Nov 13 2009

Cyber criminals deface 50 to 60 Indian websites a day

Category: CybercrimeDISC @ 2:52 pm

microsoft_fr_hacked
Image by Clopin via Flickr

Webnewwire.com report submitted on November 11, 2009

Has your girlfriend blocked you and you cant see her on-line? Wondering how to keep your email account protected? Or want to hide files from your annoying siblings? MTV’s got Ankit Fadia – the coolest Ethical Hacker in the world to give you everything from tips, tricks to cheat codes that will help make your life on the world wide web a whole lot simpler. Learn cool stuff that you can with your computers, Internet, mobile and other technology in your life!

This is India’s first tech show which does not review tech gadgets, websites or software instead it gives viewers a low down (or download!) on cool stuff that they can do with technology that will make their every day life cooler, simpler and stylish!

I am hosting “MTV What the Hack!” show with MTV VJ Jose, informed Ankit Fadia who was in city on a private visit. Watch it on MTV India every Saturday @ 8:20 PM. Repeat Telecasts every day, he appealed to the people

The show is a guy show with lots of typical MTV style humour. VJ Jose and Ankit Fadia shoot the episodes without a script and just naturally jam in front of camera and talk about technology. The show has got a very good response so far as it is being different from other shows. Most of the tech shows in India are review based shows where gadgets, software and websites are reviewed. This is the India’s first reach show that actually teaches viewers something. The show is on as part of MTV’s move to beyond music and beyond television. Since October 17 this year dropped ‘Music Television’ baseline which has been there in India for the past 13 years. Music contributes about 40 per cent of its programming and soon will go down to 25 per cent. This is happening as part of repositioning exercise MTV kicked off two years back. MTV is born of music, inspired by music, driven by music –but not limited by music. IT is now about new ideas, new formats, new ways of reaching people in new places they choose to live in.

Addressing the press conference Ankit Fadia spoke on various issues concerning Cyber Security in India. Speaking about Cyber security issues India is facing today he said Pakistani cyber criminals are able to deface 50 to 60 Indian websites a day, but, in retaliation only 10 to 15 Pakistani websites are defaced. And this has been going on since 2001. Nodoubt, India is IT capital of the world, but, as far as security is concerned India is far lagging behind, informed Ankit.

Speaking further he added that Terrorists are using most advanced technologies for communication. Which include mainly VOIP(Voice Over Internet Protocol) Chats, hiding messages inside photographs, draft emails, encrypted pen drives etc are some of the techniques to communicate with each other, he informed.

Cyber laws in India are quite good, b ut the problem is that the police who enforce those laws are ill equipped and are not trained properly. And he challenged media to visit the nearest police station and lodge a cyber crime complaint. And you will shocked that 9 out of 10 times, the officials attending you won’t follow what you are saying, said Ankit.

The biggest problem that the police worldwide face while solving cyber crime is the fact that the Internet has no boundaries, however, while investigating a cyber crime case a number of geographical, political, social and diplomatic boundaries come into the picture.

The next big security threat could be from Social Networking, Ankit declared. Everybody in India is on the social networking bandwagon. Even Karan Johar, Priyanka Chopra, Aishwarya Rai, Shashi Tharoor, Barack Obama and many other celebrities are updating Twitter daily. The latest viruses, worms, spyware and malware spread through social networking websites like Twitter, Facebook, Orkut and Myspace.

You will receive a private message from one of your friend (who is already infected) containing a link to a Youtube video. Halfway through the video, it will prompt you to download some Video Plugin or Code. Since the message came from your friend, most people tend to trust it and get infected!, said Ankit.

There are many financial scams and frauds happening on social networking websites. Get rich quick schemes, Earn Money Online Scams and various money laundering attacks now come to you through a Twitter update or a Facebook wall post!. Since Social Networking websites are all about your friends, many people are susceptible to the attack, Ankit said and added that Antivirus companies need to gear up to have a social networking aspect to them. People need to be made aware of the threats of social networking!

Another next big security threat could be People Hacking, he informed. People Hacking is all about sweet talking people to get things done. Especially things that they would normally don’t do or should not do!. People Hacking happens around us all the time. In the office, with your friends, at the check in counters at the airport or on the phone with the call centre. To carry out People Hacking you need to know what to say to whom and more importantly how to say it. Inducing fear, guilt, sympathy or just overpowering the victim with your words can lead to People Hacking, informed Ankit Fadia.

When asked about advise like Dos and Don’ts for average internet user he listed out the following.

– Use an Antivirus. More importantly, update it every week.

– Use an Anti Spyware. Update it every week.

– Use a Firewall. They are not as technical as they sound. A very good firewall that I recommend is Zone Alarm. Just do a Google search to download it.

– Use a strong password for all your accounts—a combination of alphabets, numbers and special characters. Use both lowercase and uppercase.

– Use Windows Update every fortnight to patch Windows.

– Use a Key Scrambler—a software the scrambles your keys in such a way that key loggers & other spying tools cant record what you type on your computer.

– Use a password on your Wi Fi network.

Reblog this post [with Zemanta]

Tags: Aishwarya Rai, Ankit Fadia, Barack Obama, cyber security, facebook, Google, MySpace, pakistan, Priyanka Chopra, Security, social engineering, Social Networking, Twitter, World Wide Web, YouTube


Mar 12 2009

Cybersecurity and congressional hearing

Category: Information WarfareDISC @ 2:02 am

United States Central Command
Cybersecurity experts were at congress floor this week to discuss security strategy and threats to federal government infrastructure for not having an appropriate strategy and funding.

“Where are we today in cyber security? From one perspective, we are in remarkably bad shape. In the last year, we have seen the networks of the two Presidential campaigns, secure networks at the U.S. Central Command and computer networks in Congress and other Federal agencies penetrated by outsiders.” Dr. Jim Lewis, Center for Strategic and International Studies

“But in our rush to network everything, few stopped to consider the security ramifications of this new world we were creating. And so we find ourselves in an extremely dangerous situation today – too many vulnerabilities exist on too many critical networks which are exposed to too many skilled attackers who can inflict too many damages to our systems. Unfortunately, to this day, too few people are even aware of these dangers, and fewer still are doing anything about it.” Rep. Yvette Clarke, D-N.Y., who chairs the subcommittee

Amit Yoran said that research and development must be bolstered, standards for securing systems must be reformed, and a legal analysis of the governance, authority and privacy requirements is needed. cybersecurity focuses on monitoring adversaries, determining their methods and techniques, tracking their activities to a point of origin, and determination of compromise scope, intent and objective.

Copies of written testimony from 3/10 proceedings are available on the Committee on Homeland Security site.

Detection of cyber attacks and emergency response plan is a paramount to be successful against cybersecurity attacks. I think federal government needs a new proactive paradigm for cybersecurity, which inspect the packet (deep packet inspection) to distinguish malicious packet from normal packet. This way malicious packet can be dealt appropriately at perimeter before it create a havoc at inside network or at end user desktop.


httpv://www.youtube.com/watch?v=5rDEw3uSK54

Reblog this post [with Zemanta]

Tags: Amit Yoran, Barack Obama, Center for Strategic and International Studies, Computer security, Congress, Federal government of the United States, Security, United States


Dec 05 2008

Telcos and information privacy

Category: Information PrivacyDISC @ 2:26 pm

Mobile Phone
Image via Wikipedia

With the economy in the tank, breach of privacy is not going to be a priority in Obama’s administration to do list. It will be quite difficult to make it a priority when Obama has signed a bill indemnifying telcos from suits due to privacy breaches.

During the presidential election campaign, Verizon employee gained unauthorized access to President-elect Obama’s mobile phone records. You might assume that if telcos are having a hard time protecting the privacy of high profile individuals, how would that make you feel as a cell phone owner? Don’t you wonder why the mainstream media didn’t publicize this case of high profile privacy breach more widely?

Basically Telcos have been immunized from privacy lawsuits so that big brother can snoop around our private phone records as they please. In this instance, law only applies to people and makes it illegal to snoop on each other but the telecom entities have been granted an exception by congress. Legal ruling require law enforcement to meet high “probable cause” standard before acquiring cell phone record. In recent report, document obtained by civil liberties group under FOIA request suggest that “triggerfish” technology can be used to pinpoint cell phone without involving cell phone provider and user knowing about it.

Organizations should implement directive, preventive and detective controls to protect the privacy of information. Where directive controls include the policies, procedures, and training. Preventive controls deal with the separation of duties, principle of least privilege, network, application and data controls. Detective controls involve auditing, logging and monitoring.

Verizon case shows lack of detective controls. Organization should have a clearly defined privacy policy which states that private information should be logged, monitored and audited. High profile individual should be identified and documented and reviews of audit logs should be conducted to identify inappropriate access to the privacy information of high profile individuals. The authorized person who has access to private information should be audited on regular basis to find out if they are following the privacy policies and procedures of the company. For privacy information, log who accessed which data, for who and when. Managers should train and monitor subordinate to help protect privacy information, which not only educate the subordinate but also serve as a major deterrence. Privacy is an essential ingredient of liberty and must be guarded with utmost due diligence.

“Those who give up essential liberty to purchase a little temporary safety deserve neither liberty nor safety” Benjamin Franklin

Presidential Phone Compromised

Privacy Debate: Shouldn’t Public Demand High Threshold?
httpv://www.youtube.com/watch?v=HR6IEz4T7Yw

Reblog this post [with Zemanta]

Tags: auditing, Barack Obama, breach of privacy, Civil liberties, detective, directive, Lawsuit, logging, mobile phone, monitoring, preventive, privacy, Security, tiggerfish, Verizon