neelabh rai

now browsing by tag

 
 

साइबर लॉ के क्षेत्र में है कैरियर के साथ असीम संभावनायें

आज भारत में जिस तरह इंटरनेट का विस्तार हो रहा है, उसी तरह यहाँ साइबर लॉ की जरूरत भी महसूस की जाने लगी है। वास्तव में साइबर लॉ की जरूरत हर उस देश में महसूस की जा रही है जहाँ भी साइबर अपराध हो रहे हैं। ऐसे में ज्यादातर सभी विकासशील देशों जहाँ इंटरनेट अभी पूरी तरह से जड़ें जमा नहीं पाया है, वहाँ भी साइबर लॉ की जरुरत महसूस की जा रही है। साइबर अपराध को निपटाने और न्याय दिलाने के लिए इसके विशेषज्ञों की माँग लगातार बढ़ रही है। इसी जरुरत को ध्यान में रखते हुए साइबर लॉ से संबंधित पाठयक्रमों की शुरुआत अब ज्यादातर इंस्टीट्यूट में कर दी गई है। कहीं स्पेशलाइज्ड रूप में, तो कहीं एलएलबी के साथ इसकी पढ़ाई होती है।

 

आए दिन साइट हैकिंग से लेकर ऑनलाइन बैंकिंग फ्रॉड अथवा साइबर बुलिंग एवं साइबर स्टाकिंग की खबरें सुनने को मिलती रहती हैं। यही है साइबर क्राइम और इन कामों को अँजाम देता है कम्प्यूटर तकनीक के जरिए एक हाइटेक अपराधी। इसे रोकने के लिए जरुरत होती है साइबर सिक्योरिटी एक्सपर्ट की। एक ऐसा साइबर एक्सपर्ट जो हाइटेक अपराधी की तरह सोच सकता हो और साथ ही में कानून की भाषा का ज्ञाता भी हो। ऐसे साइबर एक्सपर्ट्स की मदद से साइबर क्राइम की रोकथाम की जा सकती है और साथ ही में आवश्यकता पड़ने पर पीड़ित को परामर्श देने का कार्य भी करता है।

सवाल यह उठता है कि आखिर में ‘साइबर क्राइम’ है क्या ? सरल शब्‍दों में हम कह सकते हैं कि साइबर अपराध गैरकानूनी कृत्‍य हैं जिसमें कंप्यूटर या तो एक उपकरण या लक्ष्य या दोनों है। साइबर अपराध पारंपारिक प्रकृति के होते हैं जैसे चोरी, धोखाधड़ी, जालसाजी, मानहानि और शरारत, जो भारतीय दंड संहिता के अधीन हैं। कंप्यूटर के दुरुपयोग ने भी आपराधिक गतिविधियों में समाविष्‍ट होकर नवयुगीन अपराधों के एक स्वर को जन्म दिया है जिन्‍हें सूचना प्रौद्योगिकी अधिनियम, २००० एवं तत्पश्चात सूचना प्रोधोगिकी संशोधन २००८ द्वारा संबोधित किया जा रहा है।

cyber-law-india-courts

पूरी दुनिया में साइबरस्पेस का अपना कानून है, जिसका उपयोग इंटरनेट के माध्यम से होने वाले अपराधों से निपटने के लिए किया जाता है। मशहूर कंप्यूटर सुरक्षा विशेषज्ञों, साइबर आतंकवाद गुरुओं और विशेषज्ञों का भी मानना है कि निकट भविष्य में साइबर लॉ विशेषज्ञों की बड़ी संख्या में भारत में जरूरत होगी। ऐसे में इस क्षेत्र में कोर्स करने वालों को सामने विश्व के सामने अपने काम के जरिए अपनी चमक बिखेरने का मौका होगा और वह भी लुभावनी सैलरी (तनख्वाह) पर। साइबर विशेषज्ञ किसी संस्थान से जुड़कर या फिर स्वतंत्र रूप से सलाहकार के रूप में काम करके भी कमाई कर सकते हैं जो कि एक उत्तम जरिया है अतिरिक्त कमाई का।

वैसे तो इन दिनों भारत के आई.टी. विशेषज्ञों का डंका पूरी दुनिया में बज रहा है, भले ही मंदी से यह कुछ घबड़ा भी गया था। लेकिन साइबर क्राइम से निपटने के जो भी प्रयास अब तक यहाँ हुए हैं, उन्हें पर्याप्त नहीं कहा जा सकता। आने वाले दिनों में जैसे-जैसे कंप्यूटर, मोबाइल फ़ोन और स्मार्टफोन पर हमारी निर्भरता और बढ़ती जाएगी, वैसे-वैसे इस तरह के क्राइम बढ़ने की आशंका भी बढ़ती जाएगी। ऐसे में उन एक्सपर्ट्स की आवश्यकता होगी जो इस नए तरह के अपराध से निपटने में माहिर हों।

दरअसल, सामान्य कानून और पुलिस इस तरह के अपराधों से निपटने में सक्षम नहीं है। ऐसी स्थिति में साइबर क्राइम से निपटने वाले माहिर खिलाड़ी वहीं होंगे, जो साइबर लॉ के विशेषज्ञ हों और साइबर क्रिमिनल्स की हाइटेक तकनीक को भी आसानी से भेदना जानते हों। इसलिए मानना पड़ेगा कि आने वाले दिनों में साइबर लॉ कोर्स किए हुए कैंडिडेट्स के लिए जॉब के अनगिनत अवसर पैदा होंगे।

साइबर लॉ विशेषज्ञों के अनुसार, साइबर लॉ करियर के लिहाज से आज एक बढ़िया विकल्प है। साइबर लॉ भविष्य में उज्जवल करियर विकल्प साबित हो सकता है। इसलिए लॉ, टेक्नोलॉजी मैनेजमेंट, अकाउंट आदि क्षेत्रों से जुड़े छात्र या पेशेवर व्यक्ति भी यह कोर्स कर सकते हैं। यह क्षेत्र उनके लिए विशेष रूप से उपयोगी है, जिन्होंने पहले से लॉ कोर्स किया है। उन्हें लॉ के बेसिक्स नहीं पढ़ने होंगे, केवल साइबर क्राइम और इससे निपटने के तरीके सीखने होंगे।

Incident Response Case Study: Bitly Account Compromise

There is an important update from the Bitly Account Users from the Bitly Team. The Bitly Team is having some strong reasons to believe that Bitly account credentials may have been compromised; however, they have no indication at this time that the user’s account has been accessed without permission.
Whenever a service provider is having some suspicion of account compromising incident, it is better to take precautions. In the same manner, to play safe in the cyberspace The Bitly Team had proactively disconnected any connections one might had done with Facebook and Twitter to publish the posts by using the URL Shortening Links using bit.ly or bitly.com . Once can safely reconnect these accounts in the next login.
If someone will login to their bitly account and if a user sees that their Facebook and Twitter accounts are still connected to their Bitly account, then this information is important for them:
“Those accounts are connected but the Bitly Team had disconnected the rights to publish to these accounts. To start republishing / to ensure the security of your Bitly account, the user must do the following steps:
  1. Go to Your Settings Profile tab and reset your password.
  2. Go to Your Settings Connected Accounts tab to disconnect and reconnect any Twitter or Facebook accounts. If you have any connected applications, disconnect and reconnect through the third-party application.
  3. Go to Your Settings Advanced tab to reset your API key. If you are a developer using your API key, copy the new API key and change it in all applications. These can include social publishers, share buttons and mobile apps.
The Bitly Team had already taken proactive measures and steps to secure all paths that led to the compromise and had ensured the security of all account credentials going forward. Rarely companies provides the insight that how the compromise happened. But the way The Bitly Team is taking it ahead is an interesting step to watch out. And to learn for that how to perform the incident response.

In one of the blog, the Bitly Team shares the insights as: 
“On May 8, the Bitly security team learned of the potential compromise of Bitly user credentials from the security team of another technology company. We immediately began operating under the assumption that we had a breach and started the search for all possible compromise vectors. Over the course of the next few hours, the Security Team determined with a high degree of confidence that there had been no external connections to our production user database or any unauthorized access of our production network or servers. They observed that we had an unusually high amount of traffic originating from our offsite database backup storage that was not initiated by Bitly. At this point, it was clear that the best path forward was to assume the user database was compromised and immediately initiate our response plan, which included steps to protect our user’s connected Facebook and Twitter accounts.
We audited the security history for our hosted source code repository that contains the credentials for access to the offsite  database backup storage and discovered an unauthorized access on an employee’s account. We immediately enabled two-factor authentication for all Bitly accounts on the source code repository and began the process of securing the system against any additional vulnerabilities.”

The way Bitly Team initiated their security assessments and later launched the proactive measures in itself hints that they are having a robust documented approach for carrying out incident handling and incident response plans in case of cyber security breach. The way Bitly Security Team had worked and provided the insight is applaudable.

Looking on to the some of the security measures implemented since the breach incident information received by the Bitly Team are:
  1. Invalidated all Twitter and Facebook credentials.
  2. Rotated all credentials for their offsite storage systems.
  3. Enabled detailed logging on their offsite storage systems. 
  4. Rotated all SSL certificates.
  5. Reset credentials used for code deployment.
  6. GPG encryption of all sensitive credentials.
  7. Enforced two-factor authentication on all 3rd party services company-wide.
  8. Accelerated development of our work to support two-factor authentication for Bitly.com
  9. Accelerated developmet for email confirmation of password changes.
  10. Added additional audit details to user security pages. This can be seen from the Security tab. This provides all the detailed logging e.g., the IP address of the last login, revoking shared account, adding shared account etc. alongwith the approximation in hours of the actions taken (say, 5 hours ago, 8 hours ago, …).
  11. Updated iPhone App to support updated OAuth tokens.

The interesting part is that they had stored the passwords as salted and hashed. Generally, the larger organizations do claim that they had stored the passwords as salted and hashed but later on when the hackers expose the hacked/ stolen information on the Internet, it is found that the credentials were instead stored as a plain text. The very case that comes in mind is the Microsoft India Store Account Hack case. Here also, the Microsoft India informed to all the Microsoft India store users that the passwords were encrypted, hence, their is no loss of data. But when the hacker opened the details in a public forum along with the screenshots of the database it was observed that the user’s credentials (e.g., passwords, credit card numbers etc.) were stored in as a plain text. Hence, this part is yet to be seen that whether the company Bitly had really stored the passwords as salted and hashed or not.
According to the Bitly Team’s Blog, if someone had registered, logged in or changed the password after January 8th 2014, the password was converted with BCrypt and HMAC (Hash-based Message Authentication Code)  using an unique salt. However, if someone had not logged in since 8th January, 2014 then their account was hashed with MD5 – a big security risk!! 
 
According to TechTarget article titled “MD5 Security: Time to migrate to SHA-1 hash algorithm?” dated May 2010:
 
“…hash algorithms create a short, fixed-length hash value to represent data of any size, it means that there are far more possible input values than there are unique hash values. This means there have to be multiple input values that will produce the same hash value. This is known as a collision and for a hash function to be deemed cryptographically secure and collision resistant, it has to be hard to find two inputs that hash to the same output. In March 2005, two researchers created two X.509 digital certificates with different public keys but with the same MD5 hash; since then various methods have been published that can find an MD5 collision in under a minute. This is why MD5 is considered cryptographically broken and is being replaced by the SHA-2 family of hash functions.”

 
Hence, MD5 security is certainly not suitable for security-based applications and services. Hence, if someone is having bitly.com account then the user is encouraged to login immediately and change their passwords so that the risk factor because of MD5 hashing is eliminated.
 
Read more about BCrypt from here (Wikipedia), and HMAC from here (Wikipedia) and here (RFC 2104 from IETF).

 

 
 


Neelabh Rai
Cyber Entrepreneur
Independent Cyber Security Researcher
CYBER COPS India
www.cybercops.in

“Protect your software from Piracy, IT Systems from Sabotage by using ‘patented’ Validy Technology”

EC Council official website hacked (http://www.eccouncil.org/)

The official website of International Council of E-Commerce Consultants, popularly known as EC-Council, is hacked. The hacker had inserted an image showing Edward Snowden’s Passport and left following message on the www.ec-council.org website:


owned by certified unethical software security professional
-Eugene Belford

The name used by the hacker – Eugene Belford – is taken from the movie Hackers (1995) . The picture inserted is:

KDS Fig.1: Defaced image taken from the EC-Council Official website

The above image shows the email message supposedly written by Edward Snowden to cehapp . CEHAPP is meant for international applicants to go for the Application Process Eligibility:

KDS Fig.2: Screenshot of the Google Search of CEHAPP

Now visiting the same website is showing the following message:

Malwarebytes Anti-malware blocked access to a potentially malicious website: 93.174.95.82Type: outgoing
Port: 52145, Process: avp.exe

KDS Fig. 3: Malwarebytes Anti-malware message popped when tried to open www.eccouncil.org

EC-Council’s website is again hacked and following image is posted now:

KDS Fig. 4: EC Council Website Hacked and Defaced Once Again

Further recommended readings:


Neelabh Rai
Cyber Entrepreneur
Independent Cyber Security Researcher
CYBER COPS India
www.cybercops.in

“Protect your software from Piracy, IT Systems from Sabotage by using ‘patented’ Validy Technology”

Cyber Security Roadmap / Strategy (draft version 1.0.0)

It’s an attempt by Neelabh Rai to create a cyber security roadmap / strategy that can be implemented by any organization / country / corporate bodies. All its minute details are also in the development stage and will be hopefully completed at the earliest possible. The cyber security roadmap is created single-handedly by Neelabh Rai.

Since CYBER COPS India is a knowledge-sharing platform among the cyber security researchers, practitioners and experts hence, this very document is made available as a copyleft to all the esteemed readers and viewers.


Kindly have a look on this very document titled as “Cyber Security Roadmap / Strategy (draft version 1.0.0)” from here: 

http://www.cybercops.in/cyber-security-roadmap_pwp-neelabhrai-cybercopsindia.pdf

Your comments are welcome on this. Please feel free to comment via Contact Me webpage.

PS: 

  1. This cyber security roadmap is available to the public as a copyleft with a disclaimer policy. For the disclaimer policy details, kindly visit Cyber Security Framework / Strategy Disclaimer Policy.
  2. This was created in leisure/free time (i.e., when I am not employed anywhere) only so that my employers cannot claim their copyright on it.


Neelabh Rai
Cyber Entrepreneur
Independent Cyber Security Researcher
CYBER COPS India
www.cybercops.in

“Protect your software from Piracy, IT Systems from Sabotage by using ‘patented’ Validy Technology”

[Series 01] Indian SCADA Systems – Current Status?

SCADA i.e., Supervisory Control And Data Acquisition is a real time industrial process control systems used to centrally monitor and control remote or local industrial equipment such as motors, valves, pumps, relays etc. SCADA is used to control:

  • chemical plant processes,
  • oil and gas pipelines,
  • electrical generation and transmission equipment,
  • manufacturing facilities,
  • water purification and distribution infrastructures etc.
On 31 July, 2012 a news broke relating to the blackout in 20 states of India due to Northern Electricity Grid Failure which subsequently led to the failure of Eastern and North Eastern Electricity Grid Failure. 

Although all the political parties and the news channels kept broadcasting the news that this was caused due to the excessive drawing of electrical power from few states but being an independent cyber security researcher and working in SCADA security, my intuition isn’t ready to accept the statements given by India’s Power Grid Corporation as: 
“There was overdrawing of power as the demand peaked. 
As a result, two to three grids tripped simultaneously.”
My query is:
In summer season (in 2012), there was a time when the demand for power supply was so high that most of the parts of cities in Northern India were not able to get the electricity for 8-10 hours a day (my personal experience). In such a critical demand time nothing happened! 
There was only load-shedding but no failure of any electricity grid. 
Why So?
Wasn’t the current blamed states by the Central Government 
were drawing the electricity in excess at that time? 
If Yes, then why the Power Grid failure didn’t occurred at that time?

to be continued…


Neelabh Rai
Cyber Entrepreneur
Independent Cyber Security Researcher
CYBER COPS India
www.cybercops.in

“Protect your software from Piracy, IT Systems from Sabotage by using ‘patented’ Validy Technology”

^