Avoid deception in online shopping

Cyber Crime,Cyber Security,Cyber Law

Tips to put into practice when making purchases:

In case of need to buy a product, it is advisable to take a look at the product that is being promoted in the previous days and thus confirm that the discounts indicated. If the page has existed for a long time and applies discounts, it is a good indication that it is a real sale.

Observe the design of the website that is not in doubt. If there is no homogeneity, the images are of low quality, this mimics a legitimate web page, misspellings or the text is poorly translated, are all indications that it would be a fraud.

Make our purchase on secure web pages. When making a payment, our browser’s address bar will display a padlock, indicating that our information is being sent securely.

Use common sense and not buy items we like at a ridiculous and doubtfully credible price.

Continue Reading

Sexual extortion via Net

Cyber Crime,Cyber Security,Cyber Law

Sexual extortion via Net

The Police Department reports that new scams have been detected again, all linked to the same type of crime, linked to the sexual privacy of the complainants .

Basically, extortion is that through the contact generated through social networks, blogs or other electronic means of communication, a user establishes contact by deriving their conversation in a sexual setting. Taking advantage of the use of webcams, it shows the affected part (at that time he still doesn’t know it) images of sexual content, causing him to interact with him / her and then what could be considered a “cyber sexual intercourse” occurs causing ‘exchanged images between the two parties. Although at first the victim is satisfied with the exchange made and satisfied with his goal, the surprise comes when the other party teaches him that he has recorded his sexual images and asks him to perform. a payment, otherwise, will spread your images to your contacts.

The amount requested is usually in small amounts between € 100 and € 150, which, being acceptable amounts, causes the injured party to be willing to make the payment and not face the embarrassment that could be caused by the publication of images captured from your contacts or acquaintances.

Continue Reading

Alert of scams through web pages

Cyber Crime,Cyber Security,Cyber Law

Alert of scams through web pages

On the Internet there are several platforms that contain advertisements of individuals, in which they offer the sale of a vehicle at an excessively low price, attaching photographs of a virtually new vehicle to attract potential buyers.

The scam occurs as follows:

To obtain the vehicle in question, the sellers request the contact details of the persons concerned, to send the purchase contract, where it will be necessary to satisfy the amount of the product announced by rotation postal or similar.

Continue Reading

Alert of kidnapping and encryption of computer data (Ransomware)

Cyber Crime,Cyber Security,Cyber Law

Alert of kidnapping and encryption of computer data

Ransomware

One has to remember the danger of the propagation of malicious software that once executed, encrypts the content of the computer and connected peripherals. Offenders demand payment in exchange for obtaining the decryption key. The procedure used is to claim a payment in virtual currency (Bitcoins) so that its recipient cannot be identified.

From our services we want to give a series of tips to try to minimize exposure to this type of attack and / or other technological aggressions:

  • Keep software and antivirus up to date.
  • Do not open links or download files of dubious or unknown origin.

  • Make frequent backups to facilitate the retrieval of information in the event of an incident and always store them on devices independent and disconnected from the central device.

  • It is advisable to configure the sample of file extensions on our devices (although they are sometimes camouflaged with fake extensions pretending to be a fake file type).

  • If you receive an email of unknown origin with attachments, it is preferable to delete it and not consult its contents.

The constant evolution of malicious software should lead us to extreme prevention and minimize exposure as a more effective method than any antivirus. Remember that the weakest step in computer security ends up being the user.


 

Basic Internet Security

Cyber Crime,Cyber Security,Cyber Law

Internet Security

Introduction, types of attacks

The universalization of the Internet and networks, and the great boom it has experienced thanks to the proliferation of broadband, poses a great challenge for home users who want to keep their computers safe. Recently, the number of attacks is increasing, also through new techniques via the Internet, such as:

  1. Virus: Malicious code that is installed on the computer and performs some action, often destructive.
  2. Trojans: Viruses hidden within other file types.
  3. Spyware: Spyware. Code that collects habits of users, in order to sell this information to advertising companies to send spam ( spam ).
  4. Phishing: Type of scam, in which through links it is sent to the user to counterfeit pages of banks, which simulate the real ones in order to deceive the user, collecting the bank details you enter.
  5. Scam: Emails that incite the user to make easy money, when in fact it is intended to scam.
  6. Malware: In general all types of code programmed to perform a malicious action, such as those mentioned or others ( keyloggers, logic bombs …).

All of these endanger the safety and privacy of citizens. It should be noted that among the data that we may have on the computer and transmit over the Internet, there may be passwords, bank details, personal data, emails or others, which may be used by scammers or other criminals.

Continue Reading

Banking phishing

Cyber Crime,Cyber Security,Cyber Law

Banking phishing

Banking “phishing” is an attempt at impersonation where cybercriminals impersonate a company, institution or service with a good reputation, to deceive and obtain private data, such as bank details and associated credentials.

In most cases, email is used as the main means of transmitting this deception, but it can also be done through social networks, sending SMS to mobile phones and calls to landlines.

Cybercriminals select the company or service they want to impersonate, sending an alarmist message, seeking a reaction from the victim in order to end up clicking on a link or downloading attachments, often hidden.

Continue Reading

Indian Computer emergency response team

Cyber Crime,Cyber Security,Cyber Law

Cybersecurity wings under the government of India

Cybersecurity in India affects both the public and the private sector and spans a broad range of issues related to  Indian national security, whether through terrorism, crime or state and industrial espionage.

E-crime, or cybercrime, whether relating to theft, hacking or denial of service to vital systems, has become a reality of life. The risk of industrial cyber espionage, in which one company makes active attacks on another, through cyberspace, to acquire high-value information is also a fact.

Cyber terrorism presents challenges for the future no only for India but for the world. CERT is prepared for terrorist attacks through the internet of Indian key military or space installations or disables key information systems.

Government of india

Functions :

Keep a current empanelled list of IT security auditors

(i) Receiving and scrutiny of applications
(ii) Off-line in-house Practical Skills Test for successful applications
(iii) Online Practical Skills Test for the applications successfully qualifying steps
(iv) Personal Interaction session for the applicants successful in all earlier steps
(v) Background verification by a suitable Government agency for successful applications.

Respond to a Security incident

(i) Reporting of cybersecurity incidents to Incident Response Helpdesk via.
(a) emailincident@certin.org.in,
(b) Tel:- 1 800-11- 4949 (Toll free)

Incident Reporting form
(c) Fax:- 011-24368546 1800- 11- 6969 (Toll free)

(ii) Initial examination and registration of cybersecurity incident.
(iii) Analysis and response of cybersecurity incident

Issuance of security alerts on the latest threats and vulnerabilities

(i) Tracking of latest threats & vulnerabilities
(ii) Preparation of security alerts, advisories & vulnerability notes
(iii) Publishing of security alerts, advisories & vulnerability notes on CERT-In websites
(iv) sending security alerts, advisories & vulnerability notes via email to registered users
through mailing list


Government Computer Emergency Response Team [CERT]

CYBER AND INFORMATION SECURITY DIVISION MHA

Government of india

Cyber and Information Security (C&IS) Division

Work Profile: The Ministry of Home Affairs (MHA)

Cyber Crime Wing

  • Indian Cyber Crime Co-ordination Centre(I4C) Scheme.
  • Schemes on prevention of Cyber Crime against women and children.
  • Central CyberCrime portal.
  • Capacity building – Setting up of Cyber investigation labs.
  • Best Practices compilation and dissemination on cyber Crime.
  • CyberCrime complaints.
  • Dealing with cyber threat inputs and dissemination thereof.
  • Coordination and Guidelines/Advisory to States/UTs.

Cyber Security / NISPG Wing

  • Implementation of information security policy as per NISPG in MHA
  • NATGRID
  • Data Protection framework.
  • Blocking of websites and regulation of intermediaries and coordination with MeitY
  • Cyber Security policy, intelligence report on cyber security breach of organizations and government officials.
  • International conventions on Cyber security and cyber- crime (inputs of CIS-II Dsk will be taken as per need).
  • Coordination with CERT-In, NCSC, National Critical Information Infrastructure Protection Centre, MEA, IB, Deity, Defence etc.
  • NISPG policy and its implementation / compliance in other government organizations
  • Administration & Monitoring of Network Operations Centre and Security Operation Centre of MHA
  • Regular information security audits (internal and external).
  • Co-ordination with NIC for administration of IT assets, monitoring of traffic and logs.
  • Assessing security risks, planning and implementing steps to counter threats
  • Cyber awareness programs and skill building of MHA officials.
  • Overall supervision of NIC Unit in MHA.
  • Related grievances, RTI and parliament questions etc.

IS / CISO Wing

  • Policy on lawful interception.
  • Co-ordination for Centralized Monitoring System.
  • Secured communication systems like RAX, SDCN etc.

 

Public key certificate

Cyber Crime,Cyber Security,Cyber Law

A public key certificate, usually just called a certificate

A public key certificate is a digitally signed statement binds the value of a public key to the identity of the person, device, or service holds corresponding private key.

Most certificates in common use are based on the X.509 v3 certificate standard.

One of the main benefits of certificates is that hosts no longer have to maintain a set of passwords for individual subjects who need to be authenticated as a prerequisite to access. Instead, the host merely establishes trust in a certificate issuer.

Typically, certificates contain the following information:

The subject’s public key value.

The subject’s identifier information, such as the name and e-mail address.

The validity period (the length of time that the certificate is considered valid).

Issuer identifier information.

The digital signature of the issuer, which attests to the validity of the binding between the subject’s public key and the subject’s identifier information.

A certificate is valid only for the period of time specified within it; every certificate contains Valid From and Valid To dates, which set the boundaries of the validity period. Once a certificate’s validity period has passed, a new certificate must be requested by the subject of the now-expired certificate.

Example:

Internet Security Research Group ISRG is a CA that provides services including, but not limited to, issuing, managing, validating, revoking, and renewing publicly-trusted Certificates. These services are performed in accordance with the requirements of this Certificate Policy (CP) and the ISRG Certification Practice Statement (CPS). These services are provided to the general public with exceptions as deemed appropriate by ISRG management or in accordance with relevant law.

Digital signature

Cyber Crime,Cyber Security,Cyber Law

A digital signature is a way to ensure the integrity and origin of data.

A digital signature provides strong evidence that the data has not been altered since it was signed and it confirms the identity of the person or entity who signed the data.

A digital signature enables the important security features of integrity and nonrepudiation, which are essential for secure electronic commerce transactions.

Digital signatures are typically used when data is distributed in plaintext, or unencrypted form. In these cases, while the sensitivity of the message itself might not warrant encryption, there could be a compelling reason to ensure that the data is in its original form and has not been sent by an impostor because, in a distributed computing environment, plaintext can conceivably be read or altered by anyone on the network with the proper access, whether authorized or not.

Information Technology Act 2000

2(p) “digital signature” means authentication of any electronic record by a subscriber by means of an electronic method or procedure in accordance with the provisions of section 3;

2(q) “Digital Signature Certificate” means a Digital Signature Certificate issued under sub-section (4) of section 35;