Hackers Can Turn Siri And Google Now Against You

Hackers Can Turn Siri And Google Now Against You !!! 😎👊

One of the new features in iOS 9 is the ability to train Siri to only recognize your voice so your phone doesn’t respond to commands from just anybody. According to a report from Wired, though, a pair of researchers at ANSSI—a French government agency—have figured out a way to use radio waves to silently activate Siri or Android’s Google Now from across the room.

The hack only works if the target device has Siri or Google Now enabled, and has headphones or earbuds plugged in that also have a microphone. Wired explains, “Their clever hack uses those headphones’ cord as an antenna, exploiting its wire to convert surreptitious electromagnetic waves into electrical signals that appear to the phone’s operating system to be audio coming from the user’s microphone.”

In theory, the attack could be used to anything you can do using the Siri or Google Now voice interaction. The attacker could make calls, send text messages, open malicious websites, send spam or phishing emails, or post to social networks like Facebook and Twitter. By placing an outbound call to the attacker’s own phone the hack could be used to surreptitiously eavesdrop on the victim.

That’s the doomsday scenario version. Now, let’s scale it back and look at how plausible it is for an attack like this to actually work. Most of the time that you have headphones plugged in to your smartphone you’re also listening to them. When Siri or Google Now are activated—even if initiated silently over the airwaves—they typically make some sort of noise indicating that they’re ready to listen to your voice command, and they respond verbally by default so if you’re wearing the headphones you should immediately realize something suspicious is going on.

Even if you’re not actively wearing the headphones—maybe your headphones are plugged in but the smartphone and headphones are just sitting on a table in front of you—it would be challenging to activate the virtual assistant without alerting you. The display generally comes to life and displays your request along with the response from Siri or Google now. If you’re sitting there, minding your own business, and your smartphone suddenly springs to life you’d probably notice.

Assuming your smartphone has the headphones plugged in, but you’re not wearing the headphones to hear the voice interaction, and the smartphone is lying face down so you can’t see the interaction on the display it is theoretically possible, but still highly unlikely. The attack requires unique hardware and only has a range of between six and sixteen feet according to the researchers—depending on the size and power of the radio and antenna.

“Additional functionality, especially concerning user convenience, has often come at the cost of some security,” stressed Gavin Reid, VP of threat intelligence for Lancope. “In this case the hack needs proximity to work and is a proof of concept needing specialized hardware. High security government equipment and installations have often come with additional shielding specifically to limit emanations and any covert channels.”

It’s conceivable that an attacker could position the radio in a Starbucks or similar public location and generate commands to all of the devices within range and direct them to call a specific phone number that generates cash for the attacker. The odds of that happening are relatively low, though. As Reid explains, “This attack is less likely to be leveraged by the criminal underground especially with other methods much easier to implement”.

 

India And Pakistan Are At a Private Cyber War

India And Pakistan Are At a Private Cyber War by defacing each others Government websites:

India and Pakistan continue to squabble over Kashmir. Both the countries tend to be good friends but are mostly seen in battlefields against each other. At the borders or in the game of cricket, they are historic rivals. And with the world shifting towards digitization, their war has also gone digital. 

Yes, the cyber war between these two neighboring countries seems to have begun.

On Saturday, September 26, a Pakistani hacker Faisal Afzal aka 'Faisal 1337' hacked the official website of Kerala Government, kerala.gov.in.

Reportedly, the text on the homepage at that moment read: "Official website of the RC Office, Govt of Kerala — New Delhi Hacked! Pakistan Zindabad." Also mentioned below was, "We Are Team Pak Cyber Attacker. Security is just an illusion". The hacker also mentioned about his attack on his Facebook page.

In few minutes, the news spread like wild fire all over social media. It was not a question about a government website or an Indian website being hacked, but a full-fledged cyber attack on India by a Pakistani hacker!

Within a few hours, an Indian hacking group returned the favour. 'The Mallu Cyber Soldiers' claimed responsibility of the retaliation. It announced that over 100 Pakistani websites were hacked, as payback to the Pakistani hack of the Kerala Government's website.

They also posted a message on their Facebook page, "!!Message to Script Kiddies of Pakistan ….Do not touch Indian Websites !!! Now your 46 Pakistan government websites got crashed and 4 educational websites got defaced. This is a small payback for hacking kerala.gov.in. Faisal 1337 go home kiddo, you are F*ucked."

The group went on to share the list of the websites hacked. Few included Pakistan's government website Pakistan.gov.pk, and cabinet.gov.pk.

But the 'cyber-war' didn't end there. In the same Pastebin message, the group 'Hell Shield Hackers' stated that the motive behind this attack a payback against the attack on the Kerala government website.

"Indian Hackers haven't hacked a single Pakistani site after August 15, 2015. But Faisal Afzal hacked kerala.gov.in .. Dude? We are not sleeping. If you even touch a Indian site, we will crush you up.. :3. Now feel the heat pakistan.gov.pk hacked," the group said.

However, the governments of both the nations remained tight-lipped. According to reports, the unofficial ‘cyber war’ between the two countries had actually began in 2010 and is waged by patriotic hackers on both sides, every day.

    

Hacking is Not that Hard ..

Hacking is Not that Hard 

▫ More than 90% of successful breaches required only the most basic techniques.

▫ Only 3% of breaches were unavoidable without difficult or expensive actions.

▫ Outsiders with insiders help of or with gross negligence  of insiders were responsible for most breaches.

▫ 85% of breaches took months to be discovered; the average time is five months.

▫ 96% of successful breaches could have been avoided if the victim had put in place simple or intermediate controls.

▫75% of attacks use publicly known vulnerabilities in commercial software that could be prevented by regular patching.

▫ One study found that antivirus software missed as much of 95% of malware in the first few days after its introduction.

▫ Another study found that 25% of malware is not detected by current techniques.

Chinese Cyber attacks History from 1995

Ø  1995 – Major General Wang Pufeng describes attacking via Internet

Ø  1997 – Major General Wang Baocun’s 10 Features of Chinese InfoWar

Ø  1997 – “War Beyond Limits” (Unrestricted Warfare) is written by 2 Senior Chinese Colonels

Ø  May 03, 2001 China warns of massive hack attacks

Ø  2002 - “informatisation” campaign begins Chinese Communist Party (CCP) General Secretary and Central Military Commission (CMC) Chairman Jiang Zemin, a speech before the 16th Party Congress

Ø  2003 - Titan Rain US DoD & Government websites targeted

Ø  2004 – Japan targeted by Chinese over disputed Daiyu Islands

Ø  2007 – GhostNet Global CnC network with IP addresses in People’s Republic of China  

Ø  2008 – Byzantine Hades - targeted cyber operations against the U.S. government using social engineering and malicious attachments and links in e-mail messages. 

Ø  2008 - MI5 writes to more than 300 senior executives at banks, accountants and legal firms warning them - the Chinese army is using Internet spyware to steal confidential information

Ø  2009 - Operation Aurora International Energy Industry targeted

Ø  2009 – Night Dragon Global multinationals attacked via Internet

Ø  2010 – Article - Should we be afraid of Chinese hackers?...Or lost cyber war?

Ø  2011 -US needs to get better at preventing foreign access to advanced technology

-          GAO watchdogs find holes in high-tech access, licensing rules

Ø  2011 – Chinese military CCTv-7 demonstrates GUI Hacking of University of Alabama

Ø  2011 – Office of the National Counterintelligence Executive (ONCIX)  Report indicates both China & Russia target corporate intellectual property

Ø  2011 – Operation Shady RAT FIVE year campaign of economic & intelligence data ex-filtration

•      2012 – “Occupying the Information High Ground: Chinese Capabilities for Computer Network Operations and Cyber Espionage” NORTHRUP GRUMMAN March 7, 2012

Ø  2012 – Chinese Technology Policy & Cyber Offensive Operations - April

Ø  2012 – China & Philippines engage in mutual cyberattacks over Scarborough Shoals – April

Ø  2013 - U.S. Blames China’s Military Directly for Cyberattacks

-          China has said it has suffered its "biggest ever" cyber-attack(DDoS Attacks), causing many websites based in the country to go temporarily offline.

-          Uses North Korea to launch cyber attacks

Ø  2014 - Senate Armed Services Committee's probe found : Hackers associated with the Chinese government have repeatedly infiltrated the computer systems of U.S. airlines, technology companies and other contractors involved in the movement of U.S. troops and military equipment

-          China linked to cyberattacks on Taiwan exploiting Windows vulnerability.

-          5 in China Army Face U.S. Charges of Cyberattacks.

-          China’s cooperation seeked to crack down on North Korea’s cyber-warfare operations, as the country’s telecommunications run through Chinese-operated networks.

Ø  2015 - China is close to developing another cyber weapon capable of unplugging internet jack from an entire nation’s infrastructure.

-          China Reveals Its Cyberwar Secrets, A first acknowledgement

-          China in focus as cyber attack hits millions of U.S. federal workers

Ecommerce websites are legally liable for service defects: Indian Law

E-commerce shopping websites liable for deficient service

When a problem arises, the portal shuns responsibility by claiming it is only a trading platform to bring the buyer and the seller together, and is in no way liable.
Online shopping is becoming increasingly popular because it saves time, the bother of travelling, the prices are competitive, and returns are accepted. In some cases, the seller's name is disclosed, but the address and contact numbers are withheld. This is done in business interests, so that the buyer and seller do not make a deal, depriving the portal of its commission.

The consumer deals with the portal, makes payment to the portal and follow-ups too are via emails to the portal. Yet, when a problem arises, the portal shuns responsibility by claiming it is only a trading platform to bring the buyer and the seller together, and is in no way liable. This is against consumer interest and unwarranted, as held by various consumer fora.

Case Study 1:

Atul Malhotra ordered a Lava mobile phone offered at a 94% discount on Flipkart, for an amount of Rs 400. Flipkart cancelled the order two days later, claiming inability to cope with the demand, refunding Rs 400. Since Atul wanted the phone, not the refund, he complained to the Chandigarh District Forum. Flipkart claimed it was not liable, and the complaint be dismissed as the actual seller had not been joined as a party to the dispute.

The forum observed that Flipkart had made the offer. The entire email correspondence was with Flipkart, including the cancellation. Hence, it would be liable for deficient service. Flipkart was ordered to pay Rs 3,000 as compensation and Rs 2,500 towards costs.

Case Study 2:

Shivanand Narain had purchased a Stealth mobile phone online for Rs 20,390, which turned out to be defective. He returned it and sought a replacement, as the website promised. Since his grievance was not redressed, he filed a complaint. The forum ordered the portal to refund Rs 20,390, the price of the mobile and also awarded Rs 15,000 as compensation.

The portal challenged the order in an appeal to the Chandigarh state commission, contending it was only a "facilitator". Rejecting this argument, the commission observed that the portal solicits business. Customers make payments to the portal. Correspondence with the portal is through the given email address. Thus, it actively participates in the transactions. The state commission dismissed the portal's appeal.

Case Study 3:

Urmil Munjal had made an online purchase through rediff.com. As she was not satisfied with the product supplied, she filed a complaint against the portal before the Gurgaon district forum, which allowed the complaint. The portal's appeal was dismissed. It filed a revision before the national commission, contending that it was only a facilitator.

Rejecting this argument, the national commission observed that the portal had admitted it acts as an intermediary, collecting payment. So its services could not be considered gratuitous merely because no separate charge was collected from the consumer. Inviting buyers and sellers to trade online made the portal amenable under the Consumer Protection Act. The commission concluded that the e-commerce portal would be liable to the consumer.

Conclusion:

E-commerce platforms are liable for the products advertised and business solicited through their websites.

Hacking computer without a Internet connection

••

The most secure computers in the world can't “Google” a thing—they are disconnected from the Internet and all other networks. The U.S. military and the National Security Agency rely on this attack-prevention measure, known as air-gapping, as does The Intercept, the media outlet co-founded by Glenn Greenwald, who was instrumental in disclosing the nsa's extensive domestic surveillance program. But where there's a will, there's a way: a team of doctoral students at Ben-Gurion University of the Negev in Israel announced it can obtain information from an air-gapped computer by reading messages encoded in the heat given off, like smoke signals, by its processors.

All computers have built-in thermal sensors, which detect the heat produced by processors and trigger the rotation of fans to avoid damage to components. To achieve the hack in an office setting, snoopers would infect two adjacent desktop PCs—one air-gapped, the other connected to the Internet—with malware that can take control of the machines and enable them to decode messages hidden in the sensor data. A virus carrying the malware could infect the Internet-connected machine fairly easily, whereas a USB drive or other hardware approach would be required with the air-gapped machine—a feat that could prove difficult at high-security locations.

In a scenario in which a hacker sought a password stored on the air-gapped computer, the malware could instruct the computer's central processor to perform work in a pattern of activity that reveals those characters. Each spate of activity would produce a puff of warm air that would travel to the connected computer, where its thermal sensors would log that single bit of information. Over time, voilà, a set of bits representing the password. The connected computer could then send that information to the interested party. The computer scientists call their hack BitWhisper.

If it sounds awfully slow, it is. The compromised computers can transmit only a maximum of eight bits per hour and can be located no more than 16 inches apart. But that rate is enough to get what you need, says Yisroel Mirsky, one of the co-authors of the research, which will be presented at the IEEE Computer Security Foundations Symposium in Verona, Italy, this month. “You need only about five bits,” he says, for a simple message, such as a command from the connected computer to the disconnected one, to initiate a data-destroying algorithm.

BitWhisper might seem too elaborate—after all, if one can get malware onto a computer via USB, why bother with the heat channel? Mirsky notes that this setup allows a hacker to control an air-gapped computer without physically sitting at it. Also, a computer heating up is unremarkable, so the hack could escape notice, says Anil Madhavapeddy, who studies unconventional ways to transmit information at the University of Cambridge and was not involved in the study. “In general, as computers get faster and the data contained in them more valuable,” he explains, “even the very slow covert channels are useful for attackers because they can just sit back and let them run for hours or even days to leak important information while staying under the radar.”

Of course, stopping such an attack is simple: keep air-gapped computers far away from any computers on a network or insert a sheet of insulation between machines. Given all the conditions BitWhisper would need to work in the real world, it might just be easier to find a whistle-blower.

This article was originally published with the title "Hacking Heats Up." 

By jessy emspak

Rs. 27,000 crore lost in Banking Frauds including cyber frauds from last five years

Rs. 27,000 crore lost in Banking Frauds including cyber frauds from last five years
Cheating and forgery have led to public and private sector banks losing as much as Rs.27,000 crore cumulatively in the last five years, reveals information obtained by dna News Paper under the Right to Information (RTI) Act.
And even this is just a conservative estimate with the actual losses being several thousand crores more. More than 11,500 cases of cheating and forgery of amounts involving Rs.1 lakh and above were reported by banks to RBI. 
SBI reported 1,124 cases the worst hit with losses of Rs.3,494 crore. Of the Rs.27,000 crore losses, public sector banks accounted for Rs.24,000 crore and the rest Rs.3,000 crore was reported by private sector banks. While SBI headed the list, ICICI Bank leads the list of private sector banks with losses of Rs.1,089 crore in 1,776 cases - the highest amongst all banks.
I only won Court Orders worth 3.5 Crores for Online Banking and Credit Card Frauds to be returned to my clients only in Mumbai City and only handle another 6-7 crore matters which are pending..Huh such huge loss to Indian Citizens. RBI & Central Government Do something .
Pic Source : DNA