was successfully added to your cart.

Mobile SIM Cloning fraud, 90# hoax, from +92 numbers

By | Information | One Comment

Today I received a flurry of “whatsapp” messages with one specifically requesting me to comment on this story that appeared in Times of India and subsequently got replicated everywhere (http://tech.firstpost.com/news-analysis/do-not-respond-to-calls-from-numbers-starting-with-92-90-or-09-29654.html).  In a nutshell this was a story about a telecom company warning people not to respond to calls from +92 numbers as it would lead to your SIM getting cloned by terrorists.

First, good news is this is a hoax(http://urbanlegends.about.com/library/weekly/aa021898.htm). But like all good hoaxes there is a bit of truth hidden behind technological complexity and widely held fear of certain type of criminals(in this case terrorists).

The bit of truth here is as per the “urban legends website” is 90# is the code in old PABX (private exchanges that some businesses use to transfer the call and control. Once that happens people can dial a # to connect to whatever the number thus charging these businesses the tariffs for those calls.  This is not true for any of the mobile or cell phone numbers.

Cloning or more appropriately duplication of SIMs is still possible but they don’t need access your phone. You can not have any control over it either one way or the other. This is a headache of the mobile networks and they need to figure out how to deal with two similar numbers in their network (and they do have means of identifying the fake ones).

In spite of hoax or fear mongering of this, this may have still benefitted regular folks as it would cause some awareness about Phishing frauds and make people aware of social engineering frauds.

The generic lesson here is,

  • Never respond to unsolicited (not initiated by you) calls by any companies/call centers. It is highly unlikely that any companies use this kind of mechanisms to get anything done as the cost is very high for such exercises.

That brings us to the question, why these missed calls (I too have received them in the past) ?  No concrete answers for these. It would be most likely a VOIP based random dialing to build database of folks who fall for these (i.e if you call back and answer any questions).

One form of Email Scam : AFFHA

By | Cyber Bullying | No Comments

Recently we received a mail on our contact form. A gentleman congratulated us on our good work (yay :-)) and enquired about one email that he has received. Quoting from the mail,

“just today i have received an email for donation on humanitarian ground for the websitehttp://www.affha.org/donations.html
Also someone posing as a representative has send email for becoming a rice supplier to this organization on long term basis.
On the first look the website appears find … but when i googled a little i found that there have been rounds of such fake emails going on. (http://blog.dynamoo.com/2013/11/african-development-humanitarian.html)
Can you please help me know whether this organization affha exits or not?”

The answer is obvious. Just mark these mails as spam and ignore. Do not click on any of the links unless you are in a sandbox.

He seems to be quite clued in and did his research, but there are many people who fall for these scams.  If one takes the bait, many things may happen. Starting with your donation money going to wrong folks to you sending your rice (second bait) to them without getting paid a dime. There are variations of this theme everywhere and many do fall for it.

Unfortunate part of these scams is, there is no solution once you get conned. These are spread across the world and victim’s country’s law and law enforcement will not reach them at all. Only safe way is not to fall for these in the first place. My heart goes out to folks who fall for these, typically unaware and probably desperate.

Decency, Obscenity and Crime in the realm of Online Pictures !

By | Cyber Bullying | No Comments

This is something that significant number of folks get it wrong as cultural norms and all sorts of twisted thinking get into the mix. But law is very clear on this. See the example below of a recent arrest. The conclusion (which claims that guy got arrested for failing public decency norms) is completely wrong which made me post this.

http://www.deccanchronicle.com/150813/technology-latest/article/techie-posts-child-porn-whatsapp-group-held.  (This is the story about a man who posted a nude picture of a child to a whatsapp group and getting arrested.)

First lets start with the term “Child Porn”. The term itself trivializes the horrific nature of the crime and the correct and preferred term in law enforcement circles is child sexual abuse. That brings us to the question what if the picture is of adult. “Consent” plays a huge part in determining the severity of the crime and in some countries it may not be a crime. Indian law goes a step further and prohibits transmission (see the definition below) of any pictures of this kind. Below is the excerpt which details the nuances.

66E. Punishment for violation of privacy. (Inserted Vide ITA 2008)

Whoever, intentionally or knowingly captures, publishes or transmits the image of a private area of any person without his or her consent, under circumstances violating the privacy of that person, shall be punished with imprisonment which may extend to three years or with fine not exceeding two lakh rupees, or with both Explanation.

– For the purposes of this section —

(a) ―transmit‖ means to electronically send a visual image with the intent that it be viewed by a person or persons;

(b)―capture‖,with respect to an image, means to videotape, photograph, film or record by any means;

(c)―private area‖ means the naked or undergarment clad genitals, pubic area, buttocks or female breast;

(d)―publishes‖ means reproduction in the printed or electronic form and making it available for public;

(e)―under circumstances violating privacy‖ means circumstances in which a person can have a reasonable expectation that—

(i)he or she could disrobe in privacy, without being concerned that an image of his private area was being captured; or (ii)any part of his or her private area would not be visible to the public, regardless of

whether that person is in a public or private place.

  1. Punishment for publishing or transmitting obscene material in electronic form (Amended vide ITAA 2008)

Whoever publishes or transmits or causes to be published in the electronic form, any material which is lascivious or appeals to the prurient interest or if its effect is such as to tend to deprave and corrupt persons who are likely, having regard to all relevant circumstances, to read, see or hear the matter contained or embodied in it, shall be punished on first conviction with imprisonment of either description for a term which may extend to two three years and with fine which may extend to five lakh rupees and in the event of a second or subsequent conviction with imprisonment of either description for a term which may extend to five years and also with fine which may extend to ten lakh rupees.

67 A. Punishment for publishing or transmitting of material containing sexually explicit act,etc. in electronic form (Inserted vide ITAA 2008)

Whoever publishes or transmits or causes to be published or transmitted in the electronic form any material which contains sexually explicit act or conduct shall be punished on first conviction with imprisonment of either description for a term which may extend to five years and with fine which may extend to ten lakh rupees and in the event of second or subsequent conviction with imprisonment of either description for a term which may extend to seven years and also with fine which may extend to ten lakh rupees.

Exception: This section and section 67 does not extend to any book, pamphlet, paper, writing, drawing, painting, representation or figure in electronic form –

(i)the publication of which is proved to be justified as being for the public good on the ground that such book, pamphlet, paper, writing, drawing, painting, representation or figure is in the interest of science,literature,art,or learning or other objects of general concern; or

(ii) which is kept or used bona fide for religious purposes.

67 B. Punishment for publishing or transmitting of material depicting children in sexually explicit act, etc. in electronic form. Whoever,

– (a)publishes or transmits or causes to be published or transmitted material in any electronic form which depicts children engaged in sexually explicit act or conduct or

(b)creates text or digital images, collects, seeks, browses, downloads, advertises, promotes, exchanges or distributes material in any electronic form depicting children in obscene or indecent or sexually explicit manner or

(c) cultivates, entices or induces children to online relationship with one or more children for and on sexually explicit act or in a manner that may offend a reasonable adult on the computer resource or

(d)facilitates abusing children online or

(e)records in any electronic form own abuse or that of others pertaining to sexually explicit act with children, shall be punished on first conviction with imprisonment of either description for a term which may extend to five years and with a fine which may extend to ten lakh rupees and in the event of second or subsequent conviction with imprisonment of either description for a term which may extend to seven years and also with fine which may extend to ten lakh rupees:

Provided that the provisions of section 67, section 67A and this section does not extend to any book, pamphlet, paper, writing, drawing, painting, representation or figure in electronic form –

(i)The publication of which is proved to be justified as being for the public good on the ground that such book, pamphlet, paper writing, drawing, painting, representation or figure is in the interest of science, literature, art or learning or other objects of general concern; or

(ii)which is kept or used for bonafide heritage or religious purposes

Explanation: For the purposes of this section, “children” means a person who has not completed the age of 18 years

 

Banking fraud, illegal transfer of money – some measures!

By | Information | No Comments

World over online banking frauds account for about 50% of all online crimes. To be sure there is lot of technology enhancements done by the banks to make online banking safe and secure. They range from high end two factor authentication to fraud analytics. But it seems like criminals still rule just by manipulating the human aspects.

Take a look at the story http://indianexpress.com/article/cities/pune/cyber-crime-in-pune-unsecured-digital-india-dangerous/ ? In spite of the details, it is still inadequate reporting as they have only talked about SIM duplication, but most also have the alerts on the emails. Did they hack and divert the emails as well ?

Couple of things are important to note in the story;

  • One, there seems to be collusion of insiders, otherwise it would be pretty hard to get a cloned sim and not have any notification on email.
  • Second in-spite of the police investigation, they aren’t able to trace the main folks behind heist.
  • The IT secretary has the power to award punitive damages.
  • Legal system can take long time.

In such cases how does one defend their money barring not going for any online accounts at all. Here are some simple non technology measures.

  • Spread the money in multiple accounts.
  • Enable all sorts of notifications (mobile, email, slow mail) for transactions.
  • Use only dedicated private computers for online banking aspects.
  • Educate yourself on phishing and do not type your password in anything other than the website which you typed yourself in the browser.

WordPress hack attempts.

By | Case Study !, Hacking | No Comments

One of the given perils of this business is you become prime target for hack attempts. A quick look at the history of security companies (From RSA to recent hacking team) shows that, it is imperative to  expect successful and unsuccessful hacks.  So we weren’t surprised when we got the below alert last week from word press.

word press alert

word press alert

The IP turned out to be from a very well know hotel in Kansas. They advertise complementary wifi in hotel rooms, lobbies and coffee shops. It is very hard to say weather the hacker is a resident of the hotel, an insider, a bot or some hacker sitting in their coffee shop. We did the prudent thing to do, sent the “hotel contact” a detailed information of the alert. Hope that will lead them to something that they can fix.

Coming back to the hack itself, the fact that saved this site from further damage is the security settings that wordpress provides. We have limited the login attempts to bare minimum. We have also taken all the security precaution possible (except hiding the wp-login link, which we have corrected now).

If your website does get hacked and it is a wordpress hack please check this for a detailed analyses and recovery. Of course official wordpress article does have  a very detailed list of steps both to prevent issues and recovery https://codex.wordpress.org/FAQ_My_site_was_hacked.

Gnawing suspicion of hacked gmail ?

By | Case Study !, Hacking | 3 Comments

Couple of days ago a friend of mine called me frantically and asked me for the help. She suspected her gmail account is hacked. Apparently few of her friends called her and said they are getting strange messages from her account. I took a look at her account. It wasn’t hacked, it was just a virus that she contracted while she clicked a spam email.

However her paranoia was justified, because gmail happens to be account recovery email for many folks. It is usually tied to bank accounts, social media account and other important websites for recovery. If one gets access to the gmail they can get access to lot of other important sites.

Here are the steps I asked her to do just to be sure,

  • First login to your gmail and click the “detail” on the bottom right link. It will give you details of all active sessions and login information. For normal cases it will be from devices owned by you such as mobile, ipad and laptop.  To be sure logout of all sessions and login again for the next step.
  • Change your password, it is always good to change it often. The steps are well documented on the google forum https://productforums.google.com/forum/#!topic/gmail/JEu0Dlm0DAE. As you notice there are couple of additional unintuitive steps here.  You may be wondering why those steps are necessary. Here is a 30 thousand feet explanation.
    • Signatures can be used to track one by injecting invisible scrips (written in white color). So turn them off. Same is true for vacation responders.
    • Email forwards are a great way of reading your emails with out raising any suspicion. (It could be done by a close associate who has access to your computer and surreptitiously adds this while you take say a  bio brake).

She did this and reported feeling peaceful :-). Irrespective of your state of mind, it is always a good practice to do these steps for your important accounts.

How to hack ? Dont; For your own sake !!

By | Cyber Bullying, Information | No Comments

My SEO person pointed to me that about 15-20% of folks reach our website are reaching with keyword searches such as “How to hack FB for free”, “Fake email generator” etc. The demography puts them as young adults. This post is for them.

It is so easy to be tempted by fun, thrill and swayed by negative emotions such as anger, jealousy and pain. But just pause and think for a moment, Is it really worth it ? Consider these

  • It is crime in most countries and punishable under many new and old laws.
  • In spite of all sorts of technology precaution, with the law enforcement it is very easy to retrieve your activities online. Nothing is truly anonymous.
  • Internet never forgets anything. You are leaving a permanent mark of your criminal activities.
  • It will have severe impact on your career, social life, your family, in short life itself.

Check the case below for details of the judgment https://www.argbyte.com/2015/07/cyber-stalking-judgement-details/.

So just dont. There are many healthy ways of dealing with emotions, talk to your friends, family or a psychologist.

Cyber Stalking Judgement Details !

By | Cyber Bullying, Information | No Comments

Recently a techno legal case made news in Bombay and dealt with online harassment, intimidation. Check the judgement copy here for a great information on how the court views these and some in detail clues  on how to go about gathering and providing evidence. Cyber Stalking – Yogesh Prabhu Court Judgement (although it is legal document it is surprisingly easy to read).

This case demonstrates very interesting aspects of how criminals who think they cant be caught by changing email locations are blind in their belief. It also demonstrates the importance of keeping documents related to any harassment that one receives so that it can be used intelligently in case of escalations.

Thanks to Advocate Prashant Mali of www.cyberlawconsulting.com for providing the access to this document. He opines that only S66E of The IT Act 2000 & S509 of IPC is applied in this judgement. Section 67 & 67A are not applied in this case. The specifics applied are,

1. Punishment for Violating of privacy of the person under Section 66E of The IT Act,2000.
2. Word ,Gesture or Act intended to insult the modesty of a women under the section 509 of The IPC.

Reach out to us (ArgByte) for any technology queries or Prashant and his firm  for any legal aspects.

Tracking an Online Troll !!

By | Information | No Comments

We haven’t had a case dealing with online troll yet !! However this case we found online  is so relevant and sensible, we can not stop ourselves from linking it.  It has abundant information on both legal and technical aspects of dealing with a troll. Most importantly it talks in detail about the psychological effects of trolls and how this could be devastating. Finally there is an interesting twist in the tail and it seems to be common occurrence in most of the cases we dealt with as well. Check the blog at http://www.traynorseye.com/2012/09/meeting-troll.html and also the technology feasibility of the same at https://evertb.wordpress.com/2012/09/26/tracking-a-troll/

Based on this blog Forbes came up with a article which details steps as well as information on both

1) taking law enforcement approach and

2 ) Figuring out yourselves approach. (DIY)

Step 2 is faster and less cumbersome provided you have some web suaveness. Sometime step 2 may not work if the criminal is savvy and has taken lot of precautions himself/herself. But as they say no one is truly anonymous in the internet.