• Investment World
• eWorld
• Brand Line
• Mentor
• Life
• Canvas
• Praxis
• Urban Pulse
• Brand Quest
• The New Manager

Stocks

• Quotes
• SE Diary
• Scoreboard
• Open-End Mutual Fund

Cross Currency

• Rates
  
  

Shipping

• Ports
  
  

Archives

• Yesterday
• Datewise
• Resources
• In Focus
• In Depth

Group Sites

• The Hindu
• The Hindu ePaper
• Business Line
• Business Line ePaper
• Sportstar
• Frontline
• The Hindu eBooks
• The Hindu Images

R.K. Raghavan

A round-up of recent action in cyberspace, which only reiterates the need for a cautious drive along the info highway.

Once again, an interesting fortnight has gone by. If I retail all the cases on hand, which make an incredible assortment, you may be queasy while accessing the Internet the next time!

First, we had the IIT-educated CEO of a software company in Kolkata using the Net to peddle drugs across the globe in collusion with a US accomplice. He was not only being avaricious and dishonest. He was also stupid to believe that the goings-on in his system would remain unnoticed. But then many criminals throw caution to the wind and indulge in activities that are undesirable as well as harmful to humanity around them.

I am certain that the Narcotics Control Bureau (NCB) of the Government of India that tracked him did a lot of surfing before they swooped down on him. Is this not reiteration that the Net is an aid both to the crook and the sleuth?

Next we heard from the Chennai Police that an individual was using the Net to go about his flesh trade, especially fixing appointments for call girls. We do not have details of how exactly he was operating. We do, however, know he was making a lot of money because he had a high society clientele. There is hardly anything we can do about this.

After this episode, it is possible that at least for a while, many in this sordid business may switch over to the cell-phone, under the wrong belief that monitoring activities here is more difficult. Ultimately, in both the mediums, it is the availability of intelligence that first gives out the suspect's identity. Any detailed investigation is only thereafter.

A shocking story

If ordinary mortals misbehave in cyberspace, as they did in the above instances, we are no longer surprised, but look upon them as only reflecting human frailty. If so, what about members of the judiciary from whom we expect much higher standards of conduct?

Have you heard the shocking story of a Superior Court Judge in the US who was habituated to online pornography?

It was the chance discovery of a vigilante hacker from Canada, Brad Wilman, who was hell bent on rooting out child abuse on the Net, even if it meant illegally breaking into other computers. Wilman's determination saw the conviction in 1999 of a man who was trying to sell his eight-year old daughter for sex over the Internet. It was in another of his forays into cyber space a year later that he stumbled on Judge Kline's activities. He was quick to write a Trojan that kept a tab on the judge's computer and confirmed his proclivity to watching unseemly child images.

On a tip-off from Wilman, the Irvine (California) law enforcement moved in. It found the machines at the judge's home and court full of explicit pictures, which would put any of us to shame. After years of court proceedings, Judge Kline was recently convicted to 27 months in Federal prison for possession of child pornography.

More interestingly, in 2002, two years after he was found out by the authorities, because of the attendant publicity, a man came forward to accuse Judge Kline of having molested him when the latter was just a boy. However, since the complaint was made 23 years after the alleged incident, it was thrown out as time barred.

Brad Wilman may have been eccentric, and may have broken the law knowingly. But he must be admired for his tenacity in pursuing a social evil that may be described in the mildest of terms as a widespread mental aberration evident very much on the Net. We need many more Wilmans if we are to keep the most powerful of our modern communication mediums clean.

Now, it's `Vishing'

While pornography on the Net may have become traditional over the years, recent months have been witness to newer and newer forms of Internet crime. The latest entrant to the world are scams over Voice over Internet Protocol (VoIP).

VoIP has become extremely popular because it allows inexpensive international calls through the Net. The burgeoning volumes here have not gone unnoticed by the underworld. The FBI has studied the situation in great detail and has come out with a new label for `Phishing' over VoIP, which it calls, `Vishing".

In this form of misuse of the Web, scamsters use voice instead of images of a phoney Web site (which is the modus operandus in `Phishing') to take gullible bank customers for a ride. They use either an e-mail or a telephone call over VoIP. The e-mail directs you to contact a telephone number (falsely referred to as a Customer Service Centre) where you are asked to reveal your personal information, such as bank account number, the PIN for online banking or your Social Security Number (if you are in the US).

Alternatively, you directly receive a telephone call when a real person or a machine demands such information. Invariably, such a caller already possesses genuine partial information on the victim, which is used to lull the latter into complacence. The call is invariably over VoIP, because one can hide his identity by creating a false automated customer service line. There is the additional facility to the scamster of masking his number to defeat a Caller ID system.

The FBI advises the public to be extremely circumspect while receiving such calls and to do double checking (by going off the line and ringing the number that called) before volunteering any information that needs to be kept confidential.

Beware `Pharming'

The reputed IT magazine Computerworld reported recently of an ingenious attack called `Pharming", which simultaneously targeted 50 financial institutions in the US, Europe and the Asia-Pacific region. The modus operandus here was to infect a computer by luring the user to a Web site carrying a malicious code.

An unpatched computer would, after entering such a Web site, download a Trojan in a file called "iexplorer.exe", which would, in turn, unload five files from a Russian server. An error message follows, and recommends to the user to shut off of his firewall and antivirus software. If the user obeys such a direction, what follows is disaster.

This is because, if he thereafter visits the sites of any of the targeted financial institutions, he is directed to a fake site, which collects his log-in details and transfers them to the Russian server.

It is learnt that at least 1,000 computers in the US and Australia were being infected every day, before the sites hosting the malicious code and the fake look-alike sites were shut down.

This type of attack is similar to `Phishing', but is slightly different in the sense that while in the latter, the victim is led on to a look-alike Web site by clicking on a spam mail, in `Pharming', even when the user types the address of the real site into the browser, he is directed to the phoney site.

Perhaps the worst feature of the attack is that the victim, after having been vandalised, is directed back to the legitimate site where he had been originally logged in, thereby making the attack go unnoticed!

(The writer is a former CBI Director who is currently Adviser (Security) to TCS Ltd.)

More Stories on : Security | Internet | Security Musings

Article E-Mail :: Comment :: Syndication :: Printer Friendly Page

Stories in this Section
Now, it's your turn!

Copyright © 2007, The Hindu Business Line. Republication or redissemination of the contents of this screen are expressly prohibited without the written consent of The Hindu Business Line