27 December 2012

Bank loses Rs 1 crore in online fraud

MUMBAI: Not just individual savings accounts, even the accounts of banks are no longer safe. A local bank, which had a current account in another bank, fell prey to online fraud when Rs 1.05 crore was siphoned off from its account through Real-Time Gross Settlement (RTGS).

Even the police were stunned at the way the fraud took place as various security features are involved in an RTGS transaction. The customer is issued temporary password for each transaction. An RTGS payment is initiated only after the customer gives a written request for the same.

According to a police officer, the fraudsters managed to break into the bank's online security apparatus and within an hour transferred the Rs 1.05 crore into 12 different accounts through RTGS. The money was immediately withdrawn from those accounts.

........

Click here to read more ...... Solutions : www.xcyss.in

27 November 2012

Cybercrime a major threat to national security: Defence minister

NEW DELHI: Defence Minister A K Antony has said that the Union Government is aware that cyber-crime is becoming a major threat to national security and the armed forces are bracing to cope with the challenge.
........
In a written reply to Ramesh Bais, Uday Singh and HariManjhi in Lok Sabha today, Antony said 'usage of pen drive on computers connected to internet has been banned as a policy due to inherent security threat posed by pen drives'.

..........
"A Cyber Security Policy 2008 issued by the Ministry of Defence is under implementation, which inter-alia, includes continuous awareness campaign, audit of networks, strengthening of cyber security activities and maintaining of air gaps. Cyber security issues are also coordinated by National Security Council Secretariat (NSCS) at the national level," he added.


Click here to read more ......

Bangalore leads in cyber crimes

Of the 11,791 cases of cyber crimes reported in the country last year (2011), 117 were registered in Bangalore alone.
\Also, Bangalore accounted for 77.48 per cent of the 151 cases registered in the State in 2011 under various provisions of Information Technology (IT) Act.
....

But this is very much in line with the trend witnessed across the country, which recorded 288, 420, 966 and 1791 cases of cyber crime in 2008, 2009, 2010 and 2011, respectively.

.....
One major challenge is increased hacking, with the NCRB recording 233, 510 and 983 cases in 2009, 2010 and 2011, respectively in the country.

.....
While reported cases rose from 105 in 2008, 139 in 2009, 328 and 496 in 2010 and 2011, respectively, the number of arrests increased to 90, 141, 361 and 443 in these four years.

....
As per the information of Computer Emergence Response Team (CERT-In), the number of attacks on government websites showed a marked rise this year with the first seven months reporting 273 such incidents.
The total attacks on government websites were 201, 303 and 308 in 2009, 2010 and 2011, respectively.

..........

Click here to read more ......

Xtreme RAT malware targets US, UK, other governments



The hacker group that recently infected Israeli police computers with the Xtreme RAT malware has also targeted government institutions from the U.S., U.K., and other countries, according to researchers from antivirus vendor Trend Micro.

The attackers sent rogue messages with a .RAR attachment to email addresses within the targeted government agencies. The archive contained a malicious executable masquerading as a Word document that, when run, installed the Xtreme RAT malware and opened a decoy document with a news report about a Palestinian missile attack.

...
After analyzing malware samples used in the Israeli police attack, security researchers from Norway-based antivirus vendor Norman uncovered a series of older attacks from earlier this year and late 2011 that targeted organizations in Israel and the Palestinian territories. Their findings painted the picture of a year-long cyberespionage operation performed by the same group of attackers in the region.
..........

Click here to read more ......

19 November 2012

Georgian police chiefs cuffed in cyber spy plot

By Phil Muncaster

Several senior police officials and the former deputy interior minister of Georgia have been arrested on suspicion of spying on former opposition leaders and attempting to influence the result of October’s parliamentary elections.
The arrests come after new prime minister Bidzina Ivanishvili’s coalition swept to power at the election, ending the nine-year rule of the government of president Mikheil Saakashvili, who remains in his post until October 2013.
The 11 interior ministry officials and former deputy interior minister and current vice mayor of Tbilisi, Shota Khizanishvili, are accused of hacking their opponents’ PCs to illegally obtain personal information. Phone taps of calls between leaders of Ivanishvili’s Georgian Dream coalition are also alleged, AFP reported.


Click here to read more ......

30 October 2012

Youth uses uncle’s debit card to ‘purchase’ his own phone online

It was a smart crime involving a smart phone that was caught on the web. A youth, who used his uncle’s ATM/debit card to buy his own cell phone from a shopping website, was caught by the cyber crime cell, Hazratganj a couple of days ago. He had posted his Samsung Galaxy S-III for sale on the shopping website — www.ebay.in — that facilitates online sale and purchase of mobiles, gadgets and other stuff.

Complainant RS Srivastava (the youth’s uncle) received an SMS alert on his cell phone at 5.27pm on October 4 that his SBI account debit card had been used for purchase of a phone worth Rs. 25,000.

Click here to read more ......

Facebook used to kidnap, traffic Indonesian girls

DEPOK(INDONESIA): When a 14-year-old girl received a Facebook friend request from an older man she didn't know, she accepted it out of curiosity. It's a click she will forever regret, leading to a brutal story that has repeated itself as sexual predators find new ways to exploit Indonesia's growing obsession with social media.

.......

The man, a 24-year-old who called himself Yogi, drove her an hour to the town of Bogor, West Java, she said in an interview. There, he locked her in a small room inside a house with at least five other girls aged 14 to 17. She was drugged and raped repeatedly - losing her virginity in the first attack.
After one week of torture, her captor told her she was being sold and shipped to the faraway island of Batam, known for its seedy brothels and child sex tourism that caters to men coming by boat from nearby Singapore.
.....

Click here to read more ......

06 October 2012

Iran Jams U.S. Satellite Broadcasts


Washington, D.C. — Iranian jamming of U.S. government-sponsored news and information programs disrupted broadcasts from Morocco to Eastern Europe to Indonesia, the Broadcasting Board of Governors has found.
Satellite operator Eutelsat confirmed that the intermittent jamming was coming from inside Iran. This most recent episode of interference with broadcasts began on Oct. 3 and is in clear violation of international agreements.
......
One of the BBG’s Internet anti-censorship vendors is reporting that traffic from Iran using its software and servers has increased substantially since the jamming began.  This suggests that Iranian listeners and viewers are shifting to the Internet to receive news and information.
Jamming is prohibited under rules of the International Telecommunications Union.  The recent jamming affected not only U.S.-supported programming, but also the British Broadcasting Corporation.
International Broadcasting Bureau Director Richard M. Lobo called the most recent interference “an outrage (and) a deplorable violation of well-established international agreements” in a statement issued when the incident started.
The jamming coincided with reports of street demonstrations and mass arrests of Iranians protesting falling currency exchange rates. Both VOA and RFE/RL report that in some instances, interference starts just before newscasts, and ends just afterwards.
Three satellite transponders operated by Eutelsat and those most popular among Iranian viewers have been affected: HotBird 13B, Eutelsat 25A and Eutelsat 7A. Viewers said the signals reappear intermittently.
The interference has diminished or altogether blocked other U.S.-supported programs on the Eutelsat satellites, including Georgian, Armenian, Bosnian, Korean and many other language broadcasts.
VOA and RFE/RL programs continue to be broadcast on diverse media platforms, including digital audio and video streams on other satellite paths and on the Internet.
In February, the ITU called upon the world’s nations to take “necessary actions” to stop intentional interference with satellite transmissions. Earlier, the BBG and other international broadcasters called for action against jamming.


Click here to read more ......

Google FUD or State-Sponsored Attack Threat?


Select users of Google’s services are once again receiving warnings regarding the possibility that they may be at risk of falling victim to state-sponsored attacks. Is this just more fear, uncertainty and doubt, or is there a legitimate threat backing up the move by the search engine giant?
.........
“First, it generates fear on the part of Google’s customers because regardless of the fine print, such a warning will most likely send the recipient into panic mode when there’s no reason to panic. Second, it makes a claim which upon investigation is so vague that it’s meaningless. You may be the victim of a state or someone working on a state’s behalf? That’s pretty much the case for all targeted attacks,” wrote security consultant Jeffery Carr, founder and CEO of Taia Global.
........
“The bottom line as far as Google’s advice is concerned is that it’s FUD-inducing for the people who aren’t targets and its insufficient for those who are. I have to wonder what Google was thinking when it created this awful program.”
..........


Click here to read more ..... 

Managed Ransomware-as-a-Service spotted in the wild


By Dancho Danchev
Over the past several quarters, we’ve witnessed the rise of the so called Police Ransomware also known as Reveton.
From fully working host lock down tactics, to localization in multiple languages and impersonation of multiple international law enforcement agencies, its authors proved that they have the means and the motivation to continue developing the practice, while earning tens of thousands of fraudulently obtained funds.
,,,,,,,
According to the advertisement, the actual malicious executable is both x32 and x64 compatible, successfully blocking system keys and other attempts to kill the malicious application. The cybercriminals behind the managed service have already managed to localize their templates in the languages of 13 prospective European countries such as Switzerland, Greece, France, Sweden, Netherlands, Italy, Poland, Belgium, Portugal, Finland, Spain, Germany, and Austria.
The price for the service? $1,000 on a monthly basis for a managed, bulletproof command and control infrastructure.
,,,,,,,

The managed service relies primarily on the Ukash voucher-based payment system, and the command and control interface conveniently displays the voucher codes and their monetary value, allowing the users of the service an easy way to claim the money from the vouchers.
,,,,,



Click here to read more ......

Basic Use of Maltego for Network Intelligence Gathering

02 October 2012

CID probing hacking of Karnatka Chief Minister’s website

Cyber crime officials of the Criminal Investigation Department (CID) are trying to track the internet protocol (IP) address from where Chief Minister Jagadish Shettar’s personal website was hacked on Wedneday.

Click here to read more ...... 

Manager’s e-mail hacked, complaint filed in Ahmedabad


In a police complaint filed with Cyber Crime Cell (CCC) of Detection of Crime Branch (DCB) on Friday, one Karnik Shah claimed that his e-mail was hacked by unknown people, who now have accessed vital documents from the emails.
Shah is general manager with a city-based pharmaceutical company, who was recently transferred to Ahmedabad from Jammu and Kashmir.
.......

Click here to read more ......

AP BJP chief gets death threat on Facebook from Pak national


Andhra Pradesh BJP unit chief G Kishan Reddy on Saturday lodged a police complaint after he allegedly received death threat from a Pakistani national on a social networking site, police said.
........

ISRO scientist’s son, 2 others held for credit card fraud

Ahmedabad: Based on a tip-off received by a constable of cyber crime cell of Detection of Crime Branch (DCB), officials caught three persons with 33 cloned credit cards on Sunday. Among the arrested, two people run a call centre in the city while the third is a wanted criminal from Rajasthan. Investigation revealed that one of the accused is the son of a scientist at Indian Space Research Organisation (ISRO) in the city.

........

Click here to read more ...... 

Cybercrime cost India $8 billion in last 12 months: Norton


NEW DELHI: More than 42 million people in India have fallen prey to cybercrime in the past 12 months, suffering about $ 8 billion in direct financial losses, estimates a report by security solutions firm Norton.
The 'Norton Cybercrime Report 2012' found, based on experiences of more than 13,000 adults across 24 countries (including 1,000 from India), said direct costs associated with global consumer cybercrime are pegged at $ 110 billion over the past twelve months.
.......
Globally, every second 18 adults become a victim of cybercrime, resulting in more than one-and-a-half million cybercrime victims each day, the report said.
With losses totaling an average of $ 197 per victim across the world in direct financial costs, in the past 12 months, an estimated 556 million adults across the world experienced cybercrime.
....
In India, one in three respondents (32 per cent) said they have been a victim of either social or mobile cybercrime in the last 12 months.
About 51 per cent of social network users among the Indian respondents said they have been victims of social cybercrime.
......
"Cybercriminals are changing their tactics to target fast growing mobile platforms and social networks where consumers are less aware of security risks," Norton Internet Safety Advocate and Director (Asia) Effendy Ibrahim said.


Click here to read more ...... 

‘Indian police not capable of solving hi-tech cyber crimes’


Chandigarh - A senior UT police officer on Friday stated that the country’s police force was not capable of solving hi-tech cyber crimes. “If we rate the cyber crimes in the country on a scale of 1 to 10, the Indian police forces are only capable of solving the crimes at the scale of 3, or a maximum 4,” said the Superintendent of Police (Traffic), Chandigarh, Maneesh Chaudhry while addressing a two-day workshop on cyber crimes at the Punjab Engineering College in Chandigarh.
From lack of mandatory computer training during recruitment to lack of international treaties, Chaudhry cited various difficulties faced by the Indian police forces in tracking cyber crimes. 
......
“Today, if you want to register a case of cyber crime, the police station officials will send you to the cyber crime cell as all police stations are not equipped to handle such offences. The recruitment process should be amended to include at least some percentage of officials specially trained for cyber crime. When cyber crime also fails, we require help of the cyber forensic experts,” Chaudhry said.
.......
The police official also cited the process required to obtain evidence as another hindrance. Evidence related to cyber crime is gathered from Forensic Science Laboratories (FSLs). There is one FSL in every state and there are six central FSLs. “Once the information has been sought from the FSLs, it takes months for them to get back with any report as they are overworked with many cases piling up. By that time, the accused is no more under investigation; he is either on Judicial custody or bailed out,” Chaudhry said. He insisted that there should be a FSL at every police station to handle the increasing number of cyber crimes.
..........

Click here to read more ...... 

White House thwarts cyber attack

A White House official said the attack targeted an unclassified network. He said the attack was identified and the system was isolated to prevent spread. He said there was no indication that any data was removed.
........
Last year, Google blamed computer hackers in China for a phishing effort against Gmail accounts of several hundred people, including senior U.S. government officials and military personnel. Last November, senior US intelligence officials for the first time publicly accused China of systematically stealing American hi-tech data for its own national economic gain.
.......
Leon Panetta, the US defence secretary, during a visit to China last month, raised the subject of China-based cyber-attacks against U.S. companies and the government.

The Obama administration is preparing an executive order with new rules to protect US computer systems.
.......
An initial draft of the order included provisions for voluntary cybersecurity standards for companies.
......

Click here to read more ......

An application can make your phone spy on you


LONDON: US military experts have demonstrated a new smartphone app that can turn your mobile's camera into a spying tool for cyber criminals, secretly beaming images of your house, chequebook and other private information back to them.

.......

The app 'PlaiceRaider' was created by US military experts at Naval Surface Warfare Center in Crane, Indiana, to show how cybercriminals could operate in the future, the Daily Mail reported. 
.......
The team said they could glean vital information from all 20 users, and that the 3D reconstruction made it much easier to steal information than by just using the images alone.
.....
Researcher Robert Templeman said their app can run in the background of any smartphone using the Android 2.3 operating system. Through use of phone's camera and other sensors, PlaceRaider constructs 3-D models of indoor environments. "Remote burglars can thus download the physical space, study the environment carefully, and steal virtual objects from the environment," researchers said.



Click here to read more ......

01 October 2012

Pen drives main threat to cyber security: Army

NEW DELHI: Despite a ban, use of pen drives has emerged as the main threat to cyber security in defence forces as it is responsible for over 70 per cent of such breaches in the three Services.

The use of pen drives as an easy-to-carry storage device has increased in the recent past and internal reports have confirmed that over 70 per cent cyber security breaches in the armed forces are due to their unauthorised use, Army officials said.

"These pen drives, which are mostly manufactured in China, have emerged as a big threat to our cyber security systems," they said.

.........

Click here to read more ......

Armed forces further tightening cyber security, IT usage norms

NEW DELHI: The armed forces are further tightening cyber security and information technology usage norms for all its personnel to prevent the "leaking" of confidential data and information, apart from reiterating strict orders to refrain from posting classified information on social networking websites.
......

All IAF officers, for instance, will now have to sign a declaration that they will not "save or view" any official document on personal computers as well as provide details of digital storage devices being used for official purposes. Any violation will attract strict action, warned IAF authorities.

The Army has already directed all its officers and personnel to even remove their pictures and information showing their affiliation to the service from their personal profiles on social networking websites.

......


Click here to read more ...... 

30 September 2012

Chinese hackers linked to breach of control systems used in electric grids



.....Experts detected digital fingerprints implicating a Chinese hacking group that has been tied to cyber-espionage campaigns against Western interests.
...
KrebsOnSecurity cited Joe Stewart, director of malware research at Dell SecureWorks, who said that website and malware names mentioned in a more recent letter from Telvent can be traced to a Chinese hacking team known as the "Comment Group."
.....
Researchers told Bloomberg that during two months of monitoring last year, targeted companies spanned a vast scale as data "bled from one victim to the next":
...from oilfield services leader Halliburton Co. (HAL) to Washington law firm Wiley Rein LLP; from a Canadian magistrate involved in a sensitive China extradition case to Kolkata-based tobacco and technology conglomerate ITC Ltd. (ITC)
.......
Evidence indicates that at least 20 organizations have been harvested for data, many of whose secrets could give China a leg up on its path to becoming the world’s largest economy.
Bloomberg cited unnamed security experts who said that the breaches have sprung data leaks in major oil companies, who've lost seismic maps charting oil reserves, while patent law firms have been squeezed for clients' trade secrets and investment banks have been targeted for market analysis regarding global ventures of state-owned companies.
.....
Meanwhile, the Obama adminstration and Congress have grown increasingly vocal about Chinese and Russian cyber espionage and attacks, with the White House close to completing the first draft of a cybersecurity executive order designed to bring about stronger cyber security around the nation's water, electrical and transportation systems.
.....

Click here to read more ....

Network Surveillance Devices Discovered via Shodan



shawn merdinger 


It’s no secret that Shodan has turned up some interesting findings over the past few years – everything from critical infrastructure devices, to VoIP phones, solar and wind farms, HVAC systems, even a online crematorium.
Now, we can add surveillance devices like BlueCoat Proxy and PacketShaper boxes, Cisco routers running Lawful Intercept code and various vendors’ CALEA Mediation Devices into what Shodan has pre-scanned and savvy researchers searching Shodan can find.
.....
BLUECOAT
In the case of Blue Coat, the company’s filtering technology was identified in October, 2011 by Citizenlab.org based out of the University of Toronto and documented here: https://citizenlab.org/2011/11/behind-blue-coat/  Highlights include 12 BlueCoat devices identified in Syria.  This research was also picked up by Forbes and Bruce Schneier as well.
Finding BlueCoat devices by searching Shodan can reveal these filtering and packet shaping boxes deployed around the world.
.....
CISCO SYSTEMS' LAWFUL INTERCEPT
Other vendors’ products in the surveillance space are also identifiable via Shodan searches.  Cisco Systems’ Lawful Intercept is a specialized architecture that is well documented and utilizes specific Cisco IOS images on certain platforms.  Unfortunately, hundreds of Cisco routers running Lawful Intercept code versions are in the Shodan database simply because the router owners configured the SNMP community read string as “public.”  As a result, Shodan scanners queried the router using SNMP and public community string and the router returned the Cisco IOS version, along with other SNMP details.
.......
IMPACT
So what is the impact of these kinds of devices being exposed through researchers’ Shodan searches and disclosure?  That is not an easy question to answer, given the unknowns in this kind of situation.
Obviously, there is a risk of attackers targeting and sabotaging these surveillance devices for any number of reasons, from political or criminal motivations to simple personal amusement, a.k.a. "Teh Lulz"
...........
Overall, one must treat these search results with skepticism.  After all, they may be honeypots, or test systems, or not in use, or whatever.  Simply because a router is on the Internet and has a Lawful Intercept capable image loaded doesn’t necessarily mean it is being used for that purpose.
Then again, they could be live systems... who knows?







Click here to read more .... 

New Russian DIY DDoS bot spotted in the wild

By Dancho Danchev
Over the last couple of years, the modular and open source nature of today’s modern DDoS (distributed denial of service) bots inevitably resulted in the rise of the DDoS for hire and DDoS extortion monetization schemes within the cybercrime ecosystem.

These maturing business models require constant innovation on behalf of the cybercriminals providing the easy to use and manage DIY DDoS bots, the foundation of these business models.

......
Sample screenshot of the command and control interface of the Russian DIY DDoS Bot:
  • The bot supports SYN flooding, HTTP flooding, POST flooding and the special Anti-DDoS protection type of flooding. 
  • It has also built-in anti-antivirus features allowing it avoid detection by popular host-based firewalls.... 
  • t will not work under a virtual machine preventing potential analysis of the malicious binaries conducted by a malware researcher. 
  • Randomization of the HTTP requests using multiple user-agents in an attempt to trick anti-DDoS protection on the affected hosts. ........
......

Click here to read more .... 

State Sponsored Cyber Threats – The Long View

Strategic Penetration for Future Exploitation
So, what is “strategic penetration or future exploitation”? It is an attack strategy that hedges long-term bets on two potential future worldviews, namely PROSPERITY and CONFLICT that allows for the pursuit of PROSPERITY while seeking out strategic advantage in the event of CONFLICT.
During these types of attacks, critical infrastructure and high-value targets are compromised not for the purpose of stealing intellectual property or engaging in traditional espionage and intelligence activity, but rather to establish a foothold to diminish the operation of those infrastructures in the event of future hostilities.

........................

Key components of a strategic compromise include:

  • Initial compromise....
  • Narrowly focused scope .....
  • Time-shifted intent .....
  • Long-term stealth and patience ....
  • A Team only......
......

Strategic Penetrations have Strategic Implications
In an environment where existing security models are already broken, addressing this type of threat will be a persistent challenge. It requires us to think not only about how we are vulnerable now, but how we will be vulnerable in ten years or how today’s vulnerabilities could be time shifted for future strategic advantage. It requires new detection techniques focused on host security, supply chain integrity,and implementation and infrastructure management controls. It also requires a vibrant cyber intelligence capability that is not dependent exclusively on technical collection.
Most importantly, it requires a shift in our mindset of how we view the current threat space and breaking our cultural disposition to only think about these issues in a short-term context.



04 September 2012

Powerful cyber attack tools widely available, say researchers


Online cyber criminal markets are putting very sophisticated attack tools into the hands of more low-level attackers, say cyber intelligence specialists.
More attackers are now getting their hands on tools like Zeus and SpyEye, according to the cyber intelligence team at the Online Threats Managed Services (OTMS) group of RSA, the security division of EMC.
Such tools are widely available at relatively low cost. The barriers to entry are falling all the time because these tools are also increasingly easy to use with well-developed user interfaces.
…………………….
However, apart from targeted attacks, there has also been an increase in the number of malware infections on machines within business networks.
…………………..
It is now in the open that countries are using malware as part of their cyber espionage programmes, and companies should be planning their cyber security in light of that fact.
………………..
…………………

Click here to read more ...... 
Solutions : www.xcyss.in

Two techies arrested for hacking cell recharge site


Two members of the hacker group, "Indishell", and its offshoots were arrested on Saturday after an extensive investigation by the Gautam Budh Nagar cyber crime cell. The accused, who did BTech in computer science, were charged with hacking into an e-commerce website that specializes in mobile recharge.
..............................
The hackers have cheated a Delhi-based company of more than Rs 50 lakh, police said. The accused, Sumit Gupta (24) and Ankit Singh (22), are from Moradabad in UP, and are considered one of the "most sophisticated hackers in the country". They were arrested from Noida and booked under Sections 420 of the IPC and 66C of the IT Act, 2008.
.............................

Click here to read more ...... 
Solutions : www.xcyss.in

03 September 2012

'Fake' Jaitley surfaces on Twitter again


Senior BJP leader Arun Jaitley has once again become a victim of cyber crime after another fake Twitter account cropped up in his name.

This is the second time in eight months that the leader of the Opposition in the Rajya Sabha has been subjected to such a predicament.
..........................
..........................

Click here to read more ...... 
Solutions : www.xcyss.in

31 August 2012

India is in a state of denial on cyber security: Kamlesh Bajaj

Kamlesh Bajaj, former government servant and now CEO of the Data Security Council of India (DSCI), tells Aditi Phadnis that India must beware another attack on its cyber security and suggests ways in which this can be countered.
............................
.............................
Click here to read more ...... 
Solutions : www.xcyss.in

Online impostor held for harassing woman

A Najibabad resident has been arrested for harassing a woman on social networking sites, threatening her and blackmailing her family after befriending her under a fake ID on Facebook and Orkut.
.................................
...................................

Karunakaran said the woman started avoiding Akram on learning he was an impostor but he pestered her to marry him. When she refused, he made fake profiles of her on these sites and posted false and offensive information, even disclosing the woman's mobile number. Thereafter, he informed the woman's mother and other relatives about the profile through electronic means. He met the mother and blackmailed her to pay Rs 5 lakh, if she did not want the complainant to be disgraced or become the victim of an acid or blade attack.
..................................


Click here to read more ...... 
Solutions : www.xcyss.in

30 August 2012

India to widen scope of cyber-security coordinator


India is to widen the scope of its cyber-security coordinator in the wake of incendiary Internet data that swept the country earlier this month and forced an exodus of northeastern people from Pune and Bangalore, although a senior official said that there is no move to take up the issue with Pakistan.
...................
India has also reiterated a demand made three years ago to toughen cyber laws to prevent such hate campaigns, the official said.
..................

Click here to read more ...... 
Solutions : www.xcyss.in

India to appoint a cyber security controller in National Security Council


Waking up to the new threat of cyber jehad, India has decided to appoint a cyber security controller in the National Security Council.
Official sources confirmed that the recent incident of morphed images being uploaded on a mass scale to create panic in parts of India; has got the Indian Government in a situation where it has to learn on the job.
...............
................

Click here to read more ...... 
Solutions : www.xcyss.in

NTRO was missing from govt's initial bid to block inflammatory web content

As the security establishment was scrambling to contain fake and inflammatory messages spreading across the internet that contributed to violence and exodus of thousands, one agency was conspicuous by its absence in the crucial initial phase: the intelligence agency that is supposed to counter such cyber crises.

In a bizarre twist to the government's response earlier this month to contain India's first real cyber challenge, the National Technical Research Organization (NTRO) was completely absent from the operation in the initial phase.
.................................

On August 14, the Centre had issued a nation-wide alert about safety of northeast origin people, and by August 17, it had imposed stiff restrictions on SMSs and MMSs over mobile phones. On August 18, the home ministry had forwarded the first list of internet sites and URLs to be blocked.

There were 75 websites and URLs on the first list given to CERT-IN (Computer Emergency Response Team-India) for blocking. Almost all of them were identified by the Intelligence Bureau and some probably by the Research and Analysis Wing. Not one of them was provided by NTRO.
.....................
.....................

The absence of NTRO in the critical initial phase fits into the larger lack of clarity within the security establishment over countering inflammatory messages on the web. The initial rush to block websites and Twitter handles led to widespread uproar against India's intolerance towards internet freedom.
.........................
..........................
Click here to read more ...... 
Solutions : www.xcyss.in

Power grids easy meat for cyber rogues

NEW DELHI: India's power systems could be vulnerable to crippling cyber attacks on a scale that can have serious implications for national security and economy, an enquiry into the July 30-31 grid collapse that grabbed global attention has said.

Although cyber attacks have been ruled out in last month's grid collapse, destabilization of the energy sector could lead to a "cascading effect on national security and economy. It points out that main vulnerabilities are in transmission and distribution sectors.
..................................
...................................

A well-delivered cyber assault can disrupt services to critical users like hospitals and metro rail systems and such an attack may choose to target distribution where the bulk of automation is evident.
.....................
.....................
Click here to read more ......
Solutions : www.xcyss.in

27 August 2012

Winning Cyber Battles Without Fighting


In military operations, good leaders never make a move without the best available intelligence and a strong sense of situational awareness. To do otherwise is tantamount to flying blind, something a good pilot or business leader should avoid.
Unfortunately, too many leaders of industry and commerce seem to be flying blind in today’s cyber domain.
The Cyber-readiness Reality Check,” an independent survey recently commissioned by the company, CounterTack, Inc., reveals that more than one-third of cyber security executives at companies with revenues greater than $100 million are unable to see an attack once it finds its way inside the perimeter of their systems.
..............................
The problem is exacerbated when senior leadership defers to the IT department in all matters pertaining to information security. “That’s our CIO’s responsibility,” is a comment often heard when speaking with senior and chief executives about cyber defense.
................
While IT security departments certainly must bear responsibility, the executive leader at the top of any organization should understand and take ownership of the problem if security is to have a fighting chance of attaining the resources needed for effective self-defense.
.........................
.........................

Click here to read more ...... 
Solutions : www.xcyss.in

Pakistan plans bigger cyber attack?


A highly-classified government report on the recent incident of what has been described as the worst cyber attack on the country has said that it should not be treated as an 'isolated incident' as this exercise was not merely aimed at spreading communal hatred, but also to test the effectiveness of network of 'modules and sleeper cells' of subversive outfits in states like Karnataka, Andhra Pradesh, Maharashtra and Kerala.
.................................
Outfits like the Jamaat-e-Islami, Harkat-ul-Jihad-al-Islami, Simi and Indian Mujahideen are already on the watch list of intelligence agencies for spreading communally-sensitive messages and pictures that triggered a massive exodus of people from the Northeast.
Intelligence agencies in their report have warned that outfits like HuJI, Indian Mujahideen, Simi and even the PFI have a formidable network in southern India and have 'increased their support base manifold' in the last few yeas in Karnataka, Andhra Pradesh and Kerala.
Thus, the report adds, this incident should be treated as a warning signal to sensitise security agencies to launch a massive offensive against these groups in the affected states.
............................
...........................

Click here to read more ...... 
Solutions : www.xcyss.in

24 August 2012

Targeted cyber attacks aimed at critical infrastructure

The trend we’ve seen until now is that targeted attacks use customised malware and refined targeted social engineering to gain unauthorised access to sensitive information. However, cyber criminals are increasingly targeting critical sectors including energy for mass destruction, say industry players.
......................
.................................

Symantec has identified a new series of targeted attacks, dubbed the Shamoon attacks, where critical infrastructure including power is coming under threat. According to the global security service provider’s July 2012 intelligence report, during the first half of the year, the total number of daily targeted attacks continued to increase at a minimum rate of 24 per cent with an average of 151 threats being blocked each day during May and June.

The report also states that globally the defence industry has been the biggest target in the first half of the year, with an average of 7.3 attacks per day.

India may not be immune to the global trend. After all, we became the top spam-sending nation during the first quarter of 2012. The country contributed to about 20 per cent of the globe’s total spam volume followed by Indonesia (13 per cent), South Korea (12 per cent), and Russia (10 per cent).
.....................................
Cyber criminals are abandoning spam emails only to resort to other more lucrative means such as targeted attacks.
...........................
Click here to read more ...... 
Solutions : www.xcyss.in