Cyber Crime: The big security threat in India

---- Shibaji Biswas The next time you surf the Internet, you might be just one click away to become the next cyber crime victim, warns a new study from security software maker Norton as Indians are worst cyber crime victims after China. Symantec Corps Enterprise security Study 2010: Symantec Corp. released its global 2010 State of Enterprise Security study. The study found that 42 per cent of Indian enterprises rate cyber security bigger threat than terrorism, crime and natural disasters. This is not a surprise, considering that 66 percent of enterprises experienced cyber attacks in the past 12 months. These attacks cost Indian enterprises an average of over ` 58.59 lakh in lost revenue in 2009, apart from bigger financial losses due to loss of confidential data and productivity. Information, a valuable asset: Today, for Indian enterprises information has become a valuable asset. Enterprises are becoming more and more information-centric. To add to this information resides at various end point including the cloud making it all the more difficult to secure. Enterprises are struggling with large volume of unstructured data, including documents, spreadsheets and emails. Protecting this valuable asset has become a key to business growth. New faces of cyber crimes: In the last couple of months, the face of the cyber criminal has undergone a complete metamorphosis. Increase instances of IP theft, loss of customer and employee information among others have been indicated the involvement of not only external attack but also malicious insiders of the organizations. According to source 40-50 Indian sites are being hacked on a daily basis by online hackers. The new age cyber criminals are targeting four basic areas to attack. These are i> poorly protected infrastructure, ii> poorly protected information, iii>poorly enforced IT policies and iv>poorly managed system. There are also risks of malicious insiders mishandling information and stealing confidential data. Some attacks are designed to exploit certain operating system or platform is directly related to that platforms market share. In 2009 malware authors targeted the Macs and Symbian mobile operating systems more, for example the Sexy Space botnet aimed at Symbian O.S. and the OSX.Iservice Trojan targeting mac users. Highly specialized malwares were uncovered in 2009 that were aimed at exploiting certain ATMs. Expect this trend to continue, including the possibility of malware targeting electronic voting systems, both those used in political and public voting in different reality shows.

Today, online financial transaction, credit card transactions become lifeline to million of citizens who do not have time to visit banks, insurance outlet. People are more prone to purchase different goods, reserve air or railway tickets, pay electric, telephone bills, trading in share, commodity, file income tax return, and land records through online payment gateway by using their online bank accounts or credit cards. E-Governance applications are beginning to touch citizens live in many ways also. These financial transactions on the Internet are not completely secure and at the same time it is not all that weak as far as security is concerned. What is required is regular examination and upgrading of security system to tackle the cyber security thread. Initiatives to tackle the cyber security threats: Government has taken several initiatives to promote information security such as setting up of Computer Emergency Response Team-In, enacting IT Act 2000 etc. To provide an effective cyber security, the steps are as follows: I. II. III. IV. V. VI. Combined effort of Government and private sectors. Awareness programme through workshops to the common people. Strengthening the IT infrastructure. Promoting ethical hacking. A complete code of electronic fund transfer. Building a skilled workforce in these specialized areas.

Some types of security threads found till now are as follows: Botnets: Botnet or bot is a collection of software agent (malicious software) that are covertly installed on users computer to allow an attacker to remotely control the targeted computer through a communication channel. Around 50% of bot infected computer in India lie in Mumbai. Infected computers in other cities like Delhi, Bangalore, Pune, Kolkata are also there. Back Door: An undocumented way of gaining access to a programme, a computer system or network. The back door is usually implemented by the creator of the programme, and is usually known to him to pose a potential risk. Denial of Service (DoS) attack: It is a method of attack involves saturating the target machine with external communications requests, such that it cannot respond to legitimate traffic, or responds so slowly as to be rendered effectively unavailable. Perpetrators of DoS attacks typically target sites or services hosted on high-profile web servers such as banks, credit card payment gateways, and even root nameservers. IP spoofing: An attack where the attacker disguises himself as another user by means of a false IP network address.

Virus: A computer virus attaches itself to a program or file enabling it to spread from one computer to another, leaving infections as it travels. Virus may exist on your computer but it actually cannot infect your computer unless you run or open the malicious program. Worms: Worms spread from computer to computer, but unlike a virus, it has the capability to travel without any human action. The biggest danger with a worm is its capability to replicate itself on your system, so rather than your computer sending out a single worm, it could send out hundreds or thousands of copies of itself, creating a huge devastating effect. Trojan Horse: Computer programmes that disguise themselves as useful software, but instead compromise ones security and privacy. Trojans can allow hackers to take control of ones computer or capture its keystrokes. Spy ware: Programmes that gather information about a users web surfing habits and send this information to a third party, usually without users knowledge. Spy ware can change system settings, install keystroke loggers, collect and report personal information. Malware: Malware short for malicious software is software designed to secretly access a computer system without the owner's infirmed consent. Malware is a general term used to mean computer virus, worms, trojan horse, spyware, rootkits etc. Phishing: Criminally fraudulent process of attempting to acquire sensitive information such as username, passwords and creadit card details by masquerading as a trustworthy entity. The mediums claim to be from popular social websites, auction sites, online payment processors or IT administrator. Rootkit: A type of Trojan that enables an attacker to have root access to the computer, which means it runs at the lowest level of the machine. The first rootkit for the Windows O.S. called NTRootkit appeared in 2001. Keystroke Logger: A programme that allows recording every character typed on a key board by a computer user. There is a lot of work to be done to handle the cyber security threat.There is a need of a large skilled workforce in the direction of ethical hacking, IT security and cyber laws. India still awaits a legal framework on cyber attacks. So be safe online.