Newsletter
IT and Cyber Security News Update from
Centre for Research and Prevention of Computer
Crimes,
Courtesy - Sysman Computers Private Limited, Mumbai (www.sysman.in)
Since June 2005 December
26, 2014 Issue no 1523
Tenth year of
uninterrupted publication
Todays edition
COMMITTEE : Home Ministry constitutes a study group to
counter cyber crime
LEGAL : Facebook To Face Lawsuit Over Scanning Users' Messages
2014 : The Top Hacks of the Year
MONITOR : 30
Million Thailand Line app users being monitored, claims Thai govt
(Click on heading above to jump to related item. Click on Top to be back here)
COMMITTEE : Home Ministry constitutes a
study group to counter cyber crime
Home ministry on Wednesday constituted an expert study group to
draw up a comprehensive roadmap to tackle cyber crimes in the country.
Bharti
Jain
TNN
Dec
24, 2014
NEW
DELHI: Concerned over cyber attacks as well as misuse of social media for
terror indoctrination, the Union home ministry on Wednesday constituted an
expert study group to draw up a comprehensive roadmap to tackle cyber crimes in
the country. The group, which will comprise senior academicians specialising in computer science and cyber security professsionals, will suggest measures to tighten cyber
monitoring and recommend possible partnerships with the public and private
sector, NGOs (both domestic and foreign) and international bodies towards this
end.
The
announcement of the expert study group comes days after Union home minister Rajnath Singh told the Lok Sabha that there was a need to strengthen cyber monitoring
in the wake of growing use of internet and social media by global terror
outfits like ISIS to indoctrinate the youth. Singh was responding to concerns
raised by MPs in the wake of arrest of Bangalore professional Mehdi Masroor Biswas
for operating a pro-ISIS Twitter account.
The
five members of the expert panel are Dr Rajat Moona,
Director General CDAC, Pune; Professor Krishnan, Indian Institute of Science, Bengaluru; Dr Gulshan Rai, Director General Cert-In; Dr Manindra Aggarwal, Professor,
Computer Science, IIT, Kanpur; and Dr D Dass,
Professor IIT, Bengaluru. Joint secretary
(Centre-state) in the home ministry Kumar Alok will be its convenor.
"Recently,
various issues relating to cyber crimes have been flagged at various fora including Parliament. India with a fast growing
economy is susceptible to international and domestic cyber attacks and there is
a need to ensure cyber crime-free environment," a home ministry release
said recalling that there was nearly 40 per cent year-on-year increase in cyber
crimes registered in the country over the past 2-3 years.
"In
order to comprehensively address the issues of cyber crimes, Union home
minister Rajnath Singh has approved the setting up of
an expert group consisting of academicians and professionals of repute to
prepare a roadmap for effectively tackling the cyber crimes in the country and
give suitable recommendations on all facets of cyber crime," said the release.
The
Terms of Reference of the Expert Group include preparing a roadmap to
effectively tackle cyber crimes in the country and give suitable
recommendations on all its facets; recommend possible partnerships with public
and private sector, NGOs, international bodies and international NGOs; and,
lastly, to recommend any other special measures/steps the expert group may like
to recommend with regard to tackling cyber crimes.
Also
see-
http://www.dnaindia.com/india/report-five-member-expert-group-to-tackle-cyber-crimes-2046860
LEGAL : Facebook
To Face Lawsuit Over Scanning Users' Messages
By
Nate Raymond
Reuters
24/12/2014
http://www.huffingtonpost.com/2014/12/24/facebook-lawsuit_n_6378076.html?utm_hp_ref=india&ir=India
By
Nate Raymond
(Reuters)
- Facebook Inc must face a class action lawsuit
accusing it of violating its users' privacy by scanning the content of messages
they send to other users for advertising purposes, a U.S. judge has ruled.
U.S.
District Judge Phyllis Hamilton in Oakland, California, on Tuesday dismissed
some state-law claims against the social media company but largely denied Facebook's bid to dismiss the lawsuit.
Facebook
had argued that the alleged scanning of its users' messages was covered by an
exception under the federal Electronic Communications Privacy Act for
interceptions by service providers occurring in the ordinary course of
business.
But
Hamilton said Facebook had "not offered a
sufficient explanation of how the challenged practice falls within the ordinary
course of its business."
Neither
Facebook nor a lawyer for the plaintiffs responded to
a request for comment Wednesday.
The
lawsuit, filed in 2013, alleged that Facebook scanned
the content of private messages sent between users for links to websites and
would then count any links in a tally of "likes" of the pages.
Those
"likes" were then used to compile user profiles, which were then used
for delivering targeted advertising to its users, the lawsuit said.
The
complaint alleged that the scanning of the private messages violated the
federal and California state law.
According
to Tuesday's ruling, Facebook ceased the practice at
issue in October 2012. But the company said it still does some analysis of
messages to protect against viruses and spam, the ruling said.
The
lawsuit was filed by Facebook user Matthew Campbell
and seeks class action status on behalf of U.S. users who sent or received
private messages that included website addresses in their content.
The
case is Campbell v. Facebook Inc, U.S. District
Court, Northern District of California, No. 13-5996.
2014 : The Top Hacks of the Year
by Ondrej Krehel
23 Tuesday Dec 2014
http://blog.lifars.com/2014/12/23/hacks-of-the-year-rundown/
As we approach the end of the
year, lets have a look back at the top hacking incidents of 2014. This year,
we might have witnessed the most damaging attack of the decade. It will not be
easy beating the Sony attack.
SONY
On November 24th all of Sony
Pictures employees computer screens started showing a picture of a skeleton
and a message threatening to release sensitive data to the world. As a response
to the hacking, Sony shut down all its systems, including email servers, to
prevent more data leakage. All this effort however was not enough, the
attackers who identify themselves as the Guardians of Peace (#GOP) claim to
have stolen over 100 TB of data. They have so far released some 40 GB of data
a tiny fraction. The attackers demanded (and succeeded) of Sony Pictures not to
release a controversial movie named The Interview a comedy about the
assassination of the North Korean leader Kim Jong-Un.
As a response Sony cancelled the release of the movie. FBI investigation blames
North Korean government for the attack, while North Korea denies any
involvement.
HOME DEPOT
The Home Depot, a major chain
of home improvement stores in the U.S. had suffered a very large data breach.
Over 56 million customers credit and debit card information was exposed.
According to report, the cybercriminals behind the attacks infiltrated the
companys systems at least 5 months prior to discovery. Many blamed Home Depot
for not having proper security measures in place.
REGIN APT
Called the most advanced cyberespionage campaign to date, the Regin
APT is a highly complex,state
funded threat. The Regin malware carried the ability
to intercept and manage GSM communication systems. The main countries of focus
are Afghanistan, Iran, Syria, and others. It is believed the campaign was
designed by the British intelligence agency GCHQ and the NSA.
THE FAPPENING
A collection of nude
celebrity photos and videos was stolen from Apples iCloud
online storage in September, published on 4Chan, and later released in a number
of parts for download via torrents. The database included many well-known
celebrities, such as Jennifer Lawrence and Kate Uptons very revealing photos.
Apple claimed that their cloud storage has not been breached, many were left
unconvinced.
THE SNAPPENING
After iCloud,
next in line to get breached was the picture messaging app Snapchat.
Photos on Snapchat auto-destroy, but there are
services that are able to save these for you one of which (snapsaved.com) was
hacked. The entire 13GB database was made available for download on Pirate Bay.
CHASE
One of the largest breaches
this year (although not the most devastating) was the J.P. Morgan Chase data
breach, where over 76 million households and 7 million businesses. According to
Chase, no financial information, SSNs, login information, etc., was stolen.
Only emails and phone numbers and addresses were compromised.
Although there were others,
including many attacks involving crypto-currencies, these comprised the top 6
hacking incidents in our opinion.
MONITOR : 30 Million Thailand Line
app users being monitored, claims Thai govt
By Darshik Jariwala
December,
23rd 2014
Free
mobile messaging apps like WhatsApp, Viber, Tango and Line regularly receive requests from
various countries every year to provide them access to the messages being sent
and received to and from their respective countries. Line, a fairly well known
messaging app had received a similar request last year from the Thailand
government.
Now,
more than a year later, the Thai government claims they have complete access to
monitor the messages sent and received by more than 30 million Line users in
Thailand. They claim they can monitor over 40 million messages that are being
sent each day by the Thai citizens.
The
Information and Communication Technology (ICT) Minister Pornchai
Rujiprapa said in a press conference yesterday, We
can monitor all the nearly 40 million LINE messages sent by people in Thailand
each day,, as reported by TheNation. He said
approximately 33 million people in Thailand use Line application. Pornchai further states, If you receive LINE messages that
offend the monarchy and threaten national security, you can lodge a complaint
with police. We can trace where the messages originally come from,. Other important figures present at the same press
conference include Deputy Prime Minister Yongyuth Yutthawong and the Prime Minister and National Council for
Peace and Order (NCPO) chief General Prayut Chan-ocha.
The
purpose stated in the request sent last year by the Thailand government was to
help them gather data on people suspected in in crime
such as trading arms and drugs. And also people who may challenge or question
the Thai monarch.
Interestingly,
a Line spokesperson contacted by TechCrunch denied
having provided any user information with the Thailand government. Even
assuming the fact that Line may have infact not
shared any information with the Thai government, the controversy itself is
bound the affect Line market in Thailand and probably other countries who may
be reluctant to use the app. Line has not provided any further information or
explanation on the matter besides plainly denying it.
DMA
Stands for "Direct
Memory Access." DMA is a method of
transferring data from the computer's RAM to another part of the computer
without processing it using the CPU. While most data that is input or output
from your computer is processed by the CPU, some data does not require
processing, or can be processed by another device. In these situations, DMA can
save processing time and is a more efficient way to move data from the
computer's memory to other devices.
For example, a sound card may need to access data stored in
the computer's RAM, but since it can process the data itself, it may use DMA to
bypass the CPU. Video cards that support DMA can also access the system memory
and process graphics without needing the CPU. Ultra DMA hard drives use DMA to
transfer data faster than previous hard drives that required the data to first
be run through the CPU.
In order for devices to use direct memory access, they must
be assigned to a DMA channel. Each type of port on a computer has a set of DMA
channels that can be assigned to each connected device. For example, a PCI
controller and a hard drive controller each have their own set of DMA channels.
I slept and dreamt that life
was joy. I awoke and saw that life was service. I acted and behold, service was
joy.
Rabindranath Tagore
Note -