Search This Blog

Showing posts with label Indian Cyber Security. Show all posts

Estonia started cooperation with India in the field of cybersecurity


The Estonian Information System Authority (RIA) signed a cyber security cooperation agreement with India last Wednesday.

In accordance with the new Agreement, the parties will provide security in the field of cyberspace with doubled efficiency.

The Ministry of Electronics and Information Technology of India agreed on the Agreement and Margus Noormaa, the Head of Estonian RIA (Information System Authority), endorsed it.

The contract involves the exchange of operational information, conducting special consultations, as well as providing extensive assistance to the parties and communication with experts and specialists in addressing the complex issues.

It is worth noting that on August 21, Vice-President of India Muppavarapu Venkaiah Naidu, who is visiting Estonia, met with the Head of the Estonian Government Juri Ratas.

"I am very pleased that the relations between Estonia and India have become closer in recent years. For example, interest in Estonia has been noticeably increased for both Indian students and start-up entrepreneurs," Juri Ratas said.

During a conversation with the Vice-President of India, the Estonian Prime Minister said that in recent decades Estonia has made a huge leap in economic development and has become a world leader in the field of e-state. Also, as Ratas noted, there are impressive achievements in the field of cybersecurity and blockchain technologies.

"We are happy to share our experience with India. Many local companies have already become excellent investment partners for us, and even wider cooperation in many areas of the economy can grow from this,” the Estonian Prime Minister said.

At the moment, Estonia is one of the most active countries in the field of IT-development.

So, this year the first summer school of cyber diplomacy begins in Tallinn for about 80 diplomats, scientists and experts from 26 countries of the world. The participants of the school will consider the law and norms in cyberspace, the role of cyber operations in modern conflicts and other relevant topics.

The total cost of creating the Cybersecurity Training Center exceeded 18 million Euros. NATO itself invested six million, and Estonia’s alliance partners donated two million.

However, the political scientist Vitaly Gaychonok said that this is crazy. According to the expert, it is extremely difficult to use the same laws in the cybersphere that are applied in real life.

Estonian authorities and the military are focusing on ensuring cybersecurity. In April this year, a Training Center on Cybersecurity was opened in Tallinn, where it is planned to train NATO specialists and conduct international cyber studies.

Cybercrime goes out of control in India



Phishing, data theft, identity theft, online lottery, cyber attacks, job frauds, banking frauds, cyberbullying, online blackmailing, morphing, revenge porn, cyber hacking, child pornography, cyber grooming, cyberstalking, data diddling, software piracy, online radicalisation — the dark web of cybercrimes is spreading across the world and India is one of the hotspots of this digital crime.

With increasing mobile coverage and cheaper data, more and more Indians now access the internet even while on the move. This has exposed unsuspecting ones to fall prey to online fraudsters. Many become victims of sexual exploitation after being made to share personal details while some others use the new media like WhatsApp to spread fake news to create trouble for political and other gains. There have been several lynching incidents in the country in the past couple of years after fake messages about child lifting and cow slaughter were spread through social media.

In spite of an alarming rise in cybercrime in the country, the most recent Government statistics available on this is from 2016. Cybercrimes touched 12,317 cases in 2016 which was an increase from 9,622 reported in 2014. The National Crimes Record Bureau is yet to release the statistics for 2017 and 2018.

The data available is just a tip of the iceberg and the numbers might be much more, says a senior government official. “Many even do not report loss of money or honour out of shame. Many cannot even tell their families that they have lost money in online frauds,” the official said.

Officials say the problem is that common people are not aware of the risks involved while dealing with the internet. Many are unaware, they say, and exercise no caution while using the net. They click unwanted links, unknowingly give the cyber fraudster their personal details and get cheated.

Security flaw in India Post server revealed by researcher

French security researcher Robert Baptiste who goes by Elliot Anderson on Twitter has been revealing cybersecurity flaws in the Indian scene for a while now. This time, he has reported a vulnerability on the India Post server that allows remote code execution.

Baptiste has in fact reported this flaw in place of an Indian researcher who chose to remain anonymous because of legal implications in face of Indian law.

The subdomain of India Post — digitization.indiapost.gov.in — was vulnerable to an Apache vulnerability i.e. CVE 2017-5638. It meant that the attacker would be able to run code on India Post server, as shown below:




The flaws led to exposed bank details of employees as well as databases of sensitive information. He posted several screenshots of the files he was able to access by exploiting the flaw.


He also revealed that he was not the first person to exploit these flaws and posted screenshots that show activity from almost a year ago on 14th April, 2017.


The vulnerability has since been fixed, leading to Elliot Anderson tweeting out the details of this recent hack.



Jharkhand Police launch Responsible Disclosure


Good News to Bug Hutners - Jharkhand Police's Cyber Defence Research Center(CDRC) launched a facility for Responsible disclosure. 

One of the major issues faced by Bug hunters after finding a vulnerability in a website is a safe method to disclose vulnerabilities.

Usually, Researchers get frustrated about the lack of action by the organization when they report a vulnerability.  Sometimes, Organization will horrify researchers with a legal notice on you and accuse you of all sorts of cyber crimes.

To make an end to these issues, the Jharkhand Police has launched a service where security researchers can submit their vulnerability finding.

CDRC will contact the organization on behalf of you and help them to correct the reported security flaw.

You can use this service for reporting vulnerability in websites of any Indian Ministry , public/private organization or Government department.

You can submit your vulnerability finding here:
http://cdrc.jhpolice.gov.in/responsible-disclosure-submission/

Researchers should really thank Jharkhand Police for creating such a wonderful service to help security researchers and organization.