New Cyber Crime Laws expected in US

August 04:The US Senate recently  passed legislation to modernize the nation's computer crime laws and give prosecutors more leeway in pursuing cyber crooks. The legislation would make it a felony to install spyware or keystroke-monitoring programs on 10 or more computers regardless of the amount of damage caused. Extortion of companies by publishing or releasing stolen information would now be considered a criminal activity. Details of  The Former Vice President Protection Act

Karnataka Police set to ban s_bhabhi website

August 04: After several attempts, it appears that at last Karnataka Police are set to write to CERT for blocking of the infamous s_bhabhi website. It is likely that the site owners may re-surface with another bhabhi site shortly. CERT should therefore take pro-active action in respect of any such sites that may surface now. It would not be possible for this process of persuading the police to send an official request of for banning a site to be repeated each time. CERT should therefore start acting on complaints from responsible organizations such as Naavi.org without insisting on the formalities that the request should be sent only through proper channels.

If the Governments introduces a provision that a data base of such sites to be banned  maintained by organizations such as Naavi.org or Digital Society Foundation be automatically incorporated in the "Black List" of ISPs, it would be possible to involve the public and eliminate a majority of such sites.

Related Reports: CIOL, Deccan Chronicle, mynews.in

Welcome to Cyber Crime Expert in SEBI

August 04: In an interesting development, SEBI has brought Cyber Crime investigation skills into its office by recruiting Mrs  Pradnya Sarvade, the former head of Cyber Crime Cell, Mumbai.

It may be recalled that Naavi.org has been fighting against many online broker frauds which are actually Cyber Crimes. Police are unable to appreciate the Cyber Crime ang,e to such offences and are overwhelmed by the "Fraud" or "Economic Offence" angle in determining the jurisdiction of the case. In one of its recent complaints, SEBI failed to do justice to a group of investors who had alleged that a manager of India Infoline, Mangalore had committed a fraud and cheated them of RS 20 lakhs. Naavi.org had brought this to the attention of the SEBI since the circumstances indicated that the fraud might have been committed with the forbearance on the part of the top management of the Company for unfair gains in business. However SEBI simply shifted the responsibility for resolution to NSE which could not do a professional job of reconciliation.

Hopefully this move of Mr Bhave who is considered an Investor Friendly person right from his early days in SEBI would enable investors get a fair hearing in the adjudication proceedings concerning Broker Frauds.

Now that Mrs Sarvade type of investigators are available to SEBI, they may be able to take better control of the online broker's market which is a Cyber Fraud den.

It is interesting to note that another senior officer of Mumbai Police, namely Mr Sarvade also moved out into the private sector recently. It feels good to note that hardworking  Cyber Crime specialists in the Police are finding lucrative offerings in the IT industry.

Are The Police Listening?

July 31: Naavi has already informed both the Police in Karnataka and CERT about the need to ban the infamous s_bhabhi site. However true to the expectations, neither of them seem to be interested. Now that Police have enough on their hands to chase the false e-mail leads on terrorist activities, s_bhabhi is surely not in their agenda. But let me make my point. This is as dangerous to the Indian society as the bombs that are bursting like crackers all over India.

I have received an e-mail today from one of the parents of an affected child which indicates that the boy has even been booked under Section 67 of ITA 2000 for being influenced by the site. But will the Police recognize that it is the influencer who needs to be punished more than the influenced?.. More

Smart Mobile Phones are a Security Risk

July 21: Security experts have expressed grave concern about mobile phone viruses which can attack smart phones. They say that viruses can be sent through SMS and can be used to snoop on the owner. Article in TOI : Related Article on IMEI Spoofing

Supreme Court issues notices to DGPs

July 19: It is a common grievance of the citizens that police officers in charge of Police stations play around with their powers when a citizen approaches them for filing a complaint. If the complainant is not influential or if the Police feel that the case may be difficult to solve, they tend to avoid registration of the complaint. At best they will be sympathetic to the complainant and provide him some psychological re assurance. At the worst they may drive out the complainant stating that the complaint is not maintainable. In between there would be neutral officers who will receive the complaint and eventually dispose it off through the dustbin.

Naavi.org has been for a long time fighting for the right of a complainant (in the cyber crime area) to lodge a complaint. Cases have been reported in Bangalore earlier where the police officers have thrown a copy of ITA 2000 at the complainant and challenged him to show the section under which the complaint is chargeable and intimidate them to the extent that complainants stop approaching the police station again.

It is heartening to note that the Supreme Court has now sent notices to all States to ensure that in cases that the erring officers be prosecuted and sent to jail for neglecting duty. After the new DGP has taken over in Karnataka, an effort is being made for online complaint registration through the website http://www.ksp.gov.in. But the activation of the system is awaited. We request that Karnataka Police should open this facility at the earliest and ensure that every complaint filed through the website (Both for cyber crimes and others) should be immediately acknowledged with a complaint number. A few suggestions on this system is given here in.. Details

Canadian Court Rules against QuebecTorrent.com

July 15: Quebec Superior Court Justice Pierre Tessier issued the permanent injunction closing QuebecTorrent.com on Wednesday and ordered its operator, Sébastien Brulotte, to refrain from being involved in "any technology allowing the download of any work protected by copyright.".. Details in national post.com

Karnataka Police Takes the technology leap

July 11: As expected, the advent of  Sri R.Srikumar as the DGP of Karnataka has opened up a new era in the state Police where technology will be harnessed for better Governance. The implementation of e-Governance in Karnataka police has started with the launching of the website http://www.ksp.gov.in already with some innovations. The first innovation is the opening of the "Crimestoppers.org", an effort to enlist the support of the public as the extended intelligence of the Police.

The second and the most important development for which Naavi.org had been urging for a long time is the announcement that an "Online Complaint Lodging Mechanism" would be launched shortly... More

 

Deccan Herald Liable under Section 43 of ITA 2000

July 11: Naavi.org reported on Jule 19th about the Deccan Herald (A popular news paper in Karnataka, India) website being classified as an "Attack Site" by Google. Despite this publication and having been aware, Deccan Herald has not yet secured their site and the site continues to be tagged an attack site by Google till date. (Refer Screenshots here)

We take this opportunity to highlight the necessity for all public websites to monitor such events and take necessary action as otherwise they would be liable under Section 43 (C) of ITA 2000 for paying compensation to each of the visitors who suffer damages on account of the malicious code... Details

[P.S: Deccan Herald has removed the offending picture after the notice. Naavi 14/7/08]

Missouri Defines Cyber Bullying as a Crime

July 9: The incident in Missourie where an young school student committed suicide after being be-friended as a boy and rejection, by the mother of her friend, (Lori Drew) has prompted the state to pass a new law to make harassment of this kind punishable.  The offence has been defined as

The new law penalizes those who knowingly communicate with another person who is, or who purports to be, seventeen years of age or younger and recklessly frightens, intimidates, or causes emotional distress to such other person.  Also, the new law makes it a crime "to engage, without good cause, in any other act with the purpose to frighten, intimidate, or cause emotional distress to another person, cause such person to be frightened, intimidated, or emotionally distressed, and such person's response to the act is one of a person of average sensibilities considering the person's age."

The law modifies the term "harasses" to include: "conduct directed at a specific person that serves no legitimate purpose that would cause a reasonable person to be frightened or intimidated, as well as emotionally distressed. A person need only harass a person purposely, rather than purposely and repeatedly, to commit the crime of stalking or aggravated stalking."

The law also defines a "credible threat" as "those made with the intent to cause the person who is the target to reasonably fear for his or her family's safety or family's pet's or livestock's safety, and not only his or her own safety."

The law also defines a "credible threat" as "those made with the intent to cause the person who is the target to reasonably fear for his or her family's safety or family's pet's or livestock's safety, and not only his or her own safety."   Article in ibls.com : copy of the bill

Banks are Liable for Phishing Attacks..  German Court

July 8: The views of Naavi.org regarding the liabilities of Banks for phishing as been endorsed in a decision by a German Court. A judgment of the Amtsgericht (lowest court) at Wiesloch says the banks are responsible for damages arising from unauthorized interception of confidential data (phishing).

In the recent adjudication application made at Chennai, the Bank damages have been claimed from the Bank for the reason that Bank had by virtue of several of its reckless practices contributed to the fraud. The same argument which has been stated in the case, viz, "Once it is proved that a withdrawal instruction was forged, there is no liability on the customer", has been used in the adjudication application also. This was the first occasion in India when a Bank was accused of a phishing fraud where normally the victim is dubbed as a contributory cause and denied compensation. Report in  computer weekly.com

Seechange To Partner with Cyber Law College

July 8: Seechange Consulting, Chennai, a company engaged in IT related training has tied up with Cyber Law College to market the online courses of Cyber Law College. Details are available at http://www.seechangeworld.in/cyberlaw

Google Compromises with Brazil.. Why Not with India?

July 6: Google signed an agreement with Brazilian public prosecutors on Wednesday to help combat child pornography on its social networking site Orkut. Under the agreement, Google will use filters to remove and prevent illegal content on Orkut, and will also facilitate evidence gathering under judicial order in suspected crimes against children and teen-agers on Orkut without the need for international legal accords. Google will also preserve for six months access logs of users being investigated for illegal conduct.

The arrangement is to be appreciated and we urge the Indian Government to pressurise Google to accept a similar arrangement for India.. Report in msnbc

Cyber Justice In deed!

July 5: In what should be one of the first kind of punishments, a judge in in US gave a perfect Cyber Sentence to two kids who committed an offence in physical space, filmed it and posted it in You Tube as an "Achievement". The culprits were traced using Cyber evidence trail they had left and in an interesting sentence the Judge declared that the offenders have to tender an apology which should be filmed and posted in You Tube.

What is highly appreciable in this judgment is that the Judge has realized that the offenders had an "Image" to protect in the You Tube and perhaps would not feel the pain if they are given a sentence only in physical space. The move would also teach a lesson to other such youngsters who think that achievement in life is posting of some daring (even if illegal) act on the You Tube. Detailed Article in post-gazette.com

Impersonation of Film Personalities

July 04: Filmmaker Mahesh Bhatt and actor Paresh Rawal have complained to the city police alleging that some unidentified persons are impersonating them on a social networking site. It is reported that investigations are on.

Report in Hindu

Jury Convicts Web Site Operator in P2P Case

July 2: Daniel Dove, 26, formerly of Clintwood, Virginia, faces a maximum sentence in prison for his participation in EliteTorrents.org, a Web site that specialized in releasing copyright works without authorization. EliteTorrents, which ceased operating in May 2005, used BitTorrent peer-to-peer technology to distribute pirated copies of movies, software, music and video games. A jury in U.S. District Court for the Western District of Virginia was presented with evidence that Dove was an administrator of a small group of EliteTorrents members known as "Uploaders," who were responsible for supplying pirated content to the group. Article in NYT

Techsavvy DGP in Karnataka

July 1: Karnataka will have a new DGP from today. Mr C Srikumar who is taking over as DGP/IG, is a technology wizard of a rare kind who always finds a good way to use technology. During his stint in KSPHC, he implemented e-Governance in the department to introduce e-tenders and increased the profitability of the organization. During his brief stint as acting DGP during the recent elections, he again showed his magic touch in maintaining a statewide law and order information site to report district wise incident reporting. Now Mr Srikumar will have 6 months of uninterrupted stint as DGP and it is hoped that there will be a total transformation of the Karnataka Police system.

Naavi.org has long been suggesting an online complaint registration system so that members of public can file a complaint and take a complaint registration number online.  This will eliminate the power of the local police person to use his discretion and reject registration of complaints.  Once registered, the complaint can be followed up by the system and force the relevant police officer to take up investigation and file his report either for or against registration of FIR. This will at least automate the process.

This process will reduce corruption and increase efficiency. Since all members of public may not be tech savvy to file a complaint with say digitally signed complaints, it is necessary to introduce a system where the complaint can be filed by a public spirited person on behalf of the complainant using his digital signature. In such a case, the person who assists in the complaint can be treated as an "Intermediary" under the ITA 2000 having responsibility only to identify the complainant with reference to some ID documents such as a ration card etc.

It may be noted that Srikumar as an architect of the famed Cyber Crime Police Station in Bangalore introduced an online complaint registration system with the use of Digital Signatures (or at least provided for the same) way back in 2000. However the system was promptly dismantled after his shift. We hope this time around he would take steps to ensure that the good measures that he may take  continue even after his tenure.

Naavi.org conveys its good wishes the new DGP and look forward to long felt changes which citizens of Karnataka are waiting for.

Crime ware as a Service Model

June 29: Experts are predicting that trojans that download from legitimate websites (Refer Deccan Herald incident reported here on June 19) will be a serious threat in 2008 to the Cyber world. It is reported that the Olympics in China would be used as an opportunity to distribute malicious trojans through information sites. It is also reported that Criminals have started extensive collaboration to the extent that after downloading one malicious code, the user is often redirected to another malicious website. New real time security monitoring services are therefore required for web based activities in the coming days. Report in BS

First Adjudication Application in South India filed

June 26: Chennai which had recorded the first conviction under ITA 2000 in India recorded another first under ITA 2000 today. This was the first adjudication application filed under Section 46 of ITA 2000. The application was made by an NRI customer of ICICI Bank who has alleged that a contravention of ITA 2000 has occurred resulting in an unauthorised entry into his account and withdrawal of over 6 lakhs. More  : Related Article in Deccan Chronicle

Where is ROC Karnataka in Cyber Space?

June 21: Registrar Companies is an important department of any State Government and all existing and prospective investors who would like to invest in the State would be visiting the site for information on how to start and register a new limited company in the State. In terms of the image of the State, it is therefore an important department to be nursed by the State Government.

Until some time back, the website of Registrar of Companies, Karnataka had been hosted by NIC.  ...As of date the site was not available and "page Not Found" error is being displayed. This indicates the lack of interest by the department which generally reflects the dis-interest in e-governance.

 It appears that the new Government has appointed a new Principal Secretary in charge of e-Governance who comes with a good reputation for innovation and hopefully things would improve.  More

It happens even in UK

June 21: Naavi.org has repeatedly been pointing out that Police especially in places like Bangalore are not eagerly pursuing cyber crime complaints and are turning away complainants on some pretext or the other. As a result one of Naavi's initiatives namely Cyber Crime Complaints and Resolution Assistance Center has found it difficult to meet its objective of helping Cyber Crime victims. Now it appears that the situation is no different in UK as this report suggests. Report in computeractive.co.uk

Increasing Phishing Activities in India

June 21:  Vishal Dhupar, MD, Symantec India, has in an interview to CIOL stted that  there was an 18% increase in Phishing mails during the first half of 2007 over the previous six months. He stated that 196,860 unique phishing messages worldwide were detected by the Symantec Probe Network during this period.  What is alarming is that according to the Symantec threat  report released by on April 16, 2008, India was the fourteenth ranked country worldwide that hosts Phishing websites. Mumbai ranked highest in India in terms of phishing sites with 38 percent. Following in second position in this ranking, is New Delhi with 29 percent, followed by Bangalore and Chennai with 12 percent each.

There are three reasons why Phishing proliferates in India. The first is the lack of security amongst the Banking sector. The second is the lack of will for the Cyber Crime Police to pursue the cases  and the third is the lack of action by the "adjudicators". Naavi.org has been trying to raise the awareness level amongst Bankers, Police and the adjudicator's level to ensure that quick action is taken in casesof reported phishing activities.  Report in CIOL

Cyber Scam in Ahmedabad

June 20: Chennai Police has arrested an 3rd year B Com student from Ahmedabad who is alleged to have stolen credit card information and made fraudulent purchases worth more than Rs 3 lakhs on e-bay. The incident highlights the problems created by the online hacker community sites which take pride in teaching people how to cheat online. This should be thoroughly investigated and all those persons who can be apprehended should be done so and charged. Related Article in TOI

Deccan Herald Requires Cyber Law Compliance?

June 19: Some time back, Naavi.org had reported compromise of Indian Express website where in an banner advertisement was used to divert the visitors to an alternate site. Now a more serious incident has been reported on the Deccan Herald website alleging that the site hosts at least three malicious codes. Google reported that "Of the 28 pages we tested on the site over the past 90 days, 3 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 06/18/2008, and the last time suspicious content was found on this site was on 06/17/2008".

This alert was brought out when the site was visited with the newly introduced browser Mozilla Firefox3. We thank one of our visitors Mr Sameer Ahmed Khazi for having brought this to our attention.  This brings out the usefulness of the security plug in of this new browser. See the alert screens : More

State IPR Policy in Kerala

June 18: A new chapter has been written in the history of IPR legislation with the Indian state of Kerala taking a step to announce its IPR Policy with an objective of protecting traditional knowledge such as Ayurveda against the onslaught of globalization. Report in ::Hindu Draft Policy

Computer Abuse Act Invoked Against Cyber Bullying

June 17: The Megan Meier suicide case in Missouri (US) where the 13 year old girl committed suicide after being befriended and rejected online by a 49 year old lady posing herself as a 16 year old boy has attracted attention worldwide both for its tragic implications as well as the legal aspects involved in the trial which is now on.

Now it is reported that Federal Prosecutors  in California,  have  invoked the Computer Fraud and Abuse Act of 1984, which is usually applied against hackers to punish Lori Drew.

The prosecution has argued that the servers used by MySpace, which are maintained in Los Angeles, (hence the location of the trial) were violated by Drew and her unnamed co-conspirators who used false information to set up the account and therefore broke the website's terms of service. MySpace is not a party to the prosecution, but has not reportedly  protested against the action.

Naavi.org appreciates the initiative taken by the prosecutors in this regard though many legal experts may not be in agreement with the approach of applying the Computer Abuse Act to the case of Cyber Bullying. ..More

Career Opportunities for Information Security Professionals

According to a recent survey  by ISACA,  information security managers  are experiencing significant career momentum and move up  into management ranks and acquire more business-focused responsibilities. The survey also revealed that the top five most common activities performed by information security managers in their current positions are risk management, security program management, data security, policy creation, and maintenance and regulatory compliance. Report in newswiretoday.com

It may be noted that while ISACA and other institutions focus on providing knowledge inputs to professionals in the area of Technical aspects of Information security, Naavi's Cyber Law College focuses on the Techno legal aspects of Information security which includes regulatory compliance. If a professional has to develop into a well rounded Information Security professional, he needs to learn Cyber Law and its impact on regulatory compliance. Cyber Law College is providing this critical input to the Information Security.

Pakistani Cricket Official Sacked for E-Mail Leak

June 13: In an incident reminiscent of the earlier incident in India when an email sent by the then coach Greg Chappell to the BCCI president was leaked to the press, former Pakistani Test player Saleem Altaf as Director, Special Projects was sacked on charges of leaking of his e-mail to Pakistani team manager Talat Ali, where he had criticized the Pakistani team for their performance against India in the Bangladesh tri-series. Pakistani Board officials reportedly  said the decision to sack Altaf came after the chairman ordered his telephone to be bugged and recorded some eight hours of discussions he had with various people.

From the Cyber law angle, this case refers to the publishing of one's own e-mail sent to another. This can be considered as in-discipline under the Board's rules but not an offence under law. However the "Tapping" of telephone could be considered as an offence under law.

This case reflects a tendency of some people to resort to illegal means to prove what may otherwise be a legitimate cause. In the process they end up making a bigger mistake than the accused and face an awkward situation... More

e Bay held Vicariously liable for selling Counterfeit goods

June 11: The infamous Baazee.com (Now called ebay.in) case where the CEO of Baazee.com was once arrested by Delhi Police on application of the provisions of Section 67 of Information Technology Act 2000 (ITA 2000) has been a landmark case in India for ITA 2000 observers.

In this context, the recent decision of a French Court making e-Bay liable for selling Counterfeit goods and imposing a fine is of significance. In this case eBay has been convicted of selling counterfeit goods and ordered to pay $32, 497 (Approximately Rs 1.3 million) as damages to Hermes on charges that two counterfeit Herms bags were sold on the site.

The arguments which clinched the decision included

"eBay is an active player in the transaction because not only does it offer a number of services to improve the sale, but when it does not work well enough or fast enough, they intervene with the client," "They are perfectly informed of the transactions since they take a percentage cut."

..More

Security specialists urge for Cyber Crime laws in Qatar

Nasser al-Qahtani, an official at the Economic Crimes Prevention Division of the Ministry of Interior,  Qatar speaking in the first Doha Conference on Information Security urged for separate Cyber Laws to prevent Cyber Crimes.  He explained how “there are no separate laws, but they are part of the penal code.” and  described the difficulties faced with finding sufficient evidence for prosecution, as the people who perpetrate these kinds of crimes are often very intelligent and experts at covering their tracks.

ictQATAR Regulatory Authority’s legal and regulatory manager, Meegan Webb, said that ictQATAR had been involved with the drafting of the telecommunications law, as well as the draft e-commerce law which is expected to be passed in the near future, but has no specific timeline. She also said she wants to extend current laws to be able to cover businesses operating outside Qatar, but conducting business within the country. Details at gulftimes

US Supreme Court  limits Patent Rights

June 10: Close on the heels of the interesting judgement in the Autodesk-Vernor case discussed below, another Court decision in US has tried to limit the operation of Patent rights to prevent multiple royalties being charged.

The case revolves around a long-time Supreme Court doctrine that says the sale of an invention exhausts the patent-holder's right to control how the purchaser uses it. The decision  reaffirms the patent exhaustion doctrine, which entitles consumers to use, repair, or resell patented products that they have purchased.

This principle should now start reflecting on all IPR issues as the principle "Once Sold, It is Sold". Limited or Restricted sale concepts in IPR contracts will now be difficult to be protected.

The principle upheld in the above two decisions therefore represents a turning point in the history of IPR. .. More

Software.. is Sold not Licensed.. says US Court

June 10: In a significant ruling, the District Court at Seattle has upheld the rights of a software user to re-sell the software. The company (Autodesk) contended that its products are licensed and hence the licensee cannot sell it to another person. However the Court held that since the terms of transfer did not necessitate "return" of the product to the company, the transfer cannot can called a "License" but has to be held as a "Sale". This case Autodesk Vs Vernor is bound to be a land mark case in the copyright area since  there is an unfair tendency amongst some software sellers to prohibit further disposal of software by buyers. Copy of the judgement

Ahmedabad BPO accused of Data Theft

June 09: An Ahmedabad based BPO owner, Maulik Dave, has been accused of data theft from a Florida-based company and selling them to its rival companies in the US. His company Business Bee Solutions worked for a Florida-based Company Noble Ventures Inc developing and maintaining the website of Noble Ventures. Noble ventures itself is in business of selling US Citizen's data to marketing companies.  It has been alleged that after the contract was cancelled, Mr Dave tapped and sold 85 lakh records to some US companies. Based on a complaint from the US company the local police have arrested Mr Dave and also seized his computers. The total estimated loss claimed is around Rs 1 crore. .. More

Details at TOI Related Story in BNN

Karnataka Elections Website

June 09: Karnataka has recently completed an eventful state elections. In one of the first of its kind in India, the Karnataka State police put up a very informative website under http://www.kspelections.com containing day to day report on the law and order situation across the state.  The site is now under suspension since the elections are over but the archived site is still available for the public to browse through. This is perhaps one of the standing examples of a citizen centric e-Governance initiative which should be a model for all other States. More

Rights of Police to see E-Mails and Chat Transcripts

June 09: The much publicized Arushi murder case in Noida threw up for discussion the rights and propriety of the Police going through the private Internet conversation of the murdered Arushi and making the contents public. This article in CIOL tries to discuss some aspects sorrounding such a case.   Article in CIOL

As per the opinion of Naavi, the collection of information relevant to the investigation cannot be faulted but the publication of the information particularly when the investigation was under progress was not appropriate. By doing so they might have actually hampered the investigation. Unless the police can defend their action by stating that they seeded the information in public space so as to trap the real killer, there is no justification for their action. According to Naavi remedy in this case should be sought as a "human rights violation" since it amounted to character assassination of another person, more so when the person is dead, more so when it is a young girl.  

Is Nasscom Website off Air?

June 09: The website www.nasscom.in appears to be off air at 0845 am. It is not clear if this is due to routine maintenance or hacking. It could also be due to domain name problems. We await resumption of the site. The error message received is given here. at bloggers.net

P.S: It has been reported that the problem was due to a technical glitch. The site has since been restored.

Privacy Concerns in Indian IT law

June 08: The 18th annual Computers, Freedom and Privacy (CFP) Conference was held in the United States between May 20th and 23rd and focused on Technology Policy Issues. Amongst other things discussions about the status of Indian Privacy law int he light of the Black Berry issue came for discussion. ..More

ATM Fraud at Nagpur

June 07: An employee of the Bank is reported to have committed an ATM fraud in Nagpur by tapping a customer transaction and re sending it to the machine to make it dispense cash once again. The fraud has been committed by installing an interception device directly to the electronic cable.

Though the Bank has successfully resolved this case, had the customer not perhaps complained quickly or had the fraudster removed the device before being found out, it would have been extremely difficult to prove the fraud and the loss would have perhaps been borne by the customer. Normally in such circumstances the video from CCTV would be of assistance. However some Banks do not maintain the CCTV recordings beyond 24 hours and hence it would be of no use in most of the cases where the fraud comes to light after one or two days. It is necessary for RBI to mandate that CCTV recordings are kept for a period of at least one year to assist investigations in such cases. Alternatively, the CCTV recordings can be maintained in a black box from which the storage device is changed by an agency other than the Cash changing agency at periodical intervals and archived under the digital signature of the inspecting official.  Article in ET

Cyber War threats to India

June 07: Sources from the Ministry of IT have confirmed that in the last 24 hours "Low to medium intensity Cyber Intrusions into web servers maintained by Indian Government have been reported".  As in the past, CERT has stated that this is a routine affair since everyday about 19 sites in India are hacked.

 

It is necessary however to realize that the recent attacks are not from the "Script Kiddies" who normally hack websites just for fun nor from Pakistan backed terrorists but from China which appears to be specializing in Cyber Warfare. It is high time that Indian security specialists try to develop a national Cyber Security plan to meet this emerging new threat from China.

 Related Article in dnaindia   :: Related article in ET :: A scenario from the future

Mumbai Cyber Crime Police Station to Start Soon

June 06: One of the Country's largest dedicated Cyber Crime Police stations is coming into operation  by end of June in Mumbai .
The police station, which will deal exclusively with cyber crimes, has been set up in the Bandra Kurla Complex  and will have four assistant commissioner of police rank officials, four police inspectors, four sub-inspectors, 32 assistant sub inspectors and 60 constables.

VSNL Customers.. Beware of this Phishing Mail

June 05: A mail with the subject line "UPGRADE YOUR EMAIL ACCOUNT" sent from teamgrade@gmail.com is being distribtued to vsnl e-mail account holders with the object of phishing for the password. Users may ignore the same. In the event they have already replied to the same take steps to change your password immediately. It is possible that your account may be misused for committing frauds.

The body of the mail is as follows:

"Dear valued customer,

We are currently performing maintenance for our Digital Webmail Customers. We intend upgrading our Digital Webmail  Security Server for better online services.
 
In order to ensure you do not experience service interruption,Please you must reply to this email immediately and enter your password here (********) and Check out your new  features and enhancements with your new and improved Vsnl Account,To enable us upgrade your Vsnl Account for better online services please reply to this mail.
 
Thank You For Using Vsnl Account"

AXIS Bank Phishing Mail

June 04: Naavi.org has received a report about the recent circulation of a phishing mail attacking Axis Bank customers.

The mail comes from Axis Bank <customer.service@axisbank.com> with the subject line **AXIS BANK ALERT** : Please Re-confirm Your Internet Banking

The mail reads as follows:

During our regularly scheduled account maintenance and verification procedures, we have detected a slight error in your Account billing information. This might be due to either of the following reasons:

A recent updates in our billing server ( Due to slightly problem )
2. A recent change in your personal information ( i.e. change of address).
3. An inability to accurately verify your selected option of payment due to an internal error within our processors.

Please re-confirm your Internet Banking by clicking the link below:

https://www.axisbank.co.in/BankAway/SignOn.aspx?RequestId=714870

Thanks for your advance help.

Axis Bank
Customer Service.

Note that the link provided in the mail actually links to a different site. Netizens may avoid responding to the same and in case they have responded, contact the Bank immediately to disable transactions until a new password is set.

A Woman Hacker Arrested by Chennai Police at Bangalore

June 04: It has been reported (Source: Deccan Chronicle Chennai) that the cyber crime cell of CB-CID, Tamil Nadu police,  arrested a 25-year-old woman from Bangalore for allegedly hacking into the e-mail account of a defence employee from Nilgiris and misused his contacts for financial benefit.  Police identified the arrested woman as Ritu Anderson aged 25, mother of a six-month-old child.  According to Ms S. Mallika, superintendent of police, CB-CID, the police found that the hackers had impersonated as S.D. Paul a defence store keeper from Nilgiris and had sent an e-mail to his friend in Kuwait seeking Rs 75,000.

When his Kuwait friend informed Paul about the email, the latter lodged a police complaint about the impersonation.  The CB-CID team, led by cyber cell deputy superintendent of police Balu, arrested three persons - Neville Philips (35) Peter Francis(42) and Peter Anderson (38) from Bangalore. Further investigations led them to Ritu, who was picked up  for questioning and later arrested.  “We have enough evidence to show that that Ritu was the brain behind the operation,” Ms Mallika said. Ritu, wife of another accused Peter Anderson, is a graduate with computer knowledge and had been involved in a similar case in Bangalore earlier.  Ritu after coming to know about the email id and password of the complainant decided to use it ‘to generate’ funds with the help of the other accused. The accused then sent a mail to Mr Frank D’Souza, working in Kuwait seeking Rs 75,000, from the complainant’s id.

The above incident is a typical fraud in which the e-mail of a person would be hacked and all his contacts would be sent a mail saying that he is great trouble in a foreign country..lost his passport and wallet..etc and seek immediate help in the form of some money to be sent..

Chennai Police need to be congratulated in successful investigation of the case and hopefully it will be pursued for an early conviction.

Related Article: Baby held along with hacker family

"Get Rich" Schemes under Google Name

June 03: Google Adsense is a successful business model for publishers. It enables genuine content owners to monetize their content through ads served by the Adsense servers.

However, it appears that there is a proliferation of "Get Rich" schemes that are coming up across the globe which are becoming a source of concern.... More

God Fathers of Cyber Crime

June 02: As the world recognizes the risks of Cyber Crimes, the role of Crooked Intermediaries who proliferate Cyber Crimes by providing a safe haven for criminals in the form of secure hosting services, domain name services etc needs to be assessed. These Russia's Russian Business Network is considered one of the most notorious  service providers who provide refuge to more than 50% of the global Cyber Criminals. Now it appears that a network 3322.org in China is also trying to gain a pride of place in this notorious world of Cyber Crimes. This is said to be hosting facilities for launching over 10000 malicious codes (Viruses) in the Internet. One such virus was recently identified in US where a dangerous code "Poison IVY" was found in an attachment sent in the name of Pentagon to one of their vendors.  Related Article in Business Line :

Regulators and Security specialists need to address this issue of how to check the proliferation of these "Rogue ISPs" whose sole aim is to make money at any cost. Naavi.org has recently brought to the notice of CERT-In about the existence of one such "Rogue Site" specially aimed at corrupting the young kids in India with a request to disable the operations of this site. There appears to be a need for a more concerted national initiative in this regard and we are looking forward to emergence of a "National Security Forum" in India for this purpose

BSE Fights Over Sensex URL

June 1: BSE is facing a Trademark litigation on the right to the use of the word "SENSEX". Deccan Chronicle which launched its Bangalore Edition today has reported about a similar dispute which BSE has raised against a domain name owner. Report in Deccan Chronicle

Copyright Defendants Take law Into Their Own Hands

June 1: Media Defenders a company providing anti-piracy solutions has allegedly launched a denial of service attack on revison3.com as a part of their anti piracy drive. According to Revision3 sources "Revision3 runs a tracker expressly designed to coordinate the sharing and downloading of our shows. It’s a completely legitimate business practice, similar to how ESPN puts out a guide that tells viewers how to tune into its network on DirecTV, Dish, Comcast and Time Warner, or a mall might publish a map of its stores".

According to other reports, Media Defense uses “its array of 2,000 servers and a 9GBps dedicated connection to propagate fake files and launch denial of service attacks against distributors.”

This  denial of service attack is yet another incident of how the Copyright lobby is arrogating to itself the law to hurt another without a proper legal process. The action of Media Defense is nothing different from that of a Naxalite or a Terrorist who has his own reasons to strike at another bystander. This tendency needs to be checked.

Related Article in bloggersnewsnet : Article in revision3.com

Baazee.com Case Clarification

June 1: In partial modification of the earlier report on the Baazee.com case, it is now clarified in a new report at Indlaw that the case against the corporate entity of Baazee.com continues with charges under IPC Sections 292(2) (a) [Selling] and 292 (2)(d) [Advertising] along with Section 67 of ITA 2000. Charges under Section 294 on the Company has  been dropped. However, charges on Mr Avnish Bajaj under Section 292 of IPC as an individual has been dropped. The charges under Section 67 of ITA 2000 read with Section 85 of the ITA 2000 as applicable to individuals will remain.   Report in Indlaw