India And Pakistan Are At a Private Cyber War

India And Pakistan Are At a Private Cyber War by defacing each others Government websites:

India and Pakistan continue to squabble over Kashmir. Both the countries tend to be good friends but are mostly seen in battlefields against each other. At the borders or in the game of cricket, they are historic rivals. And with the world shifting towards digitization, their war has also gone digital. 

Yes, the cyber war between these two neighboring countries seems to have begun.

On Saturday, September 26, a Pakistani hacker Faisal Afzal aka 'Faisal 1337' hacked the official website of Kerala Government, kerala.gov.in.

Reportedly, the text on the homepage at that moment read: "Official website of the RC Office, Govt of Kerala — New Delhi Hacked! Pakistan Zindabad." Also mentioned below was, "We Are Team Pak Cyber Attacker. Security is just an illusion". The hacker also mentioned about his attack on his Facebook page.

In few minutes, the news spread like wild fire all over social media. It was not a question about a government website or an Indian website being hacked, but a full-fledged cyber attack on India by a Pakistani hacker!

Within a few hours, an Indian hacking group returned the favour. 'The Mallu Cyber Soldiers' claimed responsibility of the retaliation. It announced that over 100 Pakistani websites were hacked, as payback to the Pakistani hack of the Kerala Government's website.

They also posted a message on their Facebook page, "!!Message to Script Kiddies of Pakistan ….Do not touch Indian Websites !!! Now your 46 Pakistan government websites got crashed and 4 educational websites got defaced. This is a small payback for hacking kerala.gov.in. Faisal 1337 go home kiddo, you are F*ucked."

The group went on to share the list of the websites hacked. Few included Pakistan's government website Pakistan.gov.pk, and cabinet.gov.pk.

But the 'cyber-war' didn't end there. In the same Pastebin message, the group 'Hell Shield Hackers' stated that the motive behind this attack a payback against the attack on the Kerala government website.

"Indian Hackers haven't hacked a single Pakistani site after August 15, 2015. But Faisal Afzal hacked kerala.gov.in .. Dude? We are not sleeping. If you even touch a Indian site, we will crush you up.. :3. Now feel the heat pakistan.gov.pk hacked," the group said.

However, the governments of both the nations remained tight-lipped. According to reports, the unofficial ‘cyber war’ between the two countries had actually began in 2010 and is waged by patriotic hackers on both sides, every day.

    

Hacking is Not that Hard ..

Hacking is Not that Hard 

▫ More than 90% of successful breaches required only the most basic techniques.

▫ Only 3% of breaches were unavoidable without difficult or expensive actions.

▫ Outsiders with insiders help of or with gross negligence  of insiders were responsible for most breaches.

▫ 85% of breaches took months to be discovered; the average time is five months.

▫ 96% of successful breaches could have been avoided if the victim had put in place simple or intermediate controls.

▫75% of attacks use publicly known vulnerabilities in commercial software that could be prevented by regular patching.

▫ One study found that antivirus software missed as much of 95% of malware in the first few days after its introduction.

▫ Another study found that 25% of malware is not detected by current techniques.

Chinese Cyber attacks History from 1995

Ø  1995 – Major General Wang Pufeng describes attacking via Internet

Ø  1997 – Major General Wang Baocun’s 10 Features of Chinese InfoWar

Ø  1997 – “War Beyond Limits” (Unrestricted Warfare) is written by 2 Senior Chinese Colonels

Ø  May 03, 2001 China warns of massive hack attacks

Ø  2002 - “informatisation” campaign begins Chinese Communist Party (CCP) General Secretary and Central Military Commission (CMC) Chairman Jiang Zemin, a speech before the 16th Party Congress

Ø  2003 - Titan Rain US DoD & Government websites targeted

Ø  2004 – Japan targeted by Chinese over disputed Daiyu Islands

Ø  2007 – GhostNet Global CnC network with IP addresses in People’s Republic of China  

Ø  2008 – Byzantine Hades - targeted cyber operations against the U.S. government using social engineering and malicious attachments and links in e-mail messages. 

Ø  2008 - MI5 writes to more than 300 senior executives at banks, accountants and legal firms warning them - the Chinese army is using Internet spyware to steal confidential information

Ø  2009 - Operation Aurora International Energy Industry targeted

Ø  2009 – Night Dragon Global multinationals attacked via Internet

Ø  2010 – Article - Should we be afraid of Chinese hackers?...Or lost cyber war?

Ø  2011 -US needs to get better at preventing foreign access to advanced technology

-          GAO watchdogs find holes in high-tech access, licensing rules

Ø  2011 – Chinese military CCTv-7 demonstrates GUI Hacking of University of Alabama

Ø  2011 – Office of the National Counterintelligence Executive (ONCIX)  Report indicates both China & Russia target corporate intellectual property

Ø  2011 – Operation Shady RAT FIVE year campaign of economic & intelligence data ex-filtration

•      2012 – “Occupying the Information High Ground: Chinese Capabilities for Computer Network Operations and Cyber Espionage” NORTHRUP GRUMMAN March 7, 2012

Ø  2012 – Chinese Technology Policy & Cyber Offensive Operations - April

Ø  2012 – China & Philippines engage in mutual cyberattacks over Scarborough Shoals – April

Ø  2013 - U.S. Blames China’s Military Directly for Cyberattacks

-          China has said it has suffered its "biggest ever" cyber-attack(DDoS Attacks), causing many websites based in the country to go temporarily offline.

-          Uses North Korea to launch cyber attacks

Ø  2014 - Senate Armed Services Committee's probe found : Hackers associated with the Chinese government have repeatedly infiltrated the computer systems of U.S. airlines, technology companies and other contractors involved in the movement of U.S. troops and military equipment

-          China linked to cyberattacks on Taiwan exploiting Windows vulnerability.

-          5 in China Army Face U.S. Charges of Cyberattacks.

-          China’s cooperation seeked to crack down on North Korea’s cyber-warfare operations, as the country’s telecommunications run through Chinese-operated networks.

Ø  2015 - China is close to developing another cyber weapon capable of unplugging internet jack from an entire nation’s infrastructure.

-          China Reveals Its Cyberwar Secrets, A first acknowledgement

-          China in focus as cyber attack hits millions of U.S. federal workers

Ecommerce websites are legally liable for service defects: Indian Law

E-commerce shopping websites liable for deficient service

When a problem arises, the portal shuns responsibility by claiming it is only a trading platform to bring the buyer and the seller together, and is in no way liable.
Online shopping is becoming increasingly popular because it saves time, the bother of travelling, the prices are competitive, and returns are accepted. In some cases, the seller's name is disclosed, but the address and contact numbers are withheld. This is done in business interests, so that the buyer and seller do not make a deal, depriving the portal of its commission.

The consumer deals with the portal, makes payment to the portal and follow-ups too are via emails to the portal. Yet, when a problem arises, the portal shuns responsibility by claiming it is only a trading platform to bring the buyer and the seller together, and is in no way liable. This is against consumer interest and unwarranted, as held by various consumer fora.

Case Study 1:

Atul Malhotra ordered a Lava mobile phone offered at a 94% discount on Flipkart, for an amount of Rs 400. Flipkart cancelled the order two days later, claiming inability to cope with the demand, refunding Rs 400. Since Atul wanted the phone, not the refund, he complained to the Chandigarh District Forum. Flipkart claimed it was not liable, and the complaint be dismissed as the actual seller had not been joined as a party to the dispute.

The forum observed that Flipkart had made the offer. The entire email correspondence was with Flipkart, including the cancellation. Hence, it would be liable for deficient service. Flipkart was ordered to pay Rs 3,000 as compensation and Rs 2,500 towards costs.

Case Study 2:

Shivanand Narain had purchased a Stealth mobile phone online for Rs 20,390, which turned out to be defective. He returned it and sought a replacement, as the website promised. Since his grievance was not redressed, he filed a complaint. The forum ordered the portal to refund Rs 20,390, the price of the mobile and also awarded Rs 15,000 as compensation.

The portal challenged the order in an appeal to the Chandigarh state commission, contending it was only a "facilitator". Rejecting this argument, the commission observed that the portal solicits business. Customers make payments to the portal. Correspondence with the portal is through the given email address. Thus, it actively participates in the transactions. The state commission dismissed the portal's appeal.

Case Study 3:

Urmil Munjal had made an online purchase through rediff.com. As she was not satisfied with the product supplied, she filed a complaint against the portal before the Gurgaon district forum, which allowed the complaint. The portal's appeal was dismissed. It filed a revision before the national commission, contending that it was only a facilitator.

Rejecting this argument, the national commission observed that the portal had admitted it acts as an intermediary, collecting payment. So its services could not be considered gratuitous merely because no separate charge was collected from the consumer. Inviting buyers and sellers to trade online made the portal amenable under the Consumer Protection Act. The commission concluded that the e-commerce portal would be liable to the consumer.

Conclusion:

E-commerce platforms are liable for the products advertised and business solicited through their websites.

Hacking computer without a Internet connection

••

The most secure computers in the world can't “Google” a thing—they are disconnected from the Internet and all other networks. The U.S. military and the National Security Agency rely on this attack-prevention measure, known as air-gapping, as does The Intercept, the media outlet co-founded by Glenn Greenwald, who was instrumental in disclosing the nsa's extensive domestic surveillance program. But where there's a will, there's a way: a team of doctoral students at Ben-Gurion University of the Negev in Israel announced it can obtain information from an air-gapped computer by reading messages encoded in the heat given off, like smoke signals, by its processors.

All computers have built-in thermal sensors, which detect the heat produced by processors and trigger the rotation of fans to avoid damage to components. To achieve the hack in an office setting, snoopers would infect two adjacent desktop PCs—one air-gapped, the other connected to the Internet—with malware that can take control of the machines and enable them to decode messages hidden in the sensor data. A virus carrying the malware could infect the Internet-connected machine fairly easily, whereas a USB drive or other hardware approach would be required with the air-gapped machine—a feat that could prove difficult at high-security locations.

In a scenario in which a hacker sought a password stored on the air-gapped computer, the malware could instruct the computer's central processor to perform work in a pattern of activity that reveals those characters. Each spate of activity would produce a puff of warm air that would travel to the connected computer, where its thermal sensors would log that single bit of information. Over time, voilà, a set of bits representing the password. The connected computer could then send that information to the interested party. The computer scientists call their hack BitWhisper.

If it sounds awfully slow, it is. The compromised computers can transmit only a maximum of eight bits per hour and can be located no more than 16 inches apart. But that rate is enough to get what you need, says Yisroel Mirsky, one of the co-authors of the research, which will be presented at the IEEE Computer Security Foundations Symposium in Verona, Italy, this month. “You need only about five bits,” he says, for a simple message, such as a command from the connected computer to the disconnected one, to initiate a data-destroying algorithm.

BitWhisper might seem too elaborate—after all, if one can get malware onto a computer via USB, why bother with the heat channel? Mirsky notes that this setup allows a hacker to control an air-gapped computer without physically sitting at it. Also, a computer heating up is unremarkable, so the hack could escape notice, says Anil Madhavapeddy, who studies unconventional ways to transmit information at the University of Cambridge and was not involved in the study. “In general, as computers get faster and the data contained in them more valuable,” he explains, “even the very slow covert channels are useful for attackers because they can just sit back and let them run for hours or even days to leak important information while staying under the radar.”

Of course, stopping such an attack is simple: keep air-gapped computers far away from any computers on a network or insert a sheet of insulation between machines. Given all the conditions BitWhisper would need to work in the real world, it might just be easier to find a whistle-blower.

This article was originally published with the title "Hacking Heats Up." 

By jessy emspak

Rs. 27,000 crore lost in Banking Frauds including cyber frauds from last five years

Rs. 27,000 crore lost in Banking Frauds including cyber frauds from last five years
Cheating and forgery have led to public and private sector banks losing as much as Rs.27,000 crore cumulatively in the last five years, reveals information obtained by dna News Paper under the Right to Information (RTI) Act.
And even this is just a conservative estimate with the actual losses being several thousand crores more. More than 11,500 cases of cheating and forgery of amounts involving Rs.1 lakh and above were reported by banks to RBI. 
SBI reported 1,124 cases the worst hit with losses of Rs.3,494 crore. Of the Rs.27,000 crore losses, public sector banks accounted for Rs.24,000 crore and the rest Rs.3,000 crore was reported by private sector banks. While SBI headed the list, ICICI Bank leads the list of private sector banks with losses of Rs.1,089 crore in 1,776 cases - the highest amongst all banks.
I only won Court Orders worth 3.5 Crores for Online Banking and Credit Card Frauds to be returned to my clients only in Mumbai City and only handle another 6-7 crore matters which are pending..Huh such huge loss to Indian Citizens. RBI & Central Government Do something .
Pic Source : DNA

Prashant Mali meeting Dalai Lama - An Experience with His Holiness

My meeting with His Holiness Dalai Lama 

My Himachal trip was scheduled from 14th to 20th March 2015 and as the days came nearer, without any confirmation of appointment from His Holiness Dalai Lama, I have started telling my friends and fellow beings that i am going to meet Dalai Lama. My intuition then sensed that i will meet him on 18th that made me tell every body the date also. I was visiting my neighbor and Singer friends Baba Honey & Rishika Kaushal, and this trip was also decided extempore in the busy month of March. In preparations i started called one of my highly placed good friend in IPS and he said that he will try and as my faith goes i relied on the same, but my this friend got caught up in some important conference and he couldn't confirm my appointment till 17th, even though i was keeping patience, i never called him as i was knowing if i am scheduled to meet His Holiness, i would definitely meet and Almighty would help me. On 17th afternoon we started to meet a Saint called Mouni Baba Neelkanth Maharaj who had ashram on shores of river vyas overlooking fort of Hamir. On the road to ashram i made call to another highly placed friend in an central organisation, who directed me to a honest IPS officer possessing high integrity and direct previous connects with His Holiness office, who in return directed his previous colleague to help my appointment but was skeptical as i wanted to meet on 18th and was asking this on 17th afternoon. His colleague in Dharamsala immediately arranged appointment and asked me to leave Hamirpur in evening itself and booked me two paid rooms in Hotel Pride Surya in mcload gunj. My appointment was scheduled at 9:30AM on 18th as His Holiness was to leave at 12:00PM . The moment my meeting was confirmed my mind was filled with tranquility and bliss of epic nature. I woke up at 6:30AM and got ready only wearing a Saffron Curta and white pajama  to suit the occasion and decided to bear the cold weather in the happiness of seeing Dalai Lama. I was accompanied by Baba Honey, Rishika Kausahal and Kavishwa Kaushal there mother who were also equally delighted as they were from Himachal and meeting this great personality for the first time like me. Few Tibetans and sick people were present to meet his holiness when we reached his office and Dalai Lama was busy talking to other lamas and officers as i was told so we all braved the cold of mcload gunj in anticipation of once in a life time chance. Then came the chance to meet the most humble person i have ever met.. 

Prominent cheekbones meet the fine network of creases at his shining, penetrating eyes, as he listens and nods and smiles encouragingly. His unusually glowing skin accentuates a single, inquisitive, v-shaped line that runs the length of his high forehead. Regardless of the topic, brief words of practical advice and grounded viewpoint are woven into a conversation that begins and ends with your own initiative. His Holiness the Dalai Lama, believed to be an incarnation of the Buddha of Compassion, is not interested in gaining converts or becoming embroiled in passionate debate. He is simply there for you, to become engaged in a warm, personal exchange.

You notice, fleetingly, that the Dalai Lama's hands are exquisite. His long, slender fingers close gently around each other as he earnestly listens to you. Suddenly his hands open wide, then pull together in a hollow clap as he breaks forth into laughter. It is true that His Holiness does love to laugh. Whether in rippling giggles or a clear open gale, his sense of joy pervades his entire being. While he may roar briefly in response to something you have said, never do you feel ridiculed, for this great monk is laughing beyond irony or personal psychology. And his outburst is generally accompanied by a reassuring comment which clarifies the profound depth of his humor. He even asked my friend Baba Honey about his glares and complimented him. 

I gifted book Authored by me  "Cyber Law & Cyber Crimes Simplified " to his holiness and his secretary introduced me to him as Cyber Law & Cyber Security Expert Lawyer from Mumbai, India  and was referred by Delhi. to which he greeted me with handshake and his soft hands were mesmerizing. All the snaps clicked later were having my book caught prominently by his holiness, a moment to be revered. No personal cameras or mobile phones were allowed so no selfie was possible, but His Holiness instructed to take individual photographs with him and the photographer and his camera was awesome, who took photographs which further imprinted meeting with His Holiness in my mind for ever.