Hacking of G Mail passwords

Recently, it was reported in the media that more than 4.93 million gmail account passwords are hacked and released through torrrent. There was also a website which provided a verification of whether a particular email address was included in this dump or not.

Subsequently it was also reported that Google had advised the affected account holders to change the passwords leading to a speculation that the Google had admitted the hacking of its resources.

It has been subsequently been explained by independent security professionals that Google stores the passwords only in encrypted form and hence even if there appears to be a compromise of a gmail password it might not have occurred through hacking of a Google server and could have possibly occured through other websites where users might have used the gmail account credentials along with a password which might be the same as what they use for the google accounts.

Related News 1

Related news 2

It was also interesting to note that there was a separate news that the terrorist organizations  ISIS is trying to establish a domination in the Cyber Space and develop Cyber war capabilities in the name of  “Cyber Caliphate”.

Cyber Caliphate news


Share Button
Print Friendly

Android Users face attack through Facebook

A malware called iBanking is said to be targetting Android users through Facebook. The malware is spread through the computer to the mobile and is capable of intercepting the two factor authentication of Banks. It can send false SMS, intercept incoming SMS and also record voice calls etc.

Details : http://www.securityweek.com/attackers-use-facebook-target-android-users



Share Button
Print Friendly

Heart bleed virus

Users of Internet are being warned about the “heart bleed virus” (Exploitation of an unpatched bug in the Open SSL algorithm) which has the capacity to steal the passwords from your Bank accounts as well as email accounts, Facebook etc.

This virus affects sites which use the open SSL communication with a “https” connection and exploits a vulnerability in the protocol.

More information about the virus and its impact can be found here: http://www.darpanmagazine.com/news/tech/what-is-heart-bleed-bug-and-how-to-dodge-it/

I would like readers to check this site for taking some precautions: http://www.techloon.com/7-things-you-should-do-to-stay-safe-from-heart-bleed-bug/

The seriousness of the issue can be gauged by the fact that the experts are suggesting keeping off internet until a solution is available.

You can check if the sites you frequently visit has the heart bleed vulnerability through this test site.


Mobile users on Android application can consider downloading this app for security scanning

: https://play.google.com/store/apps/details?id=com.lookout.heartbleeddetector


Share Button
Print Friendly

Year 2013 in retrospect

The year 2013 ended with an intense debate on Bitcoins the virtual currency system that caused lot of ripples in the market. over the last one month, Naavi.org has been full of discussions on Bitcoin to the extent that discussions on other aspects of Cyber Law actually receded to the background.

However if we try to trace the developments on Cyber Law in India during the last year, the following points emerge.

1. Debate on Section 66A:

The controversy on Sec 66A continued during the year ending with a direction from the ministry of communications and information technology that no arrests should be made without the permission of higher officials in the department. Though the reference in the Supreme Court on the constitutional validity of Section 66A is still pending, there has not been any adverse news about the misuse of Section 66A.

2. Karnataka as Cyber Crime Haven

Another issue that on which lot of activity took place but remained unresolved through out the year was the status of Cyber Judiciary in Karnataka. After the December 27, 2011 when the then adjudicator gave out a judicial verdict holding that a “Company” can either be the complainant or an accused under Section 43 of ITA 2000/8, the undersigned has been fighting to get the order reversed. Though the next IT Secretary briefly reopened the case, Axis Bank managed to silence him with a vacation judge’s order of the Karnataka High Court. The Cyber Appellate Tribunal has registered the appeal but has no chair person to conduct proceedings since our Ministry in the center is not interested in appointing anybody but a chosen person who is not acceptable to the Chief justice of India. The Chief Ministers of the State are not concerned that the net effect of this development is that a cyber criminal cannot be prosecuted in Karnataka for most of the violations. Recently a writ has been filed by an advocate in Karnataka High Court to resolve the issue. Probably we may find a solution one way or the other for this imbroglio  in 2014.

In comparison, the Maharashtra adjudicator Mr Rajesh Agarwal was very active through out the year and decided on scores of cases.

3. Frauds on Exporters and  Importers

During the year the Exporters and Importers in India were specifically targetted with an e-mail based attack where the money due to be paid out to a designated business contact abroad or receivable from such a business contact was diverted to fraudster’s accounts. The amounts involved were huge and in most cases the losses have not been recovered since the fraudster is abroad.

4. E Banking Safety

Naavi continued his efforts on campaigning for better safety of E Banking and conducted workshops at RBI as well as some Banks.  During the year RBI also announced the possibility of new Banking licenses to be announced and Naavi has been bringing to the attention of RBI that the technology dependence of Banks is on the increase and it is time to make Cyber Crime Insurance mandatory at least for the new banking licencees.

During the year RBI also tried to issue new regulations which would Dis-Incentivize” the use of cheques and force public to resort to E Banking. Naavi conducted an intense campaign against the proposal which subsequently did not see the light of the day during the year. Hopefully the proposal has been dropped.

5. Bitcoins

Finally during the end of the year the Global Bitcoin conference that was held in Bangalore on December 15 2013 focussed the attention of the entire country on the phenomenon of Cryptocoins. However the publicity attracted adverse attention of the regulators and Enforcement Directorate and Income Tax authorities raided a number of Bitcoin operators in Ahmedabad and Tumkur and launched some enquiries. The full impact of this development will pay out in the next year and may have a huge impact on the Netizens.

The above is just a glimpse of some of the developments and I invite those who are interested to know the details to explore the site further.

In the meantime Naavi.org wishes all its readers a Happy and prosperous New Year.


Share Button
Print Friendly

More Credit Card frauds in store

Recently a fraud of Rs 63 lakhs involving  gross negligence by Bank employees not ruling out their involvement. It is said that the Bank believed that the customer had a sore throat and executed large transactions including closing of FDs and remitting the amount to other accounts based on e-mail requests which were obviously not digitally signed.

See report

This incident indicated how current day Bankers have no idea of their responsibilities to the customers. It is as if a bunch of data entry operators have been designated as “Bankers” not withstanding some of them having MBA qualifications. They think that the entire banking is just punching some keys on the computer. For those of us who have undergone a rigorous training in Banking both on procedures and law, the current situation is completely unacceptable. This is not merely negligence but “Recklessness” for which they alone should be held liable.

Close on the heels of this Banker’s negligence comes a report about how many credit card/debit card accepting merchant establishments are reacting to the latest RBI guidelines that all POS systems should be able to accept the Pin entry for authenticating card payments. Many Banks have made ATM PINs also PINs for debit cards and hence the customers are using one single PIN with which they can pay with debit cards as well as withdraw money from ATMs.

Now it is reported that  many establishments are continuing to keep the POS in the cashier’s counters and asking customers to write the PIN on the back of the bill so that the card entry can be completed by the cashier without the customer needing to move to the counter. Some are asking the PIN orally so that the cashier can enter the PIN in the POS kept some where not easily reachable by the customer.

Any ordinary person should realize that if PINs are being revealed to everyone then any fraudster can easily clone the card, use the PIN and empty the Bank accounts within minutes.

It is clear from the report which comes from Pune but may be happening elsewhere that merchant establishments are expressing their ignorance on the risks. If this is not corrected immediately, we will be seeing that hundreds of card frauds would be happening in the coming days.

Merchant establishments which want to serve their customers at their table have to use WIFI enabled POS systems. Otherwise customers have to be called to the counter and provided with facility to confidentially enter the PIN. If this does not happen, then customers have to be indemnified by the Banks and the Merchant establishments.


Share Button
Print Friendly

Bitcoin Regulation.. Where should the focus be?

We have been watching Bitcoin exchange rates growing exponentially at MtGox attracting the attention of regulators both from the point of view of the possible effect on the monetary controls of the Sovereign States and loss of Tax revenue besides the money laundering.

Regulators should also recognize another aspect of the market that could be a cause of worry. That is the growing number of Bitcoin clones in the market. A few days back only 9 bitcoin clones were visible. Yesterday the report was about 53 clones. Today the number of Bitcoin clones appear to have grown to about 142 as this report suggests. (Complete Directory of Crypto Coins)

Since Bitcoin protocol is an open source protocol, we can expect more Crypto currencies to emerge as we go on. In fact many of the “Reward Schemes” operated in the markets can overnight convert themselves into crypto currencies and provide a capital appreciation prospect to the reward points.

Regulators now have to therefore worry not only on Bitcoins, but on all other Crypto Currencies and the dynamics of the issue is is changing so fast that it is difficult for regulators to keep watching any more.

Let’s us now look at some of the major concerns of the regulators.

1. Use of Bitcoins (and all other Crypto currencies) for criminal activities:

Cyber Crimes is an important concern of the community. Today, the Cyber Crime related money laundering transactions is said to be bigger than Drug related transactions. There is therefore a legitimate concern that any system that assists in holding of assets in anonymous and liquid form, movable across the globe in minutes (like BTC) is an obvious choice of the crime mafia.

However the real concern of the society on Cyber Crimes is when money from the physical society is stolen via the Internet. Infact, if a virtual asset of one Netizen is stolen  or lost, the physical society would not be much bothered.  It is only when a person loses his Rupee or dollar balances in his Bank account that the physical society is really concerned.

Hence If Bitcoins are lost by a holder, it is only some body elese in the Bitcoin community who may be bothered and not the physical society regulators.

If the crime syndicate wants to use Bitcoins as the currency for rewarding crimes, they still need to transfer their crime income in Dollars or Rupees to BTCs and vice versa. The concern should therefore be about the “Conversion Point”.

IOW, BTC is not a threat to the society but it is only the convertibility of physical currency to BTC and vice versa which is a matter of concern to the physical society. 

2. Taxing of the Revenue

Governments everywhere are interested in “Taxing” the population and appropriating their wealth so that the Governance can be financed. Whenever they see people making profits in business, they therefore think of how to tax them. If they feel that the profits are earned relatively easily then the urge to tax on a higher tax bracket is more.

Currently the regulators can understand the part of the Bitcoin business which involves buying and selling of BTCs. This is no different from stock market or property transactions. Investors will make either trading profit or loss in the short term or long term. As long as such profits or losses are realized in local currency terms, they can be brought under tax net.

When the stocks remain in BTC form, the regulators need to arrive at a valuation scheme and they may either take the value as prevailing in MtGox or have a system of weighted valuation across a few top Exchanges.

Regulators will however have some difficulty on understanding the nature of wealth creation that occurs in the “Mining Activity”. The value created in the mining activity accumulates in bitcoin wallets which are difficult to trace and it is only when a person declares his holding will the IRS/IT department come to know of the existence of the BTC wealth of the citizen.

However once declared by the miner, it is possible for the tax authorities to value it in terms of the exchange rates and consider it as a property.

The cost of acquisition of the BTC is however not easy to ascertain. The cost of hardware and electricity as well as any other fees paid need to be taken into account just as in any other business. However there is a reasonable way of estimating this based on the calculators that are available. Some uncertainty may still be there when miners adopt innovative strategies to cool the processors and thereby save electricity.

However it would not be difficult for the tax officials to agree upon a cost declaration and allow it as a deduction from the value of the coins created and also agree to tax the holdings on the basis of holdings or on conversion to physical society currency at some point of time in the future.

They may also introduce a condition that unless the costs are declared during the year of operation, they will not be allowed as a deduction on sale in the subsequent years.

Hence taxing of BTC related operations is well withing the grasp of the regulators and can be easily managed.

3. Impact on the Economy

There is one more concern among regulators about whether holding of monetary assets by people as a parallel currency affect the money circulation in the economy and affect monetary policies such as interest rates etc.

This is unfounded since at present the vale of BTC wealth is too small in comparison with the physical currencies floating around.

Even when the BTC holding in an economy goes upto a significant level of say 10 to 20%, what it means is that there would be some “pseudo wealthy persons” in the society who can feel proud that they are millionaires. But their status would be like some property owners who may be sitting on prime property but may not have cash to meet their wealth tax obligations itself.

The wealth has value only when converted into domestic currency and when BTC is sold and coverted to local currency. The wealth then becomes part of the local currency and neither causes inflation or deflation on its own.

I therefore consider that the regulators need not have any worry about the adverse effect of BTC on the economy.

However, I  concede and strongly contend that there is a need to ensure that BTCs are not used as the currency of the Cyber Crime underworld or as the Currency of the criminals for laundering their crime money or for politicians to hoard their ill gotten wealth in BTCs instead of Swiss Banks.

In order to achieve this objective there is a need to regulate the “Exchanges”.  It is necessary for the Governments to ensure that conversion of BTC (Or any other Crypto Currency) to legacy currency of the land or vice versa has to be through a regulated process.

This means that the exchanges have to be “Authorized” and there has to be a proper “Record Keeping including an effective Know Your Customer norm” and “Record Submission to authorities”.

I suggest regulators to start thinking in this direction but otherwise let the crypto currency system to thrive on its own steam.

In fact if more Indians can start BTC mining, then ISPs would be happy with the higher bandwidth usage. Power sellers would be happy with higher capacity utilization ( I assume that power shortage is not an issue at the place of mining). IT hardware industry would be happy since it creates a market for more computers and specialized mining equipments. (Hope this would give a fillip to  computer hardware industry in India!).

More mining in India means more global wealth flow to India and more tax collection by the authorities.

Hope RBI is watching the developments in the right perspective.

There could be a concern however for the environmentalists and those who would like conservation of resources and prioritizing productive uses. The debate could be whether the amount of computing power that is getting diverted into BTC activity is worth the effort. (See the report here). May be this is left to a later point of time when the activity is more significant.


Share Button
Print Friendly