ITUwiki talk:Community Portal

From ITUwiki

Jump to: navigation, search

Dear members of the HLEG

It was a pleasure meeting with you all on the 5th October 2007, I am writing this document as a personal overview based upon my own experiences and to stimulate further discussion amongst the group on the wider issues and challenges effecting future Cybersecurity issues on a global basis.

Our meeting focused on Cybersecurity in general but was clearly aimed at organizations involved in hacking and other less desirable activities; the ITU through this HLEG group has started its initiative to improve and resolve some aspects of Cybersecurity as a first stage by creating changes involving such areas as legal, regulation, and physical control. I believe, however, that we as a group should do far more. Let me explain my thoughts.

Overview

I raised the question during our meeting about re-defining cyber security to include a broader range, as my experiences around the world in dealing with these issues at the Government level has shown that the problem is far greater than we are discussing today and will likely get worse as technology continues to expand and improve.

Modern crime & terrorist networks are extremely technologically sophisticated. These criminal groups often run illegal bypass traffic through VoIP in order to generate millions of dollars, which are then used to support their various other criminal activities, whether they be cyber related or not. This fact was generally supported by Interpol during my discussions with them on Friday.

Having stated the above, I believe that we can all agree that the world faces many new threats involving the Internet, and that these threats are not limited to cyber crime, but rather cyber crime is used as a further tool extending the reach of criminals and organized crime in general. Cyber crime can be used by illegal voice and data operators selling un-licensed traffic, tax evaders, money launderers & human traffickers, paedophiles, drug syndicates, database hackers, terrorists, and a host of others for illicit purposes.

One of the strongest tools in the criminal technology arsenal is VoIP.

National Security Implications

Many countries require their telecommunications operators to provide lawful intercept capability in order to track and stop criminal activity within their borders. While the vast majority of individuals who use VoIP products are typically law-abiding citizens, there is unfortunately a sinister side to unregulated, encrypted VoIP. Encrypted VoIP can easily be used as a means of communicating without detection or investigation. This international security threat should of serious concern to every government around the world. The Bitek Guardian technology can also be used to track criminals over the internet, providing the same benefits that legacy technology allows law enforcement when tracking criminals by tapping phone lines.

There are also instances where it is prudent to simply block peer-to-peer traffic. The principle security problem posed by peer-to-peer traffic is one of user identification. Internet users are freely able to download peer-to-peer encrypted VoIP services such as Skype onto their computer or laptop pc without any need to register their actual identity. Bitek has the power and technology to stop encrypted peer-to-peer services from functioning, eliminating potential security threats. This is especially prudent in protecting specific network, which contain highly confidential or classified information, such as government networks, banking networks, and medical networks, which contain confidential patient information.

Another major threat area is VoIP VPN (Virtual Private Network) using encryption. With an encrypted VPN anyone can purchase 1024 bit security and then create a VPN in any country. These encrypted VPN’s can then be used to pass any kind of electronic voice or data within and between countries, thus forming the perfect backbone for criminal activity.

Network Security Implications

As an example, the Skype product is unique in the way it operates. Skype establishes ‘Super Nodes’ in the highest bandwidth rich environments typically behind large corporation’s firewalls. These nodes are fully able to penetrate most any network firewall, and in fact very often carry voice and data traffic through network firewalls and this represents a significant security risk. Therefore, if Skype is downloaded onto a computer within a “secure” network, once Skype is activated it immediately breaches the firewall and connects with the Skype network.

This has security implications at two levels. The first is an active threat. That is, the person inside the network can use Skype to invisibly transfer documents in and out of a so-called “secure” network. The second is a passive threat. That is, a hacker can now use the Skype created firewall breach to enter the “secure” network. This firewall breach can also allow various computer viruses into the “secure” network. Already major corporations in the US have put out internal warnings about a worm spreading throughout the Skype services that leaves passwords and personal information vulnerable.

Bitek possess the only technology that can completely eliminate the risks associated with Skype and other P2P applications by blocking all P2P applications entirely. Again, this can be provided on a “tailored” basis. That is, we can carve out particular networks that require high levels of security, and block all peer-to-peer traffic from those networks, while allowing peer-to-peer in other areas. For instance, the government may wish to allow citizens to use peer-to-peer generally, while blocking it from all government networks.

Conclusion

The answer is understanding, regulation and technology. We need to understand the scope of the issues and the connected implications of VoIP technology as applied by criminals and terrorists. Regulation is then required which specifically accounts for VoIP technology in order to allow governments and law enforcement agencies the tools they need to track and stop criminal and terrorist activities. Once regulations are in place, technology, which can manage and control VoIP, must be used in order to enforce those regulations.

Bitek has been assisting the Caribbean region with tracking and preventing illegal VoIP operators and securing government databases against attacks using peer-to-peer applications. As part of our efforts, BItek has worked with local Caribbean ministers to support the creation of new VoIP regulations, which will give the governments the tools they need to counter new threats based on VoIP technology. We would like to share the specific expertise we have gained in deploying and implementing this technology globally, as well as developing the necessary regulatory guidelines with the ITU and its members.


Regards


Graham Butler

Graham Butler President & CEO Bitek International Inc

Personal tools