CCC News


IT and Cyber Security News Update from

Centre for Research and Prevention of Computer Crimes, India


Courtesy - Sysman Computers Private Limited, Mumbai (

Since June 2005                                         February 02, 2015                                          Issue no 1538

Tenth year of uninterrupted publication

Today’s edition – 


CHANGE : US Military to Replace Passwords with "Cognitive Fingerprints"

BACK : Pirate Bay Returns

TREND : Ford Lincoln announces remote-control car app as BMW issues security patch

TRIGGER : Only fall of global firm will shake up cyber security

IT Term of the day

Quote of the day


(Click on heading above to jump to related item. Click on “Top” to be back here)



CHANGE : US Military to Replace Passwords with "Cognitive Fingerprints"

By Tara Seals

Infosecurity Magazine

29 Jan 2015


The US military is working on replacing passwords with “cognitive fingerprints.” These rely on stylometrics, which is an analysis of how language is used by individuals. Each person has a different stylometric profile of how they type and word-process, which can be more personally identifying than simple biometrics.


The identity verification system is being developed thanks to a multimillion-dollar grant to the West Point military academy. The system will use a person’s behavior to confirm identity, by recognizing the way a person types—frequent typos, how the mouse or cursor is used, typing speed and so on.


"Just as when you touch something with your finger you leave behind a fingerprint, when you interact with technology you do so in a pattern based on how your mind processes information, leaving behind a 'cognitive fingerprint',” explained a contract document seen by Sky News and reported by Yahoo! Finance.


It added, "The biometrics program is creating a next generation biometric capability built from multiple stylometric/behavioral modalities using standard Department of Defense computer hardware."


The system will be used for encrypted data communications across all of its services, and is part of the Defense Advanced Research Projects Agency (DARPA) active authentication program. But consumer applications for the technology could be myriad, particularly when it comes to e-commerce, online banking and the internet of things ecosystem.


“The current standard method for validating a user’s identity for authentication on an information system requires humans to do something that is inherently unnatural: create, remember, and manage long, complex passwords,” DARPA said. “Moreover, as long as the session remains active, typical systems incorporate no mechanisms to verify that the user originally authenticated is the user still in control of the keyboard.  Thus unauthorized individuals may improperly obtain extended access to information system resources if a password is compromised or if a user does not exercise adequate vigilance after initially authenticating at the console.”



BACK : Pirate Bay Returns

Pirate Bay Won’t Make A Full Comeback, Staff Revolt

By Ernesto

January 27, 2015


According to insiders The Pirate Bay will slim down its operations for the planned comeback. The new version of the site is expected to operate without former admins and moderators, who have responded furiously to the decision. Many key staffers have left the ship to launch their own TPB.


Judging from all the teasers on the Pirate Bay homepage the notorious torrent site is preparing to relaunch this weekend.


Those in control of the domain have yet to make an official announcement but several sources inform TF that the site won’t make a full comeback.


Instead, The Pirate Bay is expected to launch a trimmed down version without room for the dozens of moderators and admins who looked after the site over the past decade.


This lighter version of The Pirate Bay will be easier to operate but the plan has also upset many former staffers. This includes people who have been with the site for over a decade, removing fake torrents and other types of spam.


Several admins and moderators have responded to the news with anger and are now openly distancing themselves from the site that was their home for years.


“I wish I had better news to come with. The launch that is about to take place on February 1 is not us,” says WTC-SWE, one of the lead admins of The Pirate Bay.


“It was until some dickhead decided to take TPB crew out of the picture. He thinks a site can be run without any staff at all and at the same time keeping up with fakes, internal issues etc,” he adds.


What stings them the most is that many dedicated individuals, who put countless hours into keeping the site functioning, now appear to be being pushed aside on a whim.


“Personally I won’t accept this neither will any of the crew that’s been active for almost 10-11 years. As an admin and human, I won’t stand aside and accept this kind of behavior. This is the worst scenario that could happen,” WTC-SWE says.


“You don’t treat people like horseshit,” he adds.


The staff, now in open revolt, have closed the official #thepiratebay IRC channel on EFnet to the public. They won’t offer support anymore for a site that they have no ‘control’ over, but warn people who do want to visit it to be cautious of malware.


Instead, the TPB former crew members are now preparing to launch their own version of the site. This spin-off will be operated from a new domain and will have several long-time mods and admins on board.


WTC-SWE says that they are in possession of a TPB backup which will be used to revive the old site in full. The full staff of moderators and admins remains under his wings and will start over at a home.


“It’s only a matter of time. I will need to blast the whole coding and clean up all the mess. The real TPB will be back with proper staff and all,” WTC-SWE says.


Thus far, the people running the official domain have remained quiet. In a few days, when the count-down completes, we are likely to know more about their vision for the site’s future.




TREND : Ford Lincoln announces remote-control car app as BMW issues security patch

02 February 2015


Ford Motor Company’s Lincoln luxury brand is to announce an app to enable users to control their cars remotely as BMW issues a security patch for a flaw affecting 2.2 million vehicles.


The MyLincoln smartphone app – developed with Google – will allow users to schedule remote starts as well as lock and unlock their cars, reports The Detroit News.

The SLE97144SD Secure Element helps secure business-critical applications


MyLincoln is the first app of its kind to be integrated with the Android organiser app Google Now, and is likely to raise concerns with privacy watchdogs and cyber security professionals.


But users may disregard the risks to benefit from remote start functionality that will ensure the vehicle is cooled off or warmed up by the time they are ready to drive.


“Delivering unique experiences for the luxury client throughout ownership is fundamental to Lincoln,” Matt VanDyke, director, global Lincoln, said in a statement.


“By innovating with leading tech companies, we have an opportunity to personalize the ongoing interaction between the customer and the vehicle.”


The Google Now and MyLincoln apps will be connected through an embedded modem in the vehicle.


Security concerns


Lincoln said the MyLincoln Mobile connectivity and Google services are opt-in features, and notifications can be turned off.


But the car maker made no mention of security or privacy, which will be key to the app’s success, especially as it can also be used to locate vehicles.


Security concerns are underlined by the fact that BMW released a patch for a security flaw that could have allowed hackers to unlock about 2.2 million BMW, Rolls-Royce and Mini cars.


The vulnerability in BMW’s ConnectedDrive infotainment system was discovered by the German motorist association ADAC, reports Slashgear.


ADAC said it proved with several vehicles they could be unlocked remotely using a smartphone. “The procedure leaves no trace and runs in minutes,” the organisation said in a statement.


ADAC said it had waited for BMW to release a patch before revealing the flaw. "As a responsible consumer advocate we have held off publication of this vulnerability until it was closed by the manufacturer to prevent criminals exploiting the attack," the organisation said.


Finance-grade encryption


Like the MyLincoln app, the BMW system uses a mobile data connection to enable users to lock vehicles remotely.


BMW has boosted the security of the system with the same encryption used by financial institutions and other connected services in its vehicles. Affected vehicles should update automatically.


The patched systems can now confirm that they are connected to one of BMW's servers and not a cyber criminal.


BMW said: "No cases have come to light yet in which data has been called up actively by unauthorised persons.”


But BMW should have ensured the data transmission was secure in the first place, said independent security consultant Graham Cluley.


“Yes, it’s good that BMW has fixed the problem. But frankly I think they’re being a little disingenuous talking about 'rapid response' if this issue was first brought to their attention in the middle of last year,” he wrote in a blog post.


Cluley said BMW, Rolls-Royce or Mini owners who are concerned their vehicle may not have received the update should choose “Update Services” from the car’s menu.


ADAC has called on all car makers and technology partners to protect against cyber attacks by certifying their systems and processes against information security standards like The Common Criteria for Information Technology Security Evaluation.



TRIGGER : Only fall of global firm will shake up cyber security

Warwick Ashford

30 January 2015


It will take a major global company going down in the wake of a cyber attack to really shake up information security, according to City of London Police commissioner Adrian Leppard.


This is evidenced by the fact JP Morgan has doubled its information security budget after it was hit with a breach in August 2014, along with several other banking institutions.


 “Loss of trust in a large multi-national is probably the only thing that will make governments do anything radically different,” Leppard told a NEDForum summit in London.


But, he said, this was not a criticism of the UK government, which is doing “all it can” with investment of nearly £1bn in support of a national cyber security strategy.


“We really could not ask more of the UK government, yet cyber crime is getting worse not better, which means we have reached the point where everyone has to take responsibility,” said Leppard.


It is becoming clear that governments are no longer able to protect citizens in the same way as they did in the past, he added, with criminals able to strike from anywhere in the world.


The UK, and London in particular, is also one of the most highly targeted countries in the world because it is one of the largest global economic centres, with many financial institutions.


Leppard said: “It is clear that although we are getting better at dealing with cyber crime, law enforcement with scale cyber crime society is facing. We are never going to enforce our way out of the problem.


“The only way we are going to be able to deal with cyber crime properly is by everyone improving their crime prevention capabilities in combination with increased action business and industry."


According to Leppard, law enforcement organisations around the world are now looking to partner with business and industry to help them to protect the global economy, because they hold all the critical data.


In the UK alone, some estimates put the cost of cyber crime at £27bn a year. But Leppard said the value of reported cyber crime comes nowhere near this figure.


UK police forces estimate only a fraction of cyber crime is reported.


“We believe we see only about 20% of all cyber enabled fraud, only 20% of these reports can be followed up and only 20% result in successful prosecutions,” said Leppard. "The way forward is partnership with business and industry."


Police pursuing closer relationship with business


UK police, including the National Crime Agency’s National Cyber Crime Unit, are actively pursuing a closer relationship with business.


 “We are also discussing ways of encouraging industry to increase the level of reporting – whether this is about providing easier electronic means for doing so or if legislation is needed,” said Leppard.


“Finding the right approach is a huge challenge facing policy and law makers, and this is something the police are discussing with government.


“But all governments shy away from legislation that could potentially stifle legislation. I am advocating that we have a rigorous debate about how best to encourage people to do the right thing.


“The answer may lie in regulation or legislation, but I think the answer is more likely to be found through enabling business to see a commercial advantage in good cyber security.”


Leppard said another important part of the solution is finding ways to “harden” targets. “We need to be able to gather and share threat intelligence quickly, but that depends on better reporting,” he said.


Businesses must adopt a good cyber security standard


Businesses also need to adopt a good cyber security standard that is part of overall company security and ensure that everyone in the company is working to that standard.


“The answer is not more policing," said Leppard. "But better collaboration between law enforcement and industry, with the role of police increasingly about helping industry to protect itself.


“It would help if all organisations were working to a common standard of information security, but I do not know how that could be achieved.”


Leppard said the UK government’s Cyber Essentials Scheme is a good place to start in establishing a minimum standard, but he said this only provides “lightweight” protection.


The biggest concerns for police in the year ahead, he said, is the potential proliferation of encrypted communications and the potential loss of security integrity of mobile communications.


“It is difficult to know where the biggest challenges will lie, but we are confident they will involve a cyber element,” Leppard concluded.




IT Term of the day

Double Click

Double clicking involves clicking your mouse button quickly two times. To perform a double click, and not just two clicks, the mouse button must be pressed twice within a very short time, typically about half a second. Most operating systems allow you to lengthen or shorten the maximum time allowed for a double click, using the Mouse Control Panel or System Preference.


A double click is recognized by your computer as a specific command, just like pressing a key on your keyboard. Double clicking is used to to perform a variety of actions, such as opening a program, opening a folder, or selecting a word of text. In order to double click an object, just move the cursor over the item and press the left mouse button quickly two times.



Quote of the day

It is always a simple matter to drag the people along, whether it is a democracy, or a fascist dictatorship, or a parliament, or a communist dictatorship. Voice or no voice, the people can always be brought to the bidding of their leaders. That is easy. All you have to tell them is that they are being attacked and denounce the peacemakers for lack of patriotism and exposing the country to danger. It works the same in any country.


Hermann Goering,

Nuremberg Trials




Note -

  1. As a member of this group, you get useful information to protect yourself and your IT assets and processes from various Computer and Related Crimes.
  2. If you think that your other friends/colleagues/acquaintances/relatives/foes/enemies also needs this information, forward the mail to them and request them to send their e-mail addresses and names to us with subject as "Subscribe".
  3. If you or someone has become victim of Computer Crimes or has any query on prevention, you are welcome to write to us.
  4. If you are not interested in it and would like to unsubscribe - send a reply mail with subject as "Unsubscribe".
  5. Disclaimer - We have taken due care to research and present these news-items to you. Though we've spent a great deal of time researching these matters, some details may be wrong. If you use any of these items, you are using at your risk and cost. You are required to verify and validate before any usage. Most of these need expert help / assistance to use / implement. For any error or loss or liability due to what-so-ever reason, CRPCC and/or Sysman Computers (P) Ltd. and/or any associated person / entity will not be responsible.