Monday, September 2, 2019

Cyber Warfare: Two Instances where Kinetic Force was used in response to Cyberattack



Two Tales of Using Kinetic Force in Response to  Cyberattack 

May 2019, the Israel Defense Forces (IDF) launched a physical attack on Hamas in immediate response to an alleged cyber-assault. The IDF hit a building in the Gaza Strip with an airstrike after claiming the site had been used by Hamas cyber operatives to attack Israel’s cyber space. It came amid days of intense fighting between the IDF and terror groups in the Gaza Strip.

The IDF claimed it stopped the attack online before launching its airstrike on Hamas. It claims it has now wiped out Hamas’ cyber operational capabilities.

 Israel Defense Forces said via Twitter: “We thwarted an attempted Hamas cyber offensive against Israeli targets. Following our successful cyber defensive operation, we targeted a building where the Hamas cyber operatives work. HamasCyberHQ.exe has been removed.”

 It could mark a change in modern cyber warfare tactics, given that it is the first time a cyber-attack has been met with immediate physical retaliation in real-time during active conflict. However, allegedly the US is still the first country to respond to cyber-attacks with military force. In 2015, USA launched a drone strike to kill the British national in charge of ISIL’s hacker groups Junaid Hussain. Hussain had also dumped personal details of US military forces online.

This 2019 attack is different to the 2015 US retaliation: The IDF apparently reacted immediately, rather than planning its response over weeks or months.

 Operations in cyber space are not governed by the rules of warfare. However, the Geneva protocols and international law do cover a response occurring in the physical domain.  There have been attempts to bring in rules for cyber warfare with the Tallinn Manual on the International Law applicable to Cyber Warfare, but this has not been ratified or adopted by any nation or multinational organization.


Saturday, August 24, 2019

First Space Cybercrime of Indentity Theft




First Space #cybercrime of #identitytheft in ISS 


Nasa is investigating a claim that an astronaut Ms. Anne McClain the first Lady astronaut has allegedly accessed the bank account of her estranged husband from the International Space Station.

Accused has acknowledged the crime but denied any wrongdoing When her husband Mr Summer Worden, had filed a complaint with the Federal Trade Commission FTC. Lady astronaut has since returned to Earth.

The astronaut claims, she was merely making sure that the family's finances were in order and there was enough money to pay bills and care for Ms Worden's son - who they had been raising together prior to the divorce in 2018

How does the law work in space?

There are five national or international space agencies involved in the ISS - from the US, Canada, Japan, Russia and several European countries - and a legal framework sets out that national law applies to any people and possessions in space.

So if a Canadian national were to commit a crime in space, they would be subject to Canadian law, and a Russian citizen to Russian law.  Space law also sets out provisions for extradition back on Earth, should a nation decide it wishes to prosecute a citizen of another nation for misconduct in space.

As space tourism becomes a reality, so might the need to prosecute space crime, but for now the legal framework remains untested. 


Thursday, August 22, 2019

Cybercrime conviction in Fake Patanjali Website matter




One Vikas Kumar from Patna was Convicted in #cybercrime for 2 years with Rs. 5,000/- fine for operating fake #Patanjali Website & promising distributorship in lieu of ₹3 Lacks by Ahmednagar Court in Maharashtra.

FIR was Registered under S66D of the IT Act,2000 & S420 of IPC


1. District - Ahmednagar


2. Police Station - Cyber Police Station


3. C.R.No. 02/2017, IPC Sections 419, 420,467, 468 IT Act Section 66C


4. Name of Accused - Vikas Kumar, r/o Nalanda, Bihar.


5. Facts of the case - Accused in the said case had allegedly offered Distributorship through a fake website of Patanjali and thereby duped the Complainant to the tune of Rs. 3 Lacs.


Technical Investigation of the said crime was undertaken by PI Pawar and the Accused was arrested from Patna, Bihar.

Proceedings of the said case were conducted before the Court of Chief Magistrate, Ahmednagar .


Almost everyone knows someone has been a Victim. But, there's still an attitude that somehow it always happens to the other guy. But, what if you are the other guy?

All across India, the fastest growing Cyber Crime in the nation has been identified as Identity Theft- and its affecting each one of us in insidious ways.
We have all heard of the problem, but only few have recognized the theft of the identity can be so devastating.


Types of identity theft

1. Criminal identity theft

2. Financial identity theft

3. Identity cloning and concealment


Identity Theft as a term refers to Fraud that involves stealing money or getting other benefits by pretending to be someone else. The term is relatively new and is actually a misnomer, since it is not inherently possible to steal an identity, only to use it. The person whose identity is used can suffer various consequences when they are held responsible for the perpetrator's actions.

Section 66C of the IT Act,2000 :

Punishment for identity theft.- Whoever, fraudulently or dishonestly make use of the electronic signature, password or any other unique identification feature of any other person, shall be punished with imprisonment of either description for a term which may extend to three years and shall also be liable to fine.

Sunday, April 7, 2019

What GOOGLE knows about YOU ?




What does Google know about YOU?

Did you know that unlike searching , when you search on Google, they ? That means they know every search you’ve ever done on Google. That alone is pretty scary, but it’s just the shallow end of the  that they try to collect on people.


What most people don’t realize is that even if you don’t use any Google products directly, they’re still trying to track as much as they can about you. Google trackers have been found on . This means they're also trying to track most everywhere you go on the internet, trying to slurp up your browsing history!


Most people also don’t know that Google runs most of the ads you see across the internet and in apps – you know those ones that follow you around everywhere? Yup, that’s Google, too. They aren’t really a search company anymore – they’re a tracking company. They are tracking as much as they can for these annoying and intrusive ads, including recording every time you see them, where you saw them, if you clicked on them, etc.


But even that’s not all…


If You Use Google Products


If you do use Google products, they try to track even more. In addition to tracking everything you’ve ever searched for on Google (e.g. “weird rash”), Google also tracks every video you’ve ever watched on YouTube. Many people actually don’t know that ; now you know.


And if you use Android (yeah, Google owns that too), then Google is also usually tracking:


Every place you’ve been via Google Location Services.

How often you use your apps, when you use them, where you use them, and whom you use them to interact with. (This is just excessive by any measure.)

All of your text messages, which unlike on iOS, .

Your photos .

If you use Gmail, they of course also have all your e-mail messages. If you use Google Calendar, they know all your schedule. There’s a pattern here: For all Google products (Hangouts, Music, Drive, etc.), you can expect the same level of tracking: that is, pretty much anything they can track, they will.


Oh, and if you use Google Home, they also store a live recording of every command you’ve (or anyone else) has ever said to your device! Yes, you heard that right (err… they heard it) – you can check out all the recordings .


Essentially, if you allow them to, they’ll track pretty close to, well, everything you do on the Internet. In fact, even if you tell them to stop tracking you, Google has been known to not really listen, for example with .


You Become the Product


Why does Google want all of your information anyway? Simple: as stated, Google isn’t a search company anymore, they’re a tracking company. All of these data points allow Google to build a pretty robust profile about you. In some ways, by keeping such close tabs on everything you do, they, at least in some ways, may know you better than you know yourself.

It is alleged that Google also listens to you when the mobile is near you through its App using its ambient noise technology.


And Google uses your personal profile to sell ads, not only on their search engine, but also on over three million other websites and apps. Every time you visit one of these sites or apps, Google is following you around with hyper-targeted ads.


It’s exploitative. By allowing Google to collect all this info, you are allowing hundreds of thousands of advertisers to bid on serving you ads based on your sensitive personal data. Everyone involved is profiting from your information, except you. You are the product.


It doesn’t have to be this way. It is entirely possible for a web-based business to be profitable without making you the product – since 2014,  has been profitable without storing or sharing any personal information on people at all. You can read more about our business model .


The Myth of “Nothing to Hide”


Some may argue that they have “nothing to hide,” so they are not concerned with the amount of information Google has collected and stored on them, but that argument is fundamentally flawed .


Everyone has information they want to keep private: Do you close the door when you go to the bathroom? Privacy is about control over your personal information. You don’t want it in the hands of everyone, and certainly don’t want people profiting on it without your consent or participation.


In addition, privacy is essential to democratic institutions like voting and everyday situations such as getting medical care and performing financial transactions. Without it, there can be significant harms.


On an individual level, lack of privacy leads to putting you into a , getting manipulated by ads, , fraud, and identity theft. On a societal level, it can lead to deepened polarization and societal manipulation like we’ve unfortunately been seeing multiply in recent years.


You Can Live Google Free


Basically, Google tries to track too much. It’s creepy and simply just more information than one company should have on anyone.


Thankfully, there are many good ways to reduce your Google footprint, even close to zero! If you are ready to live without Google,  for services to replace their suite of products, as well as instructions for . It might feel like you are trapped in the Google-verse, but it is possible to break free.





For starters, just switching the search engine for all your searches goes a long way. After all, you share your most intimate questions with your search engine; at the very least, shouldn’t those be kept private? If you switch to the  you will not only make your searches anonymous, but also block Google’s most widespread and invasive trackers as you navigate the web.


If you’re unfamiliar with DuckDuckGo, they are an Internet privacy company that empowers you to seamlessly take control of your personal information online, without any tradeoffs. DuckDuckGo is a search engine alternative to Google at , and offer a  to protect you from Google, Facebook and other trackers, no matter where you go on the Internet.

#privacy #dataprotection #cyber #searchengine 

Thursday, January 17, 2019

WhatsAPP Video Call Divorce: First in Indian Court

WhatsAPP Video Call Divorce
A Nagpur family court has granted divorce & Rs. 10 Lakhs settlement for the wife in the US and husband in India, after recording the wife’s consent via a WhatsApp video call.
The husband, 37, a resident of Khamla in Nagpur, works in Michigan, but was in his home town when the divorce was officially granted by mutual consent.
The wife, 35, is studying in Michigan, US, on a student visa. Expressing her inability to attend the hearing as she was not permitted to seek long leave from her educational institution, the woman had requested that the hearing be conducted via a WhatsApp video call.
After seeking consent from both sides, Nagpur Family Court Judge Swati Chauhan allowed their separation on the condition that the husband would pay the woman a lump-sum one-time alimony of Rs 10 lakh. The divorce was finalised on January 14, 2019 .The family court had obtained the wife’s consent via a WhatsApp video call on the directives of the court.
The couple had an arranged marriage on August 11, 2013, at Secunderabad, now in Telangana. The husband and wife, both engineers, secured jobs in a US-based automobile company.
However, differences cropped up when the wife stayed with her in-laws in Nagpur for some time after her US visa expired. She returned to Michigan later on a student visa. Over time, their differences deepened and the husband filed for divorce at the Nagpur Family Court.
The court referred their case to a counsellor as per existing norms but the hearing took place for some time, as both were abroad. Smita Sarode Singhalkar, the wife’s lawyer, said she then took the lead and arranged a meeting at her office at Khare Town in Nagpur to go for an out of court settlement. The meeting was attended by the husband and his lawyer, while the wife was contacted on WhatsApp video call. The wife’s brother represented her at the negotiation.
While the husband attended the meeting, the wife was represented by her brother. The counsellor interviewed the wife on the terms of settlement via WhatsApp video calls and also consulted the husband. Subsequently, both the lawyers informed the court that since both the husband and wife were already living separately in the US for over a year and the wife was ready for a one-time settlement, a divorce should be granted.
The court turned the divorce case into a mutual consent petition before dissolving the marriage. While the Muslim, women across the world are fighting to ban divorce via Skype and WhatsApp, Indian court grants a divorce to a man in India with the consent of women in the USA 





Sunday, January 13, 2019

Cryptojacking cybercrime and Laws in India & USA

Cryptojacking cybercrime and Laws in India & USA

Cryptojacking (aka illegal cryptomining) is the practice of infecting a target with malware that uses a computer’s processing power to mine for cryptocurrencies without the owner’s consent or knowledge. Monero is one of the most common cryptocurrencies that is mined by hackers. 

While the crypto-miner is running the user will notice a very high graphics card and/or CPU usage level. The browser could use 40% or more of your available computer power. This means that the computer or smartphone will run slower, the battery will drain faster and the temperature of the device might increase as long as the script is running. Moreover, an increased workload on the device results in a higher electricity bill.

How does cryptojacking works?


Cryptojacking works off a user's browser or can be plugged into popular websites, that will then use resources from a visitor's PC using their browser.
Hackers insert low-risk malware by targeting individual computers/Mobile phones or take the simpler and more popular route of embedding such malware on large online portals.
Using the latter makes more sense as such portals see massive traffic. These could range from unprotected government websites to news websites and even those belonging to companies providing services online, which see lots of traffic on a daily basis with plenty of users logged in to get things done. Modern manufacturing plants too can be a target with so many computers being online and always running at the same time.
So when a government portal is found to have malware running crypto mining operations, all of the users accessing the same can expect their systems to be infected as well.
Once the malware has been embedded on such websites, it reaches out to individual users accessing those websites for services and then hijacks their web browsers, slowing down their systems tremendously because of the mining process being conducted on each of their systems.
In the case smartphones, the effects are similar.

In the first instance of a major 'cryptojacking' attack in India, more than 2,000 computers of the Aditya Birla Group were reportedly hacked by miners to mine cryptocurrencies.

Companies are slowly taking note of the latest kind of cyber attack and working for solutions to prevent it. Google recently announced it would ban all extensions that involved cryptocurrency mining from its Chrome browser – regardless of whether the mining was done openly or in secret.

How to discover?
To see if the browser is currently mining crypto-currencies you can use the
task manager (windows) or the activity monitor (apple):

Windows task manager
1. Open the task manager by right clicking the task bar and selecting “task manager”
2. Click on “More details”
3. Go to the performance tab, to see your CPU usage
M
acintosh activity monitor
1. Hit Command+Spacebar to bring up the Spotlight search field
2. Type in “Activity Monitor”
3. Hit the Return key when “Activity Monitor” populates in the spotlight results
4. You are now in Activity Monitor where you can manage and manipulate tasks

Case & Arrest in Japan

In July 2018, the first case of prosecution in Japan -- and potentially the world -- the 24-year-old Yoshida Shinkaru was sentenced to one year in prison, which has been suspended for three years. In this case, Coinhive was reportedly planted within an online gaming cheat tool which was then made available for download.

Law in India

A criminal case under S43(a) read with S(66) of The IT Act,2000 can be filedThe section says,  If any person without permission of the owner or any other person who is in charge of a computer, computer system or computer network- accesses or secures access to such computer, computer system or computer network  punishment of imprisonment up to three years, a fine of up to Rs. 5 Lakhs or Both.

Victims can claim damages and compensation under Section43(a) for a civil remedy.

Law in USA

The federal statute that creates both civil and criminal penalties for “computer hacking” is the Computer Fraud and Abuse Act (CFAA), 18 U.S.C. § 1030. Under the CFAA, it is punishable to “exceed authorized access” to a protected computer. The term, “protected computer” has been very broadly interpreted, and covers essentially all computers connected to the internet. While there has been some disagreement amongst the courts regarding the interpretation of “access” to a computer, the Department of Justice’s (DOJ) guidance suggests that cryptojacking would likely be an offense under the CFAA. Notably, the DOJ contends that under §§ 1030(a)(5) and 1030(c)(4)(A)(i)(VI) damage to a protected computer may result from the appropriation of the computer’s resources by malicious code—and the latter subsection covers “malware” of the type that might not cause enough damage in a single instance to trigger felony liability but affects more than 10 protected computers in a year.

What can be done about it?

1. User consent and opt-out option. After the extensive abuse of Coinhive, the company behind it, released a new version called “Authedmine”, which explicitly requires user consent before initiating cryptomining. Legitimate businesses that choose solutions similar to Coinhive should request user consent before running any cryptomining code in their browsers, while offering them the option to opt-out too.

2. Consider using an ad-blocker. Well known ad-blockers quickly added support for blocking Coinhive. Hence users that make use of ad-blockers should not worry about cryptomining JavaScript running in the background. Having said that, while ad-blockers can be beneficial against unwanted and often malicious advertisements and scripts, they can also be damaging for legitimate companies whose revenue relies on advertisements. Therefore, users may still use an ad-blocker but whitelist websites accordingly.

3. Consider using a browser extension for blocking cryptomining scripts. Developers have also created browser extensions that block Coinhive and other similar cryptomining scripts. Users can search for these extensions in their browsers’ market place.

4. Update your antivirus/anti-malware software. Antivirus and anti-malware solutions already block cryptomining software, hence users are advised to keep them updated at all times.

5. Disable unnecessary browser extensions. Users are advised to disable/remove browser extensions they no longer use as it is often the case that a legitimate extension becomes malicious after an update. Hence, it is recommended to reduce the attack surface whenever possible by keeping installed extensions to a minimum.

Conclusion

Cryptojacking quickly became a new tool in the hands of cyber criminals, which shows once more that cyber criminals are ready to find novel ways and grasp new opportunities to make profit in. Cryptojacking is a fine example of how new technologies present both beneficial uses and the potential for harmful use. And, in some ways, cryptojacking is unique because it is dependent on decentralizing and privacy-enhancing technologies behind cryptocurrencies and uncertainties in the legal/regulatory frameworks surrounding the internet. It is the intersection of hardware development, cryptography, decentralization, and the law that makes it hard to predict how cryptojacking will continue to evolve. However, given the current state of the art, it appears that cryptojacking will continue to be a cybersecurity threat for the foreseeable future.


Prashant Mali is a practicing Bombay High Court Lawyer, Author & International Speaker who specialises in Cyber Law, Data Protection Law & Privacy.
He can be reached on cyberlawconsulting@gmail.com
To be continued and updated going ahead

s.5 lakh, or both.

Tuesday, July 31, 2018

Temporary Injuction or stay order case laws

"Temporary Injunction"  -  Few important judgments of the Supreme Court of India.


1. Rathnavathi v. Kavita Ganashamdas, (2015) 5 SCC 2232. Ram Prakash Agarwal v. Gopi Krishan, (2013) 11 SCC 2963. Lakshmi v. E. Jayaram, (2013) 9 SCC 3114. Best Sellers Retail (India) (P) Ltd. v. Aditya Birla Nuvo Ltd., (2012) 6 SCC 7925. Esha Ekta Appartments CHS Ltd. v. Municipal Corpn. of Mumbai, (2012) 4 SCC 6896. Ranjit Kaur v. Major Harmohinder Singh, (2011) 15 SCC 95 : (2014) 2 SCC7. Supreme Court Bar Assn. v. B.D. Kaushik, (2011) 13 SCC 7748. Skyline Education Institute (India) (P) Ltd. v. S.L. Vaswani, (2010) 2 SCC 1429. Home Care Retail Marts (P) Ltd. v. New Era Fabrics Ltd., (2009) 17 SCC 42910. Zenit Mataplast (P) Ltd. v. State of Maharashtra, (2009) 10 SCC 38811. Mandali Ranganna v. T. Ramachandra, (2008) 11 SCC 112. D. Dwarakanath Reddy v. Chaitanya Bharathi Educational Society, (2007) 6 SCC 13013. M. Gurudas v. Rasaranjan, (2006) 8 SCC 36714. Seema Arshad Zaheer v. Municipal Corpn. of Greater Mumbai, (2006) 5 SCC 28215. Rajasthan Housing Board v. Krishna Kumari, (2005) 13 SCC 15116. Fargo Freight Ltd. v. Commodities Exchange Corpn., (2004) 7 SCC 20317. State of Haryana v. State of Punjab, (2004) 12 SCC 67318. Vareed Jacob v. Sosamma Geevarghese, (2004) 6 SCC 378,19. Hardesh Ores (P) Ltd. v. Timblo Minerals (P) Ltd., (2004) 4 SCC 6420. Haridas Exports v. All India Float Glass Manufacturers’ Assn., (2002) 6 SCC 60021. Mahendra & Mahendra Paper Mills Ltd. v. Mahindra & Mahindra Ltd., (2002) 2 SCC 14722. Anand Prasad Agarwalla v. Tarkeshwar Prasad, (2001) 5 SCC 56823. Uniply Industries Ltd. v. Unicorn Plywood (P) Ltd., (2001) 5 SCC 9524. A. Venkatasubbiah Naidu v. S. Chellappan, (2000) 7 SCC 69525. S.M. Dyechem Ltd. v. Cadbury (India) Ltd., (2000) 5 SCC 57326. Colgate Palmolive (India) Ltd. v. Hindustan Lever Ltd., (1999) 7 SCC 127. Sree Jain Swetambar Terapanthi Vid (S) v. Phundan Singh, (1999) 2 SCC 37728. Whirlpool Corpn. v. Registrar of Trade Marks, (1998) 8 SCC 129. N.R. Dongre v. Whirlpool Corpn., (1996) 5 SCC 71430. Gujarat Bottling Co. Ltd. v. Coca Cola Co., (1995) 5 SCC 54531. Mahadeo Savlaram Shelke v. Pune Municipal Corpn.(1995) 3 SCC 3332. Shiv Kumar Chadha v. Municipal Corpn. of Delhi, (1993) 3 SCC 16133. Dalpat Kumar v. Prahlad Singh, (1992) 1 SCC 71934. Cotton Corpn. of India Ltd. v. United Industrial Bank Ltd., (1983) 4 SCC 625

Navy man in Jail for 2 years for Child Pornography, cyber crime in India

Navy man gets 2 years Jail for Child Pornography, cyber crime in India : Cyber crime conviction By Prashant Mali In the case of D...