Advertisment

Cyber Attacks: It’s Time to Act

author-image
DQI Bureau
New Update

Hugh Jackman plays a hacker named Stanley Jose in Swordfish, and has the

expertise to break in to government computers and alter records. Skeet Ulrich

plays the most wanted computer hacker on the FBI list, Kevin Mitnick, in

Takedown. And recently, Abhishek Bachchan played Jagdish, a computer whiz-kid

who puts his knowledge to good use and saves a site in Om Jai Jagdish. The

common factor–hacking.

Advertisment

How the lure of money can transform an intellectual into a fraudster came to

fore when a software engineering graduate from IIT Kharagpur was caught

red-handed trying to sell the source code of a sophisticated software package

recently. The arrest followed a complaint from the Federal Bureau of

Investigation, which informed its Indian counterpart-the Central Bureau of

Investigation–of the attempt to sell the source code of Solid Works 2001 Plus,

developed by American firm Solid Works. This company had outsourced debugging of

the package to a Mumbai-based company, where this engineer worked–after

finishing work on the project, the engineer resigned.

After

the Gavel
l Ruling

in India’s first case of software piracy



In a landmark decision on 17th October 2002, the designated High Court

of Delhi passed an order prohibiting one Mr Debasish Seal from selling

pirated software over the Net. Seal was accused of selling pirated

Microsoft software on an auction site. The day also happened to be the

second anniversary of the enforcement of the IT Act, 2000.

l Honey,

you’ve landed in the Honeypot



In June 2000, Pakistani hackers broke into a US-based computer system

to use it as a tool to attack India Websites. But little did they know

that they had fallen into the Honeypot–a trap laid down to trace hacker

activities. Every keystroke, chat sessions and tools they used were

recorded

The administrators used

this trap to learn what kind of targets hackers look for and what their

level of expertise was.

Before leaving, however, he took the entire source code of the software with

him. He then approached other software companies in the US through e-mail,

announcing that he had the source code and expressing his keenness to sell it. A

company named Solid Concepts in the US responded to his mail, and informed Solid

Works and the FBI about the offer. After negotiation, the exchange was finalized

for a sum of $200,000 and an initial payment of $20,000 wired to the engineer’s

bank account in Mumbai. An FBI agent posing as a representative of the company

met the engineer at Delhi’s Ashok Hotel, where the latter was apprehended

while handing over the source code on two CDs. He’s since been booked under

Sections 379 and 406 of the Indian Penal Code and Section 66 of the IT Act.

Advertisment

From the CBI files...



The Central Bureau of Investigation registered its first case on hacking

when the Department of Customs and Central Excise complained that its site had

been hacked into. Identified as the ‘Anti-India Crew’, the culprits had

hacked into more than 120 Indian sites. Fortunately, they managed only to deface

the homepage before the hack was detected. The case gained importance, as it was

for the first time that a government department had lodged a complaint about

hacking of its Website.

In another case of cyber harassment, the cyber crime cell of CBI cracked a

case where personal details and telephone number of a young lady executive were

posted on a dating site, with the statement that she was "available".

When her family started getting calls from around the world, they lodged a

complaint with CBI’s cyber crime cell. It was found that the website contained

obscene material and had links to other pornographic sites. The IP addresses of

the sites were traced to one Dewang Badyani of Mumbai. The CBI and local police

conducted searches at the locations of Direct Information, a Web hosting

company, the premises of Badyani, VSNL location and Indosoft–a private company

that developed the program for the accused. From the VSNL premises, the team

seized a server containing material for the Websites and other pornographic

sites belonging to Badyani from the rack of Direct Information. Further

investigation is on.

Most Offenders are Family or Friends, Who You’d Never Suspect
The

‘Cybercrime Cell’ in Bangalore celebrated its first birthday on 22

October 2002. Mr Alok Mohan, DIG of police (economic offences), under the

Corps of Detectives, Bangalore, spoke to DQ about the cell’s

activities in its first year. Excerpts:

l What

has been the nature of work at and efficacy of the Cybercrime Police

Station?




The Bangalore CCPS is the first of its kind in the country and has
jurisdiction over the entire state of Karnataka. So far we have solved

more than 90% of the 61 cases that have been lodged.

l Why

is it that enterprises are wary of reporting a cyber attack?




Enterprises across the country hesitate to lodge complaints due to


fear of negative publicity. However, I urge them to approach the


legal authority because by not doing so, they’re encouraging the


person to continue.


l What

is your team made up of?




I oversee the Bangalore Cyber Crime Police Station as cyber crimes


fall under economic offences. My team consists of four DSPs (Deputy
Superintendent of Police), four Inspectors, and a supporting team. They’re

being constantly trained and we try to keep up with the changing

technology and trends. We also take help of experts from Wipro, Infosys

and from the Department of Supercomputers at IISc.

l Ruling

in India’s first case of software piracy



In a landmark decision on 17th October 2002, the designated High Court

of Delhi passed an order prohibiting one Mr Debasish Seal from selling

pirated software over the Net. Seal was accused of selling pirated

Microsoft software on an auction site. The day also happened to be the

second anniversary of the enforcement of the IT Act, 2000.

l Honey,

you’ve landed in the Honeypot



In June 2000, Pakistani hackers broke into a US-based computer system

to use it as a tool to attack India Websites. But little did they know

that they had fallen into the Honeypot–a trap laid down to trace hacker

activities. Every keystroke, chat sessions and tools they used were

recorded

The administrators used

this trap to learn what kind of targets hackers look for and what their

level of expertise was.

Advertisment

Spamming for revenge



And in yet another eye-opening case, a 16-year-old school dropout was found

guilty of spamming and sending threatening e-mails in obscene language. His

parents thought him a computer-wizard and spent more than a lakh rupees

providing for two computers with an Internet connection, printer, scanner,

air-conditioner, multimedia kit and so on. But their dreams were shattered when

a Web hosting company in the United Kingdom complained of receiving thousands of

Spam mails from India, asking them to shut down one of the Websites hosted on

its server. The mails were traced back to the youngster’s PCs at his

Pondicherry residence.

CBI investigations revealed that the youngster was an Internet addict, in the

habit of surfing the Net for 12-16 daily. His telephone amounted to over Rs

13,000 a month and he was working on two or three websites and discussion forums

that he hosted. Although he had no contacts whatsoever with school friends, he

had made many virtual friends–and one of these virtual friends was a client of

this UK-based firm. When these two fell out, the teenager chose to spam the

company whose client the ex-friend was. The CBI registered a case under Sections

507 and 509 of IPC and Section 66 of the IT Act, 2000. During search operations,

one of the computers loaded with the e-mail bombing program used to send Spam

was seized.

Germany calling!



A new and innovative way of cheating people is gaining ground–the lure of

getting them handsome jobs overseas. CBI cracked this interesting case on the

basis of two separate e-mail complaints. The complainants received e-mails from

one Mohd Firoz, informing them that they had been selected for the posts of ‘network

administrator’ and ‘programmer’, respectively, without any formal

interview. A German firm called DIS-AG Personalvermittlung, manufacturing and

exporting cosmetics; drugs and toiletries, had hired them. They were asked to

cough up Rs 10,000 and Rs 40,000, respectively, to a specified ICICI bank

account number for visa and other paper work. Further, they were asked to come

to Delhi for their visa inter views at the German embassy and to collect other

contract papers. On contacting the German embassy, the two were told that no

person or company by the given name was known to the embassy.

Advertisment

CBI’s investigation traced the ICICI account to a residence in Hari Nagar

in New Delhi. The statement of account collected from the bank revealed deposit

of cash in the account from different parts of the country and even abroad. The

investigations also revealed that Mohd Firoz had changed residence a year back

and had cheated on people by payment of heavy amounts on the pretext of getting

them lucrative jobs. Firoz used to withdraw money through ICICI ATMs in Delhi,

but he was ultimately traced to Asansol in West Bengal–a 23-year-old

unemployed graduate from Aligarh Muslim University.

All said and done



Worldwide, cybercrime has increased–as it has in the Indian geography.

With the number of Internet users shooting up, the threat is becoming even

worse. We can choose to be proactive and report the incidents to help bring the

guilty to book; or downplay the threat at our own risk–which is what most of

Indian enterprises and home computer-users do. The choice is ours–to live or

be outlived.

Neetu Katyal/computers@Home

Advertisment

‘When faced with a cyber attack, report it’

What’s the cybercrime scene in India? What’s the CBI doing to check the

menace? How effective is the IT Act in tackling such cases? Archana Ramasundaram,

joint director (economic offences), CBI spoke on these issues. Excerpts:

How grave is the situation in India when it comes to cybercrime?



The incidents of cyber crime are constantly on the rise. And each case

reported is quite different from the other. One has to be cautious of the

threat.

Advertisment

What do statistics across India indicate?



We wouldn’t have the statistics of cyber crimes across the country. The

National Crime records Bureau deals with that. Also, CBI deals only with special

cases. So as far as CBI is concerned, we had 7 cases in the year 2000 that was

also the year when Cyber Crime Investigation Cell, Delhi was set up. In 2001,

the number of complaints rose to 19 and so far in 2002 we have 16 complaints

registered with us.

Is there set criteria that the CBI looks into a certain type of case and

the local police into other kinds?




No, there’s no hard and fast rule to classify the cases. It’s just that CBI
takes up matters considered critical or the ones with urgency or sheer

complexity.

How equipped are you to handle these cases?



Our investigating officers have the technical expertise to put together the

pieces of info to tackle the cases. We’re improving our skills by way of

training. We also take support from the industry when need arises. Also, we’ve

requested the Government of India to provide for more manpower and resources in

terms of software etc.

Do you seek help and assistance from international agencies like Interpol

and FBI?




The CCIC of the CBI was recognized as the International Contact Point for
tackling cyber crimes in India at the International Conference on Information

Technology Crime organized by Interpol in Lyons (France) recently. The CBI is

also a member of the Interpol Working party on Information Technology Crime for

South-East Asia and Australasia.

Advertisment