On the guard of the cyber world: Ethical-hackers will appear in the Russian army


The Russian army will have special units, which will include ethical-hackers - people with technical education who will protect the "military Internet". They will scan the system for the presence of enemy cyber attacks and quickly neutralize them.

Conscripts will not be able to get into such units because only officers with special higher technical education can serve in a cyber army.

According to military expert Dmitry Boltenkov, it is necessary to block the attacking computers of the enemy and prevent him from getting into the network. Usually, software and hardware protection is used for this, as well as special devices that protect against hacking or warn of penetration.

It is already known that the software has already been created that should unite the field control stations and provide a multi-level network protection system.

According to experts, such a system will make it impossible for external access to the "military Internet". Protection includes several firewalls that prevent unauthorized access. So, specially designed antiviruses will track the unauthorized access of malware.

The exact place where the invasion occurred and the enemy could intercept radio signals or connect to the network will be detected with the help of special programs and equipment. Further, cybersecurity experts from the new unit can identify and localize the consequences of the attack.

The main advantage of this system is its autonomy because "military Internet" is not connected with the usual network, which means it is less prone to leaks and hacker attacks from outside.

The Ministry of Defense tested the work of the “military Internet” this year. The exchange of information at a speed of 300 Mbit/s was carried out between the field control stations at a distance of more than 2 thousand km. The military Department used special equipment and more than a thousand mobile communication and encryption complexes to create ultra-long data lines. The new system allows the exchange of information at a distance of several thousand kilometers, and all communication channels will be protected from hacking.

In addition, the Armed Forces of Russia are also creating a sovereign Internet - multiservice transport communication network (MTSS). It is planned to complete the first stage of work at the end of this year.

All data is in plastic: the usual passports of Russians will begin to change into digital


The Russian government has determined the basic parameters of the future electronic passport. Documents of the new type will be issued to Russians from 2020 in Moscow, and it is planned to fully switch to digital passports by 2022.

Paper passports will no longer be issued, but old documents will remain valid until their expiration date. People over 45 will continue to use paper documents indefinitely.

The e-passport will become a universal carrier of information about a person, necessary for his identification. The government is discussing the addition of other personal data to such a document, such as electronic signatures, fingerprints, insurance number.

However, the design of the electronic passport has not yet been approved. Prime Minister Dmitry Medvedev said that the main version is a plastic card with a chip, which will be complemented by the secure mobile application "My passport".

Such a document looks like a Bank card with a high degree of protection NFC-based chip will be integrated into the card and the card will also have a QR code and holographic protection. All components for the new document will be only "made in Russia".
Crypto-protection will increase the protection of a new passport against fakes. In addition, the mobile application "My passport" will give the opportunity to use a cloud digital signature, which is convenient for entrepreneurs. It is planned that the application will be available for all platforms — Android, iOS and even for the Russian operating system Aurora.

The government promised to pay maximum attention to the protection of electronic passports from hacking and manipulation.

It is interesting to note that Georgian citizens can already receive an electronic identity card, they can get it within three days for $ 10. A “smart” chip embedded in a plastic passport allows identifying the owner and getting all the information about his property, tax payments and even health.

"Now more than three million citizens of Georgia have electronic passports. Citizens from 14 years of age must obtain a passport", – said Givi Azarashvili, the Director of the House of Justice.



In Kazakhstan, everyone who wants to use Internet must allow government to read their Secure Traffic (HTTPS)



Providers of Kazakhstan persuade customers to install a "state trusted certificate" on all devices, which will allow intercepting all encrypted traffic of the country in order to protect citizens from cyber threats and illegal content.

Kazakhstan Telecom operators have begun to notify customers about the need to install a special security certificate Qaznet on all subscriber devices with Internet access - mobile phones and tablets based on iOS/Android, personal computers and laptops based on Windows/MacOS.

The message on the website of the Kcell provider states that the certificate recommended for installation "was developed in Kazakhstan and provided by the authorized state body" and "will allow protecting Kazakhstani Internet users from hacker attacks and viewing illegal content". However, it can be assumed that such opportunities can be used by the authorities of Kazakhstan to gain access to information that citizens exchange via the Internet.

Users are invited to download the certificate from the website qca.kz. This domain name is registered to an individual Askar Dyussekeyev. The address of the owner is the same as the address of the Ministry of Digital Development, Innovation and Aerospace Industry of Kazakhstan.

Telecom operators warn that if the certificate is absent, then customers may encounter problems accessing certain Internet resources.

Indeed, according to some users from the capital of Kazakhstan, it is impossible to access sites that force the use of the secure HTTPS protocol using the HSTS mechanism without installing a certificate. Such sites are now the majority.

According to Shavkat Sabirov, the President of the Internet Association of Kazakhstan, there is a global problem in the world related to the safe use of the Internet.

"All the experiments that were associated with the installation of root certificates failed. All over the world, it is already recognized that this is an unsuccessful and even a terrible attempt to work in a safe mode. If this certificate is stolen or hacked, the attackers will get absolutely all the information about users data that use this certificate," said the president of the Internet Association of Kazakhstan.

The President of the Internet Association of Kazakhstan noted that companies that provide services on the Internet with the security certificate should take responsibility for its use.

The Moscow Mayor’s Office claims that electronic voting is safe


According to Alexey Shaposhnikov, the Chairman of the Moscow Parliament, the experiment to conduct electronic voting in the elections of deputies of the Moscow City Duma will take place, despite the detection of weaknesses in its system during testing.

Shaposhnikov said, “I am a supporter of the development of e-democracy; e-voting is one of the elements of its development.”

Recently, Alexei Venediktov, the Deputy Chairman of the Public Chamber, said that the electronic voting system from July 11 will be available in test mode for everyone. Hackers will be able to try to hack it for a fee of 1.5 million rubles.

Artem Kostyrko, the Deputy Head of the Department of Information Technology Department of Moscow, said that the guarantee of security of the electronic voting system is the fact that it will be held on the website of the Moscow Mayor’s Office mos.ru.

The speaker of Moscow City Duma noted that he did not know of any cases of hacking into the site mos.ru. Specialists, who are responsible for the functioning of the security system, guaranteed correct operation during the counting of votes.

People wishing to participate in the electronic voting must pass verification in advance on the official website of the Mayor of Moscow.

The Moscow City Duma Chairman added that according to preliminary forecasts, up to 6% of the voters in Moscow will participate in the experiment on conducting electronic voting.

It should be noted that the Moscow authorities plan to arrange an online broadcast of electronic voting, during which it will be possible to find out the number of voters.

Experts believe that it remains unclear how the voter authentication, the secrecy of the vote and freedom from being forced to vote will be ensured.

In addition, the technical side of the e-voting process is provided by the Moscow Mayor’s Office, which is a structure of the Executive branch of Government, the head of which represents one of the political parties. According to experts, this is a violation of the principle of independence of election organizers and the principle of separation of powers.

Elections to the Moscow City Duma are scheduled for September 8, 2019. An experiment on electronic voting will be conducted in three districts of Moscow.

The Russian Embassy responded to accusations from London in cyber attacks


The Press Secretary of the Russian Embassy in the UK said that the cyber attacks, which were stated by the British Minister, are not a real problem, but only a reason for the forcing of anti-Russian sentiment.

Recall that on Thursday, British Foreign Minister Jeremy Hunt once again accused Russia of carrying out cyber attacks in order to "undermine the critical infrastructure" and "change the results of the elections" in many countries.

The diplomatic mission stressed that the Russian side "repeatedly at various levels offered British partners cooperation on the issue of cyber threats". However, there has been no reaction from London.

The diplomats expressed the opinion that the new anti-Russian statement of the British Minister indicates that the Russian cyber attacks are not a problem for the British authorities, but an occasion to " forcing anti-Russian sentiments on an international scale."

The Russian Embassy stressed that such statements cause regret and serious concern. In addition, they added that, perhaps, London in this way hides preparations for a cyber attack on Russia.

However, no one in Europe believes Hunt. The President of the Czech Republic Milos Zeman commented on the allegations of Russian influence on the elections.

"Fake news is that Russians, Chinese or someone else influence the elections. Such false news is aimed at creating panic, they are spread by those who are afraid of losing. They are looking for an excuse to lose the election in advance," the Czech leader said.

It is worth noting that Russia has repeatedly denied all the allegations of attempts to influence democratic processes in different countries. Western countries have repeatedly attacked Moscow on this issue.

Earlier, for example, the State Secretary Mike Pompeo said that Russia interfered in the US elections in 2012, in 2008 and in 2004. However, he did not provide any evidence of his words.

Russian Senator Alexei Pushkov drew attention to the fact that from Pompeo's statements it can be concluded that "Russia has been interfering in the US elections since he went to school." At the same time, he noted with irony that maybe Moscow chose Pompeo.

Chinese hackers attacked Russian companies and government agencies for 9 years



Russian Security Companies Positive Technologies and Kaspersky Lab discovered a cyber group which for several years stole data from more than 20 Russian companies and government agencies. The expert said that such groups are usually engaged in political intelligence or industrial espionage.

The hacker group has been working for at least 9 years. The names of the companies attacked by hackers were not disclosed. But it is specified that 24 Russian important organizations were attacked.

According to Positive Technologies, the attackers used Chinese developers to create their tools and used during the attacks Chinese IP addresses. Moreover, the keys for some versions of malicious programs are found on specialized forums where people from China communicate.

Positive Technologies gave the name TaskMasters to the hacker group because it created specific tasks in the task scheduler that allows hackers to execute commands of the operating system and run software at a certain point in time. After penetration into local networks of the enterprises, leaks of information were used for espionage.

Kaspersky Labs said they have been tracking the activity of this group since 2016, and they call it BlueTraveler. According to experts, hackers attack more often government agencies, mainly from Russia and the CIS. In addition, they confirm that the attackers speak Chinese and the methods used by Asian attackers is popular for political intelligence or industrial espionage.

An interesting fact is that the attacks of Asian hackers for years remained unnoticed by antivirus or information security services. Hackers downloaded without trace gigabytes of information, files, documents and drawings to their servers.

Known hackers of financial institutions prefer the method using the task scheduler. Namely, the Russian-speaking groups Cobalt and MoneyTaker use this method.

It is worth noting that at the end of 2018, cybersecurity experts reported that the financial sector of Russia for the year lost at least 3 billion rubles from cyber attacks.

Hackers from Fancy Bear were accused of attacking the Ministry of Defense of Spain

The authoritative Spanish online edition Español citing anonymous sources reported on April 12 that Russian hackers from Fancy Bear were responsible for the attacks on the Spanish Ministry of Defense at the beginning of the year.

This conclusion was made by investigators after analyzing the methods of cybercriminals. Hackers used the same scheme as they did during the hacking the servers of the US Democratic Party in 2016, after which the hacker group became known worldwide.

It is noted that the virus was introduced through external e-mail in order to gain access to the "technological secrets of the military industry."

According to experts, the computers of the Defense Department were under the complete control of hackers for three months. And only in March it became known that the computer network of the Ministry of Defense of Spain was hacked using a virus.

It should be noted that foreign politicians and journalists associate this hacker group Fancy Bear with the Russian authorities. They believe that the purpose of cybercriminals is "to undermine democracy." However, the connection of the hacker group Fancy Bear with the authorities or intelligence services of Russia has not been proven. This statement is based solely on speculation and assumptions.

Hackers in Ukraine are attacking Government websites


On the eve of the presidential elections in Ukraine, phishing attacks on Government Internet resources were activated.

According to the Head of the Computer Forensics Laboratory, the intensity of cyber attacks is increasing every year. It is a permanent process and is not necessarily associated with the elections. However, at the moment, the sites of the Central Election Commission, the Presidential Administration, the Cabinet of Ministers and infrastructure departments may be under attack.

In general, the situation with the cyber defense of Governments departments is now much better than a few years ago, since the cyber defense was improved by European financial assistance. Many different projects on quality protection have been funded.

At the same time, the sites of presidential candidates are in the risk zone of hacker attacks on the eve of the elections. It turned out that politicians can simulate the attack of hackers on their resources for the sake of PR to emphasize their importance.

In the Czech Republic, the Russian center of cyber attacks has been neutralized - Local Media

According to the Czech local news magazine Respekt, Russian Intelligence Services used two computer companies in Prague for performing cyber attacks.

It is alleged that the Czech Security Forces disclosed the activities of the cyber attack center in early 2018.

According to a journalistic investigation, the two companies were formally engaged in the sale of computer hardware and software, but in reality their employees were also preparing hacker attacks using their computers.

Journalists found out that part of the equipment for companies in the Czech Republic was brought from Russia through third countries by cars of the Russian Embassy with diplomatic numbers. The computer companies got this technique also through the diplomatic mission.

The investigation said that the hacker group included both Czechs and Russians who received Czech citizenship. The group could cooperate with several similar Russian groups operating in other countries.

It is interesting to note that in September last year in the Czech Republic for hacking the system of issuing residence permits detained 8 Russians and Vietnamese. Russian hackers had hacked the servers of the Czech Foreign Ministry in the interests of the Vietnamese for a fee, who can legalize their countrymen’s stay in Europe.

Cyberattacks can even take human lives

Cyberattacks by nation-states will soon kill people, either deliberately or unintentionally, a senior security researcher told attendees at the RSA Conference this week.

The May 2017 WannaCry attacks by North Korea and the NotPetya attacks by the Russian military in June 2017 shut down hospitals, disrupted shipping and cost hundreds of millions of dollars in losses — much of it in the form of collateral damage.

It is inevitable, she said during her RSA presentation yesterday (March 5), that future nation-state attacks on such scale will cause loss of life.

"I rarely get to stand up in front of groups and tell them that the news is getting better," Joyce told the crowd. "But if you have purely destructive malware backed by a nation-state, then where does that leave us?"

NotPetya, which targeted tax-collection software that every business in Ukraine was obliged to run, masqueraded as ransomware, Joyce explained. But it was impossible to decrypt the affected data even if a ransom was paid. The goal of NotPetya was purely destructive, and the destruction streamed outward from Ukraine to infect companies and other institutions in 65 other countries.
Part of the collateral damage was at U.S. hospitals, Joyce said, where some patients could not be immediately treated as a result.

"A friend of mine who was suffering from throat cancer was turned away and told to come back next week," Joyce said.

"If you have purely destructive malware backed by a nation-state, then where does that leave us?"
—Sandra Joyce, FireEye senior vice president


Had anyone died as a result of NotPetya, that would have been an unintended consequence of a specific attack on Ukraine's economy. But nation-state malware already exists that is designed to deliberately kill people, according to Joyce.

The Kremlin told about hacker attacks on the website of the President of Russia



Foreign hackers are constantly attacking the website of Russian President Vladimir Putin. Intelligence agencies record a large number of attacks from Europe and the United States said the Kremlin.

As the Press Secretary of the Russian leader, Dmitry Peskov, noted, Western countries like to talk about" Russian hackers", but foreign partners themselves are waging an information war against Russia.

"A huge number of cyber attacks on Russian organizations, individuals and legal entities are constantly organized from the territory of the United States," he said.

According to him, hackers from Europe and North America regularly try to commit hacks. He noted that a new draft law on Autonomous RUnet is aimed at countering this.

The draft law on the Autonomous operation of the Russian Internet segment, if it is disconnected from the global network infrastructure, was submitted to the State Duma on December 14, 2018. The document is aimed at protecting the stable operation of the Internet in Russia in case of external threats. The bill defines the necessary traffic routing rules and organizes the control of their compliance.

The Consular Department of the Russian Embassy in Austria was attacked by hackers.

The Russian Embassy in Austria reported a recorded hacker attack aimed at creating obstacles the normal operation of the Consular Department of the Diplomatic Mission.

The Embassy explained that since the beginning of 2019, employees of the Department began to notice a systematic non-appearance of a large number of applicants who registered on the website through the electronic queue system. Also, citizens began to complain that the appointment was only possible in the months in advance. It is noted that since the beginning of 2019, some days no one who registered for an appointment came to the reception.

"Special technical services, at our request, checked the situation for possible manipulation of information networks from outside, as a result, more than 300 applications were found, processed in an automated mode from IP addresses from Iraq, Thailand, Indonesia and several other countries," said the representative of the Embassy.

According to the Diplomatic Mission, it was decided to remove these applications and block their sources and to date, the percentage of absenteeism of the applicants returned to the usual numbers.

Dmitry Lubinsky, Russian Ambassador to Austria, stressed that it was malicious actions aimed at the actual sabotage of the Consular Department of the Embassy. It is impossible to exclude repeated attacks, but they will closely monitor the situation in the interests of visitors.

Pulkovo Airport's air-traffic control system malfunctioned after receiving threatening emails from Hackers



On August 8th, the Air-Traffic control system "Galaxy" in the international airport "Pulkovo" (Saint Petersburg, Russia) is malfunctioned.  The system  controls the movement of aircraft in the area of approach to the airport.

An interesting fact is that the failure occurred not only on the server but also on all the computers in the control room. Suddenly, they were frozen.

At the time of the incident, four Airplane were in the air without control for about ten minutes.

Few days back (August 3rd) before this incident the Airport's Quality Control Department received threatening e-mail.  The Pulkovo airport received these threatening emails at least three times starting from July 30.

The Cyber Criminals demanded 200 Bitcoins (around 89 million rubles/90 million rupees) otherwise they will disrupt the navigation control system.  Employees assume that these threats and system failure have a direct connection.

Law enforcement agencies found that the letters were sent from Switzerland, and the SIM cards to which the addresses are linked are registered on British citizens. Most likely, hackers used fake IP-addresses to mislead the police.  The police said that no one can hack the air navigation system of the airport from external sources.

Could it be a just coincidence that the control system malfunctioned after these threatening letters? or the hackers really behind the attack? It is still unknown. The experts are trying to find the root cause of the failure. Thankfully, there was no damage.

The cyber criminals can be punished with three years imprisonments or can be fined up to 300 thousand rubles.

This is not the first time an Airport receiving threatening letters from cyber criminals.  But, it appears that this is first time a malfunctioning-incident reported after such kind of letters.  It should be noted that Airport "Domodedovo" (Moscow International airport) also received a threatening letter with a demand of several hundred in Bitcoins.  However, there was no incident reported in this case.


UK Government to Fine Infrastructure Organisations up to £17m for Lax Cybersecurity

Industries running critical infrastructure in the UK will be facing fines as much as £17 million ($24 million), if they fail to put in strong cybersecurity measures as required by the NIS Directive.

NIS covers network and information security to be put into place by 9 May, 2018, and was announced by the UK government on Sunday.

The affected industries include transport, water, energy, and health businesses.

These fines are apparently as “last resort” if any of the above-mentioned businesses fails to follow the cybersecurity guidelines as required by all industries in the EU member states.

The government warned that a regulator will be able to assess the cybersecurity infrastructure of the country's critical industries and will have the power to issue legally-binding instructions to make sure the security is up to its mark — including imposing fines.

The Directive’s objectives are outlined as to manage security risk, ensure protection against cyber attacks, detecting cybersecurity events, and minimising the impact of cybersecurity incidents.

"We want our essential services and infrastructure to be primed and ready to tackle cyber attacks and be resilient against major disruption to services. I encourage all public and private operators in these essential sectors to take action now and consult NCSC's advice on how they can improve their cybersecurity,” said Margot James, Minister for Digital and Creative Industries.

According to the government, they are working on a “simple, straightforward reporting system” where it will be one can easily report cyber breaches and IT failures so they can be quickly identified and acted upon.

The National Cyber Security Centre (NCSC) website states that the first iteration of the Cyber Assessment Framework (CAF) will be available by the end of April 2018.

Russia, India and other Asian countries targeted by Chinese Hackers


According to the Kaspersky Lab's third quarter report, 10 out of the 24 targeted cyber attacks were organized by groups of Chinese speaking hackers.

Experts at Kaspersky said one of the main targets of these cyber criminals was Russian Federation.  They also have targeted other Asian countries which includes India, Mongolia.

In July, Kaspersky detected a cyber espionage campaign(referred as "IronHusky") targeting Russian and Mongolian government, aviation companies, and research institutes.  The incident happened shortly after both countries conducted talks on cooperation in several projects relating to the Air Defense of Mongolia.

Another cyber attack was discovered targeting the Russia and India.  This attack happened after India and Russia signed a much awaited agreement to expand a nuclear power plant in India, as well as further define the defense cooperation between the two countries.  Energy sectors of both countries were targeted with a malicious program named as "H2ODecomposition". 

The experts said that in some case, this malicious software was masquerading as a popular Indian anti-virus solution "QuickHeal".

Kaspersky also noted that Netsarang and CCleaner tools were also targeted by these Chinese-speaking hackers.  The attackers infected the installation packages with a malicious code and hosted on Netsarang distribution site.  Introduction of malicious code into the legitimate software would allow attackers to penetrate the networks of many organizations.

- Christina


UK spymasters suspect Russia is using Kaspersky to spy on people

 

British Intelligence service is reportedly worried that Kaspersky Antivirus offered by Barclays to its customers may be being used by Russian Intelligence agency to spy, according to The Financial Times.

An unnamed official told The Financial Times that GCHQ, British intelligence agency has concerns over widespread distribution of Kaspersky in the UK.

Intelligence officials fear that this might allow Russia to gather intelligence from the computers of Government employees members of the military who are customers of the Bank and have downloaded the software.

The Financial Times added that "No evidence suggests that any data of Barclays customers have been compromised by use of Kaspersky software on their computers."

However, the bank said they were planning to end the deal with Kaspersky for commercial reasons that doesn't have any connection with the GCHQ concerns.

Kaspersky denied the allegations and said the company does not have inappropriate ties with any government.

"No credible evidence has been presented publicly by anyone or any organization. The accusations of any inappropriate ties with the Russian government are based on false allegations and inaccurate assumptions, including the claims about Russian regulations and policies impacting the company." Kaspersky said.

Earlier this year, US Spymasters and FBI chief said that they do not trust software from Russian antivirus company Kaspersky.

- Christina
 

Russian Citizen suspected of cybercrime was arrested in Estonia



A 20-year-old Russian IT programmer is suspected of cyber espionage. He was traveling from Estonia to Russia and was detained at the border crossing in Narva.

According to the local media, the Estonian Security Police(KaPo) allowed the suspect to work for some time unhindered, as a result of which he was linked to the Security Service of Russian Federation.

Authorities said that he is a member of the FSB and was preparing a mass cyber attack on the computer systems of the Estonian State Institutions. According to them, the Russians was trying to make some device or computer program with which he can get access to local computer systems.

Elena Vladimirovna, mother of the suspect, told media that it is completely unexpected for her since her son was never seen in any unlawful actions.

"Of course, I hope that everything will end well and we will be able to prove his innocence." Elena was quoted as saying by Local Media Sputnik. "However, the services of a good lawyer cost a lot of money, which I do not have. Perhaps, the Russian embassy will be able to help us in some way, but I will not let my son to Estonia again never"

The Russian Embassy in Estonia is ready to help. The Embassy asked Estonian Foreign Ministry to give permission to meet the arrested person.

A criminal case has been instituted against the suspect under article 233 of the Penal Code of the Republic of Estonia "Non-violent acts of an alien directed against the Republic of Estonia" and article 216 "Preparing a computer crime". He faces up to 15 years in prison, if convicted.

- Christina


Putin signed a law to Protect Critical Information Infrastructure from Cyberattacks



On 27 July the President of Russia Vladimir Putin signed a new Law on the Cyber Security in order to protect Critical Information Infrastructure(CII) from hacker attacks.

The document published on the portal of legal information. According to the law, those who creates and distributes malicious programs to commit cyber attacks against Critical Information Infrastructure(CII) will face up to 10 years in Prison.

From now on, hacking or illegal access to computer information of Government Agencies is fraught with a five-year forced labour, 3, 5 and 10 years imprisonment, or a fine up to one million rubles. And after hacker got out of the jail, he may be deprived of the right to hold certain posts within five years.

The law defines that security services and a Federal Executive Authority will deal with the fight against hackers.

A law signed by the President will come into force on 1 January 2018.

- Christina

 

Putin Says Number of Cyber attacks against the Russia grew three times

The number of attacks launched against Russian Cyberspace has increased significantly in the recent years, President of Russian Federation Vladimir Putin said at the annual board meeting of the Federal Security Services on February 16.
 
"The Number of cyber attacks against official information databases has tripled in the past year compared to 2015", — said the President.

On 11 February, Oleg Salagai, the Director of the Department of public health & communications Ministry, said that unknown hackers attacked the official website of the Health Ministry. The attackers failed to gain access to any personal data or classified files.


Making Indian Cyberspace Secure!


At a time when Cyber attacks are increasing with every passing day, the Indian government on Tuesday (February 21) launched a Cyber Swachhta Kendra (Botnet Cleaning and Malware Analysis Centre) which is a desktop and mobile security solution for maintaining a secure Cyber space in the country.

India’s IT and Electronics Minister, Ravi Shankar Prasad through its Computer Emergency Response Team (CERT-in) launched the M-Kavach tool in New Delhi which offers a comprehensive mobile device security solution for Android devices addressing threats related to mobile phones. The new solution will notify, enable cleaning and secure systems of end-users to prevent further infections.

"Launched 'Cyber Swachhta Kendra' (Botnet Cleaning and Malware Analysis Centre), an imp milestone in various initiatives taken on Cyber Security," tweeted Prasad. Botnets fundamentally is a program which is automated and runs on a computing device which can be any IoT/smart device. The attacks taking place using botnets are called Distributed Denial of Service (DDoS).

* Botnet Cleaning and Malware Analysis Centre (Cyber Swachhta Kendra) -

India has been ranked 3rd in bot-net distribution. Its a good move for Indian government to clean the computers.  CERTIn has chosen an Indian product for this.

Research by CSPF(Non profit organization) found that Malwarebytes / Avast anti-virus free anti-virus are more effective in removing viruses/bots.

The free product chosen by CERTIn also advertises that botnet cleaning tool is not replacement to anti-virus. "The vendor is trying to sell his other anti virus solutions which is totally unacceptable" according to an US based anti virus company.

"Antivirus and botnet cleaners should be constantly maintained,  Who is going to do this CERTIn or Indian vendor?" asks the US based anti-virus company.

According to CSPF "some samples of botnet were missed by this tool", the tool should have a facility to report malware missed by this tool.

"Launched USB Pratirodh, which will control the unauthorized usage of removable USB storage media devices like pen drives, external hard drives. Launched App Samvid, to protect Desktops from suspicious applications from running," the minister added.

USB Pratirodh is a desktop security solution that controls the usage of removable storage media like pen drives, external hard drives and other USB-supported mass storage devices.

AppSamvid is a desktop solution which protects systems by allowing installation of genuine applications through white listing. This helps in preventing threats from malicious applications.

According to Cyber Security & Privacy Foundation "Some of these tools developed by CDAC including white listing tool is far more complex for a normal user to understand.  White listing tool does not detect .msi files and other extension". 
Executable blocking / allowing has to be manually done. Most end users don't understand white listing, they don't know which to allow/block when there is an issue. users should not end up locking their own computers. Auto white listing that is available in some famous anti viruses should be included.
 
The reason cyber security is an issue among common man is because common man does not understand anything technical. If using the tool is more complex then the actual problem how are we going to solve the problem says a college student.

He also suggests "video should be released by CDAC showing what the tool is about and how to install and run" in multiple languages. 

During the launch, Prasad said that the 13 banks and Internet service providers are using this government facility presently and the government will co-ordinate with other ISPs and product/antivirus companies to spread its usage for a safer online space.

Prasad said that this Kendra will also enhance awareness among citizens regarding botnet and malware infection along with measures to be taken to secure their devices.

The minister also announced that the National Cyber Coordination Centre will be operational by June 2017 and CERT-Ins will be set up at state level as well.

"The government will set up 10 more STQC (Standardization Testing and Quality Certification) testing Facilities. Testing fee for any start-up that comes up with a digital technology in the quest of cyber security will be reduced by 50 per cent. We will also empower designated forensic labs to work as the certified authority to establish cyber crime," Prasad noted.

The move comes at a time when over 50,300 cyber-security incidents like phishing, website intrusions and defacements, virus and DDoS attacks have been observed in the country during 2016.

As per the information reported to and tracked by CERT-In, a total number of 44,679, 49,455 and 50,362 cyber-security incidents were observed during the years 2014, 2015 and 2016, respectively.

The Cyber Swachhta Kendra is part of the government of India’s Digital India initiative under the Ministry of Electronics and Information Technology (MeitY). The Cyber Swachhta Kendra complies with the objectives of the National Cyber Security Policy which aims at creating a secure cyber Eco-system in the country.

The botnet and malware cleaning analysis centre was announced in 2015 with an outlay of Rs. 100 crores.

Industry experts wonder about the 100 crore outlay if it is going to used for building antivirus/botnet cleaning software, honeypots to track bots and take down botnets.

The threat of Cyber security has become more serious and visible in the past few years in the country. There is a need to collaborate and come forth with more solutions like the Cyber Swachhta Kendra. It was a much-needed move by the government. It should not be just another public relation exercise but it should be effective.

You can download the tools from here:
http://www.cyberswachhtakendra.gov.in/security-tools.html