LUCKNOW: In an effort to tighten noose around cyber criminals, the district police recently organised a slide-show presentation in which a private software firm displayed biometric technology tools to control this growing menace. Around 150 cyber cafe owners were also present at the presentation.
Titled 'Cyber Cafe Monitoring System (CCMS)', the technology comprises of a biometric system for recording fingerprints of persons who use a workstation. This potent system has some other features like facility to take live snapshots, public IP address and MAC address (used to keep record of computer systems used in a crime).
According to the firm's director Anuj Kacker, who displayed the technology in front of cyber cafe owners, it will have a US-made thumb scanner device for recording fingerprints of a user. The software will also record photographs along with the name and others details of the user.
However, in a survey of some cyber cafes in the city it came to light that small owners were apprehensive of the technology. Talking to TOI, Rajendra, a cyber cafe owner in Aliganj, said, "if we use this technology we will be under constant watch of the cops as the main server of the system will be connected to that of the cops."
A Hazratganj cyber cafe owner was bold enough to admit that since most of the people who visit his cafe surf pornographic websites, adopting the technology will hit his business and "intrude into the privacy of the user".
Allaying fears, Anuj told TOI that the technology will not record the content of the website or an email. "It will only record the public IP address. The police will only intervene if it comes to light that a crime has been committed on a particular IP," he added.
Anuj added that since cyber cafe owners were not aware about the technology and its use, the firm was planning to conduct regular such presentations. According to Anuj, the software is designed in such a manner that the data base will be recorded for a period of two months. In case a cyber crime is committed using a particular computer system, and it comes to the knowledge of cops, a tracker will be put on the user's name and if on any later date the culprit again uses any other computer system attached to the CCMS main server with the police, his identity will be revealed.
Talking to TOI, senior superintendent of police (SSP) Akhil Kumar said, "it is solely at the discretion of the cyber cafe owners to use this technology or use close-circuit television cameras for maintaining a record. The technology is in no way being endorsed by the district police but it is a good system that will help in controlling cyber crime in a big way." The SSP also assured that if a cyber cafe owner adopts CCMS, police will only intervene in case of complaint lodged for a crime.
The news system will alert police officials of a particular area where a cafe is situated within seconds of any violation and display a status column which will define whether a particular computer system is being used or not by the culprit.
The technology will cost Rs 6,800 along with an additional charge of Rs 200 for the services. According to the technology providers, the cost is less when compared to installing close circuit television cameras (CCTVs) which cost around Rs 14,000 per unit.
So far six cyber cafes out of a total of 3,000 in the city have installed the system and according to Anuj, another 35 proposals are in the pipeline
Showing posts with label Cyber crime. Show all posts
Showing posts with label Cyber crime. Show all posts
Wednesday, July 16, 2008
Researchers Trace Structure of Cybercrime Gangs - PC World.com - 15 Jul 2008
The chain of command of a cybercrime gang is not unlike the Mafia, an evolution that shows how online crime is becoming a broad, well-organized endeavor.
The latest research from Web security company Finjan, released on Tuesday, outlines a pyramid of hackers, data sellers, managers and malicious programmers, all working in a fluid management structure in order to profit from cybercrime.
Finjan researchers joined forums where credit card details and other data is sold, knowns as "carding sites." They impersonated interested data buyers while collecting intelligence on the operations' management hierarchy, said Yuval Ben-Itzhak, Finjan's CTO.
"We kind of had a feeling that something had changed there," Ben-Itzhak said. "There is something even more organized there."
When a person's credit card details are stolen, the details are sold on the carding Web sites, where salespeople offer a menu of available information. Those salespeople don't exploit the data they possess but rather seek to sell it to someone who does. Those salespeople also aren't responsible for the hacking.
The data is supplied by affiliate networks, or groups of hackers who get paid to infect machines with malicious software and steal data. Those networks often have a campaign manager, someone who oversees a particular set of attacks.
At the top of the hierarchy are the boss and his deputy, who handle the distribution of crimeware kits used for hacking. The boss doesn't engage in hacking and acts as an administrator for all of the activity.
Finjan's map of the cybercrime gang comes from chatting with data sellers on ICQ and asking them where the data originates, Ben-Itzhak said. ICQ was one of the first instant messaging programs. Participants are often only know by a number.
"We managed to build up trust," Ben-Itzhak said. "Of course, they don't know we are from Finjan."
Sellers offered "dumps" or batches of credit card numbers: MasterCard Standard and Visa Classic card numbers and security codes go for $15 each, with Visa Gold or Corporate details going for up to $90.
Data often comes with a guarantee, with many data sellers offering to replace cards that don't work or are reported as stolen. But Finjan and other security vendors have said that the price of a credit card number has been falling as the market as the amount of sensitive data on the market has increased.
Finjan broke off contact with the data sellers and hasn't reported it to the authorities, although Finjan does report if researchers come across servers where the stolen data is stored, as the company revealed last month.
The company doesn't have much of an idea where the cybercriminals are physically located. The touch-and-go game on instant messenger is one way to gain intelligence: "It's really about knowing your enemy," Ben-Itzhak said.
By Jeremy Kirk
The latest research from Web security company Finjan, released on Tuesday, outlines a pyramid of hackers, data sellers, managers and malicious programmers, all working in a fluid management structure in order to profit from cybercrime.
Finjan researchers joined forums where credit card details and other data is sold, knowns as "carding sites." They impersonated interested data buyers while collecting intelligence on the operations' management hierarchy, said Yuval Ben-Itzhak, Finjan's CTO.
"We kind of had a feeling that something had changed there," Ben-Itzhak said. "There is something even more organized there."
When a person's credit card details are stolen, the details are sold on the carding Web sites, where salespeople offer a menu of available information. Those salespeople don't exploit the data they possess but rather seek to sell it to someone who does. Those salespeople also aren't responsible for the hacking.
The data is supplied by affiliate networks, or groups of hackers who get paid to infect machines with malicious software and steal data. Those networks often have a campaign manager, someone who oversees a particular set of attacks.
At the top of the hierarchy are the boss and his deputy, who handle the distribution of crimeware kits used for hacking. The boss doesn't engage in hacking and acts as an administrator for all of the activity.
Finjan's map of the cybercrime gang comes from chatting with data sellers on ICQ and asking them where the data originates, Ben-Itzhak said. ICQ was one of the first instant messaging programs. Participants are often only know by a number.
"We managed to build up trust," Ben-Itzhak said. "Of course, they don't know we are from Finjan."
Sellers offered "dumps" or batches of credit card numbers: MasterCard Standard and Visa Classic card numbers and security codes go for $15 each, with Visa Gold or Corporate details going for up to $90.
Data often comes with a guarantee, with many data sellers offering to replace cards that don't work or are reported as stolen. But Finjan and other security vendors have said that the price of a credit card number has been falling as the market as the amount of sensitive data on the market has increased.
Finjan broke off contact with the data sellers and hasn't reported it to the authorities, although Finjan does report if researchers come across servers where the stolen data is stored, as the company revealed last month.
The company doesn't have much of an idea where the cybercriminals are physically located. The touch-and-go game on instant messenger is one way to gain intelligence: "It's really about knowing your enemy," Ben-Itzhak said.
By Jeremy Kirk
Banks should be liable for e-fraud - vnunet.com - 11 Jul 2008
A House of Lords committee has called on the government to make banks, not customers, legally liable for internet fraud.
The House of Lords Science and Technology Committee called for legislation to force banks to cover customer losses incurred through e-crimes in its follow-up report into personal internet security published in August 2007.
The report claims that, under the current system, banks often deny liability for password and Pin fraud, claiming customer negligence or even complicity in the fraud.
"We reiterate our strongly held view that the current reporting sequence is wholly unsatisfactory and that it risks undermining public trust in the police and the internet," says the report.
The committee also recommended that victims of cyber-crime should be able to report incidents directly to the police, reversing the current process which requires them to report incidents to their bank.
The peers also called for a data breach notification law that would require organisations publicly to acknowledge breaches when customer security has been compromised.
The report acknowledged recent proactive moves in terms of protecting UK citizens from online crime, following the government's embarrassing data breaches.
"A level of indifference on the part of the government has now been dispelled only as a result of recent incidents involving serious losses of personal data, " the report said.
The call was backed by Bill Beverley, security technology sales manager at F5 Networks.
"If people were to adopt best practices, many of these data breaches would not have occurred," he told vnunet.com.
Beverley believes that this move would "add some teeth to the legislation" and help spur complacent companies into action when it comes to the protection of data and the liabilities involved when breaches occur.
He added that it is imperative that government agencies are held to the same standards at private companies.
by Guy Dixon and Ian Williams
The House of Lords Science and Technology Committee called for legislation to force banks to cover customer losses incurred through e-crimes in its follow-up report into personal internet security published in August 2007.
The report claims that, under the current system, banks often deny liability for password and Pin fraud, claiming customer negligence or even complicity in the fraud.
"We reiterate our strongly held view that the current reporting sequence is wholly unsatisfactory and that it risks undermining public trust in the police and the internet," says the report.
The committee also recommended that victims of cyber-crime should be able to report incidents directly to the police, reversing the current process which requires them to report incidents to their bank.
The peers also called for a data breach notification law that would require organisations publicly to acknowledge breaches when customer security has been compromised.
The report acknowledged recent proactive moves in terms of protecting UK citizens from online crime, following the government's embarrassing data breaches.
"A level of indifference on the part of the government has now been dispelled only as a result of recent incidents involving serious losses of personal data, " the report said.
The call was backed by Bill Beverley, security technology sales manager at F5 Networks.
"If people were to adopt best practices, many of these data breaches would not have occurred," he told vnunet.com.
Beverley believes that this move would "add some teeth to the legislation" and help spur complacent companies into action when it comes to the protection of data and the liabilities involved when breaches occur.
He added that it is imperative that government agencies are held to the same standards at private companies.
by Guy Dixon and Ian Williams
Sunday, July 6, 2008
Fake profiles of Mahesh Bhatt, Paresh Rawal crop up online - dnaindia.com - 04 Jul 08
Bollywood bigwigs Paresh Rawal and Mahesh Bhatt have lodged a complaint with the Cyber Crime Investigation Cell (CCIC) of the Mumbai crime branch alleging that their fake profiles have been created on the social networking website Facebook. They said they apprehended that the profiles had been created for misuing them.
Joint commissioner of police (crime) Rakesh Maria said the complaints were lodged on Tuesday night. He said the profiles could have been posted to lure youngsters and wannabe actors and actresses into providing sensitive information and to then use the information against them.
Messages asking people to send in their photographs and personal details have been posted on the website. The website has had many visitors hoping to interact with Rawal and Bhatt, Maria said. Social networking websites, such as Facebook, can be used for casting couch, he said.
“This is for the first time that we have a complaint of a fake profile on Facebook,” he said. The previous complaints concerned Orkut, he said.
The cyber crime sleuths may face some obstacles in this case. Maria said. If the server on which the profile has been uploaded is situated in a foreign country then it becomes difficult to block such websites, he said.
The police on Thursday wrote to the agency concerned to block the website or erase the profiles.
Mahesh Bhatt said he came to know about the profile from his dentist. “He told me he had scrapped me on Facebook in past few days. I was shocked to hear this. I told him I am not registered on Facebook,” he told DNA.
“Later Paresh (Rawal) called me and said his fake profile said that he was looking for girls (newcomers) for films,” he said. He said the content was posted from the United States. Attempts were made to contact Paresh Rawal. But his secretary said he was in Mauritius.
Joint commissioner of police (crime) Rakesh Maria said the complaints were lodged on Tuesday night. He said the profiles could have been posted to lure youngsters and wannabe actors and actresses into providing sensitive information and to then use the information against them.
Messages asking people to send in their photographs and personal details have been posted on the website. The website has had many visitors hoping to interact with Rawal and Bhatt, Maria said. Social networking websites, such as Facebook, can be used for casting couch, he said.
“This is for the first time that we have a complaint of a fake profile on Facebook,” he said. The previous complaints concerned Orkut, he said.
The cyber crime sleuths may face some obstacles in this case. Maria said. If the server on which the profile has been uploaded is situated in a foreign country then it becomes difficult to block such websites, he said.
The police on Thursday wrote to the agency concerned to block the website or erase the profiles.
Mahesh Bhatt said he came to know about the profile from his dentist. “He told me he had scrapped me on Facebook in past few days. I was shocked to hear this. I told him I am not registered on Facebook,” he told DNA.
“Later Paresh (Rawal) called me and said his fake profile said that he was looking for girls (newcomers) for films,” he said. He said the content was posted from the United States. Attempts were made to contact Paresh Rawal. But his secretary said he was in Mauritius.
Friday, June 27, 2008
China's cyber warfare against India - indiapost.com
China's intensified cyber warfare against India is becoming a serious threat to national security. The desire to possess 'electronic dominance' over India has compelled Chinese hackers to attack many crucial Indian websites and over the past one and a half years, they have mounted almost daily attacks on Indian computer networks - both government and private.
In October 2007, for example, Chinese hackers defaced over 143 Indian websites. Phishing is a term derived from fishing, and is a fraudulent activity on the Internet to acquire personal information. In phishing, the hackers use spoofed e-mails to lure innocent Internet users and get their personal information like bank account number, credit card details, and password and so on.
In April 2008, Indian intelligence agencies detected Chinese hackers breaking into the computer network of the Ministry of External Affairs forcing the government to think about devising a new strategy to fortify the system. Though the intelligence agencies failed to get the identity of the hackers, the IP addresses left behind suggested Chinese hands.
While hacking is a normal practice around the world, the cyber warfare threat from China has serious implications. At the core of the assault is the fact that the Chinese are constantly scanning and mapping India's official networks.
According to India's CERT-In, in the year 2006, a total of 5,211 Indian websites were defaced, on an average of about 14 websites per day. Of the total number of sites that were hacked and defaced, an overwhelming majority were in the .com domain (90 cases) followed by 26 in the .in domain. As many as 11 defacement incidents were also recorded in the .org domain.
Of all hacking incidents in October, about 61 per cent related to phishing, 27 per cent to unauthorized scanning and 8 per cent to viruses/worms under the malicious code category. India, like the western countries, has been witnessing a massive rise in phishing attacks with incidents in 2006 180 per cent higher than in 2005, and the trend carrying through into 2007.
Though the maximum defacements have been recorded during August, in 2007, February and March recorded the highest such cases with 858 and 738 websites defaced respectively. August, by contrast, saw only 345 websites defaced. While other countries treat Chinese cyber attacks as security breaches, India considers these intrusions as the equivalent of Internet-based terrorist attacks.
An Indian Army commanders' conference held in New Delhi on 26 April, voiced concern over mounting attacks on the country's networks. In the US, in June 2007, the Pentagon's computers were shut down for a week as a result of hacking.
At the frequency and aggressiveness of cyber attacks President Bush, without referring directly to Beijing, had said last year that "a lot of our systems are vulnerable to attack." The Chinese military hacked into the US Defence Secretary's computer system in June 2007 and regularly penetrated computers in at least ten of the UK's Whitehall departments, accessing also military files. German Chancellor, Angela Merkel, too has complained to Chinese Premier, Wen Jiabao, over suspected hacks of its government systems.
Although Beijing vehemently denies all allegations of state-controlled cyber snooping and hacking, the Chinese government as well as its society hails the practice of hacking for the national cause. The formation of Honker Union in China in 1999, in retaliation to the US bombing of the Chinese embassy in Belgrade, was aimed at widespread hacking under the guise of patriotism and nationalism, mostly of government-related websites around the world.
Unless India takes adequate steps to protect itself from external cyber threats, the world famous IT giant could be facing a grim situation. Cyber attacks are dangerous for India because of the growing reliance on networks and technology to control critical systems that run power plants and transportation systems. Cyber attacks on banks, stock markets and other financial institutions could likewise have a devastating effect on a nation's economy.
As a countermeasure, the Indian armed forces are trying to enhance their C4ISR capabilities, so that the country can launch its own cyber offensive if the need arises. Given Chinese cyber attacks, there is need for the army to fight digital battles as well.
According to Indian Army Chief, General Deepak Kapoor, the army has already ramped up the security of its information networks right down to the division level, while the Army Cyber Security Establishment has started conducting periodic cyber-security audits as well. However, the question remains: is this enough to stop Chinese cyber attacks?
In October 2007, for example, Chinese hackers defaced over 143 Indian websites. Phishing is a term derived from fishing, and is a fraudulent activity on the Internet to acquire personal information. In phishing, the hackers use spoofed e-mails to lure innocent Internet users and get their personal information like bank account number, credit card details, and password and so on.
In April 2008, Indian intelligence agencies detected Chinese hackers breaking into the computer network of the Ministry of External Affairs forcing the government to think about devising a new strategy to fortify the system. Though the intelligence agencies failed to get the identity of the hackers, the IP addresses left behind suggested Chinese hands.
While hacking is a normal practice around the world, the cyber warfare threat from China has serious implications. At the core of the assault is the fact that the Chinese are constantly scanning and mapping India's official networks.
According to India's CERT-In, in the year 2006, a total of 5,211 Indian websites were defaced, on an average of about 14 websites per day. Of the total number of sites that were hacked and defaced, an overwhelming majority were in the .com domain (90 cases) followed by 26 in the .in domain. As many as 11 defacement incidents were also recorded in the .org domain.
Of all hacking incidents in October, about 61 per cent related to phishing, 27 per cent to unauthorized scanning and 8 per cent to viruses/worms under the malicious code category. India, like the western countries, has been witnessing a massive rise in phishing attacks with incidents in 2006 180 per cent higher than in 2005, and the trend carrying through into 2007.
Though the maximum defacements have been recorded during August, in 2007, February and March recorded the highest such cases with 858 and 738 websites defaced respectively. August, by contrast, saw only 345 websites defaced. While other countries treat Chinese cyber attacks as security breaches, India considers these intrusions as the equivalent of Internet-based terrorist attacks.
An Indian Army commanders' conference held in New Delhi on 26 April, voiced concern over mounting attacks on the country's networks. In the US, in June 2007, the Pentagon's computers were shut down for a week as a result of hacking.
At the frequency and aggressiveness of cyber attacks President Bush, without referring directly to Beijing, had said last year that "a lot of our systems are vulnerable to attack." The Chinese military hacked into the US Defence Secretary's computer system in June 2007 and regularly penetrated computers in at least ten of the UK's Whitehall departments, accessing also military files. German Chancellor, Angela Merkel, too has complained to Chinese Premier, Wen Jiabao, over suspected hacks of its government systems.
Although Beijing vehemently denies all allegations of state-controlled cyber snooping and hacking, the Chinese government as well as its society hails the practice of hacking for the national cause. The formation of Honker Union in China in 1999, in retaliation to the US bombing of the Chinese embassy in Belgrade, was aimed at widespread hacking under the guise of patriotism and nationalism, mostly of government-related websites around the world.
Unless India takes adequate steps to protect itself from external cyber threats, the world famous IT giant could be facing a grim situation. Cyber attacks are dangerous for India because of the growing reliance on networks and technology to control critical systems that run power plants and transportation systems. Cyber attacks on banks, stock markets and other financial institutions could likewise have a devastating effect on a nation's economy.
As a countermeasure, the Indian armed forces are trying to enhance their C4ISR capabilities, so that the country can launch its own cyber offensive if the need arises. Given Chinese cyber attacks, there is need for the army to fight digital battles as well.
According to Indian Army Chief, General Deepak Kapoor, the army has already ramped up the security of its information networks right down to the division level, while the Army Cyber Security Establishment has started conducting periodic cyber-security audits as well. However, the question remains: is this enough to stop Chinese cyber attacks?
Monday, June 23, 2008
Photobucket’s DNS records hijacked by Turkish hacking group - ZDnet.com
Photobucket the world’s most popular photo sharing site according to Hitwise had its DNS records highjacked to return a hacked page courtesy of the NetDevilz hacking group, a Turkish web site defacement group most widely known for its defacement of the adult video site Redtube earlier this year. Photobucket users across the world are reporting minor outages of the service and problems when trying to access their accounts, the consequence of what looks like the type of DNS records hijacking that redirected Comcast.net to a third-party domain last month.
Third-party site monitoring services indicate that the site was down for 15 minutes yesterday, from from 17:39:39 to 17:55:10, whereas according to a comment left by a Photobucket Forum Support representative, the downtime due to the propagation of the corrected DNS entries was longer :
“On Tuesday afternoon, some users that typed in the Photobucket.com URL were temporarily redirected to an incorrect page due to an error in our DNS hosting services. The error was fixed within an hour of its discovery, but due to the nature of the problem, some users will not have access to Photobucket for a few hours as the fix rolls out. It is important to note that only a portion of Photobucket users encountered the problem and that no Photobucket content, password information or other personal information was affected by the redirect.”
The hacking group appears to have been using the hosting services of atspace.com, the web hosting service of Zetta hosting solutions, and users of Photobucket attempting to access the site with the old DNS entries are still being redirected to a default hosting ad page within atspace.com. The effect of the redirection can also be seen by taking a peek at the publicly obtainable stats for atspace.com, where the sudden peak in traffic resulting in 118,864 visitors for today came from the default ad page used in the redirection.
With the second DNS hijacking attack against a high-profile domain in the recent months, it seems that adaptive malicious parties unable to directly compromise a site will continue taking advantage of good old-fashioned DNS hijacking. At least to prove that it’s still possible even on a high-profile domain using the services of a Tier 1 domain registrar.
By Dancho Danchev
Third-party site monitoring services indicate that the site was down for 15 minutes yesterday, from from 17:39:39 to 17:55:10, whereas according to a comment left by a Photobucket Forum Support representative, the downtime due to the propagation of the corrected DNS entries was longer :
“On Tuesday afternoon, some users that typed in the Photobucket.com URL were temporarily redirected to an incorrect page due to an error in our DNS hosting services. The error was fixed within an hour of its discovery, but due to the nature of the problem, some users will not have access to Photobucket for a few hours as the fix rolls out. It is important to note that only a portion of Photobucket users encountered the problem and that no Photobucket content, password information or other personal information was affected by the redirect.”
The hacking group appears to have been using the hosting services of atspace.com, the web hosting service of Zetta hosting solutions, and users of Photobucket attempting to access the site with the old DNS entries are still being redirected to a default hosting ad page within atspace.com. The effect of the redirection can also be seen by taking a peek at the publicly obtainable stats for atspace.com, where the sudden peak in traffic resulting in 118,864 visitors for today came from the default ad page used in the redirection.
With the second DNS hijacking attack against a high-profile domain in the recent months, it seems that adaptive malicious parties unable to directly compromise a site will continue taking advantage of good old-fashioned DNS hijacking. At least to prove that it’s still possible even on a high-profile domain using the services of a Tier 1 domain registrar.
By Dancho Danchev
Student held for international card fraud
Chennai: A 20-year-old final year commerce student was arrested here on Tuesday for allegedly swindling credit card holders abroad to the tune of Rs.400,000, the police said.
Bharat Raj Purohit was arrested from a northern suburb here following a complaint from ebay.com, an online trading company.
He had been allegedly tipped off about the loopholes in the trade by two people based in Mumbai and Ahmedabad, a police official in the cyber crime department said.
Purohit swindled credit card holders of US, Canada and Russia after fraudulently obtaining secret access codes. He purchased computers, music systems and other IT accessories.
Approximately Rs.40,000 cash was also seized from him.
Bharat Raj Purohit was arrested from a northern suburb here following a complaint from ebay.com, an online trading company.
He had been allegedly tipped off about the loopholes in the trade by two people based in Mumbai and Ahmedabad, a police official in the cyber crime department said.
Purohit swindled credit card holders of US, Canada and Russia after fraudulently obtaining secret access codes. He purchased computers, music systems and other IT accessories.
Approximately Rs.40,000 cash was also seized from him.
Sunday, June 22, 2008
Cybercrime syndicate steals GBP 12.8 million from South African government- epnn.com
South African Minister for Finance and Economic Development reveals that a cybercrime group has defrauded the government with ZAR 199 million (GBP 12.8 million) through spyware infection-driven frauds.
The police has made 32 arrests in connection with more than 80 fraud counts. Commenting on the case, CTO of IT security vendor Tier-3 Geoff Sweeney said the spyware attacks are difficult to stop in their tracks due to their unpredictable nature. Sweeney added that these types of fraud are hard to stop using a traditional single line of defence security strategy. He suggests companies need to rethink their strategies since fraudsters’ attacks are becoming more sophisticated.
The police has made 32 arrests in connection with more than 80 fraud counts. Commenting on the case, CTO of IT security vendor Tier-3 Geoff Sweeney said the spyware attacks are difficult to stop in their tracks due to their unpredictable nature. Sweeney added that these types of fraud are hard to stop using a traditional single line of defence security strategy. He suggests companies need to rethink their strategies since fraudsters’ attacks are becoming more sophisticated.
Cyber scamsters run for cover - TOI - 20 Jun 2008
AHMEDABAD: Cyber hackers are ducking for cover after the nation-wide police crackdown following the busting of the online shopping fraud by the Ahmedabad police.
After the arrest of their kingpins in Mumbai, Chennai and Ahmedabad, there are warnings posted on hacking websites against "indulging in 'carding' for the time being".
"Carding in hackers' jargon stands for dealing in a huge database containing confidential information of credit card holders such as user name, expiry date, credit value verification (CVV) numbers and address. Such data are kept by the IT division of any financial institute. Most of the times, hackers enter into protected servers and steal the data. They do it with utmost care and expertise. At any given time, there are more than 5,000 database available on various websites. However, to access it, one has to become member of the paid community," said Sunny Vaghela, a cyber security expert. These hacking websites had many members posting links to TOI's published stories on the online shopping fraud and discussed the implications of opening up of their network.
One post read: "Hope they will come out soon", about the hackers caught. Another read: "Oh s*@#! If they got cards from here then maybe we should close registrations quicker...damn that's lame...old members." In another community, a seeming veteran advised juniors "not to leave cyber footprints and clear up the record before logging out".
The same website forum has tutorials on how to hack into government and non-government organizations and to access backdoor password of financial gateways. After the surfacing of eBay hacking incidents, the website says, cyber crime cells are active in various affected countries and are keeping a tab on suspicious websites.
By Parth Shastri
After the arrest of their kingpins in Mumbai, Chennai and Ahmedabad, there are warnings posted on hacking websites against "indulging in 'carding' for the time being".
"Carding in hackers' jargon stands for dealing in a huge database containing confidential information of credit card holders such as user name, expiry date, credit value verification (CVV) numbers and address. Such data are kept by the IT division of any financial institute. Most of the times, hackers enter into protected servers and steal the data. They do it with utmost care and expertise. At any given time, there are more than 5,000 database available on various websites. However, to access it, one has to become member of the paid community," said Sunny Vaghela, a cyber security expert. These hacking websites had many members posting links to TOI's published stories on the online shopping fraud and discussed the implications of opening up of their network.
One post read: "Hope they will come out soon", about the hackers caught. Another read: "Oh s*@#! If they got cards from here then maybe we should close registrations quicker...damn that's lame...old members." In another community, a seeming veteran advised juniors "not to leave cyber footprints and clear up the record before logging out".
The same website forum has tutorials on how to hack into government and non-government organizations and to access backdoor password of financial gateways. After the surfacing of eBay hacking incidents, the website says, cyber crime cells are active in various affected countries and are keeping a tab on suspicious websites.
By Parth Shastri
New-age hackers rob accounts without any trace - TOI - 17 Jun 2008
AHMEDABAD: It's quite likely that a US citizen would have purchased latest mobile phones, superior-storage music players or other white goods without even knowing about it! You may be able to track down these goods anywhere in Mumbai, Bangalore, Chennai and Hyderabad. This is what the city Crime Branch officials are busy doing these days.
The recent racket unearthed by Crime Branch has a 16-year-old Mumbai boy Ajay at the centrestage. He along with three other persons in Ahmedabad had hacked into an online shopping website and used credit card details of US citizens to make purchases.
"Officials of the online shopping website got suspicious after detecting what earlier seemed like a simple malfunction. They came to know that it was a computer IP address in Ahmedabad responsible for the illegal shopping.
However, they were not sure how big the scam could be. It turned out to be a major hacking and illegal data transfer case in the state. We have now got valuable information about the network of hackers in the country," said a Crime Branch official investigating the case.
Interrogating the accused seems to have borne fruits as the police are now armed with various contacts from Bangalore, Chennai and Hyderabad. Officials believe that it can be the key to solve many cases of credit card fraud and incidents of hacking.
"As the websites are on public domain, anyone can access them. When there are paid member forums, many a times four to five hackers use the same user name and password and later distribute the fees, which is no more than 50 to 75 USD per month. Similarly, Shahid Khan and Haadi Ghoghai of Ahmedabad were given the id and password by Ajay," said a police official.
The official added that there are various online communities that help the hackers and budding hackers provide a meeting place. However, the members used pseudo-names to hide their identity. Ajay, too, had two social networking ids that he wiped out just two months back. They are literally impossible to track online.
"We are now on the trail of bigger fishes. It's quite likely that these communities work as communication channel between the underworld of hacking. These students are using their skills for the wrong cause. We also got to know that Ajay's contact to hacking world starts from another 19-year-old teenager from Chennai, but it would be too early to reveal anything about him at this stage," said the official.
The recent racket unearthed by Crime Branch has a 16-year-old Mumbai boy Ajay at the centrestage. He along with three other persons in Ahmedabad had hacked into an online shopping website and used credit card details of US citizens to make purchases.
"Officials of the online shopping website got suspicious after detecting what earlier seemed like a simple malfunction. They came to know that it was a computer IP address in Ahmedabad responsible for the illegal shopping.
However, they were not sure how big the scam could be. It turned out to be a major hacking and illegal data transfer case in the state. We have now got valuable information about the network of hackers in the country," said a Crime Branch official investigating the case.
Interrogating the accused seems to have borne fruits as the police are now armed with various contacts from Bangalore, Chennai and Hyderabad. Officials believe that it can be the key to solve many cases of credit card fraud and incidents of hacking.
"As the websites are on public domain, anyone can access them. When there are paid member forums, many a times four to five hackers use the same user name and password and later distribute the fees, which is no more than 50 to 75 USD per month. Similarly, Shahid Khan and Haadi Ghoghai of Ahmedabad were given the id and password by Ajay," said a police official.
The official added that there are various online communities that help the hackers and budding hackers provide a meeting place. However, the members used pseudo-names to hide their identity. Ajay, too, had two social networking ids that he wiped out just two months back. They are literally impossible to track online.
"We are now on the trail of bigger fishes. It's quite likely that these communities work as communication channel between the underworld of hacking. These students are using their skills for the wrong cause. We also got to know that Ajay's contact to hacking world starts from another 19-year-old teenager from Chennai, but it would be too early to reveal anything about him at this stage," said the official.
Now, students turn to hacking at night for money - itexaminer.com
MUMBAI: Akshay Raval, 20, is burning the midnight oil while his hostel roommates are fast asleep at 2 am. A computer engineering student from Gujarat, now in Pune, Raval is in touch with various such students from across the country.
However, on the virtual world he becomes prime_hacky089 when he logs into hackers' communities and shares information such as latest codes, websites for safe payment and tricks that can disrupt a website's function. Ahmedabad: It is the perpetual hunt for a high and this time it is making money on the sly in the world of cyber crime.
Youths with amateur knowledge of the computer world are increasingly being mesmerised by the word ‘hacker’. It places them in a league apart from the 9-to-5 techies who get fat pay-packets for encoding programs for multinationals. Much like the league of Ajay and the three other youths who were arrested by the city crime branch for cyber crime.
Talking to Ajay has revealed that these youngsters lead an abnormal life - they sleep during the day, chat with the world at night and ofcourse, make money!
And, making easy money is their passion. A habit that has helped them change their social life, made them happening and cool and armed with the right gadgets.
Sunny Vaghela, an ethical hacker from Ahmedabad told TOI that when he pursued his dream, he also faced an ethical dilemma as the line between legal and illegal is very thin. “At times, you are at the other side of law but you know that you are doing it for good,” he says.
Vaghela says that there are hundreds of cyber communities that one can find with various keywords. “There are many famous cases in the USA where major multinational companies’ sites were hacked into, including a major on-line shopping site. As the servers of these hackers were outside the country, they could not be arrested,” he said.
The communities which are operated from central Asia have a database of thousands of financial services subscribers — credit cards, on-line payment gateways and fund transfers. Most of the time the victims are people who do not take adequate precautions while transacting on-line.
“I came across various websites where one can access huge database of private institutions. Students from cities such as Ahmedabad, Pune, Bangalore, Delhi, Mumbai, Hyderabad and Chennai join for fun and the high of doing something different.
However, most of the times the bigger hackers do not pass on everything to the greenhorns. Thus, they get restricted to some funny internet tricks and changing password and social networking hacking. But when it gets serious, it can cause economic and social problems,” says Vaghela.
Crime branch officials investigating the on-line shopping case told TOI that Shahid Khan, the youth from Ahmedabad came in contact with Ajay from Mumbai through a common friend and started exchanging information about hacking communities as they were interested in the common subject of hacking. Khan is a computer expert whose computer contained a number of “objectionable” links to finance gateways.
Indian teenagers charged with hacking - Phishers have absconded
By Jayant Mishra @ 16 June 2008 09:22 :: :: 0 Comments :: Category - Unusual
The Indian police have detained four teenagers in custody for making illegal online purchases. Three boys involved in the alleged conspiracy are from Ahmedabad , and a 16 years old minor with the pseudonym "Varun", alleged to be the mastermind behind Ebay hacking is from Mumbai.
The matter came to light when the site’s Mumbai office received complaints about heavy online buying being made from Ahmedabad. On June 11, Krishna Mohan, an Ebay India official, visited the Cyber Cell of Ahmedabad and lodged a complaint. After probing and investigating the matter, the Cyber Cell nabbed Varun from Mumbai, Shahid Khan, Wahid Khan and Hardi, the trio from Ahmedabad for running an illegal online purchase modus operandi. The police have recovered a database of 15,000 credit card numbers along with CCV details from Hardi’s laptop.
Sunny Vaghela, the ethical hacker who helped the crime branch in outsmarting the teenage hacker spoke to the IT Examiner. Sunny said: “the mastermind in the modus operandi was 16 years old, Varun. He had data base of US citizens and their credit card number along with CCV details, which he would pass on to Hardi sitting in Ahmedabad. Hardi would make fake IDs to make online purchases on Ebay and the products were delivered to Shahid and Wahid’s address”.
Hardi had convinced Shahid and Wahid, saying they were phishing on US clients and so there was no chance they would get traced. That’s why Shahid and Wahid fearlessly accepted on receiving the products at their address, said Sunny.
How did they get the Credit card number of US citizens?
Varun’s proficiency in hacking high-security and government websites let him into a hacking community, which gave him access to a huge database of credit card Customer Verification Value (CVV) numbers of prominent banks across the globe. A hacker, aged 19 years, operating form Chennai. is alleged to be the provider of the data base to Varun. He had spread Trojans across online purchase websites, which enabled him to get a track of all the data, which customers would type in. The involvement of another hacker from Hyderabad is also confirmed. But these two hackers have absconded.
Background: Of the master mind.
Varun is 16 and studies in Class X at St Ann's school, Mulund, Mumbai. His tools include a laptop, a communicator and a cellphone. He got in touch with fraudsters during gaming and worked 15 hours a day, trying to figure out how hacking worked. His illegal passion, took over him fast and he mastered in fooling the cyber police by using proxy servers for illegal transactions. He has contacts with US and Vietnam hackers, whom he calls his mentors. He bought goods worth Rs 90,000 in two months from Ebay India.
Apart from illegal online buys, Sunny said, this young group was also a part timeauction business. Itune is available only in selected countries, but the team would forge Itune certificates, take the encryption code and sell it to customers residing in countries, like Germany and Sweden where Itunes is unavailable. This business earned them around Rs90,000-100,000 thousand.
In this case, which appears to be a replica of a Hollywood film, all the perpetrators are aged under 20.
However, on the virtual world he becomes prime_hacky089 when he logs into hackers' communities and shares information such as latest codes, websites for safe payment and tricks that can disrupt a website's function. Ahmedabad: It is the perpetual hunt for a high and this time it is making money on the sly in the world of cyber crime.
Youths with amateur knowledge of the computer world are increasingly being mesmerised by the word ‘hacker’. It places them in a league apart from the 9-to-5 techies who get fat pay-packets for encoding programs for multinationals. Much like the league of Ajay and the three other youths who were arrested by the city crime branch for cyber crime.
Talking to Ajay has revealed that these youngsters lead an abnormal life - they sleep during the day, chat with the world at night and ofcourse, make money!
And, making easy money is their passion. A habit that has helped them change their social life, made them happening and cool and armed with the right gadgets.
Sunny Vaghela, an ethical hacker from Ahmedabad told TOI that when he pursued his dream, he also faced an ethical dilemma as the line between legal and illegal is very thin. “At times, you are at the other side of law but you know that you are doing it for good,” he says.
Vaghela says that there are hundreds of cyber communities that one can find with various keywords. “There are many famous cases in the USA where major multinational companies’ sites were hacked into, including a major on-line shopping site. As the servers of these hackers were outside the country, they could not be arrested,” he said.
The communities which are operated from central Asia have a database of thousands of financial services subscribers — credit cards, on-line payment gateways and fund transfers. Most of the time the victims are people who do not take adequate precautions while transacting on-line.
“I came across various websites where one can access huge database of private institutions. Students from cities such as Ahmedabad, Pune, Bangalore, Delhi, Mumbai, Hyderabad and Chennai join for fun and the high of doing something different.
However, most of the times the bigger hackers do not pass on everything to the greenhorns. Thus, they get restricted to some funny internet tricks and changing password and social networking hacking. But when it gets serious, it can cause economic and social problems,” says Vaghela.
Crime branch officials investigating the on-line shopping case told TOI that Shahid Khan, the youth from Ahmedabad came in contact with Ajay from Mumbai through a common friend and started exchanging information about hacking communities as they were interested in the common subject of hacking. Khan is a computer expert whose computer contained a number of “objectionable” links to finance gateways.
Indian teenagers charged with hacking - Phishers have absconded
By Jayant Mishra @ 16 June 2008 09:22 :: :: 0 Comments :: Category - Unusual
The Indian police have detained four teenagers in custody for making illegal online purchases. Three boys involved in the alleged conspiracy are from Ahmedabad , and a 16 years old minor with the pseudonym "Varun", alleged to be the mastermind behind Ebay hacking is from Mumbai.
The matter came to light when the site’s Mumbai office received complaints about heavy online buying being made from Ahmedabad. On June 11, Krishna Mohan, an Ebay India official, visited the Cyber Cell of Ahmedabad and lodged a complaint. After probing and investigating the matter, the Cyber Cell nabbed Varun from Mumbai, Shahid Khan, Wahid Khan and Hardi, the trio from Ahmedabad for running an illegal online purchase modus operandi. The police have recovered a database of 15,000 credit card numbers along with CCV details from Hardi’s laptop.
Sunny Vaghela, the ethical hacker who helped the crime branch in outsmarting the teenage hacker spoke to the IT Examiner. Sunny said: “the mastermind in the modus operandi was 16 years old, Varun. He had data base of US citizens and their credit card number along with CCV details, which he would pass on to Hardi sitting in Ahmedabad. Hardi would make fake IDs to make online purchases on Ebay and the products were delivered to Shahid and Wahid’s address”.
Hardi had convinced Shahid and Wahid, saying they were phishing on US clients and so there was no chance they would get traced. That’s why Shahid and Wahid fearlessly accepted on receiving the products at their address, said Sunny.
How did they get the Credit card number of US citizens?
Varun’s proficiency in hacking high-security and government websites let him into a hacking community, which gave him access to a huge database of credit card Customer Verification Value (CVV) numbers of prominent banks across the globe. A hacker, aged 19 years, operating form Chennai. is alleged to be the provider of the data base to Varun. He had spread Trojans across online purchase websites, which enabled him to get a track of all the data, which customers would type in. The involvement of another hacker from Hyderabad is also confirmed. But these two hackers have absconded.
Background: Of the master mind.
Varun is 16 and studies in Class X at St Ann's school, Mulund, Mumbai. His tools include a laptop, a communicator and a cellphone. He got in touch with fraudsters during gaming and worked 15 hours a day, trying to figure out how hacking worked. His illegal passion, took over him fast and he mastered in fooling the cyber police by using proxy servers for illegal transactions. He has contacts with US and Vietnam hackers, whom he calls his mentors. He bought goods worth Rs 90,000 in two months from Ebay India.
Apart from illegal online buys, Sunny said, this young group was also a part timeauction business. Itune is available only in selected countries, but the team would forge Itune certificates, take the encryption code and sell it to customers residing in countries, like Germany and Sweden where Itunes is unavailable. This business earned them around Rs90,000-100,000 thousand.
In this case, which appears to be a replica of a Hollywood film, all the perpetrators are aged under 20.
Wednesday, June 11, 2008
Civil servants in cyber crime syndicate - thetimes.co.za - 11 Jun 2008
Corrupt civil servants, in cahoots with a cyber crime syndicate, have robbed four provincial governments of more than R199-million in three years.
The KwaZulu-Natal, Eastern Cape, Limpopo and Mpumalanga provincial governments have all fallen victim to cyber criminals.
After identifying 27 instances in which millions were stolen from five of its departments, the KwaZulu- Natal finance and economic development department has its hands full dealing with what it calls “one of the easiest crimes to commit”.
Motlalepula Motaung, manager of KwaZulu-Natal’s internal audit services, yesterday explained the scam.
She said: “The syndicate approaches the departments’ suppliers and corrupt officials, who are asked to … download information that can help [the syndicate] get into secure [provincial government computer] sites without a pass- word so they can defraud the government.
“The corrupt government officials pocket their share.”
There has been a steady increase in the number of cyber crimes involving government departments in the province.
In 2006, eight cases were reported and last year a further 18 cases were being investigated.
The KwaZulu-Natal education department has been the hardest hit, losing about R43-million.
Cyber security expert Ian Melamed said criminals prefer to target procurement departments. They use information gleaned from spyware to create phoney user names and passwords in order to create new beneficiaries.
Melamed said: “This is only the tip of the iceberg. It is usually only when a supplier’s account details are being reconciled with payments that the fraud is picked up.”
Melamed rated the government’s ability to detect and deal with cyber crime at “minus one out of 10”.
“There is a massive shortage of trained cyber inspectors in South Africa and government department staff aren’t trained to be on the look-out for spyware, which could be slipped [into computer systems] using electronic birthday cards and even by leaving seemingly blank CDs in disc drives.”
Despite 32 arrests, the syndicate continues to milk government departments.
Melamed said more needed to be invested in cyber police.
Nivashni Nair and Borrie la Grange
Number of Internet Fraud Victims on the Rise - scoop.co.nz - 10 Jun 2008
Failing to do basic background checks is resulting in more internet users falling victim to online fraud this year, costing them up to as much in value as a small car.
Internet fraud is up 20 per cent from last year, says the Internet Crime Complaint Centre, with 37.5 per cent of all complaints due to online auction fraud.
Barnaby Jack, a staff security researcher at Juniper Networks in the United States says that fraud involving online auctions continues to be the most prevalent.
“A lack of education about the latest tricks employed by scammers, a lack of education about technology and the internet in general increase a person’s vulnerability” he says.
The most common type of internet fraud involves online auction sites such as TradeMe or ebay. Mostly its simple fraud whereby the buyer sends money for a product, and the product never materialises. It likely never existed and was a fake listing purely for the purpose of a scam.
Others involve potential buyers offering to pay for goods via cheque, asking the seller to refund the difference in cash. Once the bogus buyer has received the cash, the cheque bounces, and the seller never hears from them again.
Kris Bainbridge, systems administrator for Guidance Media says that simple background checking on online auction sites, such as checking the users feedback, can be a good indicator of their trustworthiness.
“Many people are simply too trusting, or may not be familiar with the various scam methods” he says.
Garrett Denton, a 28-year-old customer service rep, explained how his mother fell victim to an online scam when trying to book an apartment for her trip to New York last year.
After spotting the apartment on the internet they contacted the owner, who asked them to send a deposit to “secure their booking.” This worked out at approximately NZ$2700.
A bank cheque was made and sent over to the seller, whom they never heard from again. The number initially provided to them was a prepaid phone and has since been disconnected.
Further background research revealed the same apartment had been listed on several different websites, under contact names like John Doe and Joe Smith.
“I don’t think there’s a way of stopping him” Denton says.
“The sites he’s used are TradeMe type sites, so users can just sign up for a new account and list whatever they like.”
Bainbridge says that online auction sites are starting to get more proactive in their approach to avoid such scams.
“TradeMe is actually pretty good. They make it hard for you to fully use the site until you are ‘address verified’, a process which requires you to prove your address is real” he said.
Both Jack and Bainbridge agree that the age old adage “If it looks too good to be true…” applies in all cases when shopping online.
“On sites like ebay or TradeMe, a lot comes down to common sense” Jack said.
“Check feedback,” says Bainbridge “See what sort of contact details the other party provides, real phone numbers, emails, addresses. Talk to them via phone if you need to.”
Phishing is another common, and dangerous, scam. The victim will receive an email which appears to be from a legitimate retailer, bank, organization, or government agency.
The sender asks the victim to “confirm” their personal information for some made-up reason: your account is about to be closed, an order for something has been placed in the victim’s name, or your information has been lost because of a computer problem. Scammers are then able to obtain the victim’s login details and can access personal information or clear their bank accounts.
Most recently AUT has become target of one such scam. Staff members received an email allegedly from AUT IT services, requesting staff confirm their login details.
The AUT IT Service Desk states, “IT Services would never send a blanket email asking for staff or students to supply their login details. If this were the case it would be a personal face-to-face communication between the IT Service Desk and yourself.”
Bainbridge says “Like any kind of fraud, scammers prey on human weakness. The internet is simply another vehicle for them. That’s the tough bit.”
By Angela Beswick
Internet fraud is up 20 per cent from last year, says the Internet Crime Complaint Centre, with 37.5 per cent of all complaints due to online auction fraud.
Barnaby Jack, a staff security researcher at Juniper Networks in the United States says that fraud involving online auctions continues to be the most prevalent.
“A lack of education about the latest tricks employed by scammers, a lack of education about technology and the internet in general increase a person’s vulnerability” he says.
The most common type of internet fraud involves online auction sites such as TradeMe or ebay. Mostly its simple fraud whereby the buyer sends money for a product, and the product never materialises. It likely never existed and was a fake listing purely for the purpose of a scam.
Others involve potential buyers offering to pay for goods via cheque, asking the seller to refund the difference in cash. Once the bogus buyer has received the cash, the cheque bounces, and the seller never hears from them again.
Kris Bainbridge, systems administrator for Guidance Media says that simple background checking on online auction sites, such as checking the users feedback, can be a good indicator of their trustworthiness.
“Many people are simply too trusting, or may not be familiar with the various scam methods” he says.
Garrett Denton, a 28-year-old customer service rep, explained how his mother fell victim to an online scam when trying to book an apartment for her trip to New York last year.
After spotting the apartment on the internet they contacted the owner, who asked them to send a deposit to “secure their booking.” This worked out at approximately NZ$2700.
A bank cheque was made and sent over to the seller, whom they never heard from again. The number initially provided to them was a prepaid phone and has since been disconnected.
Further background research revealed the same apartment had been listed on several different websites, under contact names like John Doe and Joe Smith.
“I don’t think there’s a way of stopping him” Denton says.
“The sites he’s used are TradeMe type sites, so users can just sign up for a new account and list whatever they like.”
Bainbridge says that online auction sites are starting to get more proactive in their approach to avoid such scams.
“TradeMe is actually pretty good. They make it hard for you to fully use the site until you are ‘address verified’, a process which requires you to prove your address is real” he said.
Both Jack and Bainbridge agree that the age old adage “If it looks too good to be true…” applies in all cases when shopping online.
“On sites like ebay or TradeMe, a lot comes down to common sense” Jack said.
“Check feedback,” says Bainbridge “See what sort of contact details the other party provides, real phone numbers, emails, addresses. Talk to them via phone if you need to.”
Phishing is another common, and dangerous, scam. The victim will receive an email which appears to be from a legitimate retailer, bank, organization, or government agency.
The sender asks the victim to “confirm” their personal information for some made-up reason: your account is about to be closed, an order for something has been placed in the victim’s name, or your information has been lost because of a computer problem. Scammers are then able to obtain the victim’s login details and can access personal information or clear their bank accounts.
Most recently AUT has become target of one such scam. Staff members received an email allegedly from AUT IT services, requesting staff confirm their login details.
The AUT IT Service Desk states, “IT Services would never send a blanket email asking for staff or students to supply their login details. If this were the case it would be a personal face-to-face communication between the IT Service Desk and yourself.”
Bainbridge says “Like any kind of fraud, scammers prey on human weakness. The internet is simply another vehicle for them. That’s the tough bit.”
By Angela Beswick
Saturday, June 7, 2008
Cyber crime nets Bengal countryside - DNA INDIA - 07 Jun 2008
KOLKATA: Cyber crime, especially of the pornography kind, is not a metro-centric affair any longer. Rather, increased police crackdown in the metros has prompted the operators to shift their bases to rural areas.
In the last few months, police stations in West Bengal’s remote villages are being flooded with complaints of young boys and girls either getting unknowingly trapped in such rackets or being blackmailed by operators.
A senior officer of the state crime records bureau said the maximum number of such complaints have been recorded in Birbhum, East Midnapore, Jalpaiguri and Coochbehar districts. The cyber crime division of the state CID, after preliminary investigations, has traced certain operators who clandestinely run the rackets in Bengal’s countryside.
Explaining their modus operandi, a senior CID official told DNA that the operators first rope in small cyber café operators, who are paid handsomely. “They then download nude pictures from various pornographic websites at these cafes. On these are superimposed faces of local girls and youths, clicked by the operator’s agent-cum-photographer mostly through cellphones.
The doctored nude images are then uploaded on the net,” he said. “Their targets are mainly college students and upcoming models or actors in the locality,” the CID official added.
The pictures, available in both still and video formats, rake in the moolah for the operators in two ways. “They sell the pictures or movies in MMS format to interested customers for hefty payments. At the same time, they also extort money by blackmailing the boys and girls whose faces are superimposed on the images,” the official said.
Sumanta Ray Chaudhuri
In the last few months, police stations in West Bengal’s remote villages are being flooded with complaints of young boys and girls either getting unknowingly trapped in such rackets or being blackmailed by operators.
A senior officer of the state crime records bureau said the maximum number of such complaints have been recorded in Birbhum, East Midnapore, Jalpaiguri and Coochbehar districts. The cyber crime division of the state CID, after preliminary investigations, has traced certain operators who clandestinely run the rackets in Bengal’s countryside.
Explaining their modus operandi, a senior CID official told DNA that the operators first rope in small cyber café operators, who are paid handsomely. “They then download nude pictures from various pornographic websites at these cafes. On these are superimposed faces of local girls and youths, clicked by the operator’s agent-cum-photographer mostly through cellphones.
The doctored nude images are then uploaded on the net,” he said. “Their targets are mainly college students and upcoming models or actors in the locality,” the CID official added.
The pictures, available in both still and video formats, rake in the moolah for the operators in two ways. “They sell the pictures or movies in MMS format to interested customers for hefty payments. At the same time, they also extort money by blackmailing the boys and girls whose faces are superimposed on the images,” the official said.
Sumanta Ray Chaudhuri
Friday, June 6, 2008
When cyber police turn a hacker victim - Economic Times - 06 Jun 2008
MUMBAI: In case you thought that working in the Commissioner of Police’s headquarters would ensure that your system would not be hacked, think again.
On Monday, when Sanjay Mohite, DCP — Prevention, resumed work, he could not send any mails from his office computer. The reason. The man in-charge of cyber crime prevention in the city had a system that was hacked. “I have had to send out a mail to all my contacts informing them that my system has been hacked and that they may receive mail from my ID that I have not sent,” says Mr Mohite. He adds though, that he has allowed the hacker to have access to his system so that he is able to trace him.
With more and more people taking to the internet for a variety of reasons and more banks offering internet-related services, the threat of such occurrences has only increased. Apart from the plethora of online shopping options available with the use of a credit card, almost every bank offers its customers services like e-banking. And this, in a way, makes things easier, for those wanting to play dirty.
Online shopping sites require absolutely no information about you, except your credit card number and expiry date. So, if someone has a good memory and has caught a glimpse of the number, you could very well receive a bill for things you never bought. “If the culprit is in India then we can trace them through the IP address and they will be caught. But if the culprit is someone abroad, it is a complicated process,” says Mr Mohite.
A case in point is the case registered in September 2007. Sub-inspector Kulkarni says, “The Maharashtra government’s website was hacked and the front page changed. We traced the IP address to the US, but nothing could be done as it needs to go through official channels. The case is still pending.” Mr Mohite adds, “First we need to see under what sections of our law is it a crime and then if it is considered a crime in other countries and under what law. It then becomes a judicial process and a letter is sent through the external affairs ministry. In most cases though, the police do not cooperate.”
Cyber theft is not something new as far as India is concerned, with numerous cases being registered. In January this year, Ms Kulkarni informs, a case was filed by a woman whose ICICI e-banking account was hacked and Rs 60,000 was transferred by the culprit. The culprit managed to get access to her username and password by sending her a phishing mail which then installed a keylogger software on her system.
The software then recorded her username and password when typed out and the money was later withdrawn. The DCP is quite sure that apart from phishing sites and mails, like the infamous case in 2006 which duped numerous customers of ICICI Bank of their e-banking details and later money as well, there are bound to be instances of bank websites being hacked.
This probably never see the light of day since banks are determined not to have their name tarnished. “Even when it comes to individuals, a lot of cases do not get reported since banks are willing to pay up to Rs. 25,000 per person as compensation as long as a case is not filed,” he adds.
Even once cases are solved, compensation is not immediate; victims usually get relief once the judiciary has gone through the findings and delivered a judgment. So the next time you decide to shop online or flash your card, remember that someone may just be making note of your details to have fun at your expense later.
On Monday, when Sanjay Mohite, DCP — Prevention, resumed work, he could not send any mails from his office computer. The reason. The man in-charge of cyber crime prevention in the city had a system that was hacked. “I have had to send out a mail to all my contacts informing them that my system has been hacked and that they may receive mail from my ID that I have not sent,” says Mr Mohite. He adds though, that he has allowed the hacker to have access to his system so that he is able to trace him.
With more and more people taking to the internet for a variety of reasons and more banks offering internet-related services, the threat of such occurrences has only increased. Apart from the plethora of online shopping options available with the use of a credit card, almost every bank offers its customers services like e-banking. And this, in a way, makes things easier, for those wanting to play dirty.
Online shopping sites require absolutely no information about you, except your credit card number and expiry date. So, if someone has a good memory and has caught a glimpse of the number, you could very well receive a bill for things you never bought. “If the culprit is in India then we can trace them through the IP address and they will be caught. But if the culprit is someone abroad, it is a complicated process,” says Mr Mohite.
A case in point is the case registered in September 2007. Sub-inspector Kulkarni says, “The Maharashtra government’s website was hacked and the front page changed. We traced the IP address to the US, but nothing could be done as it needs to go through official channels. The case is still pending.” Mr Mohite adds, “First we need to see under what sections of our law is it a crime and then if it is considered a crime in other countries and under what law. It then becomes a judicial process and a letter is sent through the external affairs ministry. In most cases though, the police do not cooperate.”
Cyber theft is not something new as far as India is concerned, with numerous cases being registered. In January this year, Ms Kulkarni informs, a case was filed by a woman whose ICICI e-banking account was hacked and Rs 60,000 was transferred by the culprit. The culprit managed to get access to her username and password by sending her a phishing mail which then installed a keylogger software on her system.
The software then recorded her username and password when typed out and the money was later withdrawn. The DCP is quite sure that apart from phishing sites and mails, like the infamous case in 2006 which duped numerous customers of ICICI Bank of their e-banking details and later money as well, there are bound to be instances of bank websites being hacked.
This probably never see the light of day since banks are determined not to have their name tarnished. “Even when it comes to individuals, a lot of cases do not get reported since banks are willing to pay up to Rs. 25,000 per person as compensation as long as a case is not filed,” he adds.
Even once cases are solved, compensation is not immediate; victims usually get relief once the judiciary has gone through the findings and delivered a judgment. So the next time you decide to shop online or flash your card, remember that someone may just be making note of your details to have fun at your expense later.
Wednesday, June 4, 2008
Toddler goes to jail with hacker parents - TOI - 04 Jun 2008
CHENNAI: Seven-month-old P A Aryan is too young to realise that he is being behind bars for no mistake of his. When his mother Ritu Peter Anderson tried to cheat an NRI after hacking one of her friend's email ID and then impersonating him, Aryan also had to pay the price.
He is now accompanying his mother, Ritu (25) in Puzhal central prison, after she was picked up along with her husband Peter Anderson, her brother P Neville Phillips and an associate, Peter Francis, by the cyber crime cell of CB-CID from Bangalore. The arrests were made on a complaint from S D Paul, a resident of Nilgiris.
Ritu, a graduate in psychology, is a known cyber criminal in Bangalore. She, along with her husband, brother and a broker had been involved in many cheating cases, including hacking and impersonation.
"We picked up all the four after receiving a complaint from Paul, a military store manager in Nilgiris. The complaint, filed on May 16, alleged that some one had hacked into his email ID and had been sending messages to his friends in the address book, requesting a financial assistance of Rs 75,000 for medical treatment for ‘Paul's wife'.
The hacking and impersonation came to light when Franko D'Souza, who is a health officer in Kuwait and a friend of Paul, contacted him to know about his wife's ‘illness.' Paul then lodged a complaint," S Balu, deputy superintendent of police, cyber crime cell said.
The cyber crime cell people then acted swiftly and contacted D'Souza. He has been told to keep in touch with the impersonator through mail. When the officials checked details of the mail, it had a bank account number from Bangalore. The police team then went to Bangalore and tracked the account details.
"We found the account holder to be P Neville Phillips, brother of the main accused, Ritu. Neville had managed to open a bank account using fake address with the help of Peter Francis," Balu said.
Meanwhile, Ritu was in constant touch with D'Souza over email. D'Souza informed Ritu that the money had been sent to the said account. Ritu tried to withdraw the money using the ATM card twice.
"That was our plot. We had asked D'Souza to inform Ritu that money had been sent to her. Ritu was desperate after two attempts at ATM and gave her original address to D'Souza. We then traced her and arrested her. We had earlier picked up the other three," Balu said.
He is now accompanying his mother, Ritu (25) in Puzhal central prison, after she was picked up along with her husband Peter Anderson, her brother P Neville Phillips and an associate, Peter Francis, by the cyber crime cell of CB-CID from Bangalore. The arrests were made on a complaint from S D Paul, a resident of Nilgiris.
Ritu, a graduate in psychology, is a known cyber criminal in Bangalore. She, along with her husband, brother and a broker had been involved in many cheating cases, including hacking and impersonation.
"We picked up all the four after receiving a complaint from Paul, a military store manager in Nilgiris. The complaint, filed on May 16, alleged that some one had hacked into his email ID and had been sending messages to his friends in the address book, requesting a financial assistance of Rs 75,000 for medical treatment for ‘Paul's wife'.
The hacking and impersonation came to light when Franko D'Souza, who is a health officer in Kuwait and a friend of Paul, contacted him to know about his wife's ‘illness.' Paul then lodged a complaint," S Balu, deputy superintendent of police, cyber crime cell said.
The cyber crime cell people then acted swiftly and contacted D'Souza. He has been told to keep in touch with the impersonator through mail. When the officials checked details of the mail, it had a bank account number from Bangalore. The police team then went to Bangalore and tracked the account details.
"We found the account holder to be P Neville Phillips, brother of the main accused, Ritu. Neville had managed to open a bank account using fake address with the help of Peter Francis," Balu said.
Meanwhile, Ritu was in constant touch with D'Souza over email. D'Souza informed Ritu that the money had been sent to the said account. Ritu tried to withdraw the money using the ATM card twice.
"That was our plot. We had asked D'Souza to inform Ritu that money had been sent to her. Ritu was desperate after two attempts at ATM and gave her original address to D'Souza. We then traced her and arrested her. We had earlier picked up the other three," Balu said.
Counterfeit credit cards main source of cyber crime - crime-research.org - 03 Jun 2008
LAHORE: Counterfeit credit cards, allegedly smuggled from China, are the main source of cyber crime across the country, as it is the easiest way to swindle banks and financial institutions, said a Federal Investigation Agency (FIA) official on Tuesday.
Card skimming, the electronic theft of information from the magnetic strips of credit cards, is the fastest-growing scam in Pakistan and now represents 60 percent of all credit-card frauds, he said on the condition of anonymity.
“Criminals have also started producing counterfeit credit cards that are barely detectible or differentiable from the original cards,” he said.
Highly sophisticated portable machines are freely available in Pakistan, which are capable of producing ‘genuine’ cards with ‘original’ holograms and imprinted signature strips, he said.
He said that most of the gang leaders were highly qualified and live in posh areas. “They are specially interested in foreign banks, especially those of Italy, South Africa, Singapore, Thailand, Malaysia and England, because of a higher credit limit as compared to local banks,” he said.According to the FIA officials, the cyber crime unit (CCU) registered 15 cases and arrested 24 people in 2007, out of which 12 cases were related to credit cards fraud.
“The cyber crime unit registered 14 cases this year, out of which six cases were of credit card fraud, two were related to online banking and three involved software hacking,” he said. CCU Deputy Director Azhar Mehmood said that criminals often used Chinese-made white plastic cards with electro-magnetic chips.He said that the unit helped banks recover millions of rupees since its establishment in 2005. He claimed that the unit has helped various banks recover Rs 20 million the past year-and-a-half.
“The criminals have a special liking for petrol pumps, as they purchase oil with counterfeit credit cards to sell on the open market,” he said, adding that some petrol pump cashiers were also involved in the business.
“Traders have now started informing on the criminals after being warned against becoming accomplices in the crime,” he said. He said that the general public was not aware of such crimes and usually became an easy prey. “A campaign has been launched to educate them about cyber crimes,” he added.
By: Shafiq SharifSunday, June 1, 2008
Online fraud: Duped of Rs 20 lakh, she tries same on others - ExpressIndia - 31 May 2008
Pune, May 30 The city police on Friday arrested 52-year-old Flora Akkavan of Dhanlaxmi society in Dhanori who duped two persons of Rs 5 lakh. She claimed the crime was committed to make good about Rs 20 lakh she lost to a group of online fraudsters based outside India who promised to make her richer by $ 10 million (about Rs four crore) in double quick time.
The police have seized 30 bundles of ‘black-and-green paper’ having size similar to that of a 100-dollar note and a diplomat’s bag that Flora had got from the fraudsters. Each bundle carries a label — United States of America $ 50,000.
Police Inspector Bhanupratap Barge of crime branch who busted the racket said that the fraud had its roots in Nigeria and Thailand.
Barge said that Flora claimed she had received a fraudulent email sometime prior to April 2007 saying that former Philippines President Asteda wanted to secretly transfer $ 120 million to a bank account in USA and assured to pay her $ 10 million.
Flora said she got another email asking her to pay $ 8,000 (about Rs 4.5 lakh) for opening an account in Crew Bank in USA. She was then told that $ 120 million had been transferred to her Crew Bank account. A few days later, she got an email that $ 110 million had been transferred to Asteda’s account while the remaining $ 10 million was being given to her as promised.
Flora was again asked to pay $ 8000 for transferring the money from USA to India via Thailand. Flora gave this money to a foreigner at Hotel Ambassador in Mumbai. Then in November 2007, she was called to Delhi to collect her kickback money of $ 10 million.
She got the parcel containing a diplomat’s box with bundles of green and black paper. The foreign national who gave the parcel said that these were US dollars coated with green and black colour and demonstrated how the currency could regain its original shape by washing away the coating on the notes with a chemical.
The fraudster said they would send the chemical to her soon and left. Police said that Flora spent about Rs 20 lakh in the process but never got the chemical. Still hopeful of getting her money, she approached Pradeep Baldev Rajput (22), a real estate agent in Wadgaon Sheri.
Flora told him that she has sold three software packages in USA for Rs 17 crore and that the money has already landed in India via ‘a secret channel’ route. She also took Rajput to a cyber café to show the demonstration of notes are converted to dollars by washing with a chemical on a website - doilrich007.
Flora said a Swiss Bank manager would be coming to India with the chemical and lured Rajput to invest Rs 50,000 for purchasing the chemical, saying he would be paid back Rs 2.5 lakh in one month. Later, she managed to extract Rs 1 lakh from Rajput and about Rs 3.5 lakh from his friend Anil Vasant Upshant with the same promise.
As months passed, Rajput realised that Flora was cheating him and his friend and lodged a complaint with the crime branch. A team led by inspector Barge arrested Flora and the case has been transferred to Vishrantwadi police station for investigations.
The police have recovered an Iranian passport from Flora as she was married to an Iranian national. While the foreigners who cheated Flora remain unidentified, police suspect that she has cheated more persons like Rajput.
Monday, May 26, 2008
Notes from the underground: The next generation of carders - blogs.creditcards.com
One of the most notable increases in cybercrime is in credit card fraud, according to the most recent annual report by the FBI's Internet Fraud Complaint Center. Cybercrime in itself is a booming business, having grown to $240 million in reported crimes to law enforcement in 2007 -- up $40 million from the year before.
The first part of this series covered the secret history of one group of credit carders -- online crooks who deal in stolen credit and debit card account information -- and their flamboyant leader who turned from wanted online fraudster to Ukrainian politician.
And now there's a new generation of carders on the prowl that operate far below the public radar. Dumpster divers (people who dig out personal information from discarded receipts and mail) and skimmers are yesterday's news. Today, credit carders are launching "full-fledged online bazaars full of stolen personal and financial information," says Brian Nagel, assistant director of the U.S. Secret Service's Office of Investigations.
As more people report getting ripped off online, crooks are finding more ways to rip us off. Let's see what they're doing.
Part 2 - Notes from the underground: The next generation of carders
The first part of this series covered the secret history of one group of credit carders -- online crooks who deal in stolen credit and debit card account information -- and their flamboyant leader who turned from wanted online fraudster to Ukrainian politician.
And now there's a new generation of carders on the prowl that operate far below the public radar. Dumpster divers (people who dig out personal information from discarded receipts and mail) and skimmers are yesterday's news. Today, credit carders are launching "full-fledged online bazaars full of stolen personal and financial information," says Brian Nagel, assistant director of the U.S. Secret Service's Office of Investigations.
As more people report getting ripped off online, crooks are finding more ways to rip us off. Let's see what they're doing.
Part 2 - Notes from the underground: The next generation of carders
Screenshot of counterfeiting site(Click to enlarge) - To read the full story visit http://blogs.creditcards.com/2008/05/notes-from-the-underground.php
Saturday, May 24, 2008
Credit card fraud just got bigger and worse! - Rupee Times - 23 May 2008
Keeping a credit card just got a bit more expensive! Stealing and using a credit card are passé. In today’s world, hackers are working overtime to find out new innovative ways to make new money, and going by the look of things, they are gaining a sizeable lead in this domain! From skimming and cloning your credit card, to making fake sites; from using stolen cards on them to using new online trading models, the cyber thieves are on prowl to hack into your bank account.
Now, it’s no longer safe to trust a restaurant employee or petrol pump attendant with your credit or debit card. Many cases of multiple cards being ‘skimmed’ and ‘cloned’ are being reported to the police and bank authorities, and many of them are originating when a customer is least expecting it! So next time, think twice about giving your credit card in a restaurant or in a petrol pump! Card thieves are using magnetic stripe readers and encoders which are easily available in the market for $250-$600.
While a card reader can read the data on the magnetic band of your credit or debit card, an encoder can encode it on to any plastic card with a magnetic band, even a normal hotel room key.
Rajat Khare, who is the founder director of network security management company, Appin, said, "All credit cards can be cloned by simply inscribing cards with a similar magnetic band just like a hotel number is fed into a magnetic room key. These kinds of card frauds are becoming common."
Banks are trying to fight this menace, by advising customers to subscribe to mobile alerts. ICICI Bank card products head Sachin Khandelwal said, “We have a 45% market share with about 8.5 million credit cards in the market. The percentage of card frauds is low at about 4 basis points of all transactions. Nevertheless, we shoot an SMS alert for every transaction above Rs 2,000 to all our customers. Skimming of credit cards is generally done when a customer places a mail or phone order transaction.”
However, certain banks, like HDFC, do not stop at mobile alerts. In additions to the alerts, the bank also provides an extra security layer for all credit and debit card customers. Through this facility, the cardholder can create his own additional password, which provides an additional security layer for all On-line transactions, said HDFC Bank credit card marketing head Parag Rao.If you have just received a new credit card from the bank, but discover that it already has a charge attached on it, don’t be surprised. These days credit fraud happens even before a new card has been received from the bank. Credit card number generators are freely available online (on sites like http://www.brothersoft.com) which claim to generate card numbers of various companies starting from ‘5’ (Master Card) or ‘4’ (Visa) or other digits. It also generates 13, 16, 18 or 19 digit card numbers. These generators use the same algorithms like `Luhn formula’ used by government agencies and banks to generate numbers.
“In one case, a hacker managed to crack the algorithm of a bank’s credit card generator and sold hundreds of numbers online. So even before the fresh card came into customer’s hands, they already had a charge on them. In another case, a credit card hacker set up a site and started using stolen card numbers to provide downloadable images and managed to siphon off about $2 million,” adds Mr Khare.
However, the biggest wrath of the credit card fraud can be felt in the E-commerce portals, which have also become like trading havens for hackers. This is how it works: A hacker enters the stolen card number and CVV (card verification value) number, as mentioned on the reverse of the card, into an e-commerce site and buys a product. The payment is made but the buyer doesn’t take the delivery immediately. He gives the delivery date – of generally a week to 10 days. During this time, the hacker posts his costly buys (from the stolen card) on the portal for sale obviously for an even lower price. As the hacker gets a customer for his product, offered at a jaw dropping price, he gives the customer’s address as the delivery address, on the same or other portal.
He receives cash from the final customer in an electronic cash account or an escrow account from where he converts it into hard cash. Escrow is a legal arrangement in which an asset (such as cash, real property or other tangible assets) is deposited into safekeeping (e.g. a bank account) under the trust of a neutral third party (escrow agent) pending satisfaction of contractual contingency or condition. Once the condition has been met, the escrow agent will deliver the asset to the party prescribed by the contract.
Thus during the entire transaction the hacker can manage to cruise through without leaving a trace. Says IT risk and consulting firm Mahindra Special Services Group Captain, Raghu Raman, “Most hackers try and steal small amounts–just 2-3% of a monthly transaction to avoid getting caught. In large transactions, the banks usually call and ask the customer immediately to cross check whether a transaction was done by him. Hackers are also using card numbers to get a subscription or download a costly software which they in turn sell it online.” Thus, this makes it difficult to catch them also.
However, all is not lost for the credit card customers. There are certain precautions which one can adopt so as to be on the safe side. Net security experts have warned that web transactions with credit cards are no longer 100% safe. They suggest the use of credit cards only on sites which are ‘Https’ (Hypertext Transfer Protocol over Secure Socket Layer) and direct the transaction webpage to a payment gateway. Deleting cookies and browsing history from your computer after a transaction might also help prevent the cyber thief stealing your card number.
By Ankit Sharma
Subscribe to:
Posts (Atom)