Indians are among the most vulnerable targets of Net baddies. So what does it take to be cyber-savvy?
From Anand Parthasarathy
Bangalore, April 11 2016:
Some ten years ago, I found myself in a bus in Tunis, North Africa, seated next to Free Software guru and frequent visitor to India, Richard Stallman. We were returning to our respective hotels after the inauguration of the UN-sponsored World Summit on the Information Society (WSIS). We both wore our conference badges. Unlike me, Stallman had wrapped his badge in aluminum foil. He had discovered that the every badge had a Radio Frequency Identification or RFID chip embedded in it -- and this was his way for thwarting attempts if any, to monitor his movements throughout the 4-day event. Those were days before the Arab Spring and Tunisia was a tightly controlled state.
Today such threats to our privacy have ballooned and every time we opt for more convenience -- like near field tap-and-pay in super markets or mobile-based entry to office or hotel room -- we expose a small chink in our personal armour. Soon, even passports will come embedded with a chip, carrying all our personal data -- and cyber baddies have already figured out ways to extract this information, wirelessly, even as the passport sits snuggly in your backpack or pocket ( You can prevent this. See backpack reviewed on this page).It is another matter that some of this snooping is done by governments in the name of security. Web watchdogs like 'The Intercept' have documented tools like XKeyscore, used by official agencies to do "real-time" interception of any individual's internet activity.
In a recent book co-authored by him, entitled the Global Cyber Vulnerability Report, ( Springer, 2015) V.S. Subrahmanian, Professor of Computer Science at the University of Maryland, US, analyses 20 billion pieces of data provided by Net Security provider Symantec, to reach an alarming conclusion: India, ranks, along with China, Russia, Saudi Arabia and South Korea, among the world's nations most vulnerable to cyber attacks. His findings are chillingly prescient.
Last month the Indian TV news channel IBN Live revealed that members of the Indian armed forces were the target of a cyber attack where they were encouraged to download an innocuous-looking messaging app with a trail back to Pakistan, called SmeshApp. Once users gave permission to access their contacts and personal information, the app spied on every action and keystroke of the victims. Google pulled out the app once its malicious intention became known.
The Threat Intelligence team of cyber security solutions company, Palo Alto Networks has reported in a recent blog that on Christmas eve last year, the Indian embassy in Kabul, Afghanistan, was the object of a targeted attack in the form of an e-mail addressed personally to the ambassador. The mail was in fact a spoof, cleverly crafted to look like a communication from Defence Minister, Manohar Parikkar. The mail had a 6 MB Word attachment entitled "Appreciation_letter.doc" . If the recipient opened this attachment, it would have breached the recipient computer's security and installed a downloader software in it -- what is called a 'Trojan'. Vicky Ray, Senior Researcher and co-author of the blog, told me, the malware designed to bypass traditional Net security systems, could capture key strokes, hard disk contents, video and audio files -- every 10 seconds -- and send them to an unknown destination. It is understood, the attack failed -- but the attempt shows how serious matters have become. And not just for governments, but for you and me.
A recent study by Kaspersky Lab finds that 63% of consumers are installing apps on their devices, without reading the license agreement. They simply go through the motions of clicking ‘next’ and ‘agree’, without understanding what they could be signing up to. They may have legally allowed the app to access the personal and private data on mobile devices, from contact information, to photos and location data. Sounds familiar?
An article last week, on security solutions provider ESET's blog, points to a new scam. Facebook users are facing a wave of spam advertisements that are spread via hacked Facebook accounts. Without the owner's consent, they post pictures promoting heavily discounted Ray-Ban sunglasses. When trying to buy them, the victim's payment card details fall into the hands of the crooks .
The threat increases every day. Japan-headquarted Trend Micro's latest Threat Report says Android-based malware has doubled in the last year. Ironically mobile devices today are more in danger as they become 'smarter'. But the same company offers Indians some solace: While English is the favoured language for sending spam ( 84.1%), Hindi is still safe to communicate crucial data.
And for the billion users worldwide, of WhatsApp, there was more good news. The company has justannounced end-to-encryption throughout its network, for all types of messages including texts, videos, and phone calls shared within its app. Now, even the company itself cannot view the contents of your communications! Let's say Jai Ho to that.
Be Cyber savvy!
Lay users: Worried about the degree of risk that you are exposed to when you are online ?
You can take a quiz to check your level of cyber savviness here: https://blog.kaspersky.com/cyber-savvy-quiz/.
Organizations: Tech consultants , KPMG in India have just launched Cyber KARE a mobile app that
enables an enterprise to perform a self-assessment of its cyber security -- risk and preparedness.
Look for the app at GooglePlay.