Newsletter
IT and Cyber Security News Update from
Centre for Research and Prevention of Computer
Crimes,
Courtesy - Sysman Computers Private Limited, Mumbai (www.sysman.in)
Since June 2005 December
03, 2014 Issue no 1514
Tenth year of
uninterrupted publication
Todays edition
66A : SC
warns govt over gagging social media
WAKEUP-CALL :
Computer-killing malware used in Sony attack
NEED : Prez underlines need to
develop capabilities to deal cyber crimes
FOCUSSED ATTACK :
Hackers Using Lingo of Wall St. Breach Health Care Companies Email
(Click on heading above to jump to related item. Click on Top to be back here)
66A : SC warns govt over gagging social media
Bhadra Sinha
Hindustan
Times
December
02, 2014
The
Supreme Court on Tuesday warned the Centre it would make inoperative certain
controversial provisions of the Information Technology (IT) Act often invoked
by authorities to muzzle free speech on social media, if it failed to clarify
its stand within a week.
"Heavens
are not going to fall if the provisions are stayed... because this country has
been in existence for the past 60 years without these provisions," a bench
headed by Justice J Chelameswar said.
"Either
you file the affidavit within a week or we will stay the operation of the
provisions until we dispose of the matter," the bench told additional
solicitor general Maninder Singh as he sought two
weeks to file an affidavit.
The
Centre is to clarify its stand on a two-year-old petition seeking to declare
unconstitutional sections 66A and 74 of the IT Act.
While
Section 66A provides for maximum three-year imprisonment for sending
'offensive' or 'annoying' messages through a computer or communication device,
Section 74 provides for two-year jail term for intermediaries hosting such
content.
Citing
the arrests made under the two sections by various state police, petitioner Shreya Singhal contended the
arrests amounted to curtailment of freedom of speech and expression guaranteed
under Article 19(1)(a) of the Constitution. The
provisions were vague and broadly worded, she contended.
As
Singh insisted that the matter be adjourned for two weeks, the bench retorted,
"We leave the choice to you. Either you file an affidavit within a week or
we will stay the operation of the provisions. The choice is yours."
The
SCs warning came after the petitioners counsel Manali
Singhal opposed grant of yet another opportunity to
the Centre to spell out its stand. She said the PIL was filed way back in April
2012 and the Centre had not come out with any categorical stand.
The
bench agreed with her, saying, "This matter cannot be treated lightly. Two
years have passed and there is no definite answer from you (Centre)." It
fixed December 9 to hear the matter further.
Shreya
petitioned the SC assailing the arrests of two girls in Mumbai in November 2012
for a Facebook post against the shutdown of the
metropolis during Shiv Sena supremo
Bal Thackerays funeral procession.
Bangladeshi
writer Taslima Nasreen,
facing a case in Uttar Pradesh for posting certain 'objectionable comments' in
a tweet in 2012, is also a petitioner before the SC. She has sought quashing of
the case, which was registered in Bareli district after her tweet criticising AAP leader Arvind Kejriwal
for meeting Maulana Tauqeer
Raza Khan, became public. Khan had issued a fatwa
against Nasreen in 2007.
Last
year, the Centre had issued a general circular to all the states and union
territories mandating that prior permission of an Inspector General/DCP rank
officer should be taken before arresting a person under these provisions.
WAKEUP-CALL
: Computer-killing malware used in Sony attack
By Warwick
Ashford
03
December 2014
Computer-killing
malware linked to the recent attack on Sony Pictures Entertainment should be a
wake-up call to businesses, say security experts.
The
FBI has issued a warning, first reported by Reuters, that is believed to
describe the malware used against Sony in a crippling attack which also
included the theft of unreleased films and other data.
The
firm was forced to shut down its entire computer network on 25 November 2014
after a cyber attack by a group of hackers identifying themselves only as #GOP
or Guardians of Peace.
According
to the FBI, the malware overrides all data on the hard drives of computers,
including the master boot record, preventing them from booting up.
"The
overwriting of the data files will make it extremely difficult and costly, if
not impossible, to recover the data using standard forensic methods," the
report said.
While
this type of attack has been seen before, such as the attack on Saudi Aramco in August 2012 that downed around 30,000 computers,
this malware marks a shift in attacks on US-based firms.
Chief
technology officer at security firm RedSeal Mike
Lloyd said security professionals are well aware this kind of attack is not
particularly difficult and the infrastructure at many organisations is very
fragile.
The
main reason most cyber thieves do not destroy assets is because they cannot
make money by doing so however, there are evidently other adversaries who do
see benefit in this kind of vandalism.
The
Sony attack is a wake-up call for businesses it explains why the FBI is
warning organisations to review their defensive readiness, he said.
Organisations
must review cyber security
According
to Redseal chief evangelist Steve Hultquist,
the FBI warning underscores the reality that formal security architecture and defences have taken a backseat to other investments.
As
a result, organisations are vulnerable to attacks designed to destroy, steal,
or observe and have very limited visibility into how, when and for what purpose
they occur, he said.
Hultquist
added that organisations need to develop a stronger co-ordinated
response to a likely attack, including stronger authentication than username
and password, distributing data so that it is harder to gather complete
context, dividing the network into strict security zones and using automation
to model the network to ensure effective placement of defences
and access controls.
The
FBI warning shows that the ability to detect and respond to attacks that are
highly sophisticated and damaging is more important than ever, said head of
product management at security firm Tier-3 Huntsman Piers Wilson.
If
an attack does take place, particularly if the impact is going to be harmful,
then detecting the activity and being able to understand and contain the threat
before data is destroyed or leaked in large quantities, as in these recent
cases, is vital, he said.
While
little is known about the group calling itself #GOP, Sony Pictures is
reportedly investigating whether the recent hack is linked to North Korea.
The
company believes the attack may be linked to the film The Interview, which
concerns a plot to assassinate North Korean leader Kim Jong
Un, according to Re/code.
The
film, set to be released on 25 December 2014, stars Seth Rogen
and James Franco as journalists who plan to interview the North Korean leader
and are recruited by the CIA to kill him.
Also
see-
http://www.nbcnews.com/tech/security/fbi-warns-destructive-malware-wake-sony-hack-attack-n259421
NEED : Prez
underlines need to develop capabilities to deal cyber crimes
PTI
December 1, 2014
New Delhi: President Pranab Mukherjee on Monday said
India has to develop capabilities to combat cyber crimes.
Interacting with a group of
students from Sardar Patel University of Police,
Security and Criminal Justice, Jodhpur, he said "the major factors which
pose concern to Indian security include terrorism, indigenous secessionist
movements, Left-Wing Extremism and communalism."
The President said these
concerns "pose a great threat to the integrity and unity of the country.
"Crime against women,
children and elderly citizens have also increased in
recent years. In today's world inter-connected by advanced information and
communication systems, many crimes are committed with the aid of technology. We
have to develop capability to deal with cyber crimes," he told the
students who called on him at the Rashtrapati Bhavan here.
He said "no state can
ignore" its responsibility towards the citizens as he added that in the
coming years students have to provide the necessary expertise and core
competence to help law enforcing and security agencies to tackle future
challenges.
FOCUSSED ATTACK
: Hackers Using Lingo of Wall St. Breach Health Care Companies Email
By
NICOLE PERLROTH
DEC.
1, 2014
SAN
FRANCISCO For more than a year, a group of
cybercriminals has been pilfering email correspondence from more than 100
organizations most of them publicly traded health care or pharmaceutical
companies apparently in pursuit of information significant enough to affect
global financial markets.
The
groups activities, detailed in a report released Monday morning by FireEye, a Silicon Valley security company, shed light on a
new breed of criminals intent on using their hacking skills to gain a market
edge in the pharmaceutical industry, where news of clinical trials, regulatory
decisions or safety or legal issues can significantly affect a companys stock
price.
Starting
in mid-2013, FireEye began responding to the groups
intrusions at publicly traded companies two-thirds of them, it said, in the
health care and pharmaceutical sector as well as advisory firms, such as
investment banking offices or companies that provide legal or compliance
services.
Continue
reading the main story
The
attackers, whom FireEye named Fin4 because they are
one of several groups that hack for financial gain, appear to be native English
speakers, based in North America or Western Europe, who are well versed in the
Wall Street vernacular. Their email lures are precisely tailored toward each
victim, written in flawless English and carefully worded to sound as if they
were sent by someone with an extensive background in investment banking and
with knowledge of the terms those in the industry employ.
Different
groups of victims frequently including top-level executives; legal counsel;
regulatory, risk and compliance officers; researchers; and scientists are
sent different emails.
Some
senior executives have been duped into clicking on links sent from the accounts
of longtime clients, in which the supposed client reveals that they found an employees
negative rants about the executive in an investment forum. In another case,
hackers posed as an adviser to one of two companies in a potential acquisition.
In
several cases, attackers have used confidential company documents, which they
had previously stolen, as aids in their deception. In others, the attackers
simply embedded generic investment reports in their emails.
In
each case, the links or attachments redirected their victim to a fake email
login page, designed to steal the victims credentials, so that the attacker
could log into their email and read the contents.
The
Fin4 attackers maintain a light footprint. Unlike other well-documented attacks
originating in China or Russia, the attackers do not use malware to crawl
further and further into an organizations computer servers and infrastructure.
They
simply read a persons emails and set rules for the infiltrated inboxes to
automatically delete any email that contains words such as hacked, phished
or malware, to increase the time before their victims learn their accounts
have been compromised.
Given
the types of people they are targeting, they dont need to go into the
environment; the senior roles they target have enough juicy information in
their inbox, said Jen Weedon, a FireEye
threat intelligence manager. They are after information protected by
attorney-client privilege, safety reports, internal
documents about investigations and audits.
Because
the attackers do not deploy malware and communicate in native English, they can
be tricky to track.
Ms. Weedon said FireEye first began
responding to Fin4 attacks in mid-2013 but did not put together its findings
until five months ago, when a few of its analysts concluded the attacks did not
appear to be the work of familiar attackers in Russia or China, and warranted
further investigation.
FireEye
would not name the victims, citing nondisclosure agreements with its clients,
but said that all but three of the affected organizations were publicly listed
on the New York Stock Exchange or Nasdaq,
while the others were listed on exchanges outside the United States.
Half
of these companies fall into the biotechnology sector; 13 percent sell medical
devices; 12 percent sell medical instruments and equipment; 10 percent
manufacture drugs; and a small minority of targets include medical diagnostics
and research organizations, health care providers and organizations that offer
health care planning services.
FireEye
said it had notified the victims, as well as the Federal Bureau of
Investigation, but did not know whether other organizations like the Securities
and Exchange Commission were investigating.
Representatives
of the F.B.I. and S.E.C. declined to comment on the case.
FireEye
has aggressively marketed its security research and breach detection products
since it went public last year.
Its
Fin4 research was published the day after David G. Dewalt,
FireEyes chief executive, appeared in a 60 Minutes
report, lamenting the fact that companies do not detect their breaches sooner.
The
companys stock price which surged to $100 a share last March has since
dropped to $30 a share in part because of a report that indicated one of FireEyes intrusion detection products did not perform as
well as others in a lab test.
On
Monday, the same day FireEye released its Fin4
report, lawyers filed a class-action suit in the United States District Court
for the Northern District of California on behalf of FireEye
shareholders.
Ms. Weedon said that FireEye had not
had time to assess the effects of the breaches to see whether the attackers had
benefited financially.
It
is also difficult to track the attackers because in each case, they logged into
their victims email accounts using Tor, the anonymity software that routes web
traffic through Internet Protocol addresses around the globe. Last month, the
F.B.I. seized dozens of criminal websites operating on the Tor network, in the
largest operation of its kind.
We
dont have specific attribution but we feel strongly this is the work of
Americans or Western Europeans who have worked in the investment banking
industry here in the United States, Ms. Weedon said.
But its hard because we dont have pictures of guys at their keyboards, just
that they are native English speakers who can inject themselves seamlessly into
email threads.
Ms. Weedon added, If its not an American, it is someone who
has been involved in the investment banking community and knows its
colloquialisms really well.
Direct3D
Direct3D is an application program interface (API)
developed by Microsoft that provides a set of commands and functions for
manipulating 3D objects. By using Direct3D commands, software developers can
take advantage of many prewritten functions. This allows programmers to write
significantly less code than if they had to write all the functions from
scratch. Direct3D makes it relatively easy to manage three-dimensional objects,
including lighting and shadows as well.
In order for a software program to use Direct3D commands,
the computer's video card or graphics accelerator device must support Direct3D.
Fortunately, just about all video cards made for PCs offer Direct3D support.
While many video games and other programs use Direct3D, OpenGL is a more widely
used standard.
Dare to think for yourself.
Voltaire
Note -