Mobile Security issues & Frauds in India By: Yogesh M.Lolge
Introduction to Mobile Computingo Mobile computing is being able to use a computing device even when being mobile and therefore changing location.• Over 137 million internet users in India.• In 2011 38 million And in 2012 60 million social media goes cybercrime attack. According to Norton Cybercrime Report 2012
Frauds• Computer fraud is altering, destroying, suppressing, or stealing output, unauthorized transactions, this is difficult to detect. This requires real programming skills and is not common.
The graph below is a comparison of unique mobile malware samples detected in 2010 and 2011
Malwares• Spyware : Application that has the ability to capture and transfer data Eg. such as GPS coordinates, text records or browser history etc.• SMS Trojan : Run in the background of an application and send SMS messages to the attacker.
Case 1:Phishing• Mr.Sameer Gupta From Itarasi got SMS “Congratulation you have got 2200 Rs. & it will credited to your account” send reply on 191.After sending He got another message from Vodafone that “RC 135 9593565185 bal 701” and he lost his balance.• Vodafone answered him to file complaint in police station.
Case 2 -Official website of MaharashtraGovt. Hacked• The website contains information about Govt. Dept.,Schemes,Circulers and reports.• When IT Experts identified the hackers namely “Hackers Cool Al-Jazeera ” From Saudi Arabia. This caused because the website had no firewall.• Its Nothing but A Cyber War intimation.
Case 3 - 400 Million SMS scam• Jayanand Nadar and Ramesh Gala,and Jayraj arrested for fraud with 50,000 people for Rs.400 Million.attracted with alluring schemes and ads.• They send Fake SMS “Earn 10,000”.For that deposite Rs. 500.• And also www.getpaid4sms.com to attract various companies.
Case 4 –Online Credit card Fraud e-Bay • Debasis pandit (BCA student) and rai narayan sahu arrested in Rs.12.5 Lack Fraud. • They hack e-Bay Website and make purchases in the name of credit card holders. • Police registered crime under section 420,34 of IPC and Section 66 Of IT Act.
Case 5- Orkut Scam• Abhishek created fake account in the name of girl, with her mobile number posted on her profile, he design her profile In such a way that it collects dirty comments from many who visit her profile, then using an e-mail id which he used cyber cell tracked him.• The girl never created or posted her photos on net…..I will term this as “RAPE”.• Can we prevent this Rape.
Other cases• CEO bazee.com arrested in MMS Porn Scam Of school children.• Krishnan kumar arrested using internet account Col.J.S.Baveja.
Laws & Acts• IT Act 2000• PCI(Payment Card Industry data security std.)• Sec 17-A• HIPPA• ISO 17799• FERPA• NASD3010• DOD8100.2• According o IT Act 2006 dirty SMS Can lead 2 yr. jail.
Control Measures• Authentication• Data Encryption• Firewall• Intrusion Prevention System
Authentication• Authentication verifies that users or systems are who they claim to be, based on identity (e.g., username) and credentials (e.g., password).• Many embarrassing incidents could be avoided by providing vigorous authentication to mobile devices and their networks.
Data EncryptionData encryption refers to• Mathematical calculations and algorithmic schemes that transform plaintext into cypher text.• Cyphertext - non-readable to unauthorized parties.• The recipient of an encrypted message uses a key which triggers the algorithm mechanism to decrypt (decode) the data.• This transforms it to the original plaintext version.
Firewall• A firewall is simply a program or hardware device that filters the information coming through the Internet connection into your private network or computer system.
Intrusion Prevention System• A network security device that monitors network for malicious or unwanted behavior.• It can react, in real-time, to block or prevent those activities.• Network-based IPS, for example, will operate in-line to monitor all network traffic for malicious code or attacks . When an attack is detected, it can drop the offending packets while still allowing all other traffic to pass.
And then tear of securityconcern is sure to go..
Conclusion• In Above Paper I Have dealt with security issues and frauds happens in India. I have focused on applying extra security concepts that are unique without any backdoor to attack on it. One cannot regard Government as complete failure in shielding numerous e-commerce activities on the firm basis of which this industry has got to its skies, but then the law cannot be regarded as free from ambiguities.