Top 5 Windows Mobile Antivirus

The ever increasing business need for PDAs and SmartPhones has led to a large spread of virus, spyware and malware special designed for Windows Mobile platform. This Top 5 Windows Mobile Antivirus presents some of the most recommended anit-virus products for the Windows Mobile platform.

Today's smartphone viruses have shown that it is possible to create malicious code that makes the phone unusable. A virus can also cause false billing or unwanted disclosure of stored information. Protection against harmful content is required on every smartphone.

What features should you look for when considering an Mobile Anti-Virus?
  
Most of the features to look for in selecting a mobile antivirus solution are the same ones you're familiar with in choosing one for your PC:

    * Support for your device. You have to check that any software supports the operating system and device you want to protect. For instance, most antivirus vendors are updating their products to cover Windows Mobile 5.0 and 6.0 —but, be sure to verify before you buy.
    * Easy-to-use. If it isn't easy, let's be honest, you're not going to do it. Not only must the installation be easy and foolproof; but the interface I use day-to-day needs to be clear and useful.
    * Automatic, over-the-air (OTA) updates. Antivirus vendors constantly update their products to recognize new threats, and over-the-air is the best way to deliver those updates. If you have to wait until you synchronize to receive updates, you could be going outside wearing yesterday's virus protection.
    * Real-time virus scanning. This may slow your device a little, but this is the best form of protection. Antivirus software should examine all attachments for viruses.
    * Intrusion detection. When you set up a Windows Mobile 5.0 device, you'll find that Bluetooth and Wi-Fi are "OFF" by default. If you have an earlier version of Windows Mobile operating system, check the Help files on your device or contact your device provider for instructions on how to turn off these services. In either case, read about how to activate them safely. Then, it isn't as crucial to have intrusion detection.
    * Support for you. When I have a security-related question, I want a fast answer. My company is intentionally small, and we don't have an in-house support staff. So, the type of support that a vendor offers is often a deciding factor on whether I'll buy or not. Besides an easy-to-use Web knowledge base, I want rapid-response e-mail, live chat, and phone support.

Read More

Playing Online Games Without Being a Target for Hackers

 Because online gaming creates anonymity, hackers can do their work without being caught. They carefully design hacking soft wares that they
sell among themselves to allow others to use the codes they create. The cheat codes they build are hidden from game developers carefully, so they will not be able to block them. This does not mean, however, that there are not tools available to stop online hacking programs!
Are You a Target?
One of the best ways to prevent hacking is knowing whether or not you are a target for a hacker.

    * Are you doing well in your game?
    * Is your character winning, or does he have a power or ability that is highly desirable?
    * Have you built something in your online environment that is impressive?

If you answer yes to any or all of these questions you are most likely a target!

In addition to these factors, pay attention to what is going on inside your gaming community. Have other players been the victim of hackers? If so, what methods were used? By staying aware of what is going on in the online "world" in which you are participating, you will be exercising the same kind of vigilance against criminals that you use in the "real world."
Anti-hacking Tools
So what can you do to prevent hacking programs from destroying your gaming environment? There are many companies offering anti-hacking measures for online game worlds. To keep your game secure, you download these programs onto your computer. The problem with anti-hacking programs is that hackers are quite smart, and they find ways around these programs. That is why you need to look for programs that offer an automatic update feature. This ensures that whenever a patch is available, your computer receives it, and your game is as secure as possible.

Many games come with anti cheat programs pre-installed. The problem with this is that hackers are experts on getting through these programs. Just because you start playing a game that assures you it is secure, make sure your computer is secure as well. If your computer has a back door or your network is unsecured and you start doing well in a game, you can expect to become the target for a hacker!

Free online games are often the biggest problem for those wishing to fight hackers. If you play games online, be aware that hackers can disrupt the world you build, no matter what you do. But there are methods for prevention of hacking, and you can build a more secure environment with the right anti-hacking software. Be prepared to deal with online hacking of games, and you will have a better presence in your online gaming environment.

Read More

Preventing Online Game Hacking the Right Way

Preventing Online Game Hacking the Right WayHackers have been around since the early development of computers, although they have gone by different names at different times. Today, online hacking of games is one of the biggest areas of unauthorized computer mischief. The popularty of free online games and the number of people who choose to play games online is part of the reason for this growing problem. How are people hacking games online, and what methods for prevention of hacking are out there?
Online Gaming Experience Online gaming is growing in popularity every year because the experience allows for multi-player interaction in simulated worlds. There are even kids online games designed to allow children to play against competitors of their own age. Many of these games are role playing games, where the player takes on the identity of their game character. This provides a level of anonymity that is hard to duplicate in other environments.
Hacking of Online Games So why are so many people going online hacking games? How does online game hacking work? What is the appeal of game hacking on the Internet?
Appeal of Online Game Hacking An online hacker can come into the environment you have built and steal the identity you have created. If you are doing well on your game, they will steal your success. They may even sell the characters you have built to other gamers. This kind of activity involve more than the thrill of the game.
Online gaming tournaments can be sufficiently lucrative to allow some gamers to turn professional. The characters they have created and the resources they have amassed in a given "reality" can represent tremendous profit potential and are a key aspect of their reputation as recognized players.  Sadly, some people choose to cheat at online games because they actually enjoy ruining the experience for someone else. Other hackers enjoy the thrill of "breaking the code" on a computer game as a technological challenge. Hacking passwords from online games can be profitable if the hackers sell the access information. While we may never fully understand what leads some people to acts of computer vandalism, hacker societies exist around the world and routinely work as a group to develop better strategies for gaining access to data and systems that are not their own.

Read More

Be Prepared for Cell Phone Hacks

    What Can A Hacker Do? ....

Rob Your Money
      Other options might use a particular buying feature called SMS. This refers to the fact that money can be taken from your account and transferred into another
      - and a good hacker can sit in one place and access a lot of phones and transfer a lot of money rather quickly - probably in less time than you think!
          Give The System A Virus
      By using another cell phone hack code, a hacker could kidnap your phone, send it a camouflaged program or send it a virus. But it does not end there, since, from that point, he can use your phone to retransmit the virus to many other phones almost instantly - potentially disabling the system.
          Spy On You
           A hacker can also gain access and take over for cell phone spying and remote mobile phone hacking. Literally, once secured, the hacker can have the phone call him, and then be able to listen to all conversations going on around the owner of the phone.
      Access Your Voice Mails
      Voice mails can also be retrieved by a hacker through a hacking cell phone. After stealing your number, this can easily be done - if your password is disabled. The main thing that needs to be understood here, is that the electronics that give you the modern convenience of interacting with the Internet (getting your voice mails, emails, Web surfing, etc.) , is also the same technology that allows you to receive the same ills as can befall someone on the Internet.
What Can You Do?
It seems that the major cell phone companies, at least at this point, really are not interested in bringing the system up to be able to cope with this threat. Meetings are starting to take place, but for now it is not perceived to be real serious. This could be because it is primarily the older phones that are most susceptible to some types of this mobile hacking.

Until the cell phone manufacturers are able to cope with, or eliminate, the glitches in the system that allows them to overcome these problems, you will largely have to help yourself to cope with these things. Here are a couple of tips that will help you protect your cell phone, its information, and other things.
      Use Your Passwords
      The cell phone companies tell us that many people have turned off their passwords when they access their voice mail messages, or other things. This little feature, though it may seem to be an annoyance to some, could protect your phone from unauthorized purposes.
      Leave The Phone Off
      This one is obviously the harder choice, here, simply because most of us who have cell phones like to be reached anytime and anywhere. Others do need to be reachable at all times.
          Upgrade Your Phone
      While this cannot guarantee that your phone is not hackable, it certainly will help. It should be remembered that the phone companies work hard to deliver the best technology and conveniences - but the cell phone hacks work just as hard to be the first to break the systems designed to defeat them. It is an ongoing battle.

      Cellular phone hacking, for now, is a fact of life that affects a few of us. Gladly, the numbers are still small, but many feel this problem is just getting started. By being aware of the problems, you can wisely take steps to prevent them from happening to you. Cellphone hacking does not need to catch you unprepared.

Read More

Cell phones - Hackers Next Target!

It was bound to happen - they have hacked just about everything else. Now it's the cell phones. Cellphone hacking has just recently surfaced and been made public ever since some one did some cellular phone hacking on Paris Hilton's cell phone.
This article will give you some information about what is going on out there and what you can do------
------------------------------------------------------------------------------------------------------------------
 
             What Does It Involve
The fact of someone hacking cell phone became public knowledge when Paris Hilton's cell phone, along with her information was recently hacked. Unfortunately for her, all her celebrity friends and their phone numbers were also placed on the Internet - resulting in a barrage of calls to each of them.

Cell phone hackers have apparently found a glitch in the way the chips are manufactured. The good news, though, is that it only applies to the first generation models of cell phones that use the Global System for Mobile communications (GSM). Another requirement is that the hacker must have physical access to the cell phone for at least three minutes - which is a real good reason not to let it out of your sight. Currently, although the problem has been remedied (at least for now) in the second and third generation phones, it seems that about 70% of existing cell phones fall within the first generation category.

Another way that mobile phone hacking can take place is for a hacker to walk around an area with people that have cell phones and a laptop that has cellphone hacker programs on it. Through an antenna, and a little patience, his computer can literally pick up your cell phone data - if it is turned on. This is more applicable to cell phones that use Bluetooth technology.
What Can A Hacker Do?
Surprisingly, there are quite a number of things that can be accomplished by the hacker. Depending on their intent here are a few of them.

    >>>>      Steal Your Number
     
Your phone number can be accessed and obtained by cellphone hacking. This allows them to make calls and have it charged to your account.
   
>>>>      Take Your Information
   
  Mobile hacking allows a hacker to contact your cell phone, without your knowledge, and to download your addresses and other information you might have on your phone. Many hackers are not content to only get your information. Some will even change all your phone numbers! Be sure to keep a backup of your information somewhere. This particular technique is called Bluesnarfing.
 

Read More

what is----BLACK HAT HACKERS

A black hat is a person who compromises the security of a computer system without permission from an authorized party, typically with malicious intent. The term white hat is used for a person who is ethically opposed to the abuse of computer systems, but is frequently no less skilled. The term cracker was coined by Richard Stallman to provide an alternative to using the existing word hacker for this meaning.[1] The somewhat similar activity of defeating copy prevention devices in software which may or may not be legal in a country's laws is actually software cracking.
Terminology

Use of the term "cracker" is mostly limited (as is "black hat") to some areas of the computer and security field and even there, it is considered controversial. Until the 1980s, all people with a high level of skills at computing were known as "hackers". A group that calls themselves hackers refers to "a group that consists of skilled computer enthusiasts". The other, and currently more common usage, refers to those who attempt to gain unauthorized access to computer systems. Over time, the distinction between those perceived to use such skills with social responsibility and those who used them maliciously or criminally, became perceived as an important divide. Many members of the first group attempt to convince people that intruders should be called crackers rather than hackers, but the common usage remains ingrained. The former became known as "hackers" or (within the computer security industry) as white hats, and the latter as "crackers" or "black hats". The general public tends to use the term "hackers" for both types, a source of some conflict when the word is perceived to be used incorrectly; for example Linux has been criticised as "written by hackers". In computer jargon the meaning of "hacker" can be much broader.

Usually, a black hat is a person who uses their knowledge of vulnerabilities and exploits for private gain, rather than revealing them either to the general public or the manufacturer for correction. Many black hats hack networks and web pages solely for financial gain. Black hats may seek to expand holes in systems; any attempts made to patch software are generally done to prevent others from also compromising a system they have already obtained secure control over. A black hat hacker may write their own zero-day exploits (private software that exploits security vulnerabilities; 0-day exploits have not been distributed to the public). In the most extreme cases, black hats may work to cause damage maliciously, and/or make threats to do so as extortion.

Methods

Techniques for breaking into systems can involve advanced programming skills and social engineering, but more commonly will simply be the use of semi-automatic software. Common software weaknesses exploited include buffer overflow, integer overflow, memory corruption, format string attacks, race conditions, cross-site scripting, cross-site request forgery, code injection and SQL injection bugs

Read More

2 Sides of INDIAN Cyber Law or IT Act of INDIA

Cyber laws are meant to set the definite pattern, some rules and guidelines that defined certain business activities going on through internet legal and certain illegal and hence punishable . The IT Act 2000, the cyber law of India , gives the legal framework so that information is not denied legal effect, validity or enforceability, solely on the ground that it is in the form of electronic records.

One cannot regard government as complete failure in shielding numerous e-commerce activities on the firm basis of which this industry has got to its skies, but then the law cannot be regarded as free from ambiguities.

MMS porn case in which the CEO of bazee.com(an Ebay Company) was arrested for allegedly selling the MMS clips involving school children on its website is the most apt example in this reference. Other cases where the law becomes hazy in its stand includes the case where the newspaper Mid-Daily published the pictures of the Indian actor kissing her boyfriend at the Bombay nightspot and the arrest of Krishan Kumar for illegally using the internet account of Col. (Retd.) J.S. Bajwa.

The IT Act 2000 attempts to change outdated laws and provides ways to deal with cyber crimes. Let’s have an overview of the law where it takes a firm stand and has got successful in the reason for which it was framed.

1. The E-commerce industry carries out its business via transactions and communications done through electronic records . It thus becomes essential that such transactions be made legal . Keeping this point in the consideration, the IT Act 2000 empowers the government departments to accept filing, creating and retention of official documents in the digital format. The Act also puts forward the proposal for setting up the legal framework essential for the authentication and origin of electronic records / communications through digital signature.

2. The Act legalizes the e-mail and gives it the status of being valid form of carrying out communication in India . This implies that e-mails can be duly produced and approved in a court of law , thus can be a regarded as substantial document to carry out legal proceedings.

3. The act also talks about digital signatures and digital records . These have been also awarded the status of being legal and valid means that can form strong basis for launching litigation in a court of law. It invites the corporate companies in the business of being Certifying Authorities for issuing secure Digital Signatures Certificates.

4. The Act now allows Government to issue notification on the web thus heralding e-governance.

5. It eases the task of companies of the filing any form, application or document by laying down the guidelines to be submitted at any appropriate office, authority, body or agency owned or controlled by the government. This will help in saving costs, time and manpower for the corporates.

6. The act also provides statutory remedy to the coporates in case the crime against the accused for breaking into their computer systems or network and damaging and copying the data is proven. The remedy provided by the Act is in the form of monetary damages, not exceeding Rs. 1 crore($200,000).

7. Also the law sets up the Territorial Jurisdiction of the Adjudicating Officers for cyber crimes and the Cyber Regulations Appellate Tribunal.

8. The law has also laid guidelines for providing Internet Services on a license on a non-exclusive basis.

The IT Law 2000, though appears to be self sufficient, it takes mixed stand when it comes to many practical situations. It looses its certainty at many places like:

1. The law misses out completely the issue of Intellectual Property Rights, and makes no provisions whatsoever for copyrighting, trade marking or patenting of electronic information and data. The law even doesn’t talk of the rights and liabilities of domain name holders , the first step of entering into the e-commerce.
2. The law even stays silent over the regulation of electronic payments gateway and segregates the negotiable instruments from the applicability of the IT Act , which may have major effect on the growth of e-commerce in India . It leads to make the banking and financial sectors irresolute in their stands .
3. The act empowers the Deputy Superintendent of Police to look up into the investigations and filling of charge sheet when any case related to cyber law is called. This approach is likely to result in misuse in the context of Corporate India as companies have public offices which would come within the ambit of "public place" under the Act. As a result, companies will not be able to escape potential harassment at the hands of the DSP.
4. Internet is a borderless medium ; it spreads to every corner of the world where life is possible and hence is the cyber criminal. Then how come is it possible to feel relaxed and secured once this law is enforced in the nation??

The Act initially was supposed to apply to crimes committed all over the world, but nobody knows how can this be achieved in practice , how to enforce it all over the world at the same time???

* The IT Act is silent on filming anyone’s personal actions in public and then distributing it electronically. It holds ISPs (Internet Service Providers) responsible for third party data and information, unless contravention is committed without their knowledge or unless the ISP has undertaken due diligence to prevent the contravention .
* For example, many Delhi based newspapers advertise the massage parlors; and in few cases even show the ‘therapeutic masseurs’ hidden behind the mask, who actually are prostitutes. Delhi Police has been successful in busting out a few such rackets but then it is not sure of the action it can take…should it arrest the owners and editors of newspapers or wait for some new clauses in the Act to be added up?? Even the much hyped case of the arrest of Bajaj, the CEO of Bazee.com, was a consequence of this particular ambiguity of the law. One cannot expect an ISP to monitor what information their subscribers are sending out, all 24 hours a day.

Cyber law is a generic term, which denotes all aspects, issues and the legal consequences on the Internet, the World Wide Web and cyber space. India is the 12th nation in the world that has cyber legislation apart from countries like the US, Singapore, France, Malaysia and Japan .

But can the cyber laws of the country be regarded as sufficient and secure enough to provide a strong platform to the country’s e-commerce industry for which they were meant?? India has failed to keep in pace with the world in this respect, and the consequence is not far enough from our sight; most of the big customers of India ’s outsourcing company have started to re-think of carrying out their business in India .Bajaj’s case has given the strongest blow in this respect and have broken India ’s share in outsourcing market as a leader.

If India doesn’t want to loose its position and wishes to stay as the world’s leader forever in outsourcing market, it needs to take fast but intelligent steps to cover the glaring loopholes of the Act, or else the day is not far when the scenario of India ruling the world’s outsourcing market will stay alive in the dreams only as it will be overtaken by its competitors.

Read More

Asia Pacific Cyberlaw Forum (APCF)

Asia Pacific Cyberlaw Forum (APCF) is committed to the cause of development of strong, logical and vibrant Cyberlaws in different countries of Asia Pacific. Historically speaking, Internet has been basically a United States phenomenon. The early adoption and widespread usage of Internet by the western world made sure that some of the early Cyberlaws came into being in the western world. Asia Pacific as a region seems to be far behind in the field of enacting Cyberlaws for regulating activities of netizens in cyber space. Barring a handful of countries in Asia Pacific, most of the countries in this region have low Internet penetration and consequently, have not felt the need to legislate Cyberlaws. However, given the way Internet is rapidly growing, it would only be a matter of time before all the countries in Asia Pacific will be constrained to enact and adopt Cyberlaws.

Asia Pacific Cyberlaw Forum (APCF) aims to become the focal point for giving appropriate inputs to all governments of Asia Pacific in the field of drafting, enacting and adopting Cyberlaws. APCF is committed to the fact that Asia Pacific nations should not reinvent the wheel. Asia Pacific nations should learn from the previous wisdom and practical experiences of other nations in the world who have enacted and implemented Cyberlaws APCF aims to become a rallying point for research, brainstorming, information and all kinds of matters concerning Cyberlaw in Asia and Pacific.

APCF would coordinate with Cyberlaw Asia, being Asia's premier membership based Cyberlaw body, in spreading more awareness about different facets of Cyberlaw.

The Chairman of APCF is Mr. Pavan Duggal, Asia's leading authority and expert on Cyberlaw.

The secretariat of APCF is based in Delhi and would be located at C2/60, Janak Puri, New Delhi - 110058, India.

Read More

LINKS WHERE YOU CAN COMPLAIN ABOUT THIS CRIME

                                     INDIAN CYBER LAWS
Chapter-I

New Delhi, the 9th June, 2000 / Jyaistha 19,1922 (Saka)

The following Act of Parliament received the assent of the President on the 9th June, 2000, and is hereby published for general information :-

Chapter II

DIGITAL SIGNATURE

3. Authentication of electronic records.

(1) Subject to the provisions of this section any subscriber may authenticate an electronic record by affixing his digital signature.

Chapter III

4. Legal recognition of electronic records.

Where any law provides that information or any other matter shall be in writing or in the typewritten or printed form, then, notwithstanding anything contained in such law, such requirement shall be deemed to have been satisfied if such information or matter is :-

Chapter-IV

11.Attribution of electronic records.

An electronic record shall be attributed to the originator :

(a) if it was sent by the originator himself;

(b) by a person who had the authority to act on behalf of the originator in respect of that electronic record, or

Chapter-V

14. Secure electronic record.

Where any security procedure has been applied to an electronic record at a specific point of time. then such record shall be deemed to be a secure electronic record from such point of time to the time of verification.

Chapter-VI

17. Appointment of Controller and other officers.

(1) The Central Government may, by notification in the Official Gazette, appoint a Controller of Certifyin

g Authorities for the purposes of this Act and may also by the same or subsequent notification appoint such number of Deputy Controllers and Assistant Controllers as it deems fit.

Chapter-VII

(1) Any person may make an application to the Certifying Authority for the issue of a Digital Signature Certificate in such form as may be prescribed by the Central Government.

(2) Every such application shall be accompanied by such fee not exceeding twenty-five thousand rupees as may be prescribed by the Central Government, to be paid to the Certifying Authority.

Chapter-VIII

40. Generating key pair.

Where any Digital Signature Certificate, the public key of which corresponds to the private key of that subscriber which is to be listed in the Digital Signature Certificate has been accepted by a subscriber, then, the subscriber shall generate the key pair by applying the security procedure

Chapter-IX

43. Penalty for damage to computer, computer system, etc.

If any person without permission of the owner or any other person who is incharge of a computer, computer system or computer network. :-

(A) Accesses or secures access to such computer, computer system or computer network.


Chapter-X

48. Establishment of Cyber Appellate Tribunal.

(1)The Central Government shall, by notification, establish one or more appellate tribunals to be known as the Cyber Regulations Appellate Tribunal.

(2)The Central Government shall also specify, in the notification referred to in sub-section (1), the matters and places in relation to which the Cyber Appellate Tribunal may exercise jurisdiction.

Read More

CYBER CRIME-------Cyber Law Cases in India and World

MYSPACE CATCHES A MURDERER

MySpace has played an important role in helping Oakland police apprehend a 19-year old man accused of shooting a San Leandro High School football player Greg "Doody" Ballard, Jr.

Oakland police had a street name of a suspect and were able to identify Dwayne Stancill, 19 of Oakland from a picture they found on a gang's MySpace page. Police brought the suspect to their headquarters where detectives say he confessed. What was most troubling to investigators was the lack of motive for the killing.

OFFICIAL WEBSITE OF MAHARASTRA GOVERNMENT HACKED

MUMBAI, 20 September 2007 — IT experts were trying yesterday to restore the official website of the government of Maharashtra, which was hacked in the early hours of Tuesday.

Rakesh Maria, joint commissioner of police, said that the state’s IT officials lodged a formal complaint with the Cyber Crime Branch police on Tuesday. He added that the hackers would be tracked down. Yesterday the website, http://www.maharashtragovernment.in, remained blocked.

Deputy Chief Minister and Home Minister R.R. Patil confirmed that the Maharashtra government website had been hacked. He added that the state government would seek the help of IT and the Cyber Crime Branch to investigate the hacking.

“We have taken a serious view of this hacking, and if need be the government would even go further and seek the help of private IT experts. Discussions are in progress between the officials of the IT Department and experts,” Patil added.

The state government website contains detailed information about government departments, circulars, reports, and several other topics. IT experts working on restoring the website told Arab News that they fear that the hackers may have destroyed all of the website’s contents.

According to sources, the hackers may be from Washington. IT experts said that the hackers had identified themselves as “Hackers Cool Al-Jazeera” and claimed they were based in Saudi Arabia. They added that this might be a red herring to throw investigators off their trail.

According to a senior official from the state government’s IT department, the official website has been affected by viruses on several occasions in the past, but was never hacked. The official added that the website had no firewall.

Three people held guilty in on line credit card scam

Customers credit card details were misused through online means for booking air-tickets. These culprits were caught by the city Cyber Crime Investigation Cell in pune. It is found that details misused were belonging to 100 people.

Mr. Parvesh Chauhan, ICICI Prudential Life Insurance officer had complained on behalf of one of his customer. In this regard Mr. Sanjeet Mahavir Singh Lukkad, Dharmendra Bhika Kale and Ahmead Sikandar Shaikh were arrested. Lukkad being employeed at a private institution, Kale was his friend. Shaiklh was employed in one of the branches of State Bank of India .

According to the information provided by the police, one of the customer received a SMS based alert for purchasing of the ticket even when the credit card was being held by him. Customer was alert and came to know something was fishy; he enquired and came to know about the misuse. He contacted the Bank in this regards. Police observed involvement of many Bank's in this reference.

The tickets were book through online means. Police requested for the log details and got the information of the Private Institution. Investigation revealed that the details were obtained from State Bank of India . Shaikh was working in the credit card department; due to this he had access to credit card details of some customers. He gave that information to Kale. Kale in return passed this information to his friend Lukkad. Using the information obtained from Kale Lukkad booked tickets. He used to sell these tickets to customers and get money for the same. He had given few tickets to various other institutions.

Cyber Cell head DCP Sunil Pulhari and PI Mohan Mohadikar A.P.I Kate were involved in eight days of investigation and finally caught the culprits.

In this regards various Banks have been contacted; also four air-line industries were contacted.
DCP Sunil Pulhari has requested customers who have fallen in to this trap to inform police authorities on 2612-4452 or 2612-3346 if they have any problems.

How cyber crime operations work – and why they make money

Hackers are no longer motivated by notoriety – it's now all about the money. Guillaume Lovet, Threat Response Team Leader at security firm Fortinet, identifies the players, their roles and the returns they enjoy on their investments.
Cybercrime which is regulated by Internet Law  (Cyber Law) or IT Act has become a profession and the demographic of your typical cybercriminal is changing rapidly, from bedroom-bound geek to the type of organised gangster more traditionally associated with drug-trafficking, extortion and money laundering.
It has become possible for people with comparatively low technical skills to steal thousands of pounds a day without leaving their homes. In fact, to make more money than can be made selling heroin (and with far less risk), the only time the criminal need leave his PC is to collect his cash. Sometimes they don't even need to do that.
In all industries, efficient business models depend upon horizontal separation of production processes, professional services, sales channels etc. (each requiring specialised skills and resources), as well as a good deal of trade at prices set by the market forces of supply and demand. Cybercrime is no different: it boasts a buoyant international market for skills, tools and finished product. It even has its own currency.
The rise of cybercrime is inextricably linked to the ubiquity of credit card transactions and online bank accounts. Get hold of this financial data and not only can you steal silently, but also – through a process of virus-driven automation – with ruthlessly efficient and hypothetically infinite frequency.
The question of how to obtain credit card/bank account data can be answered by a selection of methods each involving their own relative combinations of risk, expense and skill.
The most straightforward is to buy the ‘finished product’. In this case we’ll use the example of an online bank account. The product takes the form of information necessary to gain authorised control over a bank account with a six-figure balance. The cost to obtain this information is $400 (cybercriminals always deal in dollars). It seems like a small figure, but for the work involved and the risk incurred it’s very easy money for the criminal who can provide it. Also remember that this is an international trade; many cyber-criminals of this ilk are from poor countries in Eastern Europe, South America or South-East Asia.
The probable marketplace for this transaction will be a hidden IRC (Internet Relay Chat) chatroom. The $400 fee will most likely be exchanged in some form of virtual currency such as e-gold.
Not all cyber-criminals operate at the coalface, and certainly don’t work exclusively of one another; different protagonists in the crime community perform a range of important, specialised functions. These broadly encompass:
Coders – comparative veterans of the hacking community. With a few years' experience at the art and a list of established contacts, ‘coders’ produce ready-to-use tools (i.e. Trojans, mailers, custom bots) or services (such as making a binary code undetectable to AV engines) to the cybercrime labour force – the ‘kids’. Coders can make a few hundred dollars for every criminal activity they engage in.
Kids – so-called because of their tender age: most are under 18. They buy, trade and resell the elementary building blocks of effective cyber-scams such as spam lists, php mailers, proxies, credit card numbers, hacked hosts, scam pages etc. ‘Kids’ will make less than $100 a month, largely because of the frequency of being ‘ripped off’ by one another.
Drops – the individuals who convert the ‘virtual money’ obtained in cybercrime into real cash. Usually located in countries with lax e-crime laws (Bolivia, Indonesia and Malaysia are currently very popular), they represent ‘safe’ addresses for goods purchased with stolen financial details to be sent, or else ‘safe’ legitimate bank accounts for money to be transferred into illegally, and paid out of legitimately.
Mobs – professionally operating criminal organisations combining or utilising all of the functions covered by the above. Organised crime makes particularly good use of safe ‘drops’, as well as recruiting accomplished ‘coders’ onto their payrolls.
Gaining control of a bank account is increasingly accomplished through phishing. There are other cybercrime techniques, but space does not allow their full explanation.
All of the following phishing tools can be acquired very cheaply: a scam letter and scam page in your chosen language, a fresh spam list, a selection of php mailers to spam-out 100,000 mails for six hours, a hacked website for hosting the scam page for a few days, and finally a stolen but valid credit card with which to register a domain name. With all this taken care of, the total costs for sending out 100,000 phishing emails can be as little as $60. This kind of ‘phishing trip’ will uncover at least 20 bank accounts of varying cash balances, giving a ‘market value’ of $200 – $2,000 in e-gold if the details were simply sold to another cybercriminal. The worst-case scenario is a 300% return on the investment, but it could be ten times that.
Better returns can be accomplished by using ‘drops’ to cash the money. The risks are high, though: drops may take as much as 50% of the value of the account as commission, and instances of ‘ripping off’ or ‘grassing up’ to the police are not uncommon. Cautious phishers often separate themselves from the physical cashing of their spoils via a series of ‘drops’ that do not know one another. However, even taking into account the 50% commission, and a 50% ‘rip-off’ rate, if we assume a single stolen balance of $10,000 – $100,000, then the phisher is still looking at a return of between 40 and 400 times the meagre outlay of his/her phishing trip.
In large operations, offshore accounts are invariably used to accumulate the criminal spoils. This is more complicated and far more expensive, but ultimately safer.
The alarming efficiency of cybercrime can be illustrated starkly by comparing it to the illegal narcotics business. One is faster, less detectable, more profitable (generating a return around 400 times higher than the outlay) and primarily non-violent. The other takes months or years to set-up or realise an investment, is cracked down upon by all almost all governments internationally, fraught with expensive overheads, and extremely dangerous.
Add phishing to the other cyber-criminal activities driven by hacking and virus technologies – such as carding, adware/spyware planting, online extortion, industrial spying and mobile phone dialers – and you’ll find a healthy community of cottage industries and international organisations working together productively and trading for impressive profits. Of course these people are threatening businesses and individuals with devastating loss, financial hardship and troubling uncertainty – and must be stopped.
On top of viruses, worms, bots and Trojan attacks, organisations in particular are contending with social engineering deception and traffic masquerading as legitimate applications on the network. In a reactive approach to this onslaught, companies have been layering their networks with stand alone firewalls, intrusion prevention devices, anti-virus and anti-spyware solutions in a desperate attempt to plug holes in the armoury. They're beginning to recognise it's a failed strategy. After all, billions of pounds are being spent on security technology, and yet security breaches continue to rise.
To fight cybercrime there needs to be a tightening of international digital legislation and of cross-border law enforcement co-ordination. But there also needs to be a more creative and inventive response from the organisations under threat. Piecemeal, reactive security solutions are giving way to strategically deployed multi-threat security systems. Instead of having to install, manage and maintain disparate devices, organisations can consolidate their security capabilities into a commonly managed appliance. These measures combined, in addition to greater user education are the best safeguard against the deviousness and pure innovation of cyber-criminal activities.

Read More