| |
International
BBC News12 June 2011
IMF hit by 'very major' cyber security attack
The International Monetary Fund (IMF) says it has been targeted by a sophisticated cyber attack. Officials at the fund gave few details but said the attack earlier this year had been "a very major breach" of its systems, the New York Times reports.
Cyber security officials said the hack was designed to install software to create a "digital insider presence".
The IMF, which holds sensitive economic data about many countries, said its operations were fully functional.
The cyber attack took place over several months, and happened before former IMF chief Dominique Strauss-Kahn was arrested over sexual assault charges.
"I can confirm that we are investigating an incident," said spokesman David Hawley.
"I am not in a position to elaborate further on the extent of the cyber security incident.
The New York Times said IMF staff had been told of the intrusion on Wednesday by e-mail, but that the Fund had not made a public announcement.
The e-mail warned that "suspicious file transfers" had been detected and that an investigation had shown a desktop at the Fund had been "compromised and used to access some Fund systems".
There was "no reason to believe that any personal information was sought for fraud purposes," it said.
High profile breaches
A cyber security expert told Reuters the infiltration had been a targeted attack which installed software designed to give a nation state a "digital insider presence" at the IMF.
"The code was developed and released for this purpose," said Tom Kellerman, who has worked for the Fund.
Bloomberg quoted an unnamed security expert as saying the hackers were connected to a foreign government. However, such attacks are very difficult to trace.
The World Bank said it briefly cut its network connection with the Fund out "an abundance of caution".
"The World Bank Group, like any other large organisation, is increasingly aware of potential threats to the security of our information system and we are constantly working to improve our defences," said spokesman Rich Mills.
The incident is the latest in a string of high-profile cyber security breaches.
In April, the Sony Playstation network was shut down after hackers stole the personal data of about 100 million accounts and in May, US defence firm Lockheed Martin said it had come under a significant cyber-attack.
CIA Director Leon Panetta told the US Congress earlier this week that a large-scale cyber attack which would cripple power, finance, security and governmental systems was "a real possibility in today's world".
NIIT Technologies GIS subsidiary's server hackedA server belonging to NIIT GIS Limited, an NIIT Technologies subsidiary, was compromised last week using a SQL injection attack by a hacking group calling itself the 'Tigers of Indian Cyber'(TIC). TIC posted the disclosure in an open security forum giving proof of concept, and a complete list of account credentials. It has since come to light that NIIT GIS' server was compromised - not the servers at NIIT Technologies.
The breach was independently verified by Omair, a security consultant with Network Intelligence India (NII). Omair said that the hack was genuine, and was verified with the link posted by TIC as proof of concept. "The executed query enumerates expected information from the database tables," says Omair. Initial communication with NIIT Technologies revealed that the company was ignorant of the situation. After being informed by SearchSecurity.in of the particulars, the breach was detected by NIIT Technologies and the server was subsequently taken offline. The NIIT Technologies spokesperson confirmed this security breach. He clarified that the server is not part of NIIT-Tech's network. The server belongs to a department in one of NIIT Technologies' subsidiaries, namely NIIT GIS - a joint venture between NIIT-Tech and ESRI USA. The company provides GIS mapping, as well as solutions. According to the source, the compromised server is an internal departmental server, primarily meant for internal employees and sales force to access training and marketing collateral. The GIS server is a stand-alone server hosted in NIIT's Noida data center. It's not hosted with the rest of the NIIT Technologies network. This server has been online for the past eight years. Calls to Pugmarks Interweb, NIIT Technologies' hosting service provider confirmed that the NIIT GIS server is not hosted with Pugmarks. Most of NIIT Technologies' IT infrastructure is hosted on servers located in the US - NIIT GIS is not part of these. A ticker on the NIIT GIS Website informs that the site is also undergoing maintenance. NIIT Technologies has declined further comments on the technical aspects, pursuant to a forensic investigation of the server's logs.
Porn Websites and .XXX Domain Namesby info on June 25, 2010
Internet Corporation for Assigned Names and Numbers board of directors approved the new top-level domain __ that's the technical name for the .com, .xxx or .net part of a URL and sent it on to the next committee.ICM Registry said the .xxx domain is beneficial to the public because it sends an obvious signal that the domain contains pornography, which is desired by some and avoided by others.Also, ICANN approved top-level domains that use strictly Chinese characters.
The chair of the Virtual Global Taskforce (VGT), Australian Federal Police (AFP) Assistant Commissioner Neil Gaughan, would like to welcome the United Arab Emirates (UAE) as a member of the VGT. "I welcome the UAE as a new member of the VGT and look forward to building on this relationship with the support of all VGT members to ensure ongoing collaboration in the pursuit of combating online sexual exploitation involving children worldwide,"
Assistant Commissioner
Gaughan said.
Hackers and spammers are the biggest threat and nuisance for the worlds internet community. In 2009 web 2.0 sites such as face book and twitter were hackers sweets pot, 2010 will see them looking to compromise new platform such as smart phones and take advantage of the popularity of windows7- according to security software maker-websense security lab-. As audiences moving quickly into social web so are the attacks. The reasons spamming and physing attacks at popular social networking websites are a proof of the just how well the hackers understand the taste of internet users.
As a global social network, Facebook is designed to bring people together but according to a UK law firm specializing in divorce says nearly one in five cases they are working on involved a person's activity on Facebook. The most common reason seemed to be people having inappropriate sexual chats including flirty emails and messages posted on "walls" with people they were not supposed to.It suggests that cyber criminals will this year target social networking sites and third-party applications, use more complex Trojans and botnets to build and execute attacks, and take advantage of HTML 5 to create emerging threats.According to report Facebook, Twitter, and third-party applications on these sites are rapidly changing the criminal toolkit, giving cyber criminals new technologies to work with and hot spots of activity that can be exploited. The report believes users will become more vulnerable to attacks that blindly distribute rogue apps across their networks, and cyber criminals will take advantage of friends trusting friends to get users to click on links they might otherwise treat cautiously. The use of abbreviated URLs on sites such as Twitter make it even easier for cyber criminals to mask and direct users to malicious Web sites.
The blending of social media for business and pleasure increases the potential for network security troubles, and people, not technology, can often be the source.
Innocent people could be blocked from going on to the internet by the Digital Economy Bill
The bill, which aims to clamp down on illegal file-sharing but many fear that owners of internet cafes, students in shared accommodation and parents will be punished for the alleged abuse of others.
If a copyright holder, such as a record company, believes someone is illegally downloading music, films or games they can approach the person’s internet service provider.
If the infringement continues their internet connection could be blocked.
However, there may be no recourse for innocent web users who share internet connections with offenders.
Websites which are repeatedly found flouting copyright law can also be blocked by the government
The European Commission unveiled revised antitrust rules allowing luxury brand owners to block online retailers without a bricks-and-mortar shop from distributing their products.
In a bid to counter criticism from online retailers such as eBay and Amazon as well as consumer groups that the provision could restrict user choice, the European Union competition watchdog said it would monitor developments.
Brand owners - often in the high-end or luxury goods market - had argued for the requirement to deter so-called free-riders, competitors who may benefit from their marketing that luxury brands carry out without bearing the same costs.
According to the latest study men are most likely to tell lies when trying to find love online.
The study shows that women are more inclined to tell lies when talking about their weight. On the other hand, men are most likely to lie about how rich they are, what kind of relationship they want to have with you, their past romantic history, their age or their personal interests.
Here are some news snippets:
1. No @ for iPhone
A Swiss court has ruled that the word mark iPhone can't be protected as a trademark because it is purely descriptive.
The 'i' stands for Internet and 'Phone' for telephone, the court concluded.
2. Google has failed in its bid to claim the domain name Groovle.com. According to the National Arbitration Forum, the name Groovle is sufficiently different to
Google.
3. A private citizen in Germany has been ordered to surrender 1,519 domain
names to InterContinental Hotels and Six Continents Hotels, a WIPO arbitration panellist ruled recently in what may be the biggest-ever
domain name case.
Some names were like crown-plaza-berlin.com and express-by-holiday-inndortmund.com.
National
Hate speech must be blocked, says Sibal
The Hindu, New Delhi, December 6, 2011
In an interview to The Hindu, he says Internet companies left him with no choice Kapil Sibal, the Union Minister for Communications and Information Technology, has defended his demand that global internet companies block some content from sites they operate,……http://www.thehindu.com/news/national/article2691781.ece
Fake e-profile lands actor Raman Handa in cop net
S Ahmed Ali, TNN, Apr 26, 2011, 02.39am IST
MUMBAI: Raman Handa, a model and television actor, has been arrested by the cyber cell of the Mumbai Police for allegedly creating a fake profile of an astrologer on a social networking site and "inviting partners for gay sex". This was apparently the actor's revenge on the astrologer, who had "spurned his sexual overtures".
Handa (26) was arrested late on Saturday after the police traced the internet protocol address from which the profile was created to his residence at Four Bungalows in Andheri. Booked for breach of trust, forgery and under the Information Technology Act, 2000, he has been remanded in police custody.
During interrogations, Handa admitted to the police that he had created the fake profile whom "he was interested in". Handa first met the victim two years ago when the latter had just started to make a career in astrology. The two became friends and for a while, they even shared an apartment in Andheri, the police said. However, the two subsequently fell out when the friend brushed aside Handa's "advances".
Spurned, Handa created the fake profile of the victim on Facebook in December last year, and uploaded his actual photographs, birthday, family background, email ID and telephone as well as mobile numbers. In February, he even reportedly posted the message, "I am looking for some good gay partner, if interested please call in", after which all hell broke loose for the astrologer, the police added. Soon, the victim was flooded with emails, calls and text messages "asking for sex", the police said. In his complaint, the astrologer added that even his friends and acquaintances started asking him about his profile.
"The victim started receiving anonymous calls and text messages at odd hours. Even his family members were not spared of the embarrassment as some even rang him up on the landline," said Nandkishore More, senior inspector of the cyber police cell.
Shortly, the victim's brand new car, which used to be parked outside his home, was set afire and a week later, his motorcycle also met with the same fate.
The victim immediately lodged a complaint with the Pant Nagar police in Ghatkopar, saying he suspected it to be the handiwork of Handa. "The victim feel that an upset Handa had torched his vehicles. We will interrogate Handa to find if he had indeed set the car and bike ablaze," said an officer.
During the course of interrogations of Handa, he admitted that he had opened the fake profile of the victim as he was "interested'' in him. Handa had met the victim a few years ago when latter had stepped into astrology and was making his career and this was the period when the victim came across Handa. Sources said that for some days victim and Handa had shared one room in Andheri. Victim had become very popular among the Bollywood.
Cyber crime:RBI advises banks to set up whistle blowing system
PTI - Sun, May 1, 2011
Mumbai, May 1 (PTI) Concerned over rising incidents of cyber crime, the Reserve Bank of India has suggested banks to put in place a strong whistle blowing system as well as reward employees who help prevent frauds.
"Appropriate mechanisms need to be established in banks...including transaction monitoring teams in banks and to investigate them (disputes or suspicions raised by stakeholders) thoroughly. Banks should have a well publicised whistle blowing mechanism," RBI said.
This suggestion is part of the central bank''s guidelines on information security, electronic banking, technology risk management and cyber frauds.
RBI further said that employee awareness is crucial to fraud prevention.
"A positive way of creating employee awareness is to reward employees who have gone beyond their call of duty, and prevented frauds. Awards may be given to employees who have done exemplary work in preventing frauds," the RBI said.
With the advances in information technology, most banks in India have migrated to core banking platforms and have moved transactions to payment cards (debit and credit cards) and to electronic channels like ATMs, internet banking and mobile banking.
Fraudsters have also followed customers into this space.
"However, the response of most of the banks to frauds in these areas needs further improvement, thereby avoiding putting the entire onus on the customer," the RBI said.
It said most retail cyber and electronic banking frauds would be less than Rs 1 crore.
A need is therefore felt to have an industry-wide framework on fraud governance, with particular emphasis on tackling electronic channel based frauds, it said.
RBI had appointed a Working Group headed by RBI Executive Director G Gopalakrishna on various issues arising out of the use of information technology in banks.
The apex bank examined various issues and made its recommendations in nine broad areas, including IT Governance, Information Security and Cyber Fraud.
In the guidelines, RBI said banks need to ensure implementation of basic organisational framework and put in place policies and procedures which do not require extensive budgetary support, infrastructural or technology changes, by October 31, 2011.
The Information Technology (Amendment) Act, 2008 has come into force
All those who are incessantly bombarded with unsolicited calls, SMSs and spam emails from unknown companies, can now have some respite with the 'Reasonable Security Practices and Procedures and Sensitive Personal Information' -- the new set of rules, drafted under the Information Technology Rules 2011, by the Central government on 27th april 2011.
[To be published in THE GAZETTE OF INDIA, EXTRAORDINARY, Part II, Section3, Sub-section (i) of dated the 11th April 2011]
Government of India
MINISTRY OF COMMUNICATIONS AND INFORMATION TECHNOLOGY
(Department of Information Technology)
NOTIFICATION
New Delhi, the ------------, 2011
G.S.R (E)._ In exercise of the powers conferred by clause (ob) of subsection (2) of section 87 read with section 43A of the Information Technology Act, 2000 (21 of 2000), the Central Government hereby makes the following rules, namely._
1. Short title and commencement._
(1) These rules may be called the Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011.
(2) They shall come into force on the date of their publication in the Official Gazette.
2. Definitions._
(1) In these rules, unless the context otherwise requires:-
(a) "Act" means the Information Technology Act, 2000 (21 of 2000);
(b) "Biometrics" means the technologies that measure and analyse human body characteristics, such as 'fingerprints', 'eye retinas and irises', 'voice patterns', 'facial patterns', 'hand measurements' and 'DNA' for authentication purposes;
(c) "Body corporate" means the body corporate as defined in clause (i) of explanation to section 43A of the Act;
(d) "Cyber incidents" means any real or suspected adverse event in relation to cyber security that violates an explicitly or implicitly applicable security policy resulting in unauthorised access, denial of service or disruption, unauthorized use of a computer resource for processing or storage of information or changes to data, information without authorisation;
(e) "Data" means data as defined in clause (o) of sub-section (1) of section 2 of the Act;
(f) "Information" means information as defined in clause (v) of sub-section (1) of section 2 of the Act;
(g) "Intermediary" means an intermediary as defined in clause (w) of sub-section
(1) of section 2 of the Act;
(h) "Password" means a secret word or phrase or code or passphrase or secret key, or encryption or decryption keys that one uses to gain admittance or access to information;
(i) "Personal information" means any information that relates to a natural person, which, either directly or indirectly, in combination with other information available or likely to be available with a body corporate, is capable of identifying such person.
(2) All other words and expressions used and not defined in these rules but defined in the Act shall have the meanings respectively assigned to them in the Act.
3. Sensitive personal data or information. -
Sensitive personal data or information of a person means such personal information ` which consists of information relating to;_
(i) password;
(ii) financial information such as Bank account or credit card or debit card or other payment instrument details ;
(iii) physical, physiological and mental health condition;
(iv) sexual orientation;
(v) medical records and history;
(vi) Biometric information;
(vii) any detail relating to the above clauses as provided to body corporate for providing service; and
(viii) any of the information received under above clauses by body corporate for processing, stored or processed under lawful contract or otherwise:
provided that, any information that is freely available or accessible in public domain or furnished under the Right to Information Act, 2005 or any other law for the time being in force shall not be regarded as sensitive personal data or information for the purposes of these rules.
4. Body corporate to provide policy for privacy and disclosure of information.-
(1) The body corporate or any person who on behalf of body corporate collects, receives,
possess, stores, deals or handle information of provider of information, shall provide a
privacy policy for handling of or dealing in personal information including sensitive personal data or information and ensure that the same are available for view by such providers of information who has provided such information under lawful contract.
Such policy shall be published on website of body corporate or any person on its
behalf and shall provide for_
(i) clear and easily accessible statements of its practices and policies;
(ii) type of personal or sensitive personal data or information collected under rule 3;
(iii) purpose of collection and usage of such information;
(iv) disclosure of information including sensitive personal data or information as provided in rule 6;
(v) reasonable security practices and procedures as provided under rule 8.
5. Collection of information.-
(1) Body corporate or any person on its behalf shall obtain consent in writing through letter or fax or email from the provider of the sensitive personal data or information regarding purpose of usage before collection of such information.
(2) Body corporate or any person on its behalf shall not collect sensitive personal data or
information unless _
(a) the information is collected for a lawful purpose connected with a function or activity of the body corporate or any person on its behalf; and
(b) the collection of the sensitive personal data or information is considered necessary for that purpose.
(3) While collecting information directly from the person concerned, the body corporate or any person on its behalf shall take such steps as are, in the circumstances, reasonable to ensure that the person concerned is having the knowledge of _
(a) the fact that the information is being collected;
(b) the purpose for which the information is being collected;
(c) the intended recipients of the information; and
(d) the name and address of _
(i) the agency that is collecting the information; and
(ii) the agency that will retain the information.
(4) Body corporate or any person on its behalf holding sensitive personal data or information shall not retain that information for longer than is required for the purposes for which the information may lawfully be used or is otherwise required under any other law for the time being in force..
(5) The information collected shall be used for the purpose for which it has been collected.
(6) Body corporate or any person on its behalf shall permit the providers of information, as and when requested by them, to review the information they had provided and ensure that any personal information or sensitive personal data or information found to be inaccurate or deficient shall be corrected or amended as feasible: provided that a body corporate shall not be responsible for the authenticity of the personal information or sensitive personal data or information supplied by the
provider of information to such body corporate or any other person acting on behalf of such body corporate.
(7) Body corporate or any person on its behalf shall, prior to the collection of information including sensitive personal data or information, provide an option to the provider of the information to not to provide the data or information sought to be collected. The provider of information shall, at any time while availing the services or otherwise, also have an option to withdraw its consent given earlier to the body corporate. Such withdrawal of the consent shall be sent in writing to the body corporate. In the case of provider of information not providing or later on withdrawing his consent, the body corporate shall have the option not to provide goods or services for which the said information was sought.
(8) Body corporate or any person on its behalf shall keep the information
secure as provided in rule 8.
(9) Body corporate shall address any discrepancies and grievances of their provider of the information with respect to processing of information in a time bound manner. For this purpose, the body corporate shall designate a Grievance Officer and publish his name and contact details on its website. The Grievance Officer shall redress the grievances of provider of information expeditiously but within one month from the date of receipt of grievance.
6. Disclosure of information.-
(1) Disclosure of sensitive personal data or information by body corporate to any third
party shall require prior permission from the provider of such information, who has provided such information under lawful contract or otherwise, unless such disclosure has been agreed to in the contract between the body corporate and provider of information, or where the disclosure is necessary for compliance of a legal obligation: Provided that the information shall be shared, without obtaining prior consent from provider of information, with Government agencies mandated under the law to obtain information including sensitive personal data or information for the purpose of verification of identity, or for prevention, detection, investigation including cyber incidents, prosecution, and punishment of offences. The Government agency shall send a request in writing to the body corporate possessing the sensitive personal data or information stating clearly the purpose of seeking such information. The Government agency shall also state that the information so obtained shall not be published or shared with any other person.
(2) Notwithstanding anything contained in sub-rule (1), any sensitive personal data or Information shall be disclosed to any third party by an order under the law for the time being in force.
(3) The body corporate or any person on its behalf shall not publish the sensitive personal
data or information.
(4) The third party receiving the sensitive personal data or information from body corporate or any person on its behalf under sub-rule (1) shall not disclose it further.
7. Transfer of information.-
A body corporate or any person on its behalf may transfer sensitive personal data or information including any information, to any other body corporate or a person in India, or located in any other country, that ensures the same level of data protection that is adhered to by the body corporate as provided for under these Rules. The transfer may be allowed only if it is necessary for the performance of the lawful contract between the body corporate or any person on its behalf and provider of information or where such person has consented to data transfer.
8. Reasonable Security Practices and Procedures.-
(1) A body corporate or a person on its behalf shall be considered to have complied with reasonable security practices and procedures, if they have implemented such security practices and standards and have a comprehensive documented information security programme and information security policies that contain managerial, technical, operational and physical security control measures that are commensurate with the information assets being protected with the nature of business. In the event of an information security breach, the body corporate or a
person on its behalf shall be required to demonstrate, as and when called upon to do so by the agency mandated under the law, that they have implemented security control measures as per their documented information security programme and information security policies.
(2) The International Standard IS/ISO/IEC 27001 on "Information Technology - Security Techniques - Information Security Management System - Requirements" is one such standard referred to in sub-rule (1).
(3) Any industry association or an entity formed by such an association, whose members are self-regulating by following other than IS/ISO/IEC codes of best practices for data protection as per sub-rule(1), shall get its codes of best practices duly approved and notified by the Central Government for effective implementation.
(4) The body corporate or a person on its behalf who have implemented either IS/ISO/IEC 27001 standard or the codes of best practices for data protection as approved and notified under sub-rule (3) shall be deemed to have complied with reasonable security practices and procedures provided that such standard or the codes of best practices have been certified or audited on a regular basis by entities through independent auditor, duly approved by the Central Government. The audit of reasonable security practices and procedures shall be carried out by an auditor at
least once a year or as and when the body corporate or a person on its behalf undertake significant up gradation of its process and computer resource.
No. 11(3)/2011-
CLFE (N. Ravi Shanker)
Joint Secretary to the Government of India
CCFAi Constitutes Dhanya Menon as Advisory Board Member
CCFAi today is happy to announce that it has named Pattathil Dhanya Menon to be on board as part of its elite advisory body. Dhanya is an active cyber law expert and cyber security evangelist and. She is currently the Chairperson, Avanzo.
PRLog (Press Release) - May 04, 2011 - CCFAi Constitutes Dhanya Menon as Advisory Board Member
New Delhi, May 3, 2011:- CCFAi today is happy to announce that it has named Pattathil Dhanya Menon to be on board as part of its elite advisory body. Dhanya is an active cyber law expert and cyber security evangelist and. She is currently the Chairperson, Avanzo.
Commenting on her appointment, Dhanya said: "I'm really looking forward to contribute to the larger good and the information security fraternity across the globe." She further added that "I believe that beyond providing distinctive and first rate security training and consultancy, cyber security has a huge role to play in helping shape for the better our digital assets irrespective of the vertical or sector."
"It's a responsibility that as a large not for profit cyber security body, the CCFAi is uniquely positioned to fulfill and one which I am very keen to address."
On her appointment as advisor Dominic K, Co-Founder, CCFAi said "Dhanya came to our attention because of her strong execution skills, his proven ability in mater related to Cybercrime laws, IPR and copy rights. She demonstrated these skills by turning around the level of cybercrime awareness programs and consultancy in Kerala. Additionally, her straightforward style has won the respect of the board and has made her the course moderator for our International Cyber Law course."
Notes to Editors
The Cyber Crime Fighters Association International (CCFAi) is an international cyber security not for profit body focued on training and mitigating cybercrime globally. Some of the internationally recognized courses include CCFAi Certified Professional Ethical Hacking, Certified Penetration Testing Expert, Wireless Security, and International Cyber Law. More information about CCFAi is available athttp://cybercrimefightersassociation.org/
Stiff penalties for marketing calls, SMS
The Hindu
December 2, 2010
Thursday
From January 1, 2011, mobile subscribers will get a much-needed relief from all kinds of unsolicited telemarketing calls and SMS as the Telecom Regulatory Authority of India (TRAI) on Wednesday recommended stiff fines and the blacklisting of firms that fail to comply with the new guidelines.
Issuing "The Telecom Commercial Communications Customer Preference Regulations, 2010," TRAI said defaulting telemarketers would have to pay penalties of up to Rs.2.5 lakh.
A customer can choose to be under the 'fully blocked' category which is akin to the 'Do Not Call Registry' (DNCR) or he may choose the 'partially blocked' category or 'Do Call Registry,' in which case he will receive only SMS.
Telemarketers will be issued a new series of mobile numbers starting with '70' to help people identify commercial calls.
No commercial communication, even for unregistered customers, can be sent between 9 p.m. and 9 a.m. TRAI has also asked operators not to offer packages containing more than 100 SMS a day.
The TRAI will collect fines ranging from Rs. 25,000 to Rs. 2.5 lakh from telemarketers who call customers under the 'fully blocked' category.
Under the Regulations, Rs.25,000 would be charged for the first offence, Rs.75,000 for the second, Rs.80,000 for the third, Rs.1.20 lakh for the fourth, Rs.1.5 lakh for the fifth, and Rs.2.5 lakh for the sixth. After that, a telemarketer will be blacklisted and his lines disconnected for two years.
Customers who choose the 'partially blocked' category or 'Do Call Registry,' will receive only SMS. He can choose from among seven categories: banking/insurance/financial products/credit cards; real estate; education; health; consumer goods and automobiles; communication/broadcasting/entertainment; and tourism and leisure.
The telemarketers have to enter into an agreement with the service provider. The service providers (operators) will have to deduct the penalty and deposit it with the TRAI. Customer registration will be effective within seven days of registration, unlike in the past when it used to take 45 days. A customer can register by calling 1909 or sending an SMS to 1909. This service will be toll free and the customer will be given a registration number.
Customers currently on the DNCR will automatically come under the 'fully blocked' category. There is no need for re-registration.
The regulations also provide for an aggrieved customer to lodge complaint with his service provider who is required to take appropriate action and inform the customer of the action taken within seven days. If an unregistered ordinary subscriber makes unsolicited commercial communication, he will be warned. If he commits the offence a second time, his telephone will be disconnected.
YOUR FREE DOWNLOADS MAY SOON BE TIMED OUT BY DIGITAL RIGHTS MANAGEMENT
THE WEEK
An Amendment to the Indian Copyright Act could abort all free music and movie downloads from the internet. When it comes to force, the digital rights management (DRM) will mean that people will start paying for downloads. Copying music from CD’'will be a thing of the past. There would be only read - only CD's, which would allow the user to listen to, but not copy the songs.
DRM threatens to restrict the internet base, instead of broadening it. The elderly and disabled will not be able to use accessibility technology like screen readers on content protected by DRM. Likewise, users with old hardware will be forced to buy new hardware to run such content.
DRM technology enables the copyright owner to control the copying of the material. If the concept becomes a reality in India, there would also be an increase in lawsuits against people providing file- sharing networks.
"DRM can finally tackle the menace of online copyright theft and privacy," says Shailendra Singh, joint managing director, Percept Limited. For years the internet has provided virtual buffet of digital content from which millions have feasted for free. "Whether it involves downloading or ripping a movie, republishing an unauthorised copy of a news photograph, or sharing music on peer- to- peer services, it is time that copyright owners, technology experts and judicial system sent out a message 'no more free lunch', " he says.
Film producers argue that DRM simply enables the copyright owner to control audience access to Intellectual Property Rights (IPR), thereby enabling the owner to reap the benefits of his labour, creativity, R&D and capital.
DRM can also control video piracy, due to which revenue losses for the Indian film industry reached a whopping Rs. 1,000 crore in 2008. According to the Northbridge Capital (Asia) report, the Indian film industry, which is currently valued at 14, 400 crore, loses 14 per cent of its revenue to piracy.
But DRM had its detractors too. "DRM is not needed in India or elsewhere," says Sunil Abraham, director, Mahiti Infotech Private Limited. "The need of the hour is not restrictions but more imagination and new business models."
Hackers have managed to compromise every single DRM technology developed so far, because millions of internet users will always be smarter than hundreds of computer professionals. Every item of DRM content is already available on websites.
Lawrence Liang, a researcher at Alternate Law Forum, Bangalore, says "Users will not be able to exercise fair use, like making backups, reverse - engineering, format- shifting and time -shifting. Educators cannot use copyrighted material in a classroom. Citizens will not be able to create re-mixes and parodies."
The anti- DRM lobby feels that DRM facilitates corporate surveillance over our media consumption practices and, therefore, undermines our right to privacy. The anti-DRM lobby feels that DRM facilitates corporate surveillance over our media consumption practices and, therefore, undermines our right to privacy.
Many feel that the content protected by DRM will not be affordable. "The problem is beyond music and entertainment content. Knowledge itself will become a premium product and not easily accessible for society," says Vish Bajaj, CEO of ValueFirst, a mobile virtual network operator.
Supreme Court lawyer Pavan Duggal feels that the fair use of the act should be ensured even when DRM comes into force. He says anyone can use copyrighted material in India for criticism and review, even without the prior knowledge of the copyright owner. DRM will put paid to this freedom.
BlackBerry maker told to comply with security rules
The Hindu
July 29th 2010
Thursday
NEW DELHI: Spelling trouble for more than one million users of BlackBerry in India, the Centre has warned the Canadian service provider that if it does not allow the facility to monitor email and SMS, it will have to shut down operations in the country.
The government has said that the makers of BlackBerry- Research in Motion (RIM)- have to address the security concerns by offering the monitoring facility.
"If they don't follow our guidelines, we will have no opinion but to ask them to stop their operations in Indiaâ€, a senior official said.
The Ministry of Home Affairs has asked the Department of Telecommunications to tell the company in no uncertain terms that its email and other data services must comply with formats that could be monitored by security and intelligence agencies.
The Ministry made it clear that RIM was addressing the security concerns of several other countries, including the United States.
The government also wants BlackBerry server in India to track the messages, but the company has been resisting the move.
RIM version
Rim says the messages are encrypted. The smartphone's server is based in Canada where the level of encryption is very high and extremely difficult to crack.
And any message going through a Canadian server is encrypted and cannot be accessed by intelligence agencies in India.
-PTI
Making Cyber Space Safer
The Hindu
August 11th,2010
Wednesday
Special Correspondent
Thiruvananthapuram: The State governments in India are yet to respond to the threat posed by cyber assailants, through the telecom and banking sectors in the country are well prepared, experts from the Computer Emergency Response Team (CERT) - India, have said.
They were participating in a workshop on crisis management for countering cyber attacks and cyber terrorism organised by the Kerala State IT Mission and CERT - Kerala here on Tuesday.
Addressing the workshop, B.J Srinath, senior director, CERT- India said cyber attackers were refining their methods and consolidating global networks that supported coordinated criminal activity."Information stealing, rather than destruction, is the main objective," he said. Mr. Srinath said the use of cyber space for money laundering, propaganda and recruitment to terrorist networks was on the rise.
Mr. Srinath said sophisticated malware programmes could bleed data out of computers without causing their malfunction. He said common sense and adoption of best practices constituted the right approach to computer security in a dynamically changing cyber threat landscape, rather than high end solutions that are often disproportionate to the magnitude of the threat. The discipline of compliance was a key factor in cyber security, he said.
Delivering the keynote address, Ajay Kumar, Principal Secretary, IT, said the merger of telecom of the telecom and IT services has amplified the magnitude of cyber threats, with the potential to affect even national security. "Many cyber attacks depend on proxy servers or other methods to wipe out their trail and confuse security agencies."
Cyber threats
Mr. Kumar stressed the need for the administration in India to be prepared for cyber threats.
"The IT infrastructure should be an integral part of crisis management plan at different levels of administration.
A separate crisis management plan for the IT sector involving government agencies, solution providers, vendors and other stakeholders is also a necessity," he added.
S .S. Sarma, Additional Director, CERT - India, N.Krishnan, director, CERT - Kerala State IT Mission, were present.
Nodal IT officers from different government department and agencies participated in the workshop.
http://in.news.yahoo.com/241/20100624/1274/ttc-most-indian-kids-under-online-sex-vi.html
Thu, Jun 24 04:26 PMSeven out of 10 Indian kids have been exposed to nudity and violence, or have been asked by a stranger to meet them in person when they are online, security software-maker Symantec said.
According to Symantec's Norton Online Family Report 2010, 77 per cent of Indian kids have experienced some 'negative' situation online, while only half of the Indian parents interviewed thought their children had such an experience.For example, only 24 per cent of the parents interviewed thought it was possible for a stranger to try to add their child as a friend on a social networking site, but 55 per cent of the children surveyed said it has happened to them."This report provides a glimpse into the online lives of children and how tuned in parents are to their online activities," Symantec Consumer Business Head Asia Effendy Ibrahim said.The third edition of the report, which is part of a global survey of 2,800 children and more than 7,000 adults across 14 countries, examined the actual online experiences of kids compared to their parents' perception.Though parents have an idea of the amount of time their children spend online, only 45 per cent of parents realise their kids are having negative experiences, the study said."While parents are generally aware of the kid's activities online, they underestimate the extent to which kids download music and videos. During the process, kids may be exposed to inappropriate content and may be encouraged to disclose personal details," Symantec Country Sales Manager (India) (Consumer Products and Solutions) Gaurav Kanwal said.These negative online experiences result in an emotional impact as well. While 41 per cent of the children surveyed felt angry, 40 per cent said they were upset by the experience and 35 per cent said they were afraid."Along with a variety of emotions like being scared or angry, we have also met kids who feel personally responsible for these negative experiences, especially downloading a virus or being scammed," Ibrahim said.Kids, however, now find it easier to talk to parents about their online activities."In addition to relying on their parents if something bad happened online, nearly nine in 10 report they follow family rules for Internet use," Ibrahim said.Symantec suggests that parents undertake an open discussion with their children and set rules for Internet usage."These days, a lot of softwares are available that allow parents to keep a tab on the activities of the kids online.However, it is important to discuss it with them rather than forcing them," Kanwal said.
Domain name dispute in India - Some Cases Domain Names
by info on June 16, 2010
Domain name dispute in India - Some Cases Domain Names
Ms. Barkha Dutt v. easyticket, Kapavarapu, Vas
The disputed domain name
Factual Background
Barkha Dutt, the Complainant in the present dispute, is a journalist known for her proficiency in frontline reporting from conflict regions. Her work in this area has won her several accolades and her reporting style has inspired Hindi films such as "Lakshya".The Complainant is a known media figure and anchors television talk shows. She is also recognized for her writings and contributions to news and current affairs discussions in various media.The disputed domain name was registered on January 8, 2007.
Discussion and Findings
The Policy requires the Complainant to establish three elements under paragraph 4(a) to obtain transfer of the disputed domain name.
(i) The domain name registered by the Respondent is identical or confusingly similar to a trademark or service mark in which the Complainant has rights; and(ii) The Respondent has no rights or legitimate interests in respect of the domain name; and(iii) The domain name was registered and is being used in bad faith by the Respondent.
Decision
For all the foregoing reasons, in accordance with paragraphs 4(i) of the Policy and 15 of the Rules, the Panel orders that the domain name be transferred to the Complainant.
(Courtesy WIPO)
Rediff Communication Ltd Vs. Cyberbooth and Anr.3 : The plaintiff was using the trade mark/domain name "Rediff.com" and the Defendant started business by using the mark/domain name "Radiff.com". It was held that the two names were almost similar and there is every possibility that the Internet user may be deceived and confused. Therefore the court accepted the prayer of the plaintiff and restrained the defendant from using the disputed domain name.
Yahoo Inc. Vs. Akash Arora 2: The Plaintiff was the owner of the Trade mark "Yahoo!" and domain name "yahoo.com", which are very well known. The Defendant adopted the domain name "Yahooindia.com" and got the same registered in his name. Court held that the said word "Yahoo" had acquired distinctiveness and is associated with the business of the Plaintiff. The use of domain name "yahooindia.com" by the Defendant leads to passing off of the business of the Plaintiff as his own and hence the same shall be permanently discontinued. Therefore, an injunction restraining the Defendant from using the impugned mark was granted.
Andhrapradesh
Andhra gives nod for India's first BPO in jail
First Published : 23 Jun 2010 09:00:24 PM ISTLast Updated :
Andhra gives nod for India's first BPO in jail
As part of jail reforms and to provide income generating opportunities to prisoners, the government decided to allow private industry including BPOs to set up their units in prisons.
HYDERABAD: India's first Business Process Outsourcing (BPO) facility in jail will become a reality with the Andhra Pradesh government Wednesday giving its nod to the proposal.
As part of jail reforms and to provide income generating opportunities to prisoners, the government decided to allow private industry including BPOs to set up their units in prisons.
Chief Minister K. Rosaiah gave the green signal for the proposal at a meeting called to discuss a draft bill to use the services of convicts for social activities.
Home Minister P. Sabita Indra Reddy told reporters that the chief minister had cleared the proposal, enabling India's first BPO unit to come up in Hyderabad's Cherlapally Central Jail.
Under the public-private partnership, Bangalore-based Radiant Info Systems Ltd will set up the unit, to be manned by educated convicts.
Out of 2,000 inmates in the Cherlapally jail, the authorities will shortlist 250 convicts. They will be trained for few months before the BPO starts its operations.
The company will set up the data processing facility in the jail premises with 60-70 computers. Since the convicts will have no access to internet as per the jail rules, they will handle data entry, data processing and data transmission jobs for which they will be paid Rs. 4,500 per month.
The home minister said the services of prisoners serving a jail term of up to six months would be used for social activities. A bill in this regard would be tabled in the coming assembly session.
(Courtesy - The New Indian Express)
CIPFO to host Domain Auctions in New Delhi, India for the first time.
Cyberspace & Intellectual Property Foundation (CIPFO) is hosting Domain Auctions for the first time on 26th February, 2010 during its Workshop on "Managing Online Identity" at Indian Law Institute, Bhagwan Das Road , New Delhi .
CIPFO is currently accepting Domains for listing which shall be auctioned during the four hour Techno-Legal interactive workshop. The confirmed participants shall have the sneak preview of the Domain Inventory on 25th February, 2010. The Domains, so submitted are subject to approval by the organization so that the same should not infringe the third party marks.
CIPFO is encouraging the Domineers to encash upon the generic name market in India and educating the society not to invest in the well known trademarks to avoid law suits in future.
Regional
മൊബൈല് പണം തട്ടിപ്പ്:പരാതി നല്കാന് നോഡല് ഓഫീസര്മാര്
Mathrubhumi Newspaper Edition Posted on: 07 Dec 2011
തിരുവനന്തപുരം: വിദേശത്തുനിന്ന് പണം വാഗ്ദാനം ചെയ്തുകൊണ്ടുള്ള തട്ടിപ്പുകളെപ്പറ്റി സൈബര് െൈക്രം സെല്ലിലോ സാമ്പത്തിക കുറ്റാന്വേഷണ വിഭാഗത്തിലോ പരാതിപ്പെടണമെന്ന് റിസര്വ് ബാങ്ക്. പരാതികള് രജിസ്റ്റര് ചെയ്യാന് രാജ്യത്താകെ 34 മേഖലാ കേന്ദ്രങ്ങളില് നോഡല് ഓഫീസര്മാരെയും തീരുമാനിച്ചു.
വിദേശത്തുനിന്ന് ഇ-മെയിലിലൂടെയും മൊബൈല് ഫോണിലൂടെയും സൗജന്യമായി പണം വാഗ്ദാനം ചെയ്ത് തട്ടിപ്പുനടത്തുന്നത് വ്യാപകമാണ്. ഉടമസ്ഥനില്ലാത്ത പണം, ലോട്ടറി എന്നീപേരുകളിലാണ് വാഗ്ദാനം. കോടിക്കണക്കിന് തുകയാണ് ഇങ്ങനെ വാഗ്ദാനം ചെയ്യുന്നത്. ഈ തുക കൈമാറാനുള്ള ചെലവെന്ന പേരില് ലക്ഷങ്ങള് ഈടാക്കി തട്ടിപ്പുകാര് മുങ്ങുകയാണ് പതിവ്. ഇത്തരത്തില് നിരവധിപേര് കബളിപ്പിക്കപ്പെടുന്നുണ്ട്. ഇതിനെതിരെ റിസര്വ് ബാങ്ക് പലവട്ടം മുന്നറിയിപ്പ് നല്കിയിരുന്നു.
പൊതുജനങ്ങളെ ബോധവത്കരിക്കാന് റിസര്വ് ബാങ്ക് ശ്രമിച്ചെങ്കിലും ഇത്തരം തട്ടിപ്പിന് ആളുകള് ഇരയാവുന്നത് തുടരുകയാണ്. ഈ സാഹചര്യത്തിലാണ് ഇതിനെ സാമ്പത്തിക കുറ്റകൃത്യം എന്നതിലുപരിയായി സൈബര് കുറ്റകൃത്യം കൂടിയായി കണക്കാക്കി നടപടികളെടുക്കാന് റിസര്വ് ബാങ്ക് നിര്ദേശം നല്കിയത്. പരാതി സ്വീകരിക്കുന്ന നോഡല് ഓഫീസര്മാരുടെ വിലാസം എല്ലാ ബാങ്കുകളിലും പ്രദര്ശിപ്പിക്കാനും റിസര്വ് ബാങ്ക് നിര്ദേശം നല്കിയിട്ടുണ്ട്.
കേരളത്തില് മൂന്ന് കേന്ദ്രങ്ങളില് പരാതി നല്കാം. തിരുവനന്തപുരത്ത് പട്ടത്തെ സൈബര് ക്രൈം പോലീസ് സ്റ്റേഷനിലെ സ്റ്റേഷന് ഓഫീസര് (ഫോണ് 0471-2449090,2556179), പോലീസ് ആസ്ഥാനത്തെ എ.ഡി.ജി.പി ക്രൈം (ഫോണ് 0471-2722215),സംസ്ഥാന ക്രൈം റിക്കോര്ഡ്സ് ബ്യൂറോയിലെ ഐ.ജി (ഫോണ് 0471-2446522) എന്നിവരാണ് കേരളത്തിലെ നോഡല് ഓഫീസര്മാര്.
എന്നാല് ഇത്തരത്തില് പണം വാഗ്ദാനം ചെയ്തുകൊണ്ടുള്ള സന്ദേശങ്ങളെപ്പറ്റി ഇപ്പോള്ത്തന്നെ ദിവസേന ഫോണിലും അല്ലാതെയും പരാതികള് ലഭിക്കുന്നതായി തിരുവനന്തപുരം സൈബര്സെല് സി.ഐ ജോഷി മാത്യു പറഞ്ഞു. ഇവര് നല്കുന്ന ടെലിഫോണ് നമ്പരുകളെപ്പറ്റി അന്വേഷിക്കുമ്പോള് അതൊക്കെ വ്യാജപ്പേരിലാണെന്ന് കണ്ടെത്തിയിട്ടുണ്ട്. ഇക്കാര്യം കേന്ദ്ര ആഭ്യന്തര മന്താലയത്തെ അറിയിച്ചിട്ടുമുണ്ട്. ഇത്തരം വാഗ്ദാനങ്ങളില് കുടുങ്ങി പണം നഷ്ടപ്പെടുത്തരുതെന്ന ഉപദേശമാണ് പരാതിക്കാര്ക്ക് സൈബര് സെല് നല്കുന്നത്.
Kochi police to patrol cyber highway
Staff Reporter HINDU Sunday, Dec 12, 2010
KOCHI: Director General of Police (DGP) Jacob Punnoose has urged the police force to change its image and functioning in keeping with the changing times.
Delivering the inaugural address marking the entry of the Kochi police into social networking sites by the name “Kochi Peace Makers†here on Saturday, Mr. Punnoose said the police intervention in cyber space was a step in this direction.
The police presence in social networking sites needs to be seen only as police patrolling a cyber highway. He was confident that police presence would help check illegal practices on these sites. The police were duty-bound to forewarn people of the hidden dangers along the cyber space highway.
Mr. Punnoose said criminals were making all-out efforts to utilise technological advancements for committing crimes. So it is important that the police were technologically equipped to face the challenge.
Inspector General of Police (Ernakulam Range) B. Sandhya said that there had been instances in the city where nefarious activities using social networking sites had disrupted families. The sites were being used for dubious practices ranging from illegal money chains to cheating, she said.
Henceforth, the city police will be present in socials networking sites like Orkut, Facebook, and Twitter.
Awareness drive
Among other things, the police aim to propagate awareness about people's rights, different aspects of laws and traffic rules, security from cyber crimes, the bad effects of alcohol and drugs, and precautions to prevent crimes.
People can use these sites as a platform for informing the police about criminals and illegal practices in their locality.
Besides, information on various police mechanisms, passport verification, and registration of foreign nationals would also be exchanged. The public can also utilise the system for passing on suggestions for better policing.
The police hope that their presence would help them gather vital information on criminal deeds in time
'Cyber criminals on the prowl' Special Correspondent HINDU Friday, Dec 10, 2010
KOCHI: As cyber criminals devise newer methods by the day, computer and mobile phone users need to safeguard themselves against crimes that may cause huge financial loss and personal tragedies, a workshop held here on Wednesday suggested.
Self-protection, of course, is the first line of defence, the workshop on cyber security organised by KITCO pointed out. Protect your passwords, keep your PIN safe and secret, change the password and PIN frequently, and avoid forwarding messages and photos: these are some of the simple steps that can be taken to limit cyber criminals' access to your computer and mobile phone.
And, whenever you lose your mobile or laptop, lodge a complaint with the police at once.
This should not be with just the hope that the lost gadgets would be found and returned to you, but to get legal protection against abuse of your name and identity by cyber criminals. Your gadget might even end up with some terrorist. Without your knowing, you could become an accused in a terror plot that could fetch you a life imprisonment.
The workshop was inaugurated by Cyriac Davis, Executive Director of KITCO. Gils K. Jose, senior consultant of KITCO, welcomed the gathering. Pattathil Dhanya, Certified Cyber Crime Investigator and Sajith K. Menon, Certified Ethical Hacker, Avanzo Cyber Security Solutions P Ltd., Thrissur handled the sessions.
'CERT-Kerala' to tackle cyber terrorism
Thiruvananthapuram, Apr 20 : The Kerala Government has constituted a nodal agency 'Indian Computer Emergency Response Team-Kerala' (CERT-Kerala) to tackle cyber terrorism in the state.The agency would provide services to the State Government, IT Mission and various Information Technology (IT) agencies against cyber attack, according to an official press release here. It was assigned with the task of enhancing cyber protection, enabling security compliance and assurance in Government and critical sectors and facilitating early warning and response.Mr N Krishnan has been appointed as Director of CERT-Kerala.The CERT-Kerala was on line with the Centre's Indian Computer Emergency Response Team (CERT-India), established by the Department of Information Technology, Government of India, in January 2004 with a specific mandate to respond to computer security incidents. With the passage of Information Technology (Amendment) Act 2008, CERT-India had been designated as a Nodal agency for coordinating all matters related to cyber security and emergency response, the release added.
In the year 2007, Kerala Government has brought into effect a set of rules and regulations for the internet cafes.
Six arrested for credit card scam
An international gang of credit card fraudsters has been arrested by Kerala Police. These fraudsters had purchased gold worth of RS 2.75 lakhs using different credit cards from a jewellery in Kannur. Later it was found that the credit cards used were fake ones.
Shri Tomin J Thachankary IPS, Inspector General of Police Kannur Range said in the Press conference that the arrested persons have imported blank credit cards from China and embossed credit card numbers on these blank credit cards using Chinese punching machine. They collected the details of the credit cards from ATM booths through skimmer, through hacking and from foreign sources. The equipments used by the fraudsters were also seized by the police.
The team behind the detection and investigation of this case is Shri. Anup Kuruvila John IPS, SP Kannur, Shri. Shaji Sugunan, DySP Narcotic Cell, Shri. N.Rajesh, DySP Kannur, Shri. Sadanandan, CI Kannur Town, Shri Sudhakaran, CI Payyannur, Shri.Prince Abraham, CI Sreekandapuram, Shri. Rajesh, SI Kannur Town and HCs/ PCs Shri. Mahijan, Shri.Sreejith, Shri. Baby George, Shri.Rafi, Shri.Rajashekharan and Shri.Vinod.
Cyber Crime Police Station
First Cyber Crime Police Station of Kerala state started functioning in State Crime Records Bureau (SCRB) Building, Pattom, Thiruvananthapuram on 01/07/2009 vide GO(Rt) No.909/04 Home dated 15/04/2004. Cyber Crime Police Station having jurisdiction all over the state of Kerala and having power to investigate any offense committed under the Information Technology Act 2000(Central Act 21 of 2000).
Cyber Crimes
The Cyber Police Station will function under the direct supervision of the SP SCRB, IGP SCRB and the over all supervision of the ADGP (Crimes).
In day to day functioning, the Cyber Police Station will be similar to a Special Unit Police Station of the CBCID/V&ACB. Cases will not normally be registered by the Cyber Police Station by obtaining complaints directly from Public. Such cases will be first registered at the concerned local PS and wherever it is felt by the Unit head that application of Cyber Forensic techniques are essential in the investigation of that case, the case will be referred to the Cyber Police Station who may continue further investigation or assist in the investigation.
The Cyber Police Station will render all necessary assistance to all investigating Officers in Cyber Crimes whenever requested for.
The Hi-Tech Cell will function as the "Petition Enquiry Branch" of the Cyber Police Station and will deal with all suspicious Cyber activity related matters which do not warrant registration of a case at the Cyber Police Station or at any local Police Station.
Mobile phone missing/mobile phone abuse petitions are being dealt with in District/City Cyber Crime Enquiry Cells and Hitech Cell, PHQ.
Original cases may be registered at the Cyber Police Station only under the orders of IGP SCRB, ADGP (Crimes) or DGP. These must be cases which involve considerable cyber analysis.
HOW TO CONTACT CYBER CRIME POLICE STATION
Cyber Crime Police Station
SCRB, Pattom,
Thiruvananthapuram.
Tel : 0471 2556179, 0471 2447620
email:cyberps@keralapolice.gov.in
|
|
