was successfully added to your cart.

Safety Awareness for Online Life !

By | Cyber Bullying | No Comments

One of our founders recently spoke about how to be safe online with PS Show. Here are the videos along with transcript.

So, you know there is digital India, there’s the entire universe, there’s cyber attack, there’s wannacry malware, So, how do I as a common person, you are an expert when it comes to security. But I as a common person keep myself safe.

I want to give you the way we look at it first, before we go into tips and tricks, right! Just like in real world when you lock your homes lock, you are just not relying on one lock right? There is a lock on the gate, there is a lock on the house main door and then there is godrej cupboard where there is another lock. That’s what I mean by Layered security. In online world also, there is a lot of tool available for layer security. One famous one is two factor authentication for everything you should simply go and enable two factor authentication without even thinking about it. So the second way to approve this is what is called resilience because technology is only as good as the humans manage it, and as you know humans are fallible…right! So, resilience means assume whatever the system that you are using are hackable. And make sure that you don’t store anything that destroys your life if it gets hacked.

with technology so progressive, why are we still able to hack things u know, that is something I find little difficult to understand.

Its, not the technology that is getting hacked, yes there are extreme cases where super specialise cyber warfare tea are involved with the break inscriptions and all that. Most of other news that you see, people losing Money, getting online harassed or even this recent wannacry thing, its exploiting human emotions.

OK

Right, You Know prudence for example discipline, you need to always patch your system. You need to have a basic antivirus. People just don’t do that. It doesn’t take any money all these tools are free. But many people either ignore or they are in this ok this won’t happen to me. It’s there but it won’t happen. It’s as simple as people not wearing helmets.

so, that’s what is getting exploited in most of the cases. Technology hacking is there, but that is very rare.

 But having said that, you know there is social media, I want to be on social media and you know everybody wants to be there, everybody wants to talk about the work that they are doing or even just post some photographs. But there is a part of me which want’s to be there and doesn’t want to be there also, because of everything that’s happening. So, how do I strike a balance of being visible yet not being there.

And part 2,

Right, So you know the idea of being secure or being safe does not mean you curtain yourself. That’s not I am advocating at all. No, on the contrary what I am saying is, there is a way to exist anywhere.

right, you can be as free live a bondless life, but you need to do certain precautions. Right. Lets say you want to be an adventurer both offline and online right. You know offline you do, you do take certain precautions right. When you are adventurer, in-fact one of the adventurer who live crazy life are some of the most responsible people that I have met.

Because they understand and they take precautions

PS_ Safety First Right, Safety First

I would say same thing applies to social media right, you need to be visible, but you can also control what people you are visible to

And there are always tools of blocking reporting, and you know in some cases you can’t do much because these people are creating. For example if you are using twitter you have always new fake account that come into, you can’t do much…but you know i you look at the norm, everybody just ignores them

That’s Ok, you know the issue comes when people share sensitive information, I am not talking about the looks and the life, I am talking about somebody taking a selfie with the credit card and posting it online.

Boarding pass, yes

But that has that BARCODE, and the BARCODE has lot of information right, and if you have good resolution and you can scan and get lot of information about you. So things like that, ok

OK

So there is a balance that you can, and also its not a good idea to share credential related information like your complete date of birth or you know your PAN card or things like that

yea, those are things you cant change at all.

Change at all and people can misuse and create artificial identity or do an identity theft

I know I have blocked about 100 people from my facebook account, yea, so that’s what I understand when it comes to now social media that still somewhere under my control right I can always delete my account, or else I can always like a set block people. But now when it comes to say financial aspects of my life, be it a banking account, that’s not under my control, So is there some measure that I can take in ter of being safe

ME- right, so there are couple of things right, and again these are some common sense thumb rules that its not perfect. But one good thing about financial world is it is highly regulated. So even if some hack happens, more than 90% of the people have got the money back, So other than, I mean, if it is not your fault there are many instances where money has been returned to the account holder. Always use a sort of assign computer for your banking transaction, right. Don’t visit some torrents and then come back to your banking site and do things. I mean if you can afford have two computers. Also don’t connect to random wifi, just because its free.

True,

we all love things free things

Ya, exactly

for banking related transactions or any financial related transaction make sure you are on a very secured network. Use VPN, if you are really paranoid use VPN. Or you know some official Wifi, or your home wifi which you subscribe to. That’s good enough.

Ok, OK, so i understand this part not that you made this clear having a sandbox or a VPN for that matter. But having said all of this, there is still lot of online harassment happening, you know, how do I protect myself. Or only women prone to it, I know maybe I am speaking because I feel lot of women speaking about it on social media.   So what do you think about that.

So, So I actually don’t think women are prone to it because based us on my own research. There are people of all sorts which get harassed online, and there was a recent case in Bombay also where this media guy was getting stalked down by this woman, right. But apart from that especiaaly when you come to raomeware or what they call to honey trapping, men are the primary targets for them. And you know unfortunately they can’t even come out and say because people will laugh at them.

True

for women at least do get sympathy.

because of the sensitivity

ya, u get sympathy and there are lot of people trying to fight for you. But for men some of this thing are even more difficult. And also you know apart from this if the crime is not of personal nature, if it is a random harassment, random hack, financial hack, there is no distinction between men and women.

have you personally helped any people you know in ter of tracking who has hacked there account and are there any examples

So there have been many examples, I mean I have put it on my blog. Ammm…So in one case there was this business guy, who was getting harassed by his business partner, Ex- business partner. They had some fall-out because of some financial issues. And he was sending Fake emails. Saying pseudo thing, your daughter will die, your son will die, or things like you have cheated this person, and he used to also send mails to the government officials claiming to be ne of the customer for him and saying he is cheating and things like that. Amm based on lot of the email traces and also based on some circutantial clues we were able to identify that team and then he send them legal notice and that stopped.

You know Manjula, all that sounds so interesting and I would like to dig a little more deeper into this. But before that I would like to take a short break.

You are watching the Prathibha Sastry show and lets take a short break.

10.34-  Welcome back everyone, we are still with Manjula Sridhar and I think you know we have focused so much cyber security. We have focused on, online harassment, know I would like to ask a little bit about the laws, you know the laws and the legal aspect of it.

right

What kind of, you know service do we have in this area.

yes, so legal system is prity complete in ter of dealing with all sorts of prevalent issues right. For example, IT act 2008, that has a detailed provisions for online harassments. For example, even if you receive any sort of messages you can go to cyber crime cell, police station and lodge a complaint , even if it is very frivolous one right. Because law is very very clear on that right. And this is a message to the wrong doers out there also, many of them are not aware that sending some of these messages is illegal. But it is illegal and you could be easily caught. I would also request all these people who are going through certain level of harassment to file a complaint because what happens is these people who are doing these crimes they are habitual offenders, right. The more data one has more easier to attack them and get them behind bars. So its very very important that you atleast you lodge in a complaint. It’s not very difficult now a days with the cyber crime police station and online FIRs and something like that.

So you know anything that happens on the mobile, wrong doing that happens on the mobile and the laptop would come under the cybercrime..

any electronic communication, right…

like email, mobile, or even pager somebody sends you. It says any electronic communication which falls under that purview.  IT Act I think 66A covers it, 66C, there are many variations of it. All of these comprehensively cover these kind of issues. And same applies to financial crimes also. There is a special provision to deal with financial crime. Like they say there is special powers issued to IT secretary and there is a separate appellate dealing, for dealing with speedy reimbursement of the money.

So IT Secretaries of the State you Mean?

Yea, IT Secretaries have some special powers with respect to refunding the money, that is hacked.

Oh! That sounds interesting. I am sure people will defiantly take notice of this. You know now that you have given us so many tips tricks, and tricks of the trade if I say so, but one of the thing you know with the changes you creating it and so many digital trends that are coming up every other day. I mean how do I keep track of them, how do I keep myself updated and is, I am sure its necessary to keep myself updated. But how do I go about it.

_ So its very simple right. Many of the platfor that you day to day interact with, what is it, Google,

Right

Facebook and your bank. These are the three major touch points for you with respect to internet right. All of them are actually doing lot of campaigns. Right. If you go to google .com/security

Yes

or facebook.com/settings/security or even your bank…bank keep on sending these emails…right

Ofcource

Which we

which we ignore,

Don’t ignore them..I think just like health and nutrition, digital prudence has become a thing for you to keep attention on. It is, everything is going digital, So you can’t afford to ignore it. And you know, the the myth about you say technology is hard, I don’t understand it, all I think Self created

Even as a person, I mean, I can think like a normal person, not as a teche,  if you can read, I think you can understand technology. And And now a days, many of the technology platfor they actually take lots of pain to make it user friendly. Because the whole domain called UX has come into existence

OK

So, I think people need to get out of this fear of technology and embrace it.

I mean easier said than done, you know I know you are making it so simple for us to understand, you know but then again  I will go back to that, you are a teche, I am non-teche, So So the user experience is the importance part of this what you are recommending.

I think one of the things if one point that people want to take away from this segment would be how to enable two factor authentication and its very simple and there is no reason why you should not do it. There is absolutely no reason. I can’t think of one single reason why everybody shouldn’t have a two factor authentication on there gmail. Because if your gmail gets hacked everything else gets hacked, because all your information all your OTPs all your password reset comes to gmail right.

I think that would be one good ways to look at it.

OK, that would be the minimum that you can begin with it actually.

Ya, right, that’s the first layer, or the second layer that you can have. I want to show you how to enable two factor authentication on google. Its part of you know the layered security that I talked about. So, Simply go to WWW.google.com/2 step…2 number and STEP…and it will take you to a place that explains what I already told you and its very simple…you just go to get started button, at the bottom of the screen and then it will ask you to login and there is a button which says enable two fact authentication and that’s it, you just make it onn…and from then onwards whenever you login…you will get either a OTP as S for your mobile…or you know you may even enable an option of call where someone calls you and tells you what the OTP is…and then you enter the OTP when you are logging in…and to make it convenient you can even make it devise specific, so if you are operating a very very safe computer and you don’t worry about entering OTP everyday, because it becomes quite irritating if you have to enter OTP everytime you login to Gmail,…then you enable that, so you only if you are logging in from somewhere else a friend’s computer or a cyber center or somewhere else then it becomes active otherwise for you its very simple its like you are logging into your account normally only something is happen then it comes into effect so you add a layer of security without losing inconvenience. So now i will show you about face book as i think it is one of the concern about people because lots of people are on face book they share lot of personal information on that…So again Facebook has made it very simple to enable all of them, you can go to facebook.com/security

And it will give you set of options  including to see who is logged into accounts, what kind of authentication you can enable you can deactivate, delete and all that. Just follow the steps, I mean you don’t need any technical understanding ….you just need to understand English….go and click those buttons and there you should be able to make it secure …these are very simple things you can do without any additional money, time, or investment in understanding, because these guys have made it easy for you.

I think I’d be interested to know more about the following layers that would come out, may be in the following segments we can defiantly touch upon them …thank you manjula for joining us today and sharing this…I think I will go first and ensure all my two factor authentications are set …that’s the right word to use..

Yes, yes that is the right word..

Maybe I will focus on that, and thank you once again…

Thanks Prathibha, Thanks for having me.

 

Fake Profiles and Detection.

By | Cyber Bullying | No Comments

Synopsis

Sybil attacks are named after a fictional character with dissociative identity disorder. Sybil Attacks are attacks against the reputation of online social networks by proliferation of fake profiles using false identities. Fake profiles have become a persistent and growing menace in online social networks. As businesses and individuals embrace social networks the line between physical and online world is getting blurred. Hence it is critical to detect, prevent and contain fake accounts in online communities. This article looks at the specific dangers caused by fake profiles and  solutions to detect and prevent them.

Fake Accounts & the Problems

The root cause of Fake accounts is the popularity of the open systems such as Facebook, Twitter and Linkedin. Identities have become porous, instant and temporary leading to easy creation of fake profiles. Fake accounts can be few types :

  • Accounts created using fake identities.
  • Accounts created using stolen identities.
  • Compromised accounts.

Both are serious issues and can break trustworthiness of online communities.

Trust of online communities is broken by,

  • manipulating the reputations of businesses, individuals, entities, using paid fake accounts and fake voting, reviews.
  • Adversely affect the trends, news by spread of false information and spam.
  • Act as anonymous front for harassment and ransom.

Fake accounts have not been limited to OSN (Online Social Networks) alone of course but also affect all forms of online open identities such as crypto currency wallets, emails and phone numbers.

Solution Spectrum

The problem can be looked at two ways;

  1. Preventive approach which relies on making the signup process closed linked to a robust real life identity. (Closed Systems)
  2. Detection of fake profiles after the signup.(Open Systems)

The first one is harder to implement as many business models depend on more and more people signing up. So ease of signup is number one priority. There is also the aspect of privacy that takes the precedence over detection of fake accounts. So many open systems such as FB, Twitter and Linkedin completely do away with any form of verification of identification.

The more pragmatic solution is to figure out methods of detecting and blocking fake accounts after the signup.

Some networks rely on wisdom of crowd or the action of aggrieved party to flag down the fake or problematic account. While it has some success in cases of standalone fake accounts, it isn’t effective against clusters of fake accounts as well as automated sybil attacks.

Another approach would be the use set of behavioural thumb rules to determine who to let in and keep. For example a person who is a friend of trusted person is considered trust worthy.  The accounts are also monitored for, frequency of posts, types of posts, type and frequency of interactions, devices & IP addresses from which they login, time of activity and many such parameters. But as social spheres grow and people start adding people who aren’t part of their physical circles this becomes harder to manage and rely upon. These solutions do not account for stolen and compromised identities as well.

So more evolved solutions rely on the use of artificial intelligence to recognise fake account patterns. The standard procedure for AI (machine learning) based solution is as follows.

  1. Collection of data with manually (or otherwise) tagged known fake accounts.
  2. Training models to to learn the complex patterns and rules.
  3. Automation to enforce the rules.

Machine Learning Classifiers

Training the machine to learn is the most critical point of any AI based system. It requires thorough understanding of the domain, the datasets and the inter relation of the datasets. Based on this the right type of classier is chosen and implemented. Some of the most commonly used classifiers in the context of Fake profile detection are as below.

  1. Naive Bayes Classification
  2. Decision Tree Classification
  3. Support Vector Machine
  4. Logistic Regression

These classifiers are only the starting point and to improve the accuracy, it is better to try to different classifiers, vary the parameters and compare against known data.

So availability of known diverse data is equally important in designing a detection and prevention system. One such dataset is available here (https://www.kaggle.com/bitandatom/social-network-fake-account-dataset). In order to increase the accuracy it is better to get the data in the context of targeted geography and demographies.

(This blog was originally written by me @ https://komunity.komand.com/learn/article/sybil-attacks-detection-and-prevention/)

Bollywood Scandal with a Technology Twist !!

By | Cyber Bullying | No Comments

 

As a person who deep dives into hard tech such as networks, never had I visualized that I will concern myself with a celebrity scandal. But here I am curiously following up and getting annoyed to no end by the technology inaccuracies being reported in media about the infamous Kangana Ranaut and Hrithik Roshan Saga. For uninitiated, a top Bollywood actress (Kangana Ranaut) has accused a top Star (Hrithik Roshan) of publicly circulating the personal information shared over private emails. He is countering saying that the email is an impostor account. One can read all about it in various tabloids, but in this article, in we will be in “Sheldon Cooper Mode” and will focus on the tech part.

So first things first, the alleged crime (committed both for the impostor if any or the accused), is defined in IT Act 2008 (http://www.cca.gov.in/cca/?q=it_act_amendment.html) which clearly states the transmission of such personal images is punishable by imprisonment of .  Below is the relevant excerpt,

…………………..

66E. Punishment for violation of privacy. (Inserted Vide ITA 2008)
Whoever, intentionally or knowingly captures, publishes or transmits the image of a private area of any person without his or her consent, under circumstances violating the privacy of that person, shall be punished with imprisonment which may extend to three years or with fine not exceeding two lakh rupees, or with both Explanation.
– For the purposes of this section —
(a)
transmit means to electronically send a visual image with the intent that it be viewed by a person or persons;
(b)―capture‖, with respect to an image, means to videotape, photograph, film or record by any means;
(c)―private area‖ means the naked or undergarment clad genitals, pubic area, buttocks or female breast;
(d)―publishes‖ means reproduction in the printed or electronic form and making it available for public;
(e)―under circumstances violating privacy‖ means circumstances in which a person can have a reasonable expectation that—
(i)he or she could disrobe in privacy, without being concerned that an image of his private area was being captured; or (ii)any part of his or her private area would not be visible to the public, regardless of
whether that person is in a public or private place.
Punishment for publishing or transmitting obscene material in electronic form (Amended vide ITAA 2008)
Whoever publishes or transmits or causes to be published in the electronic form, any material which is lascivious or appeals to the prurient interest or if its effect is such as to tend to deprave and corrupt persons who are likely, having regard to all relevant circumstances, to read, see or hear the matter contained or embodied in it, shall be punished on first conviction with imprisonment of either description for a term which may extend to two three years and with fine which may extend to five lakh rupees and in the event of a second or subsequent conviction with imprisonment of either description for a term which may extend to five years and also with fine which may extend to ten lakh rupees.
67 A. Punishment for publishing or transmitting of material containing sexually explicit act,etc. in electronic form (Inserted vide ITAA 2008)
Whoever publishes or transmits or causes to be published or transmitted in the electronic form any material which contains sexually explicit act or conduct shall be punished on first conviction with imprisonment of either description for a term which may extend to five years and with fine which may extend to ten lakh rupees and in the event of second or subsequent conviction with imprisonment of either description for a term which may extend to seven years and also with fine which may extend to ten lakh rupees.
Exception: This section and section 67 does not extend to any book, pamphlet, paper, writing, drawing, painting, representation or figure in electronic form –
(i)the publication of which is proved to be justified as being for the public good on the ground that such book, pamphlet, paper, writing, drawing, painting, representation or figure is in the interest of science,literature,art,or learning or other objects of general concern; or
(ii) which is kept or used bona fide for religious purposes.

—————-

Now to the email part; How does one establish that a particular account belongs to an Individual ? It is a hard thing to do, specially if the criminal is tech savvy has taken lot of precautions to make sure he isn’t tracked.  Keeping aside the non tech methods that law enforcement officials effectively use, many tools are at Law enforcement agencies disposal.

Step by step process in a typical scenario would be this,

  1. Track the IP address of the email address:  Take a copy of the header of the mail. google to know how to get the headers of a particular email. Very simple steps but it is different for different providers such as gmail, outlook, hotmail etc.  Run the header through a tracer tool. There are many free Internet tools to do this. Some are listed below, purely based on the google rank they show up (It is fairly low tech so its ok to use any one)

http://whatismyipaddress.com/trace-email

http://mxtoolbox.com/EmailHeaders.aspx

http://www.traceemail.com/

In some cases you will find the IP address straight away. But now a days due to email server proxies it traces back to providers location (For example Mountain View for Gmail). However once law enforcement officials request for it, email providers such as google are obligated to provide the real IP of the end point and hence you can trace the person (In some cases you may need to get this from ISP or internet providers as well).

In some cases  though criminal may use spoofing software or desktop proxies that will fake the IP address and will make it impossible for the law enforcement officials and the providers to identify the correct IP. In such cases step 2 is the way to go.

  1.  Engage the person and send spying attachment to the email id.

This needs to be done in collaboration with the law officials. Usually spying software is nothing but some script which read more identifiable information from the endpoint (laptop, desktop etc) and transmits it back to the sender.  This information then can be used to identify the real person/IP behind the proxies. Many such scripts are available easily online.

  1. Deduction : If enough emails are available, many analytical techniques may be employed to determine the geography,time etc and can be matched with the known movements of the accused.
  2. Writing Style Analyses : This is probably the most technologically advanced but not so well developed technique yet. Writing styles can be matched with software to establish the likelihood of the accused sending the email.
  3. Forensic analyses of the Devices (provided they are physically intact). Deleting and formatting will not really delete the content and is available for recovery by forensic tools.

There are some more advanced techniques based on the content (such as pictures) but that is for another article. In general it is a combination of the steps above which will determine with accuracy of the outcome. I am eager to see what they find with the hope that media reports it accurately. But most likely this will be out of court settlement thus my tech quest may as well end here.

 

“Cross the Bridge when it comes” – hurting Digital Consumers ?

By | Cyber Bullying | No Comments

Through this blog I have been suggesting many preventive methods for all sorts of digital usage. However recent news reports such as this http://tinyurl.com/jydguqk are shaking the foundations of preventive practices by consumers. In this news article many bank account holders was robbed by a hacker diverting money into a wallet. Normally such hacks are done by a mixture of social engineering (fraudsters posing as bank folks and calling consumers for the OTP) and some data gathering. In this case though no such effort was made. In the social engineering cases though, the banks put the burden on the consumers, although in many cases the consumers have no clue about digital awareness. In the latter cases at least there is bit of solace as banks take the burden. Since many systems and disparate companies are involved (laptop providers, internet providers, telecom providers, banks, telecom equipment providers) and the hack could be anywhere, it is easy to pass the buck around.

Dilbert-Buck-Passer 2

There are many systematic issues which lead to this state. The general thinking when it comes to security measures, is to do the minimum possible to avoid the regulatory pressures. For many large corporations ROI on the investment becomes a paramount importance. Startups are even worse because traction and growth are more important than inconveniences of security.

But the most dangerous aspect of this whole thing is the unprecedented growth of digital proliferation without any effort on creating awareness about safety measures. Whose job is this ?  Government’s ? Company’s ? or Users ? Question’s to be answered are,

  • Should companies provide method for opting out of online mode ?
  • Should awareness exercise be mandatory ?
  • Should there be consumer insurance ?
  • Who should carry the burden of proof with respect to hacks ?

Hope regulators wake up and provide clarity on this !!

Safety Measures For Online Financial Transactions

By | Cyber Bullying | No Comments

According to recently released National Crime Bureau Statistics 2015, the reported cyber crime number in India is roughly about ten thousand with a conviction rate of 23%. A significant chunk of reported cyber crimes is of financial in nature. An interesting but not surprising fact about cyber crimes is that strangers commit most cyber crimes of financial nature, while the first or second circle of people around the victim often commits cyber crimes of personal nature. This makes financial cyber crimes harder to defend against and identify the culprits.

imgres

Various aspects of financial cyber crimes that are important to consider are,

• Majority of the financial crimes are organized crimes, with call centers of sometimes of innocent employees executing on behalf of crime syndicates. Some of you must have received series of calls asking you to verify certain aspects of credit/Debt cards. They claim that they are either calling from banks or from contractors of the bank.
• Many are globally spread, so catching them and prosecuting them under legal framework becomes much harder.
• In some cases insiders of the Telcos and Banks collude with the criminals making it much easier to breach into the system. Cloned SIM and calls from inside the bank call center numbers are good examples of such failures.
• Even when the culprits of the crimes are caught it takes long time for the legal system to act and get the money back.

Courts in many cases have penalized Banks and Telcos and sure enough they have implemented many measures to safeguard against such crimes. Some of measures are KYC for SIM, fraud analytics of accounts (detection and prevention of abnormal behavior in users accounts) and two-factor authentication (two different types of password to safeguard against any one of them being compromised; It is an additional layer of protection like a lock with two different keys needed for opening).

In spite of these criminals still continue to prosper due to lack of awareness of many of the users. Most users fall prey to what is called social engineering; it is a technique of making people believe that they are talking to authentic folks (such as banks) and extracting secret information such as passwords. Some examples of social engineering are:

• Call from someone claiming to be from the bank and asking for password due to system upgrade or any other plausible and believable excuse.
• Mails, seemingly from banks such as “yourbank”@gmail.com asking you to change your password. Most people wouldn’t notice the domain name changes.
• Fake e-commerce sites to collect card data along with static PIN.
• Fake ATMs to read magnetic strips of the cards (Not possible with new chip and pins)
• In some cases, faking phone calls from relatives and asking for password and pins.

No amount of technology measures from the Banks and Telecoms can be used to safeguard against such aspects if you/consumer become the weakest link. So it is very important for individual users to be aware of crimes and take precautions. So here are the safety measures to adopt for the online banking or other online financial institution access.

Dos

• Spread the money in multiple accounts.
• Enable all sorts of notifications (mobile, email, slow mail) for transactions. This will help in case of cloned mobiles.
• Use only dedicated private computers (or phones) for online banking.
• Use safe and private networks (strongly secured home WiFi or office WiFi)
• Use strong passwords (Not related to Date of Birth, family members name etc).
• Enable two-factor authentication provided by banks wherever possible. These are
o OTP – One time passwords usually come on SMS but in some cases apps are available on smart phone which display the number)
o Smart cards (Downloading of specific keys to your computer and hence blocking any computer that doesn’t have these.
o Hardware tokens (which display OTP)
• Use trusted websites and wallets for sharing your banking information.
• Make sure your primary email used for notifications is protected with two factor authentication as well. Google authenticator is a popular choice for many.
• Install a good anti virus on the primary computer and mobile.

Don’ts

• Do not reveal birthdays etc. on public/private social media profiles. Criminals can easily scrape them and use to gain access.
• Do not install unverified software/apps in the main accounts. Many apps and software can contain malware that can eavesdrop on your transactions. Same with many sites on the Internet. If you must use a virtual box or a different device.
• Do not share your password to anyone on phone or web for whatever reasons. When in doubt cut the call politely and call back on official support numbers of the institutions.
• Do not use public computers at hotels and airports for any logins.
• Do not use random WiFi/networks (airports, hotels, Cafes) for online transactions
• Avoid unbranded standalone ATM machines especially in some high-risk areas such as some well know tourist locations (Many to list, so just avoid)

With increasing technology advances and immense focus on Digital India, technology is going to be part of every aspect of our life. While we are instinctively safety conscious, the new technology paradigms are unknown territory to us and hence educating oneself on these aspects and taking appropriate safety measures if the best way forward.

So take care and stay safe.

(This blog was originally published @ techinasia https://www.techinasia.com/talk/avoid-financial-scams-fast-digitalising-india)

Fake Facebook Profile or Any Other Profile !

By | Cyber Bullying, impersonation | No Comments

Recently I met a business colleague for Lunch and she recounted a strange incidence of a elaborate fake profile on a matrimony site. Also you keep reading in newspapers about how, fake profile befriended gullible teens and blackmailed them after collecting lot of information about them. There are also spammers and financial fraudsters who can gain lot of information about you by befriending you on facebook. Even very cautious and otherwise intelligent people sometime fall prey to this fraud. The culprit seems to be the belief that if you have common friends and the photo looks normal enough one can trust the profile.

There are many complex ways of doing this. For facebook in particular there are apps which do behavioral analyses and predict if the profile is fake. These apps are specific to However one simple way would be to do a reverse image check on the profile picture. The process is simple.

  1. Click on the profile pic; Right click (or ctrl click, or hold depending on the device). Copy the image URL. Alternatively one can download the picture too.
  2. Go to images.google.com (Many other sites too, but google is well well-known).
  3. click on the camera icon in the search box and upload the profile pic or paste the URL from step 1.
  4. If search throws other pics/profiles with different contexts and names then you know you have a fake profile.

Once that is established you can report the profile to the concerned website. For facebook the link is https://www.facebook.com/help/167722253287296; Facebook explicitly states that

We don’t allow accounts that:

Pretend to be you or someone else

Use your photos

List a fake name

Don’t represent a real person

However given the nature of these fake profile creators they will come back in other avatars but at least you have a method of detecting.  One prudent(but conservative) approach in general would be not to add anyone that you haven’t met offline.

Stay Safe !!

Online Safety v/s Social Obscurity !

By | Cyber Bullying | No Comments

Recently we held a session on online safety in an elite school. Session was full of teenagers, bright kids full of mischief and eager to conquer the world. Most of them are avid users of facebook and some hesitantly admitted to being ethical hackers.

I discussed them about Cyber Safety, many are aware of the general issues but the areas that seem to surprise them are

1. Privacy : Nothing is really private even if the electronic exchange has happened between two individuals.

2. Legal Aspects : Many were unaware of the illegal nature of somethings. Many things that they had taken as granted turned out to be illegal.

I spoke to reachers as well, they were concerned about the amount of information that the kids disclose online. It is thin line here. Many kids feel that they will be cut off from mainstream circles if they don’t behave certain way. All the tradeoffs of offline social life get more highlighted in in online world.

How does one manage the balance in such scenario ? Here is what I told them, take a look at it.

One form of Email Scam : AFFHA

By | Cyber Bullying | No Comments

Recently we received a mail on our contact form. A gentleman congratulated us on our good work (yay :-)) and enquired about one email that he has received. Quoting from the mail,

“just today i have received an email for donation on humanitarian ground for the websitehttp://www.affha.org/donations.html
Also someone posing as a representative has send email for becoming a rice supplier to this organization on long term basis.
On the first look the website appears find … but when i googled a little i found that there have been rounds of such fake emails going on. (http://blog.dynamoo.com/2013/11/african-development-humanitarian.html)
Can you please help me know whether this organization affha exits or not?”

The answer is obvious. Just mark these mails as spam and ignore. Do not click on any of the links unless you are in a sandbox.

He seems to be quite clued in and did his research, but there are many people who fall for these scams.  If one takes the bait, many things may happen. Starting with your donation money going to wrong folks to you sending your rice (second bait) to them without getting paid a dime. There are variations of this theme everywhere and many do fall for it.

Unfortunate part of these scams is, there is no solution once you get conned. These are spread across the world and victim’s country’s law and law enforcement will not reach them at all. Only safe way is not to fall for these in the first place. My heart goes out to folks who fall for these, typically unaware and probably desperate.

Decency, Obscenity and Crime in the realm of Online Pictures !

By | Cyber Bullying | No Comments

This is something that significant number of folks get it wrong as cultural norms and all sorts of twisted thinking get into the mix. But law is very clear on this. See the example below of a recent arrest. The conclusion (which claims that guy got arrested for failing public decency norms) is completely wrong which made me post this.

http://www.deccanchronicle.com/150813/technology-latest/article/techie-posts-child-porn-whatsapp-group-held.  (This is the story about a man who posted a nude picture of a child to a whatsapp group and getting arrested.)

First lets start with the term “Child Porn”. The term itself trivializes the horrific nature of the crime and the correct and preferred term in law enforcement circles is child sexual abuse. That brings us to the question what if the picture is of adult. “Consent” plays a huge part in determining the severity of the crime and in some countries it may not be a crime. Indian law goes a step further and prohibits transmission (see the definition below) of any pictures of this kind. Below is the excerpt which details the nuances.

66E. Punishment for violation of privacy. (Inserted Vide ITA 2008)

Whoever, intentionally or knowingly captures, publishes or transmits the image of a private area of any person without his or her consent, under circumstances violating the privacy of that person, shall be punished with imprisonment which may extend to three years or with fine not exceeding two lakh rupees, or with both Explanation.

– For the purposes of this section —

(a) ―transmit‖ means to electronically send a visual image with the intent that it be viewed by a person or persons;

(b)―capture‖,with respect to an image, means to videotape, photograph, film or record by any means;

(c)―private area‖ means the naked or undergarment clad genitals, pubic area, buttocks or female breast;

(d)―publishes‖ means reproduction in the printed or electronic form and making it available for public;

(e)―under circumstances violating privacy‖ means circumstances in which a person can have a reasonable expectation that—

(i)he or she could disrobe in privacy, without being concerned that an image of his private area was being captured; or (ii)any part of his or her private area would not be visible to the public, regardless of

whether that person is in a public or private place.

  1. Punishment for publishing or transmitting obscene material in electronic form (Amended vide ITAA 2008)

Whoever publishes or transmits or causes to be published in the electronic form, any material which is lascivious or appeals to the prurient interest or if its effect is such as to tend to deprave and corrupt persons who are likely, having regard to all relevant circumstances, to read, see or hear the matter contained or embodied in it, shall be punished on first conviction with imprisonment of either description for a term which may extend to two three years and with fine which may extend to five lakh rupees and in the event of a second or subsequent conviction with imprisonment of either description for a term which may extend to five years and also with fine which may extend to ten lakh rupees.

67 A. Punishment for publishing or transmitting of material containing sexually explicit act,etc. in electronic form (Inserted vide ITAA 2008)

Whoever publishes or transmits or causes to be published or transmitted in the electronic form any material which contains sexually explicit act or conduct shall be punished on first conviction with imprisonment of either description for a term which may extend to five years and with fine which may extend to ten lakh rupees and in the event of second or subsequent conviction with imprisonment of either description for a term which may extend to seven years and also with fine which may extend to ten lakh rupees.

Exception: This section and section 67 does not extend to any book, pamphlet, paper, writing, drawing, painting, representation or figure in electronic form –

(i)the publication of which is proved to be justified as being for the public good on the ground that such book, pamphlet, paper, writing, drawing, painting, representation or figure is in the interest of science,literature,art,or learning or other objects of general concern; or

(ii) which is kept or used bona fide for religious purposes.

67 B. Punishment for publishing or transmitting of material depicting children in sexually explicit act, etc. in electronic form. Whoever,

– (a)publishes or transmits or causes to be published or transmitted material in any electronic form which depicts children engaged in sexually explicit act or conduct or

(b)creates text or digital images, collects, seeks, browses, downloads, advertises, promotes, exchanges or distributes material in any electronic form depicting children in obscene or indecent or sexually explicit manner or

(c) cultivates, entices or induces children to online relationship with one or more children for and on sexually explicit act or in a manner that may offend a reasonable adult on the computer resource or

(d)facilitates abusing children online or

(e)records in any electronic form own abuse or that of others pertaining to sexually explicit act with children, shall be punished on first conviction with imprisonment of either description for a term which may extend to five years and with a fine which may extend to ten lakh rupees and in the event of second or subsequent conviction with imprisonment of either description for a term which may extend to seven years and also with fine which may extend to ten lakh rupees:

Provided that the provisions of section 67, section 67A and this section does not extend to any book, pamphlet, paper, writing, drawing, painting, representation or figure in electronic form –

(i)The publication of which is proved to be justified as being for the public good on the ground that such book, pamphlet, paper writing, drawing, painting, representation or figure is in the interest of science, literature, art or learning or other objects of general concern; or

(ii)which is kept or used for bonafide heritage or religious purposes

Explanation: For the purposes of this section, “children” means a person who has not completed the age of 18 years