Newsletter
IT and Cyber Security News Update from
Centre for Research and Prevention of Computer
Crimes,
Courtesy - Sysman Computers Private Limited, Mumbai (www.sysman.in)
Since June 2005 January
16, 2015 Issue
no 1531
Tenth year of
uninterrupted publication
Todays edition
STRENGTHEN :
Maharashtra Cybercrime cell to get more muscle
BAN : UK
prime minister suggests banning encrypted apps like WhatsApp,
iMessage
FILM : 'Blackhat'
brings cyber security to big screen
PRIVACY?? : Zombie
Cookie - The Tracking Cookie That You Cant Kill
(Click on heading above to jump to related item. Click on Top to be back here)
STRENGTHEN : Maharashtra Cybercrime
cell to get more muscle
By Dhaval Kulkarni
DNA
14 January 2015
http://www.dnaindia.com/mumbai/report-cybercrime-cell-to-get-more-muscle-2052328
The state government has decided to
grant more manpower and facilities to the cyber crime cell, which deals with
online crimes such as stalking, identity theft, and hacking.
The state government has decided to
grant more manpower and facilities to the cyber crime cell, which deals with
online crimes such as stalking, identity theft, and hacking.
Chief minister Devendra
Fadnavis, in a Tuesday meeting with senior state
government and police officials, decided to create 100 new posts in the Mumbai
police to deal with cyber crime. A total of 1,000 staff, including these specially personnel, will be deployed for the purpose.
The police will also get new and
well-equipped labs, better software and technical tools apart from more trained
manpower to deal with cyber crime.
According to the CID's
latest report, in 2013, a total of 907 cyber crime cases were registered in
Maharashtra under the Indian Penal Code (IPC) and the
Information Technology (IT) acts, in which 603 persons have been arrested. This
is a rise from 561 cases of cybercrime in 2012, which saw 407 arrests.
The report says eve-teasing or harassment
tops the list of crimes. Those in the 18-30 year group account for the largest
number of people arrested under the IPC and the IT
Act for their alleged involvement in these crimes.?
Cybercrime also includes theft of
information or intellectual property, email bombing, virus attacks, internet
time thefts and theft or damage of a computer system. In these crimes, computer
programs are manipulated to facilitate crimes like fraudulent use of ATM cards
and accounts, credit card frauds, or frauds involving electronic fund transfers
and electronic commerce and electronic data interchange.
"Mumbai police presented a road
map to create capacity to effectively deal with cyber crimes. It was discussed
at length and approved," confirmed joint commissioner of police, crime, Sadanand Date.
Also see -
http://freepressjournal.in/state-to-act-tough-against-cyber-crimes/
BAN : UK prime minister
suggests banning encrypted apps like WhatsApp, iMessage
Having access to people's communications is
vital for combating terrorism, David Cameron says
By Zach Miners
IDG News Service
Jan 13, 2015
The U.K. may ban online messaging
services that offer encryption such as WhatsApp and
Apple's iMessage, under surveillance plans laid out
by Prime Minister David Cameron.
Services that allow people to
communicate without providing access to their messages pose a serious challenge
to law enforcement efforts to combat terrorism and other crimes, Cameron said
Monday.
He didn't name specific apps, but
suggested those with encryption would not jive with new surveillance
legislation he's looking to enact if he gets re-elected this year. Such apps
include WhatsApp, iMessage,
Google Hangouts, Microsoft's Skype, CryptoCat, and
more.
"In our country, do we want to
allow a means of communication between people which, even in extremists ...
that we cannot read?" Cameron said, adding later, "No, we must
not."
"The first duty of any government
is to keep our country and our people safe," he said.
He didn't say how the government might
enforce the legislation or keep people from downloading such apps.
His comments follow the wave of
shootings in Paris last week by Islamic extremists. Being able to gather
information about people's communications, be that communications records or
actual content, could help authorities to thwart and
investigate attacks, Cameron said.
But his comments also come at a time
of increased concern over government surveillance, and
the loss of digital privacy in general. On the same day Cameron delivered his
remarks, in the President Obama announced plans for new legislation that would
give Americans more control over their data online. A Consumer Privacy Bill of
Rights, Obama proposed, would allow consumers to decide what pieces of their
personal data are collected by companies and decide how the data is used.
FILM : 'Blackhat'
brings cyber security to big screen
American
director Michael Mann is making a grand return with "Blackhat,"
a timely cyber-terrorism action flick starring Chris Hemsworth.American
director Michael Mann is making a grand return with "Blackhat,"
a timely cyber-terrorism action flick starring Chris Hemsworth.
AFP
15 Jan, 2015
LOS ANGELES: American
director Michael Mann is making a grand return with " Blackhat," a timely cyber-terrorism action
flick starring Chris Hemsworth.
Australian actor Hemsworth sheds his "Thor" costume to become
Nicholas Hathaway, a "black hat" bad-guy hacker released from prison
to help American authorities dismantle a criminal network.
"Blackhat"
hits theate'with cyber-crime very much in the
headlines, with its Friday debut coming just two months after a devastating
cyber-attack on Hollywood studio Sony Pictures.
That hack is believed to have
been linked to "The Interview," which depicts a fictional CIA plot to
assassinate North Korea's leader -- a storyline that infuriated Pyongyang.
Mann said the roots of his
film can be traced back more than two years, as he began to understand the
threats posed by cyber-terrorism.
The director -- whose last
film "Public Enemies," came out nearly six yea'ago -- said he was motivated to make the film
because "it takes place in our world as it is right now, right at the
cutting edge of this moment."
Speaking at a press
conference in Los Angeles, Mann said he consulted expert hacke'for
the production, including one, Kevin Poulsen, who
spent several yea'in prison.
"We wanted to know who are the black hat hackers, what motivates them?"
Mann said.
Hemsworth, named the world's sexiest man in November by US
magazine People, said he asked one of the hacke'if
"knowing what you know... do you look at the world differently?"
"He started to laugh. He
said: 'Man, people have no idea how exposed they are and how vulnerable they
are.'"
The cyber-crime experts
showed Hemsworth and American co-star Wang Leehom, who plays a Chinese government computer expert, how
to mimic the body language of
hackers, including their typing mannerisms.
Hemsworth also shares the screen with two-time Oscar nominee
Viola Davis, who plays an FBI special agent in the adventure that takes viewe'from Los Angeles to Hong Kong by way of Jakarta.
Also co-starring in the film
is Chinese actress Tang Wei, perhaps best known for her role in Ang Lee's sultry spy drama "Lust, Caution."
The plot begins with a
literal bang, as a Hong Kong nuclear power plant explodes thanks to the
handiwork of a hacker, and Chinese authorities ask for American help finding
the culprits.
Talking about cyber-terrorism
was an "eye-opening experience," Mann said, adding that people are
"vulnerable to intrusions from everywhere."
Mann's film "The
Aviator" -- a Howard Hughes biopic starring Leonardo DiCaprio
-- took home five Oscars. "The Insider" (1999),
based on a true story about a tobacco industry whistleblower, earned seven
nominations.
He also directed
"Heat" (1995) and created the popular 1980s television show
"Miami Vice."
The Sony hack was claimed by
a group calling itself Guardians of Peace, but Washington has blamed the attack
on North Korea -- a claim Pyongyang denies.
The group issued threats
against cinemas and movie-goe'over the planned
release of "The Interview," initially prompting Sony to pull the plug
on the film's Christmas Day release.
However, hundreds of
independent theate'rallied to show the flick, which
was also made available online and via cable TV providers.
PRIVACY?? : Zombie Cookie - The
Tracking Cookie That You Cant Kill
An online ad company called Turn is using tracking cookies that
come back to life after Verizon users have deleted them. Turns services are
used by everyone from Google to Facebook.
by Julia Angwin and Mike Tigas
ProPublica,
Jan.
14, 2015
http://www.propublica.org/article/zombie-cookie-the-tracking-cookie-that-you-cant-kill
An
online advertising clearinghouse relied on by Google, Yahoo and Facebook is using controversial cookies that come back from
the dead to track the web surfing of Verizon customers.
The
company, called Turn, is taking advantage of a hidden undeletable number that
Verizon uses to monitor customers' habits on their smartphones
and tablets. Turn uses the Verizon number to respawn
tracking cookies that users have deleted.
"We
are trying to use the most persistent identifier that we can in order to do
what we do," Max Ochoa, Turn's chief privacy officer, told ProPublica.
Turn's
zombie cookie comes amid a controversy about a new form of tracking the telecom
industry has deployed to shadow mobile phone users. Last year, Verizon and
AT&T users noticed their carriers were inserting a tracking number into all
the Web traffic that transmits from a users' phone even if the user has tried
to opt out.
Users
complained that the tracking number could be used by any website they visited
from their phone to build a dossier about their behavior what sites they went
to, what apps they used.
In
November, AT&T stopped using the number. But Verizon did not, instead
assuring users on its website that "it is unlikely that sites and ad
entities will attempt to build customer profiles" using its identifiers.
When
asked about Turn's use of the Verizon number to respawn
tracking cookies, a Verizon spokeswoman said, "We're reviewing the
information you shared and will evaluate and take appropriate measures to
address."
Turn
privacy officer Ochoa said that his company had conversations with Verizon about
Turn's use of the Verizon tracking number and said "they were quite
satisfied."
Turn's
actions were spotted by Stanford researcher Jonathan Mayer, and confirmed by ProPublica's testing.
Turn
and Verizon also have a separate marketing partnership that allows Verizon to
share anonymized information about its mobile
customers. In April, Verizon sponsored a Turn event in New York City called " Bringing Sexy Back to Measurement."
Turn,
which calls itself a "Digital Hub," may not be a household name but
it is a huge back-end processor of ads on websites.
It
works like this: When a user visits a website that contains Turn tracking code,
the company holds an auction within milliseconds for advertisers to target that
user. The highest bidder's ad instantly appears on the user's screen as the web
page loads. Turn says it receives 2 million requests for online advertising
placements per second.
For
its auctions to work, Turn needs to identify web users by cookies, which are
small text files that are stored on their computers. The cookies allow Turn to
identify a user's web browsing habits, such as an interest in sports or
shopping, which it uses to lure advertisers to the auction.
Some
users try to block such tracking by turning off or deleting cookies. But Turn
says that when users clear their cookies, it does not consider that a signal
that users want to opt out from being tracked.
"There
are definitely people who feel that if they clear their cookies, they won't be
tracked, and that is not strictly accurate," said Joshua Koran, senior
vice president of product management at Turn.
Turn
executives said the only way users can opt out is to install a Turn opt-out
cookie on their machine. That cookie is not designed to prevent Turn from
collecting data about a user - only to prevent Turn from showing targeted ads
to that user.
ProPublica's
tests showed that even Verizon users who installed the Turn opt-out cookie
continued to receive the Turn tracking cookie as well. Turn said despite the
appearance of the tracking cookie, it continues to honor the opt-out cookie.
Initially,
Turn officials also told ProPublica that its zombie
cookie had a benefit for users: They said they were using the Verizon number to
keep track of people who installed the Turn opt-out cookie, so that if they
mistakenly deleted it, Turn could continue to honor their decisions to opt out.
But
when ProPublica tested that claim on the industry's
opt-out system, we found that it did not show Verizon users as opted out. Turn
subsequently contacted us to say it had fixed what it said was a glitch, but
our tests did not show it had been fixed.
Either
way, this fix does not address the respawning of
cookies that have been deleted since Turn says it does not consider that an
expression of user intent.
"It
is our absolute desire to honor people's choices," said Ochoa, Turn's
chief privacy officer.
For
more coverage, read ProPublica's previous reporting
on Verizon's indestructible tracking and AT&T's decision to stop using the
technique.
Update,
Jan. 16, 2014: In response to our revelation, Turn said it will suspend using
its zombie cookie.
Domain Name
A domain name is a unique name that identifies a website.
For example, the domain name of the Tech Terms Computer Dictionary is
"techterms.com." Each website has a domain name that serves as an
address, which is used to access the website.
Whenever you visit a website, the domain name appears in
the address bar of the web browser. Some domain names are preceded by
"www" (which is not part of the domain name), while others omit the
"www" prefix. All domain names have a domain suffix, such as .com,
.net, or .org. The domain suffix helps identify the type of website the domain
name represents. For example, ".com" domain names are typically used
by commercial website, while ".org" websites are often used by
non-profit organizations. Some domain names end with a country code, such as
".dk" (Denmark) or ".se"
(Sweden), which helps identify the location and audience of the website.
Domain names are relatively cheap to register, though they
must be renewed every year or every few years. The good news is that anyone can
register a domain name, so you can purchase a unique domain name for your blog
or website. The bad news is that nearly all domain names with common words have
already been registered. Therefore, if you want to register a custom domain name,
you may need to think of a creative variation. Once you decide on a domain name
and register it, the name is yours until you stop renewing it. When the renewal
period expires, the domain name becomes available for others to purchase.
NOTE: When you access a website, the domain name is
actually translated to an IP address, which defines the server where the
website located. This translation is performed dynamically by a service called
DNS.
Men, it has been well said,
think in herds; it will be seen that they go mad in herds, while they only
recover their senses slowly, and one by one.
Charles Mackay,
Extraordinary Popular
Delusions and the Madness of Crowds, 1841
Note -