Newsletter
IT and Cyber Security News Update from
Centre for Research and Prevention of Computer
Crimes,
Courtesy - Sysman Computers Private Limited, Mumbai (www.sysman.in)
Since June 2005 February
06, 2015 Issue no 1540
Tenth year of
uninterrupted publication
Todays edition
MAKE-IN-INDIA :
Meet The Coder From Kerala Who Runs The Indian Pirate Bay
CONVICTED : Sony
data breach claims first scalp as co-chair steps down
TREND : Sweeping trend towards
digital banking forces RBS branch closures
SPYING : Western
Spy Agencies Secretly Rely on Hackers for Intel and Expertise
(Click on heading above to jump to related item. Click on Top to be back here)
MAKE-IN-INDIA
: Meet The Coder From Kerala Who Runs The Indian Pirate Bay
By Sriram Sharma
HuffPost
India
02/02/2015
http://www.huffingtonpost.in/2015/02/02/piratebay-made-in-india_n_6592186.html
The
Pirate Bay, a torrent site that counts among the Internets top 100 websites is
back online, after it was taken down by Swedish Police on December 9th 2014.
While
it was away, several other websites sprung up in its place, including a clone
site run by a web developer based in Thrissur,
Kerala. Thepiratebay.co.in looks and works just like the original website. But
the site's builder says he was inspired by Prime Minister Narendra Modi's Make In India campaign. And
sure enough, the site, which arguably pushes the boundaries of law, lists its
inspiration on the footer: "Leader: Narendra Modi".
Tisil Kodithottam, an unemployed 26-year-old developer, saw an
opportunity following the takedown, and made a clone of the website in record
time. The site went live on December 9th, just a few hours after the Swedish
run Pirate Bay went offline.
The
site now gets 30,000 requests a day, and is ranked in the top 10,000 websites
in India on Alexa. It gets over 65 percent of its
traffic from India.
Bittorrent
is a file-sharing protocol. It is used by internet users to access digital
content that are illegally uploaded or infringes copyright. Different countries
treat torrent sites differently. Swedish authorities deemed, before taking it
down, that The Pirate Bay was facilitating the infringement of copyright.
Tisil
believes that his site is not technically illegal, since it does not store any
torrents on his own server. He said that torrents are a legal file transfer
technology, which can be used to upload legitimate content. I have researched
most of the copyright documents--there is no law against torrents. Im not
hosting any files. If someone sends me a copyright request, I will look into
the matter. he said.
This
is my first major website, I used to make websites for local business but I
made this one for fun. he added. When asked about the Make In
India campaign running on his site, he said he runs it for free, as he is a
supporter of the initiative.
Tisil
insists on not being called a hacker. I don't hack to harm anyone else. All I
do is just create website using Microsoft .NET
technology, and C# programming language. he said. Indians also need their own
bay, that's my idea.
His
next project is going to be to create an Indian version of 1337x, a torrent
search engine. It will be called Theindiabay.com, he said.
CONVICTED : Sony data breach claims
first scalp as co-chair steps down
Warwick
Ashford
06
February 2015
Amy
Pascal, co-chair of Sony Pictures Entertainment, has stepped down in the wake
of the massive cyber attack and data breach at the company in November, which
exposed comments in her private emails.
Pascal
was one of the high-profile Sony executives whose
emails were leaked, revealing that she had made derogatory comments about the
viewing habits of President Barack Obama in an email to producer Scott Rudin.
Pascal
and Rudin have both apologised
for the emails, with Pascal saying in a statement that the content of her
emails were insensitive and inappropriate, but are not an accurate reflection
of who I am.
Pascal
now plans to start a production company that will launch in May 2015 and will
be funded for at least the next four years by Sony, which will retain
distribution rights, reports the BBC.
"I
have spent almost my entire professional life at Sony Pictures and I am energised to be starting this new chapter based at the
company I call home," Pascal said in a statement.
She
added that her transition to a production role had been discussed "for
some time".
Sony
has not yet named a successor to Pascal, leaving Michael Lynton as the sole
head of one of Hollywood's biggest production studios.
Although
Lynton has admitted the company was unprepared for the nature and extent of the
cyber attack, there have not yet been any resignations by any executives
responsible for information security at the firm.
Two
months after the high-profile data breach at US retailer Target in December
2013, chief information officer Beth Jacob resigned, followed two months later
by chief executive and chairman Gregg Steinhafel.
On
24 November, Sony revealed that it had been hacked a group calling themselves
Guardians of Peace (GOP), which shut down parts of the companys network and
stole internal data.
The
attack disabled computers, and employees found that they had lost all past
email, contacts, distribution lists, budgets and anything else stored on the
network.
Data
released online shows the attackers accessed a wide variety of information,
including a list of employee salaries and bonuses, internal emails and
unreleased films.
Despite
the difficultly of attribution in cyber attacks because of the many ways of
hiding the source of an attack, US authorities claim the attack can be traced
to North Korea.
The
apparent motive for the attack was in retaliation for Sony's decision to produce
The Interview, a comedy film about a plot to assassinate Korea's leader, Kim Jong-Un.
This
week, however, US security firm Taia Global claimed
that Russian hackers also played a part in the attack, and that the hackers
still have access to the movie studio's computer systems.
A Taia Global report alleges that Russian hackers managed to
gain access to Sony Pictures Entertainment's computer systems at the same time
as GOP.
Jeffrey
Carr, Taia chief executive, claims to have received
multiple files from a Russian hacker called Yama
Tough that appear to be internal Sony documents that were not included in any
data published by GOP, and that at least one document has been verified as
legitimate by its author.
According
to the Taia report, Sony Pictures is "still in a
state of breach" because the security firm has received documents from
Sony from late January 2015, long after the hack supposedly ended.
The
report suggests that either the Russian hackers attacked Sony at the same time
as the GOG, or North Korea was not involved at all.
Business
Insider suggests that a third option not considered by Taia
is that North Korea or North Korean-affiliated hackers carried out the attack,
but at some later date the previously unseen documents left their possession,
eventually reaching Taia.
An
unknown intermediary may have fooled Yama Tough, or
Tough could be lying to Taia about where he got the
documents, which means there is not necessarily any Russian involvement.
Carr
told Forbes he was 100% certain the information was legitimate, but admitted
the source might be Yama Tough himself, although he
has denied the allegation.
Also
see-
https://taia.global/wp-content/uploads/2015/02/SPE-Russia-Connection_Final.pdf
TREND : Sweeping trend towards
digital banking forces RBS branch closures
Karl Flinders
06 February 2015
Royal Bank of Scotland (RBS) will close another 99 branches after being taken
aback by the pace at which customers are moving to digital services.
According to a Financial Times report,
a senior executive told a House of Commons committee that hundreds of millions
of transactions previously completed in branches have now moved online.
We are seeing a revolution in the way our
customers want to bank, Moray McDonald told the committee. We have been
literally taken aback.
He said the bank has identified 99
branches for closure, but said this figure could change.
In April last year, the bank announced
the closure of 44 branches in the UK after a 30% fall in the number of
transactions made in branches.
An RBS
spokesman said at the time: "Banking has changed significantly over the
last few years, as more and more of our customers are banking with us when it
is convenient for them. As a result, there has been a 30% drop in branch
transactions since 2010.
"Many branches classed as Last
Bank in Town are only open for a few hours a week and only see one or two
customers per hour. We have to adapt to what our customers want, which is why
we're investing in a range of other ways our customers can bank with us,
including online and telephone banking, our mobile app, and in any one of the
Post Office's 11,500 branches across the UK."
Banks must balance digital and
traditional services to compete with new financial service providers with
low-cost bases and state-of-the-art technology. Earlier this week, Ana Botín, chairman at Santander, insisted bank branches have
value, even if far fewer people are visiting them. The fact is, even young people like to go to a branch at least twice a
year. That means you need quite a significant retail presence, which the tech
companies dont have, Botín added.
Santander has 14,000 branches in the
UK, US, Latin America and continental Europe.
A study last year revealed that
customers' use of bank branches is increasing in parallel with the surging
take-up of online banking services
A survey of more than 3,600 current
account holders in the UK, carried out by Accenture, found that 52% use a
branch at least once a month, compared with 45% when the last study was carried
out in 2012.
Nazzim Ishaque, founder of Lintel Bank, which is currently
attempting to get a banking licence, said that despite
the importance of new technology the branch should never disappear. But
branches should transform from being about over-the-counter services to being
customer service centres.
He said that if Lintel Bank gets
approval, it will initially have five branches across London, where it will be
based.
SPYING : Western Spy Agencies
Secretly Rely on Hackers for Intel and Expertise
By
Glenn Greenwald
04
Feb 2015
The
U.S., U.K. and Canadian governments characterize hackers as a criminal menace,
warn of the threats they allegedly pose to critical infrastructure, and
aggressively prosecute them, but they are also secretly exploiting their
information and expertise, according to top secret documents.
In
some cases, the surveillance agencies are obtaining the content of emails by monitoring
hackers as they breach email accounts, often without notifying the hacking
victims of these breaches. Hackers are stealing the emails of some of our
targets
by collecting the hackers take, we . . . get access to the emails themselves, reads
one top secret 2010 National Security Agency document.
These
and other revelations about the intelligence agencies reliance on hackers are
contained in documents provided by whistleblower Edward Snowden. The
documentswhich come from the U.K. Government Communications Headquarters
agency and NSAshed new light on the various means
used by intelligence agencies to exploit hackers successes and learn from
their skills, while also raising questions about whether governments have
overstated the threat posed by some hackers.
By
looking out for hacking conducted both by state-sponsored and freelance
hackers and riding on the coattails of hackers, Western intelligence agencies
have gathered what they regard as valuable content:
Recently, Communications Security Establishment Canada
(CSEC) and Menwith Hill
Station (MHS) discovered and began exploiting a
target-rich data set being stolen by hackers. The hackers sophisticated
email-stealing intrusion set is known as INTOLERANT. Of the traffic observed,
nearly half contains category hits because the attackers are targeting email
accounts of interest to the Intelligence Community. Although a relatively new
data source, [Target Offices of Primary Interest] have already written multiple
reports based on INTOLERANT collect.
The
hackers targeted a wide range of diplomatic corps, human rights and democracy
activists and even journalists:
INTOLERANT traffic is very organized. Each event is
labeled to identify and categorize victims. Cyber attacks commonly apply
descriptors to each victim it helps herd victims and track which attacks
succeed and which fail. Victim categories make INTOLERANT interesting:
A = Indian
Diplomatic & Indian Navy
B = Central
Asian diplomatic
C = Chinese
Human Rights Defenders
D = Tibetan
Pro-Democracy Personalities
E = Uighur
Activists
F = European
Special Rep to Afghanistan and Indian photo-journalism
G = Tibetan
Government in Exile
In
those cases, the NSA and its partner agencies in the
United Kingdom and Canada were unable to determine the identity of the hackers
who collected the data, but suspect a state sponsor based on the level of
sophistication and the victim set.
In
instances where hacking may compromise data from the
U.S. and U.K. governments, or their allies, notification was given to the
relevant parties.
In a
separate document, GCHQ officials discuss plans to
use open source discussions among hackers to improve their own knowledge.
Analysts are potentially missing out on valuable open source information
relating to cyber defence because of an inability to
easily keep up to date with specific blogs and Twitter sources, according to
one document.
GCHQ
created a program called LOVELY HORSE to monitor and index public discussion by
hackers on Twitter and other social media. The Twitter accounts designated for
collection in the 2012 document:
These
accounts represent a cross section of the hacker community and security scene.
In addition to monitoring multiple accounts affiliated with Anonymous, GCHQ monitored the tweets of Kevin Mitnick,
who was sent to prison in 1999 for various computer and fraud related offenses.
The U.S. Government once characterized Mitnick as one
of the worlds most villainous hackers, but he has since turned security
consultant and exploit broker.
Among
others, GCHQ monitored the tweets of reverse-engineer
and Google employee, Thomas Dullien. Fellow Googler Tavis Ormandy, from
Googles vulnerability research team Project Zero, is featured on the list,
along with other well known offensive security researchers, including Metasploits HD Moore and James Lee (aka Egypt) together
with Dino Dai Zovi and Alexander Sotirov,
who at the time both worked for New York-based offensive security company,
Trail of Bits (Dai Zovi has since taken up a position
at payment company, Square). The list also includes notable anti-forensics and
operational security expert The Grugq.
GCHQ
monitored the tweets of former NSA agents Dave Aitel and Charlie Miller, and former Air Force intelligence
officer Richard Bejtlich as well as French exploit
vendor, VUPEN (who sold a one year subscription for
its binary analysis and exploits service to the NSA
in 2012).
The GCHQ document states that they currently have a list of
around 60 blog and Twitter sources that were identified by analysts for
collection. A prototype of the LOVELY HORSE program ensured that Twitter and
(and subject to legal/security approval) blog content [was] manually scraped
and uploaded to GCDesk. A later version would upload
content in real time.
Several
of the accounts to be mined for expertise are associated with the hactivist collective Anonymous. Documents previously
published by The Intercept reveal extensive, and sometimes extreme, tactics
employed by GCHQ to infiltrate, discredit and disrupt
that group. The agency employed some of the same hacker methods against
Anonymous (e.g., mass denial of service) as governments have prosecuted
Anonymous for using.
A
separate GCHQ document details the open-source sites
monitored and collected by the agency, including blogs, websites, chat venues
and Twitter. It describes Twitter monitoring undertaken for real-time alerting
to new security issues reported by known security professionals, or planned
activity by hacking groups, e.g. Anonymous. The agency planned to expand its
monitoring and aggregation program to a wide range of web locations, including
IRC chat rooms and Pastebin, where an increasing
number of tip-offs are coming from . . . as this is where many hackers
anonymously advertise and promote their exploits, by publishing stolen
information.
One
classified document casts serious doubt on warnings about the threat posed by
Anonymous (in early 2012 then-NSA chief Keith
Alexander reportedly warned that Anonymous could shut down parts of the power
grid).
That
document, containing talking points prepared by Jessica Vielhuber
of the National Intelligence Council in September 2011 for a NATO meeting on
cyber-threats, describes the threat from Anonymous as relatively small.
Although hacktivist groups such as Anonymous have
made headlines recently with their theft of NATO information, the threat posed
by such activity is minimal relative to that of nation-states, she wrote.
In
response to The Intercepts questions, an agency spokesperson said that NSA will not comment on the Intercepts speculation, and
noted that NSA defends the nation and our allies
from foreign threats while going to great lengths to safeguard privacy and
civil liberties. The spokesperson added that over the last year, at the presidents
direction, the U.S. intelligence community engaged in an unprecedented effort
to examine and strengthen the privacy and civil liberty protections afforded to
all people, regardless of nationality.
GCHQ
declined to answer questions for this article, or to comment on the programs
involved, but instead provided a boiler plate statement, which says the
agencys work is legal and subject to government oversight. It is longstanding
policy that we do not comment on intelligence matters, the agency notes.
Data warehouse
A data warehouse is a federated repository for all the data
that an enterprise's various business systems collect. The repository may be
physical or logical.
Data warehousing emphasizes the capture of data from
diverse sources for useful analysis and access, but does not generally start
from the point-of-view of the end user or knowledge worker who may need access
to specialized, sometimes local databases. The latter idea is known as the data
mart.
There are two approaches to data warehousing, top down and
bottom up. The top down approach spins off data marts after the complete data
warehouse has been created. The bottom up approach builds the data marts first
and then combines them into a single, all-encompassing data warehouse.
Typically, a data warehouse is housed on an enterprise
mainframe server or increasingly, in the cloud. Data from various online
transaction processing (OLTP) applications and other
sources is selectively extracted for use by analytical applications and user
queries.
The term data warehouse was coined by William H. Inmon, who is known as the Father of Data Warehousing. Inmon described a data warehouse as being a
subject-oriented, integrated, time-variant and non-volatile collection of data
that supports management's decision-making process.
Justice is the end of
government. It is the end of civil society. It ever has been and ever will be
pursued until it be obtained, or until liberty be lost
in the pursuit. In a society under the forms of which the stronger faction can
readily unite and oppress the weaker, anarchy may as truly be said to reign as
in a state of nature, where the weaker individual is not secured against the
violence of the stronger ...
James Madison
Note -