Saturday, July 26, 2008

Cyber Law Update July 2008 - Issue no. 3

San Francisco cyber attack a wake up call for Canadian IT managers
US: A disgruntled network administrator who locked up the multi-million dollar computer system for the city of San Francisco is now behind bars. But Canadian tech experts warn a cyber terrorist could do the same thing this side of the border if we don't take precautions.


A cyber attack that virtually hijacked the controls of more than 60 per cent of San Francisco's municipal network should serve as a wake up call for IT managers in Canadian government jurisdictions, say technology experts.


He was arrested for allegedly changing passwords to San Francisco's computer system and effectively "locking up" the city's multi-million dollar fibre WAN (wide area network) system that handles sensitive data, critical IT operations, and much of the municipality's network traffic. Reported in ITBusiness.ca

Once Henry Ford remarks “Failure is the opportunity to begin again more intelligently.” Why to wait for failure. Act now proactively for better tomorrow as suggested by Chanakya, Indian Politician, strategist and writer, 350-275 BC, “As soon as the fear (say fear of failure) approaches near, attack and destroy it.”

Lithuanian tax office website hit by cyber attack
US: Lithuania said it suffered another foreign cyber attack over the weekend when the state tax office's website was swamped with requests, but no damage was sustained. Reported in Guardian

Even website of Indian Income Tax needs to plug few vulnerablities as mentioned in my comments on “Are your online tax returns safe?” by Ashwin Mohan of CNBC-TV 18.

SMBs in denial about cyber crime: McAfee
McAfee discovered that a third (32 percent) of North America's small- and medium-sized businesses (SMBs) have been attacked more than four times by cybercriminals in the last three years. The impact was that a quarter of those attacked (26 percent) took an entire week to recover. Canadian businesses were most affected with a third (36 percent) taking a week to recover.


"SMBs are truly exposed to the same cyber threats as their enterprise counterparts," said Darrell Rodenbaugh, senior vice-president of the mid-market segment at McAfee. "In fact there are some experts that would say they are greater targets because it is popularly known [SMBs] don't have the same protection in place that their enterprise counterparts do."


He added the reality is IT managers in SMBs face a paradox. They understand that are at risk but they are faced with limited resources and a lack of time. Reported in eChannelLine

Cyber thieves can easily take advantage
US:
More than 75% of bank websites were flawed and could expose customers to cyber thieves eyeing their money or their identity, according to a survey by the University of Michigan. Reported in EconomicTimes. Similar article on FRAUD ALERT: Cyber-bank robbers hit online accounts published in CourierPostOnline

Cyber crime looms large over Middle East netizens

Dubai: Internet users in the Middle East are under increasing threat from cyber crimes, prompting large spending on web security, WAM reported Thursday quoting experts.


Web threats peaked in March to 50 million incidents of hacking from approximately 15 million in December 2007, a study by Internet security firm Trend Micro said.


Source: Indo-Asian News Service Reported in Computing

Man gets 41 years in prison for cyber fraud
Pak:
A court has sentenced a man to 41-year prison term for credit card fraud, the first time a person convicted for cyber crimes has been punished so severely in Pakistan. Reported in Time of India

Cyber relationships aren't 'harmless fun'
US: Cyber relationship are "harmless fun" but harmless and commonly leads to serious relationship problems.

It is actually dealing with a problem of an emotional cyber-affair. In these cases the spouse has found someone on the Internet with whom he or she has formed an emotional connection. Such a connection outside the marriage is always wrong and detrimental to that primary relationship. These "cyber-affairs" have become a source of marital problems and often lead to divorce. Reported in MyWestTexas

Teen Claims She Was Bullied In School & Online
US: A South Florida teenager has filed a lawsuit against her private, all-girls school in Miami after she became the victim of an alleged vicious bullying campaign that spread from the classroom to online social networks. Reported in CBS4


Parents must act now to control cyber culture among children

Kenya:The pendulum of opinion on the impact of computers and the Internet on children will always swing. Is the technology good or bad for our kids?

Should the State control access or should it be left to parental guidance and “filter” software? Reported in NationalMedia

Strict action to be taken against fake mobile SMS and petrol smuggling
Pak: FIA Cyber crime cell will take strict action against the elements involved in spreading the fake information through Mobile SMS regarding the down fall trend in Stalk Exchange. Such activity would be consider as cyber crime. Reported in OnlineNews.com

Cyber Defamation
Korea: Justice Minister Kim Kyung-han's plan to introduce a ``Cyber Defamation Law'' has sparked controversy over how to guarantee freedom of expression on the Internet. The plan is part of a series of government measures to crack down on distributors of fraudulent and slanderous information in cyberspace. Reported in KoreaTimes

Cyber cafes asked to maintain record of customers
India: In a bid to track cyber crimes, the District Magistrate ordered cyber cafes and mobile phone shops to maintain records of their customers. Reported in SaharaSamay

Saturday, July 19, 2008

Comments on “Are your online tax returns safe?” by Ashwin Mohan of CNBC-TV 18

This has reference to the report “Are your online tax returns safe?” by Ashwin Mohan of CNBC-TV 18. Article published and aired on CNBC 18

Correction…

“Three pieces of basic information ‑ name, date of birth, and pan number ‑ is all that an aspiring hacker requires.”

No, only two information, name and date of birth (date of incorporate in case of company). Go to know your PAN page https://incometaxindiaefiling.gov.in/knowpan/knowpan.jsp
…you will get PAN details.

Possible solution to minimize this problem:

“Uncertainty is the only certainty there is and knowing how to live with insecurity is the only security”

- John Allen Paulos in his book A mathematician Plays the Sock Market

Steps to be taken by PAN-holders:

1. Registered yourself before a hacker register on your behalf.
2. Check your registered email id regularly to ensure that your password has been not reset by unathorised person and report the same at ask@incometaxindia.gov.in

Suggestions to Income-tax department:
1. Do not authorized PAN-holders (hackers) to select new password. Alternatively, email it to their registered email id. In the event, PAN-holders do not recollect or changed their registered email id then courier it to their registered address.
2. Incorporate additional security measures such as secret question, strong password etc.
3. Rather than sending an email confirming registration/change of password send an email with the link for conformation.

Warning to budding hackers:

1. Tracking down your IP address and locating you will be not a tuff job for our IT savvy police.
2. You will be jailed for 3 years and/or liable for a fine upto 2 lakhs under section 66 of the Information Technology Act, 2000.

Suggestions to CNBC 18:
1. Kindly share such information to the relevant authority before airing it. Interest of public is paramount. Please respect it.
2. You should have given possible solutions rather then just highlighting problem. Nobody is prefect.

Friday, July 11, 2008

Cyber Law Update July 2008 - Issue no. 2

UK: The Swiss Institute of Technology, Google and IBM conducted the study and found 600 million users had not updated their browsers. "Failure to apply patches promptly or missing them entirely is a recipe for disaster," the report said. Cyber criminals are frequently using websites to attack users, it added. Reported in BBC

A German court has ruled that banks are liable for phishing attacks on customers. Reported in ComputerWeekly.com

Brazil: Google signed an agreement with Brazilian public prosecutors to help combat child pornography on its social networking site Orkut. Reported in MSNBC

Iran: The death penalty for those who promote corruption, prostitution and apostasy on the internet is being considered by Iran’s parliament. Reported in AsianNews

US: Missouri Governor signed legislation that aims to fight cyber-bullying by updating the state's current harassment and stalking laws to include communication over the Internet and through other electronic means. More

Haryana: Sirsa District Magistrate has ordered all the cafes owners in the district to install close circuit TV cameras in their premises with immediate effect. Reported in Economic Times

Security group fights back against cyber threats


Cisco, Intel, IBM, Microsoft and Juniper Networks will collaborate as part of the new Industry Consortium for Advancement of Security on the Internet (Icasi), which hopes to improve response times to online attacks that target multiple products.
The group asserted that industry cooperation is needed as hackers and other cyber criminals are employing ever more sophisticated techniques to breach security defences.Recent research conducted by Fortify shows that four in five (81 per cent) IT professionals believe that their applications are vulnerable to breaches, with nearly a third of of people working in the sector describing themselves as 'very worried' about the security situation. Reported in BCS

Police caution 13-year-old girl over sex pictures on MySpace


New Zealand:
A 13-year-old girl has been cautioned by New Zealand police after sexually explicit pictures of another 13-year-old girl were posted on social networking site MySpace without her knowledge. Reported in Stuff

Is cyber sex really cheating?


US:
That's one question raised by Christie Brinkley's sensational courtroom allegations that estranged husband Peter Cook indulged in a secret $3,000-a-month Internet porn habit she claims contributed to the collapse of their seven-year marriage. Reported in NYDailyNews

Who is Christie Brinkley?
Christie Brinkley is more than one of America’s most successful and recognizable models appearing on over 500 magazine covers worldwide. She also excels as an artist, writer, photographer, designer, actress, philanthropist environmentalist, and political activist. Combining her modeling experience with her artistic talents and diverse interests, Christie’s career over the years has been interesting and dynamic.

Monday, July 7, 2008

Vulnerabilities in ATM Network

Hackers broke into Citibank's network of ATMs inside 7-Eleven stores and stole customers' PIN codes, according to recent court filings that revealed a disturbing security hole in the most sensitive part of a banking record . More

It is just the tip of the iceberg.

List of vulnerabilities:

1. The bank associates with other banks to enable their customers to withdraw cash from ATM centers of the bank or its associates. But the bank has no control over network of its associates. Another problem, all of them are not using the same technologies and security measures.

2. Most of the times, dedicated servers are not being used by the Bank. Why?? Must be commercial constrains.

3. PINs are not always encrypted while it is transmitted from ATM center to the bank servers. It travels through many servers & networks before it reaches the Bank server and all of them are not secured enough to protect your PINs.

4. ATM’s software are remotely diagnosed and repaired over Internet, which may provide opportunities for hackers to secure access onto the bank server.

Thursday, July 3, 2008

Cyber Law Update June 2008 - Issue no. 1

India

Recently, the Delhi High Court allowed proceedings against Avinash Bajaj, managing director of Baazee.com, for allowing an auction of a pornographic video clip involving two students on his website. Reported in IndiaLawNews


China's intensified cyber warfare against India is becoming a serious threat to national security. Reported in Indiapost


International Sri Lanka is working out effective ways of fighting cyber crime by strengthening awareness on Information Security. Reported in Sunday Times

A group or individual by the name "Anonymous" has hacked and taken over two of MTV music websites and defaced them with racial and offensive images. Posted on MTV website

A Missouri woman accused of taking part in a MySpace hoax that ended with a 13-year-old girl's suicide has so far avoided state charges -- but not federal ones. Reported in Mail

One in three IT professionals abuses administrative passwords to access confidential data such as colleagues' salary details, personal e-mails, or board-meeting minutes, according to a survey. Reported in Information Week

Career

The role of information security managers is rapidly changing to focus on business needs instead of technology, according to a recent survey. Reported in News Wire Today