was successfully added to your cart.

Mobile SIM Cloning fraud, 90# hoax, from +92 numbers

By | Information | One Comment

Today I received a flurry of “whatsapp” messages with one specifically requesting me to comment on this story that appeared in Times of India and subsequently got replicated everywhere (http://tech.firstpost.com/news-analysis/do-not-respond-to-calls-from-numbers-starting-with-92-90-or-09-29654.html).  In a nutshell this was a story about a telecom company warning people not to respond to calls from +92 numbers as it would lead to your SIM getting cloned by terrorists.

First, good news is this is a hoax(http://urbanlegends.about.com/library/weekly/aa021898.htm). But like all good hoaxes there is a bit of truth hidden behind technological complexity and widely held fear of certain type of criminals(in this case terrorists).

The bit of truth here is as per the “urban legends website” is 90# is the code in old PABX (private exchanges that some businesses use to transfer the call and control. Once that happens people can dial a # to connect to whatever the number thus charging these businesses the tariffs for those calls.  This is not true for any of the mobile or cell phone numbers.

Cloning or more appropriately duplication of SIMs is still possible but they don’t need access your phone. You can not have any control over it either one way or the other. This is a headache of the mobile networks and they need to figure out how to deal with two similar numbers in their network (and they do have means of identifying the fake ones).

In spite of hoax or fear mongering of this, this may have still benefitted regular folks as it would cause some awareness about Phishing frauds and make people aware of social engineering frauds.

The generic lesson here is,

  • Never respond to unsolicited (not initiated by you) calls by any companies/call centers. It is highly unlikely that any companies use this kind of mechanisms to get anything done as the cost is very high for such exercises.

That brings us to the question, why these missed calls (I too have received them in the past) ?  No concrete answers for these. It would be most likely a VOIP based random dialing to build database of folks who fall for these (i.e if you call back and answer any questions).

One form of Email Scam : AFFHA

By | Cyber Bullying | No Comments

Recently we received a mail on our contact form. A gentleman congratulated us on our good work (yay :-)) and enquired about one email that he has received. Quoting from the mail,

“just today i have received an email for donation on humanitarian ground for the websitehttp://www.affha.org/donations.html
Also someone posing as a representative has send email for becoming a rice supplier to this organization on long term basis.
On the first look the website appears find … but when i googled a little i found that there have been rounds of such fake emails going on. (http://blog.dynamoo.com/2013/11/african-development-humanitarian.html)
Can you please help me know whether this organization affha exits or not?”

The answer is obvious. Just mark these mails as spam and ignore. Do not click on any of the links unless you are in a sandbox.

He seems to be quite clued in and did his research, but there are many people who fall for these scams.  If one takes the bait, many things may happen. Starting with your donation money going to wrong folks to you sending your rice (second bait) to them without getting paid a dime. There are variations of this theme everywhere and many do fall for it.

Unfortunate part of these scams is, there is no solution once you get conned. These are spread across the world and victim’s country’s law and law enforcement will not reach them at all. Only safe way is not to fall for these in the first place. My heart goes out to folks who fall for these, typically unaware and probably desperate.

Decency, Obscenity and Crime in the realm of Online Pictures !

By | Cyber Bullying | No Comments

This is something that significant number of folks get it wrong as cultural norms and all sorts of twisted thinking get into the mix. But law is very clear on this. See the example below of a recent arrest. The conclusion (which claims that guy got arrested for failing public decency norms) is completely wrong which made me post this.

http://www.deccanchronicle.com/150813/technology-latest/article/techie-posts-child-porn-whatsapp-group-held.  (This is the story about a man who posted a nude picture of a child to a whatsapp group and getting arrested.)

First lets start with the term “Child Porn”. The term itself trivializes the horrific nature of the crime and the correct and preferred term in law enforcement circles is child sexual abuse. That brings us to the question what if the picture is of adult. “Consent” plays a huge part in determining the severity of the crime and in some countries it may not be a crime. Indian law goes a step further and prohibits transmission (see the definition below) of any pictures of this kind. Below is the excerpt which details the nuances.

66E. Punishment for violation of privacy. (Inserted Vide ITA 2008)

Whoever, intentionally or knowingly captures, publishes or transmits the image of a private area of any person without his or her consent, under circumstances violating the privacy of that person, shall be punished with imprisonment which may extend to three years or with fine not exceeding two lakh rupees, or with both Explanation.

– For the purposes of this section —

(a) ―transmit‖ means to electronically send a visual image with the intent that it be viewed by a person or persons;

(b)―capture‖,with respect to an image, means to videotape, photograph, film or record by any means;

(c)―private area‖ means the naked or undergarment clad genitals, pubic area, buttocks or female breast;

(d)―publishes‖ means reproduction in the printed or electronic form and making it available for public;

(e)―under circumstances violating privacy‖ means circumstances in which a person can have a reasonable expectation that—

(i)he or she could disrobe in privacy, without being concerned that an image of his private area was being captured; or (ii)any part of his or her private area would not be visible to the public, regardless of

whether that person is in a public or private place.

  1. Punishment for publishing or transmitting obscene material in electronic form (Amended vide ITAA 2008)

Whoever publishes or transmits or causes to be published in the electronic form, any material which is lascivious or appeals to the prurient interest or if its effect is such as to tend to deprave and corrupt persons who are likely, having regard to all relevant circumstances, to read, see or hear the matter contained or embodied in it, shall be punished on first conviction with imprisonment of either description for a term which may extend to two three years and with fine which may extend to five lakh rupees and in the event of a second or subsequent conviction with imprisonment of either description for a term which may extend to five years and also with fine which may extend to ten lakh rupees.

67 A. Punishment for publishing or transmitting of material containing sexually explicit act,etc. in electronic form (Inserted vide ITAA 2008)

Whoever publishes or transmits or causes to be published or transmitted in the electronic form any material which contains sexually explicit act or conduct shall be punished on first conviction with imprisonment of either description for a term which may extend to five years and with fine which may extend to ten lakh rupees and in the event of second or subsequent conviction with imprisonment of either description for a term which may extend to seven years and also with fine which may extend to ten lakh rupees.

Exception: This section and section 67 does not extend to any book, pamphlet, paper, writing, drawing, painting, representation or figure in electronic form –

(i)the publication of which is proved to be justified as being for the public good on the ground that such book, pamphlet, paper, writing, drawing, painting, representation or figure is in the interest of science,literature,art,or learning or other objects of general concern; or

(ii) which is kept or used bona fide for religious purposes.

67 B. Punishment for publishing or transmitting of material depicting children in sexually explicit act, etc. in electronic form. Whoever,

– (a)publishes or transmits or causes to be published or transmitted material in any electronic form which depicts children engaged in sexually explicit act or conduct or

(b)creates text or digital images, collects, seeks, browses, downloads, advertises, promotes, exchanges or distributes material in any electronic form depicting children in obscene or indecent or sexually explicit manner or

(c) cultivates, entices or induces children to online relationship with one or more children for and on sexually explicit act or in a manner that may offend a reasonable adult on the computer resource or

(d)facilitates abusing children online or

(e)records in any electronic form own abuse or that of others pertaining to sexually explicit act with children, shall be punished on first conviction with imprisonment of either description for a term which may extend to five years and with a fine which may extend to ten lakh rupees and in the event of second or subsequent conviction with imprisonment of either description for a term which may extend to seven years and also with fine which may extend to ten lakh rupees:

Provided that the provisions of section 67, section 67A and this section does not extend to any book, pamphlet, paper, writing, drawing, painting, representation or figure in electronic form –

(i)The publication of which is proved to be justified as being for the public good on the ground that such book, pamphlet, paper writing, drawing, painting, representation or figure is in the interest of science, literature, art or learning or other objects of general concern; or

(ii)which is kept or used for bonafide heritage or religious purposes

Explanation: For the purposes of this section, “children” means a person who has not completed the age of 18 years

 

Banking fraud, illegal transfer of money – some measures!

By | Information | No Comments

World over online banking frauds account for about 50% of all online crimes. To be sure there is lot of technology enhancements done by the banks to make online banking safe and secure. They range from high end two factor authentication to fraud analytics. But it seems like criminals still rule just by manipulating the human aspects.

Take a look at the story http://indianexpress.com/article/cities/pune/cyber-crime-in-pune-unsecured-digital-india-dangerous/ ? In spite of the details, it is still inadequate reporting as they have only talked about SIM duplication, but most also have the alerts on the emails. Did they hack and divert the emails as well ?

Couple of things are important to note in the story;

  • One, there seems to be collusion of insiders, otherwise it would be pretty hard to get a cloned sim and not have any notification on email.
  • Second in-spite of the police investigation, they aren’t able to trace the main folks behind heist.
  • The IT secretary has the power to award punitive damages.
  • Legal system can take long time.

In such cases how does one defend their money barring not going for any online accounts at all. Here are some simple non technology measures.

  • Spread the money in multiple accounts.
  • Enable all sorts of notifications (mobile, email, slow mail) for transactions.
  • Use only dedicated private computers for online banking aspects.
  • Educate yourself on phishing and do not type your password in anything other than the website which you typed yourself in the browser.