Newsletter
IT and Cyber Security News Update from
Centre for Research and Prevention of Computer
Crimes,
Courtesy - Sysman Computers Private Limited, Mumbai (www.sysman.in)
Since June 2005 January
23, 2015 Issue
no 1534
Tenth year of
uninterrupted publication
Todays edition
PRECAUTION :
Mumbai to have three more cyber crime cells soon
UNSECURE :
Snowden doesnt use the phone because of security concerns
FRAMEWORK : World Economic
Forum Proposes New Cyber Risk Framework
WARNING : Terror
plotters may be hacking your bank a/c
(Click on heading above to jump to related item. Click on Top to be back here)
PRECAUTION : Mumbai to have three
more cyber crime cells soon
Mateen Hafeez
TNN
Jan 21, 2015
MUMBAI: The city police will be
getting three separate cyber crime investigation cell (CCIC)
units soon.
The proposal for the same was put up
by the police and chief minister Devendra Fadnavis in a meeting of senior police officials has given
green signal.
The financial capital of the country
has only one CCIC, established in 2000, with a staff
of around 12 personnel. Last year, it registered 16 first information reports (FIRs) and probed over 400 cases (the process is called
preliminary enquiry which is done before the FIR). "Since cyber crime is
increasing day by day and fraud cases are being reported from various parts of
the city, there is too much work pressure on the existing staff and we needed
more CCIC units in the city. Hence a plan was chalked
out and the CM was briefed about it," said a senior police official.
The three units will have a collective
staff of three senior police inspectors, 15 inspectors, 30 assistant police
inspectors/ sub inspectors and 60 constables. The current CCIC,
located within the compound of police commissionereate
deals with important cases. Besides this, mainly city police station cases are
directed to the Cyber police station, at Bandra Kurla complex. "The new units will help speedy
disposal of cases and reduce burden on the staff. With more and more IT firm
coming up in Mumbai, banks going online, the cyber criminals have also adopting
modern ways of cheating people. New units will have all the facilities,
advanced software and help reduce burden," said an officer.
Fadnavis has given his
nod to design and create a setup on the lines of the Computer Emergency
Response Team (CERT), which has expert groups that handle computer security
incidents. The city police is also getting immense
help from its Cyber Lab which takes care online security issues for the city.
UNSECURE : Snowden doesnt use the
phone because of security concerns
iPhone has secret
software that can be remotely activated to spy on people, says Snowden
Andrew Griffin
21 January 2015
The iPhone
has secret spyware that lets governments watch users without their knowledge,
according to Edward Snowden.
The NSA
whistleblower doesnt use a phone because of the secret software, which
Snowdens lawyer says can be remotely activated to watch the user.
"Edward never uses an iPhone, hes got a simple phone," Anatoly Kucherena told Russian news agency RIA
Novosti. "The iPhone
has special software that can activate itself without the owner having to press
a button and gather information about him, thats why on security grounds he
refused to have this phone."
The Snowden leaks revealed that
Britains spy centre GCHQ had been using advanced
technology to access encrypted files
Apple has been active in making the iPhone harder for security services to spy on, and the
company said that iOS 8 made it impossible for law
enforcement to extract users personal data, even if they have a warrant. The
company has also been active in campaigning for privacy reform after the
Snowden revelations, joining with Facebook and Google
to call for changes to the law.
But recently published files from the NSA showed that British agency GCHQ
used the phones UDIDs the unique identifier that
each iPhone has to track users. While there doesnt
seem to be any mention of such spying software in any of the revelations so
far, a range of documents are thought to be still unpublished.
Snowden opts not to use the phone for
professional reasons, but Kucherena said that whether
or not to use one was a personal choice, Sputnik News reported.
Also see -
http://securityaffairs.co/wordpress/32557/intelligence/snowden-doesnt-use-iphone.html
http://www.itpro.co.uk/mobile/23900/edward-snowden-claims-iphones-have-built-in-spyware
FRAMEWORK : World Economic Forum
Proposes New Cyber Risk Framework
By Brian Prince
January 19, 2015
With the annual World
Economic Forum meeting in Switzerland just days away, the organization and its
partners have released a new framework designed to help businesses calculate
the impact of cyber-threats.
The framework, called
"cyber value-at-risk", was proposed in a new report entitled
'Partnering for Cyber Resilience: Towards the Quantification of Cyber Threats'
and was created in collaboration with Deloitte. The idea behind the framework
is to help organizations answer questions about their susceptibility to cyber
attacks, how valuable their key assets are and who might be after them.
"The goal of cyber
value-at-risk is to standardize and unify different factors into a single
normal distribution that can quantify the value at risk in case of a cyberattack," according to the report. "The
effort should both be specific to the organization and reflect industry-wide
trends. Once there is a statistical model to measure cyber risks, it can be
incorporated into a broader risk strategy of a company."
The framework includes three
principle components: the assets under threat, profile of the attacker based on
who the attacker is and their motivation and information about vulnerabilities
and defenses in the enterprise.
"The components, some of
which can be represented by both random variables (a variable subject to change
due to chance, such as frequency of attacks, general security trends, maturity
of security systems in the organization, etc.) are put into a stochastic model
(a statistical tool to estimate probability distribution, which has one or more
random variables over a period of time)," the report continues. "The
statistical process will yield a probability distribution."
"Continuous cyberattacks on global organizations are showing that we
are at a crossroads," said Alan Marcus, senior director of the information
and communication technology industries for the World Economic Forum, in a
statement. "The same technologies many organizations have become so
dependent on can also threaten their very core. This is why we are launching a
Future of the Internet initiative in Davos, including
this critical cyber value-at-risk framework."
The challenge cybersecurity poses is also mentioned in the World Economic
Forum's 10th annual Global Risks report, which notes that the Internet of
Things will bring not only its share of innovations to the business world, but
new risks as well.
"Analytics on large and
disparate data sources can drive breakthrough insights but also raise questions
about expectations of privacy and the fair and appropriate use of data about
individuals," the Risks report notes. "Security risks are also
intensified. There are more devices to secure against hackers, and bigger
downsides from failure: hacking the location data on a car is merely an
invasion of privacy, whereas hacking the control system of a car would be a
threat to life. The current Internet infrastructure was not developed with such
security concerns in mind. "
"The IoT
is likely to disrupt business models and ecosystems across a range of
industries," the report continues. "While this will deliver
innovation, the prospect of many large players across multiple industries being
forced to change so radically at the same time raises potential systemic risks
such as large scale disruption in labour markets and
volatility in financial markets. A major public security failure could also
prevent the IoT from becoming truly widespread."
The report also notes that
the distributed nature of the Internet requires global cooperation when it
comes to Internet governance. Two kinds of issues exist: technical matters
related to the Internet's infrastructure, and overarching matters such as
cybercrime, privacy and Net neutrality.
"Responsibility for the
technical infrastructure of the Internet is dispersed among several
organizations, including the Internet Engineering Task Force (IETF) and the World Wide Web Consortium (W3C), the Regional
Internet Registries (RIRs), the root servers
operators, and the Internet Corporation for Assigned Names and Numbers (ICANN)," according to the report. "The solutions
they propose policy models, standards, specifications or best practices
spread through voluntary adoption or ad hoc conventions, regulations,
directives, contracts or other agreements. No such systems exist for developing
and implementing solutions to the overarching issues. Consequently, governments
are feeling pressure to enact national measures to deal with their citizens
data and privacy concerns."
To improve the situation, the
World Economic Forum is starting a multi-year initiative to bring leaders in
the public and private sector together with the technical community and others
to address these issues, according to the report.
"Twenty-five years after
the fall of the Berlin Wall, the world again faces the risk of major conflict
between states," said Margareta Drzeniek-Hanouz,
lead economist for the World Economic Forum, in a statement. "However,
today the means to wage such conflict, whether through cyberattack,
competition for resources or sanctions and other economic tools, is broader
than ever. Addressing all these possible triggers and seeking to return the
world to a path of partnership, rather than competition, should be a priority
for leaders as we enter 2015."
Also see -
WARNING : Terror plotters may be
hacking your bank a/c
A chunk of the siphoned money was withdrawn immediately,
indicating that a bigger conspiracy might be in place.
Raj Shekhar
TNN
Jan 23, 2015
NEW DELHI: Fraudulent transactions
done on your bank account may have terror imprints. A dentist lost Rs 10 lakh after criminals hacked into her account
impersonating bank officials and siphoned off the money in two transactions.
The incident was reported by the victim, Dr Neha Shrivastava
(name changed), who lives in south Delhi on January 19.
However, what has prompted the special
cell to launch a separate probe into the case is that the recipient accounts
are located in Purulia in West Bengal.
A chunk of the siphoned money was
withdrawn immediately, indicating that a bigger conspiracy might be in place.
Sources told TOI
that the two accounts belong to people identified as Asadullah
and Fatehnush, who are being tracked down so that
their antecedents may be verified.
A senior officer from the special cell
refused to comment on the matter, but the source confirmed that a police team
may be sent to West Bengal within the next 24 hours.
According to the dentist's complaint,
she received a text message from her bank around 12.36pm which read: "Dear
customer, OTP to activate m-passbook can't be
generated as our system is being upgraded. Request you to try after seven
working days."
"After the message I got a call
on my mobile phone from a number ending with 613. The person identified himself
as Saroj from the bank's Mumbai headquarters and said
that a system issue has occurred with 11,000 accounts, including mine, and
that's why I received the message. He said that in order to retrieve and
rectify my account I have to share some personal details. I then disclosed my
account number and debit card number to him," she said.
After this, Shrivastava
received two SMS alerts around 1.35pm about a sum of Rs 5 lakh being debited twice from her account.
The victim immediately informed the
bank's branch in Defence Colony, asking them to take
action and also approached the police.
Sources informed that the two account
numbers ending with 366 and 833 belong to SBI Naturia branch in Purulia.
"From the account belonging to Fatehnush, Rs 1,15,000 was withdrawn and Rs 40,000 was taken out of Asadullah's
account using ATMs. The accounts were opened using forged documents," the
source said.
A senior police officer from the
special cell said that they cannot confirm anything unless they arrest the two
men. However, he added that this may be more than just the simple hacking of a
bank account.
"We are trying to collect CCTV footages of the bank to identify the two men. A link
to terrorist organizations like Jamaat-ud-Mujahideen,
Bangladesh or some other outfit resorting to hacking in order to collect funds
has not been ruled out so far either," he added.
Dongle
A dongle is a small device, typically about the size of a
flash drive, that plugs in to a computer. Some dongles
act as security keys while others serve as adapters. While early dongles
connected to parallel ports on PCs and ADB ports on
Macs, modern versions typically connect to a USB port.
Security
Keys
Security dongles are used for copy protection are designed
to prevent software piracy. For example, some high-end software applications,
such as professional audio and video production programs, require a dongle in
order to run. The dongle, which is included with the software, must be plugged
in when you open the software program. If the correct dongle is not detected,
the application will produce an error message saying a dongle is required in
order to use the software.
Adapters
Certain types of adapters are also called dongles. For
instance, a dongle may provide a laptop with different types of wired
connections. Previous generations of laptops had expansion slots called PCMCIA
ports that were too skinny to include an Ethernet jack. Therefore, a dongle was
required. These types of dongles were typically one to three inch cables that
connected to the card on one end and had an Ethernet jack on the other. Modern
Ethernet dongles have a similar appearance, but they usually connect to a USB
or Thunderbolt port.
Today, many dongles provide wireless capabilities. For
example, USB Wi-Fi adapters are often called dongles. Since most computers now
have built-in Wi-Fi chips, cellular data adapters, such as 3G and 4G dongles,
are more prevalent. These types of dongles allow you to connect to the Internet
via a cellular carrier like Verizon or AT&T even when Wi-Fi is not available.
Human progress is neither
automatic nor inevitable... Every step toward the goal of justice requires
sacrifice, suffering, and struggle; the tireless exertions and passionate
concern of dedicated individuals.
Martin Luther King, Jr.
Note -