Newsletter
IT and Cyber Security News Update from
Centre for Research and Prevention of Computer
Crimes,
Courtesy - Sysman Computers Private Limited, Mumbai (www.sysman.in)
Since June 2005
December 31, 2014 Issue
no 1525
Tenth year of
uninterrupted publication
Todays edition
INTELLIGENCE :
NATGRID - MHA sets up committee to fast forward the anti-terror database
GROWTH : India cybercrime graph fast-rising at 40 percent
annually: Home Ministry report
BLOCKED : 32 sites including Pastebin,
Dailymotion, Github blocked
after DoT order
BROKEN : Hacker says your fingerprint can be copied from
consumer photographs
(Click on heading above to jump to related item. Click on Top to be back here)
INTELLIGENCE : NATGRID - MHA sets up
committee to fast forward the anti-terror database
Rahul Tripathi
December
30, 2014
To
give a push to the ambitious National Intelligence grid (NATGRID), set up after
the Mumbai 26/11 attack, the Narendra Modi led NDA government has set up
committees involving stakeholders from 22 agencies after they expressed
reservation on sharing data and intelligence. The main committee will be headed
by the Union Home Secretary where the chief of intelligence agencies and
investigating units will be the members, said a home ministry official.
A
senior Home Ministry official also told INDIA TODAY that they are also trying
to rope in States to share information on NATGRID and expect that a final
decision will be taken by January. Apart
from the main committee, there will be two sub committees which will be headed
by additional secretary and joint secretary level officers and will deliberate
on policy, data sharing and coordination. âWe
are also holding consultations with enforcement agencies to allay fears
regarding breach of security and misuse of information,â
the official added.
Among
the 22 agencies are Intelligence Bureau (IB), Research and Analysis Wing
(R&AW), Central Bureau of Investigation (CBI), Financial
intelligence Unit (FIU), Central Board of Direct Taxes (CBDT), Directorate of
Revenue Intelligence (DRI), Enforcement Directorate (ED), Narcotics Control
Bureau (NCB), Central Board of Excise and Customs (CBEC) and the Directorate
General of Central Excise Intelligence (DGCEI). NATGRID seeks to integrate over
25 categories of database from agencies like, railways, banks, airlines, credit
card companies, immigration and others, and make it available to the law
enforcement officers
This
concept was first mooted by former Home Minister P Chidambaram and was approved
by the Cabinet committee on Security during UPA regime. The purpose of creating such a central agency
was to have integrated intelligence grid that will link databases of several
departments and ministries of the Government of India so as to collect
comprehensive patterns of intelligence that can be readily accessed by multiple
agencies. It was also aimed to identify,
capture and prosecute terrorists and help pre-empt terror plots, said an
official.
After
it was conceived the project was to be implemented in four phases, the first
two of which was planned to be operationalised by
2014 at a cost of Rs.1100 crores while the initial data sourcing was targeted
to be made retrievable as early as 2013. However, the delay
were caused due to many hurdles including fear among agencies that this
may jeopardise their operations. Legal experts also
argued that the implementation of the programme will requirement amendments in
several laws to allow sharing and transferring of data on items such as
property and bank transaction details.
GROWTH : India cybercrime graph
fast-rising at 40 percent annually: Home Ministry report
www.microfinancemonitor.com
December
29, 2014
India
is fast climbing not only in its Internet accessibility numbers at 300 million
users but also in cyber crimes, which have jumped 40% in the last two years,
according to a Home Ministry report.
All
cyber crime related to hacking, phishing, credit card and banking fraud have
increased by more than 40 % annually in the past three years, which requires
more attention to curb online crimes, which end up cheating the middle-class
and new Internet users in rural areas.
The
Home Ministry statistics show that more than 71,780 cyber frauds were reported
in 2013, compared to 22,060 recorded in 2012, and the number in 2014 has
already reached 62,189 incidents of cyber frauds.
Home
Minister Rajnath Singh has recently told parliament
that there was a need to impose stiff cyber monitoring rules in the wake of
growing use of Internet and social media by global terror outfits like ISIS,
which is found misused by techies to spread hatred. He pointed out the arrest
of Bangalore professional Mehdi Masroor
Biswas for operating a pro-ISIS Twitter account, in
support of his view to implement strict monitoring mechanism.
Rajnath
said the government has already set up a five-member expert group to recommend
strategies to tackle cyber crime.
The
cyber crime that was new to India a decade ago has mushroomed with increasing
number of case from global destinations like spamming, phishing, malicious malware, website hacking, and online banking
fraud. Most of these online crimes originated in the US, Turkey, China,
Pakistan, Europe, Brazil, Bangladesh, Algeria and the UAE.
Recently,
Bangalore police busted an online shopping website BIGSOP.COM that has cheated
thousands of gullible online shoppers.
Soon,
the home ministry may come down heavily on online freedom and introduce some
curbs to restrain online users and social media geeks.
BLOCKED : 32 sites including Pastebin, Dailymotion, Github blocked after DoT order
The block
was first reported by Pastebin, a website where you
can store text online for a set period of time, through its social media
accounts on December 19.
By Anupam Saxena
TOI Tech
Dec 31, 2014
NEW DELHI: A number of Indian
users are reporting they're not able to access websites such as Pastebin, DailyMotion and Github while accessing the internet through providers such
as BSNL and Vodafone.
The block was first reported
by Pastebin, a website where you can store text
online for a set period of time, through its social media accounts on December
19. In a follow-up post on December 26, the site posted that it was still
blocked in India on the directions of the Indian government.
A number of users also posted
about the blocks on Reddit threads confirming that
the sites have been blocked by Vodafone, BSNL and Hathway,
among others.
http://t.co/e3zRKnJJQO seems to have been
blocked in India. If you are from India and unable to visit Pastebin,
please email us.
Pastebin.com (@pastebin)
December 19, 2014
It now appears that the
blocks are being carried out on the instructions of DoT
(Department of Telecom). The telecom body reportedly issued a notification
regarding the same on December 17. A screenshot of the circular has been posted
on Twitter by Pranesh Prakash. The notification
mentions that 32 URLs including Pastebin, video
sharing sites Vimeo and DailyMotion,
Internet archive site archive.org and Github.com( a web-based software code
repository), have been blocked under Section 69A of the Information Technology
Act, 2000. DoT has also asked ISPs to submit
compliance reports. However, we have not been able to verify the authenticity
of the circular.
Insane! Govt
orders blocking of 32 websites including @internetarchive
@vimeo @github @pastebin #censorship #FoEx
pic.twitter.com/F75ngSGohJ
Pranesh Prakash
(@pranesh_prakash) December 31, 2014
At the time of writing this
story, we could not access Pastebin, DailyMotion and Github on
Vodafone 3G and our office network that has access via dedicated lines.
Vodafone is not displaying any errors and is simply blocking access. However, a
number of users report that they're getting an error that says 'the site is blocked as per the instructions of Competent
Authority.' However, we were able to access all the websites on Airtel 3G.
Also see -
India blocks 32 websites,
including Vimeo and Github
BROKEN : Hacker says your
fingerprint can be copied from consumer photographs
By
Jacob Kastrenakes
December
29, 2014
http://www.theverge.com/2014/12/29/7464409/hacker-copies-fingerprints-from-photographs
If
you're really, really worried about securing your digital world, you might need
to start wearing gloves. A member of a German hacker collective says that he's
been able to copy a person's fingerprint using some photos of them taken with a
normal, consumer camera, according to the BBC. The hacker, Jan Krissler of the Chaos Computer Club, says that he was able
to copy German defense minister Ursula von der Leyen's fingerprint using a close-up photo of her thumb and
several other photos from additional angles, all taken during a public event
she was speaking at.
"From
the hacking group that fooled Touch ID after two days"
It
shouldn't come as much of a surprise that fingerprints aren't the most secure
form of identification out there. In fact, the Chaos Computer Club which
claims to be the largest hacker collective in Europe actually began
publishing work toward exploiting Apple's Touch ID sensor just days after the
first one went on sale in an iPhone 5S last year.
Similarly, the group said then that using "everyday means" they were
able to recreate a fingerprint that's capable of fooling a sensor.
There's
obviously more reason for concern now if, as Krissler
says, a knowledgable hacker just needs a good photo
of someone's finger to clone their fingerprint. But typically, that's still not
going to be enough to break into someone's accounts. In most cases, this is
only going to be relevant on an iPhone, and that
means the person forging a fingerprint would also need to have possession of
the phone set up to read it. That means a fingerprint is probably going to end
up securing a phone from someone who isn't supposed to have it far more often
than it'll let some crafty hacker gain access.
Also
see
DNS
Stands for "Domain
Name System." Domain names serve as memorizable names for websites and other services on the
Internet. However, computers access Internet devices by their IP addresses. DNS
translates domain names into IP addresses, allowing you to access an Internet
location by its domain name.
Thanks to DNS, you can visit a website by typing in the
domain name rather than the IP address. For example, to visit the Tech Terms
Computer Dictionary, you can simply type "techterms.com" in the
address bar of your web browser rather than the IP address (67.43.14.98). It
also simplifies email addresses, since DNS translates the domain name
(following the "@" symbol) to the appropriate IP address.
To understand how DNS works, you can think of it like the
contacts app on your smartphone. When you call a
friend, you simply select his or her name from a list. The phone does not actually
call the person by name, it calls the person's phone
number. DNS works the same way by associating a unique IP address with each
domain name.
Unlike your address book, the DNS translation table is not
stored in a single location. Instead, the data is stored on millions of servers
around the world. When a domain name is registered, it must be assigned at
least two nameservers (which can be edited through
the domain name registrar at any time). The nameserver
addresses point to a server that has a directory of domain names and their
associated IP addresses. When a computer accesses a website over the Internet,
it locates the corresponding nameserver and gets the
correct IP address for the website.
Since DNS translation creates additional overhead when connecting
to websites, ISPs cache DNS records and host the data locally. Once the IP
address of a domain name is cached, an ISP can automatically direct subsequent
requests to the appropriate IP address. This works great until an IP address
changes, in which case the request may be sent to the wrong server or the
server will not respond at all. Therefore, DNS caches are updated regularly,
usually somewhere between a few hours and a few days.
Laws: We know what they are,
and what they are worth! They are spider webs for the rich and mighty, steel
chains for the poor and weak, fishing nets in the hands of the government.
Pierre-Joseph Proudhon
(1809-1865)
French mutualist
political philosopher
Note -