Meeting with Dr. Jamie Saunders

Met Dr. Jamie Saunders, Director of UK's National Cyber Crime Unit at the London office of National Crime Agency .Had a good knowledge sharing session and also I presented him my Book on Cyber Crime & Cyber Law.

Prashant Mali 

Fast Flux Networks An Introduction

A Fast Flux Network is a network of compromised computers and some public DNS records that change frequently. As a result, the IP address associated with the corresponding domain name changes frequently. This technique is often used by the attackers to hide their malicious websites from detection. Botnets are large groups of compromised machines (bots) used by miscreants for the most illegal activities (e.g., sending spam emails, denial-of-service attacks, phishing and other web scams). To protect the identity and to maximise the availability of the core components of their business, miscreants have recently started to use fast-flux service networks, large groups of bots acting as front-end proxies to these components. Motivated by the conviction that prompt detection and monitoring of these networks is an essential step to contrast the problem posed by botnets,

Attackers typically compromise one or more victim computer systems with malware and exploit those to establish a fraudulent website like a Phishing website. The problem of the attackers with this approach is, these websites can be easily tracked down by public DNS name and IP address to shut them down immediately.

Peer-to-Peer (P2P) botnets have emerged as a serious threat against the network security. They are used to carry out various illicit activities like click fraud, DDOS attacks and for information exfiltration. These botnets use distributed concept for command dissemination. These botnets are resilient to dynamic churn and to take-down attempts. Earlier P2P botnet detection techniques have some shortcomings such as they have less accuracy, unable to detect stealthy botnets and advanced botnets using fast-flux networks. In this paper, we list recent P2P botnet detection techniques that overcome the weaknesses of previous techniques with higher detection accuracy.

So, the attackers started using server address obfuscation. They often use a group of proxy servers to redirect network. But, this approach also does not prove to be much convenient for them because of limited scalability. Moreover, these websites can still be tracked down quickly by international cooperation.

So, the attackers started using Fast Flux Networks.
The basic idea behind a Fast Flux Network is to associate multiple IP addresses to a malicious domain name. These IP addresses are swapped in and out with extremely high frequency, may be in every 3 minutes, with the help of changing DNS records. As a result, a browser connecting to the same malicious website in every three minutes will see different IP address each time and connect to the actual malicious website via different infected computers every time.

In Fast Flux Networks, attackers compromise a number of computer systems with malware and then exploit their bandwidth and computation power to build the Fast Flux Network.
In Fast Flux Networks, attackers often use a number of compromised computers as front end systems. These front end systems get the requests from the victims to connect to the malicious website and redirect those requests to the back-end servers.
So, the large pool of rotating IP addresses do not correspond to the actual back-end servers. Instead, they fluctuate among many front end servers which in turn funnel the requests and redirect them to the actual back-end servers.
Fast Flux motherships are the main controlling elements behind the front end servers. They are similar to Command & Control or C & C servers, though they have much more features compared to the C & C servers.This mothership node is hidden by the front end servers, which make them extremely difficult to track down. They often host both DNS and HTTP services and use web server virtual hosting configuration to manage content availability.

Fast Flux Networks are responsible for many illegal practices like online pharmacy shops, money mule recruitment sites, phishing websites, illegal adult contents, distribution of malware etc. Even other services like SMTP, POP, IMAP etc can be delivered using Fast Flux Networks.

image courtesy : Wikipedia

Prashant Mali Chevening TCS Cybersecurity fellowship images

Black Software List

This List is Public 😇

🔵 Password Hacking Software 

1.haviz

2.metasploit

3.hydra

4.wireshark

5.Dsniff

6.InSSIDer

7.Aircrack-ng

8.Aircrack

9.Brutus

10.Cain And Abel

11.IKECrack

🔴Wireless Hacking Software

12.Kismet

13.KisMAC

14.Firesheep

15.NetStumbler

16.WepLab

🔵Network Hacking Software

17.Map

18.SuperScan

19.Angry IP Scanner

🔴Packet Crafting To Exploit Firewall Weaknesses software

20.Hping

21.Scapy

22.Netcat

23.Yersinia

24.Nemesis

25.Socat

🔵Traffic Monitoring for Network Related Hacking software

26.Splunk

27.Nagios

28.P0f

29.Ngrep

🔵Packet Sniffers To Analyze Traffic software

30.Wireshark

31.Tcpdump

32.Ettercap

33.Dsniff

34.EtherApe

35.Paros

36.Fiddler

37.Ratproxy

38.Sslstrip

39.SSL/TLS Security 

🔴Test By High-Tech Bridge

Rootkit Detectors To Hack File Systemsoftware

40.Netfilter

41.PF: OpenBSD Packet Filter

42.Skipfish

43.Wfuzz

44.Wapiti

45.W3af

46.Sleuth Kit

47.Helix

48.Maltego

49.Encase

🔴Debuggers To Hack Running Programs software

50.Immunity Debugger

51.Netcat

52.Traceroute

53.Ping.eu

54.Dig

55.CURL

🔵Hacking Operating Systems software

56.Backtrack 5r3

57.Kali Linux

58.SELinux

59.Knoppix

60.BackBox Linux

61.Pentoo

62.Matriux Krypton

63.NodeZero

64.Blackbuntu

65.Samurai Web Testing Framework

66.WEAKERTH4N

67.OpenSSL

68.Open PuTTy

69.Tor

70.openvpn

72.Stunnel

73.KeePass

🔴Intrusion Detection System And The IDS Tools

74.Snort

75.NetCop

🔵Hacking Vulnerability Exploitation Tools

76.Sqlmap

77.Sqlninja

78.Social Engineer Toolkit

79.NetSparker

80.BeEF

81.Dradis

🔵Vulnerability Scanners tools

82.nessus

83.OpenVAS

84.Nipper

85.Secunia PSI

86.Retina

87.QualysGuard

88.NexPose

🔴Web Vulnerability Scanners tools

89.Burp Suite

90.Webscarab

91.Websecurify

92.Nikto

93.W3af

Case Laws for CCTV as Best Evidence

CCTV Footage- Primary Evidence- 

CCTV footage directly & immediately stored in hard drive of computer is original media, self generated & created without human intervention- Not secondary evidence & does not require certification u/s 65B of Evidence Act. Kishan Tripathi v. State, Crl.A.108/13, 12.2.16 DHC

-—-–—–-—––—-–—

: Procedure to be followed by Magistrate when CCTV footage and video recordings is produced by police at the time of filing of chargesheet?

           During the hearing of the case, we noticed that the trial Court had not played the DVR (MO-2) and seen the CCTV footages in the presence of the accused. In this regard we propose to dispel misgivings, if any, in the mind of trial Judges about their power to view such evidences. There will be instances where, by the time the case comes up for trial in one court, the electronic record would have had a natural death for want of proper storage facilities in the Court property room. To obviate these difficulties, we direct that, on a petition filed by the prosecution, the Judicial Magistrate, who receives the electronic record, may himself view it and take a back up, without disturbing the integrity of the source, in a CD or Pendrive or any other gadget, by drawing proceedings. The back up can be kept in safe custody by wrapping it in anti static cover and should be sent to the Sessions Court at the time of committal. The present generation of Magistrates are computer savvy and they only require legal sanction for taking a back up. They can avail the service of an expert to assist them in their endeavour. Recently the Supreme Court in Shamsher Singh Verma v. State of Haryana, MANU/SC/1345/2015 : 2015 (12) Scale 597, has held that CD is a 'document' within the meaning of Section 3 of the Indian Evidence Act, 1872. In Ziyauddin Burhanuddin Bukhari v. Brijmohan Ramdass Mehra, MANU/SC/0277/1975 : (1976) 2 SCC 17, the Supreme Court has held that tape records of speeches are 'documents' as defined in Section 3 of the Indian Evidence Act, 1872. This Judgment has been relied upon in Shamsher Singh Verma's case (cited supra). Therefore, we hold that articles like Memory Card, Hard Disc, CD, Pen-drive, etc., containing relevant data in electronic form are 'documents' as defined under Section 3 of the Indian Evidence Act, 1872, albeit, marking them as material objects. After all, nomenclature cannot have the effect of altering the characteristics of an object. The words 'proved' and 'disproved' in section 3 of the Evidence Act have the following common denominator;

    "A fact is said to be proved/disproved when, after considering the matters before it............ "

    (emphasis supplied)

Without viewing the CCTV footage, how can any Court, "consider the matter before it " to conclude that a fact has been 'proved' or 'disproved' ? That apart, Section 62 of the Indian Evidence Act, 1872 states,

    "Primary evidence means the document itself produced for the inspection of the Court."

    (emphasis supplied).

This does not mean that, if a secondary evidence of a document is admitted lawfully, the Court is denuded of the power to inspect it. Such an inference will lead to absurdity. Therefore, we hold that a Court has the power to view CCTV footage and video recordings, be it primary or legally admissible secondary evidence, in the presence of the accused for satisfying itself as to whether the individual seen in the footage is the accused in the dock. The trial Court should also specifically put questions to the accused when he is examined under Section 313 Cr.P.C. about his overt acts appearing in the footage and record his answers.

IN THE HIGH COURT OF JUDICATURE AT MADRAS

Dated:     27.2.2016.

: IN THE HIGH COURT OF JUDICATURE AT MADRAS

Dated:      27-1-2016

Coram

The Honourable Mr.Justice R.SUDHAKAR and

The Honourable Mr.Justice P.N.PRAKASH

Referred Trial No.1 of 2015

Criminal Appeal No.110 of 2015

K. Ramajayam @ Appu Appellant/Accused

Vs.

The Inspector of Police,

-—–—-—–—–—

SC: Computer Output not admissible without Compliance of 65B,EA

In the judgment of ANVAR P.V. VERSUS, P.K. BASHEER AND OTHERS, in CIVIL APPEAL NO. 4226 OF 2012 decided on Sept., 18, 2014, the Supreme Court has settled the controversies arising from the various conflicting judgments as well as the practices being followed  in the various High Courts and the Trial Court as to the admissibility of the Electronic Evidences. The court has interpreted the Section 22A, 45A, 59, 65A & 65B of the Evidence Act and held that data in CD/DVD/Pen Drive are not admissible without a certificate u/s 65 B(4) of  Evidence Act. It has  been clarified that in case of computer output without such a certificate, neither  there cannot be  oral evidence to prove such a electronic evidence the output in electronic media  nor the opinion of the expert under section 45A Evidence Act could be resorted to prove the genuineness

-—–-–—-–—

Fact discovered - what constitutes - Fact means some concrete or material fact to which information directly relates - Information must be such as has caused discovery of the fact & must relate distinctly to the fact discovered -

2010 ALL SCR (OCC) 146 -

Erabhadrappa V/s. State of Karnataka 

------------------------------------------------

Electronic Evidence Case Law: CCTV & 65B Certificate 

Rajesh Dhannalal Daware Vs. State of Maharashtra {Bombay High Court, 5 May 2016}

Evidence Act, 1872 - Section 65-B - Footage of CCTV Camera - Under S. 65B(4) if it is desired to give a statement in any proceedings pertaining to an electronic record, it is permissible provided the following conditions are satisfied: (a) There must be a certificate which identifies the electronic record containing the statement; (b) The certificate must describe the manner in which the electronic record was produced; (c) The certificate must furnish the particulars of the device involved in the production of that record; (d) The certificate must deal with the applicable conditions mentioned under Section 65B(2) of the Evidence Act; and (e) The certificate must be signed by a person occupying a responsible official position in relation to the operation of the relevant device.

Trojan targeting your bank codes sent on Mobile

A new Android trojan has the ability to intercept text messages and bypass the SMS-based two-factor authentication system protecting customers' bank accounts. The trojan, detected as  "Android/Spy.Agent.SI"   is currently targeting customers of large banks via their mobile apps.

The malware tricks users into downloading it onto their devices by masquerading as Adobe Flash Player. Upon installation, it requests that the user grant the malicious app administrator rights, before seemingly disappearing from view.

Rest assured, however, that while the Flash Player icon might no longer be visible, the trojan is just getting started.At this point, Android/Spy.Agent.SI contacts a remote server hosting malicious APK files whose corresponding URL paths are regenerated hourly in a bid to avoid detection by anti-virus software.

The trojan uses this connection to send information about the infected device, along with the package names of installed applications, to its operators. If any of the apps are identified as a target, the remote server responds with a list of 49 apps that Android/Spy.Agent.SI is equipped to attack via a phishing attack.

Just in case the victim's account is protected with two-factor authentication, Android/Spy.Agent.SI also has the ability to send all SMS communications to the remote server upon request.This allows the malware's author to bypass 2FA protection.

These are things you can do to protect yourself.

First, if you ever see anything masquerading as Adobe Flash Player on Android, you can be sure it's a fake. Flash Player hasn't created a client for Android since 2012, so there's no way anything legitimate is still making the rounds on the mobile platform.

Second, you would be wise to install mobile apps from the official Google Play Store rather than less-trustworthy third-party sites, and should always keep a mobile anti-virus solution running on your phone as an added layer of defense.

Last but not least, if you do become infected with Android/Spy.Agent.SI, you can remove the malware by disabling the fake Flash Player's administrator privileges in Settings or by removing it while in Safe Mode.

Stages of Cyber Civil Cases in Indian

STAGES IN a Cyber CIVIL Case / Suit in India-

(Plaintiff Means whoever files the case )
By Advocate Prashant Mali(@CyberMahaGuru)

1. Plaintiff has to file the plaint complying the provisions in all respect as contemplated under

Order 4 r/w Order 6 and 7 of the code.

2. Plaintiff  has to issue summons within 30 days from the institution of suit.

3. After the service of summons defendant has to file his written statement within 30 days

from the receipt of summons as per Order 8 R 1 of the code

4. No further time exceeding 90 days after date of service of summons be extended

for filing written statement as per proviso to Order 8 R 1 of the code.

5. Within 10 days from the filing of written statement court has to examine the parties so

as to explore the possibilities of compromise in between the parties and to refer the matter of settlement under section 89 of the code.

6. If parties fail to compromise the matter then court has to keep the matter for discovery

and inspection  within the time span of 7– 10 – 10 – 3 days, as per Order 11 of the code.

7. Then to adjourn the matter for admission within the time span of 15 days as per Order 12

of the code.

8. Then parties have to file the original documents prior to framing of issues within

the time span of 7 days, as per Order 13 of the code.

9. Court has to frame the issues within 15 days as per Order 14 of the code.

10. Parties have to file the list of witnesses within 15 days from the date of framing of issues as per

Order 16 of the code.

11. Plaintiff has to issue summons to the witnesses either for adducing evidence or for production of documents within 5 days of filing of list as per Order 16 R 1(4) of the code.

12. Parties have to settle the date of evidence as per Order 16 of the code.

13. Plaintiff has to file the affidavits of all his witnesses within 3 adjournments as per Order 18 R 4 r/w Order 17 of the code.

14. Court has to exhibit the documents considering their proof and admissibility with a reasoned order as per proviso to Order 18 R 4(1) of the code.

15. Cross examination of the plaintiff and his witnesses on day to day until all the witnesses in

attendance have been examined as per Order 18 R 4 (2) r/w Order 17 R2 (a) of the code.

16. Defendant has to issue summons to the witnesses either for adducing evidence or for

production of documents as per Order 16 R 1 (4) of the code.

17. Defendant has to file the affidavits of all his witnesses within 3 adjournments as per Order 18 R 4 r/w Order 17 of the code.

18. Court has to exhibit the documents considering their proof and admissibility with a reasoned order as per proviso to Order 18 R 4(1) of the code.

19. Cross examination of the defendant and his witnesses on day to day until all the witnesses in

attendance have been  examined as per Order 18 R 4 (2) r/w Order 17 R2 (a) of the code.

20. Parties have to conclude their arguments within 15 days from the completion of their

respective evidence as per Order 18 R 2 (3A) of the code.

21. Court has to delivered judgment forthwith or on or before 30 days and not exceeding 60 days

from the date of conclusion of the arguments as per Order 20 R 1 of the code.

The party in whose favor the judgement is passed is known as decree holder, and the party against whom the judgement is passed is called the judgement debtor.

Review of judgement

If a party is not satisfied with the judgement, then it can file an application for review of the judgement. If the court feels there are not sufficient grounds for the review, then it may reject the application. The court may also reject the application if it was based on some new evidence unless strict proof is provided that the party was earlier unaware of it. Also, when a application for review is received by the court, it shall send a notice to the other patty in order for him/her to appear and present his side. If the application is granted and a judgement has been passed, it cannot be reviewed further. 

Appeal

A party may appeal in appellate court against the original decree. A memorandum needs to be filed in the appellate court specifying the grounds of objection. The appellant may be required to provide the security for cost. The court may accept, reject, or send back the appeal to the appellant for modifications. If the appellate court finds sufficient cause for stay on the execution of decree, then it may order to do so. If the appellate courts accepts the appeal it shall send a notice to the lower court (whose decree is being appealed) so that it can dispatch the records relevant to the case to the appellate court. The appellate court will send notices for the day of the hearing and will rehear the case. The appellate court may confirm, vary, or reverse the original decree in its judgement. 

Execution of Decree

If the judgement-debtor needs to pay money, he can submit it in the court or outside the court as well. If the payment is made outside of the court then an evidence of the payment needs to be produced. When a payment is made then judgement-debtor needs to send an acknowledgement to the decree-holder. If the judgement debtor fails to comply to the decree then the decree holder may file an application for execution of decree. The application needs to be filed in the place of judgement-debtor's residence. The decree holder may request the court to assist him by either delivering the property, arrest or detention of person, or any other relief granted in the decree. 

The judgement debtor is issued a notice to show cause against execution. If no satisfactory response is shown for the show cause notice, then the court may issue orders to execute the decree. In case of payment of money, the court may order the detention of judgement-debtor in civil prison or sale of judgement-debtor's property. In issues related to movable property, it may be seized and delivered to the other party.

Note: everything above in ideal situations😄

Apply for compensation upto Rs.5 Crores to adjudication Officer (IT Secretary of the state) and Above that to respective High Courts of the state.

cyberlawconsulting@gmail.com

Author: Prashant Mali @CyberMahaGuru