• Investment World
• eWorld
• Brand Line
• Mentor
• Life
• Canvas
• Praxis
• Urban Pulse
• Brand Quest
• The New Manager

Stocks

• Quotes
• SE Diary
• Scoreboard
• Open-End Mutual Fund

Cross Currency

• Rates
  
  

Shipping

• Ports
  
  

Archives

• Yesterday
• Datewise
• Resources
• In Focus
• In Depth

Group Sites

• The Hindu
• The Hindu ePaper
• Business Line
• Business Line ePaper
• Sportstar
• Frontline
• The Hindu eBooks
• The Hindu Images

Bijoy Ghosh

The menace is real.

R.K.Raghavan

There was mild excitement among cyberspace watchers on November 11 over a predicted ‘cyber jihad”. Nothing of the kind happened. All was quiet, possibly much to the disappointment of those who receive a kick out of chaos and disarray wherever it may occur, in the real or virtual world. According to some experts there is no room, however, for complacence, given what happened in Estonia earlier this year when life all but came to a standstill following cyber attacks from alleged Soviet-controlled computers.

Generally speaking, what was feared on November 11 was a Denial-of-Service (DOS) attack from Jihadists whose computer prowess, incidentally, can hardly be exaggerated. Even anti-virus software giant Symantec has chosen not to ignore the prediction of a disaster. But it believes the tool in the terrorist armoury, christened E-Jihad 3.0, is too crude and unsophisticated for causing any major damage. Here a mischief-monger will first have to manually install the tool on to a computer and later use it to log on to a jihadist Web site that would subsequently release attack commands. Symantec has gone as far as constructing a Hacktool.Dijah to detect E-Jihad 3.0 ! All this is amusing if not exactly absurd!

Symantec has simultaneously been watching a “Storm” threat that involves a wide range of malicious activities, such as DoS, spam, pump-and-dump stock e-mails and botnets (hijacked computers from which attacks can be unleashed against an adversary). The magnitude of the danger here is difficult to assess, because even in normal times, systems are getting infected in large numbers and in a variety of ways. It requires an extraordinary effort to identify sources of mischief.

The surmise is that there are new and ingenious methods such as network encryption, worm-like propagation across drives and the injection of malicious IFRAME code into compromised computers. In Symantec’s estimate, the Storm threat is deadlier than E-Jihad, because millions of computers have possibly been affected already by Storm bots, making the latter a much more formidable weapon compared to the more elementary E-Jihad tool.

Finally, what is the protection that is suggested against the two threats? Nothing spectacular so far. There is just the traditional prescription: never install an unknown program, never open attachments from unknown sources and keep your anti-virus software up-to-date.

Not surprisingly, it is the dishonest elements looking for profits who command most of the bots and not the Jihadists, and it is the former against whom we should protect ourselves more. This is illustrated by news releases from law enforcement agencies from across the globe.

The latest to claim success against online predators are the UK Police, whose Serious and Organised Crime Agency (SOCA) — an equivalent of the US FBI and our own CBI — has busted an international gang that is unique in many ways.

In a four-nation operation a few weeks ago that covered the UK, Nigeria (the mother of all for Internet frauds), the US and Canada, the SOCA recovered 8.5 million pounds worth fake cheques and other fraudulent documents. Targeting Internet users, the criminals extort small sums from each victim and the booty ultimately adds up to a massive sum. The fraud (called the Nigerian 419 scheme) primarily takes the form of a small advance fee for a promised service or prize scheme which never materialises.

Yet another mode of cheating is to buy goods on auction Web sites and overpay through fake cheques. Immediately after this the seller is made to shell out the imaginary excess paid, only to find thereafter that he had been taken for a ride by the buyer who had tendered a cheque not backed by any funds at all!

There is another report of the UK police looking for a gang which took over the accounts of at least 10 individuals and used them for dishonest purposes. Armed with private details such as PIN obtained through social engineering or other subterfuges, they were able to order new debit and credit cards subsequently used to buy expensive jewellery and electronic goods.

Closely related to these happenings is a rise in Phishing (creation of a duplicate Web site to resemble that of a genuine Web site such as that of an established bank) reported by the UK’s Anti-Phishing Working Group. There are more than 220,000 sites in existence, and July 2007 alone accounted for 31,000 new ones, almost double the number reported in July 2006. There is a new group, called the Rock Phish, which is reported to be most responsible for the rise. This group takes its name from the word ‘Rock’ it introduces in its bogus Web addresses, and is known for its practice of registering Phishing sites in unusual countries, which are little known to law enforcement agencies elsewhere.

While all this online criminal activity keeps the police on its toes in several regions of the world, there is something we in Asia need to be concerned about. It is the disappearance into thin air of an infamous network that was widely known to host hackers and malware. The Russian Business Network (RBN) is known to researchers for quite some time as a group that is hospitable to those who indulge in downright hacking, and others who are in the trade of child pornography, identity thefts, etc.

VeriSign’s iDefense Labs reports that RBN has moved out of servers known to have been situated till recently in Russia. The shift is possibly because it had overreached itself and fallen foul of Russian authorities concerned about a rising wave of cyber crime.

The belief is that RBN has moved to servers in China and Taiwan and a few other countries in Asia. It is likely it would adopt a new format whereby, instead of depending on just two or three servers as it did in Russia, in the new environment, it would split itself into several, so that detection becomes difficult. In any case, RBN is a threat to all of us in Asia and we had better watch out in the interest of smooth surfing.

The writer is a former CBI Director who is currently Adviser (Security) to TCS Ltd.

More Stories on : Security | Security Musings

Article E-Mail :: Comment :: Syndication :: Printer Friendly Page

Stories in this Section
Put some zing into SMS

Copyright © 2007, The Hindu Business Line. Republication or redissemination of the contents of this screen are expressly prohibited without the written consent of The Hindu Business Line