Anton Piller Order or Order related to Raids in Software Piracy matter : Microsoft loses

Microsoft looses its Anti piracy raid case due to wrong facts in the Petition

The Bombay High Court has criticised Microsoft for making misleading claims when it secured a preliminary order that allowed the company to search the premises of a local company it accused of copyright infringement. Court vacated a stay it had granted this June in favour of the US tech major in its plea against Girnar Software over unlicensed use of its products.

In a ruling handed down on July 15, 2016  Hon. Justice Gautam Patel vacated a previous order handed down last month and has given Microsoft an opportunity to withdraw its complaint. In the dispute, US-based Microsoft sued Girnar Software earlier this year for allegedly using unauthorised copies of its software including Microsoft Windows, Office and Visual Studios. On June 24, Hon. Justice had granted Microsoft’s request for an Anton Piller order.

Under those orders, a defendant in a proceeding is required to allow a plaintiff or its representatives to enter the defendant’s premises to obtain evidence.In this case, experts from the High Court’s IT department were sent to oversee raids on Girnar’s offices in Gurgaon, Jaipur and Andheri.In its initial complaint, and which helped secure the order, Microsoft accused Girnar of having 3,315 computer systems on which there were 1,340 instances of Microsoft Windows being used.This, according to Microsoft, was despite the company having procured licences for only 545 uses.

Furthermore there were allegedly 1,308 instances of Microsoft Office being used on systems despite Girnar having only 550 licences and 60 uses of Microsoft Visual Studios despite Girnar having procured only five licences.Microsoft added that Girnar was being uncooperative in attempts to resolve the matter through negotiations.

But in his July 15 order, Hon. Justice said that when the raids were actually conducted, it was discovered that Girnar had far fewer computer systems than previously alleged. According to the court, the company had only 1,053 machines, of which only 283 ran Windows. Girnar’s counsel also revealed that Microsoft had allegedly suppressed crucial email exchanges which showed that Girnar was in fact co-operating with Microsoft. Microsoft’s counsel was asked for an explanation but claimed there was an “oversight” on its part.

Microsoft admitted that it used vague language in its pleadings including “estimated” and “approximately”, and that because the raid at one of the locations was delayed, it was possible that Girnar deleted the software from its systems. Hon. Justice criticised the claims: “My disapproval today is of Microsoft presenting speculation as fact. This is not answered by presenting me with still more speculation based on even less fact. “I find it particularly galling that attempts are now made to explain its pleading by this fuzzy reading approach; by asking me to read into words like ‘approximate’, ‘approximately’, ‘estimated’ and ‘some of which’.” "The lesson to be learned from all this, one that I believe will govern all future applications for Anton Piller orders — every one of those orders will require clearest statement of facts. Any grey areas — 'estimates', 'approximates' — will be clearly set out in the plaint. There is to be no holding back of relevant documentary material."  Hon . Justice even said that in future, "every order will be conditional on the applicant depositing in court as security a sum to be decided when the order is made." This is particularly bad for organisations who were eying Anton Piller orders for enforcing Anti piracy measures. 

Adv Prashant Mali Speaking along with The Hon. IT & Telecommunication Minister of India Mr Ravishankar Prasad

Terrorist using Customised Apps to evade detection

Terrorist have created an application 'calculator' which can be downloaded on smart phones attached to the off-air network created specifically for them.

The technology is based on the concept of 'cognitive digital radio' that enables users to turn their smartphones into peer-to-peer, off-grid communication tools.

The network generates its own signal through proprietary adhoc networking protocols and automatically coordinates with other units within range which enables users to send and receive text messages, share their GPS locations on offline maps regardless of access to WiFi or cellular service.

The Calculator app is loaded on a normal Android phone and communicates over WiFi to the Radio which further gets transmitted on VHF as digital burst communication. 

The principle is same as Gotennna but with little difference. 

Gotennna uses Bluetooth to communicate with the a small Radio device Antenna which further uses UHF to transmit data. 

Gotennna works on P2P concept while this most likely is not working on P2P.

Terrorist are also using morse code and DTMF to evade interception.

#cyberenabledterrorism #cyberterrorism

What is Locky Malware and what to do

is a Malware(virus types) which is sent to your computer via email or via an attachment of a fake invoice then that malware(malicious software) encrypts your hard disk and whole data becomes meaningless like special characters  ं$#़॥ like this only one jpg file u can open.

Then only in this jpg file there are instructions to pay ransome via bitcoin. Once u pay the hard disk is decrypted I.e made meaningful.
The victim receives an email that requests payment on an attached "invoice", usually a Word file. The attachment contains some sort of executable code, like a VBA macro, that downloads the actual malware from a web site and runs it, encrypting the data on the victim's local and networked hard drives. It then displays a screen that demands a ransom to decrypt the data.

WHAT TO DO WITH LOCKY?

Backup regularly and keep a recent backup copy off-site. There are dozens of ways other than ransomware that files can suddenly vanish, such as fire, flood, theft, a dropped laptop or even an accidental delete. Encrypt your backup and you won’t have to worry about the backup device falling into the wrong hands. Don’t enable macros in document attachments received via email. Microsoft deliberately turned off auto-execution of macros by default many years ago as a security measure. A lot of malware infections rely on persuading you to turn macros back on, so don’t do it!Be cautious about unsolicited attachments. The crooks are relying on the dilemma that you shouldn’t open a document until you are sure it’s one you want, but you can’t tell if it’s one you want until you open it. If in doubt, leave it out. Don’t give yourself more login power than you need. Most importantly, don’t stay logged in as an administrator any longer than is strictly necessary, and avoid browsing, opening documents or other “regular work” activities while you have administrator rights.Consider installing the Microsoft Office viewers. These viewer applications let you see what documents look like without opening them in Word or Excel itself. In particular, the viewer software doesn’t support macros at all, so you can’t enable macros by mistake!Patch early, patch often. Malware that doesn’t come in via document macros often relies on security bugs in popular applications, including Office, your browser, Flash and more. The sooner you patch, the fewer open holes remain for the crooks to exploit.

..Advocate Prashant Mali

Cyber Security & Law Expert

Meeting with Dr. Jamie Saunders

Met Dr. Jamie Saunders, Director of UK's National Cyber Crime Unit at the London office of National Crime Agency .Had a good knowledge sharing session and also I presented him my Book on Cyber Crime & Cyber Law.

Prashant Mali 

Fast Flux Networks An Introduction

A Fast Flux Network is a network of compromised computers and some public DNS records that change frequently. As a result, the IP address associated with the corresponding domain name changes frequently. This technique is often used by the attackers to hide their malicious websites from detection. Botnets are large groups of compromised machines (bots) used by miscreants for the most illegal activities (e.g., sending spam emails, denial-of-service attacks, phishing and other web scams). To protect the identity and to maximise the availability of the core components of their business, miscreants have recently started to use fast-flux service networks, large groups of bots acting as front-end proxies to these components. Motivated by the conviction that prompt detection and monitoring of these networks is an essential step to contrast the problem posed by botnets,

Attackers typically compromise one or more victim computer systems with malware and exploit those to establish a fraudulent website like a Phishing website. The problem of the attackers with this approach is, these websites can be easily tracked down by public DNS name and IP address to shut them down immediately.

Peer-to-Peer (P2P) botnets have emerged as a serious threat against the network security. They are used to carry out various illicit activities like click fraud, DDOS attacks and for information exfiltration. These botnets use distributed concept for command dissemination. These botnets are resilient to dynamic churn and to take-down attempts. Earlier P2P botnet detection techniques have some shortcomings such as they have less accuracy, unable to detect stealthy botnets and advanced botnets using fast-flux networks. In this paper, we list recent P2P botnet detection techniques that overcome the weaknesses of previous techniques with higher detection accuracy.

So, the attackers started using server address obfuscation. They often use a group of proxy servers to redirect network. But, this approach also does not prove to be much convenient for them because of limited scalability. Moreover, these websites can still be tracked down quickly by international cooperation.

So, the attackers started using Fast Flux Networks.
The basic idea behind a Fast Flux Network is to associate multiple IP addresses to a malicious domain name. These IP addresses are swapped in and out with extremely high frequency, may be in every 3 minutes, with the help of changing DNS records. As a result, a browser connecting to the same malicious website in every three minutes will see different IP address each time and connect to the actual malicious website via different infected computers every time.

In Fast Flux Networks, attackers compromise a number of computer systems with malware and then exploit their bandwidth and computation power to build the Fast Flux Network.
In Fast Flux Networks, attackers often use a number of compromised computers as front end systems. These front end systems get the requests from the victims to connect to the malicious website and redirect those requests to the back-end servers.
So, the large pool of rotating IP addresses do not correspond to the actual back-end servers. Instead, they fluctuate among many front end servers which in turn funnel the requests and redirect them to the actual back-end servers.
Fast Flux motherships are the main controlling elements behind the front end servers. They are similar to Command & Control or C & C servers, though they have much more features compared to the C & C servers.This mothership node is hidden by the front end servers, which make them extremely difficult to track down. They often host both DNS and HTTP services and use web server virtual hosting configuration to manage content availability.

Fast Flux Networks are responsible for many illegal practices like online pharmacy shops, money mule recruitment sites, phishing websites, illegal adult contents, distribution of malware etc. Even other services like SMTP, POP, IMAP etc can be delivered using Fast Flux Networks.

image courtesy : Wikipedia

Prashant Mali Chevening TCS Cybersecurity fellowship images