ANYONE CAN BE CAUGHT IN THE WEB OF TERROR

ANYONE CAN BE CAUGHT IN THE WEB OF TERROR

Suspected Hacking Of Navi Mumbai Computer By Terrorists Gives More Dangerous Twist To Cyber Crime In Region

 

TIMES NEWS NETWORK

 

Navi Mumbai:Thieves, pranksters and terrorists have a tool in your own home to commit their dastardly deeds—your personal computer. And when the cyber cops come calling, it will be you they see at the end of the line of evidence. Why? Your Internet Protocol (IP) address will show as the one from which the crime was committed.
   Mumbaikars and local cyber cops awoke to a new world on Sunday, after it was revealed that the computer in the house in Navi Mumbai from where the e-mail on the Ahmedabad blasts was sent, was most likely hacked into. This appears to be the first time that a local IP address has been hacked into for terror purposes.
   The Anti-Terrorism Squad (ATS) raided the flat in the swanky Gunina building, at Sanpada, at around 2am on Sunday. The apartment belongs to an Abishek Sharma and was leased out to two Americans, Kenneth Haywood and Kens White. They have told the police their computer was hacked into to send the e-mail.
   On Sunday afternoon, the ATS was collecting information on all the people in the vicinity who have computers. They were also trying to locate a computer from where a line parallel to the flat's computer might have been taken. Haywood's computer, which has a VSNL net connection, was on at the time the email was sent.
   When asked about the Americans residing in the 15th-floor apartment, a neighbour said, "They have been living here for around six months now. The housing society itself is only a year old. One of them teaches at an IT institute in the area. They kept to themselves and did not mingle much with the others here.''
   Hackers enter computers
for a variety of reasons, from
the college kid trying to prove a point to the devious cyber criminal who seeks to steal bank and other passwords to cause havoc in others' lives. But mostly, experts say, the hacker is not targeting the victim, but has a larger motive.
   The hacked computer is used to stall banks or multinational companies through spamming or other means, causing huge financial losses. Or it used to break into top security government sites for espionage purposes or commit industrial espionage. The hacking is usually done to conceal the cyber criminal's identity when the larger crime is committed and not steal from the hacked computer itself. As in the Navi Mumbai case, neither Heywood nor White appear to have lost anything of value, aside from their peace of mind because of being caught up in a terror investigation.
The internet offers anonymity, and hackers take advantage of this. "When you're on the internet, you don't know whether you are a dog or a human being. Worldwide, terror has closely been linked with technology. It works on the basic principle of 'I' being 'you'. And once I am you, I can do exactly what you do,'' said cyber expert Vijay Mukhi. "The net is used also to give vent to frustrations. Earlier, if one was frustrated, one drove a car at 100km per hour. But now, one wants to create havoc in others' lives.'' Mukhi added, though, that many hackers seek financial profit.
Vulnerable home and office computers that lack proper firewalls and antivirus are easy prey. Easy access to hacking tools makes the task simpler. "When you use these tools—which are freely available online—you can take charge of someone elses computer. Pre-written programs allow you to find a flaw in a computer and exploit it. One doesn't need to be an expert to unravel it. User guides are also provided,'' added Mukhi.

Second e-mail traced to Riyadh

Ahmedabad: A second e-mail, sent to a TV channel after Saturday's blasts, has been traced to Riyadh, Saudi Arabia. The mail, talking of the impact of the blasts, was mailed to a TV channel in Delhi. Police said the IP address it came from is of a PC in Riyadh. "We believe the two emails are related. The second mail had information about Ahmedabad after the blasts. However, the contents may have been obtained from media reports as well. We are in touch with the service provider Zajoul Net,'' said a police official. TNN

 

 

USED AS A PROXY    

Often, the hacker is not interested in you or your system. He just wants to control your PC to hack into much larger, profitable, headline-creating sites—like governments, banks or popular sites. Or as in this case, send an email about a terror attack
   A hacker can load a single program onto hundreds of PCs and then bomb a particular server with junk mail or problem messages until it gets tied up or crashes. This can cost a company crores. When the investigation is done, it would lead to your IP address, because your computer had been used as a zombie in a 'denial of service attack'

 

 

HOW TO PROTECT YOUR PC

Basic security

Turn off your computer when not using it, especially if you have an 'always on' connection Get a firewall if you have DSL or cable modem Use a good anti-virus program. Use only one, as different programs use the same system resources and may conflict Turn off file and print sharing Hackers count on the public being uninformed and use that lack of knowledge to gain access. Visit sites run by your OS manufacturer to stay updated on security

Specific measures

Don't visit chat rooms unless they are closed and you know the room administrator Almost never open an attachment that ends in .DLL or .EXE, even if the e-mail is from your best friend. The only time you can open such an attachment is if you know exactly what's in it To outwit script-based viruses, ask an expert how you can open scripts in Notepad (or Wordpad). Then get someone who knows about Visual Basic to look at it before running it Keep data private through encryption If you're not surfing and you see your modem lights flash, a hacker could be testing for vulnerabilities

Staying pass perfect

A good password is easily remembered, but not easily guessable. It should be kept a secret, never written down, never saved in a file When a website asks if it should be saved, say no It should have at least six or more letters, numbers or punctuation marks. The letters should be capitals and lowercase It should not have four or more letters found consecutively in the dictionary Reversing the letters won't help either. Hackers use programs to compare passwords to the dictionary forward and backward. Appending a character to the front or back won't help either Compiled from 'Hack Attack' by Cyber Defenders on library.thinkquest.org

 

 

 

HOW HACKERS WORK

Getting the IP address

Every computer has an IP (Internet Protocol) address. A DSL or cable modem connection keeps the IP address 'always on'. A dial-up account's IP address is turned off by the Internet Service Provider after a certain amount of inactivity Dial-up accounts get a different IP address each time they are on. So a hacker can't make repeat visits unless he loads a program on your PC to tell him when you are on-line and gives the current IP address. A hacker can take his time to get to know an 'always on' connection and its weaknesses Common methods for finding your IP address are through chat rooms, looking up domain names on a domain name registrar site, or running programs that can create a log of all valid addresses In a chatroom, all a hacker has to do is right click on your chat ID and get your IP address. A domain registrar can yield a lot of information, including a website's employee names, phone numbers, fax numbers, physical addresses and IP addresses With your IP address, a hacker can test your system for weaknesses. A hacker can take his time to get to know an 'always on' connection. Dial-up accounts get a different IP address each time they are on. So a hacker can't make repeat visits unless he loads a program on your PC to tell him when you are on-line and gives the current IP address

Entering the computer

A hacker takes advantage of operating system (OS) weaknesses (bugs, or holes in software). Browsing windows also have bugs He scans open ports for a running program that can be taken advantage of File- and print-sharing options allow him to access your hard drive, load any program on the drive and delete/change any file on your PC He may use 'trojans', which pretend to do useful tasks—like playing a video or greeting—but actually help him Programs that allow the hacker 'backdoor' entry to your comp are commonly available. They are legitimately used daily to administer remote systems by system administrators 'Social engineering' can be used, where a hacker verbally chats you up and gets important information about your home or office

Cracking passwords

Hackers use special programs to crack passwords. Even a password-protected computer can be broken into and other passwords then cracked Most crackers/hackers have a d cracker dictionary. It has common computer terms and phrases, names, slang and jargon, easily typed key sequences (like 'qwerty'), and phrases you might commonly use as a password Programs to crack passwords are handed out with copies of these dictionaries A common method for cracking passwords is to get a copy of the password file for a system, which gives a list of all encrypted passwords on the system

Chaos on your comp

A hacker can steal and delete files, load dangerous programs on your PC, involve you in computer crime. He can control your life by getting your home, office or bank account passwords The most dangerous trojan is a backdoor trojan. Trojans could come from friends who do not know that the program that sings 'Happy birthday' also loads nasty software on your computer With a 'backdoor' trojan, hackers see your screen as you see it, watch every move of your mouse, every word you type Hackers change the names of their programs to make them look like legitimate system programs. Or they create a hidden folder to keep programs The most common way that viruses are spread is through e-mail. Usually, the virus is not in the e-mail itself, but an attachment. The virus is activated when you open the attachment. Sometimes, the virus sends itself as an e-mail to everyone in your address book

  

 

BMC to review WiFi plan for city

 MUMBAI: The BMC is reviewing its plan to make the city WiFi-enabled after revelations that the Ahmedabad terror email was sent by hacking into the Internet Protocol address of a US national living in Navi Mumbai. The police believe that the hackers misused the WiFi of the American.

The civic body is also having second thoughts about the WiFi plans for its central disaster management cell at a cost of Rs 85 lakh. The civic standing committee had passed the proposals recently.

The Rs 50-crore WiFi project for the city (as reported by TOI on July 26) would have enabled anyone with a PC or a laptop to access the internet without having to plug in.

"But given the possibility of misuse of WiFi, we want to review our proposal and build in security provisions," said a senior BMC official. The BMC will discuss the issue with the police before going ahead with its plans.

The BMC envisages erecting towers across the city while various service providers would pool in the funds. Prerequisites such as roadmap detailing, licensing, positioning of hotspots, and survey of the city for setting up the towers were soon to be spelt out.

Mumbai had taken a cue from the Pimpri-Chinchwad Municipal Corporation (PCMC) which has already floated tenders for the WiFi plan.

Sanjay Gaikwad, founder and CEO of Valuable Group which runs the largest digital satellite cinema network in the world, told TOI that BMC should not get bogged down by security issues. "There is enough protection available to make the system foolproof. Even in foreign countries despite threats, WiFi networks are working fine."

At the same, a senior police officer said that it was not advisable to have WiFi without enough security measures.

"There is always a possibiltiy of the system being misused. There should be a detailed study of the security threats before going ahead with any such plans," he said.