Convergence Plus Logo


www Convergence Plus
 
Sections Online
Telecommunications
Mobility
Information Technology
InfoSecurity

InfoSecurity

August 25, 2006
 A Stitch in Time Prevents Cyber Crime

Runa Mukherjee

INTRO -- How many times have we received virus alert e-mails from our friends that warn us against opening certain e-mails? How many times has our system crashed down due to some weird and illegal spam that has come along with a pirated movie CD? How many times have certain websites popped on our computer screens that are unwanted and disgraceful? The answer is only one: very often.

NEW DELHI -- It is no secret that we all have come across some cyber crime or the other, no matter how big or small in magnitude it maybe. It has become a reality that one cant shy away from anymore. Companies, organisations, governments and most importantly, special forces have all come together to fight this not-so-harmless form of intrusion in today's times.

"Bachche ke delivery ho gayi hai, maa khairiyat se hai," (Baby has been delivered, mother is fine); "Shaadi ki tarikh fix ho gai thi, magar usse postpone kar diya gaya hai," (Wedding date had been fixed, but has now been postponed)

These are some of the e-mails that the anti-terrorist squad (ATS) had intercepted after the arrest of three alleged terrorists from Aurangabad in May this year according to a leading newspaper. The police had then recovered 13 kg of RDX and 10 AK-47 rifles from them. Police sources concluded that these emails, which had then perplexed investigators, might have referred to the delivery of ammunition to be used in the serial bomb blasts in Mumbai that week.

An alleged member of the Lashkar-e-Taiba who was arrested in the Aurangabad arms haul, even told the ATS that he kept in touch with prime suspect, Zabihuddin Ansari via e-mails. The mail when decoded by the ATS meant that the consignment was delivered and the module was fine. The second email when decoded meant that the date for the operation was fixed but was soon postponed.

This is a horrid example of how ghastly activities are being navigated by cyber criminals. There are several such big and small criminal scenes being acted upon in all parts of the world. India has also become a favorable base for cyber crime today.

The Basic Definition

Any criminal activity that uses a computer as an instrument, target or a means for furthering crimes comes under cyber crime. A more general definition of cyber crime would be "unlawful acts, where the computer is a tool, target or both."

As a tool, the computer can be used for financial crimes, sale of illegal articles, pornography, online gambling, intellectual property crime, email spoofing, forgery, cyber defamation, harassment and even cyber stalking.

The computer can be a target for unlawful acts like unauthorised access to the computer or the system, computer networks, theft of information contained in the electronic form, email bombing, trojan attacks, Internet time thefts, theft of computer system and by physically damaging the computer system. Cyber crimes are mainly directed against individuals (in person or property), organisations (government or firms) or the society at large.

Seeing the rise in such security threatening activities, companies have started to fret. Not only are they looking for better than ever options, they are also trying to nip the issue in the bud.

Vishak Raman, country manager, Fortinet, India, said: “More businesses are getting online now, and more critical business processes are being transacted over the Internet. This has led to a corresponding increase in criminal activity. Also, the effects of a successful hack into a company's systems can now, potentially, even put a company out of business.”

“The biggest danger to businesses comes from the proliferation and growing sophistication of your traditional threats, such as Trojans, viruses and worms. Previously, these threats could be countered by detecting their signatures, but these signatures are becoming increasingly difficult to define because the threats are now combining attack methods and signatures from different categories, such as viruses that are delivered by worms, or spoofed websites containing malicious code," he added.

He further explained that today's threats generally affect all businesses equally because the worms, viruses and Trojans do not discriminate - that is, the threats do not first see how big or successful your company is before deciding whether or not to infect your systems.

"More and more information is becoming available online. Compared to a couple of years back, the prevalence of online banking, bill payment and convenient services like online shopping and reservations in today's world have made the threat of identity and data theft a lot more realistic scenario," said Rajkumar Chandrashekar, vice president- Technology, Infinite Computer Solutions (ICS).

Types of attack

Unauthorised access to systems and electronic data theft: This activity is more commonly called hacking. Hacking in simpler terms means an illegal intrusion into a computer system and/or network. There is an equivalent term to hacking i.e. cracking, but from Indian Laws point of view, there is no difference between the term hacking and cracking. Every act committed towards breaking into a computer and/or network is hacking. Hackers write or use ready-made computer programs to attack the target computer. They possess the desire to destruct and they get the kick out of such destruction. Some hackers hack for personal monetary gains, like stealing the credit card information, transferring money from various bank accounts to their own account. They are also capable of extorting money from any corporate giant threatening him to publish the stolen information which can be critical in nature.

Email bombing: Email bombing refers to the sending of a large number of emails to the victim resulting in the victim's email account (of an individual) or mail servers (of a company or an email service provider) crashing.

Data diddling: This type of attack alters raw data just before it is processed by a computer and then changes it back after the processing is completed. Electricity Boards in India have been victims to data diddling programs inserted when private parties were computerising their systems.

Salami attacks: These attacks are done for the commission of financial crimes. The key feature of this kind of attack is to make the alteration so insignificant that in a single case it would go completely unnoticed. For example, if a bank employee inserts a program into the bank's servers, that deducts a small amount of money from the account of every customer. No account holder will probably notice this unauthorised debit, but the rogue bank employee will make a considerable amount of money every month.

Denial of Service attack: This attack is a severe means of flooding a computer resource with more requests than it can handle. This causes the resource like a web server to crash thereby denying authorised users the service offered by the resource. Another variation to this is known as a Distributed Denial of Service (DDoS) attack wherein the rogues are many and are geographically widespread. It is very difficult to control such attacks. The attack is initiated by sending several demands to the victim's computers, beyond the limit that the victim's servers can support and that makes the servers crash.

Virus / worm attacks: Viruses are programs that attach themselves to a computer or a file and then circulate themselves to other files and to other computers on a network. They usually affect the data on a computer, either by altering it or deleting it. Worms, unlike viruses do not need the host to attach themselves to. They merely make functional copies of themselves and do this repeatedly till they eat up all the available space on a computer's memory.

There is another kind of threat that is emerging, which are targeted attacks. These are customised attack vectors, developed by organised criminal gangs that would target specific companies, typically to extract confidential or classified information. These attacks are a lot more difficult to detect and repel.

Logic bombs: These are event dependent programs are created to do something only when a certain event (known as a trigger event) occurs. For instance, some viruses may be termed logic bombs because they lie dormant all through the year and become active only on a particular date (like the Chernobyl virus).

Trojan attacks: A Trojan as this program is aptly called, is an unauthorised program which functions within a seemingly authorised program, thereby concealing what it is actually doing.

Internet time thefts: This happens when an unauthorised person utilises Internet hours paid for by another person. In a case reported before the enactment of the Information Technology Act, 2000, a Colonel who had asked a net café owner to install Internet at his place later realized that his Internet hours were being lifted or stolen by another net café twith whom the former café owner had tied up. The police were incapable of solving this problem, so the Colonel went to The Times Of India, which carried out an article on the incapability of the police, whereby, the Commissioner took up the case and finally arrested the rogue café owner. Then it was realised that time could also be stolen.

Web jacking: This occurs when someone forcefully takes control of a website (by cracking the password and later changing it). The actual owner of the website does not have any more control over what appears on that website and what does not.

Theft of computer system: This type of offence involves the theft of a computer, some parts of a computer or a peripheral attached to the computer.

Physically damaging a computer system: This crime is committed by physically damaging a computer or its peripherals when no one is around. Its generally done for vengeance against some person professionally or personally.

"Bot-networks are being used more frequently to carry out criminal activities. In a bot-network, a criminal infiltrates hundreds or thousands of computers around the world, transforming each one into a sort of "zombie" client, and then uses the network to carry out denial of service (DoS) attacks," said Vishak Raman of Fortinet.

Phishing: The act of sending an e-mail to any user falsely claiming to be an established or legitimate enterprise in an attempt to scam the user into surrendering private information that will be used for identity theft later on. The e-mail directs the user to visit a Web site where they are asked to update personal information, such as passwords and credit card, social security, and bank account numbers, that the legitimate organisation already has. The Web is, in turn bogus and is set up only to steal the user's information.. By spamming large groups of people, the "phisher" counts on the e-mail being read by a percentage of people who had actually listed credit card numbers legitimately. Phishing, also referred to as brand spoofing or carding, is a variation on "fishing," the idea being that bait is thrown out with the hopes that while most will ignore the bait, some will be tempted into biting.

"Fortinet's own malware tracking reports has also noted an increase in phishing attacks, where a cyber criminal sends out emails disguised to look as if they originated from a trusted source, such as a bank. The cyber criminal then attempts to convince the victim to enter private account information, which is then diverted to a criminal enterprise and used for identity theft," said Vishak Raman of Fortinet.

Sale of illegal articles: This would include sale of narcotics, weapons and wildlife etc., by posting information on websites, auction websites, and bulletin boards or simply by using email for communication. Many of the auction sites in India for instance, are believed to be selling cocaine in the name of honey.

Online gambling: There are millions of websites that are hosted on servers all over the world, that offer online gambling. In fact, many of these websites are actually fronts for money laundering according to some experts.

Intellectual property crimes: This type includes software piracy, copyright infringement, trademarks violations and theft of computer source code.

Email spoofing: A spoofed email is something that appears to originate from one source but actually has been sent from another source. Email spoofing also causes monetary damage.

Forgery: Counterfeit currency notes, postage and revenue stamps, mark sheets etc can be forged using sophisticated computers, printers and scanners. Fake marksheets and certificates are made using computers, high quality scanners and printers. This has become a boom in India, considering how unscrupulous people are and to what lengths they go to get their way in examinations etc.

Cyber Defamation: When defamation takes place with the help of computers and the Internet, its called cyber defamation. If someone publishes defamatory matter about someone on a website or sends e-mails containing defamatory information to all of that person's friends.

Cyber stalking: Cyber stalking involves following a person's movements across the Internet by posting message which can be threatening or obscene in nature on the bulletin boards frequented by the victim, constantly bombarding the victim with emails etc.

Financial crimes: This includes cheating, credit card frauds, money laundering etc. According to Cyber Crime, recently, a website offered to sell Alphonso mangoes at a throwaway price. Distrusting such a transaction, very few people responded to or supplied the website with their credit card numbers. But these sellers were in reality, genuine. The word about this website now spread like wildfire. People from all over the country responded and ordered mangoes by providing their credit card numbers. The owners of what was later proven to be a bogus website then fled taking the numerous credit card numbers and went on to spend huge amounts of money much to the chagrin of the card owners.

Cyber pornography: This includes pornographic websites; pornographic magazines produced using computers to publish and print the material and the Internet to download and transmit pornographic pictures, photos, writings etc without warning.

Net Policing

To quote a cyber law ‘expert’ - "Orders like blocking various websites are bound to be observed more in breach than observance." The governments might feel that they have a right to block content that they find offensive but implementation is next to impossible. In a free society like ours, validity of net policing must certainly be questioned," said Rajkumar Chandrashekar of ICS.

Unfortunately, current issues like terrorism have highlighted the need to have the capability to monitor the flow of information. Even countries like China, which follow a much more restrictive policy on net policing have not been able to completely block the flow of information.

Section 79 of the Indian IT Act defines the liability of the network service providers. Under this, the network security provider is presumed to be guilty unless he proves that the offence or contravention was committed without his knowledge.

However, net policing has only limited effect: "Threats originating from India itself may be subject to police action, but not attacks originating elsewhere, such as China or Eastern Europe," said Raman of Fortinet.

Are the Lawmakers Listening?

Cyber Crime Investigation Cell, Crime Branch, CID, Mumbai recently registered a case against one accused in a case of Phishing attack on a financial institution site.

The accused was charged under section 66 of IT Act, sec 419, 420, 465, 468, 471 of I.P.C. r/w Sections 51, 63 and 65 of Copyright Act, 1957 which attract the punishment of 3 years imprisonment and fine up to 2 lac rupees.

The IT Act of 2000, has a number of laws that can apply in the case of a server attack on a particular company or organisation. Though it has not yet come into the force as much as the various companies and organisations would like it to, it will have to come into severe action in the very near future, as there are at least 30 virus outbreaks everyday all across world, as compared to the 2-5 major virus outbreaks that used to take place each month till the previous year, according to several security reports.

"Indian IT Act - 2000 is quite comprehensive in dealing with cyber related crimes and as has been shown recently, can be quite effective in dealing with issues. I am sure that as the law evolves over time, it will become more comprehensive," emphasised Rajkumar Chandrashekar on a positive note.

Securing your Cyber Space

With so much of criminal activity on the rise, one has to take security measures within one's house and organisation.

"A good firewall and anti-virus package as well as common-sense practices such as not opening suspicious email attachments will go a long way towards not becoming the next victim of cyber crime," said Raman.

"As any good organisation would do, we have a robust firewall protection system in place with DMZ's and expose only a minimal amount of systems to the outside world. In addition we do perform periodic internal and external security assessment of our systems and network," said Chandrashekar of ICS.

Here are some tips that an ordinary net surfer can use:

  • Use effective end point security software, which can provide complete content protection, including protection from content based threats.
  • Apply the latest patches and updates to the operating system, web browsers and e-mail programs.
  • Don't open e-mail attachments unless you know the source. Attachments, especially executables (those having .exe extension) can be dangerous.
  • Verify that the site you are visiting is really what it says it is. For example, websites of banks and financial institutions typically have an SSL certificate that verifies their identity. Avoid going websites from email links.
  • Create passwords containing atleast 8 digits. They should not be dictionary words. They should combine upper and lower case characters and symbols (if supported).
  • Use different passwords for different websites.
  • Send credit card information only to secure sites.

Fortinet believes in the concept of "defense-in-depth", which is adopting multiple layers of security in order to keep intruders out of the network. Deploying gateway firewalls, desktop antivirus and anti-spyware software, segmenting the network and deploying firewalls at the interfaces of each segment, are ways to make a company safer.

Vishak Raman explains, "The more layers of defense deployed, the longer it takes for a determined hacker to break-in. In the meantime, security and network administrators will have time to respond to the break-in or take counter-measures."

Fortinet also believes that manageability is a big part of security. This approach of multiple layers of security can easily degenerate into learning and maintaining dozens of software packages. Fortinet's FortiGate series of antivirus firewalls aggregate essential security features into one hardware appliance solution. This means that administrators only need to learn one interface and maintain one system instead of learning various different software packages and maintaining separate systems.

Fortinet also provides a subscription service for FortiGate customers, which automate the updating of virus, and other threat signatures and a management solution - FortiManager that provides centralised management of FortiGate systems deployed on the network.

Fortinet provides a range of security solutions ranging from the network and server to desktops and mobile clients.

Cyber Crime

Today computers have come a long way, with neural networks and nano-computing promising to turn every atom in a drop of water into a computer capable of performing hundred operations per second.

Where is it heading?

Cyber crime is an evil having its origin in the ever-increasing dependence on computers. In a day and age when everything from microwave ovens and refrigerators to nuclear power plants is being run on computers, cyber crime has assumed rather grey implications. While major criminal activities have come to our notice recently with the bank frauds et al, one can very well gauge the magnitude of terrorism that can soon manifest themselves.

Companies and the industries in general, must be cautious and develop multi-layered defense mechanisms that will frustrate the cyber criminal before he can actually affect the set up.

Awareness is important, and any criminal activity should be reported at once. More importantly, users must try and save any electronic information trail on their computers. That's all one can do, until laws become more stringent or technology more advanced. Till then, everybody should be warned.








Vishak Raman, Country Manager, Fortinet India


Rajkumar Chandrashekar, Vice President Technology, Infinite Computer Solutions
Disclaimer: No content may be used from this site without the written permission of the authors, Convergence Plus, Comnet Publishers Pvt. Ltd. and Exhibitions India Pvt. Ltd. The views expressed on this site are solely those of the authors and do not reflect those of Convergence Plus, Comnet Publishers Pvt. Ltd. and Exhibitions India Pvt. Ltd.