Newsletter
IT and Cyber Security News Update from
Centre for Research and Prevention of Computer
Crimes,
Courtesy - Sysman Computers Private Limited, Mumbai (www.sysman.in)
Since June 2005 January
12, 2015 Issue
no 1529
Tenth year of
uninterrupted publication
Todays edition
LAW :
Regulations need to evolve fast for tackling cyber crime
RETALIATE :
Anonymous threatens cyber-revenge for Paris killings
WEAPON :
Cyber attack now primary weapon for countries, says ViaSat
UK
(Click on heading above to jump to related item. Click on Top to be back here)
LAW : Regulations need to evolve
fast for tackling cyber crime
PTI
Jan
8, 2015
NEW
DELHI: With cyber crime growing at a menacing pace amid dynamic changes in
technology, the "threat landscape" has become larger and policies
need to evolve continuously to contain it, CERT-IN Director Gulshan Rai said
today.
The
number of Internet users in the country is growing at a rapid pace as more and
more people log onto the Web through handheld devices like mobile phones and
tablets, he said.
"We
are in an era where surveillance is becoming difficult as technology is constantly
evolving... There is no permanent solution. The government has taken a lot of
steps... Comprehensive steps need to be taken to collaborate and evolve
(regulation and policies)," Rai said at an event organised
by the Observer Research Foundation (ORF).
Rai
clarified however that this was his personal view. "We estimate that there
are over 400 million Internet users in the country. The Internet penetration
was at about 10 per cent in 2011 and we expect it to touch 28 per cent by the
end of this year. Traffic is also growing at a very strong pace. India is
poised to become one of the largest Internet economies," he said.
Rai
added that the threat landscape has grown larger as IT has become an essential
component of all sectors.
According
to government data, from 2011 to 2014 (till May), a total number of 21,699,
27,605 (in 2012), 28,481 (in 2013) and 9,174 Indian websites were hacked by
various hacker groups spread across worldwide.
In
addition, during these years, a total number of 13,301, 22,060, 71,780 and
62,189 security incidents, respectively, were reported to the Computer
Emergency Response Team-India (CERT-In).
RETALIATE : Anonymous threatens
cyber-revenge for Paris killings
Elizabeth
Weise
USATODAY
January
9, 2015
http://www.usatoday.com/story/tech/2015/01/09/anonymous-hacking-group-who-are-they/21509877/
SAN
FRANCISCO One of the hacktivist
groups using the name Anonymous has vowed to attack Islamic terrorist websites
and social media accounts in revenge for the Charlie Hebdo
murders in Paris.
In a
message posted in French to a file-sharing site called Pastebin,
the group identified itself as the "francophone Op Charlie Hebdo."
Citing
the terrorist assault on the French weekly that killed 12 journalists, the
group, which appears to be based in Belgium, wrote,"We
can not fall to the ground. It is our duty to react."
World
editor Owen Ullmann talks about the Paris attacks and
how home-grown terrorism is often impossible for officials to prevent. USA
TODAY
The
group vowed to fight for the "inviolate and sacred right to express
opinions in any way" and said those who opposed freedom of expression can
expect "a massive frontal assault from us, because the struggle for the
defense of these freedoms is the foundation of our movement."
The
group released a video in French on YouTube. In a voice that has been digitally
altered, the male reader says, "We are declaring war against you, the
terrorists" and vowed to close accounts on social networks linked to
terrorists. He wore a Guy Fawkes mask to disguise his identity.
Anonymous
is an amorphous group of hacker activists that has inserted itself into several
conflicts worldwide, including actions in Israel, the USA and, most recently,
Paris.
There
is no one Anonymous group but rather several individuals and groups who make
statements and take action under the broad umbrella of the name.
In
public protests, those representing themselves as Anonymous often wear Guy
Fawkes masks. Fawkes was an English Catholic who participated in a plot to
overthrow King James I and put a Catholic back on the English throne in 1605.
The plot failed, and Fawkes was condemned to death.
In
recent years, Fawkes has been taken up as an icon by some anarchist groups, in
part because of the use of a Fawkes mask by the central character in the
graphic novel V for Vendetta by Alan Moore and the subsequent movie.
The
group's YouTube videos often include a stylized image of a black-and-white suit
with a question mark where the head should be. The voice-overs are done using
computer software, giving them an eerie tone.
They
often use the tag line, "We are Anonymous. We are Legion. We do not
forgive. We do not forget. Expect us."
In general, the decentralized collection
of Internet-savvy activists believe in freedom and an end to censorship.
It supported the Occupy movement in the USA and the protests against police
actions in Ferguson, Mo.
TREND : New breed of cyber criminal
spies on your laptop by listening to signals even when it's OFFLINE
Georgia Institute of Technology researchers
reveal new hacking method
They say hackers can 'listen in' to signals
emitted by laptops and phones
This means, even when offline, they could
find out what you are doing
It is very hard to track because the spying
is 'silent'
However, they say developers can create
software to patch up the vulnerability in devices
By Jonathan O'Callaghan
MailOnline
9 January 2015
and
http://m.timesofindia.com/home/science/Hacking-possible-without-internet/articleshow/45830332.cms
When your computer performs a
spell check, opens a program or even just types a letter, it emits a tiny,
imperceptible signal.
At least, it was thought to
be imperceptible - but researchers say a new breed of hackers could 'listen' to
these signals and find out what your computer is doing.
And now they are trying to
devise methods to keep your computer safe from hackers employing this discreet
technique.
Georgia Institute of
Technology researchers have revealed a new hacking method. They say hackers can
'listen in' to signals emitted by laptops and phones (stock image shown). This
means, even when offline, they could find out what you are doing. It is very
hard to track because the spying is 'silent'
The researchers at the
Georgia Institute of Technology are investigating where these information
'leaks' originate so they can help hardware and software designers develop
strategies to plug them.
Studying emissions from
multiple computers, they have found a way to measure the strength of the leaks
- known technically as 'side-channel signals' - and prioritise
security efforts.
Worryingly, the signals don't
even require your computer to be online - simply being active is enough for a
hacker to listen in to what you are up to.
'People are focused on
security for the internet and on the wireless communication side, but we are
concerned with what can be learned from your computer without it intentionally
sending anything,' said Dr Alenka Zajic,
an assistant professor in Georgia Tech's School of Electrical and Computer
Engineering.
'Even if you have the
internet connection disabled, you are still emanating information that somebody
could use to attack your computer or smartphone.'
Side-channel emissions can be
measured several feet away from an operating computer using a variety of spying
methods.
Electromagnetic emissions can
be received using antennas hidden in a briefcase, for instance.
Acoustic emissions - sounds
produced by electronic components such as capacitors - can be picked up by
microphones hidden beneath tables.
Information on power
fluctuations, which can help hackers determine what the computer is doing, can
be measured by fake battery chargers plugged into power outlets adjacent to a
laptop's power converter.
Some signals can be picked up
by a simple AM/FM radio, while others require more sophisticated spectrum analysers.
And computer components such
as voltage regulators produce emissions that can carry signals produced
elsewhere in the laptop.
Because the spying is passive
and emits no signals itself, users of computers and smartphones
wouldn't know they're being watched.
'If somebody is putting
strange objects near your computer, you certainly should beware,' said Dr Zajic. 'But from the user's perspective, there is not much
they can do right now.
'Based on our research, we
hope to develop something like virus scan software that will look for
vulnerability in the code and tell developers what they should update to reduce
this vulnerability.'
According to the researchers,
different tasks carried out by a laptop or smarphone
produces a signal of different intensity. Pictured is a still from their video
showing the signal from a laptop. They say devices will
need specialist software in order to patch up the vulnerability
As a demonstration, Dr Zajic typed a simulated password on one laptop that was not
connected to the internet.
On the other side of a wall,
a colleague using another disconnected laptop read the password as it was being
typed by intercepting side-channel signals produced by the first laptop's
keyboard software, which had been modified to make the characters easier to
identify.
'There is nothing added in
the code to raise suspicion,' said Dr Milos Prvulovic, an associate professor in the Georgia Tech
School of Computer Science.
'It looks like a correct, but
not terribly efficient version of normal keyboard driver software. And in
several applications, such as normal spell-checking, grammar-checking and
display-updating, the existing software is sufficient for a successful attack.'
Currently, there has been no
mention in open literature of hackers using side-channel attacks, but the
researchers believe it's only a matter of time before that happens.
The potential risks of
side-channel emissions have been reported over the years, but not at the level
of detail being studied by the Georgia Tech researchers.
'Of course, it's possible
that somebody is using it right now, but they are not sharing that
information,' Dr Zajic noted.
The signals are produced from
the hardware of the computer (shown) when it performs a task. Currently, there
has been no mention in open literature of hackers using side-channel attacks,
but the researchers believe it's only a matter of time before that happens
The signals are produced from
the hardware of the computer (shown) when it performs a task. Currently, there
has been no mention in open literature of hackers using side-channel attacks,
but the researchers believe it's only a matter of time before that happens
To counter the threat, the
researchers are determining where the leaks originate.
'We are trying to understand
why these side channels exist and what can be done to fix these leaks,' said Dr
Zajic.
'We are measuring computers
and smartphones to identify the parts of the devices
that leak the most. That information can guide efforts to redesign them, and on
an architectural level, perhaps change the instructions in the software to
change the device behavior.'
Each computer operation has a
different potential for leaking information.
The processor draws different
amounts of current depending on the operation, creating fluctuations that can
be measured.
People in coffee shops could
be at particularly risk (stock image shown), as in a public space hackers could
more easily listen in to the signals from their laptop. 'If somebody is putting
strange objects near your computer, you certainly should beware,' said Dr Zajic
'When you are executing
instructions in the processor, you generate a different type of waveform than
if you are doing things in memory,' explained Dr Zajic.
'And there is interaction
between the two.'
To measure the vulnerability,
Dr Zajic, Dr Prvulovic and
graduate student Robert Callen developed a metric
known as 'signal available to attacker' (Savat),
which is a measure of the strength of the signal emitted.
They measured the level of Savat for 11 different instructions executed on three
different laptops, and found the largest signals when the processors accessed
off-chip memory.
'It is not really possible to
eliminate all side-channel signals,' said Dr Prvulovic.
'The trick is to make those
signals weak, so potential attackers would have to be closer, use larger
antennas and utilise time-consuming signal analyses.
'We have found that some
operations are much "louder" than others, so quieting them would make
it more difficult for attackers.'
The researchers are also now
studying smartphones, whose compact design and large
differential between idle and in-use power may make them more vulnerable.
APP COULD TELL YOU WHEN
SOMEONE SPIES ON YOUR TEXTS
In separate research,
security experts recently revealed a massive security flaw that could let
hackers listen in on private calls and read text messages on mobile networks.
One way in which such
hackers - as well as some intelligence agencies - get access to such
information is by using International Mobile Subscriber Identity (IMSI) catchers, or 'stingrays'.
These controversial
tracking devices trick mobiles into connecting with them, and now developers
have created an app that claims to detect such gadgets, and warn users if their
data is at risk.
IMSI catchers - eavesdropping devices used for
intercepting mobile phone traffic and tracking the movement of smartphone users - are controversial because they act like
fake mobile towers.
Called SnoopSnitch,
the app scans for signals that indicate a switch from a legitimate tower to
such fake towers, called 'stingray', where information may be being collected.
WEAPON : Cyber attack now primary
weapon for countries, says ViaSat UK
Warwick
Ashford
08
January 2015
Cyber
attacks are becoming the first weapon of choice for countries in conflict,
according to ViaSat UK, security and communications
supplier to military forces and governments.
This
is shown by the fact that Russias alleged cyber attack against Germany is
supposedly in response to its continued support of the Ukrainian government,
said ViaSat UK chief Chris McIntosh.
In
the latest development, Ukraine's prime minister has blamed Russian
intelligence for the cyber attack against German government websites on 7 January,
according to Reuters.
The
accusation comes despite a pro-Russian group claiming responsibility for the
attack shortly before Ukrainian prime minister Arseny Yatseniuk held talks in
Berlin with German chancellor Angela Merkel.
I
strongly recommend that the Russian secret services stop spending taxpayer
money on cyber attacks against the Bundestag and chancellor Merkel's office, Yatseniuk told ZDF TV.
Several
government sites were unreachable after being targeted by distributed denial of
service (DDoS) attacks, according to a German
government spokesman.
The
attack was reportedly the first successful prolonged attack on German
government websites, which face about 3,000 such assaults daily according to
intelligence agencies.
The
attack on German government websites comes just weeks after a cyber attack on
Sony Pictures that has been blamed on North Korea.
North
Korea, in turn, has blamed the US for internet outages that hit the country
soon after, which McIntosh said is further proof that cyber attacks are
becoming a popular weapon.
The
lines between private, public and military targets are blurring, and cyber
attacks are now being looked to as an effective way of influencing other
countries foreign policy, he said.
In
this new landscape of threats, McIntosh said organisations in all sectors will
need to be vigilant against a wider range of threats, not only from countries
with significant resources at their disposal and the incentives to use them,
but also from other actors acting in hostile nations interests.
Institutions
from governments to film studios to banks need to analyse
all potential weak points with the assumption that their systems have already
been compromised, and work back from this assumption to ensure that a breach
cannot result in serious damage.
This
includes actions such as encrypting data and ensuring that critical systems can
be quickly isolated if they are infected. Only an all-inclusive and pessimistic
approach will protect against increasingly sophisticated and numerous attacks,
he said.
Veteran
cyber security expert Bruce Schneier also referred to
the increasing blurring of lines in cyber space between individual actors and
national governments in an article for The Atlantic.
Its
a strange future we live in when we cant tell the difference between random
hackers and major governments, or when those same random hackers can credibly
threaten international military organisations, he wrote.
According
to Schneier, the cyber attack on Sony is important
because he predicts the world is going to see an even greater blurring of
traditional lines between police, military and private actions as technology
broadly distributes attack capabilities across a variety of actors.
He
believes the cyber attack on Sony should raise questions around who is in
charge of the response and under what legal system they should operate when it
is not clear who is launching an attack or why.
We
need national guidelines to determine when the military should get involved and
when its a police matter, as well as what sorts of proportional responses are
available in each instance. We need international agreements defining what
counts as cyber war and what does not, he wrote.
Document
A computer document is a file created by a software
application. While the term "document" originally referred
specifically to word processor documents, it is now used to refer to all types
of saved files. Therefore, documents may contain text, images, audio, video,
and other types of data.
A document is represented with both an icon and a filename.
The icon provides a visual representation of the file type, while the filename
provides a unique name for the file. Most document filenames also include a
file extension, which defines the file type of the document. For example, a
Microsoft Word document may have a .DOCX file
extension, while a Photoshop document may have a .PSD
file extension.
Many software applications allow you to create a new
document by selecting File → New from the menu
bar. You can then edit the document and select File → Save to save the
file to your hard disk. If you want create a copy of the document, most
programs allow you to select File → Save As
to save the document with a
different filename. Once you have saved a document, you can open it at a later
time by double-clicking the file or by selecting File → Open
within the
associated program.
The great enemy of the truth
is very often not the lie: deliberate, continued, and dishonest; but the myth:
persistent, persuasive, and unrealistic.
John F. Kennedy
Note -