Monday, 25 December 2017

Woman Got cheated of Rs 6.8 lakh by her ‘Facebook friend’

A 48-year-old woman who was cheated of Rs 6.8 lakh by a man she befriended on social media has filed a complaint against three people with the cybercrime police.
The victim Nanditha Mohan Rao, a resident of Banashankari, accepted a friend request from a man named Michael Dennis on Facebook two months ago, police said. They soon began chatting on WhatsApp as well.
On November 28, Rao received a call from a woman, who introduced herself as Jahnavi Sharma, a senior customs officer at Indira Gandhi International airport, Delhi. Police said she told Rao they'd caught Dennis with 50,000 pounds in cash in breach of the law. Sharma said Dennis would be released if Rao paid Rs 50,000 on his behalf as penalty. Rao transferred the money immediately.

Police said Sharma sent another message to the victim asking for Rs 1.5 lakh as a fee to convert the pounds into rupees. After Rao paid up, Sharma asked for Rs 4.8 lakh as an anti-money laundering fee. Rao promptly transferred the money on November 29. She did not realise she was being cheated, police said.
When a man called the next day, and identified himself as Ashwini Kumar, a senior RBI officer from New Delhi, and asked for Rs 8.25 lakh as further charges, Rao got suspicious. She spoke to some friends who told her to go to the police.

"The victim then approached the cybercrime police station on Saturday and filed a complaint. We have registered a case of cheating under the IPC and Information Technology Act against three persons, Michael Dennis, Jahnavi Sharma and Ashwini Kumar based on the complaint and a probe is underway," a police officer said.

Source TOI

ATMs running on Windows XP got hacked by pressing ‘Shift’ key 5 times in Russia

Security vulnerability found in ATM machines running Windows XP in Russia

All ATMs that are still running on Microsoft’s 16-year-old Windows XP operating system are at the risk of getting hacked easily, as the OS is no longer supported by the Redmond giant except for emergency security patches (for instance, patch blocking the WannaCry ransomware released this year).

An employee of Russia blogging platform Habrahabr recently discovered that the ATMs operated by the state-owned bank Sberbank running Windows XP has inherent security vulnerabilities that can be easily exploited by hackers.

According to the user, a full screen lock that prevents access to various components of an ATM operating system could be bypassed by turning on the Sticky Keys when special keys like SHIFT, CTRL, ALT, and WINDOWS were pressed 5 times.


By pressing SHIFT key 5 times in a row, it allowed access to Windows settings and displaying the taskbar and Start menu of the operating system giving users to access deep within Windows XP from the touch screen. This vulnerability allow hackers to deploy malicious software or modify ATM boot scripts.

According to the German website WinFuture, Sberbank had been informed of this vulnerability almost two weeks ago that there was a security breach at its ATM machine. While the bank promised to fix the problem immediately, the user who discovered the flaw claimed that when he visited the terminal again, he discovered that the bug hadn’t been fixed.

Microsoft has urged banks to update the latest version of Windows for ATMs to avoid scams or attacks.


Monday, 4 December 2017

Hyderabad Metro

Hyderabad Metro latest news/Journey from Miyapur to Ameerpet,Ameerpet to Nagole.

Hyderabad is one of the biggest cities of Asia and is having a huge  population and it is a combination of different people belonging to different region,different religions,different countries even.
Different cultures ,different traditions at one place is Hyderabad.
Today's Latest news about Hyderabad is Metro.

Metro railways was started in the year 2013 and L&T  metro(one of the top most 30 companies if India) has started laying the path for metro in the year 2k13 from Nagole to Mettuguda and the trail runs started from June 2k14 to May 2k15.

Recently Metro rail inauguration was happened on 28 November 2017 by Mr. Narendra Modi, Pm of India, in the premises of the honarable  chief minister Mr. KCR and IT minister KTR .

The people of Hyderabad got vexed up with the traffic of Hyderabad and the journey problems they are facing daily.They took a deep breath after the inauguration of metro rail in Hyderabad.Started their journey in the metro.The metro started at Miyapur, and extends till Nagole. Remaining parts of Hyderabad metro is under construction.

The New issue with the metro is the "Prices are too high".As the metro was constructed by L&T which is in a public private partnership with the government,there is in an upraisal in the metro prices.If the prices are so it can not meet the needs of normal people.

Suppose, if they travel from Kukatpally to Ameerpet  by bus it costs around 10/-rs for normal bus,For metro bus it is around 13/-rs,for metro express it is around 14/-rs.But if they travel from Kukatpally to ameerpet by metro rail! the price is 40/-rs.So it does not serve the normal people needs.

Not only the price the biggest issue is the space at a time so many people are suffering to catch the train and again they need to wait for the next one space for siting is less obviously but to stand also there is a rush and unable to stand even.
At a time it should have a capacity of the a huge number. and the price should reach the capacity of a middle class guy.

Beautiful idea for metro is successfully done but it should reach the human needs.and it should be helpful for the people not to the people who earn from this by keeping the highest prices.

Saturday, 11 November 2017

Ethereum Wallet Status Pledges $1 Million for New Bug Bounty Program

Ethereum mobile wallet Status, which recently raised more than $100 million in a token sale, has announced a $1 million bug bounty.

Announced at ethereum's annual developer conference Devcon3 today, the program invites people to submit possible solutions to issues currently facing the wallet.

While the initial bounties will be used to compensate people that find bugs within Status' own software, as well as perform other useful tasks, a spokesperson told CoinDesk that more funds will be raised to provide bug bounties for other open-source projects in the future.

On top of that, employers can browse the bounty site for emerging talent – a potentially useful feature, since many firms complain there aren't enough developers to fill the many roles open in blockchain-focused projects.

Also announced at Devcon, Status has developed a hardware wallet – a dedicated storage device that supports ERC-20 tokens and uses near-field communication (NFC) and Bluetooth to transfer cryptocurrencies when needed.

Status' mobile wallet (for both Android and iOS) allows people to send and receive ether (ethereum's native cryptocurrency) and also lets users browse the collection of decentralized apps (dapps) built on ethereum.

With its coffers full following the recent token sale, Status is one of the core sponsors behind the Devcon3 conference in Cancun, Mexico, this year.

The Pentagon Opened Up to Hackers—And Fixed Thousands of Bugs

The United States government doesn't get along with hackers. That's just how it is. Hacking protected systems, even to reveal their weaknesses, is illegal under the Computer Fraud and Abuse Act, and the Department of Justice has repeatedly made it clear that it will enforce the law. In the last 18 months, though, a new Department of Defense project called "Hack the Pentagon" has offered real glimmers of hope that these prejudices could change.

The government's longstanding defensive posture makes some sense in theory—it has important secrets to keep—but in practice security experts have long criticized the stance as a fundamental misunderstanding of how cybersecurity works. The inability of researchers and concerned citizens to disclose vulnerabilities they find inevitably makes the government (or any institution) less secure. So in the wake of numerous government agency breaches, including the devastating Office of Personnel Management hack, DoD's Defense Digital Services group, the Office of the Secretary of Defense Cyber Policy group, and then-Defense Secretary Ash Carter saw a possible opportunity to spur change by introducing the DoD to bug bounties—programs that offer cash rewards to independent hackers who find and disclose software bugs.

"DoD has a framework of doing penetration testing and doing their own vulnerability assessment, but this is in the constraints of federal government," says Michael Chung, the Product and Technology Lead at Defense Digital Services. "So our gut feeling was that bringing in private sector practices would show that there were more vulnerabilities that hadn't been found."'

Hack the Feds

With the help of bug bounty facilitator firm HackerOne and after coordinating with the Department of Justice, DDS kicked off the pilot Hack the Pentagon bug bounty on April 16, 2016. Over a 24-day period, dozens of pre-selected security researchers hunted down vulnerabilities in certain public-facing DoD websites, in what was the first federal bug bounty ever run at a federal agency. The department ended up resolving more than 138 unique vulnerabilities, and paid tens of thousands of dollars to 58 hackers. One made a total of $15,000 by reporting multiple bugs.

"What HackerOne and the Pentagon have done seems like a feat of wizardry," says Dan Tentler, a founder of the attack simulation and remediation firm Phobos Group, and a contributor to the first Hack the Pentagon bug bounty (but chose not to be eligible for rewards). "Up until very recently, the government’s way of keeping people in the US from hacking them was to basically threaten that black helicopters would show up over your house if you tried. Then one day I’m stuck at the airport and I’m brute-forcing various Pentagon hosts with no fear of repercussions. It’s pretty cool."

To follow up on the success of Hack the Pentagon, DoD launched another bounty, Hack the Army, last November, to assess public-facing websites related to Army enrollment. That program included hundreds of hackers who found more than 100 unique bugs, and received about $100,000 in total payouts.

After Hack the Pentagon, DoD had noticed that with limited-time bounties, bugs still trickled in days and weeks after the open call concluded. So the feds announced an open-ended Vulnerabilities Disclosure Policy that didn't offer rewards, but would legally allow people to submit bugs any time related to public-facing websites and web applications owned by DoD.

In the year since, about 650 people have submitted almost 3,000 unique, valid vulnerabilities. A year ago, they would have been breaking the law.

"The VDP has just really taken off and started providing value in a way that I don’t think anyone was anticipating when we first launched it," says Alex Rice, CTO of HackerOne. "It was some learning. DoD realized that...if someone was still working on something there was no legal channel for them to get it to the government."

Hack the Air Force came next, at the end of May, awarding more than $130,000 for 207 unique vulnerabilities. Through the bounties and VDP, DoD has found out about and fixed thousands of vulnerabilities in its systems so far, along with more than a hundred highly critical flaws. These have included vulnerabilities that allow remote code execution, SQL code injection bugs on various websites, and methods for bypassing authentication protections.

"For the past 12 months we’ve learned a lot and we’ve really reached a tipping point where now we’re getting a lot of requests, a lot of interest to do these bug bounties across all DoD," Chung says. "We’re trying to do away with the guy in sunglasses and a hoodie in his basement image, and trying to put an actual person behind the whole white-hat hacker persona. It really is a shift in thinking."
Opening Up

That newfound acceptance has spread. Over the last year, DoD has also run a few private bug bounties on more sensitive systems through the penetration testing firm Synack, which was awarded a contract to focus on assessing internal platforms. And outside the Department, the General Services Administration and Department of Homeland Security are both working on bug bounties as well. Chung eventually wants to ramp up to as many as two bug bounties per month within DoD alone. Similarly, Lieutenant General Edward Cardon, who worked on the Army's first bounty last year, says the they're working toward running one bug bounty per quarter to assess a diverse array of public-facing systems.

The momentum Hack the Pentagon now has within DoD belies the challenges and struggles of the last 18 months, though. And the initial pilot alone required a hard-won ideological evolution. "When we first launched Hack the Pentagon it was pretty much a non-starter," Chung says. "The idea of hacking into the Pentagon scared a lot of people."

One of the original proponents of the project at Defense Digital Services, Lisa Wiswell, is actually known as DDS's "bureaucracy hacker."

The DoD's existing digital defense practitioners and contractors also expressed skepticism. "There was a little pushback in the beginning by some of the incumbents there, some of the pen testers, some of the contractors," Chung says. "But they know that there’s a mission involved with this. I can’t stress enough how much of this work is valuable to national security."

Even after the successful pilot, real doubts still existed within DoD about doing additional bug bounties. The Army runs combat simulations and war games, of course, to train, improve its tactics, and identify weaknesses. But Lieutenant General Cardon says it was a process to explain that the same concepts apply in cyberspace.

"I’m a big believer in this sort of approach. I think it’s good for the government. Some of these vulnerabilities, if attackers took it to the end, would be a serious problem for us," he says. "With the bug bounties, there was obviously a lot of concern about the risks. The rules for how to do this were mature enough, though, that we could provide an understanding of the risks. That then made the senior leadership of the Army much more amenable to this type of a program."

There were also hurdles in hammering out the processes for executing the bug bounties themselves. Tentler, the researcher who worked on Hack the Pentagon, says that at first there were issues establishing the scope of the bug bounty, to keep participants from submitting vulnerabilities for systems DoD didn't intend them to look at.

"I can't speak for everyone, but the people that I was working with said well, this doesn’t make any sense. We’re eyeballs-deep in their systems and now they’re saying that what we’re doing is out of scope," Tentler says. "Apparently there were four or six actual web hosts that were permitted, and I was like it would have helped to just have those from the start. What I’ve seen, though, over time, is a gradual lessening of tension. In the last year they’ve come quite a long way."
The Fixes Are In

Bug bounties and vulnerability disclosure processes alone can also only go so far. You have to actually fix the flood of bugs after hackers find them. Establishing an effective remediation process takes time and resources, challenges that Chung and Cardon both attest to within DoD. And Tentler notes that one vulnerability he found during the pilot Hack the Pentagon took months for the DoD to resolve. That came in part because the vulnerability was outside the scope of the bounty and it was difficult to determine how best to submit it for actual consideration.

But HackerOne's Rice says he has been impressed with the infrastructure DoD has established over time. "Their remediation time has been well below average for these programs that we’ve run," Rice says, "and they’ve resolved everything within a pretty condensed period of time afterward. We have private companies that have vulnerabilities that still aren’t resolved after a year."

Given all the breaches of government agencies over the last few years, from OPM to an embarrassing hack of the Pentagon's own non-classified email system, Hack the Pentagon could have amounted to a one-off publicity stunt to make the DoD seem tuned in during a rocky phase. Instead its newfound openness to security feedback seems like it may genuinely be propagating throughout the government rather than being quickly shut down. In the face of such entrenched resistance there are still no guarantees, but given that none of this seemed possible even recently, the accomplishments of Hack the Pentagon's first year are noteworthy.

"It’s one thing for a company to come forward and work with their general counsel to do a bug bounty," Rice says. "It’s a completely different thing entirely for the organization that really initiated the Computer Fraud and Abuse Act and that early hostility toward security researchers to openly start engaging and working with them. The weight that the DoD brings when they pair with the DoJ to say 'hackers can do good,' that just doesn’t exist anywhere else."

ZF to open new Innovation Hub in Hyderabad

ZF to officially open its new Innovation Hub in Hyderabad and is partnering with the Nasscom Center of Excellence – IoT (CoE IoT) and MeitY (Ministry of Electronics and Information Technology).
 Friedrichshafen/Hyderabad: ZF will officially open its new Innovation Hub in Hyderabad, India. It is already active and partnering with the “Nasscom Center of Excellence – IoT (CoE IoT),” a start-up initiative of the national IT industry association Nasscom and MeitY (Ministry of Electronics and Information Technology).

It will enable ZF to network more broadly and closely with the Indian startup scene. In turn, it will gain easier access to the expertise of one of the largest automotive suppliers worldwide. In addition, the Innovation Hub sponsored a pitch event with a first look at ZF’s future startup involvement on the ground on November 9, 2017.

“When it comes to contributions to new, disruptive technologies and the development of IT solutions in and outside the mobility industry, India plays an important role,” says Mamatha Chamarthi, CDO - ZF Friedrichshafen AG.

“With the new ZF Innovation Hub in the IT metropolis of Hyderabad, the recent partnership with CoE IoT NASSCOM as the country’s largest pioneer for deep tech start-ups and the first pitch event, we are underscoring our aspiration to shape digitalization worldwide. These are important precursors to our Vision Zero Ecosystem, which has mobility with zero accidents and zero emissions as its objective,” added Chamarthi.

Sanjeev Malhotra, CEO - Nasscom Center of Excellence – IoT, emphasizes: “I am delighted to have ZF as a high-tech partner for our initiative. Throughout India it brings together leading automotive industry expertise with pioneering companies and developments for the Internet of Things, a.k.a. IoT.”

Starting signal for start-up projects with ZF in India
An initial taste of upcoming activities of the new ZF Innovation Hub was provided on November 9, 2017, in the form of a pitch event in which 12 Indian start-ups took part. They presented their solutions for the topics of electrification and new mobility, big data and analytics, connectivity as well as well as artificial intelligence (AI). In the end, Gayam Motor Works, LightMetrics, Merxius and Cyrrup were declared as the winners. They convinced with their ideas. Joint teams are now working hard on further developing these ideas.

The Innovation Hub in Hyderabad is already the second to be founded by ZF this year. In August 2017, the technology company opened its counterpart in Silicon Valley, California.

Flipkart Billion Capture+ Phone With Dual Rear Cameras Launched: Price, Specifications

Flipkart on Friday unveiled its first Billion branded smartphone, the Capture+, in India. The Billion self-brand was announced in July this year, and is India-focused private label from Flipkart. The company says that the Billion private label has been developed keeping in mind consumer needs of Indian customers, and is 'Made in India'. Some of the highlights of the Billion Capture+ include dual rear cameras, fast charging support, and unlimited cloud storage.
Flipkart Billion Capture+ price in India

The Billion Capture+ has been launched in India with a starting price of Rs. 10,999 for 3GB RAM and 32GB storage. There is another variant, priced at Rs. 12,999 for 4GB RAM and 64GB storage. The Capture+ will be available in Mystic Black and Desert Gold colours.

Flipkart has also announced launch offers where consumers can get finance options such as No Cost EMI, and discounts on select debit/credit cards and more. The e-commerce retailer has confirmed the launch of its Billion Capture+ smartphone in India on November 15.
Flipkart Billion Capture+ specifications

The all-new Billion Capture+ will sport metallic body and come with rounded corners for easy grip. The smartphone runs stock Android 7.1.2 Nougat with a promise of no bloatware and an upgrade to Android Oreo. It features a 5.5-inc full-HD (1080x1920 pixels) display with 2.5D Dragontrail glass on top and a 401ppi pixel density. Under the hood, the handset is powered by an octa-core Snapdragon 625 SoC coupled with 3GB and 4GB RAM. The smartphone supports expandable storage via microSD card (up to 128GB). Unfortunately, the company is yet to reveal the free cloud storage service tied up to the Capture+ smartphone that it has been teasing. It packs a 3500mAh battery and is claimed to offer two-days of battery life. It supports USB Type-C with quick charge support. Flipkart says that it can offer up to 7 hours of battery life in 15 minutes of charging.

One of the biggest highlight of the smartphone is it packs dual rear cameras. There are two 13-megapixel sensors at the back with dual flash module. At the back, there are RGB and monochrome sensors offering features like bokeh shots offering depth of field effect. It comes with portrait mode shots offering blur background highlights.

Additionally, Flipkart says that the Billion Capture+ smartphone will be supported by the pan India after sales service network of F1 Info Solutions, which is now owned by Flipkart.

Commenting on the launch of its first smartphone, Sachin Bansal, Co-Founder and Executive Chairman, Flipkart said, "The features in the Capture+ have been derived from deep data-mining of millions of Flipkart customers' reviews. Few true dual camera phones offer this combination of flagship features. We're sure this customer-centricity will delight Indian smartphone buyers."

India Takes Third Position in Global Gaming Installs, Says Unity Technologies

Unity Technologies, creator of a popular creation engine that reaches nearly three billion devices worldwide, on Thursday said India is now ranked third in global gaming installs, surpassing Brazil and Russia.

Quoting Unity Analytics, a company statement said the latest market research shows India has risen from the ninth position in January this year to the third spot in global install rankings, surpassing Brazil and Russia to become one of the world's largest gaming markets.

This is due to a spike in India's adoption of high-end mobile devices with larger RAM size. In one year, mobile device count with 1GB RAM has grown from 31.6 million to 100 million in October 2017, it said.

"Unity analysed and studied the ongoing market trends and development in the Indian mobile industry. Based on our findings, we believe the mass adoption of high-end mobile devices will give the Indian gaming ecosystem ample opportunity to innovate and provide compelling content to development platforms," Quentin Staes-Polet, Director of South Asia Pacific at Unity Technologies, said.

"Driven by the massive rush of cost-effective, high-end smartphones and the 4G revolution that began last year, the Indian mobile gaming market has been expanding at a rapid pace," said Rajesh Rao, Chairman of Nasscom Gaming Forum.

Unity is uniquely positioned to help understand trends across the mobile industry, with 87,000 made with Unity games and experiences generating 2.4 billion installs across 1.1 billion unique devices globally each month, the statement added.

Separately, Tech Mahindra and Unity Technologies announced a partnership on Thursday.  Tech Mahindra in collaboration with Unity will open a Centre of Excellence (CoE) at its Bengaluru campus, targeting the communication, media, and entertainment segment.

According to a statement issued by Tech Mahindra, the CoE will specialise in augmented reality and virtual reality (AR/ VR) solutions targeted at the communication, media and entertainment segment using Unity 3D as a platform. The centre will also focus on catalysing and facilitating training, consulting, advice and research to the developers in the AR/ VR domain, it said.

Dave Rhodes, Chief Revenue Officer, Unity Technologies, said the next cutting-edge technology will be in the Augmented Reality and Virtual Reality (AR/VR) space which is fast catching up in almost all major domains.

Unity Technologies to Build AR/VR Solutions in India with Tech Mahindra

Located at Tech Mahindra's campus in Bengaluru, the centre will focus on catalysing and facilitating training, consulting, advice and research to the developers in the AR/VR domain
Tech Mahindra on Thursday joined video game development company Unity Technologies to open a Centre of Excellence (CoE) that will help enterprises build augmented reality (AR) and virtual reality (VR) solutions targeting the communication, media and entertainment segment. Located at Tech Mahindra's campus in Bengaluru, the centre will focus on catalysing and facilitating training, consulting, advice and research to the developers in the AR/VR domain.

"Through this partnership, we are delighted to be one of the earliest ones to bring our expertise in developing AR/VR/MR solutions at a faster pace, thus helping customers in adding value to their end-users/consumers," said Indraneel Ganguli, Senior Vice-President and Global Head, Marketing at Tech Mahindra. Unity Technologies has produced the world's most popular creation engine which reaches nearly three billion devices and powers nearly two-thirds of all AR and VR content.

"Tech Mahindra gets the expertise in building world-class products for a dynamic industry vertical like broadcasting, making them our preferred partners in disrupting innovation," added Dave Rhodes, Chief Revenue Officer, Unity Technologies. Tech Mahindra is focused on its "DAVID" strategy which stands for digitalisation, automation, verticalization, innovation and disruption. "We are creating a Centre of Excellence that will build comprehensive business solutions combining AR/VR applications with an enhanced personalised user experience that will improve business value for our customers," said Ganguli.

India in the web of North Korean cyberwar

 Around one-fifth of North Korea’s cyber attacks originate from India, and this should set alarm bells ringing in the corridors of security establishments as well as the strategic community, explains Prabha Rao

According to studies conducted by Recorded Future, a US based cyber security firm, and Kaspersky, a multinational, cyber-security, anti-virus software firm based in Moscow, around one-fifth of North Korea’s cyber attacks originate from India. This is a matter which needs to set alarm bells not just ringing, but clanging, in the corridors of security establishments and the strategic community. North Koreans are not the minnows of the hacking world, and have, over the past decade, demonstrated cutting edge skills in cyber attacks.

Seoul asserts that North Korea now has a functioning cyber army of over 7,000 hackers for its cyberwarfare operations, and that many of them may have been trained by the Chinese PLA’s hacking unit 61398, which specialises in advance persistent threats (APT). The DPRK’s Cyber Warriors have been focussed on the tri-pronged objectives of salvaging the image of the leader; bolstering its weakening economy and outsmarting international trade sanctions; and countering the US — South Korea’s security plans for the region — an objective which has Beijing’s active support.

The DPRK’s cyber hacking adventures started in the mid-1990s during the regime of Kim Jong-il, the father of the current dictator. Kim, like the Chinese, was initially apprehensive about the Internet, which could challenge his regime’s ironclad control over information, but realised its potential after North Korean computer scientists, who returned from travel abroad, proposed using the web to spy on and attack ‘enemies’ like the United States and South Korea. In 2003, Kim Jong-il told his military: “If warfare was about bullets and oil until now, warfare in the 21st century is about information.” The DPRK then began sending promising students for special training to China’s top computer science programmes; the US was another destination, and also India, which has around 60 students in various institutes around the country.

When Kim Jong-un succeeded his father in 2011, he changed the DPRK’s cyber strategy beyond espionage to include theft, harassment, and settling political vendettas. According to Suh Hoon, the Director of South Korean intelligence in 2011, Kim Jong-un had told his military that “cyberwarfare, along with nuclear weapons and missiles, is an all-purpose sword that guarantees our military’s capability to strike relentlessly”.

His encouragement has witnessed a burgeoning of attacks by the North Korean cyber warriors. To list a few — a hackers’ group called The Guardians of Peace hacked into the Sony Entertainment Company in 2014, ostensibly to punish it for making a film lampooning Kim Jong-un. The hacking code destroyed 70 per cent of Sony Pictures’ laptops and computers. In August 2014, an affiliated group targeted a British broadcaster, Channel Four, which had planned a television series about a British nuclear scientist kidnapped in Pyongyang. The producers were intimidated and dropped the project.

In February 2016, hackers siphoned off $81 million from the Bangladesh Central Bank in the US. The spectacular feature of the attack was that it went beyond the

traditional exploit of stealing the login credentials of bank account holders and used the SWIFT (Society for Worldwide Interbank Financial Telecommunications) credentials of the Bangladesh Central Bank employees to send over 36 fraudulent money transfer requests to the Federal Reserve Bank of New York, asking it to transfer millions of dollars of the Bangladesh Bank’s funds to bank accounts in the Philippines, Sri Lanka, and other parts of Asia. Around $81 million was deposited into four accounts at a Rizal branch in Manila, which had been opened a few weeks earlier with only $500 as a deposit. Other withdrawals were stalled due to a spelling mistake that raised an alarm — not because of any fault in the technique.

The incident sent shock waves in the banking system as the SWIFT is a consortium that operates a global closed computer network between member banks around the world. The SWIFT platform has over 11,000 users, including financial institutions and brokerage houses that route over 25 million money transfers in a day. Information started trickling in about other banks which had their SWIFT codes compromised, and usage of advanced hacking techniques which led to the theft of millions of Bitcoins and other crypto currencies.

The Bangladesh Central Bank heist had been preceded by two other attacks: In the Bank of Philippines in October 2015 and the Tien Phong Bank in Vietnam in December 2015. The cyber security firm Symantec opined that “it was the first time a state had used a cyberattack not for espionage or war, but to finance the country’s operations”.

The DPRK hackers also mastered what is termed as the ‘watering hole attack’. In February 2016, just before the Bangladesh heist, the hackers infected the website of Poland’s financial regulator, which infected all visitors with malware from which banking details were gleaned. This was used both for larceny and to move around stolen currency.

Given the hackers’ unquestionable expertise, banks all over the world are apprehensive about another round of hacking sprees from North Korea as a reaction to the slew of current international sanctions against Pyongyang. Dmitri Alperovitch, the chief technology officer at the well-known cybersecurity firm CrowdStrike in the US, confirmed in May 2017 that North Korean hackers had stolen hundreds of millions of dollars from banks during the past three years, and that banks are concerned that Pyongyang’s hackers are using the Wiper virus and its variants not only for heists but to disrupt the banking networks, which can have major international financial implications. The Wiper virus used by the North Koreans is similar to the one used by Iran in 2012 against Saudi Arabia’s main oil company Aramco, wherein the malware was infiltrated into 30,000 Aramco computers and 10,000 servers that destroyed data, causing tremendous damage.

In 2013, North Korean hackers, operating from computers inside China, used the same techniques against computer networks at three major South Korean banks and two largest broadcasters, which erased data and paralysed business operations. This raises the uncomfortable question — would North Korea raise the bogey of destructive attacks on banks if it has serious concerns about a US and South Korean attack?

Moreover, the North Korean hackers’ expertise has advanced to a level where they have been able to seriously compromise South Korea’s security. On October 31 this year, hackers from the DPRK infiltrated computer systems at Daewoo Shipbuilding & Marine Engineering (DSME), South Korea, and made off with sensitive information on warships and submarines, including on the destroyer Yulgok Yi I, a vessel that carries the US Navy’s Aegis Combat System. As per the South Korean intelligence, around 60 classified military documents with information on construction technology, blueprints of ships and submarines, weapons systems and evaluations of the same have been compromised along with some 40,000 other documents.

In September 2016, in what was considered  a technical feat, North Korean hackers infected around 3,200 computers, including 700 connected to the South Korean military’s internal network, which is normally disconnected from the Internet, including a computer used by the Defence Minister. The hackers first infiltrated the network of a company providing a computer vaccine service to the ministry’s computer network in 2015, and used the vaccine server to infect Internet-connected computers of the military with malicious codes in August 2016. They then infiltrated the malware into intranet computers, during maintenance. According to the US agencies, the hackers used an IP addresses in Shenyang, China, which is an area where North Korean hackers are often trained and operate from. The attacks on South Korea’s military networks resulted in the theft of 235 gigabytes of data. The stolen data reportedly had details of three secret plans, including one about a potential “decapitation strike”, which had been codenamed Operations Plan 5015 — an operation that would target Kim Jong-un in the event of actual combat given the growing nuclear and missile threat from North Korea. Unsurprisingly, the US Defence Secretary, Jim Mattis, recently announced that the military plans for dealing with North Korea have been rewritten as a reaction to its enhanced threats.

Why does this directly affect India’s security? I go back to my initial statement — one-fifth of all North Korean attacks were perpetrated from India. Data studied by firms dealing with cybersecurity demonstrate that there are significant physical and virtual North Korean presences in several nations — India, Malaysia, New Zealand, Nepal, Kenya, Mozambique, and Indonesia — from where the DPRK is conducting its criminal activities. All these countries have weak cybersecurity ecosystems. A study of the impact of the WannaCry and Lazarus ransomware, which caused huge international losses, would show that India has not only been the unwitting platform for these hackers, but also a victim.

North Korean students are pursuing computer science in around seven universities in India. The knee-jerk reaction is to obliquely blame them for these illegal activities, but it is not yet clear if they were involved, or if they had support from other groups, including local elements. It needs to be mentioned here that intrusive activity through North Korean hackers targeting the Indian Space Research Organisation’s National Remote Sensing Centre, the Indian National Metallurgical Laboratory, has also come to light.

The control node for much of the North Korean activity appears to be in Shenyang, North China, and not from the DPRK mainland. A number of Internet access points are being provided by Chinese telecommunications companies. For instance, China Netcom, a state-run telecommunications company has given the range to a North Korean domain under the netname ‘KPTC’ — Korea Posts and Telecommunications, Co.

Apart from this, Chinese services, such as Taobao and Aliyun, which offer mail services, and Youku, a video hosting site, are also being used by North Korean hackers. Also, they have used effective obfuscation technologies, which include a wide range of Virtual Private Networks (VPN) and Virtual Private Servers (VPS) services. Surprisingly, many of the providers are large and well-known Western companies, such as Sharktech, iWeb, Digital Ocean, Linode, Leaseweb USA, Telemax, Touch VPN, and others. It is not clear how these services were purchased and how they continue to be leveraged. Cyber security experts have opined that some North Korean espionage activities could also be directed by China, which has the advantage of deniability in this matter.

Which brings us to the point that the North Korean role in India underscores our cyber vulnerabilities and highlights the potential fiscal and security threats we face through malicious cyber exploits. The security of our UIDAI data, which is linked to all our banking and other financial activities, is under question, with periodic leaks surfacing. The prowess demonstrated by the DPRK in hacking into South Korean military networks is a matter of serious disquiet, especially as the possibility of some such hackers acting on Chinese or even Pakistani behest cannot be considered improbable. Our cyber deterrence needs an urgent makeover. Our security agencies were unable to detect malicious cyber activities until they were highlighted by Recorded Future, a US-based cyber security firm.

Cybercrime has emerged as a far more serious threat to the nation than online radicalisation. In this regard, the MHA’s plan to create a special division for cybersecurity and one for online radicalisation is to be welcomed. But time is not in our favour; China has far surpassed us in cyber technology, and the aggressive North Koreans have found us a somewhat soft target. We need to remedy matters fast. There is an imperative need for a unified metadata system and public-private partnership in this sphere. Workforce augmentation for cybersecurity is crucial and training in these skills should become a nodal programme for the Niti Aayog. Else, digital disaster could be the next challenge confronting us.