Cyber crime cell launches DVD for police personnel

Pune: The Pune cyber crime police have launched a DVD 'Useful website and tools for police officers' to educate the police personnel about the laws, methods to trace suspects and their mobile location.

The cyber police have chosen 100 different subjects related to crime and police. And each subject has at least five different websites links that would enable a police officer to get the desired information. The DVD contains website links and information on all bare acts, cyber laws, competitive examinations, how should the police behave with children, how to identify fake university certificates and credit card frauds, how to identify an absconding criminal in disguise and how to identify a missing person.

Besides, the cyber police have also given names of the software in the DVD, so, if the police officer has any doubts he can install the software and get the related information. Deputy Commissioner of Police (cyber crime), DGP Rajendra Dahale, said, "This is a unique project that was taken up by our police inspector Sangeeta Alfonso and assistant police inspector Sanjay Tungar. Our aim is to save the time of the police, while registering a case."

The DVD has been distributed to 30 police inspectors in the city. Moreover, the other commissionerates are also asking for it. Dahale further said, "We will give the DVD to the DG's office then it would be distributed to other parts of the state."

Alfonso said, "We have been working on this project for the past two months. Initially, we studied different areas, where the police encountered difficulties. We studied the problem areas and added the websites links in the DVD." Most of the time, police officers have to take help from the cyber crime cell while dealing with cyber crime but now they can get the information directly, Alfonso added. "Moreover, we have given different links. For example, if a police officer wants to discuss the case with experts. He just needs to click on that website and speak with the experts. Besides, most of the time police personal have problem in reading the post mortem report because of the medical terminology. A website link has been provided for such a situation also, where they can read it in their language," Alfonso further said.

The police can get information about a private security agency in case of a credit card fraud or net banking fraud. "Many times a police officer is unable to trace the mobile of a suspect. In this case, they just need to click on the related topic to get information," Alfonso said.

A police inspector with the cyber crime cell said, "The Mumbai police have also asked for the DVD."

Read More

Cybercrime Statistics Expose Five Industries Most Susceptible to Phishing Attacks

CLEARWATER, Fla., May 23, 2011 /PRNewswire/ -- Internet Security Awareness Training (ISAT) firm KnowBe4 has released new cybercrime statistics that identify the nation's most Phish-prone™ industry sectors, which are those most susceptible to cybercrime ploys. The top five industries vulnerable to cybercrime include travel, education, financial services, government services and IT services. These findings are based on a recent phishing experiment KnowBe4 conducted among small and medium enterprises (SMEs) featured in the latest Inc. 500 and Inc. 5000 listings.

Using the Inc.com website to obtain domain names and a free data-gathering service to find publicly available email addresses, KnowBe4 sent out a simulated phishing email to employees at more than 3,500 companies. Individuals who clicked the link were directed to a landing page that informed them they had just taken part in phishing research. The emails were successfully delivered to about 29,000 recipients at 3,037 businesses; and in nearly 500 of those companies, one or more employees clicked the link. Because of the potential for Internet security breaches among these businesses, KnowBe4 dubbed them the FAIL500.

"Any business that provides access to email or access to its networks via the Internet is only as safe from cybercrime to the degree that its employees are trained to avoid phishing emails and other cyberheist schemes. The more employees within an organization that use email or go online, the greater the risk of exposure to cybercrime," said KnowBe4 founder and CEO Stu Sjouwerman (pronounced "shower-man").

KnowBe4 conducted a comprehensive data analysis of its FAIL500 study results, which included categorizing the companies into 25 industry sectors. The findings revealed that some industries are particularly vulnerable to cybercrime. Based on the percentage of companies in each sector that responded to the phishing email, the most Phish-prone industries are:

• Travel - 25%
• Education - 22.92%
• Financial Services - 22.69%
• Government Services - 21.23%
• IT Services - 20.44%

"Our cybercrime statistics should serve as a wake-up call to SMEs nationwide," noted Sjouwerman. "Not only are these businesses at risk for financial loss through a cyberheist, but their susceptibility to phishing tactics could compromise sensitive customer data such as credit card, bank account and social security numbers."

Sjouwerman cites a "false sense of security" as the primary reason companies are vulnerable to cybercrime. "Most people assume that antivirus software and an in-house IT team provide sufficient data security. But considering that IT is among the most Phish-prone industries, it's clear that's a very dangerous assumption to make."

Cybercriminals have become very sophisticated in their tactics, and Sjouwerman notes that they often target businesses through official-looking emails that appear to be sent by government agencies, business partners or even company executives. "Many of the top Phish-prone industries are regulated and subject to compliance rules, so well-meaning employees can be tricked into clicking a link if they believe an email was sent by a government or law enforcement agency, or by someone they know and trust. And with just one click, malware can be instantly uploaded to a system - bypassing both antivirus software and IT firewalls. A cyberheist can be underway within minutes."

According to YourMoneyIsNotSafeInTheBank.org, small-business accounts suffered more than $40 million in cybercrime losses as of 2009. The website also cites FDIC figures indicating this type of crime increased five-fold within a 12-month period, and notes that the FBI is tracking hundreds of related cases. Small and medium-sized organizations have become the primary targets of the Eastern European hacker gangs behind this frightening new crime wave. These cybercriminals tend to prey on smaller businesses and banks that lack the cyber-fraud controls many larger institutions have in place.

To help SMEs combat the growing threat of cybercrime, Sjouwerman recently published his fourth book, Cyberheist: The Biggest Financial Threat Facing American Businesses Since the Meltdown of 2008. In addition to highlighting the results of the FAIL500 project, Cyberheist explores the business of cybercrime, examines a number of cybercrime cases and empowers readers with effective strategies for countering cyber attacks.

For more details on the KnowBe4 phishing study - including the Phish-prone percentages for all 25 industry sectors - visithttp://www.knowbe4.com/fail500. Future announcements from KnowBe4 will provide further analysis on the experiment, including projections based on the FAIL500 research findings. To learn more about Cyberheist, or to order the paperback or e-book edition, visit http://www.cyberheist.com.

About Stu Sjouwerman and KnowBe4

Stu Sjouwerman is the founder and CEO of KnowBe4, LLC, which provides web-based Internet Security Awareness Training (ISAT) to small and medium enterprises. A data security expert with more than 30 years in the IT industry, Sjouwerman was the co-founder of Sunbelt Software, an award-winning anti-malware software company that he and his partner sold to GFI Software in 2010. Realizing that the human element of security was being seriously neglected, Sjouwerman decided to help entrepreneurs tackle cybercrime tactics through advanced Internet security awareness training. He is the author of four books, including Cyberheist: The Biggest Financial Threat Facing American Businesses Since the Meltdown of 2008. For more information on Sjouwerman and KnowBe4, visit http://www.knowbe4.com.

Media Inquires:

Karla Jo Helms
CEO and PR Strategist
JoTo Extreme PR
Phone: 888-202-4614
http://www.JoToPR.com

This press release was issued through eReleases(R). For more information, visit eReleases Press Release Distribution athttp://www.ereleases.com.

SOURCE KnowBe4, LLC

Read More

Where Are the Ethics in Hacking?

A recent news story begs the question: What is "ethical" hacking?

You may have heard about Australian security researcher Christian Heinrich, who hacked live into Facebook's privacy controls at an IT security conference and accessed private photographs of rival security professional Chris Gatford and his family, including the image of a child. The incident led to a journalist being arrested and having his iPad seized after he published some of the images online.

A lot of people don't understand the difference between hacking and ethical hacking.

Following the event, detective superintendent Brian Hay, head of the Fraud and Corporate Crime Group of the Queensland Police Service, criticized the demonstration of a so-called ethical hacking. "I think cultures have built up where hacking, in the past, has been a part of a competition, and you have black-hat conferences around the world. The technical reality is that on those occasions crimes may well have been committed."

This latest incident has left many questioning what role ethics play in ethical hacking, and what this activity really is about.

"The reason ethical hacking exists is because somebody less ethical in a different country will hack your systems and not tell you - that is going to happen no matter what," says Jeremiah Grossman, Founder and CTO of WhiteHat Security. "So, ethical hacking is conducted to hack yourself first and fix the issues and vulnerabilities that remain to avoid being a headline like Sony."

Ethical hackers, then, attempt to exploit the IT security of a system on behalf of its owners by following certain polite rules, like getting a written or verbal consent from the owner of the system before the professional conducts the test.

"What the Australian researcher did is not ethical hacking," says Jay Bavisi, President of EC-Council, a global certification and training organization for ethical hackers. "A lot of people don't understand the difference between hacking and ethical hacking."

Terms like penetration testing, ethical hacking and hacking are interchangeably used, and Bavisi defines each:

• Hacker: simply a person who invades or interferes with another system with the intent to cause harm, without having any permission from the system owner.
• Ethical hacker: a professional hired by an organization to review its security posture. The whole process involves a written consent and rules of engagement from the client, which clearly spell what they can or cannot do, "This is basically our 'get out of jail free' card," Bavisi says.
• Penetration tester: a professional who goes a step beyond the ethical hacker and provides an active analysis of the system for any potential vulnerabilities that could result from poor or improper system configuration, both known and unknown hardware or software flaws, or operational weaknesses. These individuals are largely involved in the remediation process.

Still, Ian Glover, president of the UK's Council of Registered Ethical Security Testers (CREST) , a global organization that assesses the skill and competence of professionals working in the penetration testing industry, says, "I don't like the term ethical hacking." According to him, the term is misleading as hacking immediately presents a negative view of people mounting unsolicited illegal attacks.

The professional penetration industry provides an invaluable service to government and business validating security controls. While individuals who believe they can work illegally still exist, the professional penetration testing industry acts in a responsible manner within a strict legal and ethical framework.

"In the past there was the opportunity to be a hacker, to do inappropriate things and then people would employ you. In the future that is not going to be the case, as neither the industry nor the buying community will accept individuals who have operated illegally," Glover says.

The industry has matured, he says, and because of that the bar of entry is much higher for prospective testers. In this case, he adds that if Heinrich were to be a member of a professional organization like CREST, he would be immediately removed for his actions.

There are ethics and morals involved when ethical hackers take up such contracts or positions. They clearly understand their limits dictated by the letter of authorization where the client specifies the scope of engagement. For instance, the servers that can or cannot be tested, the IP range ethical hackers can use etc. These professionals are aware of the legal framework and understand the requirement for full disclosure to the client. "Without permission, no ethical hacker will touch the job and go beyond the scope in any form. This is standard security practice," Bavisi says.

The latest incident is just an example of a bad hacker, adds Grossman. "The researcher made a rather common mistake of demonstrating a live vulnerability on stage without permission. Would I have done it? No!"

One of the key lessons in this case is the need for better education within the industry to highlight the differences among hackers, ethical hackers and penetration testers.

"People must understand the difference between a cop and a thief," Bavisi says.

Source:- http://blogs.bankinfosecurity.com

Read More

Parents Should Keep a Tab On Child's Activities On Internet

We now can relate easily to social networking in India, having much familiarity with it as these events have started to pop up very often. Recently, in Gujarat, a student pursuing MTech from renowned Nirma University was caught unawares, after he was found guilty of hacking into a girl's Facebook account and putting up obscene pictures on the same. He was caught very quickly, but he is just only single percent of the whole lot. Let me explain to you, via some of my favourite statistics and analysis.

Every day, we get at least ten calls on an average, which have reports ranging from fake profile impersonation to cyber pornography and posting of malicious content by minors, especially students from schools and colleges. Apart from that, there is a vicious rise of 10 % in such cases since beginning of year 2011, as compared to last year's cases. With increase in cyber crime cases in India, these contribute heavily to the number of registered cyber crime cases, as 50% of cases coming to police stations are having more or less the same tune to play.

So, are there any problems with the students or the youth culture of India? Well, to say the least, such cases have also been largely reported in various other countries including developed countries. The case here is not about the youth and the growing technology, but the tyranny lies in the very basic thing, which is nurturing of youth. There are some very strict and yet very essential and genuine steps for parents to take here, because, with effect of these steps, they can avoid falling in such situations and exempt the disrespect as well as the problems which they face later on.

What parents should do is like, they need not keep constant vigil on the child, but they need to know, on which sites he is creating a profile, where he is posting his photos, what he is sharing with his friends. The parents need to know and monitor the activities, but not by spying but by having a nice and easy-go relationship with them, so that they don't feel embarrassed to show you their profiles, and thus also they will avoid putting unnecessary information, data, as well as content, which may harm their profiles on the net, out in the open. Parents need to gather information about the social networking cyber space through seminars and expert lectures, organised at various centres in the city and across the country.

It is also the duty of the government to impose laws and regulations over the cyber space ventures of overseas companies, which actually don't physically exists in India, but are virtually present. The laws should abide each and every such company operating websites over Indian space. The government needs to close and create boundaries of Indian cyber space, which should be regulated each and every moment, to avoid such mishaps.

Apart from that, it is duty of the website operators, to see into such cases, as soon as a legal complaint is filed, and handover the culprit or any sufficient and required details on the case, to the authorities. But, help from Facebook, and many other such networking websites, still looks like a faraway dream, as there is still no hope of improvement in their behaviour and cooperation towards us.

Sunny Vaghela
The author is a city-based ethical hacker and specialises in cyber crime investigations and forensics.

Source:- http://www.dnaindia.com

Read More