Advocate (Dr.) Prashant Mali's Blog

Hacking is Not that Hard  ▫ More than 90% of successful breaches  required only the most basic techniques. ▫ Only 3% of breaches were unavoidable  without difficult or expensive actions. ▫ Outsiders with insiders help of or with gross negligence  of insiders were responsible for most  breaches. ▫ 85% of breaches took months to be  discovered; the average time is five  months. ▫ 96% of successful breaches could have  been avoided if the victim had put in place  simple or intermediate controls. ▫75% of attacks use publicly known  vulnerabilities in commercial software  that could be prevented by regular  patching. ▫ One study found that antivirus software  missed as much of 95% of malware in the  first few days after its introduction. ▫ Another study found that 25% of malware  is not detected by current techniques.

Ø   1995 – Major General Wang Pufeng describes attacking via Internet Ø   1997 – Major General Wang Baocun’s 10 Features of Chinese InfoWar Ø   1997 – “ War Beyond Limits” (Unrestricted Warfare) is written by 2 Senior Chinese Colonels Ø   May 03, 2001 China warns of massive hack attacks Ø   2002 - “informatisation” campaign begins Chinese Communist Party (CCP) General Secretary and Central Military Commission (CMC) Chairman Jiang Zemin, a speech before the 16th Party Congress Ø   2003 - Titan Rain US DoD & Government websites targeted Ø   2004 – Japan targeted by Chinese over disputed Daiyu Islands Ø   2007 – GhostNet Global CnC network with IP addresses in People’s Republic of China   Ø   2008 – Byzantine Hades - targeted cyber operations against the U.S. government using social engineering and malicious attachments and links in e-mail messages.  Ø   2008 - MI5 writes to more than 300 senior executives at banks, accountants and legal firms warning them - t

E-commerce shopping websites liable for deficient service When a problem arises, the portal shuns responsibility by claiming it is only a trading platform to bring the buyer and the seller together, and is in no way liable. Online shopping is becoming increasingly popular because it saves time, the bother of travelling, the prices are competitive, and returns are accepted. In some cases, the seller's name is disclosed, but the address and contact numbers are withheld. This is done in business interests, so that the buyer and seller do not make a deal, depriving the portal of its commission. The consumer deals with the portal, makes payment to the portal and follow-ups too are via emails to the portal. Yet, when a problem arises, the portal shuns responsibility by claiming it is only a trading platform to bring the buyer and the seller together, and is in no way liable. This is against consumer interest and unwarranted, as held by various consumer fora. Case Study 1: Atul

• • The most secure computers in the world can't “Google” a thing—they are disconnected from the Internet and all other networks. The U.S. military and the National Security Agency rely on this attack-prevention measure, known as air-gapping, as does  The Intercept , the media outlet co-founded by Glenn Greenwald, who was instrumental in disclosing the nsa's extensive domestic surveillance program. But where there's a will, there's a way: a team of doctoral students at Ben-Gurion University of the Negev in Israel announced it can obtain information from an air-gapped computer by reading messages encoded in the heat given off, like smoke signals, by its processors. All computers have built-in thermal sensors, which detect the heat produced by processors and trigger the rotation of fans to avoid damage to components. To achieve the hack in an office setting, snoopers would infect two adjacent desktop PCs—one air-gapped, the other connected to the Internet—with mal

Rs. 27,000 crore lost in Banking Frauds including cyber frauds from last five years Cheating and forgery have led to public and private sector banks losing as much as Rs.27,000 crore cumulatively in the last five years, reveals information obtained by dna News Paper under the Right to Information (RTI) Act. And even this is just a conservative estimate with the actual losses being several thousand crores more. More than 11,500 cases of cheating and forgery of amounts involving Rs.1 lakh and above were reported by banks to RBI.  SBI reported 1,124 cases the worst hit with losses of Rs.3,494 crore. Of the Rs.27,000 crore losses, public sector banks accounted for Rs.24,000 crore and the rest Rs.3,000 crore was reported by private sector banks. While SBI headed the list, ICICI Bank leads the list of private sector banks with losses of Rs.1,089 crore in 1,776 cases - the highest amongst all banks. I only won Court Orders worth 3.5 Crores for Online Banking and Credit Card Frauds to be

My meeting with His Holiness Dalai Lama  My Himachal trip was scheduled from 14th to 20th March 2015 and as the days came nearer, without any confirmation of appointment from His Holiness Dalai Lama, I have started telling my friends and fellow beings that i am going to meet Dalai Lama. My intuition then sensed that i will meet him on 18th that made me tell every body the date also. I was visiting my neighbor and Singer friends Baba Honey & Rishika Kaushal, and this trip was also decided extempore in the busy month of March. In preparations i started called one of my highly placed good friend in IPS and he said that he will try and as my faith goes i relied on the same, but my this friend got caught up in some important conference and he couldn't confirm my appointment till 17th, even though i was keeping patience, i never called him as i was knowing if i am scheduled to meet His Holiness, i would definitely meet and Almighty would help me. On 17th afternoon we started

I was Speaking at "India Cyber Security Summit  2015" at Hotel JW Mariott, Mumbai before more than 240 august delegates .  I Strongly feel, India can become "Cyber Security Super Power" if 1. Capacity Assimilating is done now coz capacity already exists  2. Cyber Security companies existing are nourished as National Pride and new ones are incubated. 3. India marketed as "Cyber Security Products or Product development destination" 4. Efficiently managing world media by highlighting achievements India has in  ‪#‎ cybersecurity‬ 5. Agreeing and relabeling this Ethical Hackers courses as Cyber Security Programs and recognizing certain recognized hackers as  ‪#‎ cyber‬  security professionals officially, instead of keeping them in dark world of hacking. 6.Making "Cyber Security & Cyber Law " topics compulsory in all college courses as every one uses computers , i personally think "Cyber Security has become the way of Life" and not a