Authors Posts by Ayush Saraswat

Ayush Saraswat

426 POSTS 1 COMMENTS
Founder and Editor-in-Chief of 'Professional Hackers India'. Technology Evangelist, Security Analyst, Cyber Security Expert, PHP Developer and Part time hacker.

The take-down of the Kerala government website on Sunday has wildly escalated into a full scale cyber war between the two countries. The problem is, the war seems to have been started, and is being continued by individual players with nothing to lose.

Yesterday, news emerged that the Kerala government’s official website, kerala.gov.in, was hacked and defaced by a “suspected Pakistan-based hacker”. The police cyber cell is still probing the incident, and the website has since been restored.

However, mere hours after the incident came to light, hackers here in India had formulated a plan of their own. What has followed can only be described as coordinated cyber warfare, with at least 227 Pakistani websites being attacked, though that number has probably spiked since I’ve written this article.

The “counter attack”, titled #OpPak, is backed by a number of hacker groups in the country and, though a ring leader can be tough to identify, the main players are easy enough to pick out. Hell Shield Hackers is one of the groups leading the charge, a team comprised of [email protected]@rus, Psychotic overload, Distroyer 404, poison operator, Darka NSH, and IN73CT0R D3VIL. Though there are likely other members, various tweets confirm that these few are the currently active members. There’s also theMallu Cyber Soldiers and IndiShell, who don’t seem to be active on Twitter right now, but are still thanked on a Pakistani website that was defaced.

Among the many Pakistani websites listed here that were defaced, hacked, or DDoS’d, a lot of them are government websites. Meanwhile, the hacker behind the Keralagovernment attack was one Faisal Afzal, a coder who has attacked Indian institutional websites in the past. And the Kerala government website wasn’t his only target it seems. Faisal 1337, as he calls himself, has also identified http://banking.csc.gov.in, http://insurance.csc.gov.in, http://gokdelhi.kerala.gov.in/, and even the Chennai customs website, earlier on September 26.

Hell Shield Hackers

Indian Hackers havent hacked a single pakistani site after 15th August 2015. But Faisal Afzal hacked kerala.gov.in .. Dude? We are not sleeping . If you even touch a Indian site, we will crush you up.. :3 .Now feel the heat pakistan.gov.pk hacked.

The Indian teams have taken up the mantle of avengers, calling themselves India’s “cyber warriors”. Some might see this as an overreaction to one man’s hacking. Others might see it as righteous payback for a slight from a Pakistani man, a country we have longed viewed with contempt, and vice versa. But is anyone else (like me) absolutely terrified by this entire thing? Let’s be clear, it does inspire a twisted sense of awe to see so many hackers unite under one banner to “defend” their national pride. But, at the end of the day, it’s likely not the hackers that will suffer the consequences of a cyber war.

One Pakistani hacker defaced an India government website but, to be fair, Hell Shield Hackers have themselves clearly stated that they attacked various Pakistani websites on August 15. This kind of back and forth isn’t really something that can be controlled by cyber security forces; there simple isn’t enough man power to monitor every individual, but at least it’s confined to a manageable level. But the scary part is that, our own hackers responded to this singular incident with brute force, taking down at least 227 websites in return. In war terms, that would be like responding to a cross-border raid by one platoon with a full-scale tank invasion of a border town. And you can be sure neither party is going to pull the plug easily; escalation begets itself, and it’s likely only a matter of time before Pakistani hackers rally and launch a counter attack of their own.

And the problem with these hacker teams duking it out is that their targets aren’t each other, but instead the institutions that they claim to be representing. A hacker team won’t be hurt a cyber attack, only the victim country’s functioning will. And yet, the tit-for-tat will continue, with hackers dealing out insults, and countries suffering the blows. It’s a mercenary war with countries on the line. And it’s likely to get very ugly very soon.

by -
2 73

THIRUVANANTHAPURAM: Kerala government’s official website has been hacked by “suspected Pakistan-based hackers”.

The cybercell police are probing into the incident, which is suspected to have occurred last night.

“State government’s official website ‘www.keralagov.in’ has been hacked by Pakistan-based hackers and efforts were on a war footing to restore it,” home minister Ramesh Chennithala said.

Chennithala said that once Kerala police’s proposed ‘cyber dome facility’ becomes functional, state government will be able to take necessary precautionary measures.

“Such instances of hacking have taken place all over the world. Once the state police’s proposed cyber dome facility at Technopark here becomes functional, security auditing of all government websites will be carried out and we will be able to take all precautionary measures,” he said in a Facebook post.

by -
0 17

Anonymous leak second tranche of top secret document belonging to Government of Canada

Continuing their online protest against the Canadian government, hacktivist belonging to the Anonymous collective have leaked another high-level federal document about the redevelopment of Canada’s key diplomatic centres in Britain.

The above leak is the second one made by Anonymous and is marked as “secret” and marked “confidence of the Queen’s Privy Council,” discusses government cost overruns — but an eventual anticipated profit — from the Department of Foreign Affairs’ selling, relocating and refurbishing of Canada’s diplomatic buildings in London, one of its last major acts under former minister John Baird.

The document belongs to the Treasury Board of Canada and is dated Feb. 6, 2014. The earlier documents released by Anonymous revealed the closely guarded secret of the specific size of Canadian Security Intelligence Service’s network of foreign stations and problems with their outdated cyber security.

“They have their best people on it.… It’s a bit of a black eye on public sector security,” said the source on condition they not be named. Federal authorities are comparing versions of the documents and scanning for discrepancies that may help track down from whose hands it may have slipped. “It just goes to show, you have to do more to keep things secure,” said the government source.

The source also acknowledged that the documents leaked by Anonymous as authentic. The government source also dismissed conspiracy claims made by the activists, including any claim the diplomatic moves were linked to CSIS and spying, as “wholly false.”

Anonymous have stated that they have many more such documents and have promised to release one tranche at a time to mount pressure the Canadian government over the fatal shooting of a protester in B.C. and the passing of Bill C-51, the controversial anti-terrorism bill that gave expanded powers to police and Canada’s spy agency.

Lisa Murphy, spokeswoman for the Treasury Board of Canada Secretariat, did not answer specific questions about the documents.

“We do not comment on leaked documents. The Government of Canada is committed to sound stewardship and information-management practices,” she said. “We are continuously taking measures to ensure the safeguarding of our information holdings. The Treasury Board Secretariat is committed to protecting classified information on its networks.”

The government source said that the matter is being investigated by the police.

While Facebook’s free service Internet.org faced criticism in India, it appears that the social network hasn’t given up on it yet. It has now decided to rebrand the product to ‘Free Basics by Facebook’.

The announcement was made at the Facebook Headquarters in Melno Park, California by Chris Daniels, VP of Internet.org, in the presence of a small group of Indian journalists.

The app as well as web platform offers access to more than 250 services, which are now available in 19 countries across the globe including India. Free Basic users will also get access to 60 new free services. The announcement comes before PM Modi’s town hall meet with Facebook founder and CEO Mark Zuckerberg at the new campus.

Zuckerberg has also written a post stating how a soybean farmer from rural Maharashtra ‘makes better parenting decisions by accessing expert advice through the BabyCenter app for free through Internet.org.’

He further talks about the ‘improvements’ and the platform being ‘open to all developers’. “We’ve improved the security and privacy of Internet.org. We already encrypt information everywhere possible, and starting today Internet.org also supports secure HTTPS web services as well,” he added.

In India, the net neutrality debate and massive public outrage had made many take sides, and some big names like NDTV, Cleartrip and some properties of Times Group decided to part ways with Internet.org as a result.

Apple has already rolled out an update to its recently released mobile OS – iOS 9. The first update to Apple’s new operating system will fix a few reported glitches. The company has issued an instruction guide on its website for users looking to fix the bug. The update is available as an OTA download for all the devices that support iOS 9.

iOS 9.0.1 will fix a bug which was reported by many users wherein the device stuck on the ‘Slide to Upgrade’ screen after updating to iOS 9 or while restoring from a backup. The company also fixes the glitches, including inability to complete the setup assistant process after upgrading the device to iOS 9.

Additional improvements include fixing the bug that would cause alarms and timers to fail when activated. It also fixes an issue in Safari and Photos where pausing a video could cause the paused frame to appear distorted. iOS 9.0.1 also fixes an issue that caused many users with a custom APN setup via a profile settings to lose mobile data. Lastly, the new update will also offer a few security fixes.

Follow the below steps to update to iOS 9.0.1:

1. Connect your iOS device to a computer. Then make sure that iTunes is open.

2. While your device is connected, press and hold the Sleep/Wake and Home buttons until you see the Connect to iTunes screen.

3. When asked, choose Update.

4. Once the restore is done, finish the onscreen steps to set up your device.

Yesterday, the government released a draft encryption policy aimed at keeping a tab on the use of technology by specifying algorithms and length of encryption keys used by ‘all’. It wanted businesses, telcos and Internet companies to store all encrypted data for 90 days in plain text which should be presented before the law enforcement agencies whenever asked to. Moreover, failing to do so would mean legal action as per the laws of the country.

After a huge outcry, most of us woke up to the new proposed addendum this morning wherein the government has clarified to exempt products such as social media sites including WhatsApp, Facebook and Twitter; payment gateways; e-commerce and password based transactions and more from the draft policy.

Finally, the government has decided to withdraw the draft encryption policy.

What’s fascinating is how the whole process felt like déjà vu. Haven’t we seen the drama unfold before. While the dust on the net neutrality sage has barely settled, we’re already facing newer issues related to encryption and privacy. We never learn from our mistakes, do we? A new draft policy, public outcry, and then comes the much-needed changes.

The Indian government hasn’t just caused anxiety and chaos among the netizens, but the initial draft completely misguided people. According toTheNextWeb, “The Indian government has made a fool of itself and caused anxiety among citizens with a woefully misguided proposal for a national encryption policy that it’s just released to the public for feedback.”

While we sit back and talk about Digital India, smarter cities and so on, the makers of the law seem to be clueless about some major by-products concerning these initiatives such as security, privacy and likewise. Each time the government talks about a new initiative meant to bring in some law and order pertaining to digital rights, it somehow manages to come up with implications that could affect us far worse.

In this case, the Indian government is trying to ensure that its law enforcement agencies have easy access to encrypted information whenever required, but this could easily compromise security and privacy in the process.

Moreover, each time the government releases a proposal for our digital lives, it’s people who remind the government about the adverse implications it could have. Does the expert panel writing these reports know nothing about privacy and how it possibly works? Or is the government simply looking at a trial balloon policy to gauge reactions by people. So, next time we don’t react, a draconian rule might just be governing our digital lives.

The whole net neutrality saga continued for months with assurance from the government on how it supports free and equal Internet, and eventually made ‘certain changes’. This seems headed on a similar path. Though the new addendum comes with changes, it still leaves us as muddled as before.

Pranesh Prakash of the CIS has tweeted out how the new clarification clarifies nothing.

A new Medianama report also points out loopholes in the changes announced. The report adds how any encrypted service would have to sign an agreement with the government. With the heavy mobile penetration and increasing number of encrypted mobile services that people use, it is really feasible for the government to ink an agreement with all the services that are based outside the country.

In the past, we’ve seen the blame game around the laws, usually the ‘hurriedly’ changed laws passed (after the inability to monitor encrypted messages during the Mumbai terrorist attacks) in the winter session of 2008 without any debate or discussion by bears the brunt. Earlier this year, we saw the government crack down the Section 66A of the 2008 Information Technology Act describing it “unconstitutional” and “hit at the root of liberty and freedom of expression, the two cardinal pillars of democracy.”

Why can’t all the thinking be done before drafts are penned down for public review. A well thought out report would help avoid retractions later.

NEW DELHI: You may soon need to keep a copy all messages sent through encrypted messaging services such as WhatsApp (Android version supports encryption), Google Hangouts or Apple’s iMessage, for 90 days, if the proposed National Encryption Policy is implemented in its current form. Online businesses too would need to keep your sensitive information including passwords in plain text for the same period of time, thus exposing your information to potential hacking attacks.

The government has published a draft of the policy document online to seek feedback from citizens and organisations. It details methods of encryption of data and communication used by the government, businesses and citizens.

Here are some implications for citizens and companies if the policy is implemented in its current form…

According to the draft, citizens may use encryption technology for storage and communication. However, encryption algorithms and key sizes will be prescribed by the government through Notification from time to time. This means that the government will determine the encryption standards for all and entities like Google and WhatsApp will have to follow the encryption standards prescribed by the Indian government.

What’s bizarre is that the draft lists specific guidelines for all citizens who use encryption services including instructions that individuals should store in plain text versions of communication for 90 days. So this may imply that you’ll have to store your WhatsApp messages for 90 days or face action in case asked to reproduce.

What’s appalling is that the government expects all citizens to be aware of encrypted communication and the way to store messages in plain text securely. A large number of users may in fact not even know that WhatsApp and iMessage use encryption.

As per the draft, “all citizens including personnel of Government / Business (G/B) performing non-official / personal functions, are required to store the plaintexts of the corresponding encrypted information for 90 days from the date of transaction and provide the verifiable Plain Text to Law and Enforcement Agencies as and when required as per the provision of the laws of the country.”

The draft also proposes similar guidelines for B2B or enterprise users where data exchange is even more critical and for B2C communication. “On demand, the user shall be able to reproduce the same Plain text and encrypted text pairs using the software / hardware used to produce the encrypted text from the given plain text. Such plain text information shall be stored by the user/organisation/agency for 90 days from the date of transaction and made available to Law Enforcement Agencies as and when demanded in line with the provisions of the laws of the country,” it adds. This implies that e-commerce websites will have to keep a plain-text copy of user details leaving their information vulnerable to hackers.

The policy also mentions that Service Providers located within and outside India, using encryption technology for providing any type of services in India must enter into an agreement with the government for providing such services in India. The government will designate an appropriate agency for entering into such an agreement with the service provider located within and outside India. This means WhatsApp, Apple and Google will have to sign agreements with the Indian government to provide services in the country as they use encryption technology. This will make the process more bureaucratic and create roadblocks for app providers. In its current form the policy could have a detrimental effect on the privacy of citizens and expose sensitive data to potential abuse.

“All vendors of encryption products shall register their products with the designated agency of the government. While seeking registration, the vendors shall submit working copies of the encryption software / hardware to the Government along with professional quality documentation, test suites and execution platform environments. The vendors shall work with the designated Government Agencies in security evaluation of their encryption products,” the draft adds.

However, mass use products like SSL/TLS that are used for financial transactions are exempted from registration. Users in India are allowed to use only the products registered in India though. So using a service not registered with the government will be illegal. “Government reserves the right to take appropriate action as per Law of the country for any violation of this Policy,” the draft categorically states.

The document has been drafted by an expert group set up under the Department of Electronics and Information Technology (DeitY) which comes under the union ministry of communications and information technology. All citizens can send their comments on the draft policy to [email protected] by October 16 and give suggestions.

Source : TOI

Here is how to stop Facebook from using your browsing history to serve ads

Don’t like Facebook’s personalized ads that follow you around the Internet? The social network is now giving users a tool to block them.

Facebook will now start be using your Web-browsing data to target you with advertising.  All this will be done thanks to Like and Share buttons placed on websites and apps that collect data about things you’re reading, watching, and interested in.

The company announced it would use this data collected off Facebook in personalized ads last year, and on Tuesday, said it is beginning to use it more broadly. However Facebook has also given a way for users to opt out of this targeted advertisements.

“Today, we’re introducing an additional way for people to turn off this kind of advertising from the ad settings page right on Facebook,”wrote Stephen Deadman, Facebook’s global deputy chief privacy officer.

“We are continuing to roll out online interest-based advertising,” Deadman wrote, “and will now begin including information from pages that use Facebook’s Like button and similar social features, as we announced last year.”

Earlier, FB users could block the ads through the Digital Advertising Alliance’s AdChoices program, or through settings on Android and iOS phones. Now they can do it through Facebook. If you prefer Facebook doesn’t use all the data it knows about you from Like buttons and other social features that exist off Facebook, you can modify that in your ad settings.

Go to Settings in Facebook. Click on Ads. You can opt out of behavior-based ads under “Ads based on my use of websites and apps.”

If you’ve previously opted out of Facebook’s ad targeting through the Digital Advertising Alliance, which lets you remove yourself from behavioral ad tracking from a number of online companies, you’ll see your settings say “No” in the settings page.

As the Digital Advertising Alliance system was based on cookies, it required you to opt out of ads on individual devices. Now however, Facebook makes it easy for you to directly disable the ads from the settings panel.

In the drop-down box, click “Off,” and it will prevent Facebook from using your Web-browsing data to serve up ads.

Remember you can only stop Facebook from serving ads to you. However that does not mean that Facebook wont collect your personal surfing habits and browsing history in the first place.

Motorola has started rolling out the Android 5.1 Lollipop update for the first-generation and second generation Moto G in India.

The Android 5.1 Lollipop update for the dual-SIM enabled Moto G is now available OTA (over-the-air) and comes with build number 221.21.56.en.03

The Moto G (Gen 1 and Gen 2) users will either receive a notification for the OTA update to Android 5.1 Lollipop, or they can also check manually for the update by visiting Settings>About phone>System updates. With either method, users will have to then select ‘Yes, I’m in’, to authorise the download of the update, and then click ‘Install now’.

One of our member Ms. Prachi Soni inform PHI About this update and he also posted a screenshot of the Android 5.1 Lollipop update for the Moto G (Gen 1), showing the build number and changelog.

Notably, the company has also posted the changelog for the update on ‘Release Notes’ support page and it includes the new Material Design UI with fluid animations to new application and system themes, colours and widgets, as well as the new notifications UI that will now appear on the lock screen. Other new features part of the Android 5.1 Lollipop update for the first generation Moto G include Smart Lock; new interruptions and downtime settings that will offer the option to tailor how interruptions behave; redesigned multitasking; Ambient Display now showing notifications without turning on the full display; revamped Motorola Assist, and the new flashlight option as part of Quick settings in Lollipop.

Also listed are smarter Internet connections and performance improvements via new the Android Runtime (ART) to help optimise app performance.

The Lenovo-owned company had last week updated its ‘Motorola Update Services’ app in Google Play ahead of an impending Android 5.1 Lollipop update for the first and second-generation Moto G. Users last month were also reporting that Motorola had started the Android 5.1 Lollipop ‘soak test’ in India with members of the Moto Feedback Network.

Last approx 2 weeks back , the company officially rolled out the Android 5.1 Lollipop update for the first-generation Moto E

by -
0 23

The Dislike button has long been the most requested feature from Facebook users. So when Mark Zuckerberg today said in a public Q&A that the company was working on a way to show empathy for victims of tragedies and other things that are inappropriate to Like,news outlets around the world sprung into action saying the masses would soon get their wish.

But don’t hold your breath for a button called “Dislike”. Zuck explicitly said that’s not what Facebook is building.

Here’s the video of his response to requests for a Dislike button. At the bottom of this post you’ll find the full transcript of this answer.

What exactly did Zuck say?

Facebook is building a new button

“I think people have asked about the Dislike button for many years…today is the day where I actually get to say that we’re working on it, and are very close to shipping a test of it.”

But it’s not a Dislike button

“we didn’t want to just build a Dislike button because we don’t want to turn Facebook into a forum where people are voting up or down on people’s posts. That doesn’t seem like the kind of community we want to create.”

There’s a gap in Facebook’s feedback mechanisms

“People aren’t looking for an ability to downvote other people’s posts. What they really want is to be able to express empathy. Not every moment is a good moment, right? And if you are sharing something that is sad, whether it’s something in current events like the refugee crisis that touches you or if a family member passed away, then it might not feel comfortable to Like that post.”

So Facebook’s building a solution

“But your friends and people want to be able to express that they understand and that they relate to you.”

Really, this makes total sense. If Facebook built a Dislike button, it would just cause confusion. If I share a post about victims of a natural disaster, and you Dislike it, does that mean you Dislike that the tragedy happened? That you Dislike the victims? That you Dislike that I posted it? It’s extraordinarily ambiguous in a way that directly conflicts with how Facebook builds products.

How Facebook Might Build A “Sorry” Button

What makes much more sense is a button that conveys that you empathize or sympathize with a post’s author and/or those affected by the tough situation.

In fact, Facebook already has a version of this called “Recommend”. Websites can use it instead of the Like button to help people share stories that are tragic. But now Facebook is building something new to express condolences.

Whatever wording Facebook picks, it has to be widely understandable, translateable across languages, succinct, and unambiguous.

One possibility for the name of the button could be “Sorry”, or something of that nature. A word that when you read it, you know the sender understands the sadness of a story, and feels for you and the victims.

To implement this, Facebook might give people posting stories the option to replace the Like button with this empathy button, or add one beside it. Facebook could potentially recommend the presence of the empathy button depending on the content of your post. For example, if it detected that what you’re saying is sad because you included the terms “died”, “passed away”, “hurt”, “fired”, or “broke up”, or that you’re linking to a news story flagged as tragic.

This way, if you share something sad, people don’t have to be apprehensive about Liking it because they might give the wrong impression. This apprehension can fool Facebook’s News Feed sorting algorithm into thinking a post isn’t interesting. An empathy button will clue the algorithm in to when a post isn’t Likeable, but it’s still important for people to see.

You know, I think people have asked about the Dislike button for many years and probably hundreds of people have asked about this. Today is a special day because today is the day where I actually get to say that we’re working on it, and are very close to shipping a test of it.

You know, it took us awhile to get here. Because you know, we didn’t want to just build a Dislike button because we don’t want to turn Facebook into a forum where people are voting up or down on people’s posts. That doesn’t seem like the kind of community we want to create. You don’t want to go through the process of sharing some moment that’s important to you in your day and then have someone down vote it. That isn’t what we’re here to build in the world.

But over the years of people asking for this, what we’ve kind of come to understand is that people aren’t looking an ability to downvote other people’s posts. What they really want is to be able to express empathy.

Not every moment is a good moment, right? And if you are sharing something that is sad, whether it’s something in current events like the refugee crisis that touches you or if a family member past away, then it might not feel comfortable to Like that post. But your friends and people want to be able to express that they understand and that they relate to you.

So I do think that it’s important to give people more options than just Like as a quick way to emote and share what they’re feeling on a post, so we’ve been working on this for awhile. It’s surprisingly complicated to make an interaction that you want to be that simple. But we have an idea that we think we’re going to be ready to test soon, and depending on how that does, we’ll roll it out more broadly.

But thank you for all the feedback on this over the years. I think we’ve finally heard you and we’re working on this and hopefully we will deliver something that meets the needs of our community

New Delhi: Indian government is all set to release a new and improved version of the operating system (OS), namedBharat Operating System Solutions or BOSS this month.

According to reports, the Indian government will launch the latest version of BOSS to replace Microsoft Windows and all other OSs in future.

The new OS, developed by C-DAC (Centre for Development of Advanced Computing), will be unveiled to all government stakeholders this week.

The new OS is believed to have been launched to overcome the vulnerabilities that exist in government cyberspace resulting in a number of countless attacks by hackers.

BOSS, which is a linux distribution, is developed with the help of Gujarat Technical University, DRDO and some other private computer manufacturers.

Initially developed in 2007 by National Resource Centre for Free/Open Source Software (NRCFOSS) of India, this OS is a free and open source operating system. The latest version of BOSS was released in 2013, after that it is said to have undergone many changes to fit the process.

SOCIAL CONNECTIONS

1,074FansLike
10Subscribers+1
1,000FollowersFollow
543FollowersFollow