Wednesday, 19 December 2012

How Safe is your Info over net -Want to Know about some common Cyber-crimes?


This Post deals with
    1. Cyber crime
    2. Budapest convention - Aim, Scope, Provisions
    3. Some common cyber threats
    4. Indian perspective on Cyber-security

Cyber Crime
Every middle class morning today begins like this. He gets up, opens his Laptop/Desktop/Mobile (most of us have all the three) to check his personal mail account. Even before the daily coffee we need daily Social network to see what our friends are up to and share our own greatest achievements of Yesterday. Then we want to complete our daily chores, from paying electricity bills, telephone bills, recharging our brand new DTH etc., etc., etc. Humpty transactions are done in seconds and that too from home- thru the Magic wand INTERNET. In today’s world Internet has become a part and parcel of everyone’s life. Obviously it has become a one stop place to exploit everyone, for some genius minds who are interested only in making easy money.
The use of Computers and Internet by anyone to cause damage to any Individual/Organization in the form of reputation or material loss is called Cyber crime. The first international recognition of cybercrimes, necessity to legislate in this domain and the need for international cooperation and coordination in cyberspace happened with the Budapest convention 2001, initiative of council of Europe.

What is the CoE:
  • Council of Europe an international organization formed in 1949 by 10 European members.
  • Today it has 47 members. Not to be confused with council of European Union or European council.
  • It is independent of EU and is in fact wider including almost all European states except Kazak, Belarus [human rights considerations], Vatican [theocracy].
  • Though only European states can be members some of the conventions under its ambit are opened for non-member states also.
  • This Budapest convention is of course signed by US, Canada, Japan etc.

Aim of the convention:
  • The convention aims to:
  • Protect the society against cybercrime.
  • Enunciate proper legislations as many states are yet to define all cyber related threats.
  • Obtaining International cooperation.

Necessity for such a convention:
  • Increasing digitization across all the fields.
  • Shift towards e-governance, paperless office.
  • Increased monetary activities carried through internet: e-banking [like NEFT, RTGS in India], mobile banking.


  • Improving the security and integrity of the worldwide web.
  • Difficulty in identifying the jurisdiction for the crimes happening in the cyber world [need for cooperation, coordination, understanding].
  • Need for Technical expertise requiring technology and human resource sharing.

Scope of the convention:
  • It recognizes the following under cybercrimes:
  • Not only the misuse or stealing of data from a system, but also accessing a system without permission, with an intent to obtain information.
  • Intercepting, meaning to tap the data in between a communication path [like reading a personal mail sent by you to another person, without their permission or knowledge], interference in the form of damaging, destroying a data, or a system
  • Manufacture of device, writing and distributing of program with the sole purpose of committing above crimes [brings within it the crackers]
  • Acts of child pornography
  • Infringement of copyrights recognized under TRIPS, WIPO, Bern convention also fall under its ambit.

 



Some of the commonly encountered cyber security threats:
Phishing:
  • Similar to Fishing= Throwing a bait to catch a big fish.
  • Usually an e-mail or an advertisement promising huge lottery, gifts sent as a spam to a large number of IDs.
  • Normally these persons use names of reputed firms, create fake websites in their names and send a link for these sites with the mail.
  • Persons who unsuspectingly enter these websites end up giving their personal data, bank account numbers, passwords believing to win lottery.







Denial of service attack:
  • Another common form of attack in which your inbox may be filled with spam, or repeated opening of a particular application, whereby your control over system is lost or your are denied access/service.

Spoofing:
  • Man in the middle attack
  • Where interception of data transmitted is the motive. Interception is done in between when ` the data is transferred from the sender to the receiver without the knowledge of either.

Cyber-stalking:
  • This is simply bullying/harassing someone through cyber-world.
  • Unsolicited emails, threats etc. are sent as the sender believes tracking would be difficult.
  • Usually one more form putting the receiver’s personal info in social media which he do not want to reveal in public are also done.

Other common forms tab nabbing, click jacking follow similar ideas like transfer of control from main program, redirection to undesired links/websites.

Above said are some techniques, there are some programs which are also created for the purpose of creating trouble, which we commonly call viruses. Technically some traits characterize each of them as:
Malware:
  • Malicious + software= Bad set of codes, not necessarily system crashers, but that does some functions which it is not intended to by the user. Malware is a generic term. It includes within itself:
    • Virus:
      • Any program that has the capability to replicate itself. Like a biological virus it needs a host to do this.
      • This is why they are usually attached to executable [.exe] files. Once the user clicks them the virus starts functioning. [Key here self-replicating capability].
    • Spyware:
      • A type of malware, Intent to spy your system, i.e steal info from your system without your knowledge, which could be anything from bank passwords [using keystroke identifiers], to history of websites you visit [an advertisement strategy to feed you with dedicated ads].
    • Trojan horse:
      • Commonly used form of malware. Their specialty is that they come in disguise, usually these codes are written within useful software, and are hidden. When we download that program, we end up installing these Trojans without knowledge.
      • Once installed they start their work – malfunctioning, spying, crashing the system etc.
    • Worms:
      • Again piece of code designed to replicate and spread itself.
      • Differs from viruses in the sense they do not need a host to attach themselves.
      • They spread via network and infect a system when it finds security gaps in them. Usually worms do not alter our computer data, but may affect network speed.


Seen enough? Now need to know some practical examples of these?

Lets have a look:
Operation Shady RAT:
  • This operation was identified and named by McAfee a subsidiary of Intel group of companies, dedicated to security operations. The attacks are said to taken place during 2006- 2008 a span of 3 to 4 years.
  • This report states that a single group/actor had hacked in to almost every important organization across every nation, starting from defense agencies, government offices, to Olympic organizations, security firms.
  • One of the largest hacking operations ever done, the report ends in a note there may be a state actor involved in this

Geographical spread of the attack
Source Report:  http://www.mcafee.com/us/resources/white-papers/wp-operation-shady-rat.pdf

Stuxnet:
  •  It is a malware, which was identified in 2010.
  • This one was said to attack specific systems of Siemens Industrial firms. Their main aim was to expose Iranian systems involved in nuclear test experiments, by hooking them to internet, stealing info from them.


Source: NorAm intelligence
  • 60% of the systems infected by this malware were located geographically within Iran. And this had made many experts to point fingers at Israel and US behind the attacks. Also the specificity and the complexity of the malware also raises the doubts.

Flame:
  •  Another malware found in 2012 is said to be closely related to stuxnet targeting Iranian systems.
  • This particular malware has a special trait that it functions all times receiving commands from a central command center. And it has the capability to completely erase itself and its traces once it receives a command on completion of the job making identification and study difficult.


Having said all these let’s look at Indian perspective:

  • Newer challenges of cyberwarfare, cyber terrorism on the rise.
  • India home to second largest number of mobile subscribers, aiming at extension of connectivity to all.
  • Hacking in to government websites have become a common phenomenon and that too are organized across the borders.
  • Indian law recognizes cyber related crimes under the umbrella act Information Technology Act 2000 [amended in 2008]= no specific law, detailed provisions upto date with technological advancements.




    With this situation India wants to improve its cyber-infra, ensure coordination with  international agencies, protect itself from external attacks. With this intent India sent its team to the October conference under Budapest convention.
     And our MoS for communication and info technology Sachin pilot told that India would take a nuanced position in this issue commensurate with international commitments…..

at

No comments:

Post a Comment