Be safe in Cyberia!

11th April 2016
Be safe in Cyberia!
Image courtesy: The Intercept

Indians are among the most vulnerable  targets of Net baddies. So what does it take to be cyber-savvy?
From Anand Parthasarathy
Bangalore, April 11 2016:
Some ten years ago, I found myself in a bus in Tunis,  North Africa, seated next to Free Software guru and frequent  visitor to India, Richard Stallman. We were returning to our respective hotels after the inauguration of the UN-sponsored   World Summit on the Information Society (WSIS). We both wore our conference badges. Unlike me, Stallman  had wrapped his badge in aluminum foil. He had discovered that the every  badge had a Radio Frequency Identification or RFID chip embedded in it -- and  this was his way  for  thwarting  attempts if any,  to monitor his movements throughout the 4-day event.  Those were days before the Arab Spring  and Tunisia was a tightly controlled state.
Today such threats to our privacy  have ballooned  and every time we opt for more convenience -- like near field tap-and-pay  in super markets or mobile-based entry to office or hotel room -- we expose  a small chink in  our personal armour.  Soon,  even passports will come embedded  with a chip, carrying all our personal data -- and cyber baddies  have  already figured out ways to  extract this information, wirelessly, even as  the passport sits snuggly in your backpack or  pocket ( You can prevent this. See backpack  reviewed  on this page).It is another matter that  some of this snooping is done by  governments in the name of security.  Web watchdogs   like 'The Intercept'  have documented  tools like XKeyscore,   used by official agencies to  do "real-time" interception of any  individual's internet activity.
In a  recent book co-authored by him, entitled  the Global Cyber Vulnerability Report, ( Springer, 2015)  V.S. Subrahmanian,   Professor  of Computer Science at the University of Maryland, US, analyses  20 billion  pieces  of data provided by Net Security provider Symantec,  to reach an alarming conclusion:  India, ranks, along with China, Russia, Saudi Arabia and South Korea, among the world's nations most vulnerable to cyber attacks. His findings are chillingly  prescient.  
Last month the Indian TV news channel IBN Live revealed that   members of the Indian armed forces  were the target  of a cyber attack where  they were encouraged to download an innocuous-looking messaging app  with a trail back  to Pakistan,  called SmeshApp. Once  users gave permission to  access  their contacts and personal information, the app  spied on every action and keystroke of the victims.  Google pulled out the app once its malicious intention became known.
The  Threat Intelligence team of cyber security solutions company, Palo Alto Networks  has reported  in a recent blog   that on Christmas eve last year,  the  Indian embassy   in Kabul,  Afghanistan, was the object of a targeted attack  in the form of an e-mail addressed  personally to the ambassador.   The mail was in fact a spoof,  cleverly crafted to  look like a communication from Defence Minister, Manohar Parikkar. The  mail  had a 6 MB Word  attachment  entitled  "Appreciation_letter.doc" .  If the recipient  opened this attachment, it would have breached the recipient computer's security and installed a downloader software in it --  what is called a 'Trojan'. Vicky Ray, Senior Researcher and co-author of the blog,   told me,  the malware designed  to bypass traditional Net security systems,    could capture key strokes,  hard disk  contents,  video and audio files -- every 10 seconds -- and send them to an unknown destination.  It is understood, the attack  failed --  but the attempt shows how serious matters have become. And not just for governments, but for you and me.

A recent study by Kaspersky Lab  finds that  63% of consumers are installing apps on their devices, without reading  the license agreement. They simply go through the motions of clicking ‘next’ and ‘agree’, without understanding what they could be signing up to.  They  may have legally allowed the app  to access the personal and private data on mobile devices, from contact information, to photos and location data.  Sounds familiar?  

An article last week,  on  security solutions provider ESET's  blog, points to a new scam. Facebook users are facing a wave of spam advertisements that are spread via hacked Facebook accounts. Without the owner's consent, they post pictures promoting heavily discounted Ray-Ban sunglasses. When trying to buy them, the  victim's payment card details fall into the hands of the crooks .
The  threat  increases every day.   Japan-headquarted Trend Micro's latest  Threat Report says Android-based malware has doubled in the last year. Ironically mobile devices  today are more in danger as they become 'smarter'.  But the same  company offers  Indians some solace:   While English is the favoured language for sending spam ( 84.1%),  Hindi is   still safe to communicate crucial data.
And for the billion users worldwide, of WhatsApp, there was more good news. The company has justannounced end-to-encryption throughout its network, for all types of messages  including texts, videos,  and phone calls shared within its app.  Now, even the company itself cannot view the contents of your communications! Let's say Jai Ho to that.
Be Cyber savvy!

Lay users:  Worried about the  degree of risk that you are exposed to when you are online ?
You can  take a quiz to check your level of cyber savviness here:

Organizations:  Tech consultants , KPMG in India  have just launched Cyber KARE  a mobile app  that
enables an enterprise to perform a self-assessment of its cyber security -- risk and preparedness. 
Look for the app at GooglePlay.