A long awaited measure to make filing of Cyber Crime Complaints easy has now been announced by the Central Government.
According to the news reports emerging, Government of India is setting up a central portal where such a complaint can be filed either by a victim or any good samaritan. (refer here)
The complaint will be registered and numbered and the jurisdictional police station would be alerted. The status of the complaint gets updated at appropriate levels so that it can be followed up.
This is a simple provision that was recommended long time back and is now seeing the light of the day. An earlier attempt was made in some states including Karnataka to introduce such a system but it remained on paper since the police establishment did not support the move. Hopefully this time it is a reality.
In the past we have discussed the indications that China is preparing for a Cyber War supremacy by various means. It is interesting to note that using the strength of cheap manufacturing, China has virtually become the hub of global IT device manufacturing. This has also given an opportunity for China to manipulate the manufacturing of Computers and Mobiles and install backdoors to enable stealing data from all the computing devices across the world.
In this connection therefore it is no surprise that a security firm now reveals that the firmware managed by a company called Shanghai Adups Technology and contained in about 700 million phones worldwide contains a backdoor which has the capability of sending full bodies of text messages, contact lists, call history with full telephone numbers and unique device identifiers including IMEI umbers and IMSE numbers. (Refer here)
It is stated that Adups firmware is used by 400 mobile operators, semiconductor vendors, and device manufacturers, covering everything from smartphones to wearables to cars and televisions.
According to the security firm Kryptowire, data transmission of text messages and call logs takes place every 72 hours, and all other personally identifiable information is sent every 24 hours and the data is sent to four servers belonging to Adups.
This enables Adups to identify specific devices and also track the activity. This provides a capability to the company to track Government officials and key business organizations where the mobile phones are being used. It also provides a capability to disable the phones for a massive denial of access attack.
At this point of time the brands that use Adups technology is not known but any device from Huwei and ZTE. (See here)
It is necessary for the world to wake up to this Cyber Intrusion and device appropriate security measures to prevent any data going out of the mobiles without the knowledge and permission of the owner of the phone. Since this is an offence in all Cyber Crime laws, a criminal case has to be filed against the company Adups and followed up internationally.
As a long term measure, Chinese IT devices should be completely eliminated from use by any critical Government or Corporate employee and probably by every body else. This requires alternate manufacturing facilities to be set up.
India should also immediately start a dialogue with the new US President in the making Mr Donald Trump how the manufacturing of mobile phones is taken out of China and shifted to India and USA.
There should be a global Cyber Security initiative in this regard that India and USA should lead to protect the Globe from the Chinese control of Cyber Space.
There is also a report that Micromax phones may also be vulnerable to this threat (See here). On the basis of this article,it should be possible for an investigation to be launched in India and the Company may be charged under Section 43 and Section 66 of ITA 2008. This should get more details of the “Computer Contaminant” and this “Micromax Virus” should be rooted out of India.
The UK based Tesco Bank recently observed suspicious transactions in around 40000 Current Accounts and had to temporarily shut down transactions in the accounts. Subsequently it was indicated that about 9000 accounts saw fraudulent withdrawals to the total extent of about UK Sterling 2.5 million (About Rs 21 crores). The average loss per account was around Rs 21000/-.
Some reports allege that over 21000 accounts have seen the fraudulent withdrawals putting the potential loss at over Rs 50 crores.
Most of the fraudulent transactions occurred overseas such as Spain and Brazil.
The exact nature of the breach is yet to be ascertained/published. However it appears to be a hacking of the Bank’s systems at some level caused by failure of internal processes including negligence of intermediary service providers. An investigation by the national crime agency s underway. We may not be surprised if this breach finally leads to some BPO located outside UK hopefully not India.
For More information: Guardian.com report
It is expected that regulators may impose a multi million pound fine. (See report) The share prices have also been adversely affected. Tesco has been offering 3% interest to the current account customers and hence provided competition to other bigger Banks. But this incident could put a brake on its business growth for some time. The general allegation is that the Bank has systematically neglected cyber security and the breach is a result of such compromise…much like the Indian Banks.
The Bank has after the incident taken steps to inform their customers through SMS and has also put up a note prominently on its website indicating the latest position.
Indian Banks often deliberately avoid notification of breaches on their website and even to RBI. For such Banks it is important to notice the response of Tesco Bank to the breach.
The complete update as available on the website is available here:
The update contains an apology, contact information, and an FAQ for further information. In contrast Indian banks fail to admit breach, refuse to refund the amount to the customer, deny their failure to notify customers individually and enter into a prolonged legal battle with the customers.
What RBI and Indian Banks should note
RBI should make a note of this incident and issue suitable instructions on “Data Breach Notification” for Indian Banks. Ofcourse we need to remind that it should not be a toothless advisory but an action oriented directive. RBI should also stop cheating the public with an issue of draft circular for public comment and going silent there after.
It is also recently found that RBI has not provided Banks with any guideline on Social Media Banking and Banks have started using Twitter and Facebook Banking on their own. Even after RBI was questioned in a RTI application, they have not taken any action to distinguish Internet Banking and Mobile Banking from the less secure Twitter and Facebook banking. This gross negligence on the part of RBI will come to haunt Mr Urjit Patel sooner than he may anticipate.
Presently the Banks are grappling with the “Note Exchange” program and in the process using “Mobile Centers” armed with “Micro ATMs”. Customers will be exposing their Banking credentials to these POS machines which could result in a new security risk.
We are not sure if Indian Banks and RBI are alert to the security issues. If the attitude of Vijaya Bank cashiers at M S Ramaiah Hospital in Bengaluru recently (Sitting in a Maruti Van with Open doors and dispensing cash instead of closing the doors and operating through the window) without any physical security, is any indication, Banks could be not even aware of the risks to which they are exposing themselves and their customers in a bid to satisfy the critical politicians of the opposition who are anyway habitual critics to be ignored.
Hope the current crisis in Indian banks pass off peacefully without a Tesco or SBI Card type of incident recurring.
In the recent DDOS attacks on OVH and DYN, the attacks were committed with redirection of terrabytes of data using botnets of video devices.
It is already known that earlier botnets of millions of computers were being created to conduct such attacks. Now it appears that in certain cases, data traffic of as little as 4Mb per second could bring down networks.
A research organization TDC has reported that a single laptop producing around 180 Mbits per second can send certain commands that can trick the firewalls of CISCO and others to bring down the network.
Security managers need to check the vulnerability in their servers and implement the corrective steps that are being recommended by the security companies.
n amendment bill has been tabled in Australia to amend the Privacy Act 1988 to prohibit conduct related to the re-identification of de-identified personal information published or released by Government entities. (See Details here)
According to the provisions of the amendment, when an agency is entrusted with de-identified information, they shall not act in any manner that the de-identified information gets re-identified.
The exception to the rule is when
(i) the act was done in connection with the performance of the agency’s functions or activities; or
(ii) the agency was required or authorised to do the act by or under an Australian law or a court/tribunal order.
(iii) the entity is a contracted service provider for a Commonwealth contract to provide services to the responsible agency; and the act was done for the purposes of meeting (directly or indirectly) an obligation under the contract.
(iv) the entity has entered into an agreement with the responsible agency to perform functions or activities on behalf of the agency; and the act was done in accordance with the agreement.
(v) the entity is an exempt entity for the purposes of this section in accordance with a determination in force and the act was done for a purpose specified in that determination in relation to the entity and in compliance with any conditions specified in the determination that apply in relation to the entity.
The penalty for the offence could be an imprisonment upto 2 years and also civil fines.
There is also a provision for “Disclosure” if re-identification is done failing which there could be civil and criminal penalties.
The amendment indicates a specific attempt to focus on prevention of re-identification and enhances the Privacy protection.
In the Indian Context a protection of this nature is implicit in the contractual agreement of the sub contractor failing which the responsibility for disclosure lies with the agency (which is recognized as an “intermediary” in the ITA 2008)
Some time back, there was a lot of discussion in India about a video in JNU in which allegations that anti India slogans were raised. There were two versions of the video one in which there were clear indications that Mr Kannaiah Kumar was involved in anti India solganeering and another in which he was present but perhaps not participating in the sologaneering. Similarly there were also static pictures of two versions of the event one accusing the organizers about putting up anti India posters and another in which it was not.
Apart from the political discussions, it was a matter of interest for Cyber Forensic people also about how a video or a picture can be doctored and how some times, no evidence can be accepted without a discerning evaluation. It is extremely important for everyone to understand that modifying a digital image or video is eminently possible and is often used to create fake pictures circulated in the social media. Some times in the heat of a charged atmosphere, such doctored pictures gets circulated and re-circulated in WhatsApp groups and Facebook posts of innocent persons leading to innocent persons being hauled up by law enforcement people. The issue of arrest of more than 50 persons in Tamil Nadu for allegedly trying to spread false rumours on facebook about the health of Jayalalitha is a case in point in our recent memory.
In the ongoing US elections where there is a bitter battle between Mrs Hillary Clinton and Mr Donald J Trump, there is a virtual social media war that is going on in the You Tube. As the mainstream media is supposed to be very much in favour of Mrs Hillary Clinton, Donald Trump camp is more dependent on the social media for its own campaign. Trump Camp is extensively using You Tube for its campaign while Twitter and Facebook are supposed to have been favouring Hillary. It is alleged that Twitter and Facebook are not showing pro-Trump discussions in the “Trending Category”.
Even You Tube was accused of blocking the “Streaming Facilities” provided to one of the Trump Sympathizers though there are many other You Tube videos that talk about Wiki Leaks and Hillary Clinton’s misdeeds. There are also plenty of videos on other associates of Hillary including President Obama, Michelle Obama, Huma Abedin, her husband Anthony Weiner and so on. All these videos have their own positive and negative influence on the electorate and therefore it is essential that the voters need to be able to identify the truthful videos from fake videos.
It is necessary for we in India to learn from what is happening here because the same strategies that are used to produce fake videos may also be used in India when it is election time here and the Indian Election Commission needs to take up a “Cyber Forensic Training” to understand how Cyber Space can be misused.
One of the recent videos that attracted my attention was the one where a Cyber Forensic aspect became apparent. We normally know that a digital image is modified by using “Photoshop” editing software which has many features which try to create morphed pictures. But when it comes to manipulating the video, it is slightly different.
In the JNU video case, it was suspected that the audio stream and the video stream was bifurcated in the video editing software and an alternate audio stream was super imposed on the video stream to create a false video. When you have two video files with the same video stream but a different audio stream, it is not easy to find out which is the original and which is the fake.
Police will find it extremely difficult to find the difference particularly when they are building up a prima facie case which leads to an intense media trial in which some Scoot and Shoot politicians specialize.
In the US Elections, there is one debate which is going on about the health condition of Ms Hillary Clinton. One observation is that the injury that she suffered several year’s back to her skull might have created a blood clot near her right ear which some times causes her to go into a “Seizure” like condition for a few moments when she is unable to control her eye ball movements. Some say that this is an early symptom of the Alzheimer’s decease that makes her physical fitness to the US President suspect.
Recently, there was one Youtube video in which when Hillary faced a barrage of questions simultaneously from a few reporters around her, she suddenly seemed to go into a fit. We all know that people who suffer from epilepsy go into a seizure when they are exposed to strobing light or even flash bulbs. It appears that Hillary may be suffering from a similar “Audio Strobing trigger for Seizure” and when a simultaneous volley of questions are hurled at her, her mind cannot process the multiple voices simultaneously an goes into a state of confusion.
While I am not a medical expert and leave the speculation about such possibility to experts in the medical field, I would like to point out to one of the videos which was recently published in Youtube which is given here below for reference and is relevant for Cyber Forensics.
What this video says is that in one of the live interviews that was shot by NBC channel, Ms Hillary Clinton appeared to go on seizure and the channel tried to edit the video so as not to present an embarassing video to the public. But it is said that they did not do the editing properly and hence the doctoring of the video is evident on close observation.
In many Crime thrillers, we have seen a CCTV video hacking method where a small footage is recorded and made to play over and over again to hide the real streaming image. This works very well to cheat surveillance cameras normally used in perimeter security of an important physical asset.
As per the discussions available with the above video, it appears that the Channel might have used a different technique using a substitute frame as “Chroma Key” to morph a few frames of the video in which Hillary might have lost her control on her eye balls. The Chroma key is a video frame which is super imposed on another video layer so as to provide an indistiguishable frame over frame effect as if something is happening in the background. If you see a news reporter reading a report while his background shows a live video of a mountain stream, you know how Chroma key works. It is a common video mixing strategy used by all TV channels.
What is special in the above video is that the chroma key is simply one of the earlier frames of the same video and I find this as an interesting morphing technique used which we as Forensic analysists need to take note so that we are not fooled by such videos if we come across. I want the law enforcement people to specially analyze this technique and how to find them quickly to check possible misuse of social media through doctored videos.
I invite forensic specialists to comment on this video and the strategy discussed with an idea of how law enforcement can detect such doctored videos.
Needless to say that producing and publishing such videos would be an offence under ITA 2008 and channels will be liable for criminal prosecution either directly or as an “Intermediary who did not practice due diligence”.
