Cybersecurity search engines

CyberSecurity search engines:

1. Dehashed—View leaked credentials.

2. SecurityTrails—Extensive DNS data.

3. DorkSearch—Really fast Google dorking.

4. ExploitDB—Archive of various exploits.

5. ZoomEye—Gather information about targets.

6. Pulsedive—Search for threat intelligence.

7. GrayHatWarefare—Search public S3 buckets.

8. PolySwarm—Scan files and URLs for threats.

9. Fofa—Search for various threat intelligence.

10. LeakIX—Search publicly indexed information.

11. DNSDumpster—Search for DNS records quickly.

12. ONYPHE—Collects cyber-threat intelligence data.

13. FullHunt—Search and discovery attack surfaces.

14. AlienVault—Extensive threat intelligence feed.

15. Grep App—Search across a half million git repos.

16. URL Scan—Free service to scan and analyse websites.

17. Vulners—Search vulnerabilities in a large database.

18. WayBackMachine—View content from deleted websites.

19. Wigle—Database of wireless networks, with statistics.

20. Netlas—Search and monitor internet connected assets.

21. Binary Edge—Scans the internet for threat intelligence.

22. GreyNoise—Search for devices connected to the internet.

23. Hunter—Search for email addresses belonging to a website.

24. Censys—Assessing attack surface for internet connected devices.

25. IntelligenceX—Search Tor, I2P, data leaks, domains, and emails.

 #cybersecurity #intelligence #cyber #data #content #content #searchengines #searchengines #threatintelligence #policy #law #databreach #lawyer #it #fintech 

When can Police Arrest you in Cyber crime: Explanation with Case Laws

Arrest by Police in cyber crime cases By Adv (Dr.) Prashant Mali

Cyber crime is a reality but personal liberty is a fundamental human right and a cornerstone of the social structure. 

Arrest brings humiliation, curtails freedom and cast scars forever. Its deprivation is a matter of grave concern. 

The law of arrest is one of balancing individual rights, liberties and privileges,on the one hand, and individual duties, obligations and responsibilities on the other.

The police officer can, without an order/warrant from a Magistrate, arrest a person in respect of a cognizable offence punishable with imprisonment exceeding 7 years without mentioning any 'special reasons'.

The problem arises when it comes to arrest of a person who is accused of an offence which is punishable up to 7 years. The Hon’ble Apex Court in Arnesh Kumar v. State of Bihar, (2014) 8 SCC 273 held;

Our endeavour in this judgment is to ensure that the police officers do not arrest the accused unnecessarily and Magistrates do not authorise the detention casually or mechanically.

In Manubhai Ratilal Patel V. State of Gujarat (2013) 1 SCC 314 the Hon’ble Supreme Court observed that remand is a fundamental judicial function of the magistrate and while performing such function, the magistrate has to satisfy himself/herself that there are reasonble grounds to justify the remand of the accused.

Arrest in case of a cognizable offence punishable with imprisonment for more than 7 years.

The police officer can, without a warrant from a Magistrate, arrest a person without mentioning any 'special reasons'.

Arrest or Notice in case of a cognizable offence punishable with imprisonment not exceeding 7 years.

When the accused can be arrested without issuing 41-A Cr.P.C Notice.

When a cognizable offence is committed in the presence of a police officer (Sec.41(1)(a) Cr.P.C)

If the police officer is satisfied that arrest of the accused is necessary to prevent the accused from committing any further offence (Sec. 41(1)(i)(ii)(a) Cr.P.C)

To prevent the accused from tampering with the evidence (Sec.41(1)(i)(ii)(c) Cr.P.C)

To prevent the accused from making any inducement, threat, or promise to the witness (Sec.41(1)(i)(ii)(d) Cr.P.C)

If the police officer is satisfied that unless the accused is arrested, his/her presence cannot be secured. (Sec.41(1) (i)(ii)(e) Cr.P.C)

If the accused is a Proclaimed offender

(Sec. 41(1) proviso (c) Cr.P.C)

When stolen property/contraband found in possession of the accused (Sec.41(1) proviso (d) Cr.P.C)

When the accused obstruct the police officer from discharging his/her duty, or when the accused has escaped or attempts to escape. (Sec.41(1) proviso (e) Cr.P.C)

When it appears that the person is deserter from any of the armed forces. (Sec.41(1) proviso (f) Cr.P.C)

When it is required to issue notice u/s 41-A Cr.P.C.

Where the arrest of the accused is not required as per Sec. 41 Cr.P.C, the police officer shall issue a notice directing the accused to appear before him/her at the place specified in the notice (Sec.41-A (1) Cr.P.C)

Such notice is to be issued to the accused within two weeks from the date of institution of the case. However the same may be extended by the superintendent of the police of the district. (Arnesh Kumar case)

It shall be the duty of the accused to to comply with the terms of notice. (Sec.41-A (2) Cr.P.C)

Arrest even after issuance of notice u/s 41-A Cr.P.C

When arrest is not Justifiable after issuance of notice u/s 41-A Cr.P.C

Where the accused complies and continue to comply with the terms of the notice. (Sec.41-A 93) Cr.P.C)

When arrest is Justifiable after issuance of notice u/s 41-A Cr.P.C

For the reasons to be recorded, the police officer is of the opinion that the arrest of the accused is necessary in the circumstances of the case. (Sec. 41-A (3) Cr.P.C) Where the accused fails to comply with the terms pf the notice. (Sec. 41-A (4) Cr.P.C)

The apprehension of arrest does not completely vanish away on the issuance of the notice u/s 41-A Cr.P.C. (Sri Ramappa @ Ramesh Vs. The state of Karnataka 2021 (4) Kant LJ 696 dt 22.06.2021)

The rejection of anticipatory bail need not result in the arrest of the accused.

(M.C. Abraham Vs. State of Maharashtra ((2003) 2 SCC 649)

Law mandates the police officer to state the facts and shall record the reasons for the arrest of accused in writing by way of a Check-list. The Magistrate while authorizing detention of the accused shall pursue the report and check-list produced by the police officer and only after recording his/her satisfaction, the Magistrate has to authorize detention. (Arnesh Kumar case)

If the Magistrate finds that the arrest of the person was in flagrant violation of the procedure, the Magistrate can even release the arrstee by recourse to Section 59 Cr.P.C. Therefore, it is not as if an arrest becomes a fait accompli however illegal it may be, and the Magistrate mechanically and routinely orders remand.

Cybercrime - Ransomeware as a Service

The cybercriminal economy is a continuously evolving connected ecosystem of many players with different techniques, goals, and skillsets.

Ransomware as a service (RaaS) is a subscription-based model that enables affiliates to use already-developed ransomware tools to execute ransomware attacks. Affiliates earn a percentage of each successful ransom payment.

Ransomware as a Service (RaaS) is an adoption of the Software as a Service (SaaS) business model. RaaS users don't need to be skilled or even experienced, to proficiently use the tool. RaaS solutions, therefore, empower even the most novel hackers to execute highly sophisticated cyberattacks. 

RaaS solutions pay their affiliates very high dividends. The average ransom demand increased by 33% since Q3 2019 to $111,605, with some affiliates earning up to 80% of each ransom payment. The low technical barrier of entry, and prodigious affiliate earning potential, makes RaaS solutions specifically engineered for victim proliferation.

In the same way our traditional economy has shifted toward gig workers for efficiency, criminals are learning that there’s less work and less risk involved by renting or selling their tools for a portion of the profits than performing the attacks themselves. This industrialization of the cybercrime economy has made it easier for attackers to use ready-made penetration testing and other tools to perform their attacks.

Ransomware attacks have become even more impactful in recent years as more ransomware-as-a-service ecosystems have adopted the double extortion monetization strategy. All ransomware is a form of extortion, but now, attackers are not only encrypting data on compromised devices but also exfiltrating it and then posting or threatening to post it publicly to pressure the targets into paying the ransom. Most ransomware attackers opportunistically deploy ransomware to whatever network they get access to, and some even purchase access to networks from other cybercriminals. Some attackers prioritize organizations with higher revenues, while others prefer specific industries for the shock value or type of data they can exfiltrate.

The RaaS affiliate model, which has allowed more criminals, regardless of technical expertise, to deploy ransomware built or managed by someone else, is weakening this link. As ransomware deployment becomes a gig economy, it has become more difficult to link the tradecraft used in a specific attack to the ransomware payload developers.

The dark web is a criminal-infested network, so any leaked information on the platform will give multiple cybercriminal groups free access to your sensitive data and those of your customers. The fear of further exploitation compels many ransomware victims to comply with cybercriminal demands.

To make the ransom payment, victims are instructed to download a dark web browser and pay through a dedicated payment gateway. Most ransomware payments are made with cryptocurrency, usually Bitcoin, due to their untraceable nature. 

Reporting a ransomware incident by assigning it with the payload name gives the impression that a monolithic entity is behind all attacks using the same ransomware payload and that all incidents that use the ransomware share common techniques and infrastructure. However, focusing solely on the ransomware stage obscures many stages of the attack that come before, including actions like data exfiltration and additional persistence mechanisms, as well as the numerous detection and protection opportunities for network defenders.

How to Protect Yourself from Ransomware Attacks

The most effective ransomware attack mitigation strategy is a combination of educating staff, establishing defenses, and continuously monitoring your ecosystem for vulnerabilities.

Here are some suggested defense tactics:

• Monitor all endpoints connection requests and establish validation processes
• Educate staff on how to identify phishing attacks
• Set up DKIM and DMARC to prevent attackers from using your domain for phishing attacks.
• Monitor and remediate all vulnerabilitiesexposing your business to threats
• Monitor the security posture of all your vendors to prevent third-party breaches
• Set up regular data backup sessions
• Do not solely rely on cloud storage, backup your data on external hard drives
• Avoid clicking on questionable links. Phishing scams do not only occur via email, malicious links could lurk on web pages and even Google documents.
• Use antivirus and anti-malware solutions
• Ensure all your devices and software are patched and updated.
• Provide your staff and end-users with comprehensive social engineering training
• Introduce Software Restriction Policies (RSP) to prevent programs from running in common ransomware environments, i.e. the temp folder location
• Apply the Principles of Least Privilege to protect your sensitive data
• Ransomware: Should You Pay the Ransom?

Whether or not you should pay for a ransomware price is a difficult decision to make. If you make a payment, you are trusting that the cybercriminals will deliver on their promise of supplying you with a decryption key.

Cybercriminal operations are inherently immoral, you cannot trust criminals to uphold a fragment of morality and follow through with their promises. In fact, many RaaS affiliates don't waste time providing decryption keys to all paying victims, time is better spent seeking out new paying victims. 

Because a ransom payment never guarantees the decryption of seized data, the FBI strongly discourages paying for ransoms. But companies have paid ransom and I personally know many clients who have budgeted for paying ransoms as it is a impending risk to any business inspite of having good cybersecurity practices. Some of my clients have cyber insurance which covers payment of ransom but frankly speaking. I don’t know the legality of such cyber insurance coverage .

Best Cyber and Privacy Lawyer 2022 awarded to Adv Prashant Mali

Prashant Mali receiving award from Actor Makrand Deshpande 

Advocate Prashant Mali Got Best Cyber and Privacy lawyer of the year by the hands of Makrand Deshpande , other awardees include Mumbai Mayor Kishori Pednekar, ex Mumbai Police Commissioner Hemant Nagrale , VC of University of Mumbai, Hon. Sharad Pawar  n others . Lop Devendra Phadnavis and MP Sanjay Raut were chief guests 

Earlier Lt. Balasaheb Thakre and Lt. Lata Mangeshkar we’re also recipients of the same award. 

#award #cybercrime #privacy #lawyer #law #follow #media #mumbai #cybersecurity #publicpolicy #IamChevening #IVLP #media #news

How A Student Hacked Teachers WhatsApp

How A Student Hacked into Teachers WHATSAPP Account?

A teacher from Kerala noticed that her WhatsApp account was logged out soon after an online class. Knowing this, she lodged a complaint with cyberpolice. Police cracked the case and found out that the culprit was her student, studying in high school, who logged into the teacher’s account.

The technique used by the student was simple. The teacher was using a screen-share app in her phone during the class. So the students were able to see the screen and also the pop-up notification alerts coming into the phone. The ‘culprit’ student then tried to login WhatsApp with teacher’s number in his phone. And the OTP for verification came as pop-up alert in the teacher’s phone which was visible for all the students. Thus the student easily logged in to the account. The teacher did not have two-step verification on the phone and did not have a password.

The account in teacher’s phone got logged out as WhatsApp does not allow simultaneous use on two different devices. After the police cracked the case and found out the culprit is the student, the teacher withdrew the complaint.

PRECAUTIONS to avoid hacking

With some simple steps, one can avoid getting hacked during screen-sharing. Disable the notification alerts when sharing the screen with others.

Also enable two-step verification for WhatsApp login, so that an additional password is required to login to WhatsApp through other devices.

Soon after screen-sharing, make sure that OTPs or verification messages were not received during the time.

Adv (Dr.) Prashant Mali

Cyber & Privacy Lawyer & Author

Why Cybercrime is increased ? Due to Low Cost I feel

 

Why Cybercrime is increased ? Due to Low Cost I feel

You can buy ransomware for as little as $66, or hire a threat actor for $250. And if you look hard enough, you can even get a phishing kit for free on underground forums. Although these illicit methods may not be expensive, the damage they inflict can be substantial.

Phishing has become more popular than ever. Bhagwat Karad, the minister of state for finance reported to Indian parliament, that more than 50,000 (50,242) cases of cyber frauds, banking frauds using internet banking, ATM-Debit and Credit Cards were registered in the first nine months of the current fiscal year, citing RBI data (April-December 2021 period). During the nine-month period, the victims of these frauds lost a total of nearly Rs 167 crore.

According to the FBI’s Internet Crime Complaint Center, the number of phishing complaints more than doubled in 2020 to 241,342 cases compared to the prior year. From there, attacks doubled again as phishing reached a monthly record in Q3 2021, according to a recent report from the Anti-Phishing Working Group (APWG). The total number of incidents (reported & unreported) must be higher. A record 2 million phishing sites were reported in 2020, the most in a decade. This comes as no surprise, as phishing kits are cheap and easy available.

What is a Phishing Kit

Phishing kits are .zip files with all the scripts required to deploy an attack. These kits enable anyone with minimal programming skills to unleash massive ransomware campaigns. In 2019, the average price of a phishing kit was $304, with the prices ranging between $20 and $880. 

Recently, Microsoft discovered a campaign that used 300,000 newly created and unique phishing subdomains in one massive run. Microsoft also identified a phishing-as-a-service organization known as BulletProofLink. It resembled any other software-as-a-service brand, with tiered service levels, email and website templates, hosting, a newsletter and even 10% off your first order.

Meanwhile, even attackers get targeted. Some phish kits have been unlocked and posted for free on dark web forums. 

What is the Cost of a Ransomware Attack

On the other hand, suffering attacks is expensive. According to the IBM Cost of a Data Breach report, in 2021 the average cost of a ransomware attack totaled $4.62 million (not including the ransom, if paid). Compare that to the $66 attackers can pay for a ransomware kit.

Alert

Before you think to become cyber criminal, be aware that the cyberlaw is also catching up. There’s even some evidence that the police can now track and recover funds paid for in cryptocurrency. many cryptocurrency cases in India were detected and cyber expert fraudsters were arrested including ex police officers.Also remember, WHILE CYBERCRIME is largely measured in financial terms it is the psychological trauma that hurts victims the most when they are blamed by their family members or society in general for falling victim to the attack/scam.

The criminal use of cryptocurrency

The criminal use of cryptocurrencies

Cryptocurrencies have been adopted as part of money laundering schemes and are particularly associated with several predicate offences including fraud and drug trafficking. They are also widely used as a means of payment for illegal goods and services offered online and offline.

Money laundering is the main criminal activity associated with the illicit use of cryptocurrencies. The growing popularity and adoption of cryptocurrencies have led to their increasing use in money laundering schemes. Other criminal activities that show an intensive use of cryptocurrencies are related to the use of cryptocurrencies as a payment method for illicit goods and services, fraudulent cryptocurrency investments and cybercrime. In all instances, criminals want to obfuscate the source of the illicit assets with cryptocurrencies. A number of indicators show how criminals involved in frauds strongly rely on the use of cryptocurrencies.

Cryptocurrencies are also the means of payment of choice for criminal commodities and services, such as drugs or child sexual abuse material (CSAM) purchased online. This applies in particular to listings on dark web marketplaces where they are the main means of payment. Different types of malware target cryptocurrencies for theft as well as for the mining of coins in the network of unaware victims. Extortion schemes carried on by cybercriminals make extensive use of cryptocurrencies. Digital services and infrastructure abused for criminal purposes like servers, virtual private networks (VPNs) and hosting services are mostly purchased in cryptocurrency.

Money laundering

Virtually all kinds of criminal profits are laundered using cryptocurrencies. These activities range from the laundering of proceeds already in digital form, such as the payment of ransoms or criminal infrastructures, to a transformation of huge amounts of cash into virtual assets. Examples of cryptocurrency usage in money laundering schemes include the purchase of cryptocurrencies by criminal networks using illicit proceeds and the use of cryptocurrencies to transfer funds.

The use of cryptocurrencies in money laundering schemes has been increasing, and many criminal networks relied on cryptocurrencies as a payment medium during the COVID-19 pandemic.

Money laundering networks specialised in large-scale money laundering

as a service have adopted cryptocurrencies and are offering their services

to other criminal actors. These networks can already rely on established infrastructure such as numerous bank accounts as well as in-depth knowledge of the banking system and use of FinTech.

Money laundering networks provide their services to other criminal networks, which may include the acquisition or trade of cryptocurrencies, the legalisation of criminal assets and the final cash out in the accounts of criminals. Professional money laundering networks are a significant threat and enable other criminal networks to operate. Marketplaces on the dark web advertise money laundering cryptocurrency service providers. They also offer information on how criminals can cash out cryptocurrencies, such as by exchanging Bitcoin for gift vouchers or prepaid debit cards.

Predicate offences

The use of cryptocurrency in money laundering involves the profits of both online and offline criminal activities. They are in fact frequently reported in the context of drug trafficking, fraud and cybercrime.

Cybercrime proceeds

primarily concern funds coming from online frauds, ransomware and dark web marketplaces. The highest volume of illicit transactions is associated with these criminal activities.

Fraud

Fraud is the most frequently identified predicate offence for the illegal use of cryptocurrencies, accounting for more than half of identified criminal transactions.Criminals involved in fraud either make use of professional (crypto) money laundering services or set up their own money laundering schemes.

Criminals involved in investment fraud are particularly adept at using cryptocurrencies to channel illicit proceeds. Cryptocurrency investment fraud schemes have been identified in several EU Member States.

Fraudsters create websites devoted to cryptocurrency investments or advertise lucrative investments and encourage investors to create accounts on online trading platforms. Alternatively, operators from established call- centres offer opportunities requiring small initial investments that end in high profits. The victims have the impression to be able to monitor their investments thanks to internet platforms. However, the whole process is a deception. Brokers try to obtain information about the victims using social engineering techniques, while gaining their trust with simulated trading activities.

On some occasions, fraudsters collect capital to initiate a new profitable cryptocurrency which does not really exist. Pyramid schemes are a frequently used method of attracting investors with promises of high returns. The increase in value promised to investors is just an illusion, and any disbursements to investors are merely funds transferred from investors further down the pyramid. Members are encouraged to bring others into the fold in exchange for a commission.

Drug trafficking

Cryptocurrencies are increasingly used to launder the proceeds of drug trafficking. In recent years, EU law enforcement authorities carried out several investigations into the laundering of drug trafficking proceeds using cryptocurrencies. These large-scale laundering activities normally involve specialised criminal networks that provide professional crypto money laundering services.

Cybercriminals

Cybercriminals make extensive use of cryptocurrencies that consequently have to be laundered, invested or cashed out. Proceeds from cybercrime activities normally do not require a conversion as they are often already in cryptocurrencies. Cybercriminals extensively use obfuscation techniques and services to hinder transactions traceability.

Conclusion 

As I write there seems to be no solution like one tablets suits all. Cryptocurrency as currency for crime is a neat equation and this would remain till cryptocurrencies exist in the world. Do though costly solutions exist to track cryptocurrency used for any type of crime but is not feasible for all police forces across the world . Government now need policies and regulations if crypto is to be governed for at lease law and order purposes .