“Mejiro” – A bird of Passage over 10,000km from Mongolia to Bali –
Hello, I am Katsuhiro Mori from Cyber Metrics Line, Global Coordination Division. JPCERT/CC released ”Mejiro” (Internet risk visualisation service) English website in August 2018. This web service collects publicly available risk data on risk factors existing on the Internet and provides index for each economy. To promote the use of this tool service and cyber space clean-up activities, I went to Mongolia and Indonesia recently.
What is Mongolia like?
When you hear about “Mongolia”, what do you imagine? Vast grassland, nomads or famous sumo wrestlers…
|Photo: View from the conference venue|
In Ulaanbaatar, the capital city, there are a growing number of tall buildings, and I also saw a lot of construction sites along the way. The city’s main road is jammed with people and cars in the morning rush hour. Facebook and WhatsApp are the common tool for Mongolian people to communicate with each other.
In Mongolia, there is an annual cyber security conference “MNSEC” and this year it was held on 4-5 October. Experts were invited both from local and global communities to speak about diverse issues in cyber security. There is also a CTF (Capture The Flag) event, and participants were competing in their hacking capabilities(Crypt, Exploit or Forensic etc.). I delivered a presentation about the Internet risk visualisation service Mejiro.
|Photo: My presentation|
In this service, the cyber healthiness per economy is indicated by Mejiro index. For Mongolia’s case(Fig 1), compared to the world average, Mejiro index has a higher score in DNS, NTP, SNMP, RPC and MSDS.
|Fig 1: Mongolia’s Mejiro index|
This means, among devices associated with IP addresses allocated for Mongolia, there are more devices that could be leveraged for DDoS attacks than many other countries. Our goal of the clean-up activities is to minimise the DDoS risks by reducing the number of such vulnerable devices.
|Comments submitted to sli.do|
During the presentations, attendees were able to throw in comments and questions through an online platform, which is also displayed in the big screen. One of the participants was kind enough to send me a comment in Japanese (although I was the only Japanese participant in this event).
After the event, I flew to Bali, Indonesia. The flight was badly delayed, which at the end took me about 36 hours to get there, and there was also about 30C temperature difference. The name of the risk visualisation service “Mejiro” comes from a name of a bird in Japanese (Japanese white-eye). Mejiro is a resident bird, but I felt I was almost like a migratory bird travelling from a cold to a warm place, promoting this project. In Bali, I attended CODEBALI, an annual event supported organized by Indonesian, and supported by some Japanese industry, government and academia. There I delivered a similar presentation about Mejiro but customised for Indonesia, and conducted Open Source Intelligence training.
|Photo: Japanese companies supporting the event|
Open Source Intelligence (OSINT) training
Open Source Intelligence is a technique for analysing information collected from the Internet, media and books etc. Based on actual operations conducted in JPCERT/CC, I shared our technical insights on this topic.
The training session lasted 6 hours, and I tried to make it an interactive session to the best I can. So participants lively exchanged their challenges and experiences they had in their operations, and there were many questions raised.
At the conference session, I also introduced Mejiro, based on the statistics for Indonesian cyber space.
|Figure 2: Indonesia’s Mejiro index|
Of course, each economy faces different risks in their cyber space. As you can see in Figure 2, Indonesia has more risk nodes in DNS and SNMP protocols thant the world average. In the presentation, I emphasised the importance of eradicating those vulnerable devices one by one.
|Photo: My presentation and plaque for presenters|
I hope that my two presentations about Mejiro was somehow helpful in raising awareness about cyber healthiness, and hope to carry out clean-up activities in coordination with other countries. Cyber healthiness issues are similar to environmental issues in our real world. It is important that each user is committed to clean the cyber space, hence operate devices with appropriate configurations. So, after reading this article, I encourage that you visit our Open Resolver Check Site to make sure that your DNS server and network devices (routers etc.) are not vulnerable!