Agape Blog

In wake of cyber terrorism, US President Obama stated last June in its new cyber security plan “The new approach starts at the top, with the commitment from me: From now on, our digital infrastructure — the networks and computers we depend on every day — will be treated as they should be, as a strategic national asset,” in his briefing he said “Protecting this infrastructure will be a national security priority. We will ensure that these networks are secure, trustworthy, and resilient. We will deter, prevent, detect, and defend against attacks and recover quickly from any disruptions or damage”. Obama noted that cybersecurity is a “matter of public safety and national security”.

A month after his declaration, many government and some other websites in the US & South Korea have been crippled by a distributed denial of service attack. What’s interesting is the way the virus seemed to succeed in an unexpected way by sending erstwhile allies. The attack was largely built from the MyDoom virus, first exposed in 2004, so presumably the cadre of infectable machines was low (some 50,000 to 65,000 machines were infected), and seem to be located mainly in China, Korea and Japan. The purpose of most “Distributed Denial of Service” attacks is to create nuisance.

Investigators in the U.S. face a steep task in trying to trace the attack to its source. The assault involved more than 1,00,000 zombie computers (it is a a home-based PC that a remote attacker has accessed and set up to forward transmissions including spam and viruses to other computers on the Internet) linked together in a network known as a “botnet.” Most of those computers were in South Korea, but others were in Japan, China, the U.S. and possibly other countries. The assault began July 4 and targeted dozens of government and private sites in the U.S., including some federal agencies that were shut down for days. Treasury Department and Federal Trade Commission Web sites were knocked out by the blizzard of digital requests.

The officials said that while Internet addresses have been traced to North Korea, that does not necessarily mean the attack involved the Pyongyang government.

It’s a high time that need compulsory & requisite attention on cyber security to protect the confidentiality, integrity, and availability of information in today’s highly networked systems environment.

To log online Cyber Crime Complaint call our Toll Free No. at 1800 209 6789 (For India Only) Or visit us at www.agapeinc.in.

Jayesh Bellani
Executive: Fraud Management System

The biggest mobile forensic conference is around the corner. Mobile Forensics World – 09 which is on may 26-30, 2009 is the ONLY Conference specifically dedicated to Federal, State and Local Law Enforcement Forensic Specialists, Corporate and Private Forensic Examiners, the Intelligence Community, Military and Homeland Security Agencies, Industry Leaders, and Academic Researchers performing Mobile Forensics.

Mobile Device Forensics (Mobile Phones, GPS, etc.), Advanced Techniques of Mobile Forensics, SIM/USIM Card Analysis, Cell Site Analysis, Mobile Spyware, Hex Dumps and Flashing, Call Data Record Analysis, and other Mobile Forensics Applications and Research.

Sponsored by Purdue University, The conference is going to take place at Chicago Police Training Academy and the O’Hare Marriott Chicago, Illinois, USA.

Starting from 26 May there will be a two day training session in which you will be given a crime scene to investigate and a set of Call Detail Records for your suspect followed by the presentations from the gurus in mobile forensic on various topics like Low Level iPhone Forensics, Mobile Device Forensics, Blackberry Forensics and more.

Follow the link to view the schedule.

Today, terrorism is not restricted at striking and damaging the physical targets of the Government. Striking at “Economic Targets” and undermining the economy of the country is also considered an important terrorist strategy. Also, many vital Information assets are today owned by non Government sector and excluding them from being considered as potential terrorist targets under POTA could be an oversight.

India may be the most vulnerable place in the world now for physical terror attacks, but our country is equally vulnerable to cyber terrorism.

The terrorist propaganda using the Internet is intense, and encompasses not only websites but also blogs, social networking sites like the Orkut — and other areas of the cyberspace, including email groups and even recorded messages left as voice mails.

The other problem with regard to these websites is that, these sites are hosted from developed countries in the EU like Germany, Spain, Italy, France and the likes, where such websites are not under close scrutiny of the respective governments. Terrorist keep on changing their web interfaces, fearing imminent ban by the authorities. The clever use of cyberspace then, makes tracking of propaganda all the more difficult.

Passive ideological war is not the only form of cyber terrorism India suffers from; the country is also attacked routinely by terrorist hackers who snoop into government owned websites and personal computers for monetary gains. That is why, besides ramping up the country physical security infrastructure, the government also needs to ramp up the country’s cyber security infrastructure to prevent cyber attacks. India needs a well planned Anti Cyber Terrorism Action Plan to prevent the country being devastated through the invisible Cyber space attacks. Presently there are established laws that govern the Terrorism. However, there are no special laws governing Cyber Terrorism.

Special laws governing Cyber Crimes became effective in India with the passage of Information Technology Act 2000. Subsequently, the special act for Terrorism, POTA was also enacted. We need to therefore look at the laws governing Cyber Terrorism within these laws and any other associated legislation that may come into effect by cross reference including the IPC. Information Technology Act-2000 addresses some issues of Cyber Crimes but does not adequately address the issues of Cyber Terrorism.

Cyber Terrorism is a growing menace in the Cyber space and poses, many challenges to the Law Enforcement Agencies. In order to assist the Indian law enforcement agencies in improving their capabilities to handle Cyber Terrorism, it is necessary to make appropriate legal changes to include Cyber Terrorism under POTA, create a public support system for Ethical Hacking and Cyber Patrolling and also accept Counter Attacks as one of the effective strategies for curbing Cyber Terrorism.

Adnan Patel
Executive: Fraud Management Services

In past article we shared information and trends regarding website defacement, here are few Security tips. These tips are basically for the websites which are hosted on shared servers/environment.

1. Keeping Software Up to Date
If you are running old versions of software chances are it’s insecure, make sure you upgrade to the latest release. Most updates to software are security or functionality related, which means if you aren’t running the latest version you are likely to have missed a few security fixes.

2. 3rd Party Scripts and Code
Plugins, widgets or any other code you usually install are written by other people under unknown circumstances. Some may be great, some may have security holes. Make sure you research any code you wish to use but you haven’t written yourself. Do a few Google searches before using such code to verify how secure the code actually is.

3. Your Own Fault
One of the biggest reasons of Identity theft and an easy way for someone to fetch confidential details to your site(s). Your personal computer could well turn out to be a weak link in this. It could be anything, from an infected powerpoint file or someone phishing your account details, the vulnerabilities are too many to consider. No matter how secure your actual website is, if the machine you use to access, log in and edit your web pages is infected you stand a grave risk of being compromised and its outcome may be more than just the effect on your site.

Use anti virus scans, clear logs, secure your passwords and be aware of
general security issues. Public wifi spots are also a security risk.

4. Choose good password
The easiest thing that a hacker would do is to get you password and use it against you.. So you better pick a good one. Good passwords are unguessable, long and contains various caracters type ( letters, numbers, puncts…etc etc), above 15 charachters. This an example of a good password : “g8@”ju$por£%99ç>llop” . Hackers usualy use software to guess your password. So you better make it hard for them as much as you can.

5. Checking Your Logs Regularly
If you spot any unusual traffic spike in your website stats (ranking for gambling, pharmaceuticals and sex terms is a common one) try working out where it is coming from and going to. From there if you can make sure whether it is a hack.

6. Backups:-
Taking the backups regularly alone won’t protect your website from being hacked. In case of hack you wil need to take care of the following:-

* Records of IP’s accessing your website

* Pre hack backup of your website including the latest updates.
with eUKhost backup plans you can make backups for your website daily, weekly as per your requirements.You would be able to use latest backup you had on backup space.

7. Don’t Put All Your Eggs in One Basket
Grab your self for a VPS or a multi reseller account where you can spread your websites under different set of IP’s. you can also host your websites on different c class IP’s.

8. Use Code properly
You have to be careful about html and PHP forms that you put into your websites. If you’re using PhP/MYSQL hackers could inject codes into your database through you comments form for example.. you can lose all your data. So you’d better learn how to code properly and disable injected scripts into forms.

Once again Microsoft got defaced by means of SQL Injection. Few days ago a defacer known as Agd_Scorp defaced 6 Microsoft websites. Few years ago, Microsoft was the target of the attacks mostly because defacers liked Linux more. Now it is just “for fame”. Also in this case defacer didn’t leave any message.

Recently a group of hackers named as PENTAGUARD had cracked into the government sites of Australia, America and England all at a time. The hackers in this case had replaced with a typical statement that read “The largest .gov & .mil mass defacement in the history of mankind”.

Defacement means the web content hosted on a server has been modified illegally. It need not indicate a full system compromise and is less damaging than cracking, which means the attacker may have access to other files in the system Indian Cyberspace is under tremendous threat of cyber hackers and cyber criminals. As per Computer Emergency Response Team India (CERT-In), which is a referral agency to report computer security incidents in the country, a total of 612 Indian websites have been defaced during March 2008. Commercial sector site are more prone to defacing (85% of total site defacement)in India than government sites.

In the recent past, it is blamed that hackers from India’s two neighboring countries have tried to deface the sites of our government agencies, which are having vital and sensitive security information. In the month of March 2008, 57 security incidents were reported to CERT-In from various national and international agencies. Intelligence agencies of India have taken the incidents very seriously and it was reported that the agencies met government officials and ministers on May 13, 2008, to discuss the issue of hacking of sensitive sites.

Cyber Crime is a daunting reality today. It affects every individual connected by a computer or technology. You may not be a hacker but your computer is a potential weapon for criminals to use to attack and damage countries, corporations and even mastermind the destruction of human lives. “Everyone must be aware of the risks that cyber crime and cyber terrorism poses, as ignorance may lead to huge losses and even endanger lives.” Even the participants of the EC-Council Asia Pacific Roundtable Forum unanimously responded to this statement.

Information security is not simply the responsibility of network administrators only, it is the responsibility of every internet user as their ignorance may result in millions of dollars in losses and even the loss of lives. The lack of education among both the users and authorities often results in allowing criminals easy access to even the most high tech security areas. One of the leading cyber crime expert said “No one treats a cyber crime like a murder case, often evidence cannot be used legally as it has been contaminated by the victim or the incident handler, allowing these criminals to escape prosecution.”

Truly, many times people simply ignore to follow certain basic rules like keeping their passwords private or securing their WiFi connections. And they only realise about theor mistakes when it is too late. This is where proper legislation, awareness and education among all levels right from the top management level to even security guards in any corporation is required to ensure the eradication of cyber crimes.

To address & debate internet security issues the World Council for Corporate Governance of UK (WCFCG) together with its associate the International Academy of Law, India (IAL), and in partnership with Cyber Law College are organizing an International Conference on Cyber Security in New Delhi on 29-30 Nov, 2008. The theme for the conference is “Legislation, Monitoring & Enforcement of Cyber Laws”.

Law makers, Governmental policy makers, Legislators, Business leaders, IT experts, eminent jurists, enforcement organizations, academics, bankers & reputation agents are expected to participate. This conference will aim for the formulation & implementation of holistic measures for development, legislation & enforcement of laws for Cyber Security to contain terrorism & promote public interest. Sharing of knowledge & experience of leading Information Technology Experts & Companies, enforcement agencies & jurists in adopting strategies & processes for improving Cyber Security.

Attending this conference would be some eminent personalities like Shri Kapil Sibal, Prof Howard A Schmidt, Dr. Robert Erbacher, Dr. PR Stephenson, Dr. Madhav Mehra and many more. Surely you cannot miss the opportunity of being a part of this conference.

For paticipation details, visit http://www.wcfcg.net

Cyber terrorism and cyber crime are leading to huge losses for many individuals and organizations. There are people sitting in the comfort of their home and are attacking other systems for their malicious intent. Such activities have been discussed at many conferences and events and various solutions are discussed. But implementing these solutions is not easy, as it requires a change in the mindset and old day processes.

Here are some links which discuss modern day solutions for this serious issue.

1. EC-Council, the world’s leading e-business and security certification organization discusses about Modern Defenses against cyber crime during its inaugural Asia-Pacific Roundtable Forum in Kuala Lumpur. Read more

2. How hackers targeted the presidential campaigns of Barack Obama and John McCain to trick users into downloading malware. Read more

3. Why Pakistan sets death penalty for cyber terrorism? Read more

The Federal Bureau of Investigation (FBI) has raised concerns over the growing cyber crimes in US that cost tens of millions of dollars and also posing as a serious threat to US security. The FBI cyber division pointed out activities like computer spying and personal information theft as something that needs immediate measures to be curbed.

The U.S. intelligence agencies have earlier pointed fingers on Russia and China as being the two nations that have the abilities to electronic spying by breaking through U.S. computer networks. Apart from these, FBI has narrowed down 24 more countries that pose a threat to the US. Without naming the 24 countries,FBI has made this statement: “There are countries who have an interest in obtaining information from the U.S., in terms of the electronic theft of data.”

The US computer networks are being constantly attacted by Botnets by sending spam e-mails and spreading malicious code. Thus the U.S. federal agents are stepping up efforts to fight computer crime. They are also joining hands with some foreign counterparts to deal this serious issue. It is worth noting that in January this year, U.S. President George Bush had launched an effort called the Comprehensive National Cybersecurity Initiative, to address the issue of comouter crimes.

With the financial crisis affecting USA severly, it has also affected other countries. This has resulted in a complete turn around in terms of the spendings worldwide. And with such tight situations, online financial fraud has witnessed a soaring growth.

Britan has been the worst affected country after witnessing a soaring cyber crime rate in 2007. A recent report published by an online firm stated that cyber crime in the UK rose by more than 9 percent in 2007. According to Tom Ilube, chief executive, Garlick, majority of the crimes committed online were in relation to fraud and abusive or threatening emails leaving more than two million people prone to online harassment.

The study further revealed that the online crimes were being committed by professionals and one could expect an overall increase owing to the credit crunch that would led many people to perform illegal activities. It’s critical in this time of financial crisis that individuals are vigilant with their personal information, because as long as the credit crunch continues, the growth in online financial fraud is bound to increase.