Video: Cyber crime case in Hyderabad

Software expert tried to take revenge against a women, who turned down his marriage proposal, falls into cyber crime cell net. Engineer had put obscene profiles of the victim on various networking sites like Facebook and Orkut and also sent letter through post containing morphed pictures of the girl, with written message in Telgu, which formed the basic evidence and led to his arrest by Hyderabad Police.

He would be punished under various provisions of Information Technology Act, especially section 67, which provides for publishing of obscene material in electronic form and Indian Penal Code !

Video by NewsX.com

Indian Web Portal Wars – Data Theft Alleged

The beginning of 2010 saw some of the Big portals complaining about Data Theft and took legal recourse… first matter was between Travel Portals – Travelocity.co.in V. ClearTrip.com and secondly between Yellow Pages – JustDial V. Infomedia (network 18 group).

In the Travel Portal matter, Travelocity has filed an FIR with Gurgaon Poilce against CEO, Cleartrip and former MD of Desiya alleging criminal breach of trust, data theft, cheating, criminal misappropriation and criminal conspiracy. Copy of FIR reads as follows:

“Taneja had allegedly passed on the company’s intellectual property, trade secrets, sensitive data, proprietary technology source codes, their entire hotel business model and projections to Crighton including an excel file named ‘Hotels Growth Model.xls’. It further states that Taneja was terminated from Desiya on 19th September 2009.”

It is further alleged that as a result of the Data Theft, Travelocity is expected to see sharp fall in revenues upto 15%, i.e. approx Rs 200 million in the next year. (source)

In the second such matter, it is reported that JustDial has obtained injunction against Infomedia 18 Limited for running website www.askme.in, as JustDial has alleged that Infomedia 18 Limited had copied former’s database onto it’s newly launched website: www.askme.in, thereby violating JustDial’s database copyrights.

The injunction was granted exparte by the Hon’ble High Court and further order has been made for search and seizure to be carried out at Infomedia’s Delhi and Mumbai offices, as prima-facie case was made out by the Just Dial officials.

Basically, Askme.in was advertised/marketed in 2009 on a large scale by Infomedia extensively to it’s new and existing customer… and further even Infomedia yellow pages 2009-10 publication was delayed by over 7 months, i.e. till December 2009. The reason was stated that they are in the process of launching a new product called askme.in, which would help customers make more profits. Though, the delay by Infomedia 18 Limited also lead to cancellation of many advertisements, including Archer Softech’s Advertisement… as the purpose of advertisement was defeated by such a long delay !

TCS website hacked

On Sunday, visitors to Tata Consultancy Services (TCS) website were taken for a hacker’s surprize as the HomePage of the website greeted visitors with a ‘For Sale’ message. It has been reported that the problem was at Domain Registrar as no servers were compromised but it was a case of DNS hijacking.

According to the wikipedia: DNS hijacking or DNS redirection is the practice of redirecting the resolution of Domain name system (DNS) names to IP addresses to rogue DNS servers, particularly for the practice of phishing, or the practice of some ISPs resolving otherwise non-existent domains to the ISPs own servers.

DNS hijacking is a kind of hacking, and is punishable under section 66 (read with section 43) of Information Technology Act, 2008.

Basically, there are two aspects to a hosted website, one is the Domain name and other is the Hosting space. It is necessary for the Domain name name – servers to point to the correct Hosting company servers by providing the required information, which is normally in the form of ns1.servername.com, etc. Such information is secured with a username and password, which is different than the normal Hosting user account information.

In many cases in India, the Domain Owners do not realize that they havn’t been provided with the access to such other Domain Control Panel but only the Hosting Cpanel by the Registrars, which leads to a kind of blackmail by the local Domain service providers in most of the cases, as such companies can later deny the transfer of Domain name to other registrars in the absence of the Secret Key, which is compulsorily required for such transfers (which is available within the Domain Control Panel).

If you have been victim of such blackmail by your Domain name registrar, please contact here for legal help !

For Domain name registration and unlimited website Hosting, please visit www.archersoftech.com

Information Technology (Amendment) Act 2006 & 2008 comes into force

The Information Technology (Amendment) Act, 2008 has came into force yesterday. The Rules pertaining to section 52 (Salary, Allowances and Other Terms and Conditions of Service of Chairperson and Members), section 54 (Procedure for Investigation of Misbehaviour or Incapacity of Chairperson and Members), section 69 (Procedure and Safeguards for Interception, Monitoring and Decryption of Information), section 69A (Procedure and Safeguards for Blocking for Access of Information by Public), section 69B (Procedure and safeguard for Monitoring and Collecting Traffic Data or Information) and notification under section 70B for appointment of the Indian Computer Emergency Response Team have also been notified.

The Information Technology Act was enacted in the year 2000 with a view to give a fillip to the growth of electronic based transactions, to provide legal recognition for e-commerce and e-transactions, to facilitate e-governance, to prevent computer based crimes and ensure security practices and procedures in the context of widest possible use of information technology worldwide.

With proliferation of information technology enabled services such as e-governance, e-commerce and e-transactions; data security, data privacy and implementation of security practices and procedures relating to these applications of electronic communications have assumed greater importance and they required harmonization with the provisions of the Information Technology Act. Further, protection of Critical Information Infrastructure is pivotal to national security, economy, public health and safety, thus it had become necessary to declare such infrastructure as protected system, so as to restrict unauthorised access.

Further, a rapid increase in the use of computer and Internet has given rise to new forms of crimes like, sending offensive emails and multimedia messages, child pornography, cyber terrorism, publishing sexually explicit materials in electronic form, video voyeurism, breach of confidentiality and leakage of data by intermediary, e-commerce frauds like cheating by personation – commonly known as phishing, identity theft, frauds on online auction sites, etc. So, penal provisions were required to be included in the Information Technology Act, 2000. Also, the Act needed to be technology-neutral to provide for alternative technology of electronic signature for bringing harmonization with Model Law on Electronic Signatures adopted by United Nations Commission on International Trade Law (UNCITRAL).

Keeping in view the above, Government had introduced the Information Technology (Amendment) Bill, 2006 in the Lok Sabha on 15th December 2006. Both Houses of Parliament passed the Bill on 23rd December 2008. Subsequently the Information Technology (Amendment) Act, 2008 received the assent of President on 5th February 2009 and was notified in the Gazette of India.

Source: http://pibmumbai.gov.in/scripts/detail.asp?releaseId=E2009PR1153

Download a copy of Information Technology (Amendment) Act, 2008 here

US Cyber Crime News

PLUMAS LAKE MAN SENTENCED TO ONE YEAR AND THREE MONTHS IN PRISON FOR COMPUTER FRAUD – Used the Internet to Steal Micro-Deposits

According to Assistant United States Attorney Matthew D. Segal, a prosecutor in the office’s Computer Hacking and Intellectual Property (CHIP) unit, who prosecuted the case, from November 2007 through May 2008, LARGENT wrote a computer program that allowed him to defraud E-Trade, Charles Schwab & Co., and Google by opening or attempting to open more than 58,000 brokerage accounts. He did this to steal the “micro-deposits.” A financial institution will make a micro-deposit when an account is opened to test the functionality of an account. The amounts deposited in this case ranged from $0.01 to $2.00.

LARGENT used false names, addresses, driver’s license numbers, and social security numbers, including the names of known cartoon and comic book characters to open the accounts. When the deposits occurred, he would transfer the funds into his own bank accounts or onto prepaid debit cards, without the authorization or knowledge of his victims. As a result, LARGENT fraudulently obtained or attempted to obtain tens of thousands of dollars, which he used for personal expenses.

 


 

CBP OFFICER CHARGED WITH UNLAWFUL ACCESS TO GOVERNMENT DATABASES

The three-count information alleges that while employed as a U.S. Customs and Border Protection Officer, Ben-Shabat abused his official access to the Consular Consolidated Database (CCD) and Treasury Enforcement Communications System (TECS) database to obtain personal information
about a person he was suing in small claims court, and used the information to further his personal lawsuit. The information further alleges that Ben-Shabat induced other law enforcement officials, under the guise of official business, to access official records in the Arizona Criminal Justice Information System (ACJIS) database concerning the defendant in his personal lawsuit.

 


 

Computer Hacker Fugitive Extradited for Cybercrimes Relating to VOIP Telephone Services

Pena was indicted on fraud and computer hacking charges for his role in a scheme to defraud Voice Over Internet Protocol (VoIP) telephone service providers. Pena, who purported to be a legitimate wholesaler of these Internet-based phone services, allegedly sold discounted service plans to his unsuspecting customers. The Indictment alleges that Pena was able to offer such low prices because he would secretly hack into the computer networks of unsuspecting VoIP providers, including one Newark-based company, to route his customers’ calls.

Through this scheme, Pena is alleged to have sold more than 10 million minutes of Internet phone service to telecom businesses at deeply discounted rates, causing a loss of more than $1.4 million in less than a year. The victimized Newark-based company, which transmits VoIP services for other telecom businesses, was billed for more than 500,000 unauthorized telephone calls routed through its calling network that were “sold” to the defendant’s unwitting customers at those deeply discounted rates, according to the Indictment.

 


 

Computer Hacking Ring Charged by United States and Egypt in Operation Phish Phry

Operation Phish Phry commenced in 2007 when FBI agents, working with United States financial institutions, took proactive steps to identify and disrupt sophisticated criminal enterprises targeting the financial infrastructure in the United States. Intelligence developed during the initiative prompted the FBI and Egyptian authorities to agree to pursue a joint investigation into multiple subjects based in Egypt after investigators in both countries earlier this year uncovered an international conspiracy allegedly operating an elaborate scheme to steal identities through a method commonly called “phishing.” The group is accused of conspiring to target American-based financial institutions and victimize an unknown number of account holders by fraudulently using their personal
financial information.

According to the indictment that was unsealed this morning, Egyptian-based hackers obtained bank account numbers and related personal identification information from an unknown number of bank customers through phishing—a technique that involves sending e-mail messages that appear to be official correspondence from banks or credit card vendors. In illegal phishing schemes, bank customers are directed to fake websites purporting to be linked to financial institutions, where the customers are asked to enter their account numbers, passwords and other personal identification information. Because the websites appear to be legitimate—complete with bank logos and legal disclaimers—the customers do not realize that the websites do not belong to legitimate financial institutions.

source: www.cyberlaws.us