Monday, April 21, 2014

Bored housewife killed due to Facebook deception

A bored housewife, mother of three, posing as a young unmarried girl on Facebook had a three year online relationship with a younger man. Recently they decided to meet in person at a public place, for the very first time. On discovering that he had been deceived, the young man killed the woman at the spot in a fit of rage, and then attempted suicide.

 There is no way to verify Facebook profiles or ascertain the intentions of the person they represent. A sixteen year old may actually be much older, married, of a different sex, in a different country and may have ill minded intentions. It is preferable not to trust random requests for friendship, and certainly not to the extent, where one starts sharing sexual chats, pictures or videos.


Saturday, April 19, 2014

Alert victim nabs thief using his cloned credit card

Credit card companies send an SMS alert with payment details after each transaction. Quick thinking by a victim who received one such alert for a payment of Indian Rupees 10,000 (200 US) which he had not made, resulted in the capture of a man who used a cloned card to pay for a bill at a popular restaurant. On the receipt of the SMS, the victim searched for the number of the restaurant from an online directory and alerted its manager to the recent fraudulent transaction. The vigilant manager rushed out and nabbed the customer minutes before he was set to board an autorickshaw (tuk tuk) outside the restaurant.

This incident is a motivating example of how a combination of quick thinking and a speedy response can save the day. SMS alerts have proved their usefulness in containing the scale and extent of ATM and credit card crime in India.

Once an alert on a transaction you have not made is received, immediately bar your card to prevent further monetary loss. Take heed, and act quickly.

Sunday, April 13, 2014

Cybercitizens, do you need to be concerned about Heartbleed?

17% of all Internet services and a larger percentage of networking products have had their security systems compromised by a bug in the implementation of encrypted channels; rendering it possible for  attackers to unearth user passwords or read encrypted communications (both current and stored).

From the published list of affected websites on The Heartbleed Hit List, it appears apparent that the bug impacts a wide range of services used commonly by cybercitizens.  Mail, social networks, home networks and financial sites were all exposed to potential malicious activity which ranged from spying to crime. As vulnerable software versions were in use for over two years, the exact impact of its malicious exploitation will never be known.

The obvious assessment is that it was found early by government agencies who kept its discovery a closely guarded secret, using it to decode encrypted channels set-up to ensure privacy and safety: - to read messages, find passwords and so on. Such flaws are typically detected using a type of test tool, commonly used by governments and specialized labs. It is therefore no surprise that the flaw was uncovered by Codenomicon, a security testing tool vendor. If this was true, then the most obvious targets would be political opponents, dissidents, journalists, and others in whom governments have vested interests in.

If cybercriminals were to discover the bug early they would have used it to steal the private keys of large internet service providers, effectively enabling them to fool cybercitizens into thinking that they were communicating with a legitimate service rather than a spoofed site. In such a scenario, cybercitizens may have willingly parted with their credentials and as a consequence incurred a monetary loss.                                                                                 

The bug also allowed attackers to randomly download a small portion of the computer memory, leaking user credentials. I personally think that such random attacks amounting to finding a needle in a haystack would not be profitable. Rather, it would have been very rewarding to sell such an exploit in the underground market to one or many governments.

The bug highlights the helplessness that cybercitizens face as they rely on firms to ensure the proper use of technology to keep the services they use secure. Cybercitizens are truly helpless victims.

Now, that the bug is known, cybercitizens should first check the services they use ensure that they are not currently vulnerable; following which it is important to change passwords.
Ideally, I would have liked to have seen service provider send emails to their users requesting them to reset their passwords.

Wednesday, January 15, 2014

Citizens use spycatching gear to take on corrupt officials

In India’s capital territory of New Delhi, the Aam Aadmi Party (common man’s party) made a spectacular debut onto India’s political landscape with the promise to remove deeply rooted petty corruption, within the administration.

Within days of taking office, the new government installed an anti-corruption helpline to give advice to citizens on how to conduct sting operations on corrupt officials, by recording evidence - either audio or video against the bribe taker. Using the evidence generated from such stings as prima facie proof, the government’s anticorruption bureau would later lay traps to catch these officials red-handed and then arrest them. The prime objective behind this crusade is to strike fear into corrupt officials and minimize corruption.

Within three days, the 23,000 calls received by the helpline amply indicated the extent of the common man’s frustration; and the resultant motivation to turn into anti-graft crusaders. Delhi witnessed a surge in the sales of spy catching devices, for audio and video recording - innocuously disguised into caps, glasses, bags and even water bottles.

While, there may be positive fallouts from reducing corruption, there could be social consequences, if their use impinges onto the privacy of individuals. Spy gadgets, can be used for nefarious purposes such a blackmail, defamation, abuse, and so on. In some cases, the compliant may be malicious motivated and even fudge recordings to defame or entrap honest officials.