Matrimonial Fraud - 3 Nigerians convicted for 3 years and Rs 5 Lakhs in Pune

3 Nigerian are convicted for 3 years with ₹ 5 Lakhs fine in Matrimony fraud in chatursingi police station from Pune, Maharashtra 

The Case Facts:

One lady from Pune had opened a profile for marriage on www.bharatmaitrimony.com site. Dr Rajesh Kumar from the U.K accepted her profile, they both share their details and started chatting on Facebook, WhatsApp, and email in Aug 2015.

After one month of chatting Dr. Rajesh told the lady that he has received a secret fund of ₹1.5cr and he can't keep that amount with him, so he wishes to send it to her. And as a pretext of receiving that courier, she was compelled to deposit amount of ₹38.22 Lakhs in 16 different bank accounts of 6 different banks and as per the facts, an FIR was registered at Chatursingi Police Station in Pune.

After technical analysis and chase for 15days at Delhi police from Cyber Cell Pune, nabbed the accused Nigerian citizens.

1) Ogeuri Emmanual Chinaso 

2) Osaramense Smart 

3) Tope Oluwoly 

Seizure of 3 Laptops, 10 mobiles,20 sim cards,8 dongles used for Crime from their house searched was done.

The trial matter was conducted and judgment was given by the Honorable Jmfc Shri M.M.Raut, Shivajinagar Pune.

10 witnesses were examined and the forensics report was admitted. 

All the three accused are convicted and given punishment as 

- u/s 419 rigorous imprisonment of 1 year, 

- u/s 420 rigorous imprisonment of 3 years 

and 

- under sections 66C & 66D of The IT Act,2000 1-year rigorous imprisonment and penalty of Rs. 5 lacs to each accused and in default of payment, 6 months of extra imprisonment.

I feel such convictions in cybercrime matters will lead to deterrence. This is a welcome conviction in the series of other Nigerians getting convicted for online frauds across the country. 
Order Copy For Downloading Below
State of Maharashtra Versus Ogeuri Emmanual Chinaso & ors

Pen drive or memory card is a document- case law

Memory card is a Document and Pen drive is a document 

Gopalkrishnan @ Dileep v. State of Kerala, Crl.A. No. 1794 of 2019 SC November 29, 2019

Held:- The contents of the memory card/pen drive being electronic record must be regarded as a document. If the prosecution is relying on the same, ordinarily, the accused must be given a cloned copy thereof to enable him/her to present an effective defence during the trial. However, in cases involving issues such as of privacy of the complainant/witness or his/her identity, the Court may be justified in providing only inspection thereof to the accused and his/her lawyer or expert for presenting effective defence during the trial. The court may issue suitable directions to balance the interests of both sides. [Para 44]

The Indian Evidence Act, 1872 – Section 3 – The Indian Penal Code, 1860 – Section 29 – The Information and Technology Act, 2000 – Section 2(1)(t) – Whether the contents of a memory card / pen drive being electronic record as predicated in the 2000 Act would, thereby qualify as a “document” ? 

The Code of Criminal Procedure, 1973 – Section 207 – If so, whether it is obligatory to furnish a cloned copy of the contents of such memory card / pen drive to the accused facing prosecution for an alleged offence of rape and related offences since the same is appended to the police report submitted to the Magistrate and the prosecution proposes to rely upon it against the accused ? 

The Information and Technology Act, 2000 – The Indian Penal Code, 1860 – Whether it is open to the Court to decline the request of the accused to furnish a cloned copy of the contents of the subject memory card / Pendrive in the form of video footage / clipping concerning the alleged incident / occurrence of rape on the ground that it would impinge upon the privacy, dignity, and identity of the victim involved in the stated offence(s) and more so because of the possibility of misuse of such cloned copy by the accused (which may attract other independent offences under the 2000 Act and the 1860 Code) ?

The Indian Penal Code, 1860 – Sections 342, 366, 376, 506(1), 120B and 34 – The Information and Technology Act, 2000 – Sections 66E and 67A.

Gopalkrishnan @ Dileep v. State of Kerala, Crl.A. No. 1794 of 2019 SC November 29, 2019

Balkanisation of Internet Begins with Russia enacting a Law

1st November 2019 the legal seed of Balkanisation of Internet is sowed, a controversial new law took effect in Russia: The so-called "sovereign internet" law, which mandates the creation of an independent internet for Russia, thus creating an island in the cyber space. Is it for availability of Internet during the times of cyber threats or is it for exerting sovereignty at the cost of censoring the Internet remains to be seen. . It was hardly a surprise when the Iranian government  also had announced in May that it has installed a cyberdefense shield and wants to construct “halal Internet”. This germ is in the heads of France and Canada too and China has the infamous great firewall doing its fencing already.

Moscow has just given itself the power to erect a digital or cyber fence  around its internal network. How effective is the fence and isolation only time will tell us, but the point is made and it is made legally now.

President Putin signed into law, new rules that would enable the creation of a national network that can operate independently from the rest of the world. Among other things, the law allows Roskomnadzor, Russia's telecoms agency, to shut the country off from external traffic exchange, creating a purely Russian web.

The government has said the regulations are part of an effort to protect Russia by creating the ability to sustain a fenced-off national network, in the event that a foreign state interferes with Russian cyberspace. The official newspaper Rossiiskaya Gazeta said the law coming into force should not affect internet users, but it "will ensure the availability of communication services in Russia in case of threats."

Yes, this could make it easier for the Russian government to censor, reroute or switch off internet traffic to block access to politically sensitive content and online extremism. To control internet traffic, and to detect content, the law requires all internet providers in Russia to install special hardware provided by Roskomnadzor.

That would enable the use of Deep Packet Inspection (DPI) technology, which involves data processing that looks in detail at the contents of the data being sent. DPI, for instance, is used in by China for its Great Firewall to filter content it deems harmful to Chinese citizens.

The Telegram ban, however, showed the limits of Russian efforts to regulate cyberspace. A court in Moscow banned Telegram after the company refused to provide encryption keys to the FSB, but founder Pavel Durov said Telegram would use "built-in methods" to bypass the ban. Telegram, as of date is still widely available in Russia.

Russia has also circulated  a draft treaty in UN that would allow countries to solidify their hold over information and communications technology within their borders, enabling some countries to further restrict activities and speech on the internet, while also stressing governments’ sovereignty in cybercrime investigations. 

Just as the Ottoman Empire and Yugoslavia fractured (balkanised) into a series of smaller states, the same thing is happening to so called,  the “world wide web.” Instead of a global cyber space, the cyber boundaries have started to mirror the political and commercial boundaries of the sovereign states and Russia is leading the scene. 

Author Is Ph.D. (International Cyber Law and Cyber Warfare) and a Renowned practicing Cyber Lawyer . His PhD Research results has predicted that the Internet would be balkanised .

Email: prashant.mali@cyberlawconsulting.com

Ultrasonic Fingerprint Reader has a security loophole

In theory, An ultrasonic fingerprint sensor works by bouncing a sonic pulse wave off of your fingertip to create a three-dimensional image. It's much more secure than optical in-display sensors and will work even if your fingers are greasy, dirty, or wet.

A Galaxy S10 user recently got a Rs.100/-  ‘gel screen protector’ off eCommerce site. However, he realized that after using the protector, any fingerprint could unlock the phone. According to Samsung, the case is under investigation. Nevertheless, the company considers this issue to be related to the cost of the screen protector  Rs. 100/- . 

Samsung earlier had warned Galaxy S10 owners against unofficial screen protectors.

Galaxy S10 series which comes with an ultrasonic fingerprint sensor. While this fingerprint reader is top-notch, it does not work well with a tempered glass screen protectors. Many users can not use a smartphone without a screen protector, so what’s the solution? Accessory makers use a liquid adhesive to create a stronger seal between the protector and display. While this seem to work perfectly for some users, try not to buy a Rs.100/- screen protector.

Samsung’s ultrasonic fingerprint reader works by sending sound waves at the user’s finger and reflected waves are read.  However, standard glass protectors create a small gap between the finger and the display. This reduces the effect of the fingerprint sensor. In the era of full-screen devices, ultrasonic on-screen fingerprint sensors are actually a good solution. However, they are by no means perfect. Nevertheless, users will have to come to terms with the fact that only plastic protectors seem to allow ultrasonic fingerprint readers to work without issues.

So even if in theory Ultrasonic fingerprint readers are more accurate than their optical counterparts and more secure because of the 3D impression that the reader creates of your finger, Beware untested technologies can bring in simple security loop holes. Security cannot be measured in price and security is a long standing myth.

SIM Swap Fraud Remedy via Consumer Courts

SIM Swap Fraud Remedy via Consumer Courts
By Prashant Mali

Case No. 1 : Positive order
BSNL Bengaluru and the Union Bank of India have been ordered to pay Rs 9.6 lakh to a businessman after fraudsters siphoned off money from his bank account in what was described as a sim swap fraud. The national telecom provider was pulled up for issuing a duplicate sim to fraudsters without adhering to Know Your Customer (KYC) norms and the bank for not alerting the customer on time. Nagarathpet resident Ramesh Kumar has been using a mobile phone with a BSNL sim card for many years and had linked it to his account at Union Bank of India’s BVK Iyengar Road branch. On September 22, 2015, Kumar checked his email to find that an unknown beneficiary had been added to his online bank account. By the time he could alert bank authorities about the breach, the fraudsters managed to transfer Rs 9,62,700 from his account. The sim card on his cellphone that was supposed to receive a one-time password (OTP) mysteriously remained de-activated all the while. The 52-year-old businessman lodged a complaint with his bank branch and the cybercrime wing of Bengaluru police only to realise he had fallen prey to a sim swap fraud.
With neither the Union Bank of India nor BSNL acting towards compensating his loss for months, Kumar approached the Bangalore urban 2nd additional district consumer disputes redressal forum on May 5, 2016 to reclaim his money. The consumer forum heard the case in which BSNL and Union Bank of India blamed each other for facilitating the fraud. BSNL claimed it is only a service provider and wasn’t aware that Kumar had linked his cellphone number to his bank account, and that it was the bank’s responsibility to notify him immediately when there was a fraudulent attempt. The bank argued that a BSNL customer centre executive in KG Road was at fault for issuing a duplicate sim card to a fraudster who pretended to be Kumar, deactivated his existing sim card and obtained a replacement. 

After 31 months of hearing, the court blasted BSNL and Union Bank of India for the loss their customer suffered. The judges pointed to the BSNL staffer’s carelessness in issuing a duplicate sim and deactivating Kumar’s original sim. They criticised Union Bank of India authorities for not immediately alerting the customer on the illegal addition of a beneficiary, which he came to know through an official email. In a verdict pronounced last month, 
the forum ordered BSNL Bengaluru telecom district and Union Bank of India, BVK Iyengar Road branch, to jointly refund Rs 9,62,700 to Kumar with interest and an additional Rs 10,000 towards his court expenses within 45 days. What is it Fraudsters, armed with confidential bank details of customers, deactivate sim cards linked to bank accounts by impersonating the victims and submitting fake documents with cellphone service providers and obtaining duplicate sims. The original sims on the victims’ phones get deactivated in the process. The active duplicate sims with the fraudsters receive OTPs and other bank communications, enabling illegal online transfers of large sums of money, while the victims remain clueless.

Prashant Mali
Lawyer, Bombay High Court
+919821763157 | cyberlawconsulting@gmail.com

SIM Swap Fraud Solution which India should Adapt By Prashant Mali

SIM Swap or SIM Exchange Fraud Solution which India should Adapt
By Prashant Mali

Being a long-time crusader of SIM swap fraud victims in India and winning many cases in favour of victims, I thought of penning this advice.  Sim Exchange fraud or Sim Hijacking fraud (also known as Port-Out scam or SIM splitting) is a type of account takeover fraud that generally targets a weakness in two-factor authentication & two-step verification, where the second factor or step is an SMS or a call placed to a mobile telephone. In 2018, over 80% of adults were expected to have a bank account, over 1.18 billion people own a mobile phone in India

How SIM Swap Fraud works?

Fraudsters obtain banking account details and your registered mobile number through phishing or through Trojans/Malware or through a leaked database.

Under the pretext of losing the mobile handset, new handset or damaged SIM card, fraudster approaches mobile service provider using a forged authority letter and forged KYC document there by creating a fake identity of genuine customer

Post customer verification, mobile service provider will deactivate or block the old SIM card in the mobile phone which is in customer’s possession and issue a new SIM card to the fraudster. There will be no network on customer’s handset. This done generally on weekends to fraudsters get time before the customer complains Now, customer will not receive any SMS, information such as alerts, OTP, URN etc. on the phone

With the banking details stolen through phishing or Trojan/Malware or via leaked database in darknet fraudster will access and operate customers account and initiate financial transactions which customer will not be aware of and all the SMS for alerts, payment confirmation etc. will go to the fraudster

Solution

SIM swap hackers rely on intercepting a one-time password sent by text after stealing a victim's banking credentials, or by using the phone number as a password reset fallback. So the phone company has to offer a straightforward fix: The telecom carrier would set up a system to let the bank query phone records for any recent SIM swaps associated with a bank account before they carried out a money transfer. If a SIM swap had occurred in, say, the last two or three days, the transfer would be blocked. Because SIM swap victims can typically see within minutes that their phone has been disabled, that window of time let them report the crime before fraudsters could take advantage.

After UK and Australia, by August of 2018, Mozambique's largest bank was performing SIM swap checks with all the major carriers. which reduced their SIM swap fraud to nearly zero overnight. Mozambique isn't alone in implementing that fix for the growing epidemic of SIM swap fraud, which is increasingly used for everything from hijacking Instagram accounts to stealing cryptocurrency. Companies in other countries across Africa, including Nigeria, South Africa, and Kenya—where the prevalence of mobile payments have made SIM swaps a particularly serious threat—have put similar carrier-checking remedies in place. 

How the solution can work

All mobile operators in Indian can make an Anti-SIM swap platform available to the banks on a private API that flags up if there was a SIM swap involving a specific mobile number associated with a bank account over a predefined period. The bank then decides what to do next.

Most banks can block any transaction from a mobile number that has undergone a SIM card change within the last 48 hours, while others opt for a longer period of 72 hours. This period of 48-72 hours is considered a safe period during which the subscriber will contact their operator if they have fallen victim to an unauthorized SIM card change.

There’s also the possibility that the mobile owner has legitimately changed their SIM card, and therefore unable to perform an online transaction for the next 48 hours. In such cases, some of the banks can have a process that requires face-to-face verification in a branch office – a reasonable compromise in the circumstances.

Anti-SIM swap Platform workflow

The banks are connected to different mobile operators through a VPN connection so that all traffic is secure.

The online banking system conducts a REST API query to the respective mobile operator giving the mobile number (MSISDN) and the period (24-72 hours) as arguments.

The mobile operator simply returns in real-time: True or False.

If the query is False, the bank allows the transaction as normal. If True, the bank blocks the transaction and may request additional steps to verify the transaction. It is important to reiterate that the mobile operator should not share personal identifiable information (PII) with a third party, in this case, banks. 

Once the platform is implemented, the level of online banking fraud stemming from SIM swap attacks should fell dramatically, there can be almost no cases involving banks that implement the anti-SIM swap platform. 

Other Solution

Australian banks such as Commonwealth Bank, NAB, Macquarie Bank and Westpac have tackled SIM hijacking from another angle. The banks get a data feed from a company, Paradigm.one, that collects real-time porting data, such as when a number moves from carrier A to carrier B.

A recent SIM change may be viewed as an increased risk if an account has also attempted to suddenly initiate a high-value transaction. Using other metrics, such as device fingerprinting and geolocation, banks can decide whether to reject transactions and suspend accounts. Paradigm.one's system has its limitations, though, as it doesn't collect data for certain types of SIM changes.

Alternative measures to be explored include the use of additional in-device authentication software, such as Google Authenticator or a two-factor authentication device such as a YubiKey.

Extra Links
1. SIM SWAP FRAUD explained in HINDI Language on ABP News, Youtube Video
2. SIM SWAP Fraud Explained in MARATHI Language on ABP Majha News, Youtube Video
3. How to Protect yourself from SIM Swap Fraud Express Computer News

Prashant Mali
Cyber Lawyer, Bombay High  Court
Author, Speaker & Thought Leader.
+919821763157 | cyberlawconsulting@gmail.com

Hackers are targeting ATMs in India with new malware that steal data

A banking malware named ATMDTrack  has been active in India since late last summer, in a  kaspersky report .

Allegedly State sponsored Hackers from North Korean government have developed a new strain of malware that has been used to record and steal data from cards inserted into ATM machines in India.

Further analysis of the malware by the Moscow-based cybersecurity firm found the samples to be part of a bigger remote access trojan (RAT) called DTrack.

Calling it a spy tool to attack financial institutions and research centers in India, the experts said the malware strains shared “similarities with the DarkSeoul campaign, dating back to 2013 and attributed to the Lazarus group.”

The DTrack RAT was detected as recently as this month, the researchers noted.

Collecting key logs and browser histories

The threat actors behind DTrack obfuscated their malicious code in an innocuous executable file that was protected behind encryption barriers in a dropper used to install the malware.

Aside from disguising itself as a harmless process, the malware can perform a number of operations such as:

• .Keylogging
• .Retrieving browser history
• .Gathering host IP addresses, information about available networks and active connections
• .Listing all running processes
• .Listing all files on all available disk volumes

The collected data was then archived as a password-protected file that’s either saved to the disk or sent to a command-and-control server.

Classifying ATMDTrack as a subset of the DTrack family, the researchers said the developers behind the two malware strains are the “same group of people.”

Given the sophistication of the modus operandi, it’s recommended that target organizations beef up their network and password policies and monitor network traffic for any suspicious behaviour.

The kaspersky report also says the vast amount of DTrack samples that they found shows that the Lazarus group is one of the most active APT groups in terms of malware development, And they see that this group uses similar tools to perform both financially-motivated and pure espionage attacks.

I feel Banks need to go extra mile for searching and weeding out this malware from the ATM’s . ATM have come out as the last mile vulnerability in Indian banking industry due to usage of vulnerable OS and lack of physical security.