Newsletter
IT and Cyber Security News Update from
Centre for Research and Prevention of Computer
Crimes,
Courtesy - Sysman Computers Private Limited, Mumbai (www.sysman.in)
Since June 2005 February
04, 2015 Issue no 1539
Tenth year of
uninterrupted publication
Todays edition
LAW : Cyber
law misuse a concern, says Supreme Court
PPP : EC3
announces industry partnership in fight against cyber crime
BUDGET : Obama
seeks $14 billion to boost U.S. cybersecurity
defenses
STOLE : Hackers
stole GigaBytes of Syrian oppositions data,
including battle plans
(Click on heading above to jump to related item. Click on Top to be back here)
LAW : Cyber law misuse a concern,
says Supreme Court
A bench of Justices J Chelameswar and Rohinton Fali Nariman
said that under current provision a person has to suffer for a long period as
there is a long time gap.A bench of Justices J Chelameswar and Rohinton Fali Nariman said that under
current provision a person has to suffer for a long period as there is a long
time gap.
By Amit Choudhary
TNN
4
Feb, 2015
NEW
DELHI: The Supreme Court on Tuesday expressed concern over potential misuse of
Section 66A of Information Technology Act which makes posting of
"offensive" messages on social networking site a crime punishable
with a three-year jail term saying that the term
'offensive' is "vague" and highly "subjective".
A
bench of Justices J Chelameswar and Rohinton Fali Nariman
said that under current provision a person has to suffer for a long period as
there is a long time gap between commission of an alleged offence and when
judicial mind is applied to decide whether the contents posted by him is
offensive or not.
"I can give you millions of examples but take one burning
issue is of conversion. If I post something in support of conversion and some
people, not agreeable to my view, filed a complaint against me then what will
happen to me," Justice Nariman asked additional
solicitor general Tushar Mehta.
The ASG clarified that government does not wish to protect any
provision which has even indirect effect on curbing freedom of speech and
expression.
He
said that 66A deals with cyber crime and it is not meant to violate anyone's right
to free speech and under the provision no one can file complaint merely on the
ground that it has caused inconvenience or annoyance to a person.
The
government told the court that a committee has already been set up to look into
cyber laws including the IT Act and it will suggest amendments and safeguards
needed in law.
Emphasizing
the need of Section 66A to deal with cyber crimes, Mehta said that recently
cyber criminals had attacked the defence ministry and
ministry of external affairs and some of the data were shared with two neighbouring countries one of which is not so friendly with
India.
In
one case a mail was sent from an email ID created on the name of Defence Service Officers Institute, New Delhi to all top
brass of army officers. It was sent from a US server. The moment the mail was
opened all the information on the computer got forwarded to the sender. The
data so collected was shared with two neighbouring
countries. Investigation in the case is still going on.
In
another case an email ID was created in the name of Indian embassy in China and
mails were sent to officials of MEA. It was also designed to hack information.
Mehta
said that around 10,000 viruses are created by cyber criminals across the world
every day and a law is needed to protect IT systems in the country.
The
bench, however, said that these instances are not covered under Section 66A and
they fall under Section 65 pertaining to tampering with computer source
documents.
The
bench also made it clear that it will not wait for suggestion or recommendation
of the committee appointed by the government and will decide constitutional
validity of Sec 66A.
"We
can't wait for amendments and guidelines. We have to judge law as it stands
now," the bench said.
The court said that police officials who handle such cases are
not trained to deal with cases. "This provision is applied by SHO of a police station. Just by giving a name of cyber
cell, an SHO cannot become a cyber specialist".
Also
See-
http://www.domain-b.com/infotech/itnews/20150204_security.html
PPP : EC3 announces industry
partnership in fight against cyber crime
Warwick
Ashford
03
February 2015
Europol's
European Cybercrime Centre (EC3) has partnered with security and threat
intelligence firm AnubisNetworks to help fight the
global threat of cyber crime.
EC3
and AnubisNetworks will exchange expertise,
statistics and other strategic information under a memorandum of understanding
(MoU).
handshake.jpg
The
fight against the growing problem of cyber crime requires co-operation between
law enforcement and private industry, EC3 said in a statement.
The
partnership with AnubisNetworks is another step
towards such public-private partnerships and will be beneficial in operations
such as the takedown of botnets, the statement said.
EC3
head of operations Paul Gillen said his firm hopes to benefit from AnubisNetworks' insight and strong competence in the cyber
crime field.
This
will further enhance our ability to target the most active criminals behind the
development and distribution of malware and, through our member states and
partners, inflict lasting damage on these criminal networks, he said.
AnubisNeworks CEO Francisco Fonseca said his company is committed to providing
international law enforcement agencies with the tools needed to face cyber
crime head on.
By
integrating the public and private sectors, we are looking forward to
addressing the dangers of today's insecure world with data-driven resources and
our world-class expertise, he said.
City
of London Police commissioner Adrian Leppard recently
told a NEDForum summit in London the only way to deal
with cyber crime is for law enforcement to partner with industry and harden
targets.
He
said law enforcement organisations around the world are now looking to partner
with business and industry to help them to protect the global economy, because
they hold all the critical data.
It is clear that although we are getting
better at dealing with cyber crime, law enforcement with scale cyber crime
society is facing. We are never going to enforce our way out of the problem,
said Leppard.
Also
see-
BUDGET : Obama seeks $14 billion
to boost U.S. cybersecurity defenses
By Andrea Shalal
and Alina Selyukh
Reuters
Feb 2, 2015
http://www.reuters.com/article/2015/02/02/us-usa-budget-cybersecurity-idUSKBN0L61WQ20150202
US President Barack Obama's budget
proposal for the 2016 fiscal year seeks $14 billion (9 billion pounds) for cybersecurity efforts across the U.S. government to better
protect federal and private networks from hacking threats.
Federal cybersecurity
funding has steadily increased in recent years, reflecting the intensity of
threats U.S. companies and government agencies are facing from cyber intruders,
both domestic and foreign.
The budget, released on Monday, calls
for deployment of more intrusion detection and prevention capabilities, greater
sharing of data with the private sector and other countries and more funding to
beef up the government's ability to respond to attacks.
The funding would support several
specific programs, such as monitoring and diagnostics of federal computer
networks, the EINSTEIN intrusion detection and prevention system and
government-wide testing and incident-response training.
"Cyber threats targeting the
private sector, critical infrastructure and the federal government demonstrate
that no sector, network or system is immune to infiltration by those seeking to
steal commercial or government secrets and property or perpetrate malicious and
disruptive activity," the White House summary said.
It is unclear how much funding the
Republican-controlled Congress will dedicate to cybersecurity
efforts during the next fiscal year.
Among various requests,
the White House sought $227 million for construction of a Civilian Cyber Campus,
meant to spur public-private partnerships, and $160 million for information
technology and cybersecurity of the weapons program
at the Energy Department's National Nuclear Security Administration.
The Pentagon's budget
alone called for $5.5 billion in funding for cybersecurity. The agency's
chief weapons tester last month told Congress that nearly every U.S. weapons
program showed "significant vulnerabilities" to cyber attacks,
including misconfigured, unpatched
and outdated software.
Increased funding for protection of
government networks would be good news for big weapons makers like Lockheed
Martin Corp, General Dynamics CorpNorthrop Grumman
Corp and Raytheon, which already play a big role in cybersecurity,
encryption and analysis for defense and intelligence agencies.
A range of medium-sized and smaller
companies is also poised to benefit, including Science Applications
International Corp, Booz Allen Hamilton, CACI
International and Computer Sciences Corp.
In the private sector, where companies
have grown increasingly concerned in the wake of attacks on retailers, banks
and others, higher spending is likely to boost companies like Hewlett Packard,
which offers cybersecurity services.
The White House's budget for most
agencies referenced their cybersecurity efforts,
including the Department of Health and Human Services and the Office of
Personnel Management. Obama also asked for at least $28 million for the
Agriculture Department's Chief Information Officer to improve the agency's cybersecurity and $15 million for the FBI's grants,
training, and technical assistance program that helps local law enforcement
fight economic, high-technology and Internet crimes.
STOLE : Hackers stole GigaBytes of Syrian oppositions data, including battle
plans
by Pierluigi Paganini
February
02 2015
http://securityaffairs.co/wordpress/33023/cyber-crime/syrian-oppositions-hacked.html
A
report issued by FireEye revealed that hackers have
stolen GigaBytes of data from Syrian oppositions
computers, including battlefield plans.
A
recent report issued by FireEye revealed that hackers
tapped into Syrian oppositions computers and have stolen gigabytes of secret
communications and battlefield plans.
In
mid-2013, ten armed units belonging to the opposition to the Syrian Government
were planning a major operation intended to push a front forward against the
government forces. The troops of the Syrian opposition carefully laid out
their objective saving their plans electronically as pictures. The Syrian
opposition planned for a battle involving between 700 and 800 opposition
forces.
they mapped out locations
for reserve fighters, staging areas, and support personnel, settled on a field
operations area, and planned supply routes to resource their forces. They
sternly told commanders of each unit that they could make no individual
decisions without the approval of the Operations element. states the report.
The
hackers infected the machines of Syrian opposition with malware during
flirtatious Skype chats.
The
hackers targeted several exponents of the Syrian Opposition located in Syria,
including armed opposition members, humanitarian aid workers, and media
activists.
The threat actors used female Skype avatars to chat
with their targets and infect their devices with malware. She typically asked
her intended victim if he was using Skype on an Android or a computer, in a
likely attempt to send malware tailored to the device. The threat group also
maintained a seemingly pro-opposition website containing links to malicious
downloads and Facebook profiles with malicious links
as well. They conducted these operations using servers located outside of
Syria. states the report.
The
threat actors used different malware for their attacks, both widely available
and custom malicious code. As already revealed in the past by FireEye, among the tools used to exfiltrate
data from victims machines there is the popular DarkComet
RAT, a customized keylogger and a collection of tools
with different shellcode payloads.
With
this tactic, the hackers have stolen hundreds of documents and nearly 31,107
logged Skype chat sessions that included discussions of plans and logistics of
the Syrian oppositions attacks on the forces of the Syrian President Assad.
The
stolen data included:
MILITARY INFORMATION
POLITICAL INFORMATION
HUMANITARIAN ACTIVITIES AND FINANCING
REFUGEE PERSONAL INFORMATION
MEDIA AND COMMUNICATIONS
The
hackers syphoned nearly 7.7GB of material, including
64 Skype databases, 31,107 conversations, 12,356 contacts and 240,381 messages.
Laura
Galante, manager of threat intelligence at the computer
security firm, explained that the investigation on the specific case started
last year, while the experts at FireEye were
researching PDF-based malware discovered a server containing documents and
files.
Despite
the operation appeared very complex, the hackers made their resounding mistakes
or they have
them such errors intentionally to throw us off. The server that was hosting the
file was not password protected and exposed to the Internet.
The
documents discovered on the server included annotated satellite images, Skype
chats, weapons records and personal information of exponents of the Syrian
opposition. The victims were contacted by the hackers through Skype, they concealed their identity behind fake profiles of
attractive women sympathetic to their cause.
The
hackers used specific attack vector depending on the OS used by victims, in
some cases the attractive women requested to the victims to swap a photo. In
reality, the hackers sent the victims a self-extracting RAR
archive that was renamed with a .pif file
extension.
The avatar would request a photo of the target, then send a personal photo of a woman in return. The
avatars photo was actually an executable file (a self-extracting RAR archive) renamed with the .pif
file extension.3 When the victim opened the photo, a womans picture was
displayed while the SFXRAR executed and ultimately
installed the DarkComet RAT in the background. From
this point on, the victims computer was under the threat groups control
states the report.
According
to Galante, the hackers also improved the DarkComet RAT with evasion techniques in order to remain
under the radar.
Another
element that distinguished this campaign against the Syrian Opposition is the
capability of attackers to compromise Android device with a malware. Smart
phones are a privileged target for hackers that can collect a huge quantity of
data by compromising their mobile devices.
Smart phones, in general, are valuable sources of
data about individuals and their social networks, as they may contain address
books, SMS messages, email, and other data (including
data from mobile apps, such as Skype). Targeting Android may be particularly
beneficial in the case of Syrian opposition members, where regular power
blackouts in Syria may force people to rely more heavily on mobile devices for
communications. Despite the wide array of tools and techniques at their
disposal, the threat group does not appear to use software exploits to deliver
malware to their targets. Instead, they seem to rely on a variety of social
engineering techniques to trick victims into infecting themselves.
The
report confirmed that despite a small number of devices were infected,
the hackers compromised multiple accounts of people that shared the mobile
devices.
Those infected were definitely
organizers and strategists behind different battles, Galante
said. These werent just low-level guys.
Who
are the culprits?
The
report confirms that while researchers have only limited indications about the
origins of the threat actors, the investigation revealed multiple references to
Lebanon.
Just
for your information the server was shut down by the ISP hosting it shortly
after FireEyes findings.
Disaster Recovery as a Service (DRaaS)
Disaster Recovery as a Service (DRaaS)
is the replication and hosting of physical or virtual servers by a third-party
to provide failover in the event of a man-made or natural catastrophe.
Typically, DRaaS requirements and
expectations are documented in a servel-level
agreement (SLA) and the third-party vendor provides disaster recovery failover
to a cloud environment, either through a contract or pay-per-use basis. In the
event of an actual disaster, an offsite vendor will be less likely than the
enterprise itself to suffer the direct and immediate effects of that disaster,
allowing the provider to implement the DRP even in
the event of the worst-case scenario: a total or near-total shutdown of the
affected enterprise.
DRaaS
can be especially useful for small to mid-size businesses that lack the
necessary expertise to provision, configure and test an effective disaster
recovery plan. Using DRaaS also means the
organization doesn't have to invest in -- and maintain -- their own off-site DR
environment. An additional benefit is that RaaS
contracts can be flexible as the business' needs change. The downside, of
course, is that the business must trust that the DRaaS
service provider can implement the plan, in the event of a disaster, and meet
the defined recovery time and recovery point objectives.
The probability that we may
fail in the struggle ought not to deter us from the support of a cause we
believe to be just.
Abraham Lincoln
Note -