Nasheman

India's largest selling Urdu weekly, now also in English

You are here: Home / Archives for Security

Is Airtel spying on you for Israel? Bengaluru techie exposes secret 'code'

by

Thejesh GN

Bengaluru: Bharti Airtel has been now accused of spying on its 3G mobile Internet subscribers in India by using programming from an Israel-based firm that offers monetisation solutions to telecom operators round the world!

The snooping came to light on June 3, when Bengaluru-based programmer Thejesh GN tweeted that Airtel was injecting lines of code into users’ browsing sessions over its 3G network without their knowledge.

The development has angered consumers, coming in the wake of widespread criticism for the Airtel Zero scheme that users and activists said violated net neutrality.

Using a web-based IP tracker, Thejesh was able to confirm that the code was originating from an IP address that belonged to Bharti Airtel.

Thejesh dug further and revealed that Airtel had partnered with Ericsson, which in turn was using the services of Israel-based Flash Networks to inject the code into web pages that users were browsing.

There’s more cooking in here. Thejesh also received a legal notice (Cease & Desist) from an Israeli company named Flash Networks Limited for exposing proprietary code.

The firm contended that his action was a criminal offence under the Indian Penal Code and the Information Technology Act.

Thejesh’s files on GitHub too were taken down under the US Digital Millenium Copyright Act.

Experts contend that Airtel is using the Israeli firm’s code to make money by using the consumer’s browsing history.

Flash Networks describes itself on its website as the “global leader of mobile Internet optimization and monetization solutions, enables operators to boost network speed, optimize video and web traffic, and generate over-the-top revenues from the mobile Internet”.

In reaction, Airtel issued a statement saying that the code is part of a tool it is working on to help users keep track of their data consumption but has now stopped using it.

According to Rohin Dharmakumar, a Bengaluru-based startup founder, Flash Networks enables mobile operaters to intercept their subscriber’s browsing and insert their own content or advertisements.

Experts said if this is true, Airtel is guilty of violating the privacy of its users by spying on their online behaviour. When questioned about this, an Airtel spokesperson said: “This is a standard solution deployed by telcos globally to help their customers keep track of their data usage in terms of mega bytes used. It is therefore meant to improve customer experience and empower them to manage their usage.

“One of our network vendor partners has piloted this solution through a third party to help customers understand their data consumption in terms of volume of data used. As a responsible corporate, we have the highest regard for customer privacy and we follow a policy of zero tolerance with regard to the confidentiality of customer data.”

(Agencies)

Four million US government workers hit by cyber breach

by

FBI investigating cyberattack that is believed to have compromised data of current and former federal employees.

Since the intrusion, OPM said it had implemented additional security precautions for its networks [Reuters]

Since the intrusion, OPM said it had implemented additional security precautions for its networks [Reuters]

by Al Jazeera

The US government agency that collects personnel information for federal employees has said that a cybersecurity breach had compromised the data of up to four million people.

The Federal Bureau of Investigation said on Thursday that it has launched a probe and would hold the culprits accountable, Reuters reported.

“The FBI is working with our interagency partners to investigate this matter,” the bureau said in a statement.

“We take all potential threats to public and private sector systems seriously, and will continue to investigate and hold accountable those who pose a threat in cyberspace.”

The Office of Personnel Management (OPM) detected new malicious activity affecting its information systems in April and the Department of Homeland Security said it concluded at the beginning of May that the agency’s data had been compromised. The office handles employee records and security clearances.

“This would likely be the largest theft of US government data in the history of the United States,” Patty Culhane, Al Jazeera’s White House correspondent reporting from Washington, said.

“Basically, OPM is like the human resources department of the entire federal government. They also get security background checks for people who want to get security clearances,” she said.

“The big question remains exactly what information was stolen? Was it social security number, your federal ID or was it salary information. Right now OPM is not saying.”

A US law enforcement source told Reuters a “foreign entity or government” was believed to be behind the cyberattack. Authorities were looking into a possible Chinese connection, a source close to the matter said.

A Chinese embassy spokesman in Washington said hypothetical accusations were irresponsible and counterproductive.

“Jumping to conclusions and making [a] hypothetical accusation is not responsible,” and is “counterproductive”, Chinese embassy spokesman Zhu Haiquan said in emailed comments.

Security precautions

The OPM had previously been the victim of a cyberattack, as have various federal government computer systems at the state department, the US Postal Service and the White House.

Since the intrusion, OPM said it had implemented additional security precautions for its networks. It said it would notify the 4 million people affected and offer credit monitoring and identity theft services to the people affected.

“The last few months have seen a series of massive data breaches that have affected millions of Americans,” US Representative Adam Schiff, the ranking Democrat on the House Permanent Select Committee on Intelligence, said in a statement.

But he called the latest intrusion “among the most shocking because Americans may expect that federal computer networks are maintained with state of the art defences”.

It is thought that the ramifications of the data breach could potentially affect every federal agency.

Modi government may spy on officials, parties, media: Congress

by

congress

Ranchi: Congress today demanded a probe into the alleged snooping on party vice-president Rahul Gandhi as it claimed that the next targets could be persons from the bureaucracy, political parties and media.

“We demand a judicial commission or a Parliamentary committee to probe the surveillance on Rahul Gandhi as it is aimed at suppressing democracy,” AICC spokesman Ajay Kumar said at a press conference here.

Next, he claimed, the snooping could be on government officials, political parties and media.

Even former Delhi police commissioners Ved Marwah and B K Gupta denied that any such procedures had been there, Kumar said.

On the controversy surrounding absence of Gandhi Jayanti from the list of holidays in Goa, Kumar refused to accept Goa Chief Minister Laxmikant Parsekar’s logic that dropping of October 2 from the list could be an act of mischief or a typing mistake.

“The BJP has a habit to set off balloons to see public reaction. It denies the action if the reaction is strong and it goes ahead with its action if everything is quiet,” alleged Kumar, a former IPS officer.

Slamming the Narendra Modi government on the amendment to Land Acquisition Act, he said, “The BJP government is for only one per cent of the population, protecting the super rich. It is not bothered about farmers and the poor.”

If the bill was passed, he claimed, even houses in cities would go in the name of creating infrastructure.

(Agencies)

India tops in asking for content restrictions: Facebook

by

facebook

New Delhi: Facebook blocked 5,832 pieces of content, including anti-religious matter and hate speeches, during July-December 2014 on orders of Indian government, the highest by any country on the social networking giant’s platform.

In its Global Government Requests Report for July to December 2014, the California-based firm said it has “restricted” 5,832 pieces of content.

“We restricted access in India to content reported primarily by law enforcement agencies and the India Computer Emergency Response Team within the Ministry of Communications and Information Technology, including anti-religious content and hate speech that could cause unrest and disharmony,” the social networking platform said.

Facebook’s report includes information on government requests it received for content removal and account data and national security requests under the US Foreign Intelligence Surveillance Act and through National Security Letters.

India is followed by Turkey at 3,624 number of pieces of restricted content, then Germany at 60, Russia (55) and Pakistan (54), the report stated.

Besides, India made 5,473 requests for data, mostly concerning criminal cases, to Facebook in July-December 2014.

According to Facebook, government officials sometimes make requests for data about people who use Facebook as part of official investigations. The vast majority of these requests relate to criminal cases like robberies or kidnappings. In many of these cases, government requests seek basic subscriber information such as name and length of service. Other requests have asked for IP address logs or actual account content, it added.

“Each and every request we receive is checked for legal sufficiency. We require officials to provide a detailed description of the legal and factual basis for their request, and we push back when we find legal deficiencies or overly broad or vague demands for information.

“Even where we determine that local law would compel disclosure, we frequently share only basic subscriber information,” Facebook said.

The requests covered 7,281 user accounts and Facebook provided “some data” on 44.69 per cent of the requests.

(PTI)

​UK govt wants nurseries to report potential "terrorist toddlers"

by

AFP Photo/Johnny Green

AFP Photo/Johnny Green

by RT

It may become a “duty” of nurseries and elementary schools in the UK to track and report any child that shows signs of sympathy with terrorists or is a risk of potential radicalization, according to the government’s plans aimed at preventing extremism.

A consultation document by the Home Office on ways to enhance the UK’s anti-terrorism system, the so-called “Prevent” strategy, calls for senior management and governors to “assess the risk of pupils being drawn into terrorism,” manifested through youths’ extremist ideas that may breed terrorist ideology.

The nurseries should insure proper training of their staff to give them the “knowledge and confidence to identify” and “challenge extremist ideas which can be used to legitimize terrorism and are shared by terrorist groups,” the document stated according to British media. “They should know where and how to refer children and young people for further help.”

The new approach of identifying potentially dangerous toddlers should be implemented on non-discriminating basis according to the 39-page consultation document. The document is part of the Counter-Terrorism and Security Bill bundle currently being debated in the parliament. If the strategy is approved it will become a “duty” not only for nurseries but also for other learning institutions.

“Schools, including nurseries, have a duty of care to their pupils and staff. The new duty in the Counter-Terrorism and Security Bill, to have due regard to the need to prevent people from being drawn into terrorism will be seen in a similar way to their existing safeguarding responsibilities,” a government spokesperson told The Independent.

Questions remain as to how the new measures will be implemented, with politicians and NGO’s speaking out against the heavy-handed tactics.

“It is unworkable. I have to say I cannot understand what they [nursery staff] are expected to do,” David Davis, the Conservative MP and former shadow home secretary, told the Telegraph.

“Are they supposed to report some toddler who comes in praising a preacher deemed to be extreme? I don’t think so. It is heavy-handed,” he added.

“Turning our teachers and childminders into an army of involuntary spies will not stop the terrorist threat,”Isabella Sankey, the policy director at human rights body Liberty, told the Telegraph. “It will sow seeds of mistrust, division and alienation from an early age.”

The government defended itself from the avalanche of criticism saying that privacy of individuals will be protected.

“We are not expecting teachers and nursery workers to carry out unnecessary intrusion into family life but we do expect them to take action when they observe behaviour of concern. It is important that children are taught fundamental British values in an age-appropriate way,” a government spokesperson told the Daily Mail.

The controversial Prevent strategy is the main effort by UK government to stop radicalization or people supporting terrorism, in all its forms. Prevent works at the pre-criminal stage by using early intervention to encourage individuals and communities to challenge extremist and terrorist ideology and behavior. Opponent of contemporary counter-terrorist policies say the strategy produces counter-productive effects and often discriminates directly or indirectly against Muslims.

Cyber crimes in India may double in 2015, says Assocham-Mahindra SSG study

by

email-threat

New Delhi: The number of cyber crimes in the country may touch 300,000 in 2015, almost double the level of last year, causing havoc in the financial space, security establishment and social fabric, a study said.

“What is causing even more concern is that the origin of these crimes is widely based abroad in countries including China, Pakistan, Bangladesh and Algeria among others,” DS Rawat, secretary general, Assocham said while releasing the joint Assocham-Mahindra SSG study “Cyber and Network Security Framework”.

At present, the number of cyber crimes in the country is nearly around 149,254 and is likely to cross the 300,000 by 2015 growing at compounded annual growth rate (CAGR) of about 107 percent. According to the study, every month sees 12,456 cases registered in India.

During 2011, 2012, 2013 and 2014, the total number of cyber crimes registered were 13,301, 22,060, 71,780 and 62,189 (till May) respectively, it said.

Phishing attacks of online banking accounts or cloning of ATM/debit cards are common occurrences. The increasing use of mobile/smartphones/tablets for online banking/financial transactions has also increased the vulnerabilities to a great extent. The maximum offenders came from the 18-30 age group, the report added.

These attacks have been observed to be originating from the cyber space of a number of countries including the US, of Europe, Brazil, Turkey, China, Pakistan, Bangladesh, Algeria and the UAE, highlighted the study.

“Growing internet penetration and rising popularity of online banking have made the nation a favourite among the cybercriminals, who target online financial transactions using malware and India ranks third after Japan and US in the tally of countries most affected by online banking malware during the year of 2014,” it said.

As per the study, Andhra Pradesh, Karnataka and Maharashtra have occupied the top three positions when it comes to cyber crimes registered under the new IT Act in India.

Interestingly, these three states together contribute more than 70 percent to India’s revenue from IT and IT related industries, it added.

(IANS)

Govt blocks 32 websites including Vimeo & Github, users furious

by

websites-block-india

New Delhi: On Wednesday, the Department of Telecommunications issued orders to Internet service providers in the country to block 32 websites on December 16, compliance of which was effected on the same day.

According to Government sources, the sites had alleged anti-India content from groups such as Islamic State or ISIS.

“We have blocked some websites as there were serious national security concerns,” said a government official.

“The websites that have been blocked were based on an advisory by Anti Terrorism Squad, and were carrying anti-India content from ISIS (Islamic State of Iraq and Syria),” Arvind Gupta, head of the ruling Bharatiya Janata Party’s information technology cell, said in a message on Twitter.

“The sites that have removed objectionable content and/or cooperated with the ongoing investigations, are being unblocked,” he added.

If Internet service providers (ISPs) don’t comply with the demand, they are liable to being penalized, the order said.

However, social media users erupted in fury over the blocking of sites like Vimeo, Dailymotion, Pastebin and, for some reason, Internet Archive and Github – one an archive and the other a collaborative programming service.

Redditors in India: United We Stand have been discussing the blocks on Reddit threads confirming that some of the listed sites have been blocked by Vodafone, BSNL, ACT Fibrenet, Hathway Cable & Datacom LTD. (Bangalore), among others.

This is not the first time the government has cracked down on websites. A recent report by Freedom House, an independent watchdog, said the information ministry received a total of 130 court orders to block Web content between February 2009 and December 2013.

In February 2014, the then minister of communication and information technology told Parliament that 62 URLs were blocked in 2013 under Section 69A for hosting objectionable information with the potential to disturb public order.

As many as 82 URLs were blocked on 18 September 2013 in addition to 26 blocked a week earlier after violence escalated between Hindu and Muslim communities in Muzaffarnagar district of Uttar Pradesh. A total of 362 URLs were blocked in response to communal violence in the northeast, the report said.

Rajasthan: 'IM' mail sender held, no terror link, not a Muslim

by

email_case

Jaipur: The Rajasthan ATS on Saturday arrested a 34-year-old resident of Jaipur’s Murlipura area for for allegedly circulating emails to 16 ministers warning them of terror strike by Indian Mujahideen on Republic Day.

The police have identified accused as Sushil Chaudhary who was held on Saturday night for circulating threatening email claiming of orchestrating terror strikes in the state on the eve of Republic day.

The email sent to 16 Rajasthan ministers to their official email id on 22 December read, “We are Indian Mujahideen. You people be careful. We are going to give you a Big Bang surprise. You can do whatever you want, but it’s a challenge that we will carry out many bomb strikes in Rajasthan on January 26. Stop us if you can.”

“We have arrested Sushil Chaudhary, a resident of Murlipura area in Jaipur, after tracking IP (internet protocol) address of a cyber cafe,” the officer told IANS.

“Chaudhary confessed that he sent those e-mails to the ministers from a cyber cafe,” official said.

“The accused was arrested by the ATS from his residence after Google provided us the IP address through which he circulated the mails. It was traced to a cyber cafe in Vidhyadhar Nagar here,” ATS ADG Alok Tripathi told PTI.

“We were provided the IP address yesterday and the accused was held last night,” Mr Tripathi said.

“Prima facie there is no terror link and the accused is being interrogated to verify his motive,” he said.

The accused created a fake email id and sent the emails from a cyber cafe, ATS officials said. The ATS had requested the email company to provide details of the email id which led to the arrest, they added.

However, as per reports, even after getting the IP address, it proved very difficult for the police to trace him via cyber-crime investigation as he had skipped Gmail’s phone verification process while creating a fake Gmail account.

As reported by ToI, he had searched ‘how to bypass Gmail verification process’ on Google. He followed some steps after learning to bypass the process, so his contact information was routed through a website which generates fake phone number of the account creator for Gmail verification. The number which he used was US-based which initially confused the police.

Nevertheless, the IP address suggested that the email had been generated using a Reliance network. After getting the address from where the email was generated, the police reached the cyber cafe. Though Sushil provided a fake ID card, the police worked out some clues and identified him.

Mumbai court drops MCOCA charges in IM terror email case against 23 Muslims

by

email_case

Mumbai: In a major setback to the Mumbai police, a court here dropped the charges under stringent Maharashtra Control of Organised Crime Act against the 23 persons arrested for having links with terrorist group Indian Mujahideen reported PTI.

The Mumbai crime branch had arrested a set of 23 people in August 2008 and alleged that they were behind the terror emails that warned bomb blasts and later claimed the responsibility of the bombings. The accused, said the police, had hacked into the unsecured wi-fi network of a private firm Chembur, Khalsa college’s wi-fi and the wi-fi network of an American national, Ken Heywood (who stayed in Navi Mumbai).

Furious at the latest development, crime branch officials have declared it will appeal against the order of special court before the Bombay High Court.

It should be noted that the court has already granted bail to seven accused in the case due to insufficient evidence to support prosecution case against them. Mumbai crime branch had investigated the case in the aftermath of the August 23, 2008 Ahmedabad blast. The prosecution charge sheet claimed the accused had sent out email – especially to the media – claiming responsibility of the blasts.

A similar order had been passed earlier in the 2012 Pune serial blasts case. The crime branch of the police had arrested these men in connection with email sent to media houses and government offices minutes before blasts in Surat, Delhi and Hyderabad, allegedly carried out by the IM.

The Mumbai police’s spokesperson Dhananjay Kulkarni said the police will challenge the order. As the special MCOCA judge A L Pansare dropped the charges under the Act, the case is likely to be assigned to a regular court now.

In February this year, the court had dropped MCOCA charges from the Pune blasts case, observing that sections of MCOCA and Unlawful Activities (Prevention) Act cannot be applied together.

A series of 21 blasts had rocked Ahmedabad on July 26, 2008 in a span of 70 minutes, killing 56 and wounding over 200. Twenty-six unexploded bombs were found at different locations in Surat between July 28 and 30.

Two cars filled with material required for making explosives and detonators were found parked on the roadside near a hospital and other on the outskirts of Surat.

It was claimed that IM, had sent e-mails to TV channels claiming responsibility for the blasts.

Rajasthan ministers receive threatening emails purportedly sent by Indian Mujahideen

by

email-threat

Jaipur: Some of the ministers in Rajasthan have received threatening messages on their official email IDs, DGP Omendra Bharadwaj said on Friday.

“We are examining the credibility of the email id and its sender who gave threats in the message saying ‘You yourself understand what we will do’. We are investigating the matter and have collected inputs which are being shared with intelligence agencies,” DGP Omendra Bharadwaj said.

He said that there is no specific target and also type of attack mentioned in the message which was sent on Monday purportedly by terrorists group Indian Mujahideen.

The DGP said that in view of alert sounded by the Central agencies recently, security arrangements were already tight.

“Alarming signals were coming for some time hence security arrangements were already tight,” he said. ATS is investigating the matter of threatening Emails.

“The matter is being investigated and there is no need to panic,” he said.

The DGP did not disclose the names of the ministers who received the emails.

Meanwhile, Home Minister Gulabchand Kataria, who is in Udaipur, said that the DGP was aware of all the facts and that those behind the emails would be identified.

“Security arrangements in the state are proper and police is on alert,” he told reporters in Udaipur.

(PTI)

KNOW US

GET INVOLVED

PROMOTE

Archives