30 August 2012

Power grids easy meat for cyber rogues


NEW DELHI: India's power systems could be vulnerable to crippling cyber attacks on a scale that can have serious implications for national security and economy, an enquiry into the July 30-31 grid collapse that grabbed global attention has said.

Although cyber attacks have been ruled out in last month's grid collapse, destabilization of the energy sector could lead to a "cascading effect on national security and economy. It points out that main vulnerabilities are in transmission and distribution sectors.
..................................
...................................

A well-delivered cyber assault can disrupt services to critical users like hospitals and metro rail systems and such an attack may choose to target distribution where the bulk of automation is evident.
.....................
.....................

Click here to read more .... 
Solutions : www.xcyss.in

27 August 2012

Winning Cyber Battles Without Fighting


In military operations, good leaders never make a move without the best available intelligence and a strong sense of situational awareness. To do otherwise is tantamount to flying blind, something a good pilot or business leader should avoid.
Unfortunately, too many leaders of industry and commerce seem to be flying blind in today’s cyber domain.
The Cyber-readiness Reality Check,” an independent survey recently commissioned by the company, CounterTack, Inc., reveals that more than one-third of cyber security executives at companies with revenues greater than $100 million are unable to see an attack once it finds its way inside the perimeter of their systems.
..............................
The problem is exacerbated when senior leadership defers to the IT department in all matters pertaining to information security. “That’s our CIO’s responsibility,” is a comment often heard when speaking with senior and chief executives about cyber defense.
................
While IT security departments certainly must bear responsibility, the executive leader at the top of any organization should understand and take ownership of the problem if security is to have a fighting chance of attaining the resources needed for effective self-defense.
.........................
.........................

Click here to read more .... 
Solutions : www.xcyss.in

Pakistan plans bigger cyber attack?


A highly-classified government report on the recent incident of what has been described as the worst cyber attack on the country has said that it should not be treated as an 'isolated incident' as this exercise was not merely aimed at spreading communal hatred, but also to test the effectiveness of network of 'modules and sleeper cells' of subversive outfits in states like Karnataka, Andhra Pradesh, Maharashtra and Kerala.
.................................
Outfits like the Jamaat-e-Islami, Harkat-ul-Jihad-al-Islami, Simi and Indian Mujahideen are already on the watch list of intelligence agencies for spreading communally-sensitive messages and pictures that triggered a massive exodus of people from the Northeast.
Intelligence agencies in their report have warned that outfits like HuJI, Indian Mujahideen, Simi and even the PFI have a formidable network in southern India and have 'increased their support base manifold' in the last few yeas in Karnataka, Andhra Pradesh and Kerala.
Thus, the report adds, this incident should be treated as a warning signal to sensitise security agencies to launch a massive offensive against these groups in the affected states.
............................
...........................

Click here to read more .... 
Solutions : www.xcyss.in

24 August 2012

Targeted cyber attacks aimed at critical infrastructure


The trend we’ve seen until now is that targeted attacks use customised malware and refined targeted social engineering to gain unauthorised access to sensitive information. However, cyber criminals are increasingly targeting critical sectors including energy for mass destruction, say industry players.
......................
.................................

Symantec has identified a new series of targeted attacks, dubbed the Shamoon attacks, where critical infrastructure including power is coming under threat. According to the global security service provider’s July 2012 intelligence report, during the first half of the year, the total number of daily targeted attacks continued to increase at a minimum rate of 24 per cent with an average of 151 threats being blocked each day during May and June.

The report also states that globally the defence industry has been the biggest target in the first half of the year, with an average of 7.3 attacks per day.

India may not be immune to the global trend. After all, we became the top spam-sending nation during the first quarter of 2012. The country contributed to about 20 per cent of the globe’s total spam volume followed by Indonesia (13 per cent), South Korea (12 per cent), and Russia (10 per cent).
.....................................
Cyber criminals are abandoning spam emails only to resort to other more lucrative means such as targeted attacks.
...........................

Click here to read more .... 
Solutions : www.xcyss.in

Balance Internet freedom with national security: US to India


The United States advised India to ensure Internet freedom while seeking to preserve national security, as the Indian government asked social networking websites like Facebook and Twitter to check pages carrying inflammatory messages.
................
................
The general principle of respect for freedom of expression, respect for the unique characteristics of the online environment, needs to be respected, even as they work through whether there are things these companies can do to help calm the environment..........
...................

Click here to read more .... 
Solutions : www.xcyss.in

23 August 2012

Living with the reality of virtual threats


The recent revelations of Pakistan-based websites unleashing doctored pictures of alleged atrocities against Muslims in order to inflame passions in India has once again drawn attention to the enormous potential of the Information Age to challenge our security assumptions.
The computer is the instrument of our age; cyberspace is the oxygen of the internet. So much in our interconnected, globalised, and technologically advancing world depends on cyberspace.
………………………
To a layman, cyber security means simple things: a password that is not stolen, a message that remains confidential, a child that is not exposed to a stalker or paedophile online. When they type in a web address, that is where they should go and not to a spam site. When they click a link that looks genuine, they should not be cheated by a plausible fraud. Their work online should not be tampered with, and so on……………..
THREATS to cyberspace
The international relations theorist Joseph Nye has discerned four different types of threats to cyberspace. The most dramatic is Cyber War — the unauthorised invasion by a government into the systems or networks of another, aiming to disrupt those systems, to damage them partially, or to destroy them entirely.
……………………………
Second threat is Cyber Espionage. Governments can invade the systems of their rivals to steal sensitive information that would be useful for their own purposes. These attacks are usually hard to discover and the case of Operation Shady RAT, the world’s biggest hacking ever, is rather phenomenal.
………………………….
Cyber Crime is the third kind of threat, and the most familiar. While this also has military and political implications, it affects the lives of ordinary Internet users more closely………………...
Cyber Crime also includes pornography, Internet stalking, and personality imitation.
Finally there is Cyber Terrorism. This includes websites spreading extremist propaganda, recruiting terrorists, planning attacks, and otherwise promoting terrorists’ political and social objectives………
Social networking websites are also increasingly becoming targets, not only because of the massive databases they provide, but also in order to spread malware that infect computers. On Facebook there are 50 million Indian users and even if a small fraction of them click unsuspectingly on a malevolent but seemingly ordinary link, you have that many computers opened up to risk and infection.
Another use of social networks, seen recently in India, is to spread inflammatory material with a motivated agenda, such as the doctored pictures of alleged atrocities against Muslims in Assam and Myanmar that incited violence in Mumbai and threats of retaliation elsewhere. Though this does not constitute cyber terrorism in itself, it constitutes a new security threat that cannot be ignored.
………………………..
India’s own style of dealing with cyber threats leaves much to be desired. It is relatively chaotic and there is a constant insecurity that our cyber-defences are insufficient.
…………………………………
…………………………………

Click here to read more ....
Solutions : www.xcyss.in

22 August 2012

‘Govt’s Internet crackdown needs to be transparent’

As the government cracks down on websites and social networks that it says are responsible for posting inflammatory and hateful content that led to a mass exodus of people from North-eastern states from south Indian cities, online activists are decrying the lack of transparency with which the government is blocking websites and content.
...........

“The debate on social media diverts the attention from the issue at hand. While the spotlight is on the role of Twitter,Facebook, SMS and MMS in making people flee Bangalore, there is hardly any discussion on the socio-economic conditions of north-eastern people living in South India. Social media solely cannot be blamed for the events in Britain, Arab or India, said Commander Mukesh Saini (retired), a cyber security expert.
“Misinformation on social media itself cannot become into a monster unless supplemented with some real world information”, he said.
.........
...........

Click here to read more .... 
Solutions : www.xcyss.in

With social media curbs, govt is barking up the wrong tree


The most striking thing about the government’s latest efforts to clamp down on social media platforms and block websites, ostensibly to spike rumour-mongering of the sorts we saw last week, is the extent to which it has the enthusiastic support of many in the mainstream media.
The government has thus far blocked 254 websites on the grounds that they bore inflammatory messages that contributed to the fear psychosis among people from the north-east and triggered their ‘exodus’ from some of India’s cities.
The government has additionally threatened to take legal action against Twitter, evidently because it has “refused to cooperate” in the crackdown on web sites with inflammatory messages. Facebook and YouTube are, on the other hand, cooperating with the government and, according to the Telecom Secretary, have validated the government’s claim that many of these inflammatory messages were uploaded from Pakistan.
…………………………….
……………………………
Yet, in attempting to clamp down on social media platforms like Twitter, the government may be resorting too readily to the censorship instinct, and worse channelling its energies in entirely the wrong direction. In this particular instance, it may be barking up the wrong tree.
……………….......

Click here to read more .... 
Solutions : www.xcyss.in

Centre, Twitter in face-off over PMO parody accounts


The government and popular social media site Twitter are locked in a confrontation over half-a-dozen accounts that the Centre feels "misrepresent" the Prime Minister's Office but which the web-based platform has so far refused to shut down.

The clash over the accounts is playing out at a time when the government has also asked social media to remove sites posting incendiary and untrue information on the Assam riots and its fallout. On this count, too, Twitter hosts certain pages found to be objectionable.
.......................

Click here to read more .... 
Solutions : www.xcyss.in

21 August 2012

China to trigger electricity crisis in India?

China could carry out a cyber attack against India with the help of computer hardware and spare parts, according to a report by intelligence agencies. The agencies further believe that China would become an expert in such stealth attacks by 2017. 

According to the intelligence agencies, an extractor tool used in the production of electricity is imported from China and two such companies involved in the import of the equipment are already under the scanner. 

The agencies believe that China could use its equipment to create hurdles in India’s development march in the near future. An electricity crisis could be the result of such a design and has the capability to slow down Indian economy.
..............
Click here to read more .... 
Solutions : www.xcyss.in

The beginning of cyber warfare?


A day after Union home secretary RK Singh said that the bulk of rumours of imminent attacks on northeastern people for the killings of Muslims in Assam originated from Pakistan, experts said that this could be Pune’s first brush with cyber warfare. They also fear that all this is an indication of a major form of subversive warfare in the future.
Cyber warfare refers to politically motivated hacking to conduct sabotage and espionage. It is a form of information warfare sometimes seen as analogous to conventional warfare although this analogy is controversial for both its accuracy and its political motivation.
Hackers and other individuals trained in software programming and exploiting the intricacies of computer networks are the primary executors of these attacks. These individuals often operate under the auspices and possibly the support of nation-state actors.
.....................

Click here to read more .... 
Solutions : www.xcyss.in

Cyber war: Blaming Pakistan is not enough


Delhi’s assertion that hostile websites in Pakistan have triggered the recent rioting in Mumbai and provoked the flight of northeastern migrants from Bengaluru and other cities might indeed be based on fact.
Blaming Pakistan, however, is not going to solve the enormous new challenges that confront India’s security planners in the cyber domain. Nor will requesting Islamabad to crackdown on the websites that deliberately spread disinformation against India will yield any real results.
................

Click here to read more .... 
Solutions : www.xcyss.in

Israeli businesses hit by wave of hacker extortion


Several financial institutions and businesses have recently fallen victim to extortion by organized crime rings and independent hackers, which has cost these victims anywhere from a few thousand shekels to hundreds of thousands of dollars.

Various ruses are used, but a common tactic is infiltrating a company's computer network or an employee's cell phone, stealing a file to prove a system breach, and threatening to leak sensitive documentation unless security software or consulting services are "bought" from the perpetrator.
................
Most of the victims don't file police complaints, preferring to use private security firms to find the security lapse. Large companies, which by law are required to report such incidents, assume police don't have the manpower to deal with such extortion. Thus, they feel compelled to pay for the software, even though it can often be easily downloaded from the Internet.
..........................

Click here to read more .... 
Solutions : www.xcyss.in

17 August 2012

Scribes get cyber security lessons


Did you know that the Geotagging option on you mobile, if enabled, can give strangers, minute-to-minute information about your whereabouts? Or that just your telephone number can enable anyone to download all your personal information?
..............
Children were known to spend 6-8 hours on the Net every day and since they were not aware of the security options, there had been a 40 per cent growth in cyber-related crime.

When people begin to upload Geotagging on the Facebook through their smart phones, their physical presence at a particular spot gets mentioned.

If a cyber criminal is tracking you, he can easily locate your presence through the latitude and longitude mentioned along with your post. Every movement that you make during the day, can be tracked and recorded.
.....................

Click here to read more .... 
Solutions : www.xcyss.in

A cybersecurity solution is unresolved for a reason


As Congress adjourned for the summer recess, some issues were left unresolved, most notably the question of a cybersecurity bill. 
..........................
There is no partisan dissent over whether cybersecurity – protecting computers, networks, programs and electronic information from being attacked and destroyed – is a critical issue. Experts have long cited cyber-terrorism as one of the potentially most dangerous threats to national security. Consider what might happen if a hostile government or terrorist organization launched an attack on our nation’s power grids, hospitals, nuclear facilities or major financial institutions – just to name a few possible targets. The effects would be devastating. The question is not whether we act to prevent such attacks, the question is how we act.
.....................

Click here to read more .... 
Solutions : www.xcyss.in

16 August 2012

Hackers hack Reuters website, publish false news of Saudi minister's death


The blogging platform of the Reuters News website was hacked and a false posting saying Saudi Arabia's foreign minister Prince Saud al-Faisal had died was illegally posted on a Reuters journalist's blog, the company said on Wednesday.
.................

Reuters had no immediate information on who was behind the hacking, the second time this month that the blogging platform of Reuters.com has been compromised.

On Aug 3, Reuters was forced to shut the platform temporarily after the appearance of unauthorized, and false, reports citing military reverses for rebels in Syria.
..............

Click here to read more .... 
Solutions : www.xcyss.in

14 August 2012

Secret audit reveals DRDO irregularities


A confidential internal audit ordered by the defence ministry has found several financial and other irregularities in the functioning of the Defence Research and Development Organization (DRDO), which has a network of 50 labs and an annual budget of over Rs 10,500 crore.
...................
The fresh internal audit, conducted by the finance wing of the defence ministry, has raised serious questions about the lack of transparency in DRDO's functioning, including the alleged sanctioning of Rs 2.80 crore by DRDO chief V K Saraswat to a mathematical society headed by him. 
................

Click here to read more ....
Solutions : www.xcyss.in

Hoax call made from cloned SIM

hoax call about a ticking bomb on Saturday night has left police in a sweat about a new menace - phone cloning. While cases of criminals obtaining SIM cards on fake identities are commonplace, in the latest case pranksters seemed to have cloned the SIM card of a Ghaziabad based businessman to send police on a wild goose chase.
..........

According to reports, more than one lakh subscribers have fallen prey to this new telecom menace in India. The modus operandi of the SIM card cloning racket is simple. Callers get a missed call from a number starting with the above three mentioned numbers. The moment a subscriber calls back on the number, his or her cell phone is cloned.
................


Click here to read more .... 
Solutions : www.xcyss.in

13 August 2012

Gauss wants YOUR log-on


Kaspersky Lab has announced the discovery of ‘Gauss’, a new cyber-threat targeting users in the Middle East. Gauss is a nation-state sponsored cyber-espionage toolkit designed to steal sensitive data, with a specific focus on browser passwords, online banking account credentials, cookies, and specific configurations of infected machines.

The online banking Trojan functionality found in Gauss is a unique characteristic that was not found in any previously known cyber-weapons..............


Click here to read more .... 
Solutions : www.xcyss.in

08 August 2012

Cyber security: Imperatives for India

Cyber security must be considered as a key enabler for India’s economic growth and the government and industry efforts and initiatives should reflect this realization
..............
The phenomenal success of Indian outsourcing industry has positioned India as the global hub of IT and BPO services. In FY 2011, the industry aggregated revenues of USD 88.1 billion and is expected to grow revenues to USD 225 billion by 2020 – out of which more than 75 percent revenue will be on account of export of software and services. 
..................
The journey however has not been easy. Since the initial years, there have been serious concerns on the security of data in outsourced assignments.
....................
.......................................

Today, the importance of data security for India is not limited to the growth of outsourcing industry. As a subject, it has far greater implications. Our dependence on technology as a nation is increasing - e-payments in India currently account for 35.3 percent of the total transactions in terms of volume and 88.3 percent in terms of value, card circulation - both credit and debit - was around 200 million in 2010..............

Also, India is expected to be the third largest Internet user base by 2013 in the world. Considering the power of the web, the Government is investing USD 10 billion in various e-Governance projects – the Government policies are relying on technology to solve governance, corruption, service delivery and financial inclusion issues. In addition, businesses are leveraging technology to transform their business models and Defense and Police agencies are making strategic use of technology to modernize.
.................

In such a scenario, it is essential for us as a country to comprehensively understand the threats associated with the use of technology and operating in ‘cyberspace’- which is emerging as a fifth domain after land, sea, air and space that has no geographical boundaries and cuts across jurisdictions. These threats range from petty cyber crimes impacting an individual to sophisticated cyber attacks impacting national security by affecting economy, public safety or citizens’ lives. The number of cyber attacks and crimes are rising globally and India is no exception. There have been cyber attacks on PMO, CBI website, T3 terminal, etc. Stuxnet, the deadliest attack vector that has been designed so far, that destroyed a nuclear reactor in Iran has reportedly infected systems in India. There is an increase in the number of cyber crimes registered under the Information Technology Act 2000. 

In the cyberspace, we must defend ourselves against international syndicates, terrorists, rogue nation states, competitors and disgruntled insiders, who operate from anywhere in the world and exploit vulnerabilities in IT systems to achieve their motives, without getting traced. What makes their job easier is the availability of information about such vulnerabilities on the Internet.
...............................

There are numerous challenges in cyber security. From a national security perspective, security of critical information infrastructure (CII) is a top priority of the government. National Security has traditionally (for air, land and sea) been the sole responsibility of the governments. But as the world has moved into the information age, with increased dependence on information infrastructure for production and delivery of products and services, the new responsibility of securing the CII against the rising number of cyber attacks has come within the ambit of national security.
..........................

The second challenge is of coordination and cooperation at both - the national and international level. At the national level, there is currently lack of a comprehensive framework to ensure coordinated response and recovery, intelligence and information sharing mechanism, clarity in the role of different government agencies, involvement of state governments, and specified role of government and industry in PPP models. At the international level, there is absence of cooperation across jurisdictions to track cyber criminals and norms to address cyber security requirements, making it difficult for the Law Enforcement Agencies (LEAs) to bring cyber criminals to justice.

Third and one of the most important challenges in cyber security is poor awareness and education about cyber security threats and the need to follow best practices, across different levels – ranging from school children to top government officials / top management.
........................................

Click here to read more ....
Solutions : www.xcyss.in

Alleged Anon arrested for planning gov DDoS attacks

Hong Kong police have arrested a 21-year-old man after he apparently bragged on Facebook of his intent to disrupt several government web sites.
.........

He was cuffed after threatening to launch DDoS attacks against seven government sites.
Section 161 of the Crimes Ordinance states it is an offence “to obtain access to a computer with an intent to commit an offence”, and if found guilty the perpetrator could face up to five years in the slammer.
.................

Click here to read more .... 
Solutions : www.xcyss.in

06 August 2012

Yahoo's mass account hacking shows 'users' carelessness with passwords'


A security breach at the offices of internet search giant Yahoo, which led to over 450,000 login details being leaked online, highlights how careless Internet users are while choosing their passwords. Last month, a hacking collective posted account information belonging to thousands of Yahoo users on a public website in what they described as 'a wake-up call'.
.....................
The incident showed that the company that holds user details in question has poor user security, which allows the hackers to grab this important data.
But most importantly, it tells how blind Internet users are when it comes to password security.
According to the report, out of 442,837 passwords that were published, the top ten passwords were "123456," "password," "welcome," "ninja," "abc123," "123456789," "princess," "sunshine," "12345678," and "0".
The word "'qwerty"' (the first six letters appearing on the top left letter row of a U.S. keyboard when read left to right, came in at number 11..............

Click here to read more .... 
Solutions : www.xcyss.in

Reuters Twitter account hacked, false tweets about Syria sent


Reuters News said one of its Twitter accounts was hacked on Sunday and false tweets were posted, mainly related to the current armed struggle in Syria.........
The incident follows the company's disclosure that the blogging platform of the Reuters News website was compromised on Friday and a false posting purporting to carry an interview with a Syrian rebel leader was illegally posted on a Reuters' journalist's blog.
In the latest incident a series of 22 false tweets were sent purporting to be from Reuters News. Some of the tweets also carried false reports about Syrian rebel losses suffered in battles with Syrian government forces..........

Click here to read more .... 
Solutions : www.xcyss.in

Cyber criminals plan new ways to beat cashless policy


With Nigeria gradually transiting from cash to an electronic based economy, by virtue of the implementation of the Central Bank of Nigeria’s (CBN) cashless policy, cyber criminals and hackers in the country who hitherto attacked businesses and individuals across the Atlantic, are re-directing their energies towards exploiting possible loopholes in the electronic payment system in order to perpetuate fraud.
Analysts have warned financial institutions and other stakeholders in the electronic payment industry to step up investments in security of electronic transactions, or risk been overwhelmed by the spate of sophisticated cyber attacks that would soon arise as a result of the sheer volume of financial transactions online............

Click here to read more ....
Solutions : www.xcyss.in

03 August 2012

Hackers can cripple India’s power grids


No Proactive Step By Govt To Curtail This Threat

Josy Joseph TNN 


New Delhi: It is possible for an adversary or a group of hackers to cripple India’s power grids through a cyberattack; although this is an unlikely reason for the recent power outages that crippled much of north, east and northeastern India. 
....
 “Given the fact that our grids are vulnerable to a cyberattack, those responsible for managing grids should have a proactive policy to rule out cyberattack as part of their crisis management procedures,” a senior official said. “But none of it was visible,” he added. 
    Sources aware of contacts among power ministry, Power Grid authorities and those in both CERT-IN (Computer Emergency Response Team-India) and NTRO (National Technical Research Organisation) say there was no proactive effort by those responsible for power grids. 
....

Blackout cited in US cyber law debate he US needs to learn lessons from the massive blackouts in India, top US lawmakers have said, making a case for thepassage of a law on cyber security. “All one needs to do is look at what is going on in India today. There are no cyber problems there that I am aware of, but one-half of the country of India is without electricity today,” Senator Harry Reid, the Senate Majority Leader, said. “Transportation has been shut down, financial networks in India, which are significant, are down, and it is a chaotic place. There are 600 million people in India who are without electricity,” Reid said. 


Click here to read more ....
Solutions : www.xcyss.in

Hackers can cripple India’s power grids

Preparing for Cyberwar - A National Perspective


Preparing for Cyberwar - A National Perspective



War has International Ramifications
Various international laws and treaties especially of Paris and also Charter of United Nations prohibit use of threat or use of force in international relations. Prior to these developments post 1945, declaration of war was a standard practice, but today no one officially declares war to the international community. This is nothing but just masking because internally a nation state has to declare war, whether limited in scope or a full-fledged war. This is necessary to activate appropriate structures; authorisation to force commanders to use Rules of Engagement (R.o.E) for ‘conflict’; activate provisions of War-Book; freezing of assets of enemy aliens; mobilisation of resources; suspension of local laws against the enlisted personnel engaged in war; and even enforcing ‘Emergency’ in the country. Thus a war whether declared or otherwise is a ‘structured-response’ to a conflict which is expected to result in subjugating the enemy to the will of a nation.


Click here to read more .... 
Solutions : www.xcyss.in

Cyber-security measure fails to pass in Senate

Despite warnings from intelligence officials that the U.S. is ill-prepared to stop a growing wave of cyber attacks against its crucial national infrastructure, theSenate on Thursday failed to pass a watered-down bill that would have set voluntary standards to harden the network defenses of electric utilities, chemical plants and other privately owned facilities...........


Click here to read more .... 
Solutions : www.xcyss.in