With threats from 2.5 fronts, Govt may go for deep dive on appointment of new CDS

New Delhi, Dec 09: The sudden and tragic demise of Chief of Defence Staff, General Bipin Rawat has not only shaken up the nation, but also thrown up a very difficult question on succession.

General Rawat had a proven track record on delivery and that makes it even more difficult to find a replacement easily. The government has the task of appointing a new CDS from the Indian Army and it is expected to follow the same pattern. The overall merit cum seniority is what would be considered before appointing a new CDS.

The rules say that all service chiefs can be considered for the post. Its says that a General who can provide sound and single point advise to the government can be considered for the post of CDS.

Read more

Cyber threats- 62 pc are in the dark

While Intelligence agencies and police forces have an great responsibility to ensure safety it is also very important that the general public needs to be aware of a threat in order to curb acts of terrorism. Cyber security is the greatest challenge ahead which is acknowledged by almost every agency in the world. However the fact remains that 62 per cent of the people in the world are unaware of the various cyber threats and this makes the situation very vulnerable.
Stuxnet, Duqu, and Zeus are the names of the most dangerous online threats, and have been reported even outside of the specialist computer press. But it seems that many ordinary users remain largely ignorant of them. A recent survey conducted by O+K Research shows that nearly two third of respondents have never heard of them, while 28% of those surveyed only know about them in general terms.
At the same time, users who don’t clearly understand the level of risk presented by the malware landscape may not fully understand the need for proper security software. This, according to the survey, is where the most serious problem lies. Nearly half of PC users and laptop owners (except for Apple products) think their data is relatively safe. 8.5% of respondents are sure their computer or laptop does not need any additional protection. Meanwhile, just one successful malware infection could lead to the loss of all important data stored on the user’s computer.
The situation with mobile devices is even more complicated: 16% of tablet owners and 15% of modern smartphone users are sure their devices are in no danger. Just under half of all mobile users can be classified as doubters – they think their devices are more or less protected.
Generally, most users tend to underestimate the danger which malware poses for their devices and their data. It is largely due to the fact that users simply do not know how malicious programs penetrate the computer, how they behave and what havoc they can wreak.
More than a quarter of the surveyed (27%) have never heard about such solutions. Most respondents (57%) have heard of them but aren’t interested. And only 16% of those surveyed already use solutions which support these technologies. The result is not encouraging considering the fact that it is cloud technologies which ensure that antivirus software gets information about emerging threats and can provide the necessary protection level.

Posted from WordPress for BlackBerry.

India’s cyber worries

The report by James Clapper who is the Director of National Intelligence, United States of America portrays a scary picture about the cyber threat that the world faces. In this report he goes on to state that Iran has increased its capabilities dramatically in the cyber world and poses a great threat. The picture in India too is not a rosy one and each day we face a serious threat from our neighbours Pakistan on this front.

In fact in the year 2009 there were 2866 incidents of cyber attacks and this ensured that we are ranked 5th. Home Minister P Chidambaram also pointed out yesterday that there were around 9000 websites in India that were hacked in the past 5 years.

India’s biggest threat however will remain from Pakistan although the United States has allayed fears that its biggest threat would be from Iran, China and Russia. However the real issue is that India’s cyber threat keeps growing with each day. The threats have often been brash such as the attack on the CBI website a couple of months back and often they have been veiled.

The most shocking bit of information came when Jeffrey Karr who is a cyber security investigative officer pointed out that it was the Stuxnet worm which brought down the ISRO satellite INSAT 4B. He had also pointed out that this was done with an intention of serving China’s business interests. The bringing down of this satellite affected major services such as telecast and it took India quite a while to wake up to this problem.

In addition to this our oil rigs have been targeted with a method known as Supervisory Control and Data Acquisition (SCADA). This attack on the ONGC in the year 2010 was however prevented and had there been any let up then it would have affected 70 drilling rigs which would have quite some attack as India would not have been able to produce oil for another couple of weeks. In addition this there have also been attempts made in the control system of the Delhi metro.

Cyber Security experts say that there has been a war on the online space between India and Pakistan. There are a bunch of guys who call themselves as the Pakistan Hackers Army who are under the control of their security establishment. So far they have been carrying out more with an intention of creating an embarrassment to the security establishment in India. However the real threat is not such attackers, but the bigger threat which aims at targeting SCADA software that has been installed. This would mean water boards, satellites, factories and also power plants which cater to essential services could be hit once such an attack is carried out. Hackers both from Pakistan and also China which have a great interest in India often manipulate real world equipment with help of the deadly Stuxnet worm.

The growing use of technology has acted as a boon for enemy nations to step their crime against India on cyber space. This has resulted in a threat perception which is two ways. There are nearly 500 syndicates across the world which have been formed and a large number of them have tapped the potential of carrying out crimes on the Indian cyber space. They first came into the Indian space with email scams which many fell trap to. The pathetic outcome of the investigation and also the inability to track down the origin of the crime encouraged cyber criminals to take the war a step further. Out of these syndicates emerged another syndicate which started to carry out bigger operations. Unfortunately for India they had tested the vulnerability of the system and found it easier to enter into large space. This syndicate not only deployed the Stuxnet in some operations but also began attacking government websites. In some instances they hacked into the systems and on the other they managed to collect data although this was done on a very small scale.

After years of pondering and discussion the Indian agencies finally began to moot a proper cyber policy. It had to be a strong one and the first point that was made was to have a proper team to counter attack such attackers. There was not only a need to protect our own systems, but India also found the need to retaliate on web space.

Today India is talking in terms of more command and control centres apart from having Computer Emergency Response Teams. There will also be a National Critical Information Infrastructure Protection Centre comprising technical experts who would constantly monitor any breach or intrusion into the Indian cyber space. In the past what India has found is that the realisation of the intrusion has only been after an attack has taken place. They have now found that China too is playing a major role in the Indian cyber space and hence it is extremely important that we remain alert at all times. Indian Intelligence officials point out that there is a lot of snooping that is taking place on cyber space and there have been many instances to show that countries such as China are looking for information. Affected areas have been the border security control systems, the defence ministry and also the ministry

The top cyber threats for 2011

Photo courtesy: http://www.worldgamblingnews.com/

Cyber security continues to be a grey area and one could say that the threat perception has always been on upward swing. The year 2010 saw the deadly Stuxnet worm among others shaking up the security system. The year 2011 is not expected to be any different as cyber criminals will look to target major platforms such as Adroid, Apple software and other platforms which have not yet been exposed to a security risk as yet. In addition to this 2011 will also see politically motivated attacks as groups are expected to repeat the WiKiLeaks paradigm.

McAfee has outlined the top threats for the year 2011 and the list comprises Google’s Android, Apple’s iPhone, foursquare, Google TV and the Mac OS X platform, which are all expected to become major targets for cybercriminals.

 

The top cyber threats for 2011:

URL-shortening services

Social media sites such as Twitter and Facebook have created the movement toward an “instant” form of communication, a shift that will completely alter the threat landscape in 2011. Of the social media sites that will be most riddled with cybercriminal activity, McAfee Labs expects those with URL-shortening services will be at the forefront. The use of abbreviated URLs on sites like Twitter makes it easy for cybercriminals to mask and direct users to malicious websites. With more than 3,000 shortened URLs per minute being generated, McAfee Labs expects to see a growing number used for spam, scamming and other malicious purposes.

 

Geolocation services

Locative services such as foursquare, Gowalla and Facebook Places can easily search, track and plot the whereabouts of friends and strangers. In just a few clicks, cybercriminals can see in real time who is tweeting, where they are located, what they are saying, what their interests are, and what operating systems and applications they are using. This wealth of personal information on individuals enables cybercriminals to craft a targeted attack. McAfee Labs predicts that cybercriminals will increasingly use these tactics across the most popular social networking sites in 2011.

 

Mobile

Threats on mobile devices have so far been few and far between, as “jailbreaking” on the iPhone and the arrival of Zeus were the primary mobile threats in 2010. With the widespread adoption of mobile devices in business environments, combined with historically fragile cellular infrastructure and slow strides toward encryption, McAfee Labs predicts that 2011 will bring a rapid escalation of attacks and threats to mobile devices, putting user and corporate data at very high risk.

 

Apple

Historically, the Mac OS platform has remained relatively unscathed by malicious attackers, but McAfee Labs warns that Mac-targeted malware will continue to increase in sophistication in 2011. The popularity of iPads and iPhones in business environments, combined with the lack of user understanding of proper security for these devices, will increase the risk for data and identity exposure, and will make Apple botnets and Trojans a common occurrence.

 

Applications

New Internet TV platforms were some of the most highly-anticipated devices in 2010. Due to the growing popularity among users and “rush to market” thinking by developers, McAfee Labs expects an increasing number of suspicious and malicious apps for the most widely deployed media platforms, such as Google TV. These apps will target or expose privacy and identity data, and will allow cybercriminals to manipulate a variety of physical devices through compromised or controlled apps, eventually raising the effectiveness of botnets.

 

Sophistication Mimics Legitimacy: Your next computer virus could be from a friend

Malicious content disguised as personal or legitimate emails and files to trick unsuspecting victims will increase in sophistication in 2011. “Signed” malware that imitates legitimate files will become more prevalent, and “friendly fire,” in which threats appear to come from your friends but in fact are viruses such as Koobface or VBMania, will continue to grow as an attack of choice by cybercriminals. McAfee Labs expects these attacks will go hand in hand with the increased abuse of social networks, which will eventually overtake email as a leading attack vector.

 

Botnets: The new face of Mergers & Acquisitions

Botnets continue to use a seemingly infinite supply of stolen computing power and bandwidth around the globe. Following a number of successful botnet takedowns, including Mariposa, Bredolab and specific Zeus botnets, botnet controllers must adjust to the increasing pressure cybersecurity professionals are placing on them. McAfee Labs predicts that the recent merger of Zeus with SpyEye will produce more sophisticated bots due to improvements in bypassing security mechanisms and law enforcement monitoring. Additionally, McAfee Labs expects to see a significant botnet activity in the adoption of data-gathering and data-removal functionality, rather than the common use of sending spam.

 

Hacktivism: Following the WikiLeaks path

Next year marks a time in which politically motivated attacks will proliferate and new sophisticated attacks will appear. More groups will repeat the WikiLeaks example, as hacktivism is conducted by people claiming to be independent of any particular government or movement, and will become more organized and strategic by incorporating social networks in the process. McAfee Labs believes hacktivism will become the new way to demonstrate political positions in 2011 and beyond.

 

Advanced Persistent Threats: A whole new category

Operation Aurora gave birth to the new category of advanced persistent threat (APT)— a targeted cyberespionage or cybersabotage attack that is carried out under the sponsorship or direction of a nation-state for something other than pure financial/criminal gain or political protest. McAfee Labs warns that companies of all sizes that have any involvement in national security or major global economic activities should expect to come under pervasive and continuous APT attacks that go after email archives, document stores, intellectual property repositories and other databases.