Fighting cybercrime, CSI style

Fighting cybercrime, CSI style
ON THE LOOKOUT: Mr Dean Eng is part of a team of 50 systems engineers at the Cyber Security Agency.
PHOTO: The New Paper

Mr Dean Eng is at the front line of Singapore's cyber security defences.

The 28-year-old is a systems engineer at Singapore's Cyber Security Agency (CSA), which was set up in April last year to protect national IT systems from cyberthreats. The CSA reports directly to the Prime Minister's Office.

Managed by the Ministry of Communications and Information, it also works closely with the private sector.

At CSA, Mr Eng is part of a team of 50 systems engineers, which includes forensic and malware analysts. The team is responsible for keeping our digital doors sealed against cyber attacks.

When these attacks do sneak through, the team has to "quarantine" the infection and investigate how and why the breaches happened.

Said Mr Eng: "We need to know why they happened, how they happened and who was affected. Did the attack target a few people, or everyone in the network?

"Furthermore, computer malware evolves and no two cases are exactly the same. It's not an easy job."

Singapore is taking new measures to ramp up its cyber security.

Starting next May, all computers used officially by public servants, except teachers, will not have direct access to the Internet.

The move is "absolutely necessary" to keep government data secure, said Prime Minister Lee Hsien Loong earlier this month.

In the past year, 16 attacks on government networks made it past firewall systems. The malware was detected and destroyed, thanks to defences put up by cybercops.

Recently, Malaysia's national cyber security agency found that more than 2,100 servers in Malaysia had been hacked.


According to Mr Eng, digital attacks can come from many sources. These include phishing e-mails, where attackers pose as reputable organisations to try to obtain the personal information of network users.

Infected thumbdrives can carry ransomware, a new form of malware that locks up files that contain sensitive information. It then demands a ransom in the form of virtual currency, such as bitcoins. If the ransom is not paid, the data is not unlocked.

Cyber attacks can also cause physical damage.

In 2010, Stuxnet, a malicious computer worm, targeted machines using the Microsoft Windows operating system. It physically destroyed equipment controlled by the machines and seized control of their operations.

Due to the increased frequency of such attacks, forensic analysts like Mr Eng cannot rest on their laurels.

Said Mr Eng: "We try to predict what will come next, the rate of the attack, and when it will take place."

Sometimes, the team is alerted to cyberthreats in the private sector, such as the banking industry.

In these cases, forensic cops will head to the crime scene to collect evidence such as infected computers. Then, they take apart the evidence carefully - much like investigators in the US TV drama CSI.

For instance, Mr Eng uses a "cloner" machine to make a copy of the contents in an infected computer's hard drive. By reading the code, he can examine the extent of the damage as well as the source and nature of the malware.

The code is then incorporated into the system's defences so similar attacks can be denied entry.

According to a report by global research and consulting firm MarketsandMarkets, the global spending on cyber security is expected to grow from US$75 billion (S$100 billion) in 2015 to US$170 billion by 2020.

Mr Eng's interest in cyber forensics has its roots in his childhood.

As a child, he would dismantle broken clocks and fix them.

He said: "Cyber forensics is a similar concept, because you're constantly analysing and improving network defences.

"The most important thing is to never make assumptions about the nature or type of cyber attack. Let the evidence, such as the software code, tell the story."

More about

cyber warfare
Purchase this article for republication.




Most Read

Your daily good stuff - AsiaOne stories delivered straight to your inbox
By signing up, you agree to our Privacy policy and Terms and Conditions.