Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label CyberCrime and Law. Show all posts
Police
Bengaluru Cyber Attacks Cyber Crime CyberCrime and Law Economic Offences Narcotics Police

Lone cyber police station in Bengaluru gets overburdened

The delay in setting up new police stations to handle cyber crime has overburdened the lone station in Bengaluru. Eight new police stations for cyber crime, economic offences and narcotics (CEN stations) were announced in December 2018 to handle the growing number of cyber crime cases in Bengaluru. One station was to be set up in each of the eight law-and-order divisions. Even six months after the announcement, the proposal is yet to be implemented.

The existing station, often crowded, has received over 4,700 complaints so far this year. It got 5,036 cases in the whole of 2018.

More cyber crime cases are registered in Bengaluru than in other Indian cities. And yet, some other cities have multiple dedicated stations. For instance, there are three cyber crime stations in Hyderabad.

Policemen say the sheer number of cases hampers investigations. In fact, the station has filed just one charge sheet until now this year against 52 in 2018 and 229 in 2017. A chargesheet is the end of the investigation process from the police side and paves the way for the case to be heard in court. Until now, there has been only one conviction for a cyber crime — in October 2018 after a case was investigated by the CID.

The existing station has a large number of visitors on most days. A policeman said, “Most of our time is spent in handling incoming cases, leaving us with hardly any time to investigate them.” Another official said though about 20 additional Central and Reserve (CAR) personnel have been deployed at the station, more stations are a must for faster resolution of cases.

Deputy commissioner of police (crime) Girish S said setting up of more stations will help the complainants as they will then have to travel only shorter distances to file complaints. Asked if the volume of cases was affecting investigations, Girish said, “I can’t say it’s affecting investigations, but what is happening is we are focusing on the more pressing, immediate cases, due to which the resolution time for other cases gets prolonged.” Cases of a very serious nature are taken up by the CID wing.
Read more »
Phishing and Spam
CyberCrime CyberCrime and Law India Indian Cyber Security phishing Phishing and Spam

Cybercrime goes out of control in India



Phishing, data theft, identity theft, online lottery, cyber attacks, job frauds, banking frauds, cyberbullying, online blackmailing, morphing, revenge porn, cyber hacking, child pornography, cyber grooming, cyberstalking, data diddling, software piracy, online radicalisation — the dark web of cybercrimes is spreading across the world and India is one of the hotspots of this digital crime.

With increasing mobile coverage and cheaper data, more and more Indians now access the internet even while on the move. This has exposed unsuspecting ones to fall prey to online fraudsters. Many become victims of sexual exploitation after being made to share personal details while some others use the new media like WhatsApp to spread fake news to create trouble for political and other gains. There have been several lynching incidents in the country in the past couple of years after fake messages about child lifting and cow slaughter were spread through social media.

In spite of an alarming rise in cybercrime in the country, the most recent Government statistics available on this is from 2016. Cybercrimes touched 12,317 cases in 2016 which was an increase from 9,622 reported in 2014. The National Crimes Record Bureau is yet to release the statistics for 2017 and 2018.

The data available is just a tip of the iceberg and the numbers might be much more, says a senior government official. “Many even do not report loss of money or honour out of shame. Many cannot even tell their families that they have lost money in online frauds,” the official said.

Officials say the problem is that common people are not aware of the risks involved while dealing with the internet. Many are unaware, they say, and exercise no caution while using the net. They click unwanted links, unknowingly give the cyber fraudster their personal details and get cheated.
Read more »
iPhone
Computer Security CyberCrime and Law Cyberhacking eBay Hacking Tools iPhone

iPhone hacking tool for sale on eBay

iPhones are renown for their security -- to the point that even law enforcement agencies have trouble accessing their contents. An Israeli firm, Cellebrite, became well-known when it transpired that hacking tools it made were used by the US government to crack locked iPhones and now its hacking tools are available to buy on eBay.

Cellebrite phone-cracking devices, beloved by law enforcement, are available at bargain-basement prices so you can get a gander at all the devices that the police have presumably been able to squeeze for data.

The Cellebrite Universal Forensic Extraction Device (UFED) is a smartphone hacking tool commonly used by the FBI, Department of Homeland Security and other law enforcement agencies in the US and elsewhere. It’s the most powerful tool yet created by the Israeli company, able to extract a huge amount of data – even data which has been deleted from phones.

Security researcher Matthew Hickey who is the co-founder of the training academy, Hacker House recently told Forbes that he’d picked up a dozen Cellebrite UFED devices for dirt cheap and probed them for data, which he found in spades.

For as little as $100-$1000, you can get your hands on a second-hand piece of Cellebrite equipment (a fraction of its usual selling price). For just a few Benjamins, you could get a Cellebrite UFED (Universal Forensic Extraction Device) and use it for whatever you might fancy.

A brand new one normally costs $5,000 to $15,000 depending on the model.

What surprised Hickey was that nobody bothered to wipe these things before dumping them onto eBay, he told Forbes:

“You’d think a forensics device used by law enforcement would be wiped before resale. The sheer volume of these units appearing online is indicative that some may not be renewing Cellebrite and disposing of the units elsewhere.”
Read more »
CyberCrime and Law
Cyber Crime Cyber Security cyber threat CyberCrime and Law

BT and Europol sign agreement to share cybersecurity intelligence data


The European Union Agency for Law Enforcement Cooperation (Europol) and communications company BT have joined forces in an agreement to exchange threat intelligence data.

A Memorandum of Understanding (MoU) was signed by both parties at Europol’s in The Hague in the Netherlands, which along with the creation of a framework to share knowledge of cybersecurity threats and attacks, will also help in facilitating sharing of information relating to cybersecurity trends, measures, technical expertise, and industry practices to reinforce cybersecurity in Europe.

To this end, BT will work alongside Europol’s European Cybercrime Centre (EC3), helping in identifying cyber threats and strengthening law enforcement response to cyber crimes.

“The signing of this Memorandum of Understanding between Europol and BT will improve our capabilities and increase our effectiveness in preventing, prosecuting and disrupting cybercrime,” said Steve Wilson, Head of Business at EC3. “Working co-operation of this type between Europol and industry is the most effective way in which we can hope to secure cyberspace for European citizens and businesses. I am confident that the high level of expertise that BT bring will result in a significant benefit to our Europe wide investigations.”

BT became, earlier in the year, the first telecom provider to share information on malicious websites and softwares with other internet service providers (ISPs) via a free online portal, called the Malware Information Sharing Platform (MISP), to help them in tackling cyber threats.

The company will now share that information with Europol to aid in cybercrime investigations.

“We at BT have long held the view that coordinated, cross border collaboration is key to stemming the global cyber-crime epidemic,” Kevin Brown, VP, BT Security Threat Intelligence, said. “We’re working with other law enforcement agencies in a similar vein to better share cybersecurity intelligence, expertise and best practice to help them expose and take action against the organised gangs of cybercriminals lurking in the dark corners of the web.”

BT currently has a team of more than 2,500 cybersecurity experts who have so far helped to identify and share information on more than 200,000 malicious domains.

Read more »
DDOS Tools
CyberCrime and Law DDOS Attacks DDOS Tools

DDoS-for-Hire website taken down in global collaboration of law enforcement agencies


Webstresser.org, a popular DDoS-for-Hire website service on Wednesday was taken down by authorities from the US, UK, Netherlands, and various other countries in a major international investigation and arrests have been made.

The website is blamed for more than four million cyber attacks globally in the past three years and had over 134,000 registered users at the time of the takedown.

The operation, dubbed “Operation Power OFF,” targeted Webstresser.org, a website service which launched DDoS attacks all over the world at the buyer’s bidding. It involved law enforcement agencies from the Netherlands, United Kingdom, Serbia, Croatia, Spain, Italy, Germany, Australia, Hongkong, Canada, and United States of America, coordinating with Europol.

The domain name was seized by the US Department of Defence.

The website allowed criminals to buy attacks on businesses and was responsible for cyber attacks all over the world, including a British suspect who used the site to attack several high-street banks last year, causing hundreds of thousands of pounds of damage.

“As part of the operational activity, an address was identified and searched in Bradford and a number of items seized. NCA officers believe an individual linked to the address used the webstresser service to target seven of the UK’s biggest banks in attacks in November 2017,” UK’s National Crime Agency said in a statement.

The site was one of the various websites operating openly as a “stresser” service that offered to test a company’s cybersecurity defenses. According to investigators, the gang behind the website sold cyber attacks for as little as $14.99.

Seven suspected administrators have been arrested over the last few days or subjected to searches by authorities. and computers have been seized in UK, Holland, and elsewhere.

Law enforcement also took “further measures” against frequent users of the service, details of which have not yet been disclosed.

“By taking down world’s largest illegal DDOS seller in a worldwide joint law enforcement operation based on NCA intelligence, we have made an unprecedented impact on DDOS cybercrime,” said Gert Ras, Head of the National High Tech Crime Unit at the Dutch National Police. “Not only were the administrators of this illegal service arrested, but also users will now face prosecution and civil liability for caused damage.”

Read more »
Security News
Breaking News Cyber Security awareness CyberCrime and Law Information Security IT Security News Security News

Disclosing Security vulnerabilities in India

 

Security Researchers usually disclose vulnerabilities openly on the internet like full disclosure. But most often the researchers dont realise it is illegal and can be punished by law under IT act and other IPC section and it can have fatal consequences.

When a researcher detects a vulnerability, he often reports to the company but most often the companies dont reply to his message. If the company is not interested to take action, the researcher feels this is in greater interest of national security/public security.

He can send this vulnerability report again to the company and send a copy to CERT-In(central emergency response team). Most often CERT-In responds back to the hacker/researcher and they also contact the company and advise them to fix it. There is no proper format for reporting, it would be nice if government can come up with a frame work which can allow a proper disclosure of vulnerability policy.

If the company does not fix, the researcher can wait for a months time before he can disclose it fully to the community through media(online and offline) also offer proofs that he has communicated enough to the company and to CERT-In before he has released it.

However, does this protect the researcher from prosecution? If the victim company decides to go in legally, the researcher can be prosecuted for publishing this vulnerability.

Some of incidents have seen where hackers work for some company and because of various problems they had with company, they get involved in revenge hacking. If any crime has pre-mediation or pre-planning the crime is considered serious according to any Law. Such actions are totally illegal.

Many companies like FB, Google offer bounty to hackers. These bugs can be reported to these companies. however if the companies dont take these vulnerabilities they can be published to CERT-In and then publically.

Law does not protect the reporter of the vulnerability. It becomes the responsbility of the hacker/researcher to prove that he did it for greater social good (which could mean lot of head ache with law). If government does not come with proper frame work, it s going to drive hackers to report vulnerabilities anonymously fearing prosecution from police(with victim /company complaining).

What happens to hackers who publish the vulnerability openly without going to CERT-In and companies. They do it ofcourse to get fame or they really didnot want to fix it. Most companies will view these hackers as some one who is not reliable due to their poor full disclosure practice and wont hire them for anything important. They lose opportunity.

It is recommended proper reporting is followed first to the company who is victim, followed by reporting to CERT-In. giving them enough time to fix. Only if the vulnerability can affect public at large and no action was taken then other option of full disclosure should be considered.

Author:J Prasanna, Founder, Cyber Security & Privacy Foundation

Read more »
Spam Report
Cyber Crime CyberCrime and Law cybercriminals hacker arrested Spam Report

Scammer who stole financial info arrested by CIB


An alleged scammer who is responsible for stealing personal data of more than 10,000k people through a spam mail pretending to be from the Bureau of National Health Insurance has been arrested in China.

Surnamed Pan, tricks victims into download and open the attachment that contained a malicious software allowing him to steal the personal data from the affected computers.

According to China Post report, he used few techniques to avoid the antivirus detection and tested his malware numerous time before launching the real attack.

Criminal Investigation Bureau (CIB) said he had stolen "vast amounts of classified financial information from location companies".  He then used those details for accessing the online banking accounts and committed credit card fraud.
Read more »
Security News
Cyber Crime CyberCrime and Law Security News

Liberty Reserve Owner Arrested for money laundering (Updated)

Arthur Budovsky Belanchuk, the owner of  Liberty Reserve, has been arrested in Spain for money laundering.This was revealed by a joint investigation by the Spanish and US police agencies.

Raids were conducted at his home and office's. The investigation had been on since 2011. Also apparently Budobsky's business in Costa Rica was financed by child pornography websites and drug trafficking.

Libirty Reserve's main domain libertyreserve.com is not showing the original site,  its pointing to a sinkhole .

Update on 28/05/2013

The site is now showing a "This Domain Has been seized" message from the United States Global Illicit Financial Team.

Also this press release: http://www.justice.gov/usao/nys/pressreleases/May13/LibertyReservePR.php





As you can see the domain was transferred on May 24,2013 to point to shadowserver.org's name server - a server used by the US Governments to seize a website that has did an online fraud.

One of the EHN's reader, Jonathan Capistrano who contacted LR about the status of  peoples funds was told that they will not be closing down but are taking a break and that LR will be back "new and better" and finally said that funds will stay there , with no reduction or increase in value.  

 Update: This might just be a response said by the LR team so that people do not panic.Legally since LR is not FDIC approved the US government is not responsible for the money people lost.


Read more »
Subscribe to: Posts (Atom)