Sunday, August 29, 2010

‘Cloning scam tip of iceberg’

CHANDIGARH: Police have called it the tip of the iceberg but their failure in achieving any breakthrough in the recently exposed ATM-cloning scam has left the men in khaki facing the heat.

It's been nine days since the first complaint about ATM fraud came to light. What was initially dismissed by State Bank of India as mechanical snag turned out to be a scam that has left many residents with lighter pockets. Authorities took the matter seriously only after a plethora of charges came pouring in. Soon, customers began approaching police with their complaints, claiming thousands of rupees had mysteriously gone missing from their SBI accounts.

Sources in SBI told TOI, ''The bank received a complaint from Anil Dudy of Sector 20 in the beginning of August. He claimed that somebody withdrew Rs 15,000 from the account of his father Dharamvir Singh through the ATM. But no action was taken.'' The scam reached it present proportions on August 19, when four persons — Hans Raj, Raj Kumar, Ankur and Kulwant Singh — found money had been withdrawn from their accounts.

An inspector with UT police Cyber Crime Investigation Cell, Amanjot Singh, said, ''We obtained CCTV footages from different ATMs of SBI, but are yet to ascertain the identity of the accused.'' He added that preliminary investigation had established that around 150-200 ATM cards were cloned through skimming machines during the last two months.

Surprisingly, police have still not received any formal complaint from SBI.

An official spokesperson of SBI said the complaints were being investigated by SBI's internal vigilance wing and a formal complaint would be made only after a final report was out.

DSP (crime) Satbir Singh said the matter needed thorough scrutiny. ''We are waiting for the findings of SBI's internal probe.''

Read more: ‘Cloning scam tip of iceberg’ - Chandigarh - City - The Times of India

World’s Smallest Cyber Crime Investigation Device Released by ASCL & Data64

The world’s smallest cyber crime investigation device was released in Pune on Saturday 28th August, 2010 by Hon’ble Justice Rajesh Tandon, Chairperson, Cyber Appellate Tribunal, New Delhi.

Code-named pCHIP, this Portable Mega Investigation & Forensic Solution is delivered in two versions – on a USB device and on a micro SD card.

pCHIP runs from a USB drive / micro SD card without installation on the suspect PC. It captures relevant volatile evidence from a live (switched on) computer. It has an extremely easy-to-use interface and provides detailed reports.

Volatile Evidence Recovered by pCHIP

The pCHIP retrieves crucial volatile digital evidence from the suspect computer and generates 38 reports at the click of a button.

Password & Encryption handling by pCHIP

The pCHIP can detect and list password protected & encrypted files on a suspect computer. It can also attack and crack hundreds of types of passwords.

USB History detection by pCHIP

At the click of a button, the pCHIP can generate a report containing the details of every USB device ever connected to the suspect computer.

Cloning and Imaging by pCHIP

The pCHIP can clone and image disks and also recover deleted data.

pCHIP has been designed by Asian School of Cyber Laws & Data64 Techno Solutions Pvt. Ltd.

Data64 Techno Solutions Pvt. Ltd. is incubated by Science & Technology Park, a STEP promoted by Department of Science & Technology, Government of India.

Asian School of Cyber Laws is a global leader in education, training and consultancy in cyber law, cyber crime investigation and digital forensics.

Mr. Debasis Nayak, Director, Data64 Techno Solutions Pvt. Ltd. said:

It is widely believed that computer forensic investigations must be carried out on static data and never on live systems.

This usually means that the investigator would first pull the plug on any live machine and then physically remove the hard disk(s). This hard disk would then be imaged and subsequently the image would be analyzed.

We believe that such an approach is flawed. In many cases, it is prudent for an investigator to first carry out preliminary investigations on the live system and then pull the plug.

Some of the reasons for this approach are:

1. In many computer attacks, the evidence may be only in the computer memory and not in any files on the hard disk. Pulling the plug or shutting down such a computer may destroy the evidence.

2. If the suspect is using cryptography to secure his data, then pulling the plug may mean that the data will no longer be available in an unencrypted format.

3. The suspect could configure his computer to clear the paging file automatically on shutdown. This would cause a lot of evidence to be lost.

Sunday, August 15, 2010

Man arrested for mailing ex-colleague’s ‘lewd’ pics

Mumbai: The cyber crime cell of Mumbai police on Wednesday arrested a 23-yearold executive working for a multinational company in Andheri for allegedly hacking into his ex-colleague’s email ID and sending morphed obscene pictures of her to her friends.

The accused, Prashant Vilas Desai, was arrested after the police tracked down the IP address to his laptop. “We have booked Desai on charges of cheating, breach of trust and Sections of the Information Technology Act. He has been remanded in police custody,’’ said a cyber crime cell official.

The 22-year-old victim worked as an administrative assistant with the same company where Desai was employed. Desai was attracted to her. Though she treated him like a friend, Desai mistook her actions and approached her parents with a marriage proposal, the official added.

The victim’s parents turned his proposal down. Soon after, he allegedly started stalking her. He would call her repeatedly and send her emails. “She left that organization and joined another company as sales coordinator. On May 26, Desai called her mother up and told her that she was sending him emails expressing her love for him. Later, he even showed her mother printouts. The victim’s mother told her to close the email account and start a fresh one,’’ the officer said.

“On June 21, some of her friends informed the victim that someone had sent obscene pictures of her from her email, giving out her details and phone number. When the victim logged into her account, she was shocked to see the emails,’’ the officer said.

One nabbed for Nigerian scam

Mumbai: The cyber crime cell has arrested a 47-yearold man in connection with the Nigerian email scam. Prabhakar Rajaram Ravle had allowed the accused in the scam to use his bank account

Australian, Indian firms enter joint venture

Stickman Consulting, a leading information security company based in Australia, has entered into a joint venture with city-based law firm Abhay Nevagi & Associates to offer services in information security and cyber forensics in the country.

Ajay Unni, global managing director of Stickman Consulting, said, “In modern day business practices, management and compliance for information security and certification of data, security standards are of paramount importance, not only to prevent cyber crime but also for data protection. With this JV, we intend to offer a complete solution in specific areas based on expertise of both the entities”

“We are trying to tackle problems related to data security, data misuse, web attacks and cyber forensics, especially in a time when India has been ranked as the highest spam originator country. Contributing to 4% of worldwide spam volume, it has jumped from 13th rank rank in 2008 to 3rd in 2009 in web-based attacks and is witnessing multi-fold increase in cyber crime every year”, said Abhay S Nevagi, head of Abhay Nevagi & Associates.

Monday, August 9, 2010

Tap mobiles with a $1,500 device now

A COMPUTER SECURITY RESEARCHER has built a device for just $1,500 that can intercept some kinds of cell phone calls and record everything that’s said.

The attack Chris Paget showed illustrates weaknesses in GSM, one of the world’s most widely-used cellular communications technologies. His attack was benign; he showed how he could intercept a few dozen calls made by fellow hackers in the audience for his talk at the Defcon conference here.

But it illustrates that criminals could do the same thing for malicious purposes, and that consumers have few options for protecting themselves.

Paget said he hopes his research helps spur adoption of newer communications standards that are more secure.

“GSM is broken — it’s just plain broken,” he said. GSM is considered 2G, or “second generation,” cellular technology. Phones that run on the newer 3G and 4G standards aren’t vulnerable to his attack.

If you’re using an iPhone or any other smart phone and the screen shows that your call is going over a 3G network, for example, you are protected. Blackberry phones apply encryption to calls that foil the attack, Paget pointed out.

But if you’re using a type of phone that doesn’t specify which type of network it uses, those phones are often vulnerable, Paget said. Paget’s device tricks nearby cell phones into believing it is a legitimate cell phone tower and routing their calls through it.

Techie gets sacked over nude pic row

Mumbai: A day after a Sacramento-based woman, Tara Fitzerald, said she was considering legal action against the Dell computer company because a tech support engineer from Mumbai allegedly downloaded her naked pictures from her laptop and uploaded them to the internet, Sitel India, the technical support service centre, fired the engineer, Riyaz Shaikh, on Wednesday.

A Dell spokesperson said Shaikh is not a Dell employee, but works for the third-party call centre on Dell’s account. The spokesperson said that they were in touch with Fitzgerald. “We are in touch with her for further investigation of the matter. Our customers’ needs are being met and delivering quality customer service is our primary goal at Dell,’’ said a spokesperson. “When Fitzgerald contacted Dell with this incident last year, we investigated the issue. We contacted the centre about the allegation and can confirm that Shaikh no longer handles Dell calls.’’

In December 2008, Fitzgerald had called for tech support. She was connected to an outsourced call centre in Mumbai. She then allegedly gave Shaikh permission to access her laptop remotely. She discovered a month later that 16 of her nude photographs were on a website.

Fitzerald, mother of a 14-year-old, later contacted Shaikh, but he reportedly said her boyfriend was responsible. He then asked her to ship him a new Dell laptop so he could black out the website.

She obliged, but Shaikh allegedly used her Dell Preferred credit card on an $800 Valentine’s gift for a woman he met online

Sunday, July 25, 2010


Duo hacks website, books int’l tickets

Mumbai: Two persons hacked into the website of an authorised travel agent of a domestic airline, causing a loss of more than Rs 65,000 to the latter. But their fraud was detected and they ended up in the police net.

The two hacked into the website of an Andheri travel agent of Indigo Airlines. They booked international tickets that caused a loss to Indigo Airlines to the tune of 65,152. However, the duo was nabbed by the cyber police on Tuesday. The two accused, who have been identified as Prashant Amarnarayan Jha (36) and Sudipkumar Sinha (30), have been booked on the charges of Information Technology Act of 2000 and have been remanded to police custody. While Jha is a resident of Nallasopara, Sinha is his associate and a resident of Marol in Andheri.

According to the police, the complaint was filed by one Arun Shetty who is the authorised ticket agent of Indigo Airlines having an office under the name of Ramkrishna Travels and Tours in Andheri.

Shetty was shocked recently when the airlines furnished him the extra bill for a few international tickets which he had not issued. During the course of investigations, it came to light that somebody had hacked into the website of the travel agent and issued two international air tickets. The cyber police traced the IP address to Nalasopara. The police raided Jha’s residence and arrested him.


Sex and the workplace

Two months ago, 31-year-old Manika Madhok quit her job with a multi-national corporation (MNC) in Gurgaon. For more than a year, she had been receiving sexually suggestive photographs and lewd emails on her official mail ID, but despite repeated discussions with the company's human resources (HR)
executives, her stalker remained anonymous.

'Flirting at work alleviates boredom'

Finally, Madhok filed a complaint with Delhi's Cyber Crime cell. "Within a week, they told me that the person sending the mails was from my office, and asked to get in touch with our IT head. Between them, they realised the culprit was a guy from the IT department,” she says. "When they confronted him, he told them it was my ‘suggestive dressing' that gave him dirty thoughts. I was appalled at the way he pinned his behaviour on me.”

In 1997, for the first time, the Supreme Court recognised sexual harassment at the workplace as a problem for women, and set out detailed guidelines for its prevention and redress. The National Commission for Women later formulated the guidelines into a Code of Conduct for employers.

As with other crimes against women in India, sexual harassment has been a concern for a while, but official steps have been relatively slow in coming. As the recent David Davidar saga shows, there is still a degree of ambiguity regarding what constitutes sexual harassment, as opposed to ‘consensual flirting', and the extent to which it can be, or is, punished.

However, the process of awareness and protection is likely to be further streamlined if, as has been reported, the government tables the Protection Against Sexual Harassment Of Women Bill — which draws on the 1997 judgment — at the monsoon session of Parliament, which begins on July 26.

As a Hindustan Times-C fore survey shows, a large part of the problem is how ordinary Indians approach the issue. Conducted among 1,045 office goers in NCR (Delhi, Gurgaon, Noida) and Mumbai, Bangalore, and Kolkata, the survey reveals that 39 per cent of respondents feel that flirting at the workplace ‘alleviates boredom in life', and 48 per cent would decide their response to unsolicited attention from someone of the other gender based ‘on the age and looks of the person'.

Cultural differences sometimes cause misunderstandings about how far flirting can go. A spokesperson of a Bangalore-based IT company describes the case of a 25-year-old man who persistently stalked a female colleague because he "was unable to accept refusal”. The man was subsequently admonished and provided professional counselling. "Sometimes, people who come from semi-urban spaces may misread certain signals,” he says.

There is also the question of whether the notion of ‘harassment' can be stretched too far. In Davidar's case, he claimed that his accuser Lisa Rundle and he shared a "consensual, flirtatious relationship that grew out of close friendship”.

Kimberly Jane Thomas, 31, a voice and accent trainer in the BPO sector in Gurgaon, recalls a case from 2003-04 when she was operations manager at a call centre. A female colleague, 23, was "hounded” by a process manager in his 30s and went along with his advances, supposedly lured by the promise of a promotion. After six months of an apparently physically abusive relationship, the woman complained, the perpetrator had to resign, and was blacklisted. The woman, too, lost her job, but was not blacklisted.

Which is not to say that clear-cut cases of sexual abuse are hard to find. Ruth Dhanaraj, 31, a journalist, describes how a loading agent at the airport assaulted her sister, working for a major private Indian airline, when she resisted his advances, as a result of which she suffered physical injuries. The airline was supportive of the victim, and the man was fired, though the case was settled out of court.

These cases may lead one to think that sexual harassment of women at the workplace is on the rise. "But the number of women has also increased in workplaces. A decade ago, you'd see only a sprinkling of working women. Today, the number has not only trebled, but is increasing every quarter,” says S. Raahul Sridhar, who is working on a dissertation on women and sexual harassment at University of Madras.

Could it be that more cases have been reported in the last few years? A spokesperson for Infosys says, "We definitely see empowerment... People are willing to make use of company policy to report sexual harassment. We see this as a positive sign.”

The other question that arises is, are women the only ones in need of protection? For Kolkata-based consultant psychiatrist Shiladitya Ray, of all the cases he gets every month, "four to six per cent” are sexually harassed women. "Compared to that, the number of men is almost nil,” he says. He does add, however, that women may sometimes ‘invite' harassment by "dressing or behaving provocatively”.

That may sound offensive to some, but 29-year-old Batool Mangeshkar, who works in the sales department of a private bank, wouldn't be surprised. "It's fine to discuss policy, but if something really happens, HR is the first to laugh it off by saying things like, ‘Yeh sab toh hoti rahti hai'. Only when you take up the issue in writing are steps taken,” she says. Thomas has, on occasion, told off trainees for being ‘improperly attired'. Most HR policies specify a dress code, but Thomas feels HR managers are the ones who need training. "They have no people management skills... Forget about dealing with harassment cases,” she says.

Given the lack of clarity regarding what is evidently a widespread problem, one of the principal tasks of the new bill — which caters to casual labourers as well as the mainstream workforce — could well be to educate us on what constitutes sexual harassment. It ought to at least mark the start of a long-term battle.

Inputs from Satarupa Basu & Ratnalekha Mazumdar in Kolkata
New Delhi, July 17, 2010First Published: 22:59 IST(17/7/2010)Ruchira Hoon and Nivriti Butalia in New Delhi, Neha Dara in Mumbai, Hindustan Times

Thursday, July 8, 2010

Duo hacks website, books int’l tickets

Mumbai: Two persons hacked into the website of an authorised travel agent of a domestic airline, causing a loss of more than Rs 65,000 to the latter. But their fraud was detected and they ended up in the police net.

The two hacked into the website of an Andheri travel agent of Indigo Airlines. They booked international tickets that caused a loss to Indigo Airlines to the tune of 65,152. However, the duo was nabbed by the cyber police on Tuesday. The two accused, who have been identified as Prashant Amarnarayan Jha (36) and Sudipkumar Sinha (30), have been booked on the charges of Information Technology Act of 2000 and have been remanded to police custody. While Jha is a resident of Nallasopara, Sinha is his associate and a resident of Marol in Andheri.

According to the police, the complaint was filed by one Arun Shetty who is the authorised ticket agent of Indigo Airlines having an office under the name of Ramkrishna Travels and Tours in Andheri.

Shetty was shocked recently when the airlines furnished him the extra bill for a few international tickets which he had not issued. During the course of investigations, it came to light that somebody had hacked into the website of the travel agent and issued two international air tickets. The cyber police traced the IP address to Nalasopara. The police raided Jha’s residence and arrested him.


Monday, July 5, 2010

Jealous colleague turns to Orkut for revenge, arrested

Accused Anand Bilore created a fake profile of his workmate on the social networking site, and sent obscene messages from it to female colleagues in the company

There is nothing called healthy competition at the workplace. Especially if at stake is a coveted ‘best employee’ award, a promotion and the promise of a better life.

Allegedly driven by professional jealousy, an assistant manager with Kotak Life Insurance created a fake Orkut profile of his colleague with the intention of discrediting him. Thane’s Cyber Crime Cell arrested him and his associate on Tuesday after he used the social networking profile to send obscene messages to the female colleagues. The accused, Anand Ishwar Bilore, 21, and his associate, Vishal Changani, 23, an estate agent are from Chembur.

A Cyber Crime Cell officer said, “Bilore was working with the insurance company for the last couple of years while Nirmale joined only recently. Nirmale’s meteoric rise in the organisation obviously did not go down well with Bilore, especially after he won the best employee award and was promoted to the post of assistant manager.”

In order to embarrass his colleague, Bilore allegedly created his fake profile on Orkut from his friend Changani’s computer,” said Chandrakant Joshi, senior police inspector of the Cyber Cell.

“The accused scrapped all his female employees in the organisation and also sent them vulgar messages. When the women cross-checked with Nirmale he clarified his stand and lodged a complaint,” Joshi added.

Nirmale’s father Balasaheb said, “My son was upset when his female colleagues complained to him about the lurid messages. He was doing well at work, which I think upset Bilore as he belonged to a rival clique.”

On investigating, the police discovered that the computer belonged to Changani who was then arrested. Changani then informed the police about Bilore’s involvement.

Both were booked under Information Technology Act and were let off on bail.

“Strict disciplinary action is being taken against the erring individual. We place high emphasis on ethical conduct in personal and professional dealings of employees and misdemeanors of any sort are not tolerated,” said Sugata Dutta, Head of Human Resources, Kotak Life Insurance.

Source: Times of India - Vinay.Dalvi

Bizman from Ahmedabad booked for hacking

Mumbai: A 42-year-old busin e s s m a n from Ahm e d ab a d has come under the scanner of the Mumbai cyber police for allegedly hacking into a financial and insurance company’s website and email accounts.

The accused, Nirav Shah, was picked up on Monday evening and brought to Mumbai on Tuesday. He has been booked under the Information Technology Act and has been remanded in police custody.

According to sources, Deepak Shivanya, the IT department chief of Religare Assets, lodged a complaint stating that someone had hacked into the company’s website in May. He alleged that two out of 10 email accounts of the company were hacked into.

The police traced the Internet Protocol (IP) address to Shah’s residence at Memon Nagar in Ahmedabad. The cyber police raided his residence and recovered the hard disk through which Shah had allegedly hacked into the company’s emails. Investigations are on to ascertain the motive behind the crime.

Fraudsters use 'FBI' to dupe netizens

Mumbai: With internet users becoming aware about email scams, fraudsters have upped their game and are using ingenious methods to extract money from unsuspecting netizens.

The latest fraud email doing the rounds lists the Federal Bureau of Investigation (FBI) as the sender. The email offers to refund money you may have lost in an internet fraud in the past. But don’t hit the ‘reply’ button with your personal details. All these emails are fake. To make the emails look authentic, the fraudsters have provided the address of the FBI headquarters at Washington DC along with the investigating department. The National Association of Software and Service Companies (Nasscom) has written to the FBI, asking the agency to look into the matter.

The email is written by one Thomas Green who claims to be an agent with the FBI’s Internet Crime Complaint Center. The email states that six people have been arrested in connection with an email fraud, where they duped recipients into parting with money. A part of the amount, approximately US $ 2.5 lakh, has been recovered and can be refunded to the fraud victims through an ATM card, the email states. The card will be dispatched after the recipient provides personal information to another agent, Fredy Simon, the email adds.

“A month ago, I received a similar email, where the sender said he represented the United Nations and a committee had been created to refund money to victims of a phishing fraud. The email carried the UN logo and pictures of the secretary-general,’’ said technology evangelist Vijay Mukhi. “It’s best to delete such emails,” he added.

“This is a variation of the Nigerian scam,’’ said Pratap Reddy, director of cyber security at Nasscom. “If you haven’t lodged a police complaint, there’s no question of being contacted by an agency. If a complaint has been lodged, then a foreign agency like the FBI will have to go through proper diplomatic channels such as the Interpol. State CID is the nodal agency that would co-ordinate. The FBI will never approach an Indian citizen directly,’’ Reddy added.

Sunday, June 6, 2010

Bihar opens its first cyber crime investigation

Bihar opens its first cyber crime investigation unit in Patna24 May, 2010
Bihar Police has set up its first-ever Cyber Crime Investigation Unit (CCIU) at Kotwali police station in the state capital, Patna.

“It is the first-ever unit in Bihar and will come in handy for probing cyber crime and mobile phones complaints,” Amit Kumar Jain, senior superintendent of police, Patna,


April 14

| Chintan Dalal, 26, a resident of Bodakdev, met a girl online and proposed to marry her. Dalal was already married. When the girl realised this, she refused to have any relations with him. It drove him to create her fake profile describing her as a sex worker with her number. He was nabbed when he tried to do this for the fourth time in a row.

March 28

| Kushal (name changed), a former student of Gandhinagar DPS, sent a friend her morphed photographs and asked her to furnish Rs 1 lakh in a day. He had used his teacher’s computer and mobile phone connection to send eight emails to the girl. He was nabbed from Shahibaug.

March 17

| A credit card fraud gang of eight, including five youngsters, was busted where the youths used duplicate magnetic strips to shop using other people’s credit card numbers. The youths from Karnataka, Goa and Gujarat had siphoned off more than Rs 50 lakh in six months.

March 13

| Shaktisinh Parmar, 31, employee of a bank outsourcing company, misused customer information. He along with an intern Mayank Panchal, 21, would go to the customers’ houses, collect their credit cards with a promise to return them with higher credit limit. The duo was caught with goods worth Rs 93,550 purchased using other people’s credit cards.

Dec 2, 2009

| Gaurav Gandhi alias Rahul, 26, was caught by city police officials for sending two SMSes randomly to citizens, warning them of blasts at eight prominent locations in the city. The messages sent police in tizzy. Gandhi had used a SIM issued on his girlfriend’s brother’s name as he wanted to teach him a lesson.

Nov 13, 2009

| Gaurav Joshi, 26, an executive in an Ankleshwarbased company was held for making lewd profile of his colleague on a social networking site. Joshi had been sacked from his previous company after having clicked the woman’s pictures without her knowledge. He wanted to take revenge for his removal.

Saturday, February 27, 2010

177 cyber attacks on govt offices

New Delhi: Government offices reported a total of 177 cyber attacks in 2009, all of which originated from computers in foreign countries. Incidentally, cyber incidents in 2009 were almost double than in 2008 which saw 93 such incidents.

“A total number of 31, 93, 177 and 32 cyber incidents pertaining to (website defacement, website compromise and malware propagation) have been reported during the years 2007, 2008, 2009 and 2010 respectively in various government offices,” Ajay Maken, minister of state for home affairs, said in awritten statement the Lok Sabha on Tuesday. “These attacks have been observed to be coming rom computers installed in a number of foreign countries,” he said.

Source:TNN - Times Of India

Friday, February 12, 2010

Kandivli businessman in connection with a cheating and hacking case

Mumbai: The cyber crime cell of the Bangalore police last week arrested a Kandivli businessman in connection with a cheating and hacking case registered there.

The accused, Yashwant Mairale (39), is a resident of Kandivli. Mumbai police sources confirmed that they assisted the Bangalore team, headed by S S Muddegowda, which had come in search of Mairale. He was produced before the Ballard Pier court by the Bangalore cops, seeking his transfer warrant. He will be produced before the first class magistrate court i Bangalore on Friday.

The case pertains to a complaint of cheating by S Rangaswamy, a resident of Bangalore, who alleged that some one had hacked into his ICICI e-banking account and stolen Rs 2.50 lakh. When he checked the account in December last year, he was shocked to discover that Rs 2.50 lakh was transferred into three accounts.

A case of cheating was registered by the Cantonment police. But as it pertained to a hacking offence, the case was transferred to the CID’s cyber cell. During investigations, the police found that one of the beneficiaries, Sukresh Das, had an account the SBI’s branch in West Bengal.

But the police were unable to trace any such person. However, they found that Rs 50,000 was transferred into Mairale’s account in Mumbai.