Fawkes wrote: ↑Fri Aug 07, 2020 2:08 pm
Maybe he misspoke and meant better censorship capabilities.
This is common.
When Cambodia talks about cyber crime they talk about dissidents, critique and other expressions of speech.
They are not talking about credit card fraud, phishing and so on like other countries.
Fawkes wrote: ↑Fri Aug 07, 2020 2:08 pm
How? With an increase in end-to-end communication they have nothing to look at anymore. Scams targeted to the local population should be addressed through education, awareness campaigns and ensuring available employment at decent wages in Cambodia.
It is effective to look at traffic and patterns. Deep packet inspection is very expensive on a national level, that’s not key here. By looking at who is generating
what type of traffic and where that traffic is sent and received they can start putting together the puzzle.
Normal people don’t generate gigabytes of VoIP traffic for example. There will be traffic to and from Facebook, YouTube, Netflix, etc. Even with TLS analysts are able to pinpoint locations that justify further investigation. They don’t need DPI to find suspicious traffic.
What about proxies/VPN/Tor? It is also suspicious activity. Normal people don’t generate huge amounts of traffic to obscure servers. Large amounts or specific type of anonymized traffic is, ironically, an identifiable pattern.
The purpose of the traffic funnel is to discover who is talking to what and to investigate those that raise certain flags by generating certain amounts of traffic or communicating with nodes targeted for investigation.
Fawkes wrote: ↑Fri Aug 07, 2020 2:08 pm
Governments don't have a good track record with IT-projects. Cambodia's CERT has been hacked before (wiki CERT: "term for an expert group that handles computer security incidents").
CamCERT was hacked by an automated attack against outdated Joomla! websites. To say that they were hacked is an overstatement. Let’s say a poster hung up by CamCERT was vandalized. It is a better example. A sophisticated APT would have a field day of course.
Worse things have and will happen even in the private sector. 2 months ago a
Thai ISP leaked 8.3 billion Netflow log entries through an unsecured ElasticSearch database.
Cambodia is no better, but nobody really cares when it happens in Cambodia. I have personally seen worse intrusions in Cambodia and as long as they are not disruptive, they continue.