Thursday, August 29, 2013

Governments make 43 user account data requests per million Facebook Users

Facebook recently released its first half  yearly Global Government Requests Report, which transparently details government requests for user data by country, no of requests, no of user/accounts specified and the percentage of requests complied with.

I have tabulated the released data along with the number of Facebook users in each of the countries which made100 or more user/account data requests.

These 22 countries made on average 43 user account data requests per million Facebook users within their country.

Wednesday, August 28, 2013

Definitions: What does Cyber Safety mean to an Internet User?

Cyber Safety is the measures an Internet user takes to prevent against accidental harm and to avoid known risks through the use of the Internet. Cyber safety deals with predictable cyber risks such a ransom ware, cyber bullying, email scams, defamation, sexting, loss of privacy and loss of personal information.
Internet users will at minimum need to be familiar with cyber risks and the best practices to combat them. Best practices outline precautions from risks that seek the active and knowing participation of the victim such as phishing, get rich scams, cheap pharmaceutical products, responding to trolls and cyber bullying.

Safety and Privacy: Baby Monitor lets neighbors spy into your house

There are several ways to let someone spy into your home. The easiest is using a non internet baby monitor which allows neighbors to tune into, much like a radio.
A man in the US found out that he was being watched  when his neighbor informed him that video and audio from his son’s nursery was showing up on his monitor whenever it was set to the same channel. The microphone on the monitor was so sensitive it even picked up conversations occurring in rooms outside the nursery. Both used the same product and believed the product to be secure when they bought it.

While purchasing wireless products it is important to evaluate the authentication and encryption mechanism in place to ensure that no third party can snoop onto the audio and video feed. The mechanism should provide a level of difficulty to break into. Monitors with long range may appear attractive but the feeds can also be captured by your neighbors or by people in a car outside. It may pose a health hazard for your infant.
In countries like India, where residents live in tightly boxed apartments, buyers of baby monitors should closely check product specifications and security mechanisms. After all, as the latest Indian crime report shows; neighbors are more often than not responsible for cyber crimes against you

Tuesday, August 27, 2013

Public cloud marketshare may be redistributed due to Snowden Revelations

The revelations of Edward Snowden have had a direct impact on American public cloud service providers. According to a recently released survey by the cloud security alliance, 56% of the non US firms are rethinking their decision on the use of US based public clouds. According to Gartner, the public cloud business is a 131 billion dollar market, with a growth rate of 18.5%. American firms are in the lead, with the most market share.
Rivals in other countries are in the process of catching up and lobbying with their governments to create national standards and force companies to use in country clouds. These efforts have now received a direct boost. Data sovereignty concerns have always been a significant issue. Non US firms may shift to in country clouds and hosting providers, reducing the revenue to American firms and paring their lead. While the global public cloud market revenue may not be affected the confidence of businesses in public clouds has been jolted yet again.

About 90% of public cloud services are used to advertise, offload business processes, and purchase software as a service. Most companies unwittingly pass on sensitive data through cloud email, use of collaboration platforms for conferencing and file transfer services. While companies may continue to use some of these services to gain from their cost benefits, strict policies around the type of information that can be shared will need to be put in place.  Companies would shift their investments into private clouds, and exercise greater caution on the type of applications they source from cloud providers or host onto public infrastructure.
For years, we have all lived with the knowledge that our telephone conversations can be snooped upon by governments to provide an unfair advantage to local companies. A few countries are openly suspected of doing so. This has not stopped us from making calls, but most firms have put in place mechanisms to reduce the risk.  The same example is true for our use of email. Public cloud service should follow the same pattern.

Cyber citizens’ who use cloud services for social networking, email and other types of collaboration platforms have limited choices. These are to

1.    Lobby governments for more transparency. This option is suited for those individuals who use cloud services in their country of nationality.

2.    Believe that the government has better things to do than to snoop on them. This may be true for a vast majority of cyber citizens, but untrue for some of the sources they rely upon such as journalists and whistle blowers

3.    Restrict sensitive information communicated or stored online.

Monday, August 26, 2013

Definitions: What does “Cyber Security” mean for a Home Network?

Cyber Security is defined as the set of processes, practices and technologies to protect computer assets from intentional cyber attacks by malicious entities like hackers, cyber criminals and pranksters. Typical attacks exploit vulnerabilities in computer software, use fake websites to trick individuals into giving away their credentials, and the use of sophisticated malware to cause harm to personal data, and to steal information and credentials.
For home networks and computers, cyber security at minimum requires the use of updated versions of software, firewalls, anti malware suites and strong passwords on WIFI and other network devices.

Sunday, August 25, 2013

Cellphones disguised as car fobs make it easier to smuggle and hide in sensitive areas

Cell phones disguised as car fobs and made with very low metal content to smuggle into prisons have hit the market. Prisons are not the only area where cell phones are restricted.  IT/ITES companies, government, and defense establishments where sensitive information is processed normally restrict cellphones, storage and other communication devices which have the ability to exfiltrate data electronically or through the use of inbuilt cameras. Metal detectors and physical searches detect objects like USB’s and cellphones. Plastic  phones disguised as innocuous items make detection harder.
Statistics on the smuggled cell phones in jails reveal the severity of the problem and highlight the relative ease with which a prison inmate could obtain one. One Indian jail reported finding 4 cellphones a week, Britain reported finding 7000 cellphones a year while a routine sweep pick up between 12 to 120 cellphones. Across the world there are two main avenues for phones to get into jails; through prison officials who sell them at exorbitant prices to prisoners or by inserting phones into balls which are thrown over prison walls.

Hard core prisoners use phones for extortion, terror, intimidation or to run their crime syndicates, while others call friends and family, check the news on their court cases and for social networking. Phones are hidden in plastic cases and buried into toilet shifts, or in some unusual cavities such as in the case of a prisoner’s who hid it in his rectum. Smaller phones with low metal content would be useful to evade sweeps made in prison.
Jamming of phones is hotly as it hampers emergency calls made by guards. In India, jammers fail to work as inmates allegedly used salt to render them defunct.

Phones will continue to be found in jails unless the financial incentive to smuggle them in is removed, and officials who do so are severely punished. Their active connivance not only helps the phones to get in, but also helps charge them.
Cell phone providers provide records on phones transmitting from a given location. Monitoring phone records from jail premises could provide useful clues of the cell phones operating from within.

Thursday, August 22, 2013

Neighbors! Chief Suspects in Indian Cyber Crime

Megan Taylor Meier was a vulnerable child diagnosed with an attention deficit disorder and depression, and had self-esteem issues regarding her weight. At the age of fourteen she took her own life after falling victim to an online hoax set-up up by two adult neighbors, the mother of her friend and her temporary employee, in retribution for her allegedly spreading gossip about her daughter.
They set-up an fictitious account of a  16-year-old male named "Josh Evans"  who built up an online relationship with Megan, that help here lift her spirits. Megan was driven to suicide by a series of messages designed to end the hoax. In the last few days, the tone of the messages changed. "Josh" stated in a message sent to Megan: "I don't know if I want to be friends with you anymore because I've heard that you are not very nice to your friends" and "Everybody in O'Fallon knows who you are. You are a bad person and everybody hates you. Have a shitty rest of your life. The world would be a better place without you." Meier responded saying, "You’re the kind of boy a girl would kill herself over" and hanged herself shortly after.

The adults who created the fake account and engineered the emotional harassment, thought it was a “joke” and did not foresee any serious consequences.
Although Megan passed away in 2006, I chose to recall this episode because the latest statistics (2012) released by the Indian crime bureau showed that 16% of all cases of online crimes were committed by neighbors who eve teased, settled scores, took revenge or were jealous. In India neighbors are aware of each others personal secrets making it easy to denigrate, defame, or harass victims among their friends and community.

It is a shameful yet sad reality that some take sadistic pleasure in online torture. The neighbor you confide too may in reality be the perpetrator of the online harassment.
Read Also: Top Motives for Cyber Crime in India and Cyber bullying, Parent need to prepare themselves

Wednesday, August 21, 2013

Top Motives for Cyber Crime in India

The latest statistics on Indian Cyber Crime released by the National Crime Record Bureau for 2012 show that there has been a 60% growth in cyber crime cases with an increase from 2095 cases in 2011 to 3354 in 2012. 80% of these crimes were committed by adults in the age group 18 to 45.
The crime bureau categorization of the crimes by motive highlights that financial motives and eve teasing are the top two segments of cyber crime in India


Interestingly, neighbors happened to be the chief suspect in most of crimes.



Saturday, August 17, 2013

Internet Trolls : Best of the Web Cyber Safety Videos

Wikipedia defines a troll as “someone who posts inflammatory, extraneous, or off-topic messages in an online community, such as a forum, chat room, or blog, with the primary intent of provoking readers into an emotional response or of otherwise disrupting normal on-topic discussion”. The main objective of a troll is to intentionally lure a victim into a pointless or annoying discussion by responding to rude questions or statements. The troll amuses himself while the unsuspecting victim is emotionally riled up.
In my Best of the Web Cyber Safety Videos we pay tribute to an informative video by College Humour on how Internet Trolls behave online.
If this video fails to appear for the lack of shockwave or flash support in your browser. Go to YouTube "Internet Troll Bridge "
Other Best of the Web Cyber Safety Video’s

Friday, August 16, 2013

LuciusonSecurity Wins IndiBloggers Annual Awards 2013 as the Best Crime Blog

Dear Friends,

Sharing a happy moment!!
LuciusonSecurity was judged the best crime blog at the IndiBlogger Annual Award 2013.

The blog was selected after an evaluation of its content, originality, interaction and usability, by a panel of highly distinguished judges.

A big thank you for supporting me in my blogging journey.
Recently, LuciusonSecurity won the 5th place in the Best Parenting Blog 2013 from uKnowKids.


Security Awareness for Cyber Citizens and Employees : Best of the Web Cyber Security Videos

What would happen if your predictable life suddenly became unpredictable? We lost power, communications and ran out of water for an extended period of time as cyber terrorists had hacked into and shut down our supply grids. This wartime scenario can be replayed over and over again in the financial sector, nuclear plants, traffic control and in many other sectors.
In my Best of the Web Cyber Safety Videos we pay tribute to an informative security awareness video by the CPNI titled “Staff Security Awareness”

If this video fails to appear for the lack of shockwave or flash support in your browser. Go to YouTube "Staff Security Awareness

Other Best of the Web Cyber Safety Video’s
Cyber Bullying Virus

Thursday, August 15, 2013

Rehtaeh ! Steubenville ! Bystanders and their Parents equally to blame

When I read Leah Parson’s emotive description of the pain, and anguish which drove her daughter to suicide after persistent victimization by former friends and school mates and the failure of the Canadian judicial system to help her.
She wrote “The Person Rehtaeh once was all changed one dreaded night in November 2011. She went with a friend to another’s home. In that home she was raped by four young boys…one of those boys took a photo of her being raped and decided it would be fun to distribute the photo to everyone in Rehtaeh’s school and community where it quickly went viral. Because the boys already had a “slut” story, the victim of the rape Rehtaeh was considered a SLUT.”

The case was complicated in many ways; there was no way to prove rape as the compliant was registered a week later and the picture circulated online was of an obscene act, but did not show their faces. Her mother writes “Rehtaeh was suddenly shunned by almost everyone she knew, the harassment was so bad she had to move out of her own community to try to start anew in Halifax. The bullying continued, her friends were not supportive.”
Two of the perpetrators were caught and recently charged with child pornography for distributing a sexually implicit image of a child, the only charge that the police could legally raise.

To me, a young girl was being victimized by a large number of young people in a small community, over a period of time using social networks and isolation.  This case is similar to the Steubenville Rape case where a rape conviction was made against two juvenile footballers. Alcohol, drugs, peer pressure, lack of parental supervision, and an unconscious victim were the chief ingredients in this crime.
Social media was used extensively to tweet or post about the incident. Immediately after the crime, perpetrators bragged and shared obscene videos and picture online, denigrating the victim among friends and the local community.  During the trial, social media was used to intimidate, harass and threaten the victim; her supporters, bloggers, parents and others who supported the case.

During the trial by social media, these comments were witnessed and supported by a large number of passive bystanders. Knowingly or unknowingly, by not taking a stand and condemning the slander, they and their parents became active participants in support of the ongoing victimization. Their inactivity fuelled the victimization as the perpetrators thought they were on the winning side.  Most of the bystanders had the power to end the victimisation, there and then by a single comment. But none did.

Parents should educate their children not be party to rumours and gossip online. To fight for morally right causes. To be able to walk away or take a stand against bullies or other popular students who behave immorally. Only then, will be make cyber space safe for our children. It should be noted that social media was effectively and positively used to harness support for the victim, their families and bring about changes in law.

We can always ask ourselves some of the questions below:

1.    What role did the parents of Rehtaeh’s classmates and school mates who supported the bullying do? Did they advise their children against passing judgments and took part in the victimization?

2.    The boys who committed the offence, seemed least apologetic and in fact appear to aggressively prove their innocence. What drove them to brand and harass Rehtaeh? What role do their parents play in this entire incident? Passive  or Active?

3.    Should the law reform in line with the new age or simply try to apply old laws to the online world.

4.    Is parental supervision of their children moral conduct online lacking?

5.    Do children not understand the implication of sexting and that it is illegal?

6.    Do children not understand the implication of non consensual sexting?

7.    What role do social networks play in reducing use of their network for such victimization?
photo credit: renattovect via photopin cc

Thursday, August 8, 2013

Spying on Cyber Citizens, a foregone conclusion

The NSA PRISM revelations by whistleblower Edward Snowden has blown the lid of one of the largest international surveillance operations of all times. The operation collects information called “metadata” which is an audit trail of all the online activities by cybercitizens.
Querying metadata can reveal the following online activity

1.    Email subject, recipient, message size, attachment name, time sent, senders email id and senders ip address

2.    Surf history such as website visited, time and number of visits

3.    Social network activity such as posts and comments

4.    Voip calls durations, destination number or id, and call time
Once a target has been identified, using the metadata it would be possible to conduct a detailed inspection into the targets email and other such content stored on web properties with interfaces to the PRISM system.

The collection and use of this information is not subject to authorization by courts and does not seem to be supervised in any way. Foreign citizen have no rights whatsoever as network traffic or content on foreign soil is considered to the property of that nation which legitamises the spying. This is the reason why the global optic fibre network is tapped at every country which has a landing point and the technology to do so.
Most at risk are journalists, politicians, businesses with global interests, businesses involved in competitive negotiation on global bids, bureaucrats and diplomats involved in policy negotiation.

From the revelations of the US PRISM network by the Guardian, it seems that either access to the network or its surveillance points are located at many sites outside the United States. It also proves the adage that in politics there are no permanent friends or permanent enemies, as these surveillance networks spy more on friends than foe.There are many uses for surveillance networks, but history has shown that these are used primarily for economic and political reasons rather than than for national security.
All that Snowden have achieved is to make cyber citizens aware, but in no way has it resulted in the dismantling of the surveillance apparatus. Most countries actually prevent cyber citizens from using secure technologies leaving them wide open to surveillance by many governments and jeopardizing a nation’s economic interests.

Tuesday, August 6, 2013

Six ways cyber harm hits your pocket and your heart

Cyber harm affects Cybercitizens through monetary losses, reputational damage, emotional distress, lost jobs, higher product cost and lost business opportunities. In an era of increased digitization most Cybercitizens accept or tolerate these losses as part and parcel of the use of Internet as the benefits far outweigh the risks.  In many cases Cybercitizens are unaware of the risk until they fall victim to cyber crooks.

Monetary losses
Cyber crooks use a wide variety of con tricks to steal money from cybercitizen through email scams, frauds and identity theft. Reports estimate that the average loss to an individual is around 500 us $. A part of these losses may be compensated by credit card companies or financial institutions which absorbs them as the cost of doing business.

Reputational damage
Professionals are most affected by online comments made by customers, foes or even competitors on their professional capabilities. These turn away prospective customers, dilute eminence and result in lost income. Most of the reputational websites lack methods to verify the trueness of online comments as the identity of the person who made the comment is not known.

Emotional distress
The pain of falling victim to scamsters, trolls, cyber bullies, pedophiles and other nasties online who indulge in personal attacks as well as of ex partners and friends posting private pictures online cannot be easily quantified. At the very least, vulnerable individuals and children have to spend for medical aid.

Lost jobs
Corporate espionage results in the loss of intellectual property and business confidential information which leads to increased competition from foreign manufacturing firms. Such competition reduces the profitability of businesses resulting in job cuts which forces individuals into unemployment or lower paying jobs. Estimates suggest that for each billion of lost revenue around 5000 jobs are made redundant.

Higher product cost
Purchasing goods online normally saves money and time. A lack of trust in making payments online restricts the use of the Internet for ecommerce. The only alternative is to make purchases from stores at a higher rate

Lost business
The entry barrier to a small business is typically know how and relationships not capital. If a competitor is able to hack customer lists, buying and selling rates as well as manufacturing and assembly plans, a competitive business could easily be set up.

Thursday, August 1, 2013

Public campaign forces Twitter to add a Report Abuse Button

Finally, Twitter has announced that it would insert a Report Abuse button for every tweet just like Facebook does for every post.  Caroline Criado-Perez successful campaign to replace Charles Darwin's image with Jane Austen's on a British banknote resulted in a barrage of Twitter replies full of hate, rape and death threats.
Realizing that the abuse reporting mechanism in Twitter was not effective to stem the harassment, she raised an online petition currently signed by over 1,00,000 users to pressure twitter into modifying its abuse mechanism.

Twitter cited the volume of tweets as the prime reason why its abuse mechanism was not on each tweet. But, it seems to me that it was an attempt to save costs. Putting a report abuse button would vastly increase the manual and automated efforts needed to review these tweets and take appropriate action. Twitter was undoubtedly worried about the possibility of millions of tweets being marked for review. We would be too, for a very different reason if this was the case.
Caroline’s effort is a great example of how citizens who avail free services from social networks can exert pressure to make these sites protect their personal privacy and security. Free services are a misnomer as our fee is paid through the ad revenue they derive.