Monday, November 23, 2009


The Kerala Police Cyber Cell arrested two youths on charges of circulating an e-mail, which contained a picture of a palatial mansion, wrongly attributed to CPM Politburo member and State Secretary Mr. Pinarayi Vijayan. The arrested were Manoj, employed in Nigeria is on leave and now in Kerala and Karthik, a student. They were booked under Section 66 (A) of the I T Act 2008, which said sending offensive messages through electronic means was punishable. This is the first ever case registered in Kerala under the amended Information Technology Act. Now the Kerala Police Cyber Cell is trying to find out the source of the mail. The duo were arrested on charges of forwarding the mail after adding some captions and forwarded to nearly 3 lakhs addresses. These arrests would send a strong message to all those who forward spontaneously malevolent e-mails to others, said Cyber Cell DySP.

Courtsey : The Indian Express daily dated 23rd November 2009

Thursday, November 19, 2009

Salami Attacks

An attack on a computer network which involves the intruder siphoning off small amounts of money from a file and placing them in another file that he or she can access; for example, a file that holds their bank account details. A typical salami attack would add a small amount to a debit that the account holder would not check, such as a debit that represented a service charge. This small increase in debit (often a few pence or a few cents) would then be credited to the perpetrator's bank account. An unsophisticated banking system, which just checked that debits and credits matched, would be unable to detect this type of fraud. The name ‘salami attack’ comes from the fact that salami is cut into very thin slices. It is also known as salami shaving.

Cyber Arms Race

A report published in the Times of India daily, New Delhi edition on 19/11/2009 says many countries are already in cyber arms race. The news follows:

Warning of a cyber arms race, a leading security firm said that China, France, Israel, Russia and the United States were among countries that have developed "cyber weapons". Several nations around the world are actively engaged in cyberwar-like preparations and attacks. Today the weapons are not nuclear, but virtual, and everyone must adapt to these threats.
The California based McAfee, in its fifth annual Virtual Criminology Report, said China, France, Israel, Russia and the United States have developed advanced offensive cyber capabilities. Cyber attacks with political objectives were on the rise and the critical infrastructure was vulnerable, in part because of its reliance on the Internet.

Wednesday, November 18, 2009


We are all familiar with phishing in cyber crime scenario. But what is vishing? It is nothing but another method of cyber crime technique to gather personal information also known as voice phishing. Vishing is tha act of leveraging a new technology called VoIP or Voice over Internet Protocol in using the telephone system to falsely claim to be a legitimate enterprise in an attempt to scam users into disclosing personal information. Government organisations, financial institutions etc. can be targets of Vishing.

Tuesday, November 17, 2009

Future of email in question????

The Times of India today published an article which clearly describes the future of email is in trouble. The gist of the report is given below.

With more and more teenagers switching to instant messaging and social networking sites for speedy communication, email could be extinct within a decade, says a new report. Although inboxes are still filling up daily all over the world, experts believe emails are dying out because they are too slow, too inconvenient and simply not fashionable any more.

The study conducted by TalkTalk in Britain found only 51% of the Britons in their teens or early twenties using email as their first means of communication. Experts reckons people prefer the "one and done" style of message, which is where a short message can be sent to all contacts at the same time. The study also reveals that email has already become "grey mail" with the most devoted users are middle aged or old aged. 98% of people in the age group of 65 or more and 96% of those aged 45-64 are regularly using email as their mode of communication in Briton.

Thursday, November 12, 2009

What is a GPS? How does it work?

The Global Positioning System (GPS) tells you where you are on Earth. It's eleven o'clock ... do you know where your kids are? Would you like to? One way to track them would be to have a GPS receiver installed in the car! The GPS, or Global Positioning System, is one of the hottest technologies around, and no wonder. Consider these diverse uses:
Minnesota scientists use GPS to study movements and feeding habits of deer.
Surveyors used GPS to measure how the buildings shifted after the bombing in Oklahoma City .
GPS help settle property disputes between land owners.
Marine archaeologists use GPS to guide research vessels hunting for shipwrecks.
GPS data has revealed that Mt. Everest is getting taller!

GPS answers five questions simultaneously:
"Where am I?"
"Where am I going?"
"Where are you?"
"What's the best way to get there?
"When will I get there?"
GPS is the only system today that can show your exact position on the Earth anytime, in any weather, no matter where you are!

Development:Like so many other high-tech developments, GPS was designed by the U. S. military. The concept started in the late '60s but the first satellite wasn't launched until February 1978. In 1989 the Magellan Corp. introduced the first hand-held GPS receiver. In 1992 GPS was used in Operation Desert Storm. On March 1996 the President decided to make GPS free for civilian users.

System Description:GPS has three 'segments':
The space segment now consists of 28 satellites, each in its own orbit about 11,000 nautical miles above the Earth.
The user segment consists of receivers, which you can hold in your hand or mount in your car.
The control segment consists of ground stations (five of them, located around the world) that make sure the satellites are working properly.
Civilian Use: At first, the military did not want to let civilians use GPS, fearing that smugglers, terrorists, or hostile forces would use it. Finally, bowing to pressure from the companies that built the equipment, The Defense Department made GPS available for non-military purposes, with some restrictions. On May 1, 2000, President Clinton lifted the restrictions, and announced that the option to degrade civil GPS signals during emergencies would be phased out by 2010. The federal government is committed to providing GPS technology for peaceful uses on a worldwide basis, free of charge.

Wednesday, October 21, 2009

Cyber Stalking

The term cyber stalking refers to the use of the Internet, e-mail, or other electronic communications devices to stalk another person. Stalking generally involves harassing or threatening behavior that an individual engages in repeatedly, such as following a person, appearing at a person’s home or place of business, making harassing phone calls, leaving written messages or objects, or vandalizing a person’s property.
Cyber Stalking can be defined as the repeated acts harassment or threatening behavior of the cyber criminal towards the victim by using internet services. Both kind of Stalkers Online & Offline – have desire to control the victims life. Majority of the stalkers are the dejected lovers or ex-lovers, who then want to harass the victim because they failed to satisfy their secret desires. Most of the stalkers are men and victim female.
They operate in different ways such as :
a. Collect all personal information about the victim such as name, family background, Telephone Numbers of residence and work place, daily routine of the victim, address of residence and place of work, date of birth etc.
b. The stalker may post this information on any website related to sex-services or dating services, posing as if the victim is posting this information and invite the people to call the victim on her telephone numbers to have sexual services.
c. People of all kind from nook and corner of the World, who come across this information, start calling the victim at her residence and/or work place, asking for sexual services or relationships.
d. Some stalkers subscribe the e-mail account of the victim to innumerable pornographic and sex sites, because of which victim starts receiving such kind of unsolicited e-mails.
e. Some stalkers keep on sending repeated e-mails asking for various kinds of favors or threaten the victim.

Wednesday, June 17, 2009

Social Engineering

Social engineering is the act of manipulating people into performing actions or divulging
confidential information. While similar to a confidence trick or simple fraud, the term typically
applies to trickery or deception for the purpose of information gathering, fraud, or computer
system access; in most cases the attacker never comes face-to-face with the victim.
The basic goals of social engineering are the same as hacking in general: to gain unauthorized
access to systems or information in order to commit fraud, network intrusion, industrial
espionage, identity theft, or simply to disrupt the system or network. Typical targets include
telephone companies and answering services, big-name corporations and financial institutions,
military and government agencies, and hospitals. The Internet boom had its share of industrial
engineering attacks in start-ups as well, but attacks generally focus on larger entities. As for why organizations are targeted through social engineering – well, it’s often an easier way
to gain illicit access than are many forms of technical hacking. Even for technical people, it’s
often much simpler to just pick up the phone and ask someone for his password. And most
often, that’s just what a hacker will do.
Social engineering attacks take place on two levels: the physical and the psychological. First,
we'll focus on the physical setting for these attacks: the workplace, the phone, your trash, and
even on-line. In the workplace, the hacker can simply walk in the door, like in the movies, and
pretend to be a maintenance worker or consultant who has access to the organization. Then
the intruder struts through the office until he or she finds a few passwords lying around and
emerges from the building with ample information to exploit the network from home later that
night. Another technique to gain authentication information is to just stand there and watch an
oblivious employee type in his password.
The most prevalent type of social engineering attack is conducted by phone. A hacker will call
up and imitate someone in a position of authority or relevance and gradually pull information
out of the user. Help desks are particularly prone to this type of attack.Help desks are particularly vulnerable because they are in place specifically to help, a fact
that may be exploited by people who are trying to gain illicit information. Help desk employees
are trained to be friendly and give out information, so this is a gold mine for social engineering.
Most help desk employees are minimally educated in the area of security and get paid
peanuts, so they tend to just answer questions and go on to the next phone call. This can
create a huge security hole.
A variation on the phone theme is the pay phone or ATM. Hackers really do shoulder surf and
obtain credit card numbers and PINs this way. People always stand around phone booths at
airports, so this is a place to be extra cautious. Dumpster diving, also known as trashing, is another popular method of social engineering. A
huge amount of information can be collected through company dumpsters.The Internet is fertile ground for social engineers looking to harvest passwords. The primary
weakness is that many users often repeat the use of one simple password on every account.
So once the hacker has one password, he or she can
probably get into multiple accounts. One way in which hackers have been known to obtain this
kind of password is through an on-line form: they can send out some sort of sweepstakes
information and ask the user to put in a name and password. These forms can
be sent by e-mail .
Another way hackers may obtain information on-line is by pretending to be the network
administrator, sending e-mail through the network and asking for a user’s password. This type
of social engineering attack doesn’t generally work, because users are generally more aware
of hackers when online, but it is something of which to take note. Furthermore, pop-up windows
can be installed by hackers to look like part of the network and request that the user reenter
his username and password to fix some sort of problem. At this point in time, most users
should know not to send passwords in clear text , but it never hurts to have an
occasional reminder of this simple security measure from the System Administrator. Even
better, system administrators might want to warn their users against disclosing their passwords in any fashion other than a face-to-face conversation with a staff member who is known to be
authorized and trusted.
E-mail can also be used for more direct means of gaining access to a system. For instance,
mail attachments sent from someone of authenticity can carry viruses, worms and Trojan
A final, more advanced method of gaining illicit information is known as “reverse social
engineering”. This is when the hacker creates a persona that appears to be in a position of
authority so that employees will ask him for information, rather than the other way around. If
researched, planned and executed well, reverse social engineering attacks may offer the
hacker an even better chance of obtaining valuable data from the employees; however, this
requires a great deal of preparation, research, and pre-hacking to pull off.

Always remember , prevention is better tan cure. Once your personal information has gone then remember there is no cure!

Tuesday, June 16, 2009

Beware of Mobile Phone Cloning!!!!

Mobile phones have become a major part of our everyday life. On the one hand, India’s mobile phone market has grown rapidly in the last few years on the back of falling phone tariffs and handset prices, making it one of the fastest growing markets globally. On the other the number of mobile phone subscribers is exceeding that of fixed-line users. The mobile phone subscriber base has already crossed the 70-mn mark. Today millions of mobile phones users, be it Global System for Mobile communication (GSM) or Code Division Multiple Access (CDMA), run the risk of having their phones cloned. And the worst part is that there isn’t much that you can do to prevent this. Such crime first came to light in January, 2005 when the Delhi police arrested a person with 20 cell phones, a laptop, a SIM scanner, and a writer. The accused was running an exchange illegally wherein he cloned CDMA-based mobile phones. He used software for the cloning and provided cheap international calls to Indian immigrants in West Asia. A similar racket came to light in Mumbai resulting in the arrest of four mobile dealers.
Mobile cloning is copying the identity of one mobile telephone to another mobile telephone. The “cloning” occurs when the account number of a victim telephone user is stolen and reprogrammed into another cellular telephone. Each cellular phone has a unique pair of identifying numbers: the electronic serial number (ESN) and the mobile identification number (MIN). The ESN/MIN pair can be cloned in a number of ways without the knowledge of the carrier or subscriber through the use of electronic scanning devices. After the ESN/MIN pair is captured, the cloner reprograms or alters the microchip of any wireless phone to create a clone of the wireless phone from which the ESN/MIN pair was stolen. The entire programming process takes 10-15 minutes per phone. Any call made with cloned phone are billed to and traced to a legitimate phone account. Innocent citizens end up with unexplained monthly phone bills.
The ESN is the serial number of your cellular telephone. And the MIN is simply the phone number of the cellular telephone. Cellular thieves can capture ESN/MINs using devices such as cell phone ESN reader or digital data interpreters (DDI). DDIs are devices specially manufactured to intercept ESN/MINs. By simply sitting near busy roads where the volume of cellular traffic is high, cellular thieves monitoring the radio wave transmissions from the cell phones of legitimate subscribers can capture ESN/MIN pair. Numbers can be recorded by hand, one-by-one, or stored in the box and later downloaded to a computer. ESN/MIN readers can also be used from inside an offender’s home, office, or hotel room, increasing the difficulty of detection.
To reprogram a phone, the ESN/MINs are transferred using a computer loaded with specialised software, or a “copycat” box, a device whose sole purpose is to clone phones. The devices are connected to the cellular handsets and the new identifying information is entered into the phone. There are also more discreet, concealable devices used to clone cellular phones. Plugs and ES-Pros which are about the size of a pager or small calculator do not require computers or copycat boxes for cloning. The entire programming process takes ten-15 minutes per phone. Each year, the mobile phone industry loses millions of dollars in revenue because of the criminal actions of persons who are able to reconfigure mobile phones so that their calls are billed to other phones owned by innocent third persons. Often these cloned phones are used to place hundreds of calls, often long distance, even to foreign countries, resulting in thousands of dollars in air time and long distance charges. Cellular telephone companies do not require their customers to pay for any charges illegally made to their account, no matter how great the cost. But some portion of the cost of these illegal telephone calls is passed along to cellular telephone consumers as a whole. Many criminals use cloned cellular telephones for illegal activities, because their calls are not billed to them, and are therefore much more difficult to trace. This phenomenon is especially prevalent in drug crimes. Drug dealers need to be in constant contact with their sources of supply and their confederates on the streets. Traffickers acquire cloned phones at a minimum cost, make dozens of calls, and then throw the phone away after as little as a days' use. In the same way, criminals who pose a threat to our national security, such as terrorists, have been known to use cloned phones to thwart law enforcement efforts aimed at tracking their whereabouts.
CDMA differs from GSM and TDMA (Time Division Multiple Access) by its use of spread spectrum techniques for transmitting voice or data over the air. Rather than dividing the radio frequency spectrum into separate user channels by frequency slices or time slots, spread spectrum technology separates users by assigning them digital codes within the same broad spectrum. Advantages of CDMA include higher user capacity and immunity from interference by other signals. GSM is a digital mobile telephone system that is widely used in Europe and other parts of the world. GSM uses a variation of TDMA and is the most widely used of the three digital wireless telephone technologies. GSM digitises and compresses data, then sends it down a channel with two other streams of user data, each in its own time slot. It operates at either the 900 MHz or 1,800 MHz frequency band.

Five persons arrested in Toranto

Five Toronto men have been arrested in what police are calling "a sophisticated debit card fraud" that spanned several GTA cities.
Around 6 a.m. on Saturday, witnesses called Durham police after they saw several men running between the TD and CIBC banks at a Thickson Rd. S. and Dundas St. E. plaza in Whitby.
Shortly after arriving at the scene, police received a call from the TD security guard saying that fake debit cards were being used at their ATMs. One man was arrested inside the bank.
While investigating, police also came across four men at a parking lot at a Bank of Montreal at the Whitby Mall across the street.
All men had a large amount of money on them, said police, who also found four blank white cards with BMO data encoded in them.
A makeshift safe and two locking devices were also located in the suspects' vehicle.
Other white plastic cards were found in a garbage can at the TD ATMs along with some cash.
Officers seized a total of $5,980.
Investigators believe the men conspired with other suspects across the GTA to take part in a fraud. It was a coordinated attempt to withdraw money from ATMs using fake cards around the same time.
The debit card data in this case was eventually traced back to a drugstore in Scarborough.
Arrested are Srimaloj Srianandan, Pirathees Subramaniam, Patrick John, all 22, Luxmanan Balakrishnan, 21, and Anton Sooriyakumar, 23.
They are charged with four counts of fraud under $5,000, four counts of unlawful use of credit card data, use of credit cards obtained by crime, conspiracy to commit an indictable offence and possession of proceeds of crime.
Sooriyakumar also faces three additional counts relating to previous incidents.
Courtesy :

How to prevent Credit Card Fraud?

Credit card frauds are on the rise these days. Credit card fraud is a wide-ranging term for theft and fraud committed using a credit card or any similar payment mechanism as a fraudulent source of funds in a transaction. The purpose may be to obtain goods without paying, or to obtain unauthorized funds from an account. Credit card fraud is also an adjunct to identity theft. The credit card number, the Card Verification Value (CVV) or the Card Security Code (CSC), date of birth, credit card limit, residential address (stored on your card's magnetic tape) is all that is needed for someone to misuse your credit card.
Being vigilant while using your credit card is the only way of preventing fraud. Here are some tips.
The CSC or CVV number is a security feature for credit or debit card transactions, giving increased protection against credit card fraud. It is not embossed like the card number, and is always a group of numbers printed on the back signature panel of the card.
This provides a level of protection to the bank/card holder, in that a corrupt merchant cannot simply capture the magnetic stripe details of a card and use them later for 'card not present' purchases over the phone, mail order or Internet.
Whenever you use your card, always ensure that the transaction is completed in front of you and that no details are written down by the merchant. Do not provide photocopies of both sides of the credit card to anyone.
The card verification value (CVV) which is required for online transactions is printed on the reverse of the card. Anyone can use the card for online purchases if the information is available with them.
When using your credit cards for making purchases online:
Ensure that Web site is a secure site.
Do not click on links in e-mail seeking details of your account; they could be phishing e-mails from fraudsters. Most reputed companies will ask you to visit their Web site directly.
Do not give out your credit card details on unknown or suspicious Web sites.
The first and foremost thing to do, after you have confirmed that you have lost your wallet or card or have seen suspicious transactions on your credit card statement, is to call up the bank's call center and deactivate the card or inform the customer service representative about the suspicious transactions.
The representative will help you file a complaint in regard to this. In case of lost cards, check if any transactions have been made on the card and if there are any; inform the bank about the ones that are not yours.
On receipt of a new card ensure that it is in sealed condition and that the seal is not tampered with.
Sign on the back of your new card as soon as you receive it.
Monitor your account regularly either on the Internet or from call centers. Also subscribe to e-mail and mobile alerts to keep track of card usage.
Memorize your card's PIN number.
Destroy and dispose all documents that mention the card number, such as copies of receipts, airline tickets, travel itineraries, etc.
Personal account information should never be shared with anyone unless payment for the purchase is being done from that account.
Another important thing is keeping any useful information such as card number, expiry date, CVV number, and pin number, etc of your cards handy.
However, that does not mean that you keep the information in places where it is easily accessible. Protect your card information as you would protect your money.
Finally, always stay at least 40 per cent below your credit limit and review your account information either online or through the credit card company's call center frequently. This will help you identify any suspicious transactions immediately.
Credit cards, though an easy way to have access to money without carrying around a lot of cash can become a big liability if not used prudently and carefully. Ensure that you use the card responsibly.

Monday, March 30, 2009

1300 Systems in 103 countries attacked!!!!

Canadian researchers based at the Munk Center for International Studies at the University of Toronto have told to the world that a vast electronic spying operation from China has infiltrated computers and stolen documents from hundreds of Government and private offices around the world, including those of the Indian Embassy in the US and the Dalai Lama's organization. The article published by the Times of India daily on 30-03-2009. The main points from the article is given below:

The system was being controlled from the computers based almost exclusively in China, but that the researchers could not say conclusively that the Chinese Government was involved.

The researchers believed that the system, which they called GhostNet, had hacked into systems at embassies of countries like Pakistan, Germany, Indonesia, Thailand and South Korea.

The GhostNet has the capacity to turn on camera and audio recording functions of an infected computer, enabling crackers to see and hear what goes on in a room.

Thursday, February 26, 2009

Data Diddling

Have you heard of data diddling? It is a method adopted by computer criminals.Data diddling is the changing of data before or during entry into the computer system or altering the raw data just before it is processed by a computer and then changing it back after the processing is completed. Using this technique the criminal can manipulate the output and it is not so easy to identify. But using cyber forensic tools we can trace out when the data was changed and changed it back to the original form.

Thursday, January 29, 2009

With GDrive, Desktop Computer will go Online

Search engine giant Google will soon launch a service that would enable users to access their personal computers from any Internet connection making the desktop computer virtually redundant, predict technology experts. An article published in the Times of India daily on 27-01-2009 describes the new technology in details. Here are some excerpts from the article.

The system called GDrive will merge Google's all existing web based services to make them easier to use together. It could kill off the desktop computer, which relies on a powerful hard drive. Instead a user's personal files and the OS could be stored on Google's own servers and accessed via the Internet.

The GDrive would make it possible to access and update information like emails, photographs, music, documents and spreadsheets from any device with an Internet connection.

The novel system is being described as "cloud Computing", wherein the web rather than the hard drive is used as the place where information is stored. Google experts are said to have begun convincing the world of its benefits.

However, there are some who think that trusting Google with so much personal or commercial data is dangerous, for information may not be as safe as in the cloud as it is in a computer.