Archive for category Privacy

ATM Skimming

Using an ATM machine is something we all do often but we do not realize the importance of protecting sensitive information while using an ATM. During the past few years ATM skimming has gained a lot of attention as victims suffer, resulting in loss of millions of dollars. Skimming is act of capturing the information or data that is on the magnetic strip of an ATM card through different techniques and further cloning it on a blank ATM card that has a similar magnetic strip which then allows the bad guys to use cards of the victims of ATM skimming.

Bad guys are able to intercept personal identification information using various custom and homemade devices attached to ATM machines. Skimmers use portable data collectors by mounting them over the regular card reading slot where the card is swiped in an ATM machine or fake keypads can be mounted over existing keypads to gather information. After the transaction is complete, the criminal retrieves the device that was placed on the ATM that contains a mini portable storage behind the device that actually captures the information of various ATM users.

Some of the information that is included on the magnetic strip includes the user’s full name, account number, bank details along with other series of information that is required to allow the card to function properly. As a result, a card that is swiped in a slot that has been tampered gives bad guys the ability to steal large amount of cash. Some of the places where these skimming devices are mounted include the lighting fixtures of an ATM, the brochure plastic case, the ATM card swipe slot itself, and the keypad. Skimmers use a number of ways to gain sensitive information of users. One of the mostly used technique is through the use of spy cameras after mounting the card skimmer in the card swipe slot. One such example is shown in the picture below where the scammer has placed a camera in a small wood box that was then attached to the ATM machine along with the card skimmer.

ATM Skimming

The following picture shows a closer view of the card skimming device that was attached to the card swipe slot which was aimed to gain and record data from the magnetic strip on the ATM cards. Criminals may then use the financial information gained along with the PIN that is achieved through spy cameras and withdraw cash from accounts of victims.

Only recently did ATM skimming hit Pakistan when a couple of university students in Islamabad designed a skimmer and robbed people off millions of rupees before being caught by the Federal Investigation Agency (FIA). According to the investigative report a total of Rs. 12 million was robbed through a single skimming device which included 187 PSO cards and a second skimming device for 1192 ATM cards. The university students that were held responsible for the crime included, Nasir Abbas, Muhammad, Zaheer Ahmed, Mustaqeem and Amir Shahzad, Javed.

According to the FIA, Zaheer Ahmed owned two skimming devices which caused a loss of almost Rs. 12 million to the government and private sector. The skimmer that Ahmed owned was used to derive information of credit cards through the magnetic strip behind a card which holds the card owner’s details after which a clone of the cards were made and were used for fraudulent reasons or the information derived from the cards were also used to make transactions online. The second skimmer was a device that is mounted to an ATM machine which gathers the information of ATM users once they swipe their cards in the slot along with a device that records the keystrokes entered to gather the personal identity numbers (PINs) of ATM users.

Skimmers are getting better at what they do day by day. Over the past couple of months, new skimming devices have been introduced by criminals which allow skimmers to connect to the devices attached on ATM machines through which wirelessly transmit sensitive information of the victim as soon as he enters.

Skimming is not easy to detect but ATM users can be aware of some signs to prevent being victims of such a crime. There are many ways to protect yourself from becoming a victim. It is very important to observe the ATM machine before swiping your card in i.e. whether the ATM looks normal other than the usual wear and tear markings or is there anything strange in the appearance of the machine such as glue residue, cracks, exposed wires, etc. Check the card device reader; whether it looks normal or seem to have an attached device to it. One of the most important ways that you can protect yourself while using an ATM machine is by covering the keypad when typing in your PIN since if there is any chance of a hidden camera being present your PIN would be protected and the criminals would be unable to gain that very vital information. Also it is very important to always be aware of your surroundings because you may never know who or what can be spying on you.

According to law enforcement, ATM skimming is a process that is hard to track which makes it very attractive for thieves. ATM skimming maybe on the rise but staying informed and educated can reduce the likelihood being swiped by criminals.


Carrier IQ

Carrier IQ also known as CIQ is a software that is installed not only on smartphones but also on tablets. Carrier IQ was developed to reduce the number of dropped calls, extend battery life and for the device and services to work efficiently at all times which will actually help understand the experience of mobile users. Operators want to develop and enhance the services all the time and this can only be done by knowing when exactly the mobile user is having a bad experience.

Historically operators use their network to solve problems but today’s network and devices are too complex to understand if you can’t see the device itself.  Carrier IQ examines a large amount of data from each device to capture and summarize what exactly is working and what is not. For example, the operators and the device manufacturers need to know where exactly was a call dropped or which applications drained the battery life of the device and most importantly they need to know how to solve the user’s problems when you call them.

Carrier IQ’s technology counts and summarizes problems. According to CIQ, it is not providing key strokes or tracking tools.  Carrier IQ’s technology is the user’s advocate because operators and handset manufacturers, for the first time are getting an understanding of the users day to day problems.

Developers, on the other hand, believe that CIQ is a low level software that is installed by Samsung and HTC at the command of the mobile carrier such as AT&T. According to them, it basically records metrics i.e. every key that is pressed, every touch on the screen, every application launched, every website visited or any kind of traffic entering or leaving the phone or every time the battery is changed, etc.

Carrier IQ calls this software the Mobile Intelligence Platform (MIP). CIQ works with mobile manufacturers such as Samsung and HTC to embed the agent within the Smartphone to track all the data. The biggest issue behind CIQ is the threat to privacy since the software works in a similar manner to a spyware.

Carrier IQ has recently gotten immense attention of the public. With growing concerns of threat to the privacy of users, CIQ is facing a lot of pressure not only from the general public but also has lawsuits filed against their software. Developers are coming up with new ways of disabling the software according to the wish of the users allowing them to control exactly what information they are willing to share.


The Mystery of Duqu

Duqu is a sophisticated malware that was discovered on September 1st, 2011. Some experts claim that Duqu could only have been created by creators of the Stuxnet because nobody else could have the source code to create such a sophisticated malware that is identical to Stuxnet but serves an entirely different purpose as a malware. The three major similarities that have been come to attention between Stuxnet and Duqu are firstly, the components that are signed is done through stolen certificates. Secondly, similar to Stuxnet, Duqu uses a zero-day vulnerability to attack Windows system and lastly, the way Duqu is targeted it requires advanced intelligence to operate it again similar to Stuxnet.

Highlighted few weeks ago by Symantec, researchers have discovered how Duque infects the targeted computers. The malware hides in a Word file (. doc) sent through email to the victims. Once opened, it exploits an 0-day vulnerability in the Windows kernel to execute code and infects the system through service.exe. The infected computers can then be remotely controlled by attackers, who can spread the malware on the network and retrieve data in the process. Symantec issued a diagram summarizing the performance of the intrusion.

With this new discovery, security researchers are now confident that Duqu is designed to address specific high profile critical infrastructures via Word documents designed to look legitimate. Symantec has identified six organizations contaminated in 8 countries: Iran, Sudan, Vietnam, India, France, the Netherlands, Switzerland and Ukraine. To which is added a list of identifications made by other experts in Austria, Hungary, Indonesia and the United Kingdom.

If Duqu starts attacking Pakistani networks, Pakistan would face a huge threat regardless of the existing on-going cyber war between Pakistan and India. Duqu, on the other hand, is a much more powerful malware which if targeted towards Pakistani networks, it could collect intelligence data and assets from high profile entities, with the purpose of conducting a future attack without much effort against additional third parties.

Today remains to be seen whether future changes made by Microsoft will be sufficient to stem the problem. At present, the source of Duqu has not yet been identified. Many measures may be taken to prevent this situation from reaching a system. It is important to have a backup of all exiting data but even more importantly since Duqu is a powerful malware the best way to prevent any potential attacks from it is by protecting and securing critical infrastructure networks from such threats. Microsoft has finally patched the flaw being exploited by the Duqu.

Moreover, a recent discovery was made which states that Duqu has shut down all operations and has cleaned up all their commands leaving security experts almost no evidence for their further research. According to Kaspersky Lab, Duqu has been active since 2007 and was only discovered in October 2011 which proves that several systems might have been infected with the Duqu since years and possibly still not detected.

A further discovery was made that Duqu undertook a global clean on October 20th which cleaned up all their activities since the year 2009 as a result leaving almost no trace of their existence throughout these years. This goes to prove that the aim of attackers behind Duqu was to keep it a secret and as soon as the word got out it was banished. Even now the command & control (C&C) servers behind Duqu remain undiscovered which only goes to show the capability and power of the attackers behind this malware.

Experts were able to point out that servers were hacked through brute-forcing the root password rather than the believed zero-day theory and as soon as the attackers gained control over the servers they upgraded OpenSSH 4.3 to version 5.8 which explains that the newer version of the software must hold such importance.


Can we ever solve the piracy issue?

 

In the mid of last year the US Customs and Homeland agencies seized the domain names of nine popular video streaming sites sighting piracy issues. The seized domain names include popular websites including PlanetMoviez.com, NinjaThis.net, TVshack.net and Links.tv. Visiting these streaming websites displayed the following message from US authorities:

SiteSeizedNOTICE

According to the US government these domains were seized for copyright infringement and illegal distribution of pirated movies and other video content. These websites usually charge a minimal subscription fee and provide users with the illegal content. Also the related bank accounts have been seized in addition with four residential search warrants in New York, New Jersey, North Carolina and Washington. An interesting fact about these websites was that all of them were ranked among top 10,000 in Alexa.

So the situation right now is that these websites cannot be accessed but does that means that the issue of copyright infringement and piracy been solved? Unfortunately, the answer is negative. These measures can only slow down the illegal content distribution but it is not the permanent solution. Why it is not the permanent solution? Lets have a look.

Let us take the example of TVshack.net. The website’s hosting service was provided by a Netherlands based company Ecatel. However the domain name was registered through a US based company and this was the main reason why the domain is inaccessible now. Ecatel is providing its hosting services to a number of companies/websites but none of them had a share on the server like TVshack. This can be supported by the fact that Ecatel’s overall traffic went down 25% after a few hours of the takedown of TVshack.

So have we really blocked the pirated content from TVshack? Unfortunately, the answer is negative. Though the content of the website is not available on TVshack.net, the owner of the website registered a new domain TVshack.cc which contains all the content of the previous domain. This time the domain registrar was a Chinese company. Later in the year the US authorities blocked this  domain and the website owner registered a new domain and moved the content there. Similarly some other confiscated domains are also functional under their new domain name containing all the previous pirated content e.g. Movies-Link.tv is now working under domain Watch-movies-tv.info.

The matter of fact is that the rest of the seized domains will probably be registered under a new domain outside US and more pirated content will be available again in the coming future. In the next few months these websites will again have the same number of visitors they earlier had or probably more. So how much piracy issue been addressed by taking all these measures? You are not going to like it but the fact is that the issue is still the same and nothing changed a bit. The US law enforcers only managed to slow down the process but they failed to prevent it even a bit.

Now lets come to the solution. The first question is that is there even a solution for piracy? One thing is certain i.e. we can minimize piracy but it seems impossible to completely stop it. The problem is that different countries have different rules for piracy. One act can be considered as an offence in one country but the same act cannot be considered as crime in another country e.g. the case of TVshack. This also indicates that many countries don’t even consider piracy an issue and hence they are not taking serious measures to tackle it.

An international body should be formed which would only focus on addressing issues related to piracy. With the collaboration of international community this organization should constitute an international piracy law which would be applicable to all the member countries. This international body would work similar to INTERPOL i.e. it would collaborate with all the member countries to address this crime. The main focus should be on the implementation of this law because certain countries already have some laws but they are not adequately implemented. If this happens, it would definitely help reduce piracy on a larger scale.

,


Copyright © Rewterz. All rights reserved.