
as spreading of terrorism propaganda,
fund raising, recruitment and • Based on a study conducted at the
mobilization, as well as planning and Australian Federal Police [1], terrorists
coordination. There have been numerous used the Internet to spread propaganda
studies by researchers in analysing and promote extreme ideology.
the illicit activities and terrorism in Analysis was done on the Al-Qaeda
cyberspace. related websites such as Yahoo Groups,
bulletin boards and forums. These
groups normally manipulate cyber
What Is Illicit Activities?
media to release their manifestos and
propaganda statements, inter-group
Section 211 of the Communications and
communication and inter-networked
Multimedia Act prohibits content that
grouping.
is indecent, obscene, false, menacing
or offensive in character with the
• With the introduction of YouTube and
intent to annoy, abuse, threaten or
similar video-sharing sites, websites
harass any person. Part 2, Section 5.0
videos began playing an increasing role
of the Malaysian Communications And
in distributing extremist and terrorist
Multimedia Content Code interprets
content. Conway [2] concluded that
“menacing content” as content that
YouTube and similar video-sharing sites
causes annoyance, threatens harm or
became an immediate repository for

extremist video content and facilitates for strategy and policy development
30 interaction between the administrators to counter online radicalisation at the
and viewers of the sites, thus opening national and regional levels.
radicalisation via the Internet.
• Chau and Xu [6] conducted their research
• Salem [3] conducted a study of extremist in the area of hate groups in blogs. They
groups’ video on the Internet by using also found out that hatred and hate
content analysis and a multimedia groups are a type of social movement
coding tool. They concluded that the which should not be ignored in today’s
web-hosted audio and video clips environment. By disseminating hatred
provided information platform and messages through web 2.0 media, the
communication medium to convey content can easily target anyone who
messages to members, sympathisers has access to the Internet, including
and even be able to recruit new generation X. Youths are often easily
members via the Internet. influenced by these messages,
eventually succumbing to the idea, and
• Chen and his researchers group [4] pose a threat to our society.
conducted several experiments on
cyber terrorism activities in major
websites and blogs such as YouTube
and Second Life. They also studied
popular hosting service providers
such as blogspot.com and wordpress.
com. Their findings indicated that the
virtual world was abused to promote
cyber terrorism activities. Several
of the videos published in YouTube
were related to explosives, attacks,
bombings and hostage taking. They
also observed that the Web 2.0 media
are used to promote ideas, share
resources and communicate among
each other.
• A joint study by a group of researchers Local Case Studies

by the Singapore’s S. Rajaratnam
School of International Studies and the
• Berita Harian, 9 January 2014 reported
Australian Strategic Policy Institute [5]
that the Royal Malaysian Police (RMP)
found that the Internet has contributed
have detected a change in international
to radicalisation and will probably
terrorist’s tactic in recruiting new
grow in regional significance. They
members. They are now utilising social
also concluded that these websites and
media such as Facebook to get new
other social networking sites such as
members to join them. Previously,
blogs and forums are evolving rapidly.
terrorist group such as Al-Qaeda would
They further clarified that their research
take years to recruit new members,
work provided a better understanding
communicate, strategies operation
on how terrorist organisations used
and launch attack but now it takes
the Internet and provides pathway

only few days or hours by using social to his postings, which posed a threat
media. According to the report, the to public safety and national security. 31
RMP will continuously monitoring and According to the report, the man would
an investigation paper, in accordance be investigated under Section 124C
with The Security Offences (Special Penal Code which if found guilty can be
Measures) Act 2012 (SOSMA), can be imprisoned for up to 15 years. The man
initiated to charge those members can also be charged under The Security
involved in activities that can become Offences (Special Measures) Act 2012
a threat to national security. (SOSMA).
Conclusion
It would be interesting to find out whether

the people who use the Internet for
illicit activities started off merely out of
curiousity and later empathised with the
plight of the extremists to the point of
subscribing to the idea of invoking actual
aggression. If more research can be done
on this, it would help policy makers and
stakeholders develop strategies to counter
• Berita Harian, 5 January 2014 reported such threats. ￭
that a 27 years old teacher has been
arrested in Kelantan for selling “fake
guns” via a social media website. It is
Reference:
interesting to note that the person used 1. L. Farrel, “Terrorism and the Internet. Speaker
social media websites to promote his during Terrorism and the Internet Workshop,
illicit activities. Based on the report, Jakarta Centre for Law Enforcement
Cooperation (JCLEC - www.jclec.com).” 2007.
the person sells the "fake guns" online 2. M. Conway, “Media, Fear and the Hyperreal:
for his customer nationwide. Suspect is The Construction of Cyberterrorism as the
investigated under Section 36(1) Arms Ultimate Threat to Critical Infrastructures,”
Centre for International Studies Dublin City
Act 1960 that could lead to 12 months
University, pp. 1–38, 2008.
in prison or a RM5000 fine, or both if 3. A. Salem, E. Reid, and H. Chen, “Content
found guilty. Analysis of Jihadi Extremist Groups ’ Videos,”
Lect. Notes Comput. Sci. Vol 3975 @ Springer-
Verlag, pp. 615 – 620, 2006.
• Berita Harian and The Star, 27 4. H. Chen, S. Thoms, and T. J. Fu, “Cyber
December 2013 reported that a 25 Extremism in Web 2.0: An Exploratory Study
year old man has been detained over of International Jihadist Groups,” IEEE Int.
Conf. Intell. Secur. Informatics, pp. 98–103,
seditious postings on social media 2008.
websites allegedly inciting people to 5. A. Bergin, S. Osman, C. Ungerer, and N.
join the “Himpunan Guling Kerajaan” A. Mohamed Yasin, “Countering Internet
Radicalisation in Southeast Asia.” An RSIS–
(Rally to Topple the Government) on
ASPI Joint Report by S. Rajaratnam School of
New Year’s Eve. He posted online and International Studies and Australian Strategic
urged people to bring along necessary Policy Institute, 2009.
6. M. Chau and J. Xu, “Mining Communities And
weapons including bombs. The man
Their Relationships In Blogs: A Study Of Online
did not realise that by disseminating Hate Groups,” Int. J. Hum. Comput. Stud., vol.
the message online, many can access 65, no. 1, pp. 57–70, Jan. 2007.

Information sharing through social networking
32
sites: Just how much is too much?
By | Syahrir Mat Ali
Introduction previous apartment addresses – all of

which any thinking kidnapper will need to
understand their victims and plan out the
A few years back, the Russian’s CID best possible course of action or rather,
and FSB agents successfully rescued abduction. Young Kaspersky’s behaviour
the kidnapped son of world’s renowned of divulging all those information on his
computer and Internet security mogul, profile page is really, nothing out of the
Eugene Kaspersky – the founder of ordinary.
Kaspersky Lab. His son, a fourth-year
student in Moscow, was kidnapped while That is actually how most people view
walking back home from his internship at their social networking sites – a place
a nearby software company. As relieving when they can share information with
as it must have been for all in hearing the people they know. Many will be
the news of a botched kidnapping, one asking, what is so wrong with that?
crucial bit of detail as per stated in a Well, it is wrong when you start posting
report by the Russian news service, RIA confidential information of yourself and
Novosti, will definitely open most eyes your family for all to read. But then people
to the risks that we have been putting will be asking, how are they to know what
ourselves into. they posted can be detrimental to their
security?
It so happened that the abductors had
been stalking his routes for several Now that is what this is all about. In the
months prior to the kidnapping and it end, it boils down to the misperception
paid off as they later discovered, among people been having with regards to social
other things, that he did not have any networking sites.
security detail tailing him wherever
he goes. It was later found that the We should really be asking ourselves,
kidnappers got all the information why is it okay for us or anybody to be
they needed for their stakeout from exposing too much information over
junior himself! Apparently, he had social networking sites? Are all those in
been posting detail information about our circle of social networking friends
himself on Vkontakte.ru, a Russian really our best of friends? Can and should
social networking site they know everything that you have been
doing? Ironically, we wouldn’t even be
Too much info? sharing information of where we went for
our holiday to all of our colleagues at the
A news report said that junior’s Vkontakte’s office, yet we seem to have no problem in
profile gave away vital information announcing them through Facebook and
such as his real name, photos, school, uploaded tons of pictures as proof for all
his girlfriend, internship and even his to see and download. What gives?

Are they any different? and private information in form of
33
workplace, names, age and number of
children, addresses, telephone numbers
Back when there was no Internet and and photos in social networking profiles.
folks still wrote mails and talked using Even more surprising is how easy it is for
public phones, people were already some people to accept new “friendships”
scamming other people through the over the Internet. Just ask any of the
various incarnation of pyramid schemes, hundreds of millions ofInternet users
lottery number predictions, scratch and who have been spending many hours a
win and many other types of scams. day on Facebook and Twitter.
How is it any different, today? People
still scam other people. Only this time, Today, there are even those who
they use the Internet. It is faster and plan out their daily activities and
able to net more prey. conveniently announce them all in
successive order through their favourite
Also, during the pre-Facebook era, social networking sites. Indeed, those
parents were known to tell their updates will keep you close to family
children that should anybody call and and friends by letting them know what
ask for them while they’re away, they you have been up to these days, but
should say that mom and dad should be you may have also been disseminating
home anytime soon – when in fact they too much information to other prying
were outstation or working elsewhere eyes who may have other plans up their
for days. That was the measure of how sleeves.
careful people were back then out of
fear that robbers or kidnappers might And, as if telling hundreds of people
be looking for some form of intelligence in Facebook what exactly you have
over the phone. Whatever happened to been doing or where you are going is
that kind of awareness? not enough, which may as well serve
as a clear nod to criminals that you’re
If anything, the Internet has made not at home (go figure how useful will
information gathering so much easier that be for them), now we even have
for kidnappers. They would just have to Foursquare (https://foursquare.com)
surf the most popular social networking where you can officially declare where
sites and look up any name to scout, you are, physically!
identify and understand their potential
victims. In fact, perhaps it is more Some may argue that only those in
practical to get the vital information their circle of social network friends
of anyone from social networking sites will be able to see and read their status
since those information are more likely updates. Really? How sure you are that
to be most recent – especially if the all those “friends” in your lists are
would-be victims have been virtually who they say they are? Do you really
living in there all day and night. know all of them? Are all of your social
networking friends vis-à-vis to the ones
This may be surprising to those who in your real life? Try to think back to the
are new to social networking sites, but day you add them to your list of social
it is not unusual to find very intimate networking friends.

34
These are some of the questions that Conclusion
users of social networking sites should
be asking themselves. Nothing should This is why we say that the public must
have changed when it comes to being be made aware that the Internet is just
careful with information about yourself. another medium to communicate and
the various social networking sites out
there are merely the tools that facilitate
Safety measures that communication. Having said that,
they must also be reminded that there
Technology such as social networking has been not much of a change when it
sites are there to connect people and comes to crime and criminals. They will
there is nothing wrong with that. always be there wherever you are and in
However, the minute people forget anything you do. Some of these crimes
that these tools also possess the same are pre-meditated and some are crimes
information risks as any other form of of opportunity. Just make sure we do
communication; they can also be the not become the victim of both and so
most threatening. lets start taking information sharing
over the Internet more seriously. ￭
Just keep all those personal and sensitive
information to yourselves. Remember References:
to treat exposing them to social
networking sites as you would in real 1. Dangers of the Social Web. Internet Safety 101.
Retrieved from http://www.internetsafety101.
life to real people. You don’t need to tell
org/snsdangers.htm
everybody what you’re doing and where
you’re going. That kind of awareness 2. Internet Social Networking Risks. Federal Bureau
should be consistently adhered to, even of Investigation. Retrieved from http://www.fbi.
gov/about-us/investigate/counterintelligence/
while socialising over the Internet. internet-social-networking-risks
Social networking site such as Facebook 3. O'Donnell, A. (n.d.). The Dangers of Facebook
Oversharing: Can too much sharing
and other similar services, provides get you in trouble? About.com. Retrieved
various security features that users can from http://netsecurity.about.com/od/
customise to control their information securityadvisorie1/a/The-Dangers-Of-
Facebook-Oversharing.htm
exposure. These settings are essentially
tools, which users can use to decide 4. Online Social Networking Dangers and Benefits.
what type or amount of information University of the Pacific. Retrieved from http://
w w w. p a c i f i c . e d u / C a m p u s - L i f e / S a f e t y - a n d -
can be exposed to a particular group
Conduct/Online-Social-Networking-Dangers-
of people or “friends” in their social and-Benefits-.html
networking circle.
5. RIA Novosti. (2011, April 21). Police free son
of Russian software tycoon Kaspersky. RIA
Users should pay extra attention to these Novosti. Retrieved from http://en.ria.ru/
security features and employ them in russia/20110424/163679186.html
the best possible way so that only their
select information is exposed to the 6. Stewart, S. (2011, April 28). The Kaspersky
Kidnapping - Lessons Learned. Stratfor: Global
right people. Information is power – so Intelligence. Retrieved from http://www.stratfor.
be sure it does not fall into the wrong com/weekly/20110427-kaspersky-kidnapping-
hands. lessons-learned#axzz374kiho9R

Human Resources Security
35
(In-compliance with ISO27001-Information Security Management System)
By | Hamidun Bin Katemin
Introduction should be published and communicated to

all employees and relevant external parties.
Employees are one of the most valuable
resources for an organisation. No organisation The human resources security policy shall
can operate effectively without qualified, be reviewed regularly and if significant
capable and competent employees. However, changes are initiated, there is a duty to
conversely, human resources can also pose ensure its continuing suitability, adequacy,
or create some of the most serious risks to an and effectiveness.
organisation. This is because organisations
provides their employees with varying levels “Insider Threats Are Bad and Getting
of rights of access to their sensitive and/or
Worse: While the security community
has focused its attention on advanced
critical information to carry out their day-to-
malware over the past few years,
day tasks. insider threats (i.e., threats posed by
employees, third parties, or malicious
According to Ponemon Institute’s (2012) The software that uses legitimate access
Human Factor in Data Protection, at least 78 rights to networks, applications, and
percent of respondents indicated that their sensitive data as an attack vector)
company had experienced a data security
continue to present a number of
challenges for many organisations.
breach as a result of human negligence or
In fact, Enterprise Strategic Group
maliciousness. research indicates that more than
half (54 percent) of IT and security
The findings showed that employees are among professionals believe that insider
the utmost threat to an organisation. There threats are more difficult to detect/
are a number of risks or ways employees can prevent today than they were in 2011”
- The 2013 Vormetric Insider Threat
damage or threaten an organisation’s system
Report by Enterprise Strategic Group
and reputation, including either planned and
unplanned acts, human errors or mistakes.
So, what should we be doing about human Human Resource Policy Stages
threats in order to better-protect an organisation
The three stages of human resources security
from security breaches or incidents?
are:
Human Resource Security
The objective of human resources security is

to provide management direction and support
for information security in accordance with
business requirements and relevant laws and
Stage 1: Prior Employment
regulations.
Objective: To ensure that employees

An organisation should develop a human
understand their responsibilities, and are
resources security policy. The said policy

suitable for the roles they are considered employees shall agree and sign the terms
36 for, and to reduce the risk of theft, fraud or and conditions of their employment contract,
misuse of facilities. which shall state both parties’ responsibilities
for information security.
Controls:
The terms and conditions of employment
i. Roles and responsibilities
specify the particulars of the employment
relationship between an employer and an
Security roles and responsibilities of
employee.
employee shall be defined and documented
in accordance with an organisation’s
The following basic information should be
information security policy during the pre-
stated:
employment process.
ii. Screening • The names of the employer and the

employee.
Background verification checks on all • The salary, pay grade and/ or title for the
candidates for employment shall be carried job.
out in accordance with relevant laws, • A description of the functions of the job.
regulations and ethics, and proportional to • An indication of where the employee is to
the business requirements, the classification work.
of the information to be accessed, and the • An indication of arrangements relating to
perceived risks. working hours.
• Important requirements in relation to
Pre-employment background screening such responsibilities for information security.
as confirmation on academic qualifications, • Non-disclosure agreement.
previous employments, or criminal records
can minimise risk of employee theft, Stage 2: During Employment
misappropriation, criminal activity or violence
in the work place. Without prior screening, Objective: To ensure that all employees are
employers can be at risk of security breaches, aware of information security threats and
regulatory violations and so on. concerns, their responsibilities and liabilities,
and are equipped to support organisational
Pre-employment screening and background security policy in the course of their normal
checks are vital to maintain workforce work, and to reduce the risk of human errors.
integrity and safety.
Controls:
Background checks are considered the best
solution in avoiding hiring the WRONG i. Management responsibilities
person! It can also minimise negligent hiring
lawsuits. Once the “wrong” employee has Management shall require all employees to
been hired, the cost and pain of terminating apply security in accordance with established
that employee would be extremely policies and procedures of the organisation
considerable. such as Access Control Policy, ICT Security
Policy, Information Handling and Labelling
iii. Terms and conditions of Policy, and Password Policy.
employment
Management should ensure that all employees
As part of their contractual obligation, are properly briefed on their information

security roles and responsibilities prior to • Take leadership/responsibility to generate
being granted access to sensitive information new ways or approaches in the course of 37
or system. This could be done either by his/her work.
awareness programmes or training sessions.
v. Training and Awareness
ii. Job Description
All employees of the organisation shall
Employee should have a written job receive appropriate awareness training and
description. A job description serves several regular updates in organisational policies
purposes such as: and procedures, as relevant to their job
functions. This may include induction and
• Provides essential information for awareness sessions to newly appointed
assigning the appropriate pay grade, employees, and ongoing security
and/ or title for the job. requirement training.
• Identifies the essential functions of the
job based on job specific competencies. A consistent training programme
• Provides the incumbent an understanding throughout the entire process ensures
of the primary accountabilities, duties and employees are fully aware of their roles
responsibilities they are expected to fulfil. and responsibilities and understand the
• Provides the incumbent on the importance criticality of their actions in protecting and
of complying with the information security securing both information and facilities.
objectives and adhering to all relevant
policies, procedures and guidelines. vi. Disciplinary Process
iii. Non-Disclosure & Confidentiality There should be a formal disciplinary

process for an employee who commit
A non-disclosure & confidentiality agreement security breach. This may include
is a mechanism to protect sensitive technical requirements for appropriate investigatory
or commercial information such as company disciplinary processes such as verbal and
data, know-how, prototypes, engineering written counselling; show cause, domestic
drawings, computer software, test results, inquiry proceedings and termination
tools, systems and specifications from procedures.
disclosure to others.
The establishment of disciplinary process
iv. Code of Conduct must ensure correct and fair treatment
for employees who are suspected of
The Code of Conduct defines the behaviour committing breaches of security.
expected of employees. They are expected to
adhere to a specified set of Code of Conduct: Stage 3: After, Termination or Change
of Employment
• Strive towards a high standard of
professionalism. Objective: To ensure that employees exit
• Give undivided loyalty and devotion to an organization or change employment in
the organisation at all times and on all an orderly manner.
occasions.
• Demonstrate strong esprit de corps. Procedures should be in place to ensure
• Display a high sense of co-operation a employee exit from the organization or
and productivity in carrying out his/her change of responsibilities and employments
duties. within an organization is managed. Human

Resource Department should ensure that identifies them as a current member of
38 the employee returns of all equipment in the organisation.
their possession and removes of all access
rights granted to the employee. ii. Job Handover
It is important for organisation to have a

Controls:
job handover guideline in place to help
i. Employee Exit Checklist with a smooth job transition period.
The Human Resources function is generally The Job Handover Form should cover the
responsible for the overall termination list of all the important information for
process and works together with the the incoming employee or successor will
supervising manager of the employee need to know such as ongoing projects or
leaving the organisation, employee going tasks, their current status, and expected
on long leave (with or without pay) for completion dates.
a significant period of time or retires, to
manage the security aspects and help Conclusion
manage some of the risks.
A human resources security policy is needed
The Employee Exit Checklist is designed to inform employees of the need and their
to ease the task of terminating or change responsibility to protect the organisations’
of responsibilities and should have the technology and critical information.
following actions:
To ensure the success of the said policy, it
• Termination Responsibilities - should start with the management. Without
termination processes that ensure their commitment and support, the human
removal of access to all information resources security policy, might not take-off at
resources. all. ￭
• Return Of Assets - employees should References

return all of the organisation’s assets
in their possession upon termination Department of Standards Malaysia (2005).
Information Technology-Security Techniques – Code
of their employment. These include
of Practice for Information Security Management
the return of all issued hardware (First Revision)(ISO/IEC 17799:2005,IDT).
and software, corporate documents,
and other equipment such as mobile The Human Factor in Data Protection. (January
2012). Ponemon Institute Research Report.
computing devices, access cards, Available: http://www.ponemon.org/library/the-
manuals, and information stored on human-factor-in-data-protection?s=The+Human+
electronic media. Factor+in+Data+Protection
Jon, Oltsik. (October 2013). The 2013 Vormetric

• Removal Of Access Rights - the access Insider Threat Report. The Enterprise Strategy
rights of all employees to information Group, Inc. Available: http://www.vormetric.
com/sites/default/files/vormetric-insider-threat-
and information processing facilities
report-oct-2013.pdf.
should be removed upon termination
of their employment. These include Charu, Pelnekar. Planning for and Implementing
ISO 27001. ISACA Journal Volume 4, 2011.
physical and logical access, keys,
Available: http://www.isaca.org/journal/past-
identification cards, subscriptions, and issues/2011/volume-4/documents/jpdf11v4-
removal from any documentation that planning-for-and.pdf.

The Personal Data Protection Act 2010:
Challenges to Comply 39
By | Nur Hannah M.Vilasmalar
The terrain of cyberspace creates unique legal dilemmas. Businesses that

fail to adequately protect individuals’ personal data risk losing their
trust. This trust, particularly in the online environment, is essential to
encourage people to use new products and services.
The Malaysian Government in May security, retention, data integrity and

2010 has enacted a legislation called access principle.
as the Personal Data Protection
Act (PDPA 2010) (the “Act”) and Similar legislation has been enacted
received its Royal Assent on 2 June in other countries such as Singapore,
2010. The Act effectively come into Hong Kong, New Zealand, Canada and
force on 15 November 2013 with several European nations. However,
the objective to protect personal in Malaysia the Act does not apply
data of individuals with respect to for application to the federal and
commercial transactions. Personal state governments. Meanwhile, credit
data is regarded as any information reporting companies are subjected
related to an individual’s identity, to the Credit Reporting Agencies Act
characteristics, behaviour of the 2010 and personal data processed
individual that is identified and outside Malaysia is not subjected to
identifiable from the information. the Act.
It also includes any expression of
opinion about an individual.
Challenges faced by an
Under the Act, “commercial organisation
transactions” means any transaction
of a commercial nature, whether
contractual or otherwise which Being a new piece of legislation,
includes any matters relating to coupled with criminal offenses for
the supply or exchange of goods non-compliance of the Act, any
or services, agency, investment, breach of the Act by an organisation
financing, banking and insurance. In may give rise to the allegations that
a literal meaning, all individuals or the management and officers are in
organisations that process or having breach of their legal duties. Therefore,
control over the processing of the it is very important for the whole
personal data in their business must organisation to be fully aware of the
comply with the Act. Basically, the consequences of non-compliance with
seven principles outlined in the Act this new Act.
must be observed in order to ensure
the compliance. These principles are Besides having knowledge about the
general, notice and choice, disclosure, Act, an organisation is also required

40 to review the existing processes in How to overcome these
protecting collected data and also challenges?
the manner or ways personal data
are being safeguarded. Moreover, the Since it is a new piece of legislation,
introduction of the Act has in a way in order for an organisation to be
increased the level of awareness for equipped with the requirements and to
both consumers and business owners have a better understanding of the Act,
about their rights provided for in the training is the best solution. Therefore,
Act. Consumers are becoming more a series of training is to be conducted
concerned about their data and the on various aspects in different stages.
need for it to be protected. Therefore, More importantly, these training
if an organisation fails to protect their sessions are needed to ensure that
customers’ personal data, they may the members of the organisation (from
alter their purchasing behaviour if top to bottom) are fully informed of
they no longer trust an organisation in what they can and cannot do with the
managing their personal information. personal data of employees, customers
Subsequently, this will affect an and third parties.
organisation’s business affairs in
many ways. In addition, management Alternatively, an organisation can
commitments are also crucial in also appoint personal data protection
materialising the acceptance of the Act consultants to assist the organisation
by each member in the organisation. to assess the organisational systems,
processes, contracts, data management
Furthermore, having good corporate and controls for compliance to the Act.
governance practices in an organisation This process may be costly and again
will enable an organisation to respond the cost should be viewed against the
to the needs and requirements of the benefits of having the Act. Therefore,
Act. At the same time, these can also it is worth to invest in such an
minimise the risk of the management engagement. Nevertheless, for those
and officers breaching their legal that already have in place adequate
duties. For example, if a corporate body data protection measures, additional
commits an offence under the Act, its costs may not be a factor.
directors, chief executive officer, chief
operating officer, top management In conclusion, compliance with the
team or company secretary may be Act is compulsory for an organisation
charged severally or jointly in the processing personal data for
same proceeding. On the other hand, commercial purposes which involves
if the corporate body is found to have monetary transactions. This means
committed the offence the above that an organisation that collects and
personnel shall also be deemed to processes an individual’s personal
have committed the offence unless data, the seven principles mentioned
they can avail themselves to several of above must be strictly followed to
the defences available under the Act. avoid breaching the Act. ￭

Getting to Know Honeypot
By | Wira Zanoramy 41
Introduction is no perfect security. Due to this, a

deception-based approach called as
In the information age, getting ‘honeypot’ is needed in order for the
connected to the Internet is a necessity. IT security administrators to detect
Various devices - smartphones, tablets, malicious activities and at the same time
notebooks and desktops are connected to better understand the taxonomy of
to the Internet. Part of the causes in cyber-attacks [5, 6].
this phenomenon is the migration of the
real-world activities like banking, retail,
government and education onto the What is a Honeypot?
Internet.
Honeypot is defined as an information
With businesses and government sites system resource that is deployed
running on the Internet, the cyber inside the network and purposely
environment has become a new medium configured to be scanned, attacked and
for cybercriminals. There are thousands compromised [7]. The term ‘honeypot’
of them connected to the Internet, is usually being used for representing
breaking into production systems and ‘a container filled with honey’, which is
exploiting their vulnerabilities for fun, often playing off the image of tempting
fame and profit. Furthermore, some of sweetness that is being used as an
them are sharing their tools and tactics attractive trap for bears. But in the case
with each other on the Internet [1, 2]. of network security, this term is used
to represent a security technology that
System administrators should always is based on deception. A honeypot is
ask themselves these questions: What is defined as a security resource whose
the worst thing that could happen if an value lies in being probed, attacked
unauthorised person gained full access or compromised [6, 8]. When we look
to their computer systems and network back into history, the idea behind the
environment without any detection? honeypot is based on the works of Sun
Could this event compromise the whole Tzu and Clifford Stoll [9].
organisation, its customers and the
country? How much productivity will the Honeypot plays an important role
organisation lose if all of its databases as it provides in-depth information
were completely compromised or erased? about the techniques employed by
The most important question should attackers when they are compromising
be – how big is the impact towards the production systems and networks.
company’s image and stakeholders? [3, 4]. This information is essential in giving
us a deeper understanding about the
Even though a lot of efforts have been motives of these attackers, their skills
made to secure IT resources from cyber- and tools being used to intrude and
attacks, loopholes still exist as there compromise networks. By identifying

the capabilities and tactics of these (UML). By utilising either of these tools,
42
attackers, network administrators could a honeypot VM can be created with any
also discover vulnerabilities of their type of operating system. This software
networks. By learning from the tactics is installed on a computing platform and
used, necessary improvements can be a user can create one or multiple VM(s)
done to increase the security posture of running on the same platform. As for
the network in order to prevent similar UML, the only drawback is that it can
attacks taking place in the future [9, 10]. only simulate Linux systems (Provos &
Holz, 2008).
Honeypots are resources that are
meant to have no authorised activity Honeypot can also be built in the form
and production value on it. By default, of emulated virtual hosts. By using a
honeypots should not be receiving any tool called Honeyd, we can emulate up
interactions. The reason is to make a to thousands of virtual hosts running
clear assumption that: any interactions different types of operating systems on
captured by honeypots are considered top of a single machine. Each of these
as malicious. Any detected activities on virtual hosts is configured with a certain
honeypots are assumed to be a probe, behaviour and personality, in which it
scan, or attack. The value of honeypots defines how the virtual host will respond
comes from their ability to capture such to the interactions of an attackers’.
activities. For example, a virtual host can be
programmed to contain a Perl script that
Usually, honeypots are covertly is emulating a DNS or FTP service.
deployed inside the network like any
other production hosts, but with an Types of Honeypot
administrator’s consent, they are fake
hosts that are disguised as production Honeypot is classified based on its level of
hosts. This is to attract attackers into interactions. The word ‘interaction’ here
exploiting the honeypots instead of means - the degree of communications
production hosts. Honeypots can be that are being allowed for the attacker to
built in many forms, either in the form exploit the honeypot. At the same time,
of physical machines, virtual machines the ‘level of interaction’ also defines
(VM) or emulated virtual hosts. how deep the honeypot is allowed to
be exploited by an attacker. The more
Forms of Honeypot an attacker can do to the honeypot, the
more information can be collected by the
A physical honeypot is a real computing honeypot from the attacker. However,
platform that has its own valid IP address. here is where the honeypot will most
For example, a computer installed with likely suffer greater risk. There are two
Fedora Linux or Windows 7 with running types of honeypots: low-interaction and
network services, like FTP, Telnet or high-interaction honeypots [5, 9, 10].
SMTP [6].
Low-interaction honeypots has the lowest
A VM-based honeypot can be built by interaction capabilities with an attacker
using virtualisation software like VMWare and it is also the simplest honeypot
Workstation, Qemu-KVM, Virtualbox, to setup. This type of honeypot only
Parallels Desktop or User Mode Linux provides minimal services and usually

2. Benjamin, V. & Hsinchun Chen (2012).
is in the form of a virtual host with
"Securing cyberspace: Identifying key 43
emulated services. This virtual host actors in hacker communities," Intelligence
or honeypot, can easily emulate the IP and Security Informatics (ISI), 2012 IEEE
stack, OS and the applications of a real International Conference on , vol., no.,
pp.24-29, 11-14 June 2012.
systems. Furthermore, it is also easy to
set up right after being compromised 3. Zakaria WZA, Mat Kiah ML (2012) A
[5, 8, 9, 10]. review on artificial intelligence techniques
for developing intelligent honeypot. In:
Proceedings of 3rd International Conference
High-interaction honeypots are complex
on Next Generation Information Technology,
honeypot solutions because they require Seoul, Korea, p696 – 701.
the setting up of real operating systems
or a suite of real services to attackers in 4. Zakaria WZA, Mat Kiah ML (2014).
Implementing a CBR Recommender for
which nothing is emulated or restricted Dynamic Honeypot using jCOLIBRI. 3rd
[11]. These high-interaction capabilities International Conference on Computer
enables security practitioners to collect Science & Computational Mathematics
extensive amount of information from 2014, Langkawi, Malaysia.
an attacker's malicious activities. This 5. Zakaria WZA, Mat Kiah ML (2013). A

information can be used to study clearly Review Dynamic and Intelligent Honeypot.
the attacker’s behaviour, tools, motives ScienceAsia 39S, 1-5.
and even his/her identity. The ability
6. Zakaria WZA, Mat Kiah ML (2013). A Review
to gather huge amount of data is the for Developing an Adaptive Honeypot
main advantage of a high-interaction using Case-based Reasoning Approach. In:
honeypot. Setting up this type of Proceedings of International Conference
on Computer Science and Computational
honeypot is time-consuming and it is
Mathematics 2013, 9 – 10 February, Kuala
also hard to maintain [6, 8, 10]. Lumpur, Malaysia.
Conclusion 7. Kumar, S., Sehgal, R., Bhatia, J. S., "Hybrid

honeypot framework for malware collection
and analysis." Industrial and Information
This article discussed the concept Systems (ICIIS), 2012 7th IEEE International
of honeypot, the possible forms of Conference on , vol., no., pp.1,5, 6-9 Aug.
2012.
honeypot and the categories they
fall into. Though it cannot solve all 8. Mokube, I. and Adams, M. (2007). Honeypots:
network security issues, honeypots are concepts, approaches, and challenges. In
considered to be assistive technology Proceedings of the 45th annual southeast
regional conference (ACM-SE 45). ACM, New
and acts as a surveillance and forensic
York, NY, USA, 321-326.
tool, for network security professionals
and researchers to better understand 9. Spitzner, L (2003). Honeypot: Tracking
cyber threats. ￭ Hackers, Pearson Education, Boston.
10. Provos, N., & Holz, T. (2008). Virtual

Honeypots: From Botnet Tracking to
References Intrusion Detection. Boston: Addison-
Wesley.
1. Nero, PJ, Wardman, B, Copes, H & Warner,
11. Nicomette V, Kaaniche M, Alata E, Herrb M
G. (2011) Phishing: Crime That Pays eCrime
(2011). Set-up and deployment of a high-
Researchers Summit. eCrime Researchers
interaction honeypot: experiment and
Summit (eCrime), 2011 , vol., no., pp.1,10,
lessons learned. J Comput Virol 7, 143–57.
7-9 Nov.

Social Networking: Security and Privacy
44 By | Safairis Amat Noor, Adlil Ammal Mohd Kharul Apendi
Introduction Almost all social applications are

accessing users’ privacy data. Attackers
Social Networking is currently causing started inventing applications to deceive
serious repercussions in our daily lives. users for their own benefits. A user does
By definition, the term, social networking not realise that he/she is exposed to the
comes from social network which attackers while adding up their friends
means relationship that flows between without proper filters. In fact, some
people, groups, organisations, animals, of these friends’ requests may come
computers and other information/ from spambots. Spambots have been
knowledge processing entities. In general, programmed to send informal messages
a social networking site is a platform that containing malicious links. When a user
provides a virtual community for people clicks on a malicious link, a Trojan will be
with the same interest to share with each silently downloaded to his/her computer.
other or just to socialise together.[1]
• Hoaxes in welfare
As the importance and need towards Social As social network sites becomes the
Networking websites increases, the risks latest platforms for users to communicate
involved in protecting and securing our and interact with each other, it has been
personal data and communicating devices misused as intermediaries for collecting
and systems also increases. In this paper, charities for disaster victims such as
we will concentrate on various possible earthquakes and floods. There are many
risks; the impact of those risks; and fake pages and groups being created by
security mechanisms need to be followed scammers with the intention of taking
to protect ourselves and our devices in a advantage of these disasters. These
social networking environment. irresponsible scammers will send a link to
a user to make a donation for the victims,
but sadly all the money that has been
As there are a number of social networking
donated will be credited to the scammer’s
sites available on the internet, we will only
bank account.
focus on the most widely accessed social
networking websites which are Facebook
• Phishing attacks on user credential
and Twitter.
Phishing is a form of stealing data of
user accounts such as usernames and
Security and Privacy Issues passwords by presenting a fake login
on Social Networking page to a particular user. In this case,
after a user has login into the fake page,
Ignorant to security and privacy issues in it will lead the information to the attacker.
social networks may lead to security incidents. Once the attacker have access to the
Some of them are discussed below[3]: victim’s account, they are in full control
of the account. There are many effects
• Social applications provide easy access to of phishing which are identity theft,
attackers.

preventing users from accessing their own plug-in in order to watch the video. Once 45
accounts and excessive consumption of a user downloads the plug-in, he/she will
resources at the corporate level. There is be affected by the malware that is being
also a new threat of phishing which can transferred from other infected machines.
lead users into installing unused plug- The new infected machines will act as hosts
ins containing malware. This malware to store copies of the malware.
will spread to other machines that are
connected to the affected computer.
In addition, pharming is a new form of
phishing. This form will modify the domain
name resolution system that redirects
users to false web pages. Attackers will
wait for users to visit the target site rather
than produce them with links which make
it more effective. There are various ways to
evade these phishing attacks such as taking
extra precautions with all emails received,
verifying the resources of any application
before filling in any personal data, avoiding
opening suspicious links directly but using
a new window and making sure that the
visited page is a secure site.
Figure 1: Lifecycle of Koobface (a kind of Malware)[3]
• Malware
In the last five years, a huge number of
spam was widely dispersed through social Social Networking Website-
networking sites. In an easy but effective Facebook
way, attackers used phished social accounts
posting inappropriate post messages that
Facebook was developed by Mark
will link a user to the malware. All these
Zuckerburg and his friends in 2003.
types of messages were posted to a victim’s
Globally, Facebook is most widely used
friends’ profile or account. This technique
social networking website. Facebook
is being used to create confidence in a
is available with various languages [4].
user to click it rather than being posted
According to research, Facebook has been
by spambots. This threat is known as
ranked as the second widely accessed
“Koobface”. Koobface is one of the most
website after google. This shows how much
hugely spread malware that uses Facebook
people are addicted and dependent on this
as a platform to spread. Figure 1 shows the
social networking website. Most widely
lifecycle of Koobface. It shows that Koobface
used terms or indicates that it is the most
is invoked when a user’s account starts to
probable location where data is shared/
send the malicious link to their friends who
exchanged/accessed by various people. So,
directly open it without authenticating it
potential attackers will concentrate on this
first. Once the link is opened, it will lead
website to get personal data of the people
the victims to a similar page like Tube. The
and any other information required for
page will then request them to download a
them to attack. Facebook also has so many

46 applications and games where users can These settings allow us to set who can
access freely. These applications are also contact us and who can have access to
potential risk areas. our profile.
Even though Facebook has provided Privacy The choices that Facebook provide for
and Security settings through which we Privacy settings are:
can protect and secure our accounts and
information, most of us are not even
bothered about these. The Basic security
recommendation is to apply all possible
security settings to the applications and
block access to all areas and then provide
access to just the required areas of the
application. Similarly, Facebook also needs
to block access to all the possible areas
or applications within it and let the user Figure 2: Privacy Setting on Facebook
decide on what he/she wants to access.[5]

i. Public
Security and Privacy concerns This setting will allow all information for
that particular user account accessible
• User Profile: Normally we provide actual and can be viewed by everyone on the
or correct data in our Facebook profiles. Facebook network.
That is not actually required unless we
are sure that we will provide access to ii. Friends
our profile to reliable friends. For all Only friends of that particular user
others, access should be barred. account can have access.
• Friends /Groups added: Users need to
be very careful in adding friends or iii. Only me
joining groups. Only reliable friends / This is 100% accessible and viewed by
groups can be added or given access to the owner of the account only.
your profile.
• Shared Data: The Data we are sharing iv. Custom
represents our areas of interest and Can be customised by the account
which indirectly helps in assessing our owner.
personal lives. So we need to be careful
in sharing such data. We need to share v. By group
our data only to the related or reliable User of an account will set the limit of
friends and not everyone on Facebook. view by group created.
• Privacy/ Security Settings: We need to
change the Privacy settings to make • Applications / Games [5]: Facebook
our profiles and other actions secure. provides many applications and games
Facebook provides these settings to for users. Each application has different
make our accounts and access more terms of use and policies. Facebook
secure. As there is a provision, it is wise has no control of those applications.
that we make our access and personal Users need to really think the basic
data more secure through these settings. reason for accessing this website; it is

for connecting to various known and as tweets. Only registered users can send 47
reliable people and communicating with messages and these messages can be
them, not for playing games and for read even by unregistered users. Twitter
accessing applications. Be secure by not shares public information of its users to the
accessing unwanted applications which remaining registered account holders for
are provided by third parties and follow personal identification.
the necessary security features.
Twitter is not only the most widely used
professional connectivity social network,
it is also the most widely attacked social
networking website. It became stable and
more secure because of these attacks[6].
Security and Privacy concerns
• User Information: Don’t share personal

or critical information while tweeting
with others. All tweets are public and
Figure 3: An example of a specific application that is you have an option to secure your
asking for a permission. [5]
tweets, by doing this, only the people
who are following you can view your
• Login Notifications: Enable Login
tweets. Even then, sharing critical
Notifications in the Facebook security
information is not at all entertained for
settings, so that notifications will be
security purpose.
sent to your mail or mobile. With this we
• Following: This really plays a critical
can trace out and can take immediate
and crucial role in protecting security
action when an unauthorised user tries
and privacy of your account. Unless you
to get access to our account.
know the person well do not follow or
follow their tweets. Best way to attack is
Facebook is really the most accessible and
to follow the user and get some relevant
the most popular social networking website.
information through their tweets. Don’t
This does not mean that it is the most
follow anybody unless you know the
secure application. Facebook provides many
person well enough and even then
security and privacy features that provides
do not share any personal or critical
better security to our accounts and access
information.
levels. It all depends on us whether to follow
• Location update: Geo Tagging feature in
these security features and ethical concerns
Twitter will let a user know your current
to make our lives peaceful and happy or else
location. This is not safe at all. Unless
just go at it at our own risk and face the
it is really required, do not enable this
consequences.
service as there is no need for people
to know your current location. This may
Social Networking Website- alert attackers and burglars who are
Twitter waiting for the right time to attack you
and your assets.
Twitter is the most widely used professional • Blocking: If you feel some users in your
social networking website. Twitter is used follow list are not reliable block them
to send and read short messages known immediately. By doing this, they will not

48 have any idea regarding your actions social network space. The second issue is
and location. identity theft; attackers make use of social
• Monitor your Children: network accounts to steal identities. The
◊ Children are not matured enough to use third is the spam issue. Attackers make use
social networking websites. As it may of social networks to increase spam click
have serious mental impact on them through rates, which is more effective than
as well or else may result in physical the traditional email spam. The forth is the
attacks. Even then, if it is required, at malware issue. Attackers use social networks
least take note of some of the issues as a channel to spread malware, since it
mentioned below for their safety. can spread very fast through connectivity
◊ Remove your child’s personal among users. Social networking sites are
information from twitter. Children always facing new kinds of malware. Finally,
are not matured enough to use this physical threats, which are the most harmful
website. Even though they want to, of all. Since several social network features
make sure their personal information is utilise location-based services, it is easier for
kept hidden. criminals to track and approach victims.
◊ Turn off the tweeter location option.
This helps in being safe. Or else it will Social networking sites try to implement
open up opportunities for attackers to different security mechanisms to prevent
physically attack children or mentally such issues, and to protect their users, but
disturb them through their tweets. attackers will always find new methods to
◊ Frequently check their accounts. If they break through those defences. Therefore,
really want to use it, regularly monitor social network users should be aware of
their accounts. all these threats, and be more careful when
• Login Information: Always prefer to have using them. ￭
complex passwords for your Twitter
account. This makes it impossible to References
crack and misuse your account.
1. E. Aïmeur, S. Gambs, and A. Ho, “Towards a
Even though Twitter is more secure compared Privacy-Enhanced Social Networking Site,”
2010 Int. Conf. Availability, Reliab. Secur., no.
to other social networking websites, it still 3, pp. 172–179, Feb. 2010.
depends on the way we handle it and how safe 2. D. M. Boyd and N. B. Ellison, “Social Network
we make use of it or benefit from it. Sites: Definition, History, and Scholarship,” J.
Comput. Commun., vol. 13, no. 1, pp. 210–
230, Oct. 2007.
3. G. Bamnote, G. Patil, and a Shejole, “Social
Conclusion networking - Another breach in the wall,” Int.
Conf. Methods Model. Sci. Technol., vol. 1324,
pp. 151–153, 2010.
4. L. Bilge, T. Strufe, D. Balzarotti, E. Kirda, and
Social networking sites have become a S. Antipolis, “All Your Contacts Are Belong to
potential target for attackers due to the Us : Automated Identity Theft Attacks on Social
availability of sensitive information, as Networks,” Www 2009, pp. 551–560, 2009.
5. A. Albesher, “Privacy and Security Issues in
well as its large user base. Therefore,
Social Networks : An Evaluation of Facebook,”
privacy and security issues in online social pp. 7–10, 2013.
networks have become greater concerns. 6. C. Perez, B. Birregah, R. Layton, M. Lemercier,
Privacy issue is one of the main concerns, and P. Watters, “REPLOT : REtrieving Profile
Links On Twitter for suspicious networks
since many social network users are not
detection,” pp. 1307–1314, 2013.
careful about what they expose on their

Developing the Nation’s Competency Skill
Sets for Forensic Document Examiners 49
By | Sarah Khadijah Taylor
Background What is the motivation?
In March 2014, Department of Chemistry

Malaysia had invited CyberSecurity This project was initiated by Department
Malaysia as a technical evaluator for the of Chemistry Malaysia early this year
development of competency skill sets although the initial discussion actually
for Forensic Document Examiners (Level started last year. This project was
2 and 3). The meeting was held in May initiated when most of the Forensic
2014 of which I had the opportunity to Document Examiners were being viewed
represent CyberSecurity Malaysia and as incompetent in Malaysia’s court of law,
provide my technical inputs. Joining causing their statements to be arguable
this meeting were representatives in court. This issue was acknowledged by
from Royal Malaysian Police (PDRM), several agencies, including Department
Companies Commission of Malaysia of Chemistry Malaysia and PDRM. Most
(SSM), Department of Chemistry Malaysia, of them were of the views that their
Malaysian Immigration Department and existing training programmes did not
National Occupational Skills Standard have the proper structures specifying
(NOSS) as the facilitator. certain skill sets to be achieved by the
various Forensic Document Examiners.
How?
This project was initiated and funded

by Department of Chemistry Malaysia ,
under the purview of the NOSS. During
the meetings, Department of Chemistry
Malaysia served as the secretariat, while
NOSS acted as the facilitator. When the
skill sets are ready, it will be parked
under NOSS for other agencies to refer
and use.
Several workshops were conducted and

Who is a Forensic Document
attended by several agencies in order
Examiner? to develop these skill sets. The first
workshop took five days, whereas the
A Forensic Document Examiner is the one second one took another 5 days for the
who analyses a document and determines document containing the skill sets to
the authenticity of a document. The be developed. The proposed document
examiner also conducts analysis on was presented to a panel of technical
handwriting styles. evaluators to get their comments and

feedback. In general, the panel provided first meeting and the third meeting was
positive feedback with a few minor just two months! It was acknowledged by
50
changes on the draft to enhance the skill the participating agencies that the quick
sets. The document is yet be approved completion of the document was made
by NOSS in the next phase before it can possible as a result of their commitment
be assigned as a national document. and hard work. They were working from
8.30 am to 10.00 pm daily for the whole
It is observed that the process of week, and in certain circumstances they
developing the skill sets has taken a very had to stay up until 1.00 am.
short time. The duration between the
What are the benefits? agencies are saddled with the same job
roles or functions, and there is a need at
This initiative to develop competency a national level for standardisation.
skill sets for the Forensic Document
Examiners is to assist relevant agencies The document is very detailed, complete
in their examination of various forensic and thorough. Once it is complete, the
documents. Amongst others, the skill document will contain the following
sets can be used by agencies to hire new items:
personnel and measure their performance. • Competency Unit; eg: Exhibit
The skill sets can also be used by training Comparison Activities.
providers to develop training programmes • Work Activities (sub of Competency
and assess a trainee’s knowledge and Unit); e.g.: ‘Examine the features of the
skills. In addition, the skill sets can specimen exhibits’ and ‘Examine the
be used for human resource planning features of the questioned exhibits’.
purposes namely to set a clear career • Knowledge, Skill and Ability (KSA) for
path and progression for employees. each Work Activities.
• Assessment of KSA
Summary • Training hours
• Training delivery modes
I personally think that the development
of this skill sets for Forensic Document The attractive part of this initiative is that
Examiners is a very good initiative. I it does not take a long time to complete.
would suggest that other agencies do A typical cycle would be three months.
the same to come up with skill sets However, a certain amount of money
that are related to their job functions. must be allocated to pursue this initiative
This project is highly beneficial and as it involves the organisation of several
recommended when the various different activities.

The Importance of Cloud Computing
51
By | Syed Zulfauzi
Introduction the computational environment, and

characterises a level of abstraction for its
Cloud computing is a model for enabling use. A service model can be actualised
convenient, on-demand network access to as a public cloud or as any of the other
a shared pool of configurable computing deployment models. Three well-known
resources (e.g., networks, servers, and often-used service models are listed
storage, applications, and services) that below:
can be rapidly provisioned and released
with minimal management effort or Software-as-a-Service.
service provider interaction. -NIST
Software-as-a-Service (SaaS) is a model
Cloud computing is a synonym for of service delivery whereby one or more
distributed computing over a network and applications and the computational
means the ability to run a programme on resources to run them are provided for
many connected computers at the same use on demand as a turnkey service. Its
time. –Wiki main purpose is to reduce the total cost
of hardware and software development,
Service Models maintenance, and operations. Security
provisions are carried out mainly by the
Just as deployment models play an cloud provider. The cloud consumer does
important role in cloud computing, not manage or control the underlying
service models are also an important cloud infrastructure or individual
consideration. The service model to applications, except for preference
which a cloud conforms dictates an selections and limited administrative
organisation’s scope and control over application settings.
Figure 1: Seperation of Responsibilities

Platform-as-a-Service. software infrastructure components,
and instead obtain those resources
52
Platform-as-a-Service (PaaS) is a model of as virtualised objects controllable
service delivery whereby the computing via a service interface. The cloud
consumer generally has broad freedom
platform is provided as an on-demand
to choose the operating system and
service upon which applications can be development environment to be hosted.
developed and deployed. Its main purpose Security provisions beyond the basic
is to reduce the cost and complexity infrastructure are carried out mainly by
of buying, housing, and managing the cloud consumer.
the underlying hardware and software
components of the platform, including
any needed programme and database
development tools. The development
environment is typically designed for a
special purpose, determined by the cloud
provider and tailored to the design and
architecture of its platform. The cloud
consumer has control over applications
and application environment settings
of the platform. Security provisions are
split between the cloud provider and the
cloud consumer.
Figure 3
Figure 2
Infrastructure-as-a-Service.
Figure 4
Infrastructure-as-a-Service (IaaS) is a
model of service delivery whereby the
basic computing infrastructure of servers, The importance of cloud
software, and network equipment is
computing and its advantages
provided as an on-demand service upon
which a platform to develop and execute
applications can be established. Its main 1. Help companies save money
purpose is to avoid purchasing, housing, Companies can save a lot of money
and managing the basic hardware and in their investment into cloud

computing technologies. This can the cloud computing market to offer
help organisations take the burden cloud drives such as Google, Amazon,
53
of acquisition of servers, software, and Dropbox to name a few.
and people that are needed to
beef up enterprise services, shared 4. Cloud computing solutions are
technology solutions, and deployment easy to use
of customised or custom off-the- shelf The reason why cloud computing is
solutions. catching on is because of the simplicity
that vendors have been integrating
2. Help save the environment solutions to use this technology in
Organisations that implement cloud the first place. People like simplicity,
computing technologies can have excellent customer service, and more
a significant impact on their ability sophistication in the services that
to reduce their electricity bills they are receiving from companies. As
dramatically. Cloud computing helps long as vendors make it simple and
save the environment because it is enjoyable to access cloud technologies
shared infrastructure resources that then it will become more integrated
a vendor provides to an organisation. with other products.
Cloud computing vendors that
specialise in infrastructure services 5. Integrate part of a disaster
have built up data centres around the recovery solution
country and offer their data centres to Organisations need to protect their
other companies. Companies do not critical data to ensure that they can
need to have their own data centres, provide services to their customers
they can just have their applications and that they are able to continue
hosted with these cloud computing their daily operations to support their
providers to help save energy through corporate mission. Most companies
sharing resources. develop a disaster and recovery plan
that discusses the necessary steps that
3. Access to information anywhere they need to take for any type of events
at anytime that a company may face. A company
The Internet and cloud computing prepares for these events by having
technology is a winning combination. an alternative computing facility to
These two technologies have allowed save mission critical data for the
vendors to develop a product called organisation at some remote location
"cloud drives"; which is an online away from the corporate headquarters.
storage medium that allows people Companies also routinely take full and
to save their documents, videos, incremental backups on a daily and
photos, and music over the Internet. weekly basis that is stored on some
The advantages of a cloud drive is that type of storage device. Companies
it provides the capability for people can now integrate cloud computing
to access their information from any as a type of storage device that they
computer around the globe at their can integrate with their disaster
convenience. This type of simple recovery plans in addition to the other
technology allows people to become methods that they are using to save
more productive by improving their their data. Having a cloud storage
access to information. There are a solution helps provide additional
number of vendors that have entered safeguard procedures to help ensure

that customer data will be safe and • Skydrive
54
that your organisation will continue to • 4shared
operate based on any type of event. • Mediafire
6. Will lead to new product and Conclusion

platform innovation
The need for new product ideas and The tight relationship between cloud
innovation is critical to the success computing, virtualisation, and shared
and growth of the global economy. storage naturally means that virtualisation
These new product innovations and shared storage will increase in
can come from improving on older importance. The new utility model for
technologies or collaborating with IT services breaks the conventional
existing technologies to form new technology, people, and process barriers
ones. Cloud computing is positioned that applications and information haven
to be an important ingredient that been confined to. Cloud computing is
companies can use to bundle with a new computing paradigm that is still
other services that can provide emerging. Technology advances are
customers with new experiences. The expected to improve performance and
number of possibilities that companies other qualities of services from public
can combine with cloud computing is clouds, including privacy and security.
infinite and we are excited about the Many agency systems are long lived and,
future innovations that may rise from if transitioned to a public cloud, will
this technology. We are already seeing likely experience technology and other
innovations from companies such as changes over the course of their lifetime.
Amazon, Google, Rackspace, IBM, and
Microsoft. Cloud computing is new Cloud providers may decide to sell
technology that has just begun to or merge their offerings with other
assemble the policies, technologies, companies; service offerings may be
disciplines and is not at a mature state eclipsed by those of another cloud
yet. There is so much potential to provider or fall into disfavour; and
grow this domain forward and it will organisations may be required to re-
be exciting to see what will happen compete an existing contract for cloud
in the next ten years in the evolution services, when all contractual obligations
of the cloud. We expect to see more are exhausted. Eventually having to
synergies from different technologies displace some systems to another public
and possibly more collaborations from cloud is a distinct possibility that federal
vendors in offering customers better agencies and other organisations should
solutions. not dismiss. ￭
These are some example product exist in References

the market:
• amazon.com 1. http://www.nist.gov
2. www.Wikipedia.org
• AT&T
3. http://www.examiner.com/article/why-cloud-
• iCloud computing-is-important
• Dropbox 4. www.crn.com
• Evernote 5. www.amazon.com
• Google Drive 6. www.howstuffworks.com

Measuring Security Awareness
55
By | Melisa Binti Muhamed
Introduction It is agreed among professionals

that measuring security awareness
Your organisation is ISMS certified. You effectiveness is not straightforward as
have information security policies in in measuring manufacturing or quality
place. Security awareness campaigns, processes. However with the use of right
trainings and talks have taken place. But available tools and methods, getting real
how do you measure the effectiveness key indicators of an organisation’s level of
of the programmes and the awareness awareness is possible.
level of your organisation? What should
you measure?
What should we measure?
It's been said that security is hard to
measure. That includes measuring the
awareness level of an organisation. To start with, there is no commonly agreed
Although security has always been and understood standard measure of the
perceived as a dynamic process, it does not effectiveness of a security awareness
mean that it is left without any measurable programme and the awareness level of an
aspects. The process needs to be improved organisation. However, there are a number
in order to be measured. of qualitative and quantitative measures
that can be used in order to obtain real
According to John Schroeter, in an article insights and to show how much progress
from CSO [1], there are many benefits an an organisation have achieved over a
organisation will enjoy when they make period of time.
improvements to the process. Among
those benefits are:- In an article titled Measuring Information
Security Awareness: A West Africa Gold
a. Better budget justifications for creating Mining Environment Case Study[2],
the security awareness program/ West Africa Gold Mining company used
training a methodology based on techniques
b. Better ability to identify major data borrowed from the field of social
breached psychology to develop a measuring tool.
c. Secure confidential information The methodology proposed that learned
d. Limit physical access to data storage predispositions to respond in a favourable
devices or unfavourable manner to a particular
e. Achieve high compliance with legal and object have three components: affect,
self- regulatory framework behaviour and cognition.
f. In better position to attract and retain
high-quality information security Affect One’s positive and negative
personnel emotions about something
g. Effective enforcement of corporate Behaviour Intention to act in a particular

manner
information security policy
Cognition The beliefs and thoughts one
h. Protected company reputation which holds about an object
increase customer trust and loyalty Figure 1: Definition of the three component by Feldman,
1999; Michener and Delamater, 1994 [3]

The three basic components were then users are aligned with the identified security
56
used as a basis to create a model of objectives and requirements.
equivalent dimensions as below:-
Attitude Knowledge Behaviours
Knowledge What a person knows; Surveys Assessment Behavioural
understanding of information Tests Measures
security issues and requirements Interviews Surveys
Attitude How do they feel about the
Focus Group Interviews
topic; how learners feel about
information security i.e. does it Focus Group
seem important. This determines Figure 4: Tools and methods for measuring attitudes,
their disposition to act
knowledge and behaviour
Behaviour What do they do about it; the key to
compliance. Employee behaviour
is determined by their attitude and
is a result of learners putting their Measuring Attitudes
knowledge into practice
Figure 2: Equivalent dimension developed to gather actual
measurement for security awareness
All these tools are used to gather the
In a white paper by SAI Global [4], they performance measure. To measure and
believe that from a user perspective, gauge attitudes, a number of options
information security lies in the overlap can be deployed to the target audience.
of attitudes, knowledge and behaviour. Overall, the methods used should relate
Addressing and measuring these three to how the target feels about information
areas in an awareness programme will security. For example:-
ensure the desired effect. • Does it help or hinder day-to-day work?
• Does the audience understand the
connection between information
security and the protection of the
organisation’s reputation?
Methods Attitudes that can be measured

Survey Can be used for a large number
of respondents. Useful to identify
broad areas of trends and
information security issues.
Focus Group Small targeted audience from
different backgrounds can be
selected. This will provide the
opportunity to drill down an issue
and explore other key issues.
Interview The target group should be the
Figure 3: Overlap of attitudes, knowledge and behaviour
management, key stakeholders
and influencers. This method will
provide insights into key areas
From the model above, different measuring that matters to them.
tools and methods have been developed over Figure 5: Methods and target audience
time in order to provide measurable results
and indicators. In deciding what metrics to
capture, it is important to consider the key Measuring Knowledge
determinants of security behaviour from a
user perspective. The security position of
an organisation can be improved when the In measuring knowledge, a well-designed
attitudes, knowledge and behaviour of the assessment test is very important. A

poorly constructed assessment test will Apart from the survey data, incident
not measure the right knowledge of the reporting data is also a potential key 57
target audience. The assessment test indicator. The number of incidents
requires a clear and demonstrable link reported and the number of disciplinary
between required security behaviour that of security issues reported will be able to
the organisation is trying to encourage and provide insights on the awareness level
the knowledge that needs to be delivered over a period of time.
and assessed.
The learning objectives should also be Security Awareness Training

clearly addressed in the training content. and Assessment
This will help the organisation to focus
on what they want the targeted audience
to do and not dishing out excessive With technological advancements, the
information for the audience to absorb. use of manual methods such as surveys,
The questions in the assessment test interviews and focus group can be
should also be designed and relate directly minimised or totally eliminated. Most
to the behavioural learning objectives. organisations are now moving towards
This will become a valid test whether the centralised, web based, video animated
user understand and will demonstrate e-learning systems in providing security
the important security behaviours that awareness training and assessment to
the user need to exhibit. A good quality their employees. These methods are able
e-Learning system with a well-designed to provide more accurate and automated
assessment test offer good opportunities measurements to all the factors mentioned
in assessing security knowledge. Usually above.
equipped with a large question bank, the
system will ensure a learner will obtain
different learning experiences each time
Figure 6: Components of Security Awareness
he/she participate in the assessment and
Training and Assessment
presented with different questions from
their peers, thus, discouraging collusion.
With the e-learning systems in place,
benchmarking of security awareness can
easily be done. These e-learning systems
Measuring Behaviour can be used to gather operational measures
or quantitative data. Quantitative data
such as the number of employees trained,
Often, survey data that was captured the frequency of training, pass and fail
is able to that provide a meaningful rates for assessment tests as well as
indication of users’ behaviour or profiling by department or geographical
intended behaviour as it is self-reporting location can be produced by an e-learning
in nature. It also presents an opportunity system. This level of operational reporting
to get the overall view of an organisation can be particularly useful for regulatory
which gives a better indication of the compliance or internal or external auditing
organisation’s culture. This can be purposes. When collected over a year-on-
achieved by not only asking questions year basis, these data provide a useful
about their behaviour but also by asking internal benchmark showing the growth
their perceptions about the organisation of the awareness level of an organisation
as a whole. which makes this method the best way in

measuring the level of security awareness. to human errors. As human is known as
58
the weakest link in information security,
In a research by Kenneth Knapp from teaching methods in the modules are
University of Fairfax (Vienna, Virginia) in carefully designed with layered approach
2005 [5], an examination in the relationship that includes both technical and non-
of user awareness training components technical solutions in order to address
and perceived security effectiveness was this issue.
carried out. From the study, they concluded By using the tools and methods
that security awareness training alone will described above, it is possible for an
not secure an organisation. There were organisation to measure the security
four main implications discovered from awareness level of their organisation.
the study:- Coupled with the right technical and
non-technical strategy, an organisation
• Training must be provided at least once will be able to evaluate whether or not a
a year
positive change in knowledge, attitudes
• Multiple training methods should be
employed such as e-learning systems, and behaviour of employees has been
newsletters, posters, brochures, etc achieved and to evaluate to the extend
• Compliance should be ensured and which activities that have been impacted
non-compliance should come with the most. It is still a long way to go, but
consequences it is a possible journey in strengthening
• Train relevant topics and avoid the weakest link in information security;
excessive information
human. ￭
Conclusion References
1. Measuring the effectiveness of your security
awareness program, by John Schroeter. (http://
Looking at the future trends of security www.csoonline.com/article/2134334/metrics-
awareness training and assessment, budgets/measuring-the-effectiveness-of-your-
security-awareness-program.html)
CyberSecurity Malaysia has taken
the step forward to fulfil the gap. 2. Measuring Information Security Awareness:
Continuous Readiness Information A West Africa Gold Mining Environment Case
Security Management or CRISM is an Study, by HA Kruger and WD Kearney. (icsa.
cs.up.ac.za/issa/2005/Proceedings/Full/018_
online e-learning programme developed
Article.pdf)
to assist local organisations to assess
and measure the security awareness 3. Understanding Psychology. Fifth edition.
level of their respective organisations. McGraw-Hill College. Boston, River Ridge, IL by
Feldman, R.S. 1999
It is an engaging and behavioural-based
learning approach developed to raise 4. Measuring the effectiveness of information
information security awareness. CRISM security awareness training, by SAI Global.
learning modules are moulded into real- ( h t t p : / / w w w. s a i g l o b a l . c o m / C o m p l i a n c e /
resources/WhitePapers/how-to-measure-
life scenarios that makes learning more
information-security-training.htm)
engaging and the intended learning
objectives can easily be delivered across 5. Impact of Security Awareness Training
to the target audience. Components on Perceived Security Effectiveness
by Karen Quagliata (http://www.isaca.org/
Journal/Past-Issues/2011/Volume-4/Pages/
The modules have also aroused positive, JOnline-Impact-of-Security-Awareness-
sustained behavioural changes to Training-Components-on-Perceived-Security-
minimise the risk of security breaches due Effectiveness.aspx)

The Trend of Intrusion Defacement
59
By | Farah Binti Ramlee
Abstract— Web defacement basically Below is an example of a website being

targets web hosting owners such as defaced.
private or public blogs, corporate
and government websites. This
incident usually captures the
interface of a website that displays
unwanted, wrong information and
different content form the actual
presentation and creation of the
website. Below is an example of
website being defaced.
I. Introduction
Intrusion is referred to a successful

III. Intrusion Statistics for
unauthorised access or illegal access to a Quarter 1, 2014
system or network. This could be the act
of root compromise, web defacement, or In the 1st quarter of 2014, a total of 401
installation of malicious programmes, i.e incidents were reported to CyberSecurity
backdoor or trojan. Malaysia under the Intrusion category as
shown in Table 1 and Graph 1.
II. Intrusion Defacement
Intrusion defacement is also referred to as

web defacement or website defacement,
a form of malicious hacking in which
a website is "vandalised." Often the
malicious hacker will replace the site’s
normal content with a specific political or
social message or will erase the content
Table 1 : Intrusion in Q1 (Jan - Mar) 2014
from the site entirely, relying on known
security vulnerabilities for access to the
site’s content.
Web defacement basically targets web

hosting owners such as private or
public blogs, corporate and government
websites. This type of incident usually
captures the interface of a website that
displays unwanted, wrong information
and different content from the actual
presentation and creation of the website. Graph 2: Intrusion in Q1 (Jan - Mar) 2014

60 IV. Comparison Intrusion and protests by the attackers against
Defacement Analysis the Malaysian Government regarding the
MH370 incident and for several other
In the 1st quarter of 2014, 374 out of reasons. Below is an example of a website
401 intrusion incidents were related to that has been defaced by these hactivists.
Intrusion Defacement as shown in Table 2
and Graph 2.
Intrusion Defacement Report in Q1 (Jan-

Mar) 2014
Month No of Incidents
January 93
February 72
March 209
TOTAL 374
Table 2: : Intrusion Defacement in Q1 (Jan - Mar) 2014
Note: The statistics reflect number of tickets In the 1st quarter of 2013, there were 823
incidents related to Intrusion Defacement
reported to MyCERT as shown in Table 3
and Graph 3.
Intrusion Defacement Report in Q1 (Jan-

Mar) 2013
Month No of Cases
January 186
February 320
March 317
TOTAL 823
Table 3: : Intrusion Defacement in Q1 (Jan - Mar) 2013
Graph 2: Intrusion Defacement Q1 (Jan - Mar) 2014 Note: The statistics reflect number of tickets
A total number of 640 URLs recorded

were defaced in the 1st quarter of 2014.
Hacktivist groups mainly were responsible
for the major types of intrusion defacement
reported. In March 2014, Malaysia was
shocked by the news on the missing
airline MH370. According to MyCERT, these
hacktivist groups had exploited this issue.
From 209 incidents reported in March
2014, a total number of 61 URLs were Graph 3: Intrusion Defacement Q1 (Jan - Mar) 2013
defaced with hashtags of the operation
as #Gila, #Hempas or #Gila_Hempas. A total number of 782 URLs were defaced
Such defacements reflected the sentiment in the 1st quarter of 2013. Similar to the

1st quarter in 2014, the websites were of 2014 are as shown in Table 4 and Graph
defaced by hacktivist groups. In February 4. The list was provided by MyCERT’s web 61
and March 2013, Malaysia was struck by defacement crawler tool, MyLipas v0.7.2.
the news of Sultanate of Sulu who claimed
his ownership over the state of Sabah.
The hacktivists, mainly from Malaysia List of Domains Number of Domains
and Philippines had exploited this issue Affected
to deface several websites including biz 3
government websites belonging to the com 234
both countries for various political and com.my 260
personal agendas. These hacktivists had edu.my 29
posted their thoughts and opinions on the gov.my 14
defaced websites. Below is an example info 0
of a website that was defaced by these my 51
hacktivists. net 12
net.my 3
org 11
org.my 12
tv 0
others 11
Total 640
Table 4: Total targeted domains reported
From the statistics above, it is observed

that web defacement incidents from the
1st quarter 1 2013 to 2014 has decreased
from 823 to 374 cases. However, the
matter should not be taken lightly as the
incident would definitely increase should
there be issues or sentiments that can be
exploited by hacktivists.
Graph 4: Number of Domains targeted by defacement

V. Indepth Analysis on Intrusion
Defacement Quarter 1, 2004
From the graph above, we can see that the
top domains being defaced were com.my
The domains that were targeted by most of with 260 URLs followed by .com with 234
the intrusion defacement in the 1st quarter URLs and .my with 51 URLs.

Table 5 and Graph 5 show the operating Unknown 24
62
systems that were defaced in Quarter 1, 2014 Total 640
OS Table 6: Total affected Server reported
Cent OS 6
Microsoft Windows 97
Ubuntu 3
Unix 131
Unknown 403
Total 640
Table 5: Total affected Operating System domains
reported
Graph 6: Number of Servers affected by defacement
From the graph, we can see most websites

using Apache server having 498 URLs were
defaced followed by Microsoft Windows IIS
with 94 URLs and Nginx with 20 URLS. The
graph also indicates that the servers that
housed 24 defaced URL were unable to be
detected.
Graph 5: Number of Operating Systems affected by
defacement
VI. Best Practices /

From the graph above, we can see that
most websites using Unix operating system
Recommendation for
with 131 websites have been defaced. This Prevention
is followed by Microsoft Windows with 97
websites and Ubuntu with six websites. The
graph also indicates that 403 websites that MyCERT has released an advisory pertaining
were defaced were unable to be detected. to web security in order to protect various
web owners against web defacement. The
Table 6 and Graph 6 below shows the advisory can be referred in the following
servers that are affected by these incidents URL:
in Quarter 1, 2014.
h t t p : / / w w w. m y c e r t . o r g . m y / e n /
Server services/advisories/mycert/2014/main/
Apache 498 detail/945/index.html
Cloudflare-nginx 3
Nginx 20 The most common and immediate solution
GSE 1 for handling a defaced website is by
Microsoft-IIS 94 taking the website offline temporarily

to contain further damage. The offline attacks are merely the extension of 63
duration can be utilised to troubleshoot, physical crisis into cyberspace. It is

analyse and rectify problems. However, also concluded that the motivation of
the decision to take this common or web defacement attacks are no longer
immediate solution depends on the top to detect vulnerabilities and inform
management and organisational policy. system administrators about the security
The system administrator has to consult loopholes that exist in their systems but
the top management as taking the website they are the means for hacktivist groups to
offline temporarily can be perceived as express their feelings and protest against
denial of service that affects the uptime any organisation/government.
of the compromised system. Links below
are generic guidelines on how to act In this regard, all system owners need to
and handle web defacement incidents in be alert and take the necessary measures
an organisation. As this is the general to secure their websites. Updating with
guideline, most of the steps are relevant to the latest versions, patching systems,
most platforms. Your milestone may vary. and conducting penetration testing are
amongst the steps that can be taken
• Web Defacement - Incident Handling by system administrators to ensure
Steps (Unix/Linux/BSD) the security of their websites. System
Administrator, Internet Service Provider
h t t p : / / w w w. m y c e r t . o r g . m y / e n / (ISPs), Web Hosting and users must take
resources/incident_handling/main/ note about intrusion defacement activities
main/detail/754/index.html that may be present in their system logs.
The repercussions from these activities
• Web Defacement - Incident Handling can be of high impact namely on their
Steps (Windows) websites availability and integrity, as well
h t t p : / / w w w. m y c e r t . o r g . m y / e n / as their organisational image. ￭
resources/incident_handling/main/
main/detail/755/index.html
References
Conclusion
1. h t t p : / / w w w. m y c e r t . o r g . m y / e n / s e r v i c e s /
statistic/mycert/2014/main/detail/949/index.
In conclusion, the numbers of incidents html
categorised under intrusion defacement
during the 1st Quarter of 2014 were 2. h t t p : / / w w w. m y c e r t . o r g . m y / e n / s e r v i c e s /
advisories/mycert/2014/main/detail/945/
640 URLs with 374 tickets. The numbers index.html
fluctuate, as in most cases web defacement

Cloud Security Principles:
64
What You Should Ask Your Cloud Service Provider
By | Ruhama bin Mohammed Zain
Cloud Security Principles of being protected or safe from harm”

and cloud refers to “the computers
and connections that support cloud
Cloud computing has become more and computing” according to the same
more acceptable to businesses today as dictionary.
some of the earlier reservations about
the security of cloud services have given As we know the term cloud computing
way to a more reality-based business has been generally accepted to refer
requirement. This is also because of the to either of the following types:
move by some well-known companies Infrastructure as a Service (IaaS),
and businesses that migrate some if not Platform as a Service (PaaS) and
all of their applications to the cloud. Software as a Service (SaaS). These
categorisations was derived from the
However, the ultimate responsibility for National Institute of Standards and
your data and especially your client’s Technology (NIST), an agency of the
data rests with you, the business United States Department of Commerce.
organisation and not with the cloud The principles described in this article
provider. Sure, you can put into the should apply to all three.
service level agreements what are the
security responsibilities of the cloud The term “consumer” used in this article
provider but that will not absolve a shall be taken to mean the subscriber
businesses from being answerable to of the cloud computing service.
their clients for any data breaches in
the cloud environment.
1. Data in transit must be
What then, are some of the cloud protected
security principles against which
you can measure the cloud provider’s
ability to ensure your data is secure as This refers to the requirements that
it should be? This article will describe consumer data that travel across the
some of them and explain some networks must be sufficiently protected
examples by which to measure whether against eavesdropping and tampering,
the principles are adhered to by cloud in order to protect their confidentiality
service providers. and integrity. The way to do this is
to apply a combination of encryption
A principle is defined as “a basic truth and network controls. Encryption will
or theory: an idea that forms the prevent an attacker from reading the
basis of something” according to the data and network controls will prevent
Merriam-Webster online dictionary. them from intercepting the data in the
Security is taken to mean “the state first place.

65
2. Asset must be made in case of unexplained data access by
resilient and protected potentially unauthorised parties.
Asset here refers to the computers 5. Secure administration of the

and processing systems that either cloud service
store or process consumer data. Both
the asset and the consumer data itself
must be protected from being tampered The consumer should make sure that
physically, stolen or damaged. Things the methods used by the administrators
like offsite backups, redundant servers, of these service providers in managing
and physical security of the cloud data the operational service are done in a
centres are some of the items that needs manner designed to mitigate any risk of
to be noted here. exploitation which could jeopardise the
security of the service. Good practices
like separation of duties between the
3. Cloud tenants must be service provisioners and the security
separated administrators is one example.
Public cloud computing to a certain extent 6. Protection of External

of the definition implies multi-tenancy. Interfaces
What this means is there exists more
than one consumer utilising the same
resources of the cloud service provider. It is important to identify all external and
It is therefore critical that separation any less trusted interfaces connected to
between different consumers of the the service so that proper protections
cloud service be established to eliminate are allocated to defend them against
the possibility of either malicious acts attacks. Since the networks that the
or compromised consumers adversely cloud service runs on belong to the cloud
affecting the confidentiality, availability provider, sometimes the consumer has
or integrity of another consumer of the no say whenever new connections are
service. introduced into the network at a later
stage. This becomes an important issue
to be considered by the consumer.
4. Availability of audit
information to consumers
7. Authentication and
It is important that the consumers have authorisation
available to them the audit information
so that they may monitor things like
access to their service and also access to Any and all access by both the
the data that is contained within it. This consumer and the service provider to all
is to allow them to take necessary actions interfaces into the service must follow

66
strict authentication and authorisation assessment reports of the services that
processes. Nobody should be exempted the consumer is interested in. This can
from this requirement so that there is help to show whether the cloud service
less chance for unauthorised individuals provider consistently identify and
to do something harmful and also to mitigate threats to the security of the
ensure that actions taken by authorised service.
individuals can later be traced back to
them for accountability purposes.
Conclusion
8. Operational Security
Security is the responsibility of both
the consumer and the cloud service
There should be processes and procedures provider. This article has attempted to
in place by the cloud service provider to describe some of the security principles
ensure the operational security of the that both the consumer and the provider
service is well-defined. The processes should be concerned with. There are
and procedures are important so that additional security principles that will
everybody is aware and can properly add extra layers of confidence if they
do their work during normal operating are implemented by the provider but the
conditions as well as during security principles described above should be a
disasters. good starting point in the right direction
for the consumer. ￭
9. Personnel security
References
The consumer should make sure that the

cloud service provider performs adequate 1. h t t p : / / w w w . m e r r i a m - w e b s t e r . c o m /
dictionar y/secur ity
security screening of their personnel and
ensure that those personnel undergo the 2. h t t p : / / w w w. a c c o u n t i n g c o a c h . c o m / b l o g /
correct security training for their role in separ ation- of- duties- inter nal- contr ol
the cloud provider’s organisation.
3. h t t p : / / w w w . s a f e n e t - i n c . c o m / d a t a -
protection/virtualization-cloud-security/
saas- secur ity- cloud- access- contr ol/
10. Secure development of
4. 4. h t t p s : / / d a t a t r a c k e r . i e t f . o r g /
services documents/LIAISON/file1181.doc
[Requir ements for Ser vice Pr otection Ac ros s
Exter nal Inter faces Dr aft 0.34 January
Consumers should evaluate and decide 2011]
whether the cloud service provider 5. h t t p s : / / w w w . g o v . u k / g o v e r n m e n t /

implement secure development practices. publications/cloud-service-security-
One way this can be verified is to insist principles/cloud-service-security-principles
on the latest vulnerability and security

A Forensic Analysis on SMS Timestamp
67
By | Nor Zarina Zainal Abidin
I was once given a mobile phone to be Methodology

analysed for a criminal case several years
ago. The case objective was to extract The methodology of conducting this analysis
SMS (text messages) from the phone and is quite simple. The steps below show how
to correlate the timestamp of SMS from the analysis is conducted:
the sender’s phone and the SMS from the
receiver’s phone.
What was supposed to be a simple analysis

became complex as the timestamp
correlation did not make sense at all.
Further analysis on the timestamp found
that there were actually three possibilities
of how SMS timestamp were generated on Preliminary Study on
the phone.
Timestamp
When a SMS is received, the timestamp
Before we proceed to the next section, it is
displayed on the SMS could be:
important for an analyst to understand the
timestamp system. Mobile phones, in general,
• The timestamp of the sender’s phone
uses the Coordinated Universal Time (UTC)
(device time)
format. It is also known as Zulu time’ or ‘Z time’.
• Timestamp of the telecommunication
UTC is 24-hour time, which begins at 00:00 at
provider’s server time (network time)
midnight.
• Timestamp of the recipient’s phone
(device time)
To obtain Malaysia’s local time (known as GMT),
we need to add 8 hours (+8) to the UTC. The
example of UTC to GMT calculation is as below:
Figure 2: Converting UTC time to GMT time

Figure 1: Three (3) possibilities of timestamp generated
for an SMS. Have you ever wondered which timestamp is
displayed on your SMS?
Analysis & Finding
How do we determine which timestamp is
generated on the SMS? In this article, I will Three phone models were used for the
present a simple analysis on three phone purposes of this study. The phones have
models and provide a conclusion from the been synchronised to the SIRIM standard
analysis. time. The details are as follows:

68
No Model Operating System Telecommunication Label
Provider (Telco)
1 Apple iPhone 4 GSM iOS Telco X Phone A
2 Samsung GT-i9305 Android Telco Y Phone B
Galaxy S III
3 BlackBerry 9800 Torch Blackberry OS Telco Z Phone C
Table 1: Mobile Phone details
The phones were then plugged into the

.XRY and the SMS data was extracted
from the phones.
Analysis on Apple iPhone 4

GSM
After synchronising the time to the

standard time, SMS was sent from
Phone A to Phone B and Phone C. The
SMS timestamp shown in each phone is
shown is the figures below:
Analysis on BlackBerry 9800

Torch
In the final step, SMS was sent from
Phone C to Phone A and Phone B. The
SMS timestamps shown in each phone
are displayed in the diagram below :
Analysis on Samsung GT-i9305

Galaxy S III
In the next step, SMS was sent from

Phone B to Phone A and Phone C. The
SMS timestamps shown in each phone
are displayed in the diagram below:

The following table provides a phone models shows that: 69
summarised view of the SMS timestamps
for all the phones. 1. Apple iPhone 4 GSM generates
network timestamp for incoming SMS
iPhone 4 Samsung S III Blackberry Torch and device time for outgoing SMS.
Outgoing Incoming
SMS
Timestamp
SMS Timestamp 2. Samsung GT-i9305 Galaxy S III records
17/10/2013 16/10/2013 • 17/10/2013
the device time for both incoming and
3:58:42 AM 3:59:01 3:59:17 AM outgoing text messages.
UTC (Device)
UTC AM UTC
(Device) (Device)
• 17/10/2013 3. BlackBerry 9800 Torch (Phone C)
7:59:14 PM
(Network)
records the device and network times
Table 2: Summarised table of timestamp for outgoing text for incoming text messages but
messages from iPhone 4 only device time for outgoing text
messages.
Samsung iPhone 4 Blackberry Torch

S III Findings (Time)
Mobile Incoming Outgoing text
Outgoing Incoming No
Phone text messages
SMS
SMS Timestamp messages
Timestamp
16/10/2013 17/10/2013 • 17/10/2013 1. Apple iPhone Network Device
3:57:28 AM 3:57:49 AM 3:57:54 AM 4 GSM
UTC (Device) UTC (Network) UTC (Device) (Phone A)
• 17/10/2013 2. Samsung GT- Device Device
7:57:50 PM i9305 Galaxy
(Network) S III
Table 3: Summarised table of timestamp for outgoing text
(Phone B)
messages from Samsung S III
3. BlackBerry Network & Device
9800 Torch Device
Blackberry iPhone 4 Samsung S III (Phone C)
Torch
Table 5: Summary of findings
Outgoing Incoming
SMS
SMS Timestamp
Timestamp
17/10/2013 17/10/2013 16/10/2013
4:00:37 AM 4:00:43 AM 4:00:28 AM UTC Conclusion
UTC (Device)) UTC (Network) (Device)
Table 4: Summarized table of timestamp for outgoing text Being a forensic analyst, one must be able
messages from Blackberry Torch to explain the meaning and significance
what each data entails, especially the
timestamp on a piece of data. This is
Summary of Finding important to ensure that data can be
correctly correlated with each other, and
at the end providing meaningful data
The forensic analysis conducted on the to assist the investigation of a criminal
SMS timestamps from the three different case. ￭

CRYPTOGRAPHY
70
In staying secure and safe, reliable encryption remains the foundation on
which the trillion-dollar edifice of global e-commerce is built on.
By | Liyana Chew Nizam Chew
WHAT IS CRYPTOGRAPHY? WHERE IS CRYPTOGRAPHY?
The science of making codes and • Government

encoding information and transforming • Spies
private data into an unreadable format in • Financial Institutions
preventing parties with hostile interests • Security Agencies
from obtaining them • and YOU
WHY CRYPTOGRAPHY? WHO USES CRYPTOGRAPHY?
Cryptography is an essential part of Any type of business that are using

modern life. It allows users to protect computers will surely have data to protect
the integrity of communications and the
confidence of data without being held to
ransom.
Modern cryptography entails security sender and intended receiver with

and adheres to the following basic such alterations being detected.
paradigms and principles:
3. Non-Repudiation- the creator/
1. Confidentiality – information that sender of the information will not
cannot be understood by anyone be able to deny at a later stage of
other than for whom it was intended his/her intentions in the creation or
for. Thus, protecting the information transmission of the information
from disclosure to unauthorised
parties. 4. Authentication – the sender and
receiver can verify each other’s
2. Integrity – the information cannot be identity and the origin/destination of
altered in storage or transit between the information. ￭

Hantu Internet
By | Azira Abd Rahim 71
telah banyak mengubah cara manusia berfikir,

1.0 Pengenalan berhubung, berinteraksi di antara satu sama
lain. Dalam erti kata lain, ia telah mewujudkan
Era globalisasi dan dunia tanpa sempadan satu bentuk kehidupan yang unik namun ia
yang diwar-warkan pada hari ni menjadikan tiada berbeza dari kehidupan di alam realiti.
setiap daripada kita berusaha untuk menjadi
lebih maju seiring dengan pembangunan
teknologi yang semakin canggih dan mendapat
2.0 Statistik Kadar Pengguna
tempat dalam masyarakat. Hari ini, kita dapat Internet Di Seluruh Dunia
melihat bagaimana teknologi moden memberi
impak yang begitu besar terhadap kehidupan Berdasarkan data yang diperolehi dari
kita. Dunia Internet khususnya adalah salah ‘Internet Live Stats’ (penghuraian data oleh
satu daripada media canggih yang semakin Kesatuan Telekomunikasi Antarabangsa
mendapat perhatian segenap lapisan umur di (ITU) dan Bahagian Penduduk Bangsa-
mana ia turut memberi kesan dalam aktiviti Bangsa Bersatu) pada tahun 2014, hampir
75 peratus atau 2.1 billion penduduk dunia
kehidupan seharian yang meliputi urusan
terdiri daripada pengguna Internet. Negara
perhubungan, komunikasi, perbankan dan China mempunyai kadar penduduk tertinggi
jual-beli, pembelajaran, keselamatan, hiburan dunia mewakili hampir 22 peratus daripada
dan lain-lain. Oleh demikian, dunia Internet jumlah tersebut.
Ilustrasi 1: Jumlah pengguna Internet di seluruh dunia sehingga tahun 2014

Year Internet Users Users World Population Population Penetration
(July 1) Growth Growth (% of Pop. with
Internet)
2014* 2,925,249,355 7.9% 7,243,784,121 1.14% 40.4%

2013 2,712,239,573 8.0% 7,162,119,430 1.16% 37.9%
2012 2,511,615,523 10.5% 7,080,072,420 1.17% 35.5%
2011 2,272,463,038 11.7% 6,997,998,760 1.18% 32.5%
2010 2,034,259,368 16.1% 6,916,183,480 1.19% 29.4%
2009 1,752,333,178 12.2% 6,834,721,930 1.20% 25.6%
2008 1,562,067,594 13.8% 6,753,649,230 1.21% 23.1%
2007 1,373,040,542 18.6% 6,673,105,940 1.21% 20.6%
2006 1,157,500,065 12.4% 6,593,227,980 1.21% 17.6%
2005 1,029,717,906 13.1% 6,514,094,610 1.22% 15.8%
2004 910,060,180 16.9% 6,435,705,600 1.22% 14.1%
2003 778,555,680 17.5% 6,357,991,750 1.23% 12.2%
2002 662,663,600 32.4% 6,280,853,820 1.24% 10.6%
2001 500,609,240 21.1% 6,204,147,030 1.25% 8.1%
* Source: Internet Live Stats (elaboration of data by International Telecommunication Union (ITU) and
United Nations Population Division)

mahupun negatif. Sesetengah masyarakat
72
beranggapan bahawa penggunaan Internet
telah mengurangkan interaksi secara
bersemuka. Lebih banyak masa dihabiskan
di Internet sehingga ianya menjejaskan
kualiti waktu yang sepatutnya dihabiskan
bersama keluarga dan rakan-rakan. Membeli
belah dalam talian pula adalah sangat
mudah dan menjimatkan masa. Namun
kegunaannya juga telah menyebabkan orang
ramai membeli barangan dan perkhidmatan
Sumber: ‘Internet Live Stats’ (penghuraian data tanpa berinteraksi secara fizikal. Peniaga
oleh Kesatuan Telekomunikasi Antarabangsa yang menjalankan perniagaan atas talian
(ITU) dan Bahagian Penduduk Bangsa-Bangsa pula dapat melakukan perniagaan mereka
Bersatu)
dengan mudah, namun mereka seolah-olah
terkurung dari melihat dunia luar.
Berdasarkan gambar rajah di atas, kita dapat
melihat bahawa penduduk dari negara-
Menurut petikan dari laporan yang
negara Asia merupakan peratusan pengguna
dikemukakan oleh Kementerian Kewangan
Internet yang tertinggi berbanding
2013/2014 sempena Belanjawan 2014,
penduduk di negara Eropah dan Amerika.
jumlah bilangan pengguna Internet di
Oleh itu, angka ini perlu dikaji untuk menilai
Malaysia dijangka meningkat kepada 25
sekiranya wujud masalah-masalah seperti
juta orang menjelang 2015 berbanding 18
ketagihan Internet di kalangan penduduk
juta orang pada 2012. Ianya merangkumi
yang menggunakan Internet.
peningkatan kadar penembusan jalur lebar
isi rumah kepada 66.8 peratus sehingga
akhir Jun 2014. Manakala untuk kadar
3.0 Kajian Berkenaan Dengan
penembusan telefon mudah alih, ia melebihi
Ketagihan Internet Di Kalangan 100 peratus dengan kadar sebanyak 42.6
Pengguna juta langganan. Laporan ini merumuskan
bahawa rakyat Malaysia semakin banyak
memperuntukkan masa mereka melayari
Seperti yang kita sedia maklum, Internet
Internet berbanding rangkaian media lain
menyediakan pelbagai maklumat serta
seperti radio, televisyen, suratkhabar
kemudahan yang boleh diakses dengan
dan sebagainya. Menurut laporan ini
menggunakan telefon pintar, tablet
lagi, sebanyak 11.8 juta rakyat Malaysia
dan juga komputer riba. Internet juga
dianggarkan mempunyai akaun Facebook
menghubungkan pengguna melalui e-mel,
dengan lebih 80 peratus melayari Internet
blog, rangkaian sosial dan perkhidmatan
untuk mengakses Facebook.
pesanan ringkas, di mana pengguna boleh
berkomunikasi tentang pelbagai isu dan
Melihat kepada cara hidup masyarakat hari
topik semasa tanpa perlu berada di sesuatu
ini, ianya kelihatan seolah-olah masyarakat
lokasi secara fizikal. Penyebaran penggunaan
lebih selesa memperuntukkan sebahagian
yang meluas ini memberi kesan terhadap
besar waktu mereka dengan melayari laman
hubungan interpersonal (antara perorangan)
serta aplikasi media sosial seperti ‘Facebook’,’
dan intrapersonal (komunikasi dengan
Instagram’, ‘Twitter’ dan sebagainya. Media
diri) masyarakat samada secara positif
sosial adalah salah satu aplikasi Internet

terkini yang mempunyai daya penarik dan telah mendedahkan bahawa peratusan 73
boleh digunakan oleh pelbagai lapisan tertinggi orang yang terdedah kepada
masyarakat. Justeru, kita boleh katakan ketagihan Internet adalah terdiri dari para
bahawa aspek teknologi Internet adalah pelajar sekolah menengah tinggi sebanyak
penting untuk masyarakat digital masa kini. 9.2 peratus diikuti oleh pelajar sekolah
Namun perlu diingat bahawa Internet juga menengah rendah sebanyak 7.6 peratus.
boleh menyumbang kepada kemudaratan Melihat kepada peratusan ini, ianya cukup
seperti gejala penipuan, penggodaman, untuk membuatkan kita merasa bimbang
serangan virus, penyamaran, pembulian siber akan kesan yang bakal dihadapi di masa
dan sebagainya yang boleh menyebabkan akan datang apabila pelajar sekolah telah
pengguna lain menjadi mangsa. Apa yang terjebak dengan ketagihan Internet ini.
lebih membimbangkan adalah apabila kita
turut mengalami gejala ketagihan akibat
penggunaan Internet berikutan banyak
masa yang telah diluangkan sehingga
mengabaikan pelbagai perkara lain yang
lebih penting dalam kehidupan seharian kita.
Sekiranya masyarakat berkelakuan begini
secara berterusan, ia akan menyebabkan
kesan negatif yang lebih mendalam terhadap
ekosistem interaksi dan komunikasi.
Sebagaimana penagih yang bergantung
kepada dadah dan alkohol, begitulah juga
Bagaimana Seseorang Menjadi dengan pengguna yang ketagihan Internet
Ketagih Kepada Internet? sehingga adakalanya mengganggu kesihatan
fizikal dan mental. Merujuk kepada contoh-
contoh yang dilaporkan di luar negara,
Ketagihan Internet telah menjadi satu masalah ianya sudah cukup untuk membuka mata
sosial yang sangat besar di negara-negara dan minda kita betapa bahayanya ketagihan
seperti Korea, China, Amerika Syarikat dan Internet ini sekiranya tidak dibendung
sebagainya. Kecenderungan peningkatan segera.
ketagihan Internet ini kebanyakannya
didapati di kalangan remaja yang majoritinya 1. # 1- Chris Staniforth , Julai 2011
adalah pelajar sekolah. Kebanyakan daripada
Chris Staniforth merupakan seorang pemuda
mereka adalah pengguna telefon pintar, di
berusia 20 tahun dari Sheffield, England telah
mana terdapat pelbagai aplikasi yang mudah mengalami ketagihan permainan video sehingga
didapati selain dari penggunaan rangkaian meninggal dunia secara tiba-tiba selepas
sosial. bermain video selama 12 jam. Oleh kerana beliau
memperuntukkan masa berlebihan tanpa berehat
Mengikut kajian yang telah dilakukan oleh dan melakukan senaman mengakibatkan darah
beku berpindah ke paru-paru beliau seterusnya
Institut Dasar Maklumat dan Komunikasi
tersumbat dan membawa maut.
di Kementerian Hal Ehwal Dalaman dan
Komunikasi pada Februari 2013, seramai
2,605 orang telah mengambil bahagian 2. # 2- Chen Shi, September 2010
dalam kajiselidik ketagihan Internet
mengikut peringkat umur, termasuk pelajar Chen Shi , remaja berusia 16 telah terbunuh di
sekolah rendah dan dewasa. Analisis kajian Sekolah Beiteng di Changsha, China, di mana

74 beliau telah dihantar untuk memulihkan dirinya emosi di mana sering tidak berpuas hati
daripada ketagihan Internet. Malangnya beliau dengan kehidupan akan lebih cenderung
telah dipukul sehingga meninggal dunia semasa menjadi seorang yang ketagihan Internet
mengikuti kelas pemulihan ketagihan Internet
daripada seseorang yang mempunyai emosi
ini.
positif dan gembira.
China adalah antara salah satu daripada negara-
negara yang mengalami gejala ketagihan
Internet; satu daripada setiap 10 pengguna 4.0 Penutup
Internet didakwa mengalami ketagihan.
Kesimpulannya, penggunaan Internet

3. # 3- Daniel Petric, Jun 2007 sememangnya memberikan kesan yang
amat besar dalam kehidupan seharian kita.
Daniel Petric berumur 16 tahun telah melakukan
Sebagai pengguna Internet, kita seharusnya
pembunuhan yang berniat jahat di rumah ibu
bapanya di Wellington, Ohio akibat terlalu taksub bijak dalam mewujudkan keseimbangan
dengan permainan video. Apabila ibu bapa Petric antara aktiviti Internet dan kehidupan
mula merasakan bahawa permainan ganas ini sebenar untuk kebaikan sesama manusia.
perlu dihentikan lantas Petric telah menembak Untuk yang demikian, adalah penting kita
kedua ibu bapanya menggunakan senjata bapa perlu memastikan gejala ketagihan Internet
Petric dan telah dibicarakan di mahkamah dan
ini dapat dibendung dari terus menular di
telah dijatuhkan hukuman penjara selama 23
tahun untuk jenayah itu. kalangan masyarakat kini. Sekiranya anda
mendapati gejala ini ada pada diri anda,
lakukanlah sesuatu bagi mengelakkan
4. #4- Kes Kebuluran Kanak-Kanak, Mei 2010 diri anda dari terus terjerumus ke dalam
masalah yang lebih besar, jangan segan
Sepasang suami isteri dari Korea Selatan telah untuk berjumpa kaunselor dan mulalah
didakwa membunuh bayi perempuan mereka
menggunakan Internet secara positif dan
dengan hanya memberi makan sekali sehari
sahaja akibat leka bermain permainan video di mengikut panduan. Ibu bapa juga berperanan
kafe Internet. Bayi itu juga dikatakan dipukul menghadkan dan memantau anak-anak
apabila menangis kelaparan. Kematian bayi menggunakan komputer ketika melayari
ini adalah disebabkan nutrisi makanan yang Internet. Ini adalah langkah yang bijak dan
tidak mencukupi. Akhirnya pasangan ini telah praktikal bagi mengurangkan gejala masalah
dipenjara selama 2 tahun atas kesalahan yang
ketagihan Internet. ￭
dilakukan.
Melihat pada kejadian tersebut membuatkan

Laman Rujukan
kita berfikir sejenak akan kesan dan impak
disebalik ketagihan Internet ini sekiranya 1. h t t p : / / w w w. i n t e r n e t i n t e r n e t l i v e s t a t s . c o m /
tiada alternatif yang ditawarkan untuk internetInternet-users/
mengurangkan ketagihan ini. Ketagihan
2. http://www.addictionr ecov.or g/Addic tions /
Internet boleh menjejaskan juga fungsi dan
index.aspx?AID=43
kehidupan masyarakat sekiranya dikaji dari
sudut kesihatan mental dan memerlukan 3. h t t p : / / w w w. n e t a d d i c t i o n r e c o v e r y. c o m / t h e -
rawatan yang khusus. Ketidakmampuan problem/signs-and-symptoms.html
untuk mengawal tindakan impulsif adalah
4. h t t p : / / a m a n z . m y / 2 0 1 2 / 1 2 / s e c a r a - p u r a t a -
salah satu sebab utama di sebalik ketagihan
pengguna-malaysia-menghabiskan-masa-
Internet ini. Mereka yang mengalami masalah sebanyak-20-jam-seminggu-di-internet/

Mengenali Apakah Itu APT
75
Tidak ada "peluru perak" dalam mempertahankan aset terhadap APT. Yang
nyata, ketersediaan penyelesaian keselamatan merentasi domain hari ini boleh
membantu organisasi menangani masalah yang kian mencabar ini.
By | Mohd Fadzlan Mohamed Kamal
Pengenalan Kepada Dunia Siber APT - Ancaman Kepada Dunia Siber
Perkembangan teknologi maklumat Advanced Persistent Threats atau lebih

yang semakin canggih dan pantas pada dikenali dengan nama singkatan APT
hari ini bukan hanya memberi manfaat merupakan antara ancaman berbahaya
kepada segelintir pengguna sahaja bahkan kepada dunia siber dewasa ini. Ia bukanlah
melangkaui semua golongan dari seawal usia sesuatu yang terlalu baru namun masih
kanak-kanak sehinggalah kepada golongan ramai yang belum mengetahui atau
berusia. Jika diteliti, kadar penembusan memahami apakah yang dimaksudkan
capaian dan penggunaan teknologi maklumat dengan APT dan cara kerjanya. Terdapat
di Malaysia, ianya sangat mengagumkan dan pelbagai takrifan dan definisi yang
meningkat hampir setiap hari. Tambahan berbeza mengenai APT ini mengikut
pula, kerajaan telah memperkenalkan sudut pandangan individu atau sesebuah
beberapa insentif dan inisiatif baru kepada organisasi, namun secara dasarnya
golongan sasar seperti golongan belia, APT merujuk kepada ancaman yang
pelajar sekolah dan penduduk luar bandar mempunyai tahap kebolehupayaan tinggi
dalam menyalurkan bantuan kemudahan IT. yang dicipta oleh individu pakar dalam
Secara tidak langsung, ini telah membolehkan bidang teknologi maklumat bertujuan
bidang teknologi maklumat di Malaysia untuk melakukan aktiviti jenayah
berkembang dengan pesatnya. terutamanya bermotifkan pengintipan.
Walaupun terdapat banyak kebaikan yang Perkara menarik mengenai APT ialah, ia
diperolehi dalam bidang ini, namun pada dicipta lebih khusus jika dibandingkan
sudut tertentu ia turut sama membuka ruang dengan perisian perosak (malware)
dan peluang kepada individu atau kumpulan yang wujud sebelum ini. Ini adalah
yang cuba mengambil kesempatan dengan disebabkan APT biasanya beroperasi
cara yang salah bagi meraih keuntungan atau untuk mencapai sasaran tertentu
bermotif jahat. Pihak yang cuba mengambil seperti pengintipan sesebuah negara,
kesempatan atau digelar penjenayah siber parti politik atau organisasi berbanding
ini, turut sama berkembang maju dan sasaran secara rawak. Oleh kerana APT
berevolusi seiring kecanggihan teknologi dicipta secara khusus, mungkin ramai
semasa malah mereka akan sentiasa cuba individu menyangka mereka tidak akan
berada setapak di hadapan dalam kemajuan menjadi mangsa sasaran atau ancaman
teknologi yang di kecapi. Oleh itu, semua APT ini. Persepsi ini perlu difahami dan
pihak harus peka dan sentiasa berwaspada diperbetulkan, kerana pada asasnya kita
dengan taktik dan teknik terbaru yang bukanlah sasaran utama namun kita
diguna pakai bagi mengurangkan risiko mungkin boleh menjadi salah satu agen
menjadi mangsa sasaran penjenayah siber. pembawa APT tanpa kita sedari.

76
Rajah 1 : Peringkat Serangan APT
Huraian Makna APT digunakan sangat berbeza serta lebih bijak

dalam melakukan proses eksploitasi.
Dalam menghuraikan makna di sebalik nama
APT itu secara lebih mendalam, ia boleh ii. Istilah persistent pula merujuk kepada
diterjemahkan melalui 3 perkataan berdasarkan ciri-ciri sesebuah APT yang mengekalkan
nama APT itu sendiri iaitu Advanced (canggih), kewujudan mereka secara tersembunyi
Persistent (berterusan) dan Threat (ancaman). di dalam sistem sasaran untuk
mempertahankan diri daripada dikesan
i. Perkataan advance merujuk kepada alat atau dan dihapuskan. Walaupun APT bersifat
perisian yang mempunyai kebolehupayaan tersembunyi untuk mengelakkan daripada
tinggi yang digunakan oleh penjenayah dikesan namun ia aktif berinteraksi dan
siber dalam melakukan serangan atau sentiasa dikawal oleh penjenayah siber ini.
eksploitasi. Ia menggabungkan beberapa Tempoh masa yang diambil oleh APT untuk
jenis teknik serangan dan eksploit ke mencapai objektifnya mungkin mengambil
dalam sesebuah APT. Teknik ini juga agak masa berbulan-bulan atau bertahun
sukar dikesan oleh pengguna kerana ia lamanya. Jangka masa yang panjang ini
tidak melakukan sebarang kerosakan, diambil supaya perancangan rapi dapat
kemusnahan atau perubahan ketara di diatur untuk mendapatkan maklumat,
dalam sistem yang dihuni. Selain itu, APT melakukan pengintipan serta mengumpul
juga dikawal untuk berinteraksi dengan sumber secukupnya mengenai sasaran
pembuatnya iaitu penjenayah siber melalui selain cuba menembusi sistem sasaran
arah dan kawal (command and control) dengan melakukan pelbagai jenis serangan
dari pelayan (server) di luar rangkaian secara berperingkat bagi mencapai tahap
(external network) sesebuah organisasi. akses yang diinginkan.
Kebiasaannya, APT mempunyai banyak
pelayan untuk mengelirukan pihak iii. Threat atau ancaman pula merujuk kepada
yang cuba menjejaki, mengesan atau keseluruhan APT yang berniat jahat dan
menyelidiki dalang di sebalik pembuat membawa impak buruk yang sangat besar
APT ini. Advance ini juga merujuk kepada kepada mangsa sasaran. Berdasarkan
perbezaan di antara APT dengan malware kepada bentuk dan corak serangan APT,
yang lain kerana teknik-teknik yang ia tidak beroperasi secara sendirian

tetapi merupakan jenayah terancang
yang mungkin dibiayai oleh badan atau 77
organisasi tertentu. Serangan APT ini
cukup berbahaya kerana ia lebih menyasar
kepada sesebuah badan atau organisasi
yang berprofil tinggi, besar atau berkuasa
yang kebiasaannya mempunyai maklumat
penting serta kritikal dan perlu dijaga rapi
seperti maklumat sistem pertahanan atau Rajah 2 : Hubungan di antara Stuxnet, Duqu,
Flame dan Gauss
ketenteraan sesebuah negara. Maklumat
yang dapat di salur keluar itu mungkin Jika dilihat kebanyakan serangan APT lebih
dijual kepada musuh atau yang lebih tertumpu kepada sistem operasi berasaskan
menjadi igauan ialah apabila ia dikongsi Windows tetapi sebenarnya terdapat juga
secara terbuka dengan orang awam yang serangan APT yang lebih dahsyat yang
mana dapat diakses dari seluruh pelusuk mampu mengeksploitasi sistem operasi lain
seperti Mac OS X dan Linux. Sistem operasi
dunia. Jika sasaran mereka itu ialah
bagi alatan mobile seperti Android dan juga
badan keselamatan negara seperti polis,
iOS tidak terkecuali menjadi sasaran serangan
askar atau pemimpin negara itu sendiri, APT ini. APT yang dikenali sebagai Careto atau
ini mungkin membawa kepada jatuhnya "The Mask" dikatakan mempunyai ciri-ciri
maruah, kepercayaan, keyakinan rakyat seperti yang telah dinyatakan. Ini bermakna
terhadap negara tersebut dan sebagainya. APT tidak terhad untuk melakukan eksploitasi
terhadap pengguna yang menggunakan
sistem operasi komputer sahaja tetapi juga
APT Yang Dikenali mampu menjangkiti telefon pintar mahupun
tablet. Perkara ini perlu dipandang serius
Terdapat banyak serangan APT yang dan diambil cakna oleh semua pengguna.
telah dikesan sepanjang beberapa tahun Ini kerana boleh dikatakan semua golongan
atau setiap lapisan masyarakat mempunyai
kebelakangan ini. Keadaan ini menunjukkan
peralatan mobile tersendiri yang boleh
bahawa APT bukanlah sesuatu yang boleh mengakses apa sahaja maklumat di hujung
di ambil ringan. Antara beberapa kod nama jari membuatkan APT lebih mudah untuk
APT yang berjaya dikesan ialah GhostNet, disebarkan tanpa mereka sedari.
Operation Aurora, RSA Attack, Shady RAT, Red
October dan lain-lain. Daripada kesemua APT Langkah Pencegahan
yang dapat dikesan setakat ini, terdapat empat
kod nama APT yang banyak diperkatakan dan Berdasarkan kepada bahaya ancaman APT ini,
mempunyai hubungan di antara satu sama semua pengguna perlu sentiasa berwaspada
lain iaitu Stuxnet, Duqu, Flame dan Gauss. serta mengambil tahu mengenai langkah-
Hubungan ini mungkin sekadar hasil kerjasama langkah asas keselamatan komputer seperti
antara pembangun pada peringkat awalnya memasang perisian antivirus, firewall dan
berdasarkan persamaan yang terdapat di perisian keselamatan seumpamanya supaya
dalam penggunaan kod infeksi yang diguna dapat menghalang APT ini di peringkat awal
pakai dalam melakukan eksploitasi. Walau lagi. Setiap komputer peribadi dan telefon
bagaimanapun, terdapat perbezaan jika dilihat pintar juga disarankan agar melakukan
melalui motif dan matlamat serangan di antara proses kemas kini terbaru sistem operasi
keempat-empat APT ini. Selain itu, keempat- dan perisian keselamatan sekerap mungkin
empat APT ini juga dikategorikan antara supaya ia sentiasa berada pada tahap terbaik
malware yang mempunyai kod yang agak untuk mempertahankan keselamatan data
kompleks dan rumit untuk dirungkaikan. dan menutup ruang kelemahan dari terdedah

kepada serangan dan ancaman siber terbaru Perkara yang perlu difahami ialah tiada jalan
78 yang berleluasa pada hari ini. mudah dan singkat dalam membendung
keseluruhan ancaman serangan APT ini.
Tiada jalan mudah untuk mencegah serangan Samada terpaksa atau dipaksa, adalah perlu
APT secara holistik. Walau bagaimanapun, bagi semua pihak menitik-beratkan soal
semua pihak boleh menerapkan kaedah keselamatan komputer dan siber sebagai
gabungan pelbagai jenis lapisan sistem langkah persediaan awal untuk mengelakkan
pertahanan bagi keselamatan komputer, perkara tidak diingini yang mungkin atau bakal
rangkaian mahupun pelayan. Selain saranan berlaku pada bila-bila masa. Oleh itu, adalah
menggunakan antivirus dan firewall, antara sangat disyorkan sebagai antara kaedah
langkah lain yang boleh diambil adalah yang terbaik dalam menghalang APT ini dari
penggunaan Teknologi Pencegahan Kehilangan terus merebak ialah dengan menggabungkan
Data (Data Loss Prevention Technologies), antara penggunaan perisian keselamatan,
menghadkan hak akses pada perkongsian pengetahuan tentang ancaman, pendedahan
fail dan penggunaan USB drive, mewujudkan terhadap taktik dan teknik serangan, dan
polisi keselamatan komputer dan lain-lain. polisi keselamatan komputer dan siber di
Sementara itu, sebagai lapisan tambahan dalam perlaksanaan bagi sesebuah organisasi
untuk menghalang APT ini, pemasangan ataupun untuk penggunaan individu sahaja. ￭
antispam dan tapisan web (web filtering) juga
antara mekanisme yang baik untuk diguna Rujukan:
pakai.
1. Fortinet. (2013). Threats on the Horizon -
The Rise of the Advanced Persistent Threat.
Kesimpulan Solution Brief. Retrieved from http://www.
fortinet.com/sites/default/files/solutionbrief/
threats-on-the-horizon-rise-of-advanced-
Sebagai kesimpulannya, segala bentuk persistent-threats.pdf
kesedaran dalam usaha untuk mendedah dan 2. Global Research & Analysis Team (GReAT),
(2012). Gauss: Nation-state cyber-surveillance
memberi pengetahuan tentang keselamatan
meets banking Trojan. Retrieved from http://
siber ini perlu dipergiatkan seiring dengan www.securelist.com/en/blog/208193767/
kemajuan yang dicapai dalam teknologi 3. Gostev, A. (2012). ’Gadget’ in the middle:
Flame malware spreading vector identified.
maklumat di negara kita hari ini. Pengetahuan
Retrieved from http://www.securelist.com/
mengenai amalan pertahanan dan keselamatan en/blog/208193558/Gadget_in_the_middle_
ini adalah perkara tunjang yang perlu diambil Flame_malware_spreading_vector_identified
berat oleh semua pihak. Dengan meningkatnya 4. Kaspersky. (2014). Kaspersky Lab Uncovers
“The Mask”: One of the Most Advanced Global
jumlah penggunaan e-mel, akses laman sosial, Cyber-espionage Operations to Date Due
perkongsian fail atas talian dan lain-lain lagi to the Complexity of the Toolset Used by
sebagai medium komunikasi dan perantaraan, the Attackers. Retrieved from http://www.
k a s p e r s k y. c o m / a b o u t / n e w s / v i r u s / 2 0 1 4 /
adalah menjadi satu kemestian bagi
Kaspersky-Lab-Uncovers-The-Mask-One-of-
setiap individu untuk sekurang-kurangnya the-Most-Advanced-Global-Cyber-espionage-
memahami secara asas tentang ancaman dan Operations-to-Date-Due-to-the-Complexity-of-
the-Toolset-Used-by-the-Attackers
langkah pencegahan yang perlu di ambil.
5. Oltsik, J. (2013). Addressing APTs and Modern
Malware with Security Intelligence. ESG Brief.
Langkah pencegahan dan pertahanan yang Retrieved from http://www.webroot.com/
perlu diambil mungkin kelihatan remeh dan shared/pdf/ESG-Brief-Webroot-Sept-2013.pdf
6. Trendmicro. (2013). How Do Threat Actors
merumitkan, namun ia sangat membantu Move Deeper Into Your Network?. Retrieved
dan dapat menyukarkan penjenayah siber from http://about-threats.trendmicro.com/
dalam melakukan aktiviti jahat serta tidak cloud-content/us/ent-primers/pdf/tlp_lateral_
movement.pdf
bertanggungjawab pada peringkat awalnya.

Antivirus
79
Kini, terdapat pemahaman yang biasa dan meluas di kalangan pengguna-
pengguna komputer tentang jenis kemudaratan yang virus komputer boleh
lakukan dan bagaimana ia merebak.
By | Muhammad Arman, Mohd. Fadzlan
Pengenalan Apakah sebabnya pengguna di pejabat tidak

digalakkan untuk menggunakan perisian Antivirus
Antivirus ialah perisian perlindung dan yang percuma? Salah satu sebab utama ialah
pertahanan komputer terhadap perisian yang kerana pengguna komersil banyak menggunakan
berniat jahat. Perisian yang berniat jahat aplikasi seperti Intranet, perkongsian direktori,
atau perisian perosak adalah termasuk Virus, perkongsian fail, penggunaan pemacu USB dan
Trojans, Keyloggers, Hijacker, Dialers , Worm lain-lain. Melalui perkongsian ini, Virus amat
dan kod-kod yang berupaya mencuri kandungan mudah menjangkiti komputer di dalam rangkaian
data dari komputer anda. Untuk menjadikan dan penyebarannya kadangkala tidak dapat
ditahan oleh perisian Antivirus yang percuma.
Antivirus sebagai satu pertahanan komputer
Keupayaan perisian Antivirus percuma juga tidak
yang berkesan, perisian antivirus perlu sentiasa
merangkumi semua aspek keselamatan siber.
berfungsi pada sepanjang masa, dan harus
dikemaskini kerapkali untuk mengenal pasti
versi perisian terbaru yang berniat jahat.
Windows Defender
Apa pula Windows Defender?

Terdapat beberapa perisian Antivirus yang
diberikan secara percuma kepada pengguna.
Windows Defender adalah perisian dari Microsoft
Antaranya ialah AVG (www.avg.com), Avast
dan dikenali sebagai Microsoft AntiSpyware
(www.avast.com) dan Avira (www.avira.com).
pada masa dahulu. Ia dibangunkan oleh GIANT
Walau bagaimanapun, perisian percuma ini
Company Software Inc. dan telah diambilalih
adalah tidak digalakkan untuk digunapakai
oleh Microsoft pada 16 Disember 2004. Versi
oleh pengguna yang menggunakan komputer
percubaan perisian Microsoft AntiSpyware ini
mereka di pejabat (pengguna komersil). Ini
telah dikeluarkan pada 6 January 2005. Pada
adalah kerana perisian Antivirus percuma masa tersebut, pengguna yang menggunakan
lebih disasarkan kepada pengguna yang sistem pengoperasian Windows XP dan
menggunakan komputer mereka di rumah dan keatas sahaja yang boleh memuat turun dan
mempunyai rangkaian jaringan berskala kecil. menggunakannya. Perisian ini membantu
pengguna komputer untuk memantau setiap
fail yang ada di dalam komputer mereka sama
ada berisiko dijangkiti virus ataupun tidak.
Sehingga kini, Windows Defender masih lagi
diguna pakai dan ianya telah ditukar nama
kepada Microsoft Security Essentials.
Pentingnya Keperluan Untuk

Sentiasa Mengemaskinikan
Perisian Antivirus Anda
Antara perisian Antivirus yang ada di pasaran
Antara persoalan yang sering timbul

ialah mengapa perlunya perisian Antivirus malware.
dikemaskini selalu? Bagi sebilangan pengguna
80 komputer, mereka berasa tidak selesa jika Statistik di bawah menunjukkan peratusan
perisian Antivirus mengeluarkan arahan untuk jenis-jenis malware yang dikesan sepanjang
dikemaskini secara kerap. Sebagai contoh jika tahun 2013.
arahan itu keluar setiap tiga hari atau dua hari
sekali. Terdapat juga perisian Antivirus yang
menyediakan servis kemaskini hampir setiap
hari. Ianya tentu sangat mengjengkelkan bukan?
Untuk menjawab persoalan ini, kita harus

memahami bagaimana Antivirus berfungsi.
Sebenarnya Antivirus dicipta untuk mengesan
sebarang jenis malware (sebarang program
yang berniat jahat) berdasarkan signature Sumber: http://press.pandasecurity.com/
(tandatangan) malware tersebut. Setiap malware

mempunyai kod yang unik dan mempunyai Tugas Antivirus seterusnya ialah mengesan dan
signature yang tersendiri. Untuk memudahkan menyekat sebarang program komputer yang
kefahaman, ianya boleh diumpamakan seperti sudah disenarai hitam sebagai merbahaya. Ia
kereta yang mempunyai nombor plat, enjin, boleh diumpamakan seperti pihak polis yang
chasis dan sebagainya. Sebelum ianya digunakan melakukan sekatan jalan raya dan menahan
di jalan raya, nombor-nombor tersebut akan kereta-kereta yang telah disenaraihitam.
direkodkan oleh pihak yang berwajib untuk
tujuan mengenalpasti dan memudahkan Apa akan terjadi jika anda malas dan mengabaikan
pencarian. Sekiranya kereta tersebut digunakan proses kemaskini perisian Antivirus? Risiko
untuk tujuan membuat jenayah, maka kereta itu untuk komputer anda dijangkiti malware adalah
akan disenarai hitamkan dan nombor-nombor lebih tinggi. Menurut statistik yang dikeluarkan
tadi akan diedarkan untuk dikenalpasti dan oleh Kaspersky Lab pada tahun 2012, mereka
memudahkan pencarian. telah berjaya mengesan lebih 200,000 malware
baru setiap hari.
Samalah juga halnya dengan Antivirus.
Pengeluar-pengeluar Antivirus mempunyai Perisian Antivirus Palsu
makmal mereka yang tersendiri untuk mengesan
dan menganalisa malware yang merebak di Apakah pula perisian Antivirus palsu?
dunia maya. Apabila malware tersebut dikesan,
signature itu akan disimpan di pangkalan Perisian Antivirus palsu adalah dikenali juga
data. Selepas itu, perisian Antivirus akan sebagai Scam Antivirus. Bagaimana ia menjangkiti
memuat turun signature malware yang baru komputer anda? Scam Antivirus adalah perisian
dijumpai dari pangkalan data tersebut. Proses yang anda muat turun dari laman sesawang
inilah yang berlaku ketika kita mengemaskini yang mempunyai iklan percuma. Pernahkah bila
perisian Antivirus bersama dengan langkah- anda melawati laman sesawang, secara tiba-tiba
langkah pencegahan dan juga bagaimana ada popup yang mengatakan komputer anda
untuk menghapuskan malware tersebut. dijangkiti virus dan anda dikehendaki memuat
turun perisian yang bernilai ratusan ringgit tetapi
Jika signature sesuatu malware di kesan oleh diberikan secara percuma kerana anda adalah
Antivirus, fail yang dijangkiti itu akan terus pengunjung bertuah. Selesai sahaja anda memuat
dikuarantinkan dan akan ada notifikasi untuk turun dan memasangnya, komputer anda secara
memberitahu pengguna komputer bahawa mayanya adalah hak milik individu lain. Ini kerana
komputer mereka telah dijangkiti virus atau pihak yang tidak bertanggungjawab itu telah

memasang perisian untuk mengawal komputer
anda dari jarak jauh.
81
Identiti anda dan semua fail di dalam komputer
anda boleh diakses dengan sewenang-wenangnya
oleh pihak yang tidak bertanggungjawab.
Lebih berisiko lagi jika anda menyimpan nama
pengguna dan kata laluan di dalam komputer
anda.Sudah pasti ianya dapat diketahui oleh
pihak yang tidak bertanggungjawab itu.
Gambarajah berikut adalah contoh perisian

Antivirus palsu.
Penutup
Pengguna komputer amat digalakkan untuk

memuat turun perisian Antivirus yang
sah dan seterusnya menjadikan amalan
mengemaskini signature Antivirus anda
setiap hari atau sekerap mungkin sebagai
amalan yang terbaik. Jangan sesekali
terpedaya dengan perisian Antivirus percuma
yang bukan dari laman sesawang pengeluar
Antivirus yang asli. Jadilah pengguna yang
bijak dengan cuba memahami fungsi dan cara
kerja Antivirus dan jangan lagi merungut jika
perisian Antivirus anda kerap mengeluarkan
arahan untuk dikemaskini. Perkara sekecil
ini haruslah dititikberatkan bagi menjamin
keselamatan dan privasi anda sendiri. Anda
juga boleh menggunakan fungsi kemaskini
yang sedia ada secara otomatik untuk
memastikan Antivirus pada komputer anda
dikemaskini secara berkala.￭
Rujukan
1. h t t p : / / e n . w i k i p e d i a . o r g / w i k i / W i n d o w s _
Defender
2. h t t p : / / e n . w i k i p e d i a . o r g / w i k i / G I A N T _
AntiSpyware
3. h t t p : / / e n . w i k i p e d i a . o r g / w i k i / M i c r o s o f t _
Security_Essentials
4. http://netforbeginners.about.com/od/a/g/
antivirus.htm
5. https://sc1.checkpoint.com/documents/R76/
CP_R76_AntiBotAntiVirus_AdminGuide/index.
html
6. http://www.mdcomputing.com/introduction-
to-antivirus-software-including-
recommendations

Mengenali Apa Itu Emel Phishing
82
By | Faiszatulnasro bt Mohd Maksom
1.0 Pengenalan telah dilaporkan melalui Pusat Bantuan

Cyber999. Jika dibandingkan dengan suku
pertama pada tahun 2014 pula, sebanyak
Phishing walaupun secara umumnya 858 insiden yang telah dilaporkan, iaitu
dikategorikan sebagai jenayah penipuan peningkatan lebih daripada 36 peratus.
siber, namun, masih terdapat pengguna Peningkatan tersebut tidak menunjukkan
Internet yang menjadi mangsanya. Mangsa lebih banyak kes phishing yang berlaku pada
phishing kebiasaannya tersedar yang mereka tahun 2014, sebaliknya berkemungkinan
telah tertipu selepas kehilangan sejumlah pengguna Internet mengetahui apa yang perlu
wang akibat daripada tindakan mereka dilakukan sekiranya mereka berhadapan
memasukkan katanama dan katalaluan di dengan e-mel atau laman phishing. Iaitu,
laman perbankan phishing. Kejadian seperti melaporkan kepada badan atau pihak yang
ini tidak sahaja berlaku kepada pengguna boleh mengambil tindakan ke atas e-mel dan
perbankan di atas talian, tetapi melibatkan laman phishing yang diterima.
juga pengguna laman sosial, akaun e-mel
dan pelbagai akaun lain yang memerlukan
pengguna memasukkan katanama dan
katalaluan.
Justeru, sekiranya katalaluan dan katanama

tersebut jatuh ke tangan penjenayah
phishing, akaun terbabit dan maklumat
peribadi mangsa boleh disalahguna bagi
tujuan yang tidak sepatutnya, sekaligus
boleh mencalarkan reputasi pemilik akaun
tersebut. Lantas, mangsa akan berhadapan
dengan situasi kecurian identiti sama ada
Graf 1: Perbandingan laporan kes phishing pada suku
disedari ataupun tidak.
pertama tahun 2013 dan 2014
Aktiviti phishing kebiasaannya dilakukan

melalui e-mel, laman sesawang, panggilan
telefon dan sebagainya. Menurut
2.0 Analisis Data Phishing
pemerhatian, phishing yang menggunakan
e-mel sebagai medium adalah yang paling Data seterusnya merupakan data
banyak digunakan kerana isi kandungan phishing yang menghoskan laman
yang ringkas dan boleh dihantar kepada phishing jenama bank tempatan. Hasil
sesiapa sahaja tanpa mengira demografi daripada analisis yang dilakukan kepada
penerima e-mel tersebut. data Pusat Bantuan MyCERT, maklumat
yang diperoleh dikelaskan seperti jadual
Merujuk kepada statistik yang direkodkan di bawah mengikut bulan pada suku
oleh MyCERT dalam tempoh suku pertama pertama tahun 2014. Maklumat URL
tahun 2013, sebanyak 629 insiden phishing laman phishing yang dianalisis bertujuan

mendapatkan maklumat domain, IP dan 3.1 PHPMAILER
83
jenis jenama yang unik.
Januari Februari Mac Kepala e-mel mempunyai pelbagai

Domain maklumat berkaitan dengan alamat e-mel
27 47 53
Unik penerima dan penghantar, tarikh dan
IP Unik 28 45 47 masa, subjek dan sebagainya. Maklumat-
Jenama
7 8 4
maklumat tersebut direkod oleh pelayan
Unik
mel apabila e-mel tersebut dihantar
Jadual 1: Data phishing
dari satu pelayan ke pelayan yang lain
sehingga sampai kepada penerima e-mel
Keseluruhan URL laman phishing yang
tersebut. Kepala e-mel dianalisis untuk
menghoskan jenama bank tempatan
mengesan daripada mana e-mel tersebut
yang telah dilaporkan adalah sebanyak
dihantar, rekod laluan pelayan ketika
212. Domain unik yang tertinggi yang
penghantaran e-mel berkenaan dan
dilaporkan adalah pada bulan Mac iaitu
memastikan sama ada e-mel tersebut
sebanyak 53. Jumlah tersebut adalah yang
adalah e-mel penyamaran ataupun tidak.
tertinggi yang mana berkemungkinan
domain yang telah dikompromi untuk
PHPMailer ialah pengkodan untuk
menghoskan laman phishing telah dibaiki
menghantar e-mail dengan lebih mudah
dan diperkukuhkan, menyebabkan
dan menggunakan pengkodan PHP
pelaku jenayah phishing beralih mencari
di pelayan web, lalu membenarkan
domain yang mempunyai keselamatan
penghantaran e-mel melalui laman web.
aplikasi yang ampuh. Statistik ini juga
Penggunaan PHPMailer lebih mudah
menunjukkan jumlah tertinggi bagi IP
untuk menghantar e-mel, antaranya
unik yang menghoskan laman phishing
boleh memasukkan lebih daripada satu
adalah pada bulan Mac, iaitu sebanyak 47
penerima e-mel, penggunaan CC dan BCC;
IP dan ianya selari dengan peningkatan
dan menyertakan lampiran. Penggunaan
domain unik yang dilaporkan.
fungsi-fungsi tersebut adalah lebih
fleksi iaitu boleh diubahsuai mengikut
kehendak si penghantar e-mel.
3.0 Teknik Phishing
Dalam contoh kepala e-mel yang
Penjenayah phishing sentiasa diperolehi, X-PHP-Script merekodkan
menggunakan kepelbagaian teknik e-mel yang dihantar menggunakan
untuk memerangkap pengguna Internet PHPMailer.
sehingga mereka menjadi mangsa
penipuan phishing. Secara teknikalnya,
penjenayah phishing ini menggunakan
kaedah pengkodan untuk mengeksploit
kelemahan pada aplikasi sesuatu sistem,
terutamanya dari segi keselamatan.
Kebiasaannya, kod akan diletakkan
pada pelayan web yang mempunyai
kerentanan. Kaedah ini bertujuan
mengelakkan penjenayah phishing
daripada dikesan.
Rajah 1: Contoh kepala e-mel

84 Sekiranya pautan di atas dibuka mangsa tersebut cuba membuka laman
menggunakan pelayar sesawang, antara sesawang phishing, pelayar sesawang
mukanya akan kelihatan seperti gambar mangsa akan dialihkan kepada laman
rajah di bawah. Laman sesawang tersebut '404 Page not found' atau '403
menunjukkan ianya telah dikompromi dan Forbidden' secara automatik.
PHPMailer digunakan. Laman sesawang
tersebut berfungsi sebagai satu proksi
mel menggunakan skrip sesawang yang 4.0 Jenis Isi Kandungan E-mel
dieksploitasi untuk menghantar e-mel Phising
phishing mahupun e-mel spam.
Penyebaran jenayah phishing melalui

e-mel adalah antara cara termudah
bagi memerangkap mangsa. E-mel
phishing kebanyakannya menggunakan
teknik penyebaran e-mel ‘blast’,
selain menghantar e-mel phishing
kepada pengguna yang disasarkan.
Isi kandungan e-mel phishing hampir
kesemuanya mempunyai mesej yang
berunsurkan amaran kepada pemilik
Rajah 2: Antara muka PHPMailer
akaun dan menjadikan ianya sebagai
platform yang menghalakan penerima
e-mel untuk melayari laman phishing.
3.2 Bouncer List Seterusnya, ia akan mendorong mangsa
memasukkan katanama dan katalaluan
'Bouncer list’ phishing merupakan teknik di laman sesawang yang kelihatan
yang digunakan untuk menyasarkan seolah-olah laman sesawang yang sah.
phishing pada mangsa yang ditentukan,
iaitu dengan membuat satu senarai
ID. Mangsa yang menerima e-mel 4.1 E-Mel Dengan Lampiran
phishing akan cuba untuk mengakses HTML
ke laman phishing tersebut, IDnya
akan disahkan terlebih dahulu sama
ada ianya termasuk di dalam senarai E-mel phishing yang dihantar memberi
sasaran ataupun tidak. Sekiranya perintah kepada penerima e-mel supaya
ID mangsa tersenarai, mangsa akan memuat turun lampiran yang disertakan.
dapat melihat laman phishing tersebut Apabila penerima e-mel membuka
melalui pelayar sesawang. Jika mangsa lampiran tersebut yang berbentuk
memasukkan maklumat peribadi borang, beberapa butiran peribadi yang
perbankan ke laman phishing tersebut, berkaitan dengan maklumat perbankan
maklumat-maklumat peribadi tersebut perlu diisi. Setelah selesai mengisi
akan dihantar kepada penjenayah borang dan bagi melengkapkan proses
phishing. Sebaliknya yang terjadi tersebut, butang 'submit' ditekan lalu
sekiranya ID mangsa tidak termasuk tanpa disedari mangsa, maklumat-
di dalam senarai 'bouncer'. Sekiranya maklumat peribadi tersebut dihantar

kepada penjenayah phishing. Teknik Kebiasaannya jika ada pemindahan 85
ini menggunakan kaedah POST yang sejumlah wang melalui atas talian ke
menghantar maklumat-maklumat dalam akaun, e-mel notifikasi akan
peribadi tersebut ke pelayan sesawang dihantar kepada pemilik akaun sebagai
yang telah diaturkan bagi tujuan makluman. Kaedah ini dieksploitasi
penyimpanan dan pemprosesan data. dengan menggunakan teknik
Sementara maklumat tersebut dihantar kejuruteraan sosial agar penerima e-mel
ke pelayan, mangsa akan mengalami bertindak balas dengan maklumat yang
keadaan di mana pelayar sesawang diterima lalu mengklik pautan yang ada
menjadi skrin putih dalam tempoh satu di dalam e-mel phishing tersebut.
ke dua saat, lalu mangsa dialihkan
ke laman perbankan yang sah secara
automatik. Situasi ini membuatkan
mangsa berfikir bahawa keseluruhan
proses tersebut adalah transaksi yang
sah. Namun, ianya adalah sebaliknya.
Rajah 2: E-mel notifikasi pemindahan wang
4.3 E-Mel Notifikasi

Pembayaran Bil
Rajah 1: E-mel phishing dengan lampiran HTML
(bahagian atas)
Reaksi manusia terhadap kewangan

peribadi mereka adalah perkara
yang sering diberi keutamaan.
Sekiranya e-mel notifikasi berkaitan
akaun peribadi yang menunjukkan
seolah-olah ia telah digunakan oleh
pihak lain bagi membuat transaksi
yang tidak mendapat pengesahan
atau pengetahuan pemilik akaun,
sememangnya akan menimbulkan
kebimbangan terhadap pemilik akaun
Rajah 2: E-mel phishing dengan lampiran HTML tersebut. Kejadian seperti ini boleh
(bahagian bawah) berlaku dengan pantas di mana
penerima e-mel akan mengklik pautan
4.2 E-Mel Notifikasi Pemindahan yang ada di dalam e-mel phishing bagi
Wang menyemak transaksi yang berlaku.

kaedah phishing digunakan untuk
86 memerangkap mangsa. Isi kandungan
di dalam e-mel phishing sentiasa diubah
mengikut keadaan semasa dan mangsa
yang lalai secara tidak langsung akan
menyerahkan maklumat peribadi mereka
kepada penjenayah phishing.
Justeru, pelbagai kaedah juga telah dan

Rajah 3: E-mel notifikasi pembayaran bil boleh dilakukan untuk menghindarkan
diri daripada menjadi mangsa kepada
penipuan phishing. Langkah pencegahan
4.5 E-Mel Penyelenggaraan di sentiasa berkaitan dengan tahap
atas Talian kesedaran dan cara pengguna Internet
berhadapan dengan penipuan phishing.
Jika diperhatikan, pendedahan maklumat
E-mel yang kelihatan lebih formal berkaitan phishing terhadap pengguna
membuatkan penerima e-mel Internet yang kurang berpengetahuan
beranggapan bahawa ianya adalah dari segi keselamatan komputer adalah
e-mel yang sah daripada pihak bank. masih di tahap yang agak rendah. Ini
Penggunaan perkataan seperti 'free', adalah kerana, mangsa penipuan phishing
'security', 'safe', 'care' dan sebagainya kurang ataupun mungkin tiada langsung
secara psikologi memberikan jaminan didedahkan kepada maklumat berkaitan.
keselamatan kepada pemilik akaun. Isi Dengan adanya program kesedaran yang
kandungan di dalam e-mel direka untuk dilakukan dari peringkat sekolah rendah
mendapat kepercayaan dan keyakinan ke peringkat korporat, sedikit sebanyak
daripada pemilik akaun bahawa apa yang membantu meningkatkan kesedaran orang
diarahkan adalah dijamin oleh pihak ramai berkenaan keselamatan komputer
bank itu sendiri. secara umumnya. ￭
6.0 Rujukan
i. Pusat Bantuan MyCERT
ii. h t t p : / / n e w s . n e t c r a f t . c o m /
archives/2012/11/13/phishing-attacks-using-
html-attachments.html
iii. h t t p s : / / s u p p o r t . g o o g l e . c o m / m a i l /
answer/29436?hl=en
Rajah 4: E-mel jadual penyelenggaraan di atas talian
iv. h t t p s : / / c o d e . g o o g l e . c o m / a / a p a c h e - e x t r a s .
org/p/phpmailer/wiki/UsefulTutorial
5.0 Kesimpulan
v. http://en.wikipedia.org/wiki/Phpmailer
Dengan kemajuan teknologi yang ada pada vi. h t t p s : / / b l o g s . r s a . c o m / l a s e r - p r e c i s i o n -

hari ini, pelbagai bentuk e-mel mahupun phishing-are-you-on-the-bouncers-list-today/

Pendayaan Sistem Nama Domain (DNS)
87
By | Nor Safwan Amirul
Pendahuluan majoritinya dimiliki oleh syarikat-syarikat

yang besar dan berpengaruh.
Manusia tidak mempunyai daya untuk
menghafal sesempurna komputer kerana Untuk pengetahuan anda, serangan
komputer mampu untuk mengingati beribu- yang digunakan oleh pihak yang tidak
ribu alamat nombor IP bagi mengecam atau bertanggungjawab atau lebih dikenali sebagai
mengenalpasti sesuatu laman sesawang. penggodam (hackers) bagi menggodam
Tetapi sekiranya nombor alamat IP itu laman-laman sesawang tersebut dikenali
ditafsirkan kepada nama-nama yang mudah sebagai serangan pendayaan DNS.
difahami, ia dapat memudahkan manusia
untuk mengingatinya. Dan kerana itulah,
DNS dicipta. DNS atau lebih dikenali sebagai
Sistem Nama Domain merupakan satu
analogi yang berfungsi sebagai buku telefon
untuk Internet dengan menterjemahkan
bahasa manusia kepada alamat IP. Sebagai
contoh, nama domain www.contoh.com
diterjemahkan kepada alamat 192.0.44.20.
Dengan DNS, pengguna boleh mengakses
laman sesawang dengan hanya mengingati
nama laman sesawang atau alamat laman
sesawang tanpa mengingati alamat IP laman
sesawang tersebut. Namun disebabkan Beberapa serangan dan isu keselamatan
teknologi yang semakin tinggi dan yang terjadi kepada Pelayan DNS adalah:
pengetahuan yang makin meluas, telah
memberi laluan kepada pihak yang tidak Serangan Protokol DNS
bertanggungjawab untuk menyalahgunakan
kepakaran mereka dengan menggodam Serangan protokol DNS berlaku disebabkan
sesuatu laman sesawang bagi bertujuan oleh kelemahan pada protokolnya sendiri.
memanipulasikan sesetengah informasi Terdapat tiga perkara yang diperlukan untuk
dengan hanya menggunakan DNS. serangan protokol iaitu:
Pada 1 Julai 2013 yang lalu, samada disedari Peracunan Cache DNS (DNS Cache
atau tidak, rakyat Malaysia di kejutkan dengan Poisoning )
berita serangan penggodam yang menyerang
laman-laman sesawang ternama di Malaysia. Peracunan cache DNS ialah sejenis serangan
Antara laman sesawang yang terlibat adalah penggodaman komputer, di mana data
Google Malaysia , Microsoft Malaysia, Bing diberikan kepada pangkalan data cache bagi
Malaysia, YouTube Malaysia, Dell Malaysia, nama pelayan DNS yang mengakibatkan
Skype Malaysia, Kaspersky Malaysia dan nama pelayan tersebut memberikan alamat
lain-lain. Jika diperhatikan, laman sesawang IP yang salah dan terus mengalihkan trafik
yang terlibat bukanlah sebarangan dan ke komputer lain (biasanya komputer si

penggodam). Penggodam tersebut akan ini dipanggil error handling dimana ianya
88
cuba menggantikan rekod alamat domain berlainan dengan proses yang biasa di
yang palsu ke dalam pelayan DNS. Sekiranya gunakan. Setiap proses yang tidak sah akan
Pelayan DNS telah diubah dengan rekod memanggil semula fungsi yang memerlukan
yang palsu, maka terhasillah rekod cache beberapa saiz permintaan buffer. Proses ini
yang telah diracuni. Setiap permintaan oleh juga akan menyebabkan limpahan proses
pengguna yang menggunakan pelayan DNS dimana ia akan menggantikan memori
tersebut akan diarahkan ke alamat yang buffer yang dimiliki oleh andaian yang tidak
telah ditentukan oleh penggodam. sah kepada yang sah. Penggodam boleh
menggunakan teknik limpahan buffer bagi
DNS Spoofing mendapatkan hak untuk mengakses sistem
tersebut.
DNS spoofing merupakan aktiviti yang
merujuk kepada aktiviti menjawab Limpahan Buffer in nslookupComplain()
permintaan dari pengguna yang sepatutnya berlaku pada BIND versi 4
dituju kepada pelayan yang lain. Aktiviti ini
melibatkan komunikasi di antara pengguna Di dalam BIND , vulnerable buffer digunakan
kepada pelayan DNS, dan kemudian, dari untuk mengeluarkan kesalahan mesej
pelayan DNS kepada pelayan DNS yang lain. khas untuk syslog (catatan rekod aktiviti
Melalui proses ini, penggodam akan cuba komputer). Penggodam akan menggunakan
meniru struktur paket yang diminta oleh kelemahan yang ada pada BIND versi 4
pengguna dan mengawalnya. dengan DNS query yang telah diselindungi
dengan maklumat yang boleh mengancam
Serangan ID DNS BIND versi 4. Dengan memanipulasi data yang
telah dieksploitasi, ia boleh mengganggu
Setiap interaksi seperti identiti (ID) proses DNS dan menyebabkan berlakunya
permintaan dan jawapan yang digunakan oleh DDOS (Serangan penafian-perkhidmatan).
pelayan DNS adalah dengan menggunakan • SRV bug (resource rekod )
nombor. Penggodam perlu mengetahui • NXT bug (resource rekod )
ID yang diperlukan oleh pengguna untuk
menjalankan DNS ID hacking. Dengan
menggunakan kaedah DNS spoofing, Pencegahan Serta Langkah
penggodam akan menyerupai data yang Mengatasi Serangan Pendayaan
dihantar kepada pengguna untuk mengubah DNS
haluan kepada pelayan yang dikehendaki
oleh penggodam . Kebanyakan punca utama berlakunya
pendayaan DNS adalah kerana kelemahan
Serangan Pelayan DNS (BIND) yang ada pada pelayan BIND itu sendiri.
Oleh yang demikian di antara langkah
Limpahan Buffer (Buffer Overflow) pada kod pencegahan yang boleh di lakukan ialah
TSIG (transaksi tandatangan) berlaku pada dengan menggunakan versi BIND dan patch
BIND versi 8 semasa berlakunya proses TSIG, terbaru. Versi BIND memainkan peranan di
BIND (Berkeley Nama Domain Internet) akan dalam memberi peluang kepada penggodam
memantau setiap proses TSIG yang memiliki untuk melakukan pendayaan DNS. Ini adalah
kunci yang salah dan terus mengeluarkan kerana sebahagian besar daripada versi
kod yang menyatakan terdapat kesalahan BIND yang lama mempunyai eksploitasi
atau masalah pada kod tersebut. Proses yang boleh digunakan oleh penggodam.

Sekiranya pengguna menggunakan versi • Menyembunyikan informasi versi 89
BIND yang baru, ia dapat mengurangkan BIND
serangan kerana kelemahan yang ada pada Pada asalnya , secara automatik
versi BIND yang lama telah diperbaiki. konfigurasi yang ada pada BIND akan
Berikut adalah beberapa langkah bertindak balas dengan memberi
pencegahan untuk pendayaan DNS: segala informasi berkaitan versinya
kepada pengguna yang meminta
• Membataskan zone-transfer identiti versi BIND tersebut. Informasi
Bagi mengelakkan perkara ini berlaku, ini terletak di rekod .txt dibawah
pengguna haruslah mengurangkan chaosNET class. Informasi ini
penggunaan pemindahan zon DNS selalunya digunakan oleh pentadbir
kepada pelayan yang boleh dipercayai sistem untuk melakukan kerja kerja
bagi mendapatkan maklumat atau penyenggaraan. Perlu diingati yang
data zone yang berkaitan. Selain itu, penggodam juga boleh mengambil
pengguna juga boleh menggunakan kesempatan dengan menggunakan
kaedah pengalihan identiti iaitu informasi versi BIND untuk mencari
dengan menggunakan Transaction kelemahan yang ada pada versi BIND
SIGnature (TSIG) di mana penggunaan tersebut.
kod TSIG yang sama digunakan oleh
pelayan utama dan dengan ini zone- • Mengehadkan kawalan akses
transfer tidak perlu lagi dilakukan Dengan mengehadkan tindak balas
oleh pelayan. oleh Pelayan DNS luar kepada
pengguna IP nombor IP awam sahaja.
• Pengawalan dynamic update Ia dapat mengelakkan Pelayan DNS
Sama seperti membataskan luar daripada menerima permintaan
penggunaan zone transfer, pengguna dari pengguna nombor IP dalaman.
juga perlu membataskan penggunaan Ini telah termaktub dalam RFC 1918.
dynamic update dengan hanya Berdasarkan Penguatkuasaan Nombor
bergantung kepada pelayan-pelayan Teruntuk Internet (IANA) dibawah
yang telah dipercayai. Akta RFC 1918, setiap nombor IP
Internet telah dibahagikan kepada
• Pengawalan query tiga bahagian .
Dengan pengawalan permintaan 10.0.0.0 - 10.255.255.255 (10/8
rekursif (proses berulang-ulang) prefix)
pada pelayan DNS, ianya dapat 172.16.0.0 - 172.31.255.255
mengurangkan ancaman DNS (172.16/12 prefix)
spoofing/cache poisoning. Permintaan 192.168.0.0 - 192.168.255.255
rekursif dapat dikawal dengan (192.168/16 prefix)8
memberi pilihan kepada pengguna
untuk membenarkan rekursif. Oleh kerana alamat nombor yang telah
Contoh: di bahagikan seperti diatas tidak di
options { dedahkan di Internet , maka tindak
... balas daripada pelayan DNS luar dapat
allow-recursion dihalang oleh router Internet, dengan
{192.168.3.0/24;}; ini kebarangkalian menerima serangan
... DDOS dapat dielakkan.
};

90 • Menutup laluan yang tidak diperlukan 4. McAfee Stinger
dan menganalisa lalu lintas data. 5. Malwarebytes
Laluan yang tidak digunakan pada 6. Microsoft Windows Defender
host yang nama-pelayan sebaiknya Offline
7. Microsoft Safety Scanner
dimatikan. Laluan setiap data juga
8. Norton Power Eraser
haruslah dianalisa dengan menapis
segala laluan data yang meragukan.
Laluan yang biasa digunakan seperti Kesimpulan
port 53/tcp dan port 53/udp boleh
dibuka dan seharusnya dipantau. Salah
satu langkah untuk menapis segala Keselamatan bukanlah bermaksud
laluan adalah dengan menggunakan selamat dari segala ancaman tetapi
firewall. ia merupakan satu langkah bagi
mengurangkan atau menghindarkan
• Mengambil tahu tentang isu-isu diri dari segala ancaman yang bakal
terkini tentang keselamatan BIND. Log mendatang. Keselamatan boleh
sistem yang terdapat pada transaksi diandaikan seperti rangkaian rantai
pelayan boleh dijadikan tempat dimana kekuatan sesuatu keselamatan
rujukan untuk menganalisa segala itu adalah bergantung kepada semua
laluan data transaksi pelayan. Selain aspek yang bermula dari struktur
itu, dengan mengikuti perkembangan kekuatan keselamatan itu sendiri
isu-isu terkini tentang keselamatan sehinggalah ke penggunanya. Adalah
DNS dan BIND dengan melanggan diharapkan artikel ini dapat memberikan
mailing list atau laman sesawang gambaran tentang betapa pentingnya
yang berkaitan dengan keselamatan isu keselamatan pelayan DNS dan
BIND. Selain itu, ia dapat dijadikan memastikan perkhidmatan pelayan DNS
bahan rujukan untuk mengetahui sentiasa selamat dan kekal aktif di dalam
informasi dan kelemahan yang ada jaringan. ￭
pada sistem pelayan.
Rujukan
• Penyalinan Data
Penyalinan data amat penting untuk • h t t p : / / w w w. t h e s t a r. c o m . m y / Te c h / Te c h -
menghadapi perkara yang tidak News/2013/10/11/Google-Malaysia-page-
diingini. Sekuat mana keselamatan redirect.aspx
yang digunakan , bukan bermakna kita

• http://dawn.com/news/1048989/google-
dapat menepis 100 peratus daripada malaysia-hacked-by-pakistani-team
berlakunya serangan. Dengan itu, kita
seharusnya melakukan penyalinan • h t t p : / / w w w . t h e v e r g e .
com/2013/10/10/4825914/google-malaysia-
data bagi langkah berjaga-jaga.
taken-down-by-hackers
Beberapa URL dan aplikasi yang boleh • http://www.cert.org/advisories/CA-2001-02.

mengesan/menghalang pengguna html
daripada terkena serangan pendayaan
DNS. • http://www.linuxsecurity.com/resource_files/
1. http://dnschanger.detect.my ( by server_security/securing_an_internet_name_
CyberSecurity Malaysia) server.pdf
2. Hitman Pro
• http://pl.duniasemu.org/network/bind_dns/
3. Kaspersky Labs TDSSKiller
bind_dns-4.html

n
childre
Information we put in on the Internet are out in the open sea.

Stalkers only need to phish them out.
Be smart.Be safe
logon to www. . my to find out more cybersafe.malaysia
Best Child Online

Protection Website
hendAP SIBER: Informasi anda sentiasa diperlukan dan
selalu diperhatikan tanpa disedari.
Laporkan
kepada kami di
cyber999@cybersecurity.my
layari www. . my untuk maklumat lebih lanjut cybersafe.malaysia
Best Child Online

Protection Website
Private information on the Internet is public property
logon to www. . my to find out more cybersafe.malaysia
Best Child Online

Protection Website

E Security Vol 36 1 2014

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

E Security Vol 36 1 2014

Uploaded by

Copyright:

Available Formats

ii

e-Security | Vol: 36-(1/2014)

Thank you and warmest regards,

DR. AMIRUDIN ABDUL WAHAB

Hello and welcome to the eSecurity Bulletin 1/2014!

Safe surfing everyone……and happy reading!

PUBLISHED AND DESIGNED BY

2. Job Scam Modus Operandi 04

3. Migrating to ISO/IEC 27001:2013 At Your Fingertips 08

4. A Review on Steganography Substitution System 12

6. Knowledge Hoarding versus Knowledge Sharing: 21

8. Geotagging/Location Sharing-Warrantless Surveillance 25

9. Illicit Activities Gaining Ground In Web 2.0 29

10. Information sharing through social networking sites: 32

12. The Personal Data Protection Act 2010: 39

14. Social Networking: Security and Privacy 44

15. Developing the Nation's Competency Skill Sets for 49

17. Measuring Security Awareness 55

18. The Trend of Intrusion Defacement 59

22. Hantu Internet 71

23. Mengenali Apakah Itu APT 75

25. Mengenal Apa Itu Emel Phishing 82

26. Pendayaan Sistem Nama (DNS) 87

Introduction percent decrease of the total incidents

advisories and other activities carried Content Related 9 9 0.5

monetary value or repercussions of such Intrusion 333 401 20.9

Malicious Codes 348 430 22.4

Reported incidents to MyCERT are from

From January to March 2014, MyCERT,

e-Security | Vol: 36-(1/2014)

The third highest incident reported to

The second highest incident reported is

This is because MyCERT received continuous y

e-Security | Vol: 36-(1/2014)

e-Security | Vol: 36-(1/2014)

Introduction ways that a particular criminal performs

Gmail Yahoo Outlook

e-Security | Vol: 36-(1/2014)

The emails in Table 1 are just samples Internet location.

e-Security | Vol: 36-(1/2014)

Statistics Th e m ost j ob sc a m i m person a t i o n

Figure 1: The graph depicting job scam incidents in 2013

Figure 2 shows the comparison of job

e-Security | Vol: 36-(1/2014)

and grammatical errors.

• Look out for the web address. The 8. http://cybersafe.my/guidelines.html

e-Security | Vol: 36-(1/2014)

Malaysia is one of the countries which

e-Security | Vol: 36-(1/2014)

e-Security | Vol: 36-(1/2014)

Furthermore, organisations should

e-Security | Vol: 36-(1/2014)

• Table A: Comparison between

e-Security | Vol: 36-(1/2014)

1.0 Introduction intensities are used to hide the

Nowadays, digital communication has b. Audio Steganography: The audio is

Basically, there are three types of

e-Security | Vol: 36-(1/2014)

The basic idea of this substitution

Figure 3 : Steganography Substitution System Methods

A. Least significant bit substitution

Message and cover will be in binary

e-Security | Vol: 36-(1/2014)