IT and Cyber Security News Update from
Centre for Research and Prevention of Computer
Courtesy - Sysman Computers Private Limited, Mumbai (www.sysman.in)
Since June 2005 February 04, 2015 Issue no 1539
Tenth year of uninterrupted publication
(Click on heading above to jump to related item. Click on Top to be back here)
A bench of Justices J Chelameswar and Rohinton Fali Nariman said that under current provision a person has to suffer for a long period as there is a long time gap.A bench of Justices J Chelameswar and Rohinton Fali Nariman said that under current provision a person has to suffer for a long period as there is a long time gap.
By Amit Choudhary
4 Feb, 2015
NEW DELHI: The Supreme Court on Tuesday expressed concern over potential misuse of Section 66A of Information Technology Act which makes posting of "offensive" messages on social networking site a crime punishable with a three-year jail term saying that the term 'offensive' is "vague" and highly "subjective".
A bench of Justices J Chelameswar and Rohinton Fali Nariman said that under current provision a person has to suffer for a long period as there is a long time gap between commission of an alleged offence and when judicial mind is applied to decide whether the contents posted by him is offensive or not.
"I can give you millions of examples but take one burning issue is of conversion. If I post something in support of conversion and some people, not agreeable to my view, filed a complaint against me then what will happen to me," Justice Nariman asked additional solicitor general Tushar Mehta.
The ASG clarified that government does not wish to protect any provision which has even indirect effect on curbing freedom of speech and expression.
He said that 66A deals with cyber crime and it is not meant to violate anyone's right to free speech and under the provision no one can file complaint merely on the ground that it has caused inconvenience or annoyance to a person.
The government told the court that a committee has already been set up to look into cyber laws including the IT Act and it will suggest amendments and safeguards needed in law.
Emphasizing the need of Section 66A to deal with cyber crimes, Mehta said that recently cyber criminals had attacked the defence ministry and ministry of external affairs and some of the data were shared with two neighbouring countries one of which is not so friendly with India.
In one case a mail was sent from an email ID created on the name of Defence Service Officers Institute, New Delhi to all top brass of army officers. It was sent from a US server. The moment the mail was opened all the information on the computer got forwarded to the sender. The data so collected was shared with two neighbouring countries. Investigation in the case is still going on.
In another case an email ID was created in the name of Indian embassy in China and mails were sent to officials of MEA. It was also designed to hack information.
Mehta said that around 10,000 viruses are created by cyber criminals across the world every day and a law is needed to protect IT systems in the country.
The bench, however, said that these instances are not covered under Section 66A and they fall under Section 65 pertaining to tampering with computer source documents.
The bench also made it clear that it will not wait for suggestion or recommendation of the committee appointed by the government and will decide constitutional validity of Sec 66A.
"We can't wait for amendments and guidelines. We have to judge law as it stands now," the bench said.
The court said that police officials who handle such cases are not trained to deal with cases. "This provision is applied by SHO of a police station. Just by giving a name of cyber cell, an SHO cannot become a cyber specialist".
03 February 2015
Europol's European Cybercrime Centre (EC3) has partnered with security and threat intelligence firm AnubisNetworks to help fight the global threat of cyber crime.
EC3 and AnubisNetworks will exchange expertise, statistics and other strategic information under a memorandum of understanding (MoU).
The fight against the growing problem of cyber crime requires co-operation between law enforcement and private industry, EC3 said in a statement.
The partnership with AnubisNetworks is another step towards such public-private partnerships and will be beneficial in operations such as the takedown of botnets, the statement said.
EC3 head of operations Paul Gillen said his firm hopes to benefit from AnubisNetworks' insight and strong competence in the cyber crime field.
This will further enhance our ability to target the most active criminals behind the development and distribution of malware and, through our member states and partners, inflict lasting damage on these criminal networks, he said.
AnubisNeworks CEO Francisco Fonseca said his company is committed to providing international law enforcement agencies with the tools needed to face cyber crime head on.
By integrating the public and private sectors, we are looking forward to addressing the dangers of today's insecure world with data-driven resources and our world-class expertise, he said.
City of London Police commissioner Adrian Leppard recently told a NEDForum summit in London the only way to deal with cyber crime is for law enforcement to partner with industry and harden targets.
He said law enforcement organisations around the world are now looking to partner with business and industry to help them to protect the global economy, because they hold all the critical data.
It is clear that although we are getting better at dealing with cyber crime, law enforcement with scale cyber crime society is facing. We are never going to enforce our way out of the problem, said Leppard.
By Andrea Shalal and Alina Selyukh
Feb 2, 2015
US President Barack Obama's budget proposal for the 2016 fiscal year seeks $14 billion (9 billion pounds) for cybersecurity efforts across the U.S. government to better protect federal and private networks from hacking threats.
Federal cybersecurity funding has steadily increased in recent years, reflecting the intensity of threats U.S. companies and government agencies are facing from cyber intruders, both domestic and foreign.
The budget, released on Monday, calls for deployment of more intrusion detection and prevention capabilities, greater sharing of data with the private sector and other countries and more funding to beef up the government's ability to respond to attacks.
The funding would support several specific programs, such as monitoring and diagnostics of federal computer networks, the EINSTEIN intrusion detection and prevention system and government-wide testing and incident-response training.
"Cyber threats targeting the private sector, critical infrastructure and the federal government demonstrate that no sector, network or system is immune to infiltration by those seeking to steal commercial or government secrets and property or perpetrate malicious and disruptive activity," the White House summary said.
It is unclear how much funding the Republican-controlled Congress will dedicate to cybersecurity efforts during the next fiscal year.
Among various requests, the White House sought $227 million for construction of a Civilian Cyber Campus, meant to spur public-private partnerships, and $160 million for information technology and cybersecurity of the weapons program at the Energy Department's National Nuclear Security Administration.
The Pentagon's budget alone called for $5.5 billion in funding for cybersecurity. The agency's chief weapons tester last month told Congress that nearly every U.S. weapons program showed "significant vulnerabilities" to cyber attacks, including misconfigured, unpatched and outdated software.
Increased funding for protection of government networks would be good news for big weapons makers like Lockheed Martin Corp, General Dynamics CorpNorthrop Grumman Corp and Raytheon, which already play a big role in cybersecurity, encryption and analysis for defense and intelligence agencies.
A range of medium-sized and smaller companies is also poised to benefit, including Science Applications International Corp, Booz Allen Hamilton, CACI International and Computer Sciences Corp.
In the private sector, where companies have grown increasingly concerned in the wake of attacks on retailers, banks and others, higher spending is likely to boost companies like Hewlett Packard, which offers cybersecurity services.
The White House's budget for most agencies referenced their cybersecurity efforts, including the Department of Health and Human Services and the Office of Personnel Management. Obama also asked for at least $28 million for the Agriculture Department's Chief Information Officer to improve the agency's cybersecurity and $15 million for the FBI's grants, training, and technical assistance program that helps local law enforcement fight economic, high-technology and Internet crimes.
by Pierluigi Paganini
February 02 2015
A report issued by FireEye revealed that hackers have stolen GigaBytes of data from Syrian oppositions computers, including battlefield plans.
A recent report issued by FireEye revealed that hackers tapped into Syrian oppositions computers and have stolen gigabytes of secret communications and battlefield plans.
In mid-2013, ten armed units belonging to the opposition to the Syrian Government were planning a major operation intended to push a front forward against the government forces. The troops of the Syrian opposition carefully laid out their objective saving their plans electronically as pictures. The Syrian opposition planned for a battle involving between 700 and 800 opposition forces.
they mapped out locations for reserve fighters, staging areas, and support personnel, settled on a field operations area, and planned supply routes to resource their forces. They sternly told commanders of each unit that they could make no individual decisions without the approval of the Operations element. states the report.
The hackers infected the machines of Syrian opposition with malware during flirtatious Skype chats.
The hackers targeted several exponents of the Syrian Opposition located in Syria, including armed opposition members, humanitarian aid workers, and media activists.
The threat actors used female Skype avatars to chat with their targets and infect their devices with malware. She typically asked her intended victim if he was using Skype on an Android or a computer, in a likely attempt to send malware tailored to the device. The threat group also maintained a seemingly pro-opposition website containing links to malicious downloads and Facebook profiles with malicious links as well. They conducted these operations using servers located outside of Syria. states the report.
The threat actors used different malware for their attacks, both widely available and custom malicious code. As already revealed in the past by FireEye, among the tools used to exfiltrate data from victims machines there is the popular DarkComet RAT, a customized keylogger and a collection of tools with different shellcode payloads.
With this tactic, the hackers have stolen hundreds of documents and nearly 31,107 logged Skype chat sessions that included discussions of plans and logistics of the Syrian oppositions attacks on the forces of the Syrian President Assad.
The stolen data included:
HUMANITARIAN ACTIVITIES AND FINANCING
REFUGEE PERSONAL INFORMATION
MEDIA AND COMMUNICATIONS
The hackers syphoned nearly 7.7GB of material, including 64 Skype databases, 31,107 conversations, 12,356 contacts and 240,381 messages.
Laura Galante, manager of threat intelligence at the computer security firm, explained that the investigation on the specific case started last year, while the experts at FireEye were researching PDF-based malware discovered a server containing documents and files.
Despite the operation appeared very complex, the hackers made their resounding mistakes or they have them such errors intentionally to throw us off. The server that was hosting the file was not password protected and exposed to the Internet.
The documents discovered on the server included annotated satellite images, Skype chats, weapons records and personal information of exponents of the Syrian opposition. The victims were contacted by the hackers through Skype, they concealed their identity behind fake profiles of attractive women sympathetic to their cause.
The hackers used specific attack vector depending on the OS used by victims, in some cases the attractive women requested to the victims to swap a photo. In reality, the hackers sent the victims a self-extracting RAR archive that was renamed with a .pif file extension.
The avatar would request a photo of the target, then send a personal photo of a woman in return. The avatars photo was actually an executable file (a self-extracting RAR archive) renamed with the .pif file extension.3 When the victim opened the photo, a womans picture was displayed while the SFXRAR executed and ultimately installed the DarkComet RAT in the background. From this point on, the victims computer was under the threat groups control states the report.
According to Galante, the hackers also improved the DarkComet RAT with evasion techniques in order to remain under the radar.
Another element that distinguished this campaign against the Syrian Opposition is the capability of attackers to compromise Android device with a malware. Smart phones are a privileged target for hackers that can collect a huge quantity of data by compromising their mobile devices.
Smart phones, in general, are valuable sources of data about individuals and their social networks, as they may contain address books, SMS messages, email, and other data (including data from mobile apps, such as Skype). Targeting Android may be particularly beneficial in the case of Syrian opposition members, where regular power blackouts in Syria may force people to rely more heavily on mobile devices for communications. Despite the wide array of tools and techniques at their disposal, the threat group does not appear to use software exploits to deliver malware to their targets. Instead, they seem to rely on a variety of social engineering techniques to trick victims into infecting themselves.
The report confirmed that despite a small number of devices were infected, the hackers compromised multiple accounts of people that shared the mobile devices.
Those infected were definitely organizers and strategists behind different battles, Galante said. These werent just low-level guys.
Who are the culprits?
The report confirms that while researchers have only limited indications about the origins of the threat actors, the investigation revealed multiple references to Lebanon.
Just for your information the server was shut down by the ISP hosting it shortly after FireEyes findings.
Disaster Recovery as a Service (DRaaS)
Disaster Recovery as a Service (DRaaS) is the replication and hosting of physical or virtual servers by a third-party to provide failover in the event of a man-made or natural catastrophe.
Typically, DRaaS requirements and expectations are documented in a servel-level agreement (SLA) and the third-party vendor provides disaster recovery failover to a cloud environment, either through a contract or pay-per-use basis. In the event of an actual disaster, an offsite vendor will be less likely than the enterprise itself to suffer the direct and immediate effects of that disaster, allowing the provider to implement the DRP even in the event of the worst-case scenario: a total or near-total shutdown of the affected enterprise.
DRaaS can be especially useful for small to mid-size businesses that lack the necessary expertise to provision, configure and test an effective disaster recovery plan. Using DRaaS also means the organization doesn't have to invest in -- and maintain -- their own off-site DR environment. An additional benefit is that RaaS contracts can be flexible as the business' needs change. The downside, of course, is that the business must trust that the DRaaS service provider can implement the plan, in the event of a disaster, and meet the defined recovery time and recovery point objectives.
The probability that we may fail in the struggle ought not to deter us from the support of a cause we believe to be just.