Two weeks and I am gasping for breath struggling to stay afloat on the events that have passed by. The cybersecurity domain does not disappoint and provides tumultuous happenings week after week.
First – I am part of a group of InfoSec professionals and we are possessed by BOSS. If you don’t know BOSS, check the website We are possessed because BOSS is Indian, it was created, then went into a coma (I think so) and now BOSS has been resurrected by CDAC. Some believe in the reincarnation (but) many don’t and there has been an internal war .. of words. Bottom line everyone believes there should be a national system – how(?) – the great debate goes on!
The country was promised “acche din”, and good times are here:
One of the days in the past week, I was really high reading the newspaper finding snippets of joy between reports of rapes, pollution and crap.
ACCHE DIN – Sharing the joy with you…. Sensex is at 30k – Rupee is up against the US Dollar – Hilton will open 100 hotels in 5-7 yrs in India – Lenovo-Motorola looks to setup factory in India – Kotak says it’s a WhatsApp moment in Indian Banking – banking jobs will not be lost to chat bots – Govt has overshot it’s tax collection target, GST is here – new Rs 200 notes are a coming – Rs 2k and 500 notes are now mainstream (who cares if it is a challenge to get change for 2k) – Rs 36k CR loans written off by the new Yogi CM of UP saving many farmer lives, Infy CEO gets pay hike (and NM cries out in pain) – Google will help in elections and WhatsApp will start digital payments – IPL is ten years old and kicks off – liquor banned within 500m of national highways – state govt across the country delisting NHs to help tipplers – man marries a robot…… oh so much more!
Then we have some Crap News over past two weeks…
Like holy cows, we share and mull over articles written by presstitutes and TRP mongers, crafted to tittilate and tempt users into clicking and getting ads to load for their profit.
The previous week saw two themes which are being bashed into the ground: UPI and AADHAAR.
Disclaimer: Mind you I am no supporter or interested party in any scheme, and anyone who knows me well knows that I always support anything good happening in national interest but I am also critically vocal (with malice) when talking about lies, crap or anti-national activity!
UPI and AADHAAR – someone said both have been breached – which is BS (to say the least). There are so many “expert” articles going around and all are saying the same thing in different ways that it is just too much. About AADHAAR – someone put a google dork URL to show breached data and that is a sham – a few excel files is not an aadhaar breach (my opinion). This needs to be tackled in a separate blog itself.
- Check your cyber insurability index. Cyber Insurability is defined as ” A measure of maturity of an organization for a Cyber Insurance Company to provide a Cyber Insurance Cover” and as you know I do a fair bit of work in CI.
- Amanda Rousseau has published a course on basics of malware reverse engineering at her GitHub. The course consists of 6 sections: fundamentals, malware techniques, RE tools, triage analysis, static analysis and dynamic analysis.
Cybercrimes.. (a few notable ones from media)
- Advocate held for creating fake profile of woman judge was arrested yesterday by Cyberabad Police here on charge of creating a fake social media profile of a junior civil judge and posting photos
- E-tendering scam in Mumbai Municipal Corporation: BMC suspends 9 officials, blacklists 40 contractors The indicted officials allegedly opened invites for bids after midnight and closed it within a few hours instead of keeping it open for seven days.
- MBA, spoofed mail ID of Registrar, Allahabad University giving false info about interview call by sending mail to other 28 candidates advising postponement of interview date for recruitment in University to get himself selected for the post in absence of other candidates.
- Navy man convicted for cyber stalking in Hyderabad – As soon as she accepted his friends request, he proposed to her.
- Bank of Maharashtra was defrauded of Rs 25cr through a logic bug in their UPI app. – shows the quality of testing and then the CEO makes a “grand” statement at the end!
- Meerut a gang running a website aadhaarfinancialservices.com has been defrauding a number of people under the guise of providing loans. These guys have been arrested.
- 80-year-old loses Rs 1.46 lakh in card fraud – victim of a vishing call, and the Delhi based fraudster is arrested. (it is heart breaking when needy persons are victims and lose all their money. greater sorry when the banks tell them to F O)
- International cooperation in cybercrime is increasing and we see the frequency of cross border arrests increasing: Dubai police say they arrest hackers after White House staff
- Four arrested for stealing luxury cars in Delhi – they were allegedly stealing luxury cars by disabling their security systems using an imported diagnostic kit.
Events to note
- IRDA has issued cybersecurity guidelines (Guidelines on Information and Cyber Security for insurers) for Insurance companies along with deadlines. The first is to have a CISO by 30th April 2017. if you want a copy of the guidelines, you will have to run a search on the website.
- This German bank accidentally transferred $5.4 billion, second time in 8 years! (IW Comment: Height of idiocy or a jinxed bank.)
- Cyber Security for Countries Hosting Elections As the frequency of politically motivated online attacks has surged up in recent times, Google along with its sister company Jigsaw has decided to offer a free “Protect Your Election” package to all low budget organizations. In India too… Google coming deeper into our life.
- Central government is taking action on case-to-case basis on inflammatory content in social media that hurts religious sentiment and incites communal hatred.
- Million of accounts hacked from different bitcoin earning platforms (what is worrisome as one reads about this hack is that people are touting blockchain as the ultimate security weapon!)
- German military to launch cyber command – its war! whether we understand it or not
- Kenya arrested a Ugandan and a Kenyan for hacking into government websites on behalf of IS terror group
- ISIS-linked cyber group releases ’kill list’ of 8,786 US targets for lone wolf attacks says to “kill them wherever you find them”.
Hero of the week
- Niti Aayog – Niti Aayog is throwing open its doors to private sector experts to join the govt think tank at all levels. Unlike in the past, when bureaucracy would walk into govt organizations, this policy will ensure that officers compete for jobs with applicants from private sector or academic institutions.
- Hyderabad Police – for the conviction of the Navy officer in the social media stalking case.
- MP Police launch program to make farmers aware of cyber pitfalls.
- Domain squatting Google is in the news again for their domain name – this time a disputed domain googlee.in has been restored back to them by the Delhi High Court.
- Robotics – Will love, dating and courtship soon be termed “old fashioned” –
- IIT Kanpur to set up centre for cybersecurity – The grant has been sanctioned for five years and covers expenditure for the setting up infrastructure, equipment etc., for the centre.
- Hyderabad, India’s first 1Gbps-enabled city – Study on internet speed in India put Hyderabad on top with 6.5 Mbps download, 4.5 Mbps upload speed
- I hate it when I read unsubstantiated (grand) claims of “weaknesses”, “vulnerabilities” in Indian organizations products by the torch bearers of global cyber security. So this week we have Fireeye saying mobile apps of 7 banks are compromised – what a FUD type announcement. OK so don’t tell us the bank name but at least show a snipped of proof. Noting given – jjust a statement — i am this and this, and this is a gora company – you have to believe all that I say…
- The unicorn / startup scene is somewhat distressing – it looks exciting when you hear and read about the humoungous amount of money being “invested” and the “GMV” based sales figures. At the end of it all this is a bubble and in this bubble a lot of other shit keeps happening:
- Frecharge may be discounted 50% and get sold
- Snapdeal was looking at being sold to Flipkart (ek bhookha doosra bhooka ke paas) but they have got some more money ($ 100m) so maybe this wedding may be put on the backburner for some time.
- AAP trying desperately to say that EVMs are flawed is snubbed (thankfully) by Election Comm.
There is a need for policymakers, security practitioners and all to really take a hard look at cyber security and identify the risks / threats they face. Sadly we live in our own cocoon without a care.