12 February 2013

Software that tracks people on social media created by defence firm


A multinational security firm has secretly developed software capable of tracking people's movements and predicting future behaviour by mining data from social networking websites.
video obtained by the Guardian reveals how an "extreme-scale analytics" system created by Raytheon, the world's fifth largest defence contractor, can gather vast amounts of information about people from websites including Facebook, Twitter and Foursquare.
Raytheon says it has not sold the software – named Riot, or Rapid Information Overlay Technology – to any clients.
....


The sophisticated technology demonstrates how the same social networks that helped propel the Arab Spring revolutions can be transformed into a "Google for spies" and tapped as a means of monitoring and control.
Using Riot it is possible to gain an entire snapshot of a person's life – their friends, the places they visit charted on a map – in little more than a few clicks of a button.

.....
The power of Riot to harness popular websites for surveillance offers a rare insight into controversial techniques that have attracted interest from intelligence and national security agencies, at the same time prompting civil liberties and online privacy concerns.
....
n April, Riot was scheduled to be showcased at a US government and industry national security conference for secretive, classified innovations, where it was listed under the category "big data – analytics, algorithms."
According to records published by the US government's trade controls department, the technology has been designated an "EAR99" item under export regulations, which means it "can be shipped without a licence to most destinations under most circumstances".



Click here to read more ....

11 in custody, police expect more arrests in e-fraud case

MUMBAI: After the arrest of two more persons on Saturday in connection with the Rs 1 crore bank e-fraud, the number of people caught by theMulund police in the case has risen to 11.

The police expect even more arrests in the case, which involved the transfer of money from a cosmetics company director's current account to 12 bank accounts in the city, Navi Mumbai, Thane district and Uttar Pradesh in just 45 minutes. The account of the victim, Ankur Korani, was hacked into on January 29 between 9.15am and 10am.
.....
A woman identified only as Pillai (34) and a person named Kumar (24) were the latest to be arrested. They were caught on Saturday evening when they visited the Virar branch of a private bank to withdraw Rs 6 lakh each from their accounts.

"All those arrested used fake PAN cards, voter's identity cards, and electricity and telephone bills as address proof to open bank accounts," a police officer said. "The banks were negligent as they opened the account without any background verification. The RBI should take firm action against the banks' lethargic approach."
....

Click here to read more ...... 

Cops probe insider hand in Arun Jaitley call details case

NEW DELHI: The timely detection of a plot to obtain call details of senior BJP leader Arun Jaitley has averted a political storm, but, sources say, a scandal on the scale of the Amar Singhphone tapping case in 2005 can still arise if investigation reveals the involvement of police personnel in the conspiracy.
......
The request mail was sent to telecom firm Airtel on January 17. Normally, telecom firms share details with police on receipt of official requests, but keeping in view Jaitley's stature, Airtel decided to cross check the authenticity of the request with police, saving them some blushes. 
.....
Police have learnt that the email ID of ACP (operations) Bhoop Singh was accessed by an unauthorized person, suspected to be a police officer. Officers of ACP rank and above can seek call details of a person from telecom companies. However, in the present case, senior officers were not aware of the email request. 
.....

Click here to read more ...... 

07 February 2013

Broad Powers Seen for Obama in Cyberstrikes

WASHINGTON — A secret legal review on the use of America’s growing arsenal of cyberweapons has concluded that President Obama has the broad power to order a pre-emptive strike if the United States detects credible evidence of a major digital attack looming from abroad, according to officials involved in the review. 

....
That decision is among several reached in recent months as the administration moves, in the next few weeks, to approve the nation’s first rules for how the military can defend, or retaliate, against a major cyberattack. New policies will also govern how the intelligence agencies can carry out searches of faraway computer networks for signs of potential attacks on the United States and, if the president approves, attack adversaries by injecting them with destructive code — even if there is no declared war.
....


Mr. Obama is known to have approved the use of cyberweapons only once, early in his presidency, when he ordered an escalating series of cyberattacks against Iran’s nuclear enrichment facilities. The operation was code-named Olympic Games, and while it began inside the Pentagon under President George W. Bush, it was quickly taken over by the National Security Agency, the largest of the intelligence agencies, under the president’s authority to conduct covert action.
As the process of defining the rules of engagement began more than a year ago, one senior administration official emphasized that the United States had restrained its use of cyberweapons. “There are levels of cyberwarfare that are far more aggressive than anything that has been used or recommended to be done,” the official said. 
....
While many potential targets are military, a country’s power grids, financial systems and communications networks can also be crippled. Even more complex, nonstate actors, like terrorists or criminal groups, can mount attacks, and it is often difficult to tell who is responsible. Some critics have said the cyberthreat is being exaggerated by contractors and consultants who see billions in potential earnings.
One senior American official said that officials quickly determined that the cyberweapons were so powerful that — like nuclear weapons — they should be unleashed only on the direct orders of the commander in chief. 
....
The Obama administration has urged stronger firewalls and other systems to provide a first line of defense, and then “resiliency” in the face of cyberattacks. It failed to get Congress to pass cybersecurity legislation that would have allowed the government to mandate standards. 


Click here to read more ....

Twitter clients stay signed in with pre-breach passwords

OAuth means apps can connect despite reset of passwords made unsafe by breach

Twitter has detected a breach and suggested 250,000 users change their passwords. Yet users who heed that advice will still find that apps using the Twitter API, including the company's own, allow access to the service without asking users to enter the new password.
.....
A password change performed on the web did not, however, cause Twitter's own apps for iPad (under iOS 5.1.1 on an iPad 1) or iOS (under iOS 6 on an iPhone 5) to prompt us for the new password. Instead, it remained possible to post tweets from both.
....
Other users of Twitter's iOS app confirmed the same issue, one telling The Reg that only after he deleted and re-installed the app was he prompted for a new password.
......
Twitter spokesperson Jim Prosser did not deny that clients can continue to access the service even after passwords have been changed, and told The Reg, by email, that “TweetDeck and other clients use [open authentication standard] OAuth, so as long as you don't sign out, you don't have to re-input your credential every time you open the app.”
.....

Click here to read more ...... 

Global credit card fraud: New malware behind fraud, suspect bankers

Bankers say that the spurt in credit card frauds is possibly caused by a new malware Dexter which has been used to commit digital fraud internationally.

Typically digital fraud involves hackers breaking into either a banking network or payment aggregator's server or what is being seen as more recent trend -installing a malware in the point of sale. Bankers feel this is likely because the pattern is unlike earlier cases of skimming where numbers are limited and are concentrated in some geographies.
.......
Scamsters buy individual information after sampling few card numbers. Bankers say that since cards are invariably blocked after an initial transaction, scamsters buy card information in bulk and these are sold at prices as low as $2 per card information. Once this information is available it can be used to clone cards. Theoretically, card information can be stolen from a retail chain in India, by a hacker in Russia and sold to scamsters in US.
......
Precautions to prevent cyber fraud 

Things to remember 

* Never access your banking account from a cyber cafe or a shared computer as you can never know how you are being monitored, or what spy software might be installed on those machines. 

* Always use your home computer 

* Be careful of any emails that ask you to update your bank account info. They could be an attempt at phishing, which could result in identity theft. 

* Never open any attachments from sources that you do not know 

* Do not give any confi dential information such as password, customer ID, credit/debit card number or PIN, CVV, DOB to any email request, even if the request appears to be coming from govt authorities like I-T dept or any associate company like VISA or Master Card 

* Don't click on any link that you receive in your email even if it appears to be from your bank. Instead, make it a point to remember the URL, and type it manually in the address bar before making any transactions. Scammers create websites that look and feel authentic 

* Always update your operating system for security patches. Also use a reputed anti-virus 

* When choosing a password for your banking accounts, choose something that is long and includes upper, lower case & special characters 

* Avoid using your birthdates or anniversaries as passwords as these can easily be guessed 

* Scammers use publicly available information on social networking sites to identify and lure potential victims 

* Check SSL (Secure Socket Layer)/ https security on login page of bank's website. The 's' after the 'http' denotes the site is secure 

Must do 

* Most banks recommend that you apply for a replacement credit card after returning back from a foreign trip. 

* Dealing on foreign websites could be riskier as the 2-factor authentication mandated by the RBI (besides login and PIN) is for web businesses in India only 

* Scratch out the three digit CVV number at the back of your card. Also sign the strip on your credit/debit card as it makes it tougher for anyone else to use 

* Notify your credit-card provider/bank immediately of any illegal use of your card from an online transaction. The longer you wait, the more diffi cult it can be to resolve the situation, especially if you've become a victim of identity theft


Click here to read more ...... 

Chandigarh district magistrate imposes restrictions on use of cybercafes

CHANDIGARH: Chandigarh district magistrate Mohammed Shayin has prohibited the use of cybercafes by unknown person whose identification would not be established by the owner of the cafe. The cybercafes's owners havebeen asked to maintain a register for identity of the visitor/user by making the entry of visitor's name, address, telephone number and identityproof. The visitor/user would make entry in his/her handwriting along with address, telephone number and identity proof and would sign the register kept for this purpose.
.....

This order has been issued under section 144 of Criminal Procedure Code and would be valid from the zero hour on February 7, 2013 to April 7, 2013.
The orders have been made because it was noticed that certain antisocial elements, criminals and terrorists might use the facility of cyber cafes to mislead the security/investigating agencies, create panic in the public and danger the security of public, VIPs, and government institutions.



Click here to read more ...... 

Only 46 credit card frauds in city in three years?

.......
Mumbai: On an average the 90 police stations in the city receives more than 150 complaints regarding banking fraud, hacking, phishing (besides the cases registered with the cyber crime cell and cyber police stations) but the annual crime statistics show barely a single or double-digit numbers in cases of cyber crime cases registered. However 47 cases was registered from 2010 to 2012 in credit card fraud while it was 16 for hacking and 17 for phishing or Nigerian fraud. On Wednesday, the top brasses of the Mumbai Police had taken the cyber fraud seriously called a meeting with officials of the top bankers and Cyber experts to discuss the problem and the methods that can be taken up to curb the menace.

Moreover the investigators probing the cyber related crimes, especially banking fraud, meets with a dead end after the victim and the banking party stops following the case once they get their money reimbursed from insurance company. "This has been the main cause for increase observed in case of banking frauds. In one way it is helping the cyber criminals go scot free after committing the fraud. We records all the cases and it gets reflected in our annual crime reports," said Joint Commissioner of Police (Crime) Himanshu Roy told TOI.
..........

Click here to read more ...... 

Credit card fraud higher in Southeast Asia, say banks, travel agents

CHENNAI: Credit cards may be the most convenient way to pay on a trip abroad, but in some countries it is unsafe to use them. It is riskier to swipe credit cards in Sri LankaThailand, the Philippines, Malaysia, and Indonesia than in Europe, warn travel agents. 

Many travel agents have an informal list of countries where it is risky to use credit cards because information can be stolen and misused. Credit card information thieves often target tourists who buy electronics, or visit pubs and clubs. 

"We tell travelers not to use credit cards at clubs, pubs, casinos, department stores or small shops when they travel abroad. It is a risk to use ATM machines in Malaysia. There is no advisory or black list available, but we get a lot of feedback from other travel agents about customer experiences abroad," said Basheer Ahmed, an office-bearer of Travel Agents' Federation of India.

.........

Click here to read more ....

Global credit card fraud: 5 Indians among 18 charged in New York


NEWARK: At least five Indian-origin men are among 18 people charged in New York for running a whopping $200 million global credit card fraud under which they used thousands of fake identities to dupe businesses and financial firms and wired millions of dollars to Pakistan and India. 
....
Law enforcement officers from the FBI arrested 13 men and searched locations in New Jersey, New York, Pennsylvania and Connecticut. Among those charged are Babar Quereshi (59), Ijaz Butt (53), Raghbir Singh (57), Mohammad Khan (48), Sat Verma (60), Vijay Verma (45), Tarsem Lal (74) and Vinod Dadlani (49). Each of them faces a maximum penalty of 30 years in jail and a $1 million fine. 

"The criminal activity highlights an extensive, sophisticated, organized scheme, executed against US financial institutions, which, in turn, affects every US citizen," acting special agent in charge David Velazquez said. 
.......

Click here to read more ....

In 12 hours, Mumbai lady's credit card used in 4 continents

MUMBAI: A Tardeo-based businessman opened his e-mail recently to find messages telling him that his wife's credit card had been used in over 20 transactions within 12 hours across four continents to run up a bill of over Rs 2 lakh. The family was in the city at that time.

After the shock, 51-year-old Rikin Choksi felt as if he had run into a wall—the issuing bank was way less than helpful and the police made him run around for 21 days before filing an FIR. Finally, the BKC cyber police registered a case on January 4, but the bank is yet to get back to Choksi. He doesn't even know if the transactions were made online or with a fake card.
.......
Tardeo police senior inspector Ajendrasingh Thakur said till December 2012, they were short on expertise in handling cyber crime cases. So Choksi could have been directed to the Cyber Crime Police Station in BKC.

The bank's spokesperson said they had sent SMS & email alerts on December 14 for all the transactions on Choksi's wife's card. They tried to contact her to verify the large number of transactions, but she was unreachable. Out of the 20 disputed transactions, only 11 were billed. The customer has received refund for two. The remaining nine have been raised as dispute with VISA.

"The bank has given temporary credit of Rs 2,05,023 for the 9 disputed transactions in customer's credit card account. The final resolution to this dispute is expected from VISA on February 11," said the official.


Click here to read more ...... 

01 February 2013

Hackers in China Attacked The Times for Last 4 Months


SAN FRANCISCO — For the last four months, Chinese hackers have persistently attacked The New York Times, infiltrating its computer systems and getting passwords for its reporters and other employees.

.......
The timing of the attacks coincided with the reporting for a Times investigation, published online on Oct. 25, that found that the relatives of Wen Jiabao, China’s prime minister, had accumulated a fortune worth several billion dollars through business dealings.
.........
The hackers tried to cloak the source of the attacks on The Times by first penetrating computers at United States universities and routing the attacks through them, said computer security experts at Mandiant, the company hired by The Times. This matches the subterfuge used in many other attacks that Mandiant has tracked to China.
...........

Security experts found evidence that the hackers stole the corporate passwords for every Times employee and used those to gain access to the personal computers of 53 employees, most of them outside The Times’s newsroom. Experts found no evidence that the intruders used the passwords to seek information that was not related to the reporting on the Wen family.
.............

Click here to read more ....

Hack Attack On 'New York Times' Looks Like Part Of Chinese Campaign


This news ...
"For the last four months, Chinese hackers have persistently attacked The New York Times, infiltrating its computer systems and getting passwords for its reporters and other employees."
... appears to be "part of a broader campaign against American media reporting on Chinese leaders," NPR's Louisa Lim reports from Beijing.

......



Update at 4:45 p.m. ET. Wall Street Journal Hacked, Too:
The Wall Street Journal reports that it, too, "had been infiltrated by Chinese hackers."
The Journal reports:
"'Evidence shows that infiltration efforts target the monitoring of the Journal's coverage of China and are not an attempt to gain commercial advantage or to misappropriate customer information,' Paula Keve, chief spokeswoman for the Journal's parent company, Dow Jones & Co., said in a written statement Thursday. Dow Jones is a unit of News Corp.
"The infiltration of networks related to coverage of China is an "ongoing issue," Ms. Keve said. 'We continue to work closely with the authorities and outside security specialists, taking extensive measures to protect our customers, employees, journalists and sources.'"

.......

Click here to read more ....

NEWS STORIES Home > More News Cyber-Crime vigil on Vishwaroopam


Fears of Vishwaroopam being leaked online before its official release had been ringing alarm bells right from the moment the DTH broadcast was announced. Since the film’s release abroad and in other states, it is heard that a copy of the film has been made available on p2p sites and even on Youtube.

The CBI have reportedly notified the Cyber Crime division to look into who are the individuals who are responsible for uploading the content and have swiftly jumped into action to prevent the file from being downloaded

........


Click here to read more ...... 

From February 4, e-crime clips in theatres

MUMBAI: From February 4, multiplexes and cinema houses in the city will screen a one-minute film on Protecting Women and Children in Cyberspace immediately after the national anthem.

The advisory will be narrated by nine celebrities, including Amitabh Bachchan, Shah Rukh Khan and Anil Kapoor. The idea was conceptualized by the Mumbai police in collaboration with the National Association of Software and Services Companies (Nasscom) during as part of the Cyber Safety Month.

........

Click here to read more ...... 

2 Delhi men held for hacking a/c

wo persons were arrested from New Delhi for hacking into the bank account of a Santa Cruz businessman and transferring Rs 3 lakh into their own. They withdrew the sum through a Delhi ATM. Melbam Jalauddin (27) and Sayyad Sabir Masle (27) were tracked down through their details on their Facebook profiles. “Jalauddin called the victim in November, pretending he was from the bank where the latter held a savings account. The victim did not suspect any foul play and provided his account details,” said a Vakola police officer. TNN

Click here to read more ...... 

Cheat splurges on executive’s credit card

MUMBAI: The BKC police arrested a man for allegedly misusing a credit card issued in the name of a woman executive and running a bill of Rs 4.8lakhPoojaJoshi was unaware that a card had been issued in her name, leave alone the fact that it had been misused.

"Joshi learnt of the fraud when the bank called her on her office landline phone in January and demanded the payment due on the card. She told the bank that she had not received any card and also that the bank had failed to update her mobile number record in its system. She had discontinued the number, now being used by the accused, way back in 2006," said aBKC police officer.
......

Click here to read more ...... 

Security Flaws in Universal Plug and Play: Unplug, Don't Play


Posted by HD Moore in Information Security on Jan 29, 2013 1:05:19 AM on  Street Security


This morning we released a whitepaper entitled Security Flaws in Universal Plug and Play. This paper is the result of a research project spanning the second half of 2012 that measured the global exposure of UPnP-enabled network devices. The results were shocking to the say the least. Over 80 million unique IPs were identified that responded to UPnP discovery requests from the internet. Somewhere between 40 and 50 million IPs are vulnerable to at least one of three attacks outlined in this paper. The two most commonly used UPnP software libraries both contained remotely exploitable vulnerabilities. In the case of the Portable UPnP SDK, over 23 million IPs are vulnerable to remote code execution through a single UDP packet. All told, we were able to identify over 6,900 product versions that were vulnerable through UPnP. This list encompasses over 1,500 vendors and only took into account devices that exposed the UPnP SOAP service to the internet, a serious vulnerability in of itself.
...

stats.png



Click here to read more ....

Web smut sites are SAFER than search engines, declares Cisco


Cisco proclaimed that it is more dangerous to click on a web ad than a porn site these days as it unveiled the latest version of its security threat report.
......

Chris Young, senior veep for Cisco's Security and Government Group, said the nature of IT security threats were changing in the same way as the industry as a whole, meaning "the cloud" and "mobility" are trends for the cybercrime community too. This means that security managers should worry less about securing the perimeter and consider the "any-to-any" problem (any user, on any device, on any connection).
Cyber criminals and other miscreants were hitting their targets where they were most likely to gather, he said, and were increasingly launching "combinational" attacks.
This throws up some, arguably counterintuitive, conclusions. Malicious content is 27 times more likely to be encountered via search engines than counterfeit software, the vendor's 2012 Annual Security Report claims.
.......



Click here to read more ....

Hacker faces 105 years inside after FBI 'sexploitation' arrest



The FBI has announced the arrest of a 27-year-old man over charges that he hacked into the data of over 350 female victims and blackmailed them into providing him with nude photographs and video calls.
Karen "Gary" Kazaryan, 27, was arrested in Glendale, California on Tuesday after being indicted on 15 counts of computer intrusion and 15 counts of aggravated identity theft, and faces a possible 105 years in the Big House if convicted. Police found over 3,000 images of women he is claimed to have targeted on his computer.
According to the FBI – which dubbed the case one of "sextortion" – between 2009 and 2010, Kazaryan hacked into women's computers and email accounts in search for images of the victim unclothed, as well as any passwords and details on their female friends. He would then contact these friends, pretending to be the victim, and persuade them to disrobe so he could take pictures of them.

..........


Police say over 350 women have been traced from Kazaryan's records so far, but others are still unidentified. Anyone thought to have been affected by this should contact the FBI’s Los Angeles Field Office at +1 (310) 477-6565.
.......


Click here to read more ....

Apple blocks Java on the Mac over security concerns


......

Apple, along with browser manufacturers, started blocking Java when a major security hole was discovered in the code earlier in the month. Oracle downplayed its significance, but then was forced to admit that it had a problem and rushed out a code patch (with the obligatory offers to install crapware at the same time).
Now Apple has blocked it again, and other players are starting to make moves to get rid of Java as far as possible. On Tuesday, Mozilla announced it was ending the auto-loading of plug-ins for Firefox – while not actually mentioning Java by name – and Apple has already stopped bundling it with OS X by default.
Apple's block on Java
'No Java for you!', says Apple (source: MacGeneration)


.......

Click here to read more ....