Agape Blog

I.T. Asset Disposal

Computer has now become a sensitive part of life, in fact a very important element in today’s working culture for every corporate. Computers often hold all kinds of private and financial information of an individual or company. If getting rid of your old computer, there are things to be kept in mind before you log off for the last time so your hard drive doesn’t become a 21st century fortune for identity thieves and information pirates.

The best thing to do before discarding the hard drive is to have a back up i.e. save important files on an external storage device – i.e. a USB drive, a CD-Rom, or an external hard drive – or transfer them to a new computer.

Once you have a “clean” computer, consider recycling, donating, or reselling it while keeping the environment in mind.

We at AGAPE INC. take the complete responsibility of disposing your hard drive and other I.T asset in the best possible way to keep the environment safe.
1) We take the ownership of your computer i.e. the equipment becomes our responsibility.
2) The hard drives are sanitized and destroyed. So you can be assured that any data that you may have forgotten to delete cannot be used anywhere else.
3) The asset tag that may point to the original owner of the computer is destroyed.
4) All the equipments that cannot be reused are disposed as per the Federal and State environmental laws.

E-waste is of immense concern mainly due to the toxicity and carcinogenicity of some of the substances like lead from monitors, mercury and cadmium to name a few. It was estimated that about 3.3 lakh tonnes of e-waste generated last year was dumped into the rivers, landfills and sewage drains. IT assets discarded, sold or re-used must be backed by well-organized disposal strategies to effectively tackle the problem of e-waste.

Hence the scale of the problem is highly immense and if not acted upon, soon could create serious problems for mankind in the near future…

If the information you require is not listed it doesn’t mean we can’t do it, other specialist services are available on request, please contact us for a FREE consultation on (INDIA) 1800-209-6789 or Mail us at info[at]agapeinc.in (replace [at] with @)

Sherwin Azavedo
Manager: Cyber Crime Complaint

Short Message Service (SMS) messages account for approximately 10 percent of a mobile operator’s revenue, according to research firm IDC. The growing volume of spam can threaten this revenue by provoking subscribers to churn. Furthermore, some of that spam is sent from fraudulent addresses, causing inaccurate billing for subscribers and revenue forfeiture for the mobile operator, which cannot bill the sender for the termination fee. To prevent subscriber churn and protect revenues, mobile operators need a flexible solution for identifying and dropping unwanted SMS messages.

Messaging abuse is both intrusive and damaging to the mobile subscriber. A 2008 YouGov survey revealed that half of subscribers in the UK and Germany would change their mobile provider due to spam. In addition to bearing the costs of mobile spam receipt, subscribers face the risk of identity theft and fraud from phishers and spammers. For mobile operators, mobile messaging abuse directly impacts operational and capital costs. It consumes valuable resources, causes legitimate messages to be delayed, drives up support costs and, ultimately, breaks down the bond of trust between operators and subscribers, hindering the adoption of new services such as mobile advertising and m-commerce. Complicating matters: mobile spam is often sent from fraudulent addresses, leading to inaccurate subscriber billing and forfeiture of interconnection revenues since the operator cannot charge message termination fees. To prevent subscriber churn and protect revenues, mobile operators need a flexible solution for identifying and eliminating mobile spam.

Controlling SMS spam is important to mobile operators for two reasons. One is that spam irritates subscribers, contributing to churn. Giga Research reports that 60 percent of spam recipients found spam annoying, and 28 percent regarded it as an unacceptable invasion of privacy. The other reason for controlling spam is to avoid revenue forfeiture. In fraudulent SMS schemes, the sender emulates the identity of another subscriber or that of a valid SMS center, which relays and manages short messages. When this occurs the mobile operator receives no termination fee for sending the message. If the sender spoofs a subscriber address, resulting in unwarranted charges on the subscriber’s monthly bill, subscriber satisfaction plummets. Furthermore, high volumes of fraudulent SMS can degrade the performance of the signaling network, and in extreme cases bring it down.

Types of Spam and Fraudulent SMS
Some bulk SMS messages are sent by legitimate subscribers. The SMS spam originates in the local mobile operator network and the sender pays the mobile operator a termination fee, generally under a bulk contract. Most senders of this type of spam are other mobile operators, with retailers trailing far behind in second place, followed by financial firms and manufacturers (Giga Research). The risk of this “legitimate” spam is subscriber annoyance, which contributes to subscriber churn. Mobile operators can increase subscriber satisfaction and reduce churn by offering granular SMS spam-prevention services. Other types of SMS messages are fraudulent, sent by individuals who assume a false identity to avoid paying a termination fee.

Most of these schemes are similar: The subscriber receives a message to call or send a text message to a premium-rate number - for example, to find out if he or she has won a prize (Figure 1). Children are often specifically targeted. These attacks not only annoy subscribers, they cause revenue forfeiture for the mobile operator, which cannot bill for message termination. Worse, huge volumes of SMS messages in a short period of time can take down the signaling network, causing the bearer network to refuse calls and connections. Table 1 summarizes the risks of SMS-based attacks to mobile operators.

Types of Fraudulent SMS-Based Schemes and Their Risks

(Scam Alert) “CRIME COMMISSION FEDERAL REPUBLIC OF NIGERIA - ATTENTION: SCAM VICTIM” EFCC

** FRAUD ALERT - DO NOT REPLY TO THE MESSAGE BELOW **

Fighting Internet fraud, they are trying to scam people by making them think they are fighting crime. It is a scam, don’t ever let these morons tell you otherwise (and I have had them tell me otherwise numerous times).Just a new way to try to steal your money.

In recent years, the role of the auditor has come under increasing scrutiny. In particular, the auditor’s ability to both detects and understands accounting anomalies, and then to correctly report them has gained much attention. Large corporate collapses, accounting irregularities and independence issues have all combined to make the role of the auditor more accountable particularly with regard to the identification and management of risk. Indeed, auditors ‘‘play a vital role in ensuring that an organization is efficiently run, morally sound, technologically advanced, cognizant of the environment and other areas of concern, and safe from unnecessary risk’’. In essence, today auditors play a significant role in ensuring adherence to good corporate governance.

Risk associated with the fraud is inevitable but it should not be ignored. Continued prevalence of the malpractice on a large scale can have disastrous long term consequence not only for the business involved but also for the investors, financial institutions, government and economy in generals. The role of forensic account auditing becomes relevant for confidence development among the investors, regulators, audit committee members and general public.

Agape’s forensic accounting seeks to bring together investigative, accounting, and technology skills with a view to ‘‘getting at the truth behind the numbers’’, and as a result plays an increasingly large part in fraud investigations and prosecutions. The service comprises to collect, asses and analyze facts; build chain of events; document significant facts; model scenarios.

For more details mail us on: advice[at]agapeinc.in (replace [at] with @)

Prabhat Tiwari
Fraud Management Services

Corporate security is a question of balance. Too little security leaves your company vulnerable, but an overemphasis on security gets in the way of attending to business, inhibiting the company’s growth and prosperity. The challenge is to achieve a balance between security and productivity.
A company may have purchased the best security technologies that money can buy, trained their people so well that they lock up all their secrets before going home at night, and hired building guards from the best security firm in the business.
That company is still totally vulnerable. Individuals may follow every best-security practice recommended by the experts, slavishly install every recommended security product, and be thoroughly vigilant about proper system configuration and applying security patches. Those individuals are still completely vulnerable.

THE HUMAN FACTOR
Because the human factor is truly security’s weakest link. Security is too often merely an illusion, an illusion sometimes made even worse when gullibility, naivete, or ignorance come into play. The world’s most respected scientist of the twentieth century, Albert Einstein, is quoted as saying, “Only two things are infinite, the universe and human stupidity, and I’m not sure about the former.” In the end, social engineering attacks can succeed when people are stupid or, more commonly, simply ignorant about good security practices.
With the same attitude as our security-conscious homeowner, many information technology (IT) professionals hold to the misconception that they’ve made their companies largely immune to attack because they’ve deployed standard security products - firewalls, intrusion detection systems, or stronger authentication devices such as time-based tokens or biometric smart cards. Anyone who thinks that security products alone offer true security is settling for. the illusion of security. It’s a case of living in a world of fantasy: They will inevitably, later if not sooner, suffer a security incident.

Today, terrorism is not restricted at striking and damaging the physical targets of the Government. Striking at “Economic Targets” and undermining the economy of the country is also considered an important terrorist strategy. Also, many vital Information assets are today owned by non Government sector and excluding them from being considered as potential terrorist targets under POTA could be an oversight.

India may be the most vulnerable place in the world now for physical terror attacks, but our country is equally vulnerable to cyber terrorism.

The terrorist propaganda using the Internet is intense, and encompasses not only websites but also blogs, social networking sites like the Orkut — and other areas of the cyberspace, including email groups and even recorded messages left as voice mails.

The other problem with regard to these websites is that, these sites are hosted from developed countries in the EU like Germany, Spain, Italy, France and the likes, where such websites are not under close scrutiny of the respective governments. Terrorist keep on changing their web interfaces, fearing imminent ban by the authorities. The clever use of cyberspace then, makes tracking of propaganda all the more difficult.

Passive ideological war is not the only form of cyber terrorism India suffers from; the country is also attacked routinely by terrorist hackers who snoop into government owned websites and personal computers for monetary gains. That is why, besides ramping up the country physical security infrastructure, the government also needs to ramp up the country’s cyber security infrastructure to prevent cyber attacks. India needs a well planned Anti Cyber Terrorism Action Plan to prevent the country being devastated through the invisible Cyber space attacks. Presently there are established laws that govern the Terrorism. However, there are no special laws governing Cyber Terrorism.

Special laws governing Cyber Crimes became effective in India with the passage of Information Technology Act 2000. Subsequently, the special act for Terrorism, POTA was also enacted. We need to therefore look at the laws governing Cyber Terrorism within these laws and any other associated legislation that may come into effect by cross reference including the IPC. Information Technology Act-2000 addresses some issues of Cyber Crimes but does not adequately address the issues of Cyber Terrorism.

Cyber Terrorism is a growing menace in the Cyber space and poses, many challenges to the Law Enforcement Agencies. In order to assist the Indian law enforcement agencies in improving their capabilities to handle Cyber Terrorism, it is necessary to make appropriate legal changes to include Cyber Terrorism under POTA, create a public support system for Ethical Hacking and Cyber Patrolling and also accept Counter Attacks as one of the effective strategies for curbing Cyber Terrorism.

Adnan Patel
Executive: Fraud Management Services

The incidence happening from few days in Indian based top corporate house compel to rethink to finance sector and regulators. It’s right time to redesign the structure and develop more strong corporate due diligence policies. The investors should always be on guard and ask for more information before making any investment. At the same time, cautioned against authorities giving corporate governance and rating awards to companies before they actually prove that they are practicing the same.

Best known Satyam top four IT company felled in billion frauds. Although, recently company bagged Golden Peacock Global Award for excellence in corporate governance for 2008. The squeaky-clean image of India’s IT sector was dealt a blow on Wednesday after Satyam’s former chairman B Ramalinga Raju’s admitted that he had cooked the company’s books for years and had triggered fears large global corporations would think twice before outsourcing work to Indian companies.

The impact of Raju’s revelations of the rigged Satyam account books was immediate. Within hours, Satyam stocks plunged over 82%. It dragged the benchmark Sensex index down 7.3% to close at 9,586.88 on Wednesday.

The New York Stock Exchange has halted trading in Satyam stock. India’s National Stock Exchange has expelled Satyam from all its equity indices and the Bombay Stock Exchange is expected to follow suit. Several domestic and foreign brokerage firms, including Credit Suisse, Religare and Angel Broking, suspended their coverage of Satyam shares.

Sources: The Telegraph, India, Kolkata, Jan 08.

What makes the fraud all the more shocking is that Satyam was no fly-by-night operator. It was audited by widely respected international auditing firm PricewaterhouseCoopers and had respected independent directors on its board. Satyam was listed on the Bombay and New York Stock Exchanges and had 700 companies on its list of clients, 185 of which are Fortune 500 companies.

The fraud that Satyam perpetrated for several years is the role of its statutory auditors. Satyam’s account books were being audited by PricewaterhouseCoopers (PwC) for the past eight years. How did the auditors not catch on to fraud of such magnitude? This will not be the first time that PwC’s credibility has come under a cloud. In 2005, the Reserve Bank of India barred PwC from bank audits after it found that the firm under-provided for non-performing assets of Global Trust Bank. It faces investigations on its alleged failure to spot a 21 million euro fraud at Greencore Group’s mineral water division.

The role of forensic accounting becomes relevant on considering these risks. Fraud management auditing and third party corporate investigation due diligence become necessary to the finance sector and regulatory before providing credit. Companies with code of conduct and ethics may need to take a more in-depth look at their programs and controls to ensure they are not vulnerable to fraud. Public and private companies looking to protect themselves from fraud or contemplating a sale, merger or other structural change will also want to closely examine their fraud risks.

Prabhat Tiwari
Manager: Fraud Management Services

In past article we shared information and trends regarding website defacement, here are few Security tips. These tips are basically for the websites which are hosted on shared servers/environment.

1. Keeping Software Up to Date
If you are running old versions of software chances are it’s insecure, make sure you upgrade to the latest release. Most updates to software are security or functionality related, which means if you aren’t running the latest version you are likely to have missed a few security fixes.

2. 3rd Party Scripts and Code
Plugins, widgets or any other code you usually install are written by other people under unknown circumstances. Some may be great, some may have security holes. Make sure you research any code you wish to use but you haven’t written yourself. Do a few Google searches before using such code to verify how secure the code actually is.

3. Your Own Fault
One of the biggest reasons of Identity theft and an easy way for someone to fetch confidential details to your site(s). Your personal computer could well turn out to be a weak link in this. It could be anything, from an infected powerpoint file or someone phishing your account details, the vulnerabilities are too many to consider. No matter how secure your actual website is, if the machine you use to access, log in and edit your web pages is infected you stand a grave risk of being compromised and its outcome may be more than just the effect on your site.

Use anti virus scans, clear logs, secure your passwords and be aware of
general security issues. Public wifi spots are also a security risk.

4. Choose good password
The easiest thing that a hacker would do is to get you password and use it against you.. So you better pick a good one. Good passwords are unguessable, long and contains various caracters type ( letters, numbers, puncts…etc etc), above 15 charachters. This an example of a good password : “g8@”ju$por£%99ç>llop” . Hackers usualy use software to guess your password. So you better make it hard for them as much as you can.

5. Checking Your Logs Regularly
If you spot any unusual traffic spike in your website stats (ranking for gambling, pharmaceuticals and sex terms is a common one) try working out where it is coming from and going to. From there if you can make sure whether it is a hack.

6. Backups:-
Taking the backups regularly alone won’t protect your website from being hacked. In case of hack you wil need to take care of the following:-

* Records of IP’s accessing your website

* Pre hack backup of your website including the latest updates.
with eUKhost backup plans you can make backups for your website daily, weekly as per your requirements.You would be able to use latest backup you had on backup space.

7. Don’t Put All Your Eggs in One Basket
Grab your self for a VPS or a multi reseller account where you can spread your websites under different set of IP’s. you can also host your websites on different c class IP’s.

8. Use Code properly
You have to be careful about html and PHP forms that you put into your websites. If you’re using PhP/MYSQL hackers could inject codes into your database through you comments form for example.. you can lose all your data. So you’d better learn how to code properly and disable injected scripts into forms.

“One’s waste may turn out to be another’s wealth” – Agape Green Disposal Services

e-waste poses a formidable problem for handling and protecting the environment to be safe to the present and future generations. South Asia especially India is gradually becoming a dumping ground for electronic waste (e-waste). Toxics Link, a Delhi-based non-governmental organisation, claims India annually generates $1.5 billion worth of e-waste.

A survey by IRG Systems, South Asia, reveals the total waste generated by obsolete or broken-down electronic and electrical equipment in India is around 1,46,180 tonnes per year based on select EEE tracer items. This figure does not include waste from electrical and electronic equipment imports
The IT sector in the country is the largest contributor to e-waste (over 30 per cent) with Bangalore alone generating an estimated 8,000 tonnes of e-waste annually but is sluggish in implementing a clear cut e-waste management policy. A proactive corporate environmental policy is now an essential part of any company’s overall business strategy.

Green Media Disposal Process typically focuses on proactive maintenance and monitoring strategies to improve equipment availability and reduce maintenance costs. Condition monitoring is often deployed to improve insight into asset health for better prediction and planning of maintenance.
According to data accessed by Teri, the average life span of a PC has come down from 4.5 years in 1992 to two years in 2006. In India, the figure is said to be about three years. Over 30 per cent of PCs become obsolete every year.

The volume of obsolete PCs, which is just a part of e-waste, can be gauged if one takes into consideration large organisations like TCS, Infosys Technologies and Wipro, which employ over 50,000 employees each.

How countries generally tackle e-waste:
• India, China and Pakistan is the dumping ground of about 80 per cent of e-waste generated by the US.
• Lack of technology, unorganised recycling and backyard scrap-trading forms close to 100 per cent of total e-waste processing activity. About 25,000 workers are employed at scrap-yards in Delhi alone where 10,000 to 20,000 tonnes of e-waste is handled every year. Computers account for 25 per cent of it. Other e-waste scrap-yards exist in Meerut, Ferozabad, Chennai, Bangalore and Mumbai.
• In the US, a bill that came into effect on July 1 2007 has made the manufacturer, and not the consumers or government, responsible for the costs of recycling e-waste.
• In Japan, manufacturers are responsible for collection and recycling of obsolete electronic equipment for which they charge a recycling fee from consumers while selling. In Taiwan, it’s manufacturers who pay for the collection and recycling of e-waste.

Our Green Media Disposal Process
The process uses to dispose of storage media at the end of its lifecycle has several benefits.
• Environmentally friendly – no materials in landfills
• Reusable components can be utilized for future data recovery services
• Removes risk of sensitive data falling into the wrong hands

Prior to disposal of storage media, technicians dismantle the device and remove parts that can be reused for future data recovery jobs. They will not dispose of any drives or devices that still contain data, so the re-use of hard drive parts poses no risk to the customer.

All other hard drive or storage device components, including metals, circuit boards, copper wiring, and other materials are then recycled in an environmentally safe manner. By recycling these components, we prevent any materials from reaching landfills, reduce the need to take resources from the Earth, and also reduce the consumption of energy

Dr.Sachin Pandey
CEO & President
Agape Inc

Why is it IMPORTANT

Appropriate IT asset elimination protects the environment

It is of great concern when companies sort out new technology into their organizations. They are faced with the real trouble of what to do with their old and obsolete IT assets. It is no longer suitable for companies to chuck out old technology or simply pass them along to a third party. With businesses moving toward greener technologies taking up new pieces of e-waste legislation, corporations need to create a plan on how to make sure both local and federal compliance pertaining to IT asset disposal.

Something many companies find surprising is that transferring title of your old IT assets does not allow the liability attached to those assets to transfer as well. The liability problem that companies face is twofold; first, they must work to comply with the standards set forth by the federal and state government regarding environmental regulations and data security standards, and secondly, they must realize the responsibility they have to protect the environment from a potential catastrophe in regards to dangerous substances contained in their old IT assets, commonly referred to as e-waste.

If a company were to simply toss its unwanted IT assets into a dumpster or landfill, it would show a higher tolerance of risk considering those assets could ultimately contaminate water supplies, not to mention the possibility that the offenders would face stiff fines and perhaps jail time. From a security point of view, unwanted or superfluous IT assets have hard drives that store proprietary & KEY information on businesses tactics, partner info and consumer data. Corporations that place business or consumer data at risk, is the ultimate act of irresponsibility.

Enterprise companies need to protect themselves from liability and the environment from destruction. Just as they owe it to their customers to ensure all data has been properly protected, they owe it to the environment to ensure that potential toxic materials are disposed of properly too. Ignoring the dangers contained in e-waste will expose them and their company to possible liability.

A Rapidly Growing Problem
The electronics market in India will be the fastest rising electronics market in the world for the next several years, expected to reach approx. Rs. 20,000 Crores by 2010, driven mainly by the computer and I.T. component sectors.
Given the proper statistics, about 3.3 lakh tonnes of e-waste was generated in India in 2007 which is expected to reach approx. 4.7 lakh tonnes by 2011. With such an astonishing rate of increase in e-waste it becomes a foremost responsibility to have an eco friendly solution for its correct disposal. This is an issue demanding attention and if not taken into consideration can harm the environment as well as the company’s image big time.

Current Scenario
• Informal, high-risk and unregulated
• Inefficiencies result in loss of resources that could be reclaimed/ recycled
• Not environmentally or occupationally sound, creates many hazards to labor force and environment
• Negatively impacts the vulnerable; women, children and immigrant labor

AGAPE’s e-Waste Vision
The goal of Agape Inc is to provide a back to back solution that encompasses the entire process from initial entry into the waste stream through parts harvesting to final disposition of it.
A zero-landfill, 100% reuse and recycle approach will limit the environmental contamination and negative health effects that currently result from a lack of compliance to regulatory requirements or standards.

For more information call our Toll Free No: 1800 209 6789

Sherwin Azavedo
Manager: Cyber Crime Complaint