The Serbian National Internet Domain Registry Foundation (RNIDS) has for the fifth year in a row now organised an event as part of European Cyber Security Month. With today’s society becoming increasingly interconnected, and relying on Internet technology to function, the topic of "Internet Security – Problems and Solutions" was settled on for this year’s panel discussion, held 17th October in the Centre for the Promotion of Science.
Taking in part in the event were local and foreign experts in the field of internet security: Branko Stamenković – Special Prosecutor for High-Tech Crime at the Prosecution Office for High-Tech Crime in Belgrade, Aleksandar Pavlović – system engineer for the company "COMING" in Belgrade, Žarko Kecić – acting director of RNIDS and Chief Technical Officer, and Alexander Venedioukhin – researcher at the Technical Center of Internet (TCI).
Phishing is popular again
Branko Stamenković talked about the problems of phishing and online fraud in Serbia, and emphasised the importance of the partnership between RNIDS and the Public Prosecution Service, as well as the Special Prosecution Office for High-Tech Crime, in working to prevent crime on the Internet. “Experience from other countries has shown that the best results are achieved when the state and private sectors work together,” Stamenković said. He highlighted one of the greatest challenges as being the problem of phishing, and explained that this type of high-tech crime was nothing new but that attackers were constantly coming up with new ways to deceive people.
He said that despite the significant efforts being put into raising awareness among Internet users, these schemes are still succesfull. “I expected the various types of phishing to disappear or at least subside to an level that was unnoticeable or marginal, but in fact this type of offence is becoming popular again,” said Stamenković. He then talked about the so-called “Nigerian Scam”, where a victim receives an email promising certain compensation in return for paying in a sum of money in order to help the attacker resolve their “problem”, which usually involves a fictitious inheritance. He also gave the example of two cases of phishing via Facebook, which were carried out with the goal of harvesting the personal data of users of this social network. In the first, personal data was requested in return for entry into a bogus competition, while the other asked for data to be updated on a fake Facebook page.
He said that the Prosecutor’s Office usually had its hands tied in these cases, since the perpetrators were usually located in countries that had not yet ratified the Council of Europe Convention on Cybercrime, which is currently the only internationally recognised instrument, but has only been signed up to by 57 countries worldwide. In conclusion he said that much had yet to be done to raise awareness among Internet users, and that lessons had to be constantly repeated to ensure they reached young Internet users, of whom there are more and more every day.
Lack of awareness about the information security
Aleksandar Pavlović held a presentation: "How I Survived a Cryptolocker Attack", sharing the less-than-auspicious experience of a user from Serbia. The attack was carried out by relatively unknown ransomware known as the NM4 cryptolocker, on a backup server and email server, which after the attack became unusable. The attackers demanded a ransom of three bitcoins, which at the time was $8,000 (now almost $17,000). The attack came as a result of a lack of awareness among employees of the need for information security, since the culprit was probably a malicious piece of software, probably contributed to by a lack of filtering on the network layer, a lack of delegation of permissions etc.
In his presentation he made clear that payment of the ransom was not an option – doing so would constitute incitement, and those responsible could even face legal repercussions. On the other hand, even if payment had been made, nobody could guarantee that the data would be restored. Two days after the attack began, the team that worked on this problem exceeded in recovering the mail server, resolving other problems along the way. Since this was a kind of malicious software which infected the server, and the encryption had only begun months after infection, the problem also existed on the server backup, which still had infected files on it. The speaker listed some preventative measures against such attacks, including defining a security policy at the level of the organisation, training employees in information security and improving the security of email traffic by filtering it using advanced solutions.
DNS is making the Internet possible
Žarko Kecić talked about the ways in which RNIDS secures the national domains .RS and .СРБ, emphasising the fact that RNIDS is the only ccTLD registry in the world that offers three levels of domain protection. “RNIDS is responsible for the .RS and .СРБ domain spaces, and we ensure their continued operation – you choose which domain you’re going to register and we guarantee that it will work,” Kecić began his presentation. He underlined the importance of the DNS (Domain Name System) for the operation of the domain spaces, and of the whole Internet, and cited a key problem as being the fact that the DNS is not given the attention it deserves, which gives rise to many high-risk situations. He then talked about the dangers of somebody taking control over parts of the DNS, which could allow them to take control over any activity on the Internet (access to websites, web services, emails etc).
He talked about protection measures for the DNS, including regular verification of the DNS record in the parent zone, prohibition of traffic to addresses which are not part of the user’s system (SAV – Source Adress Validation), regularly updating software, activating Response Rate Limiting (RRL), i.e. limiting the number of requests made to the authoritative servers which connect the domain system with IP addresses, DNSSEC validation, and so on. He announced that RNIDS was already planning to introduce DNSSEC for both top-level domain zones, and all second-level zones that it oversees. To end with he underlined that RNIDS is constantly monitoring the operation of the system, uses adaptive Response Rate Limiting on its DNS servers, and for top level domain zones uses the anycast service of global DNS operators (more than 300 servers distributed worldwide), as well as the latest solutions for the protection of systems and domain registrations.
DNSSEC is making the Internet more secure
Our guest from Russia, Alexander Venedioukhin, talked about DNSSEC (DNS Security Extensions) – a set of security standards which enable validation of the integrity of DNS data, and talked about his experiences in implementing it. To begin with, he explained that DNSSEC was a security extension for the DNS system which protected users from invalid DNS data which might be sent to them by anyone attempting to redirect them to spoofed web addresses and steal their personal data. Responses which undergo DNSSEC validation are digitally signed, so the user can be sure that the data has not been falsified en route from the DNS server to them.
Venedyukhin said that implementation of DNSSEC in Russia began in 2011 with the .SU (Soviet Union) domain zone, which at the time was the smallest zone and so it made sense to test the new technology on a smaller sample before implementing it more widely. Implementation of the new technology in the main zones, .RU and .РФ, began in 2012, and went ahead without a hitch. The main reason that DNSSEC was not more widely implemented in the Russian domain zones, Venedioukhin explained, was because administrators did not want to invest time in it, and he proposed automation as a solution to simplify the process.
The event ended with questions from journalists and around 70 visitors to which the participants provided exhaustive answers.