Though I'm not a technocrat I used my over a decade of experience as a netizen to write this book. After observing how the Cyber Space works and how to protect ourselves from various cyber crimes, I thought of writing this.
Cyber Space: Opportunities and Threats Cyber space: It is not only an information superhighway, it has now become a battle field where the netizens who use internet in a respo- nsible manner have to fight against the rogue elements bent of creating problems. VRC Reddy First Edition: Jan 2010 The author claims copyrights over the content. Any mass production of the text is prohibited. Author : Ramachandra Reddy V Address : Department of Science and Humanities ANURAG Engineering College Kodad 2|Page Table of Contents Chapter 1 the Universe and the Web 7-15 Chapter 2 the empowerment of the 16-27 passive Chapter 3 Internet-The double edged sword 28-34 Chapter 4 an attempted Cyber Crime 35-68 Chapter 5 precautions needed to protect 69-100 ourselves 3|Page Internet Security “The only system which is truly secure is one which is switched off and unplugged, locked in a titanium lined safe, buried in a concrete bunker, and is surrounded by nerve gas and very highly paid armed guards. Even then I wouldn’t stake my life on it” Pro fessor Eugene H. Spafford a professor of computer science at Purdue ( is University and a leading computer security expert) 4|Page FORE WORD Well I’m not a technocrat and I know very little about the intricacies of technology. But as an active netizen, I have been observing the cyber space for the last one decade. This book is based on my observations during these ten years. While you learn a programming language it demands logical intelligence from you, but when a person like me browses Internet he/she keeps on exploring the net as the screen displays something new every second. Humans by nature need something new every time. If you take newspapers every day you get a new copy and that is the main reason behind so many people getting fascinated by newspapers. It arouses curiosity among the readers and they wait for the newspaper boy to serve the paper at the door steps. Some of the readers may even feel somewhat anxious if there is any delay, in its serving. In case of Internet it offers something new every minute or even every second. That is why so many people are fascinated by the Cyber space. For me the screen of my machine looks like a river from where there is a ceaseless flow of information which, sometimes… I find extremely difficult to manage. There is so much to download but 5|Page you would not be left with any time to read all that content. So from lack of information we traversed to a stage where there is abundance of information. But the access to this information is highly uneven creating a digital divide. More over it is human tendency to misuse the resources and facilities for wrong purposes. The main reason behind this misuse is, in our society people are growing knowledgeable but they lack wisdom and discipline. So they often use their skills for destructive purposes and put others to lot of inconvenience. Here cyber crime comes into picture. Hacking, injecting malware, denial of service attacks, hate mail, pornography, piracy and identity theft have all become a cause of concern for society as well as the governments. So governments all over the world are enacting cyber laws and training cyber forensic experts to curb the internet related crimes. As internet related crimes are very sophisticated and it is very difficult to find out the origin of the crime the cyber criminals, most of the times go scot free. This book is an effort to bring about awareness in cyber security among the netizens, so that safe computing practices become a way of life for us and enable us to escape the adverse impact of cyber crime on our society and the country. 6|Page Chapter 1: THE UNIVERSE AND THE WEB Internet… it is a double edged sword. On the one hand it is the information superhighway, the treasure house of knowledge, but on the other hand a net worked computer…I mean a computer connected to World Wide Web is the most dangerous thing and we have to be ever vigilant in order to protect ourselves from deception. It is the most amazing inventions of the 21st century. When you sit in front of a networked computer you feel as if you Cyber Space are so powerful, because we have access to infinite amount of information at our disposal. Once a person gets addicted to it he feels powerless when he is offline. Gone are the days when you would go to a big library and refer to many books or pursue experts to know the things, to acquire knowledge and to widen your horizons. Now they are all not required. You can comfortably sit in your study 7|Page and connect your machine to the web and with the help of browsers and search engines we can gain access to the millions of websites in the world. We humans have borders and need passports and visas to cross the international borders. But a networked computer doesn’t have any borders. It created a borderless world. It made distances narrow. With the help of your networked computer you can not only gain knowledge, but even share your knowledge with the world. Because you can not only download the information that is available on net, you can even upload the information you have generated. So in a way it is facilitating the sharing of knowledge. When you go online you find information in many forms and formats- documents, e books, podcasts and videos. So you need not learn things in the same old boring way. You can educate yourself through edutainment. Multimedia- text, audio and video are combined to make our learning easy. As the saying goes, a picture says thousand words. Imagine a video clipping with some text embedded in it and featuring audio… how effective it would be! So edutainment makes your learning enjoyable. To access all this 8|Page information there is so much of software available on the web. Though the premium versions of this software cost, basic versions are all free. We have down loaders and up loaders like Real Player, VLC Player, IDM (Internet Download Manager) etc. to download and save the content to our HDD. There are many file hosting websites which enable us to share our knowledge by uploading our own content. Gone are the days when you befriended only the persons in your neighborhood or in the nearby village, town or city. Now by going online you can make friends all over the world. The astronomers say that we do not know where exactly the Universe starts and where does it end. The same is the case with Web. Millions of computers are interconnected and unlimited quantity of information is passing through underwater sea cables and other wired and wireless networks. Optical Fiber Cable- a great invention of the 21st century which transmits data in the form of light rays lets the data travel through it at a lightening pace. So 9|Page e mail has emerged as the fastest mode of communication. Normally if we have the habit of reading a newspaper, we wait for the newspaper boy to serve the printed version at your door steps and at times you feel anxious if the delivery gets delayed. It’s just like morning coffee. Coffee and your printed version of newspaper- they go together. But not anymore. If you have a networked computer you can type the URL of your favorite newspaper and read it free, that too without waiting for the newspaper boy. Normally websites run by newspapers update by 4am. The information that features in the website is same as the information that is printed in the print version. So you don’t miss anything. So you can save on newspaper subscription. If you have a net worked computer you can read not just one newspaper but all the newspapers in the world. You get to know what is happening in US by logging on to www.usatoday.com to read the USA Today the largest circulated newspaper in US. You can even read The Washington Post, The New York Times, The Wall Street Journal etc. If you want to know what is happening in the Middle East you can log on to the 10 | P a g e prestigious and widely available newspaper The Jerusalem Post www.jpost.com. If you want to know what is happening in the African continent you can log on to one of the top ten English language newspapers in Africa published from Johannesburg, The Times at http://www.timeslive.co.za/ . In Asia you can logon to www.toi.com to read the world’s largest circulated newspaper ‘The Times of India’ which is incidentally an Indian newspaper. You can even read financial dailies, magazines by downloading them from some websites which allow you to download free e books in PD (Portable Document) format. So by going online and reading different newspapers we can always keep abreast of what is happening all over the world. In fact in western countries newspapers are facing the problem of reduced subscriptions and falling circulation of their print versions and their websites started receiving more number of hits. One of the main reasons for Indian newspaper ‘The Times of India’ acquiring the status of world’s largest circulated daily is, at a time when western newspapers are concerned with dwindling circulation as a result of deep penetration of Internet, the people of India where 11 | P a g e the Internet penetration in very low still opt for print versions. Coming to text books and journals there are revolutionary changes happened. That is e book revolution. This author being an ardent book lover visited some book exhibitions in Amazon Kindle an eBook reader in Hyderabad, Vijayawada and which you can store thousands of eBooks and read them just like as you Chennai. When we find an read a printed book interesting title we feel like owning a copy. But when we look at the blurb to find out the price we develop cold feet, because buying printed copies of books is prohibitively expensive. Recently I bought a book which is priced at Rs/- 695. I badly needed that book for my research. On that day unable to decide whether to buy or not, I would visit the stall, have a look at that book, read some pages and get back. I did it four or five times, as my finances were already under pressure in these days of inflation. But at last after prolonged bargaining I managed to negotiate a discount of 15% 12 | P a g e where a uniform 10% discount is offered in all the stalls of the book fair. When I was staying in Hyderabad around five years ago, my favorite place in Hyderabad was the sultan bazaar. On Sundays I would enjoy walking along the pavements to look for good picks from the second hand books displayed on the empty pavements. Sometimes I would even go for pirated books though I’m well aware that it is not legally and ethically right thing to do. On the one hand I can’t resist my temptation to own a book and read it; on the other hand the meager amount of money The latest issue of Scientific American I would make would not available as a free download permit me to go for genuine versions. Once I got fascinated by the titles that were on display- The God of Small Things by Arundhati Roy and Made in Japan by Akio Morita at a stall where they would sell pirated copies. I got them at 13 | P a g e a very cheaper price and they were indeed good reads. But throughout my reading I entertained a feeling of guilt in my mind as I was reading pirated copies. But you no longer need to undergo these hardships. You can go online, and search for your favorite books by logging on to websites like ebook3000.com, ebook30.com, trulyfree.org, projectguttenberg.org etc which allow you to download the books that you like. They are available in various formats like Plain Text, PDF, DjvU, Microsoft Reader, etc. The new trend is, many of the books are read and recorded by volunteers and these are termed as audio books. You can download these audio books from websites like www.learnoutloud.com. You can copy these audio books into your MP3 player in your cell phone and listen to them even when you are comfortably lying down on your bed or on travel. Another thing is Podcast. These podcasts are available in audio and even in video format. In order to download these podcasts you need to install a software called I tunes from Apple software. If your cell phone features video player you can even watch these videos when you are on the move. So you can use your cell 14 | P a g e phone to improve your knowledge instead of using it for empty blabbering with the so-called friends. These days many of the cell phones come with high- resolution cameras. Once I used Nokia N73 phone to take a photograph of Koya youth who live in Khammam district of Andhrapradesh. They are the hunter gatherer tribe, but their lifestyle is rapidly changing in line with the changes taking place in this 21st century. I uploaded the photograph onto the Wikipedia the largest online encyclopedia which is a virtual treasure house of knowledge to which most of the knowledge seekers turn to, to gather information on Online shopping various topics. So you can even contribute to the widening knowledge horizons by sharing your work. In fact I’m a volunteer contributor to the Wikipedia. So you can not only acquire knowledge but even share your knowledge by going online. 15 | P a g e Another important thing about Internet is it has made online shopping very easy. We need not go to a brick and mortar shop any longer, instead shop for the products we need by comfortably seated before the screen. There are many e commerce websites like amazon.com, eBay etc. to buy the products online. If you want to buy a book you can log on to www.amazon.com and search for the book you need by using the search engine, sample read the book, place an order to own a copy and make the payment by using your plastic card. The product would be delivered at your door steps. So it is very easy but at the same time if we don’t play safe it may be counterproductive. So we need to act very carefully. Chapter 2: THE EMPOWERMENT OF THE PASSIVE The web has empowered the people. Before the emergence of the web some powerful people, the so called experts would dictate the terms for the ordinary people. In a way they would impose their ideas on the general public. The common man would silently read 16 | P a g e all that stuff and he would feel elated if he liked it or would feel sad, frustrated and angry as he did not have any means to express all his emotions in case he did not like what he read. The newspapers for various reasons do not give importance to the reader’s opinions. The Indian media- most of the print media and even the electronic media is highly biased and they openly take sides. For example The Hindu which is considered to be a prestigious newspaper in South India is run by a former SFI activist by name N.Ram. So it gives lot of weightage to the communist ideology and takes special interest in planting the news about communists. Another newspaper Deccan Chronicle is actually owned by a politician by name Mr. T. Venkatrami Reddy who is a member of INC. Mr.Ramoji Rao who owns the vernacular daily Eenadu is a king maker and he has proven abilities to remove or install his men on the chair of power. The newly established Sakshi newspaper is actually a handout to serve the political interests of a particular family and is deceiving people by planting news selectively and there by misleading people. Even its origins are very dirty. Now it became 17 | P a g e a well known fact that it emerged from the cesspool of illegal mines owned by some unscrupulous people. The same is the case with even the other newspapers. At national level the world’s largest circulated newspaper The Times of India implants news selectively and tries to influence the politics. One of the popular political magazines The Outlook is almost owned by INC. Of course, there are a few exceptions like The Indian Express. So we the readers can’t expect unbiased reporting from them. They give very little space to the reader’s opinions. They rarely publish the letters which point out the biased attitude of the editorial board. So we can’t expect much from them. But in case of web, it is for all. We can freely express our views and there is enough space for everyone. Suppressing the freedom of expression by banning books is no longer possible. When the Mumbai born Indian author Salman Rushdie wrote The Satanic Verses the whole Islamic world reacted in a furious manner. 18 | P a g e People in large numbers took to streets and carried out protest demonstrations. I wonder how many of them knew what exactly Salman Rushdie had written. Ayatollah Khomeini, the supreme religious head of the theocratic state Iran issued a fatwa (a religious edict which is supposed to be followed by all the faithful in Islam) ordering the killing of Rushdie. Unfortunately India, which boasts of its democracy and freedom of expression, imposed a ban on the book even before some of the Arab countries did so. It is all because Indian politicians want Muslim votes. They have always considered Muslims as vote bank and whatever demands they make especially religious, our politicians bog down under pressure and meet their demands. But those days are over. In the cyber space where boundaries are erased nobody can control the spread of knowledge and awareness. Now the banned book The Satanic Verses is widely available on the internet and it is a free download. They even released an audio version and made it available free online. When Danish cartoonists published some cartoons on Prophet Muhammad, again the Islamic world was up in arms and many people died in the riots all over the 19 | P a g e world. This aroused the curiosity of the people throughout the world and many people wanted to know what were those cartoons that triggered extreme reaction from Muslim community. Many foreign newspapers republished the cartoons, but no Indian newspaper could muster up enough courage to do so. But on Internet, there emerged a new website by name http://www.danishmuhammedcartoons.com/ which published all the cartoons drawn by the Danish cartoonists. Then the people got to know what exactly that made the Islamic world turn so furious. In India the media; both print and electronic media is highly biased and many a time they suppress the facts and try to keep the public in dark. But when we go online someone posts the news on Internet, and we get to know about it. 20 | P a g e These days blogs and personal websites have become so popular. In fact every newspaper runs a blog in its web version. There are so many websites which provide blogging service to their visitors. So you can express your views freely. Till now the newspapers deceived the public by imposing their own ideas in the name of columns written by the so called experts. But to understand simple things in the society you don’t require borrowing the opinions of the so-called experts. In this cyber age everybody can express his/her views whether he/she is an expert or not. Of course when somebody posts something on the web others immediately react to that and they counter it by posting their own opinions. So a debate gets triggered and a wide range of opinions come to fore. This is something far better than the The Home Page of my Blog on BRITISH COUNCIL BBC website 21 | P a g e opinions of the so-called experts who try to impose their views on people. So these self proclaimed experts try to exercise some kind of psychological control over the masses. This is no longer possible. Even the websites owned by the newspapers are forced to provide space to the opinions of the readers. In the websites run by prestigious newspapers like The New York Times, The Washington Post, The Guardian, The USA Today, The Times of India we find a box under each and every news item, into which the readers can key in their opinions after they read it. Of course it is not possible to make each and every opinion live, but at least the well written and balanced opinions are made live so that the readers can get to know what other readers are thinking and based on that they can form their own perspective. But some newspapers though the opinions are well written if they don’t conform to the ideas or the ideology they subscribe to, they don’t make those opinions live. Then the readers have alternate avenues in which they can publish their viewpoints. One of these avenues is blog. There nobody can stop you. 22 | P a g e If you want to share your ideas and disseminate information you can even start your own website. But people think that starting a website is an expensive thing and we need to spend thousands of rupees to get it built. But it is only half truth. There are many websites which provide the netizens with webhosting services. There you can create your own free site without spending even one paisa. They provide you with readymade templates, you can choose an attractive template and your site would get automatically generated and you can start keying in the information you want to share with others. But one thing that has to be kept in mind is we must avoid plagiarism. Whatever content we put up in our website has to be our own and not borrowed from other sources. But that does not mean you can’t display any material that is borrowed. You can do that with proper acknowledgement. Displaying information without the works cited list or Bibliography would come under plagiarism, and your actions attract penalties under copy-right laws. I have created a website on my own with the URL http://www.pensivecitizen.webs.com. Since it is a free 23 | P a g e site I don’t own any domain name. By paying some amount of money I can register a domain name like www.pensivenetizen.info after registering, it will even get its own IP address and it could be spotted by using search engines like Google. OK. Internet creates ample opportunities for all of us to exercise our freedom of expression, but one can’t enjoy his/her rights without fulfilling some responsibilities. So nobody should plant news that is completely baseless and unsubstantiated. Even the netizens should think twice before they believe in the news or information that is published on the web. There are some anti-social elements who try to use some baseless news items that are planted to fulfill their monstrous ambitions. People have to be very careful before believing in such news items. There are many websites which don’t carry even an iota of credibility and people should be vary of their evil designs. As there is no control on the news and information that is published online, netizens have to use their judgment in deciding whether a particular website is trust worthy or not. As far as my awareness is concerned the most credible 24 | P a g e online resource for standard information is Wikipedia the online encyclopedia. As far as news is concerned Bridging digital divide- a challenge to the country. Digital divide: this is what many IT specialists are thinking about. Addressing a gathering on 4th December 2009 our Prime Minister Manmohan Singh expressed his delight at the phenomenal growth of the Indian telecom sector but expressed concern at the growing digital divide between urban and rural areas in the country. He further said that “compared to tele- density of 100 per cent in our towns and cities, our rural areas have only 20% tele-density. We must double the rural tele-density in the next three years.” The Prime Minister emphasized on the need of expanding broadband connectivity to rural India. Now the question is what is that Digital Divide which is bothering the nation builders. A decade ago people, when they would discuss infrastructure they would name only roads, railways, telecommunications, power generation, water supply, airports, schools and hospitals. But these days discussion about infrastructure is incomplete without a mention of 25 | P a g e bandwidth. The broad band connectivity depends on the bandwidth. Why broad band connectivity is so important? The networked computers make a great difference as far as knowledge is concerned. People who have access to Information Technology are dealing with lots and lots of information and are growing as good human resources, but on the other hand those who don’t have access to these are left behind and are not able to compete with their tech savvy counterparts. This digital divide is very perceptible in case of rural urban classification. If they really want to bridge the digital divide they have to take certain measures like increasing the bandwidth drastically and taking broadband connectivity even to the rural areas. The second thing they should do is providing people with the necessary hardware, in other words making computing devices available at cheaper prices. The government should give priority to all the school going children in providing them with the cost effective machines so that every school going child owns a 26 | P a g e computing device preferably a laptop, so that they can even take it home and work with it. By introducing this scheme the school going children would not only gain access to the multimedia content that is available on line or off-line, and get used to e learning. This will bring about great transformation in the education system in the country. The third thing is making Linux based open source software widely available so that the computing devices cost less and become more affordable. In fact this kind of program is under implementation in many third world countries. About One Laptop per Child One Laptop per Child (OLPC) is a non-profit organization created by Nicholas Negroponte and others from the MIT (Massachusetts Institute of Technology) Media Lab to design, manufacture and distribute laptop computers that are sufficiently inexpensive to provide every child in the world access 27 | P a g e to knowledge and modern forms of education. These XO laptops are rugged, open source, and so energy efficient that they can be powered by a child manually. Mesh networking gives many machines Internet access from one connection. The pricing goal is $100. As on 1st Jan 2010 the Dollar Rupee exchange rate stands at Rs.46.660= $1. So $100 is equivalent to Rs.4, 666. So this price makes the XO laptop affordable even to the lower middle class people. Many governments of the countries in the African continent (which are considered to be extremely poor) had placed bulk orders for XO laptops and distributed them among their school going children. I fail to understand why our Indian government is not taking a proactive approach on this issue. May be they are too busy in their characteristic ugly politicking and don’t have enough time to spend on this kind of issues. To know more about this project, visit the website http://www.laptop.org. 28 | P a g e Figures in clockwise: the logo of one laptop per child; OX laptop; the open source ‘Sugar’ software specially coded by Sugar Labs to cater to the educational requirements of the children; an OX laptop classroom in Mangolia. 29 | P a g e Chapter 3: INTERNET- A DOUBLE EDGED SWORD Till now we discussed the opportunities that are offered by the cyber space. But a networked computer is a double edged sword. It offers many challenges and poses many threats. While you are working on your networked computer you feel that the whole world is within your reach. When you type the domain name www.whitehouse.gov your computer (termed as remote terminal) reaches out to the host computer which has the information and displays the White House home page on your screen. It is almost a miracle. But this amazing invention could go either way. As you enjoy accessing information and widening your horizons, somebody somewhere might be observing your computer and detect how vulnerable your system is and how to take your system under their control, so that they can use your machine to commit cyber crime. The profiles of cyber criminals vary. There are some mischievous, juvenile elements who hack or bug others 30 | P a g e computers not with malicious intent, but to derive a sense of achievement. For them it is like a game as they want to demonstrate their skills and they derive lot of satisfaction out of it. But there are very dangerous criminals operating in the cyberspace whose intentions are destructive. They want to steal your identity and misuse it; they want to dig into your computer for information with which they can indulge in financial fraud. They can bug your computer by embedding virus (like Trojans) code in an email message. When you open the message it gets automatically deployed and infects your operating system, and the virus may even contain some code to make your system go under the control of the hackers. So injecting virus like Trojan horse might even be a ploy to gain control over your computer and use it as a zombie. 31 | P a g e A security analysis done by using Internet Security software Kaspersky which showed that the system was under attack 32 | P a g e After running ‘security analysis’ the Microsoft online help gave the advice to go for a security update. Ok. Computers not only offer opportunities but even pose threats. But do the computers throw entirely new challenges and pose entirely new threats to the humankind? When we analyze cyber crime we get to know that some of the common computer crimes like hacking, bugging, plagiarism, pornography etc. are nothing new. Hacking is a kind of stealing. A hacker 33 | P a g e gains illegal entry into others computer and steals important esp. financial or personal information with the intention of using it for his own benefit. This crime is nothing new. It has been happening from ages. The only difference is in the olden days when they wanted to rob somebody they would make a hole in the wall and gain entry inside, gather all the valuables and escape with their bounty. But in the 21st century technology has done away with all the menial labor and enabled the robbers to comfortably sit in their living rooms in front of their networked computers and do the job in a very smart way. Both the ways yield the same result but the modus operandi differs. In the same manner spreading virus, Anti-virus software like this protects your system from copying somebody else’s content malware and other cyber threats and claiming it to be one’s own, spreading and watching pornography, trapping people through social engineering, all these crimes have been happening from time immemorial, but the only change is, with the advent of Internet these activities had gone hi-tech. 34 | P a g e A defaced homepage of a website with the domain name http://netxciting.blogspot.com/. Defacing websites and creating hyperlinks which take the visitors to pornographic websites is a kind of vandalism. They do it just to prove themselves that they have the capability to do it and derive pleasure out of it. 35 | P a g e In the above illustration you see a defaced website. This website actually features very valuable information. There are many e books, audio books, articles and many other features. The e books and audio books can be downloaded free of cost. But some vandals defaced it and replaced the download links to the books with the links which take the visitors to a porn site. This is an atrocious activity, and nobody derives any benefit out of it. 36 | P a g e Chapter 4: AN ATTEMPTED CYBER CRIME Well, it all happened on 9th November evening when I found a message in my e mail letter box from one of my friends to join a social networking site called Zorpia. I tweet on Twitter, face my friends on facebook, but I never heard this Zorpia. So I grew enthusiastic and clicked that link. It took me to an impressive looking website and found that the site has many facilities to offer and straightaway opened my account. But because of the time constraints I could not build my profile fully. So the info with regard to my marital status showed “dating” by default. The underlying picture shows you that I left my profile incomplete. May be this might have prompted Ms. Mercy Boko to write the so-called love letter with an offer to marry me. She used her 37 | P a g e Zorpia account to send the message. Here you can see the cover of my guestbook in my Zorpia homepage. The next day I Email notification by Zorpia team about the message received an email sent by Mercy Boko message notifying me of the receipt of a message into my guest book on my Zorpia. I clicked on the button view comment and I saw something which took me by surprise. To my astonishment it was a love letter sent by a girl by name Ms. Mercy Boko making an offer for marriage. 38 | P a g e It seems that she is interested in the right person to spend time with, in the rest of her life. If we closely observe her language it sounds genuine and heartfelt. But as they say, sometimes appearances are deceptive. She even says that distance, age and color does not matter. Normally when people see this kind of words, they come to the conclusion that she is a white woman and does not have any objection to marry a black or an Asian. So this sentence is used as a bait to lure the persons and make them fall into her/his trap. We don’t even know whether the person is really a female and her name is Mercy Boko as stated in the message. From the message it is apparent that the person gave an 39 | P a g e address where people are predominantly white. Mercy Boko's love letter from 24, Catania, Italy I thought for a while … Why did I receive this kind of message? Then I observed that in my profile it was showing my marital status as “dating”. Then I realized my mistake and immediately built my complete profile and, to be on the safe side I even uploaded my family photograph featuring me, my wife and our son. I was under the impression that this would clear things to the other person and ignored the message for a while. In the underlying frame you can see the photograph I uploaded on to my Zorpia homepage. 40 | P a g e The family photograph that I uploaded on to Zorpia. This photograph did not deter Boko from showering love on me But after sometime I thought courtesy demands that I should answer the mail and gave a reply making matters clear and thought that would be the end of the episode. As you can see in the mail I sent I stated it very categorically that I’m married and have a son. I even apologized for the confusion I created by not building my complete profile on Zorpia. As far as my 41 | P a g e message is concerned it is absolutely clear and transparent. The delayed replay that I sent to Ms. Mercy Boko making my position clear But my message did not deter the other person from shooting another message. This time she not only showed her passionate love on me but also fabricated 42 | P a g e an excellent story. As you can see that she stated that her parents were the victims of cold blooded murder by the rebels in Uganda. As there is a civil war going on in Uganda credulous people naturally believe the other persons version, and there is every possibility that some of them may react in a sympathetic manner. She even stated that her father was the chairman of a commercial organization called BEN Manufacturing Company. (We don’t know what it manufactures) When I undertook a search on Web I could not find any traces of such a company in Sudan. One of the most respected daily newspapers in East African region The Sudan Tribune does not have any reference to either Ben Manufacturing Industry or it’s so called former Chairman Benjack Boko who is claimed to have been killed by rebels. Ms. Mercy even claimed that her father Benjack Boko was the advisor to the former president of Sudan. If her father was really such a high profile personality and had really been killed by the rebels, his name would have been featured somewhere in the archives of The Sudan Tribune. This implies that all these names are fictitious and created exclusively for the purpose of carrying out this cyber crime. 43 | P a g e If we closely observe the letter we easily get to know that the person has taken utmost care to fabricate the story as it is done in detail. It is also very obvious that the way they communicated with me in quick succession stands as ample evidence that it is a professional network which indulges in cyber crime by taking advantage of certain contemporary situations in some countries. She stated that she escaped from Sudan (where there is a civil war going on in Darfur) and sought asylum in Senegal. Sudan is located in the eastern part of the African continent and the Senegal is on the extreme west. Under normal circumstances the people who are subjected to persecution seek asylum in some neighboring country which is nearer. But in this case Ms. Mercy Boko claims that she lives in a relief camp in Dakar, the capital of Senegal. From Khartoum Sudan Ms.Mercy migrated to the capital city of Senegal Dakar, which is approximately 5,800 kms away. Under normal circumstances a refugee cannot mobilize resources and facilities to migrate this far. According to newspaper reports (The New York Times; dated 1st November 2008) most of the refugees who escape the war ravaged western region of Darfur in Sudan, where the government forces and the Arab 44 | P a g e militia men are fighting, escape to the border of neighboring country Chad where United Nations is running an aid operation to rescue around half a million of refugees from both the countries that are Chad and Sudan. In fact even Chad is facing the problem of rebels and both the governments aid the rebels of their opponent country to settle scores with each other. 45 | P a g e 46 | P a g e Even after making my position clear Ms. Mercy Boko pursued me and fabricated a nice story with an evil intention This is the so-called Ms. Mercy Boko’s photograph. It is clear that she is a black. We can’t even say that this girl actually did the whole thing. There is a possibility that somebody might have used this girl’s picture. If that is the case we need to think twice before uploading our photographs on to the net, The so-called Mercy Boko as our photographs could be misused in this manner. These days the social networking sites are proliferating at a rapid pace and people are uploading scores of photographs on to these websites. The web has made it very easy to upload and download the content in different formats like text, photographs and videos. So they are widely available on the net, and there is no guarantee that our photographs would not be misused by some rogue elements. If such a thing happens we will definitely be in trouble. 47 | P a g e Well, I fell into the trap. I replied Ms. Mercy Boko by stating that I'm ready to help her. This obviously had given her encouragement to continue her communication. 48 | P a g e Everything happened in quick succession. Immediately after I revealed some of my personal information Ms. Mercy Boko shot this email message giving the details of a fictitious finance company where her father deposited the treasure. 49 | P a g e This email message from Mr. Tajibe Jidu (Service Director) on behalf of the Major Golfer Treasure security Home which included a letter as an attachment This is the email message I received from the so called Service Director of Major Golfer Treasure Security Home. He sent the letter as an attachment and the letter is printed in the next page. As you can see, the letter is on a plain paper, not on an official letterhead. We can’t judge the authenticity of the letter unless it is digitally signed. 50 | P a g e Another important thing we should observe is in the letter they asked for a scanned copy of my identity and my full personal details. In fact I furnished the personal details and even thought of sending a scanned copy of my identity. But in the mean time I grew suspicious and started reviewing the whole story which confirmed my suspicion. 51 | P a g e The letter that was attached to the mail received from Mr. Tajibe Jidu 52 | P a g e falling deep into the trap: In this mail I sent to Ms. Mercy Boko I promised her to help her in good faith 53 | P a g e At last Ms. Mercy Boko realized that I have been treating her as sister. But even after that her style of composing mails has not changed. This stands as ample evidence that all the drafts of the emails are prefabricated. 54 | P a g e Inspite of addressing her as sister she continued showering the other kind of love on me and kept on treating me as her prince charming. Moreover she made a very important observation “I did not have to think twice when you asked me to be your wife” this is atrocious. If you read the content of the snap shots of the email messages that I have inserted, you get to know that nowhere I addressed her as my love and I in fact, addressed her as sister in the previous letter. Of course she also addressed me as brother, but in the body of the letter she repeated the same old thing. This makes another thing clear, that is all the letters that were sent to me are prefabricated, and the person could not edit the prefabricated letters properly to match the unexpected situations in dealing with their prey. 55 | P a g e 56 | P a g e So their real intentions are out. They want me to send the expenses that would be incurred to transfer the fictitious treasure to India. 57 | P a g e This is what they are aiming for. They want $1,460. If we convert the amount into Indian currency it will be Rupees 68,109. If we include the charges of sending money it comes to almost rupees Seventy thousand. They made this plan to trap some netizens Hunting for Dollars through illegal means and grab the Rs. 68,000. For by using the cyber space a middle class person 68,000 rupees is not a small amount of money. Neither is it a small amount for the people who are living in African continent in which most of the counties are very poor and ravaged by civil wars. Of course we don’t know from where these email messages emerged. In these days of economic recession and rising unemployment it is not a negligible amount even to a person who is from a developed country. The nefarious activities of these criminals that have now turned the Internet into a cheap channel for the perpetration of criminal spamming activities known as the Advanced Fee Fraud (AFF). The above incident with complete description is a classic example of Advanced Fee Fraud (AFF) through spamming. According to newspaper reports the African nation Nigeria is the hub to most of these crimes. 58 | P a g e Barrister Adeboye katke's Identity card. We don’t know whether it is authentic or fabricated. This is the identity card attached to the letter sent via e mail by a lawyer by name barrister Adeboye Katke. Well, could this be original? Or had it been impersonated? In India sales executives, when their customers don’t possess proper testimonials to get some things like SIM cards, USB modems they impersonate the voter Identity Cards. They carefully peel off the lamination, they peel a small part of the three dimensional hologram and insert another person’s photograph and change the personal information on the card and take a photocopy of it and 59 | P a g e attach it to the application. Something of that sort might have happened or this lawyer Bar. Adeboye Katke might himself has a role in this crime. Because as I sent a message to this barrister requesting him to guide me in the matter he mailed me back as if he is eagerly waiting for that. Or somebody might have gained access to his identity card, scanned it and exploiting and the barrister might well be unaware of its misuse. This is the problem with the Web. You receive lot of documentary evidence but you don’t have any way to know whether it has emerged from the right source or not. But there is a solution to the problem. That is digital signature. Digital signature technology enables the user to encrypt the data by using his/her private key and the receiver can open the document by using the public key of its generator. None of these documents are digitally signed and not many people know about digital signature technology. So people who are not aware of these things may easily believe the authenticity of the documents. So this is certainly an ingenious step on the part of Ms. Mercy Boko, as this kind of evidence lures the innocent people to fall into the trap. 60 | P a g e So this is Ms. Mercy Boko's offer. Had I sent the money it would have gone forever? That’s it. Ms. Mercy Boko finally decided to make the mantle fall on me. From the very beginning my conscience is clear. As I’m well aware of the happenings in east Africa I sympathized with her and wanted to help her. I don’t have any objection to send that money. But before we take a step we need to 61 | P a g e rethink and make sure we are not going to get deceived. Then to make sure that the claims of Ms.Mercy are genuine I started having a close look at all her correspondence. When I saw the address in the first letter she sent to my guest book on Zorpia, she mentioned her address as 24, Catania, Italy. Then how come this girl ended up in Dakar, Senegal? Then exactly I smelled the rat. To know more about Ms.Mercy I clicked on the link to her account and to my astonishment I found that Zorpia had actually blocked her account. That means her actions are highly suspicious. I even had another look at all the messages she sent me. There is abnormal variation in the kind of language she used in the composition of her messages. It is very clear that the messages are prefabricated. The prefabricated messages featured good language, where as the messages which answered my specific questions the language is of substandard. So I came to the conclusion that these messages are not sent by one person. I even started investigating deeply into the episode and decoded well orchestrated plan to grab money online from credulous people. 62 | P a g e When Ms. Mercy wrote her first letter to my Zorpia guest book the address clearly stated that it is from Catania; Italy. This is the location of Catania in Italy. According to the correspondence Ms. Mercy In her first Boko is the citizen of Sudan. It is true that there communication on is a civil war going on in Darfur region of Sudan. Zorpia she mentioned This claim by Ms. Mercy Boko makes the other her address as 24, person believe in the story fabricated by Mercy. Catania, Sicily, Italy. In the later part of the correspondence Ms. Mercy Boko claimed that she has escaped from Sudan and sought asylum in Senegal and staying in a relief camp in Dakar the capital of Senegal. 63 | P a g e Ms. Mercy Boko's account was banned or terminated. The Zorpia team might have done it after tracking suspicious activity from her account. This is Ms. Mercy Boko’s account on the social networking site Zorpia. As you can see in the above frame it has been stated that the account has been banned of terminated. Normally social networking sites ban or terminate accounts of their members when they indulge in suspicious activities that are not acceptable to the civilized people. 64 | P a g e After my suspicions have grown I sent a mail asking for an explanation. The letter which I shot at Ms. Mercy demanding an explanation on the misleading information she had furnished in her successive email messages. In this mail I stressed on two important things. The first one is How did she end up herself in Dakar Senegal from 24, 65 | P a g e Catania, Italy? The second question was why her account on Zorpia was terminated? She gave an absurd answer to the second question and skipped answering the first question. Another notable thing is the person who sent mails in quick successions suddenly stopped all the correspondence with me. This shows that she is a fraud. Ms. Mercy's answer to my questions, utterly unconvincing and far from true. 66 | P a g e In the above frame you can clearly see that Ms.Mercy Boko is finally exposed and fumbled a lot to explain her position. The reason she had given is very silly. She stated that after she sent me the message she forgot to log out and because of that her account was terminated from Zorpia. This is ridiculous. As a netizen with long experience I can confidently say that not logging out cannot be the reason for termination of service. Of course when one wants his/her data to be secure or maintain privacy he/she had better logout from his account. But no website The logo of Twitter a very popular social networking site which allows you to key terminates an account in your ideas and activities in not more showing this absolutely than 140 letters trivial reason. These social networking sites monitor their member’s activities closely and the moment they observe any suspicious activity on the part of any of the members they block the account. So it is abundantly clear that Ms.Mercy Boko’s account was 67 | P a g e terminated for obvious reasons. She might have sent the same message to so many people and as the site observed this activity they immediately terminated her account. She even used some sentiment by saying that after she mailed me and found me she thought that she no longer needed that account so she herself discarded it by not logging it out! How funny the explanation is. The answer conclusively proves that the other person, who ever she may be, was trying to deceive me. In her first mail she mentioned her address as Catania, Italy to lure her prey by creating an impression that she is a white Italian. Since Italy is a well developed country people easily believe that even this girl might well be economically well off. After throwing this initial bait and attracting some persons the sender of these emails switched over to Dakar, Senegal in the subsequent correspondence. Moreover she even brought Sudan into picture to substantiate her fabricated story. And she cleverly used the happenings in Darfur region of Sudan to make people believe her version. So she could not answer the second question. One more important observation I made is the kind of language the person used in this mail is of substandard 68 | P a g e in comparison with the other mails. This fact implies that other mailed letters might well be ready made, in other words prefabricated and this particular mail had to be composed on her own to answer the unexpected questions, and in the process the person who sent beautiful love letters earlier barely managed to put across her version in a very shabby manner. During my investigation I came across an interesting thing. That is in between the two points i.e. Sudan and Senegal there is a country called Nigeria. Nigeria is one of the fastest growing economies and the most populous nation in the African continent. In Nigeria with the advent of Internet a fraud called Advance Fee Fraud (AFF) started flourishing. It has almost acquired the status of an industry and has got a long and interesting history. Whatever description that I have given above closely resembles what has been happening in Nigeria. This Mercy Boko thing might well have emerged from Nigeria though we are not sure because, deriving inspiration from Nigerian fraudsters the criminals in other countries also started this kind of business. To know more about this interesting story visit: http://en.wikipedia.org/wiki/Advance_fee_fraud. 69 | P a g e It seems I won a lottery without even buying a lottery ticket. 70 | P a g e Chapter-5: Precautions needed to protect our selves When we leave the house for a tour we take many precautions in order to avoid any theft. First we check whether any faucets are left open, any electric appliances are running, whether any doors are left unbolted and close everything and finally we bolt the main door and lock it. In the same fashion we have to take the precautions even in case of our networked computer. As it is well-known, for every threat there is a precaution, and when the threat becomes a reality and the attack actually happens there is a defense to protect ourselves. Security needs vary from person to person. If your machine is not networked and you don’t use any external storage device probably you need not worry about the safely of your computer. But when your system is connected it becomes vulnerable. Threats from many directions loom large and you need to take protective measures. The first thing you need to do is to ensure that you use a licensed version of the software so that you can download and install the latest security patches released by the software manufacturer and keep the inbuilt security software active. For 71 | P a g e example if your system runs on Vista, activate the Windows defender. In case of XP download the defender and install it. But the inbuilt security software does not shield your machine completely from malware. To get complete protection you need to install a good anti-virus software preferably Norton Internet Security Kaspersky Internet Security or McAfee. But if you don’t want to spend on an Internet Security Software you can download and install Microsoft Security Essentials released by Microsoft for the benefit of its genuine software users. This antivirus software provides real-time protection for your home PC and guards against viruses, spyware, and other malicious software. The most important feature of any good antivirus software is it gets updated regularly on its own, the moment you go online. In a nut shell you should keep the Firewall turned on Automatic updating enabled Malware protection active and other security settings like user account control also turned on. 72 | P a g e Run the security analyzer in your anti-virus software and keep track of the threats your system is facing. Well this is at individual level. Not only individuals but even the nation states are worried about their cyber net works. A new term Cyber War has been coined and the defense experts say that till now wars are waged on the surface of the water and land (warships like aircraft carriers and destroyers, battle tanks, SAMs etc.), under the water (submarines), in the sky (war planes and air- to-air missiles), in the space (some countries like US and China have acquired the capability of shooting down the space assets (satellites) of the enemy), subterranean (Vietnamese soldiers constructed the underground bunkers to ambush US soldiers) during Vietnam war). But the new age warfare starts in cyber space and spreads to all other avenues. Cyber war is a war in which the cyber communication system of the enemy country is targeted and will be paralyzed so that the attacker can gain the strategic edge over the enemy. According to a report released by McAfee a cyber security company, the US, Russia, France, Israel and China are armed with cyber weapons, and the UK, Germany and North Korea are preparing for a future in which conflict is partly 73 | P a g e conducted through the Internet. Many nations are arming to defend themselves in a cyber war and readying to mount their own attack if necessary. For instance the July 4, 2007 attacks involving denial-of-service on websites in the US and South Korea could have been a test by a foreign entity to see if flooding South Korean networks and the transcontinental communication between the US and South Korea would disrupt the ability of the US military in South Korea to communicate with military leaders in Washington DC; an the pacific command at Hawaii.” The ability of the North Koreans to disable cyber communications between the US and South Korea would give them a huge strategic advantage” If they were to attack South Korea, the report said. (the report released by McAfee and published in http://www.news.cnet.com on November 16, 2009) According to another report a former senior US Information Security Official, nearly three quarter million personal computers in the United States were taken over by Chinese hackers. The computers on which the hackers manage to gain control are called as “Zombies”. (Zombies are malicious software packages downloaded by 74 | P a g e unsuspecting users from infected e-mail messages or websites; as a result the computers go into the hands of hackers and enslave themselves to those cyber thugs) They infect computers at a very basic level, making them hard to find and root out, and they enable the hackers who wrote them to create large networks of “slave” computers that can be used in massive, if unsophisticated, cyber attacks using a technique called Denial of Service or DoS. DoS attacks aim to overwhelm their target websites by flooding them with bogus requests for information from slave networks, also called Botnets. Botnets are ‘the cheapest attack weapon a nation can buy’. Shaun Waterman, United Press International (UPI) Homeland and National Security Editor; published on Sep 17, 2007. Now the big question is, what about India and what are its preparations to defend against Cyber attacks and what are our capabilities to mount counter attack to deter the enemy from launching further attacks. According to newspaper reports and the reports on well known defense journals India is facing cyber attacks from Chinese hackers on regular basis. Chinese hacker 75 | P a g e community is state sponsored. In a way we can term this as state sponsored cyber terrorism. It is not surprising to see China taking its cyber warfare capabilities very seriously. In 21st century Cyber warfare capabilities of the countries play a major role in upsetting the plans their adversaries. So the PRC (Peoples Republic of China) has two strategies. The first one is to follow the principles of Sun-Tzu the Chinese war philosopher who produced the classic work The Art of War. Sun-Tzu said when you wage a war you should know your adversary very well. You should hit him hard where he is most vulnerable. So countries like US and its NATO allies and India to a great extent depend on infrastructure that is highly networked. So these Cyber Security expert Ankit Fadia countries are highly vulnerable who helped Mumbai police in to cyber attacks. So by tracing out the email messages sent by terrorists in post 26/11 launching attacks on the critical attacks. Copyright ©2010 Bennett infrastructure of the adversary Coleman & Co. Ltd they can gain a strategic advantage and with that they can neutralize the enemy’s ability to wage a protracted war against China. The second strategy is, following the call given by the founder of Communist China Mao Tse-tung 76 | P a g e during the revolution (long march). Mao always advocated people’s participation in any war. So the authoritarian communist regime has involved people (the govt. is training the skilled netizens to become professional hackers) and prepared a well organized force to carry out cyber war. But India’s preparedness in this aspect is nil. As far as maintaining internal law and order and protecting borders are concerned Indian leaders have always been reactive though they are supposed to be proactive considering the security environment in the neighborhood. The Kargil intrusions, the border violations by Chinese army on regular basis and the numerous bomb explosions which took the lives of so many innocent people are all the standing testimony to the laxity on the part of the rulers towards national security. According to the cyber security expert Ankit Fadia (who helped Mumbai police in tracking down the sources of the e mails received from terrorists in the post 26/11 attacks) in Mumbai, terror came through the sea and went berserk spraying bullets on the civilians. The next time it may come through the fiber optic cables. In a society where people are increasingly getting dependent on technology India is most vulnerable at the critical infrastructure like railways, 77 | P a g e banking, power grids, stock exchanges, telecom and other cyber communication networks. If the enemies launch attacks on these targets the public life would get completely paralyzed and the economy would suffer irreparable losses. Countries like US which are always proactive in the matters of national security had taken fool proof measures to defend themselves from cyber attacks. Not only defending but even to launch massive counter strike to deter the enemy from launching further attacks. So countries are building not only defensive but even the offensive capabilities. In the own words of Cyber whiz kid Ankit Fadia, “despite being an infotech power, India lags on cyber security. Neither the government, nor the private sector is adequately prepared to face a cyber attack. We have the necessary laws in place, but they are futile in the absence of trained security experts and police officials to enforce them. Recently, I was at a conference in the Capital, attended by numerous Delhi Police officials. During the question-answer session, one police official asked me: "All this is fine Mr Ankit, but yeh internet ki building kidhar hai?" According to him, the internet was a huge building and, in order to protect it from cyber terrorists, the police had simply to stand all around it, holding rifles and lathis to fight off viruses, 78 | P a g e worms and criminals! If this is the state of affairs in the police department of the national capital, one can't even begin to imagine the way it is in other cities”. Prevent a cyber 26/11; Ankit Fadia 5 April 2009, 12:44am IST (The Times of India) The only super power existing and made this world unipolar the US is taking strong measures to secure its information networks, after the new reports suggesting that China has acquired considerable level of Cyber warfare capabilities. It started taking measure to coordinate and streamline the activities of its different security agencies like Department of Defense (DoD) and National Security Agency (NSA). The officials say that the cyber command, as it is known, is an effort to consolidate existing offensive and defensive capabilities under one roof and involves no new authorities or broadening of mission. It also has plans to build powerful new offensive capabilities -- some as yet unimagined. Their goal is to better protect their forces, as if someone manages to intrude inside the network, it could impair their ability to communicate and operate. So they are taking a proactive approach in tackling cyber war and cyber terror. Every sixth person walking on this earth is an Indian. What Indian government is doing to protect the interests of around 1.2 billion population? We don’t know. Their only answer is our computers are secure. 79 | P a g e 80 | P a g e The letter received from White House stating that a cyber security coordinator has been appointed by the president Barack Obama This letter has been received by the author from John O.Brennan, the Assistant to the President for Homeland Security and Counter terrorism on 22nd Dec 2009 about the measures taken by President Obama to secure the cyber assets of United States. He appointed Mr.Howard Schmidt as the White House Cybersecurity 81 | P a g e Coordinator. If you read the letter carefully, you will get to know how much importance is given to the post and how seriously the president has taken the issue. President Barack Obama greets his new White House Cyber Security Chief Howard A. Here are a set of Schmidt in the Cross Hall of the White House. December 17, 2009. (Official White House precautionary measures Photo by Lawrence Jackson) Mr. Brennan advised the public to take in order to curb cyber attacks. Cyber security matters to all of us – and it’s our shared responsibility to mitigate the threats in this space. You can take cybersecurity into your own hands with these tips for protecting yourself online: Keep your security software and operating system up-to-date. At a minimum, your computer should have current anti-virus and anti-spyware software and a firewall to protect yourself from hackers and malicious software that can steal sensitive personal information. Hackers also take advantage of Web browsers 82 | P a g e and operating system software that do not have the latest security updates. Operating system companies issue security patches for flaws that they find in their systems, so it is important to set your operating system and web browser software to download and install security patches automatically. Protect your personal information online. Millions of people become victims of identity theft each year. One way that cyber criminals convince computer users to divulge their confidential personal information is through fake "phishing" emails, which are often cleverly disguised to look like authentic emails. Be wary of clicking on links in emails that are unfamiliar and be very cautious about providing personal information online, such as your password, financial information, or social security number. Know who you are dealing with. It is remarkably simple for online scammers to impersonate a legitimate business, so you need to know who you are dealing with. If you are thinking about shopping on an unfamiliar website, do some independent research before you buy. Similarly, before you download software, be sure that the software developer is 83 | P a g e trustworthy. Cyber criminals will often embed the capability to steal passwords and files into free software. Learn what to do if something goes wrong. If your computer gets hacked, the effects may be obvious (e.g., deleted or corrupted files), or they may be subtle (e.g., slow computing performance). As a first step, you should scan your computer with updated anti-virus software. You may wish to get professional assistance through your computer’s manufacturer, computer retail store, or local computer technician. You can also alert the appropriate authorities by contacting your Internet Service Provider or the Internet Crime Complaint Center. (Courtesy: The White House Blog by John O. Brennan; Assistant to the President for Homeland Security and Counterterrorism) Cyber cafe users are more vulnerable: As cases of email frauds grow in India, it is better to be suspicious of any mails that ask for personal information, even if it might look legitimate. That applies to those which may come; you may think so, from your trusted banker. 84 | P a g e A cyber security veteran told TOI: “Mails from banks asking for personal information are flooding Indian inboxes, most of which are fake. Most legitimate banks follow a policy of not asking personal information through e-mail. If needed, they will send letters or call you up. Whenever you get such a mail, confirm with the banks helpline number before opening it.” Cyber security whiz kid Ankit Fadia added: “You must have two different email addresses with separate passwords—one that is your official one and the other which you can use for social networking sites like Orkut or for online websites and blogs. This way, you know that the mails you receive in your unofficial email are mostly spam.” “You must be careful about mails with an interesting subject line, something you might instinctively click on. With such mails, the best bet is to just delete it if you don’t recognize the address.” Cyber cafe users are particularly vulnerable. Avoid using Cyber cafes for sending a mail which has your personal details like PIN. Fadia said: “With people, especially from smaller towns thronging cyber cafes, they are most prone to email fraud. Most of the cafes 85 | P a g e don’t have strong anti-virus software installed due to economic reasons. This puts your email at risk from hackers.” Fadia notes that the presence of 1,600 and still-growing cyber cafes point to the dependence of huge sections on these e kiosks. He has simple advice for them. “Users must always log out or lock their computer when stepping away, even for a minute when at cyber cafes. Forgetting to do so leaves your account open to abuse.” With sites like Facebook and Orkut becoming more and more popular day by day, be careful about the information you choose to share with others online. To avoid identity theft, always avoid making public your PAN number, your exact date of birth, your full address or your telephone number. (Times of India; Dated January 07, 2009) Seven Practices for Computer Security 1. Protect your personal information. It's valuable. The netizens much not reveal any personal information esp. the PIN Nos. Sometimes when you make online payments you may be guided towards secure payment 86 | P a g e gateway by your bank. In that case you may key in the PIN. In other cases you must neither reveal nor should you store such data in your computer esp. when you don’t have a licensed version of the Operating System Spam: we face many dangers by and Internet Security software. clicking on it While joining social networking cites it is normal that we become overenthusiastic and try to furnish some personal information like residential address, date of birth, Telephone Number etc. This information may be misused to swindle you. 2. Know who you're dealing with. While you are online you need to be very cautious and deal with only those people whom you know very well or the people who represent well known organizations. But when you deal with the representatives of even the well known organizations we need to check their identity before we act. There should always be an element of suspicion in your mind, but at the same time you should not fall prey to paranoia either. Every day you find some or sometimes many messages in your 87 | P a g e spam box. Your spam box in most of the cases contains mails from unfamiliar persons. It is not safe to click on those messages, even if you click, don’t download any attachments that form part of those messages. Spam and the attachments that come along with it may contain malware like Trojan horse which may enslave your computer and turn it into a Zombie to form part of a botnet. All this process is insidious and happens without you being aware of it. 3. Use security software that updates automatically. Many computer users don’t give much importance to anti-virus software. They treat the issue as unimportant. As a result their systems get infected mostly when they go online, or when they attach storage devices like flash drives if they contain information downloaded from internet or any other source that was already infected. Flash drives which are commonly known as pen drives are particularly prone to infection. Viruses like Trojan horse, Win32 Sality are dangerous and make our computers crash if we don’t have a licensed version of the security software in place. Many computer users download free versions like AVG and avast Home Edition. These free 88 | P a g e software are not at all reliable and they don’t get updated automatically. Licensed versions of the security software like Norton Internet Security or kaspersky Internet Security are the most reliable software which give maximum protection to your system when you are online. Some users who use Operating Systems like Windows Vista have inbuilt protection tools like Windows defender, but that could not be a complete solution to the threat of virus. Installation of licensed, reliable security software which remains up-to-date in its antivirus definitions is very much essential if you want to be immune to the cyber threats. 4. Keep your operating system and Web browser up-to- date, and learn about their security features. In order to keep your system secure you need to use genuine software. If you have any doubts with regard to the authenticity of your Microsoft Windows software you can get it checked by logging on to http://www.microsoft.com/genuine/ and clicking on the buttons Validate Windows and Validate Office. Your software will be put to authentication test and the result would be displayed within a few seconds. 89 | P a g e The Operating System versions released by Microsoft are prohibitively expensive. If we take the example of Windows vista, there are three variants: that are Home Basic, Home Premium and Ultimate. They are priced at Rs: 4000, 5300 and 11500 respectively. If we spend 11,500/- we can get a high configuration System Unit assembled. India, being a third world country and the per capita income is very less the computer users are not in a position to afford a genuine Operating System marketed by Microsoft. Even the office suit sold by Microsoft, for example Office 2007 is priced at around Rs/-5000. I think the day is not far away when a desktop computer would be priced at Rs/- 10,000 and the software, may be (Windows 10 with Office suit) would cost around Rs/-15,000. So the software has certainly become prohibitively expensive for the third world computer users. Even an Internet Security software (single user) costs around Rs/-500. So what could be the solution to this problem? How can we get the software at an affordable price? Using pirated software could not be the solution as it comes under copyright violation, and is a punishable offence. The only solution could be to switch over to Open 90 | P a g e Source software based on Linux. There are many Linux distros like Ubuntu, Fedora, Dabian etc. These Operating systems also support GUI (Graphical User Interface) and facilitate ease of operation with mouse clicks. I wonder why people are after Windows operating system. As far as my observation is concerned (I tested Ubuntu) Linux based OSs are not only user friendly but even function as effectively if not more effectively than Windows OS. Windows OS is targeted by cyber criminals as it is the most widely used Operating System. But as far as Linux is concerned it is not only difficult to encode a virus Ubuntu: a Linux based OS that looks very program even the buggers much similar to Windows and has all the facilities Windows OS has. don’t show much interest in coding virus programs as they are not used by many. Linux based software is completely free and they are the products of volunteers based all over the world. So they release new versions at quick successions, and the users can upgrade their OS by going online. So in case you are not in a position to afford Windows go for Linux based OS. Ubuntu comes along with 91 | P a g e Open Office suit. Open Office has all the features Microsoft Office has. You can use Mozilla Firefox or Thunderbird browser to roam around in cyber space. I think the future belongs to open source software. Already much of the software available online is free. The software services companies release two versions: one is basic and the other is premium version. The premium versions come with a cost, but the basic versions are all free. The well know softwares that are indispensible but still available free area Adobe reader, Flash Player, Real Player, Apple Quick Time player, DAP, Mozilla Firefox, Google Chrome, Nero, VLC player etc, Apple ITunes etc. In case of browsers though Internet Explorer is still widely used, Mozilla Firefox and Google Chrome are fast gaining ground. They all released their new versions with new facilities and most importantly with new security features. Google Chrome in combination with Google search engine makes our search task very easy and faster. Mozilla Firefox has become very attractive with so many add-ons. 92 | P a g e In case you have any doubts about the authenticity of your software you can go for validation check. 93 | P a g e The Microsoft validation check service validated the software and given its feedback 5. Keep your passwords safe, secure, and strong. Creating a safe and secure password is a challenge. If the password of your system is very weak the cyber criminals may be able to break your password very easily. So you should create a strong password in order to block any attempt to gain unauthorized entry into your system. There are many methods to create a strong and secure password. You can consider any one these methods to create your own password for your system. 94 | P a g e For example take a quote from a philosopher called Voltaire about freedom of expression. “I don’t agree with what you say but I’m ready to sacrifice my life to protect your right to say it”. Take the first letter of each and every word of the quote to create your password. In this quote you observe some content words and the remaining are functional words. Use uppercase letters to content words, so that you bring variety into your password. Now split the sentence into two parts: ‘I don’t agree with what you say’ and ‘but I’m ready to sacrifice my life to protect your right to say it’. Now after splitting the quote into two parts you use number sign # thrice in the middle of the two parts to bring about more variety and to put a check on any effort to guess your password. When you generate a password in this manner it would be almost impossible to break it and after generating the password it would look like IdAwwyS###bIaRtSmLtPyRtSi. You can get the strength of your password checked by visiting Microsoft’s password checker facility by logging on to http://www.microsoft.com/protect/fraud/passwords/che cker.aspx 95 | P a g e You can check the strength of your password by using this facility When I checked the strength of the password that I generated using this facility it graded the password as BEST. 6. Take a back-up of your valuable files. If you have a networked system on your desk, it is normal that you keep downloading something or the other. Many of them might be very important and you want to preserve them for future reference. But those files might not entirely be safe if you let them remain on your HDD for a long time. If your system gets 96 | P a g e bugged there is every possibility that your system may crash and you may lose your important files. So it is safe to take a back up of your files in a storage device either on an external HDD or DVD. 7. Learn what to do in an e-mergency. There is a dedicated team called Indian Computer Emergency Response Team (CERT-In) under the control of Department Of Information Technology; Ministry of Communications & Information Technology; Government of India. This team comes to the rescue of the netizens and the administrators of computer networks when they face cyber emergency. The cyber attack incidents can be reported to this team and they help the persons in tackling the problem by rendering the required help. You can even keep yourself up-to-date with regard to the threats by subscribing to the email alerts facility provided by the team. CERT has a website http://www.cert-in.org.in/ which features all its activities and gives comprehensive information about the cyber threats faced by computer users in India. There are two facilities provided by this website. 97 | P a g e Incident reporting and Vulnerability reporting. In case anyone faces a computer security related incident involving loss of confidentiality, disruption of data, denial of service availability he/she can report the incident by sending an email at email@example.com In case of a vulnerability (vulnerability is a bug in a computer program which enables and attacker to bypass security measures) the problems can be reported by sending a mail at firstname.lastname@example.org . In case of e-mergency the victims can contact the officials on a toll free number +91-1800-11-4949. Laws in India to deal with cyber crime On 9th of June 2000 Ministry of Law, Justice and company Affairs published a law that was passed and received assent from the President, through a Gazette of India. The act was termed as The Information Technology Act-2000. In this act lot of importance is given to Digital Signature, as Indian companies and consumers started using documents in electronic form to run their business, in other words e commerce. Since the transactions in e commerce happen in electronic 98 | P a g e form the authentication of these documents received high priority as there is lot of scope for deception. So in this act it has been stated that all the documents in electronic form with proper digital signatures acquire equal status with the hard copies of the documents with the hand written signatures. So this law gave validity to the digital signature to facilitate the electronic transfer of documents and letters. In this act all the matters with regard to dealing with digital signatures has been incorporated. It prescribed the procedure to get Digital Signature Certificate from a certifying authority. There is also a mention of how the digital signature should function by stating that the subscriber to the digital signature holds a private key which he is supposed to keep confidential and use it diligently. Another key called public key is used to decrypt the digitally signed documents and confirm that the document is genuine. Another important thing that has been specified in this document is, Government of India would establish the Appellate Tribunals to deal with the matters of litigation in digitally signed communication in business and other matters. It also defined some terms like 99 | P a g e hacking and obscenity and mentioned provisions for penal action. The Information Technology Act was enacted in 2000 with a view to provide legal recognition to e-commerce and e-transactions, to facilitate e-governance and prevent computer-based crimes. As the nature of cyber crimes is constantly and continuously changing, this law can’t be static and has to be amended from time to time to in order to incorporate new provisions intended to curb the cyber crime and facilitate the safe operation of the cyber space. So the government brought an amendment and there are provisions in this amendment aimed at tightening procedures and safeguards to monitor and intercept data to prevent cybercrimes. The amendment is called as the Information Technology (Amendment) Act, 2008. In this amendment act new offences have been added to already existing list of offences in Information Technology Act 2000. The newly added offences are 1. sending offensive messages 2. covert theft of computing devices and information 100 | P a g e 3. fraudulent use of electronic signature 4. cheating by impersonation 5. cyber voyeurism 6. activity intended to cause damage to the unity and integrity of the country 7. promotion of sexually explicit content (covers child pornography also) This amendment act provides for an Implementation Mechanism to enforce the law. This act enables the police personnel (inspector level) to register and investigate cyber crimes. A new "Nodal Agency" also came into being for implementation of Cyber Security. The nodal agency is called as The Indian Computer Emergency Response Team and it serves as the national agency for performing the following functions in the area of Cyber Security,- (a) collection, analysis and dissemination of information on cyber crime incidents (b) forecast and alerts of cyber security incidents 101 | P a g e (c) emergency measures for handling cyber security incidents (d) coordination of cyber incidents response activities (e) issue guidelines, advisories, vulnerability notes and white papers relating to information security practices, procedures, prevention, response and reporting of cyber incidents (f) and some other functions relating to cyber security To get more information, visit the website of ICERT at http://www.cert-in.org.in/. This site features a lot of information on how to keep our computers secure, and deal with the cyber crimes. 102 | P a g e Works cited list http://www.laptop.org: one laptop per child: The MIT Media Lab http://www.cert-in.org.in: Indian Computer Emergency Response Team http://www.microsoft.com: validation check and check the password strength facility http://en.wikipedia.org/wiki/Advance_fee_fraud: Wikipedia the online encyclopedia www.yahoomail.com: screen shots from my personal mail box http://www.news.cnet.com: McAfee security report Times of India: Cyber Cafes are more vulnerable; dated January 07, 2009. 103 | P a g e
Pages to are hidden for
"Cyber Space: Opportunities and Threats"Please download to view full document