Phishers Piggyback on Indian Websites

Contributors: Avdhoot Patil, Ayub Khan, and Dinesh Singh

Have Indian websites become a safe haven for phishers? To better understand, let’s explore how phishers create a phishing site. There are several strategies phishers frequently use: hosting their phishing site on a newly registered domain name, compromising a legitimate website and placing their phishing pages in them, or hosting their phishing site using a web hosting service.

Let’s now focus on the second method which involves the use of compromised legitimate websites. From April, 2011, to October, 2011, about 0.4% of all phishing sites were hosted on compromised Indian websites. These compromised websites belonged to a wide range of categories but the most targeted was the education category which included websites of Indian schools, colleges, and other educational institutions. Symantec has previously reported on the websites of Indian educational institutions compromised by phishers. The education category consisted of 13% of compromised Indian websites. Some of the other top categories were information technology (11%), sales (9%), Web services (8%), and e-commerce (6%).

The existence of Indian phishing sites in the education category may not be alarming but phishers have exploited Indian websites owned by individuals and organizations across many disciplines:

The phishing sites hosted on these Indian websites spoofed a multitude of brands. The majority of these brands belonged to the banking sector (comprising about 68%). The e-commerce sector comprised about 22%, and information services 3%.

Internet users are advised to follow best practices to avoid phishing attacks:

  • Do not click on suspicious links in email messages.
  • Avoid providing any personal information when answering an email.
  • Never enter personal information in a pop-up page or screen.
  • When entering personal or financial information, ensure the website is encrypted with an SSL certificate by looking for the padlock, ‘https’, or the green address bar.
  • Frequently update your security software (such as Norton Internet Security 2012) which protects you from online phishing.

Critics Line Up to Bash Maker of Secret Phone-Monitoring Software

The backlash against a formerly obscure California mobile-monitoring software maker grew even larger Thursday, with a senator asking questions, citizens bombing the company with bad online reviews, and former customer Apple swearing it off.

Adding possible legal jeopardy to its woes, a former federal prosecutor is also publicly wondering whether Carrier IQ, whose phone-monitoring software was secretly installed on millions of phones, was illegally wiretapping Americans’ communications.

Carrier IQ’s software is installed on phones sold by Sprint, T-Mobile and AT&T, among others, and is intended to help carriers know what problems users are having and what features are most popular.

Apple announced Thursday it had mostly discontinued using Carrier IQ in iOS5 and would stop using it altogether in a new software update.

Meanwhile, Sen. Al Franken (D-Minnesota) demanded that the Mountain View company explain what user data was being captured by the Carrier IQ software .

The brouhaha surrounds the recently published research by 25-year-old Trevor Eckhart of Connecticut, whose video Wired.com posted on Tuesday. The video showed Carrier IQ software logging much of what Eckhart was typing, including text messages, phone numbers and even an encrypted Google search on an Android phone.

“I am very concerned by recent reports that your company’s software — preinstalled on smartphones used by millions of Americans — is logging and may be transmitting extraordinarily sensitive information from consumers’ phones,” Franken wrote (.pdf) Carrier IQ’s president, Larry Lenhart.

The software cannot be removed or stopped by a phone’s owner unless the phone is rooted, though Apple says users can easily stop diagnostic data from being sent to Apple.

Carrier IQ initially threatened Eckhart with a lawsuit unless he apologized for his research and retracted his statement that it was a “rootkit,” but relented after Eckhart got legal help from the Electronic Frontier Foundation.

Compounding the software company’s headaches, Carrier IQ’s website was down Thursday afternoon.

But that didn’t stop the online backlash. As of early Thursday afternoon, Google Places had more than 200 reviews of the company –  nearly all of which were blasting the company.

Verizon, the nation’s largest wireless carrier, denies using the software.

Sprint, the third-place carrier, defended its use of the secret software.

“We collect enough information to understand the customer experience with devices on our network and how to address any connection problems, but we do not and cannot look at the contents of messages, photos, videos, etc., using this tool,” Sprint spokeswoman Stephanie Vinge-Walsh said in an e-mail. “The information collected is not sold and we don’t provide a direct feed of this data to anyone outside of Sprint.”

T-Mobile says it uses Carrier IQ, as well.

“T-Mobile utilizes the Carrier IQ diagnostic tool to troubleshoot device and network performance with the goal of enhancing network reliability and our customers’ experience,” a spokeswoman Patty Raz said in an e-mail. “T-Mobile does not use this diagnostic tool to obtain the content of text, email or voice messages, or the specific destinations of a customers’ internet activity, nor is the tool used for marketing purposes.”

Carrier IQ said the data is used to enhance the mobile-user experience and “to assist operators and device manufacturers in delivering high-quality products and services to their customers.” It said it was not logging keystrokes.

The data, Carrier IQ says, is “encrypted and secured within our customer’s network or in our audited and customer-approved facilities.”

In an interview with Wired.com last week, the company’s marketing manager said Carrier IQ could read mobile users’ text messages.

Andrew Coward of Carrier IQ answered “probably yes” when asked whether that was true.

University of Colorado law and telecommunications scholar Paul Ohm, a former federal prosecutor, said in a telephone interview that the software “verges on wiretapping.”

What’s most alarming about it, he said, was that it exists.

“There’s a lot of really sensitive stuff that you never ever realized that anybody was saving,” he said. “One really likely scenario, the FBI, once they get wind of this, it’s going to give them a trove of information.”

Carrier IQ boasts in promotional materials that its product “takes customer experience profiling to another level, enabling you to view experience data at any level of granularity from the entire population, to comparative groups, down to individual users, all at the touch of a button.” (.pdf)

Among other questions, Franken asked Carrier IQ:

  • Does the software log users’ location, dialed numbers, text messages, e-mail, visited websites, search queries, address books?
  • What data is “transmitted” off a users’ phone, and in what form?
  • Who accesses that data?
  • Is this wiretapping?

All good questions, and from the sound of things online, Franken’s not the only one waiting for clear answers.

Photo: AP

WikiLeaks Unveils the Selling of Surveillance, Sort Of

Screenshot from the Amesys manual showing targets who were apparently under surveillance.

The WikiLeaks submission system may still be incommunicado, but the secret-spilling site woke up on Thursday to release a trove of marketing documents from surveillance companies hawking their wares to governments — though many were previously published by the Wall Street Journal or were already publicly available on the web.

The site published 287 documents that it says are part of a larger cache of hundreds of such documents that reveal price lists, manuals and marketing claims from companies like Blue Coat, whose spying technology is being used by Syria, as well as Nokia-Siemens, Lucent and other large technology firms that have been criticized in the past for selling their wares to oppressive regimes.

The documents so far are getting mixed reviews from critics who point out that the Wall Street Journal published more than 200 of the marketing documents last month in an exposé focused on shining a light on the vast global market for off-the-shelf surveillance products.

The most salient leak in the WikiLeaks cache so far appears to be one discovered by WikiLeaks’ French media partner OWNI, which uncovered a screenshot from a manual created by the French surveillance firm Amesys that shows the e-mail addresses and online pseudonyms of at least 40 people — poets, journalists, writers, historians and intellectuals — who played key roles among Libya’s opposition groups and were evidently being spied on with Amesys technology.

Until recently, seven of them were still living in exile: four in the UK, two in the US, one in Helsinki. Last August, one of them was appointed the Libyan ambassador in London. Another was one of 15 founding members of the National Transitional Council (NTC), created in March 2011 to coordinate the insurgency in Libya. He has since been appointed Minister for Culture.

While they were living in Britain and the United States, the electronic correspondence of all these figures was spied on by the extensive monitoring systems of Amesys, a French electronic warfare arms dealer which forms part of the Bull group.

Asked about their surveillance assistance to the dictatorial regime, Amesys told OWNI, “Amesys is a manufacturer of equipment. The use of the equipment it sells is exclusively the responsibility of its clients. Amesys has never had access to the use made of the equipment it sold to Libya.”

That doesn’t explain, however, how the names of Libyan activists ended up in a user’s manual for its spying software.

The documents are searchable on the WikiLeaks site by company name, product name and technology type — such as GPS trackers, video surveillance and internet traffic monitoring.

Feds’ Anti-Piracy Vid Is Reefer Madness for the Digital Age

No less an official than U.S. Attorney General Eric Holder rolled out yesterday’s new government-backed public relations war on piracy.

“In just a few moments, we’ll be unveiling a series of television, radio, and internet messages designed to help get the word out about the dangers of buying counterfeit goods, and the seriousness of intellectual property theft,” he said at the press conference.

Holder seemed proud of the new push to educate Americans about the perils of internet downloads and online prescriptions, and why not? His briefing on the plan probably made it all sound hip and informative. Then came the actual video. “Lurid” doesn’t begin to describe the one-minute spot, which begins with two teenagers looking at a pirated DVD on the street and then moves in whiplash-inducing fashion to drugs, gang violence, child labor, and thugs sitting around looking generally evil and counting their phat loot. The video does for “piracy” what “reefer madness” and “hairy palms” did for an older generation’s social ills.

As you watch the video below, remember: your tax dollars helped pay for this.

The whole campaign is run by the National Crime Prevention Council (NCPC), the group responsible for McGruff the Crime Dog. McGruff, the “take a bite out of crime” super-sleuth, is recognized by 49 percent of younger adults and teens, says NCPC, which plans to make McGruff “a valuable asset in educating people about intellectual property theft.”