CCC News


IT and Cyber Security News Update from

Centre for Research and Prevention of Computer Crimes, India


Courtesy - Sysman Computers Private Limited, Mumbai (

Since June 2005                                         January 12, 2015                                          Issue no 1529

Tenth year of uninterrupted publication

Today’s edition – 


LAW : Regulations need to evolve fast for tackling cyber crime

RETALIATE : Anonymous threatens cyber-revenge for Paris killings

TREND : New breed of cyber criminal spies on your laptop by listening to signals even when it's OFFLINE

WEAPON : Cyber attack now primary weapon for countries, says ViaSat UK

IT Term of the day

Quote of the day


(Click on heading above to jump to related item. Click on “Top” to be back here)



LAW : Regulations need to evolve fast for tackling cyber crime


Jan 8, 2015


NEW DELHI: With cyber crime growing at a menacing pace amid dynamic changes in technology, the "threat landscape" has become larger and policies need to evolve continuously to contain it, CERT-IN Director Gulshan Rai said today.


The number of Internet users in the country is growing at a rapid pace as more and more people log onto the Web through handheld devices like mobile phones and tablets, he said.


"We are in an era where surveillance is becoming difficult as technology is constantly evolving... There is no permanent solution. The government has taken a lot of steps... Comprehensive steps need to be taken to collaborate and evolve (regulation and policies)," Rai said at an event organised by the Observer Research Foundation (ORF).


Rai clarified however that this was his personal view. "We estimate that there are over 400 million Internet users in the country. The Internet penetration was at about 10 per cent in 2011 and we expect it to touch 28 per cent by the end of this year. Traffic is also growing at a very strong pace. India is poised to become one of the largest Internet economies," he said.


Rai added that the threat landscape has grown larger as IT has become an essential component of all sectors.


According to government data, from 2011 to 2014 (till May), a total number of 21,699, 27,605 (in 2012), 28,481 (in 2013) and 9,174 Indian websites were hacked by various hacker groups spread across worldwide.


In addition, during these years, a total number of 13,301, 22,060, 71,780 and 62,189 security incidents, respectively, were reported to the Computer Emergency Response Team-India (CERT-In).



RETALIATE : Anonymous threatens cyber-revenge for Paris killings

Elizabeth Weise


January 9, 2015


SAN FRANCISCO — One of the hacktivist groups using the name Anonymous has vowed to attack Islamic terrorist websites and social media accounts in revenge for the Charlie Hebdo murders in Paris.


In a message posted in French to a file-sharing site called Pastebin, the group identified itself as the "francophone Op Charlie Hebdo."


Citing the terrorist assault on the French weekly that killed 12 journalists, the group, which appears to be based in Belgium, wrote,"We can not fall to the ground. It is our duty to react."


World editor Owen Ullmann talks about the Paris attacks and how home-grown terrorism is often impossible for officials to prevent. USA TODAY


The group vowed to fight for the "inviolate and sacred right to express opinions in any way" and said those who opposed freedom of expression can expect "a massive frontal assault from us, because the struggle for the defense of these freedoms is the foundation of our movement."


The group released a video in French on YouTube. In a voice that has been digitally altered, the male reader says, "We are declaring war against you, the terrorists" and vowed to close accounts on social networks linked to terrorists. He wore a Guy Fawkes mask to disguise his identity.


Anonymous is an amorphous group of hacker activists that has inserted itself into several conflicts worldwide, including actions in Israel, the USA and, most recently, Paris.


There is no one Anonymous group but rather several individuals and groups who make statements and take action under the broad umbrella of the name.


In public protests, those representing themselves as Anonymous often wear Guy Fawkes masks. Fawkes was an English Catholic who participated in a plot to overthrow King James I and put a Catholic back on the English throne in 1605. The plot failed, and Fawkes was condemned to death.


In recent years, Fawkes has been taken up as an icon by some anarchist groups, in part because of the use of a Fawkes mask by the central character in the graphic novel V for Vendetta by Alan Moore and the subsequent movie.


The group's YouTube videos often include a stylized image of a black-and-white suit with a question mark where the head should be. The voice-overs are done using computer software, giving them an eerie tone.


They often use the tag line, "We are Anonymous. We are Legion. We do not forgive. We do not forget. Expect us."


In general, the decentralized collection of Internet-savvy activists believe in freedom and an end to censorship. It supported the Occupy movement in the USA and the protests against police actions in Ferguson, Mo.



TREND : New breed of cyber criminal spies on your laptop by listening to signals even when it's OFFLINE

    Georgia Institute of Technology researchers reveal new hacking method

    They say hackers can 'listen in' to signals emitted by laptops and phones

    This means, even when offline, they could find out what you are doing

    It is very hard to track because the spying is 'silent'

    However, they say developers can create software to patch up the vulnerability in devices

By Jonathan O'Callaghan


9 January 2015



When your computer performs a spell check, opens a program or even just types a letter, it emits a tiny, imperceptible signal.


At least, it was thought to be imperceptible - but researchers say a new breed of hackers could 'listen' to these signals and find out what your computer is doing.


And now they are trying to devise methods to keep your computer safe from hackers employing this discreet technique.


Georgia Institute of Technology researchers have revealed a new hacking method. They say hackers can 'listen in' to signals emitted by laptops and phones (stock image shown). This means, even when offline, they could find out what you are doing. It is very hard to track because the spying is 'silent'


The researchers at the Georgia Institute of Technology are investigating where these information 'leaks' originate so they can help hardware and software designers develop strategies to plug them.


Studying emissions from multiple computers, they have found a way to measure the strength of the leaks - known technically as 'side-channel signals' - and prioritise security efforts.


Worryingly, the signals don't even require your computer to be online - simply being active is enough for a hacker to listen in to what you are up to.


'People are focused on security for the internet and on the wireless communication side, but we are concerned with what can be learned from your computer without it intentionally sending anything,' said Dr Alenka Zajic, an assistant professor in Georgia Tech's School of Electrical and Computer Engineering.


'Even if you have the internet connection disabled, you are still emanating information that somebody could use to attack your computer or smartphone.'


Side-channel emissions can be measured several feet away from an operating computer using a variety of spying methods.


Electromagnetic emissions can be received using antennas hidden in a briefcase, for instance.


Acoustic emissions - sounds produced by electronic components such as capacitors - can be picked up by microphones hidden beneath tables.


Information on power fluctuations, which can help hackers determine what the computer is doing, can be measured by fake battery chargers plugged into power outlets adjacent to a laptop's power converter.


Some signals can be picked up by a simple AM/FM radio, while others require more sophisticated spectrum analysers.


And computer components such as voltage regulators produce emissions that can carry signals produced elsewhere in the laptop.


Because the spying is passive and emits no signals itself, users of computers and smartphones wouldn't know they're being watched.


'If somebody is putting strange objects near your computer, you certainly should beware,' said Dr Zajic. 'But from the user's perspective, there is not much they can do right now.


'Based on our research, we hope to develop something like virus scan software that will look for vulnerability in the code and tell developers what they should update to reduce this vulnerability.'


According to the researchers, different tasks carried out by a laptop or smarphone produces a signal of different intensity. Pictured is a still from their video showing the signal from a laptop. They say devices will need specialist software in order to patch up the vulnerability


As a demonstration, Dr Zajic typed a simulated password on one laptop that was not connected to the internet.


On the other side of a wall, a colleague using another disconnected laptop read the password as it was being typed by intercepting side-channel signals produced by the first laptop's keyboard software, which had been modified to make the characters easier to identify.


'There is nothing added in the code to raise suspicion,' said Dr Milos Prvulovic, an associate professor in the Georgia Tech School of Computer Science.


'It looks like a correct, but not terribly efficient version of normal keyboard driver software. And in several applications, such as normal spell-checking, grammar-checking and display-updating, the existing software is sufficient for a successful attack.'


Currently, there has been no mention in open literature of hackers using side-channel attacks, but the researchers believe it's only a matter of time before that happens.


The potential risks of side-channel emissions have been reported over the years, but not at the level of detail being studied by the Georgia Tech researchers.


'Of course, it's possible that somebody is using it right now, but they are not sharing that information,' Dr Zajic noted.

The signals are produced from the hardware of the computer (shown) when it performs a task. Currently, there has been no mention in open literature of hackers using side-channel attacks, but the researchers believe it's only a matter of time before that happens


The signals are produced from the hardware of the computer (shown) when it performs a task. Currently, there has been no mention in open literature of hackers using side-channel attacks, but the researchers believe it's only a matter of time before that happens


To counter the threat, the researchers are determining where the leaks originate.


'We are trying to understand why these side channels exist and what can be done to fix these leaks,' said Dr Zajic.


'We are measuring computers and smartphones to identify the parts of the devices that leak the most. That information can guide efforts to redesign them, and on an architectural level, perhaps change the instructions in the software to change the device behavior.'


Each computer operation has a different potential for leaking information.


The processor draws different amounts of current depending on the operation, creating fluctuations that can be measured.


People in coffee shops could be at particularly risk (stock image shown), as in a public space hackers could more easily listen in to the signals from their laptop. 'If somebody is putting strange objects near your computer, you certainly should beware,' said Dr Zajic


'When you are executing instructions in the processor, you generate a different type of waveform than if you are doing things in memory,' explained Dr Zajic.


'And there is interaction between the two.'


To measure the vulnerability, Dr Zajic, Dr Prvulovic and graduate student Robert Callen developed a metric known as 'signal available to attacker' (Savat), which is a measure of the strength of the signal emitted.


They measured the level of Savat for 11 different instructions executed on three different laptops, and found the largest signals when the processors accessed off-chip memory.


'It is not really possible to eliminate all side-channel signals,' said Dr Prvulovic.


'The trick is to make those signals weak, so potential attackers would have to be closer, use larger antennas and utilise time-consuming signal analyses.


'We have found that some operations are much "louder" than others, so quieting them would make it more difficult for attackers.'


The researchers are also now studying smartphones, whose compact design and large differential between idle and in-use power may make them more vulnerable.




In separate research, security experts recently revealed a massive security flaw that could let hackers listen in on private calls and read text messages on mobile networks.


One way in which such hackers - as well as some intelligence agencies - get access to such information is by using International Mobile Subscriber Identity (IMSI) catchers, or 'stingrays'.


These controversial tracking devices trick mobiles into connecting with them, and now developers have created an app that claims to detect such gadgets, and warn users if their data is at risk.


IMSI catchers - eavesdropping devices used for intercepting mobile phone traffic and tracking the movement of smartphone users - are controversial because they act like ‘fake’ mobile towers.


Called SnoopSnitch, the app scans for signals that indicate a switch from a legitimate tower to such fake towers, called 'stingray', where information may be being collected.



WEAPON : Cyber attack now primary weapon for countries, says ViaSat UK

Warwick Ashford

08 January 2015


Cyber attacks are becoming the first weapon of choice for countries in conflict, according to ViaSat UK, security and communications supplier to military forces and governments.


“This is shown by the fact that Russia’s alleged cyber attack against Germany is supposedly in response to its continued support of the Ukrainian government,” said ViaSat UK chief Chris McIntosh.


In the latest development, Ukraine's prime minister has blamed Russian intelligence for the cyber attack against German government websites on 7 January, according to Reuters.


The accusation comes despite a pro-Russian group claiming responsibility for the attack shortly before Ukrainian prime minister Arseny Yatseniuk held talks in Berlin with German chancellor Angela Merkel.


“I strongly recommend that the Russian secret services stop spending taxpayer money on cyber attacks against the Bundestag and chancellor Merkel's office,” Yatseniuk told ZDF TV.


Several government sites were unreachable after being targeted by distributed denial of service (DDoS) attacks, according to a German government spokesman.


The attack was reportedly the first successful prolonged attack on German government websites, which face about 3,000 such assaults daily according to intelligence agencies.


The attack on German government websites comes just weeks after a cyber attack on Sony Pictures that has been blamed on North Korea.


North Korea, in turn, has blamed the US for internet outages that hit the country soon after, which McIntosh said is further proof that cyber attacks are becoming a popular weapon.


“The lines between private, public and military targets are blurring, and cyber attacks are now being looked to as an effective way of influencing other countries’ foreign policy,” he said.


In this new landscape of threats, McIntosh said organisations in all sectors will need to be vigilant against a wider range of threats, not only from countries with significant resources at their disposal and the incentives to use them, but also from other actors acting in hostile nations’ interests.


“Institutions – from governments to film studios to banks – need to analyse all potential weak points with the assumption that their systems have already been compromised, and work back from this assumption to ensure that a breach cannot result in serious damage.


“This includes actions such as encrypting data and ensuring that critical systems can be quickly isolated if they are infected. Only an all-inclusive and pessimistic approach will protect against increasingly sophisticated and numerous attacks,” he said.


Veteran cyber security expert Bruce Schneier also referred to the increasing blurring of lines in cyber space between individual actors and national governments in an article for The Atlantic.


“It’s a strange future we live in when we can’t tell the difference between random hackers and major governments, or when those same random hackers can credibly threaten international military organisations,” he wrote.


According to Schneier, the cyber attack on Sony is important because he predicts the world is going to see an even greater blurring of traditional lines between police, military and private actions as technology broadly distributes attack capabilities across a variety of actors.


He believes the cyber attack on Sony should raise questions around who is in charge of the response and under what legal system they should operate when it is not clear who is launching an attack or why.


“We need national guidelines to determine when the military should get involved and when it’s a police matter, as well as what sorts of proportional responses are available in each instance. We need international agreements defining what counts as cyber war and what does not,” he wrote.



IT Term of the day


A computer document is a file created by a software application. While the term "document" originally referred specifically to word processor documents, it is now used to refer to all types of saved files. Therefore, documents may contain text, images, audio, video, and other types of data.


A document is represented with both an icon and a filename. The icon provides a visual representation of the file type, while the filename provides a unique name for the file. Most document filenames also include a file extension, which defines the file type of the document. For example, a Microsoft Word document may have a .DOCX file extension, while a Photoshop document may have a .PSD file extension.


Many software applications allow you to create a new document by selecting File → New from the menu bar. You can then edit the document and select File → Save to save the file to your hard disk. If you want create a copy of the document, most programs allow you to select File → Save As… to save the document with a different filename. Once you have saved a document, you can open it at a later time by double-clicking the file or by selecting File → Open… within the associated program.



Quote of the day

The great enemy of the truth is very often not the lie: deliberate, continued, and dishonest; but the myth: persistent, persuasive, and unrealistic.


John F. Kennedy 



Note -

  1. As a member of this group, you get useful information to protect yourself and your IT assets and processes from various Computer and Related Crimes.
  2. If you think that your other friends/colleagues/acquaintances/relatives/foes/enemies also needs this information, forward the mail to them and request them to send their e-mail addresses and names to us with subject as "Subscribe".
  3. If you or someone has become victim of Computer Crimes or has any query on prevention, you are welcome to write to us.
  4. If you are not interested in it and would like to unsubscribe - send a reply mail with subject as "Unsubscribe".
  5. Disclaimer - We have taken due care to research and present these news-items to you. Though we've spent a great deal of time researching these matters, some details may be wrong. If you use any of these items, you are using at your risk and cost. You are required to verify and validate before any usage. Most of these need expert help / assistance to use / implement. For any error or loss or liability due to what-so-ever reason, CRPCC and/or Sysman Computers (P) Ltd. and/or any associated person / entity will not be responsible.