Belize to host Internet Exchange Point forum

in

The internet in Belize is still the most expensive and among the slowest in the entire Caribbean region, according to a 2013 survey of Caribbean Internet Service Providers (ISPs).

 

However, Trinidad-born Internet strategist Bevil Wooding says Belize's Internet users should not rely on costly international data transit for online communications within the country. Instead, to facilitate growth of the local telecommunications sector, they should establish their own facility for local Internet traffic exchange.

 

“The absence of a local IXP compromises a country’s ability to truly harness the potential of the Internet as an engine for economic growth, job creation and social empowerment,” said Wooding, an international Internet expert and, Internet strategist with the US-based research firm Packet Clearing House (PCH).

 

Wooding, along with PCH Research Director, Bill Woodcock, will speaking on June 6 at a special forum for Internet stakeholders in the private and public sector being hosted by the Public Utilities Commission. The discussion will centre on the establishment of a facility known as an Internet Exchange Point or IXP in Belize. The IXP Forum is part of a plan by the PUC to bring together international and local stakeholders to find ways of improving the quality and prices of Internet services for Belizeans.

 

The primary role of an IXP is to keep local internet traffic within local the local networks. IXPs also allow Internet Services Providers (ISPs) to reduce the costs associated with exchanging traffic between their networks.

 

"For instance, if a BTL customer living in Orange Walk, decides to send an e-mail to a friend, a SpeedNet customer who lives in Belmopan, that email must journey as a data packets that must travel out of Belize, to a switching point in a foreign country, just to be returned to Belize,” said Wooding.

 

"Such routing comes at a high cost to local ISPs. It is inefficient, expensive and results in the unnecessary hemorrhage of local capital as local ISPs pay to send traffic out only to bring it back in to the country over costly international links," he added. He also cited the risk of local Internet traffic being subject to possible inspection in foreign countries.

 

In the Caribbean at present, only the British Virgin Islands, Haiti, Grenada, St Maarten, Curacao and Dominica have IXPs. In conjunction with the Caribbean Telecommunications Union, PCH is currently assisting several other Caribbean countries, including Barbados, Jamaica and St Kitts and Nevis in establishing local IXPs. PCH is a non-profit organisation and the world’s leading implementer of IXPs.

 

The initiative is part of a larger campaign by the CTU to support ICT-driven development in the region.

What you need to know about e-mail fraud: Fake emails are easy to create but can be detected

in

PORT OF SPAIN, Trinidad—The controversy which has arisen out of the contribution of the Leader of the Opposition in the House of Representatives in Trinidad and Tobago on May 20 has given rise to a great deal of public discussion.

At least two important questions arise. First, are these real e-mails or are they printed fabrications designed to look like e-mails? Second, even if the e-mails were shown to exist, can it be assumed that they were written by the people whose e-mail addresses were used?

Based on the public representations alone, it is not possible at this stage to determine the validity of the documents as authentic emails. This question will be put to rest only if electronic copies of the e-mails are recorded as having existed on the servers of the relevant e-mail providers.

Fake E-mails: Easy To Create, Possible To Spot

So, exactly how easy is it to falsify an e-mail address? And how hard is it to detect a fake?

The fact is that fake e-mails are a part of everyday life on the Internet. Perpetrators often employ sophisticated social engineering techniques to trick people into revealing personal data, banking details and passwords. These tricks are regularly used by scammers to deceive victims into thinking e-mails are coming from trusted relatives, friends, or financial institutions, in order to get them to send money or exchange sensitive information.

Fraudsters can create e-mails that appear to come from any address they want in a few minutes, using common e-mail software applications, said Bevil Wooding, an Internet Strategist with U.S.-based Packet Clearing House, a non-profit research organisation that routinely helps governments deal with cybersecurity breaches. Incidents of e-mail fraud often have an international dimension because e-mail servers can be located in various parts of the world and are therefore beyond the jurisdiction of local law enforcement.

"Fake e-mails are surprisingly easy to create, if you know the tricks. Fortunately, they are also possible to spot, if you know what to look for," Wooding said.

The way to expose whether an e-mail message is fake or real, he said, is to obtain an electronic copy of the e-mail and examine the "headers" associated with it. E-mail message headers outline the technical details about the message, such as where it originated, who sent it, the software programme used to compose it, and the e-mail servers on the Internet that it passed through on its way to the recipient. The header information will also reveal the real e-mail account and IP addresses used to send the message.

Wooding explained that every device connected to the Internet is identified by a unique numeric address known as an IP address.

Wooding explained that Internet Protocol, commonly referred to in technical circles as IP, is the set of rules used by computers to communicate with each other over the Internet. The Internet’s Domain Name System, commonly referred to as DNS, is like a phone book for the Internet. It translates domain names such as tstt.co.tt or gmail.com into a machine-understood Internet Protocol (IP) addresses like 50.56.72.22 or 75.125.45.113. These addresses can be used as a sort of digital footprint to track where messages originate, transit and terminate.

"Finding the trail for tracing the true source of an email message has to begin with an analysis of the Internet header for the email.  However, tracing the source can be challenging if multiple jurisdictions are involved and if the owners of the e-mail servers involved are unco-operative. This is why e-mail traces typically involve court orders, police investigations and professional forensic audits of the electronic trail."

Ronald Hinds, CEO of Teleios Systems, a Trinidad-based technology company, agreed.

"To fake an email is not hard,” he said, “but to fake it properly so that it's not going to get caught is hard. I can easily make an account that says 'whistleblower@tt-parliament.org', for example, on the 'From' field, but it doesn't mean when you reply that it's going to go back to that address, and it doesn't mean it's from that address. I can send you an e-mail now that basically says I'm your boss, your banker or your uncle. Unless you look at the email header information to see it's actually coming from a different account and an unusual IP address, you wouldn't know."

"For example, if an e-mail was sent to or from a gmail (Google) account, it would likely still continue to exist on Google’s servers, even if that e-mail was subsequently deleted from the machine and/or email account of the sender or recipient. The question might therefore be reframed to ask, if the documents were emails, can their existence be verified or disproved. Briefly, the answer is yes. The next question becomes how.

In that regard, a libel case involving Jamaican businessman Gordon "Butch" Stewart and Google is instructive. In 2009, U.S. and Jamaican agents searched the offices of Jamaica Tours Limited, owned by the family of Opposition Senator Noel Sloley, to trace the origin of an e-mail that Stewart claimed was libellous.

Tracking e-mail fraud is not easy, particularly when jurisdictions overlap. The complex nature of twenty-first century misdeeds requires a response from experts across several disciplines. New levels of co-operation and diligence must be applied. With the incidence of electronic crime is on the rise, the makers and enforcers of our laws have no choice but to face this threat head on.

4 Ways To Fake E-mails

The Caribbean Network Operators Group (CaribNOG), a volunteer community of regional technology professionals and ethical computer hackers, lists several methods fraudsters use to send fake e-mails:

1. Spoof the content of an email to claim that it came from someone else. This is relatively trivial since the sender can use any standard email client to set the headers and body of any email which is sent.

2. Hack into an online email account service or access an unlocked or compromised computer, or a hacked online account, and send an email as another user. In this case, the scammer must get the details and the tone of the message right so that it doesn't appear out of character. This sort of forgery can be hard to detect.

3. Hack into a mail server and add an unauthorised message into the mail queue. This approach can be done to either inbound or outbound queue, allowing an intruder to cause mail to leave your Outbox, or enter your Inbox. This sort of forgery can also be tough to spot.

4. Create and print a document that looks like an e-mail, though it never was, and leave that document as misinformation to be found and acted upon. Of course, e-mails constructed this way will not match up to any legitimate e-mails found on servers or computer logs. If a proper forensic audit is done, this type of fraud is generally easily exposed.