Monday, May 2, 2016

International Legal Issues Of Cyber Attacks By Perry4Law Organisation (P4LO)

Anybody who has dealt with international cyber law and cyber security related issues must be aware that it is really tough to solve such cases. Being transnational in nature, cyber law and cyber security issues require international cooperation among various nations and law enforcement agencies.

For instance, if a simple exercise of internet protocol tracking is undertaken, it takes months before any information is received from a foreign jurisdiction. Even in such cases, these are exceptional cases and not a general practice. In this process, the crucial digital evidence is lost forever and the cyber crimes investigation becomes a cold trail.

As there is a severe conflict of laws in cybersapce, it is very important to be aware of various technology related laws of various jurisdictions. However, it is not possible to be aware of all the laws of various jurisdictions. In order to spread public awareness in this regard, Perry4Law Organisation (P4LO) has been managing a dedicated blog on international legal issues of cyber attacks and cyber security. It is the exclusive techno legal blog on the topic not only in India but in entire world.

The blog has covered many techno legal aspects like use of cyber espionage malwares, need for the national security policy of India, legal immunity against cyber deterrent acts in India, open source intelligence through social media websites, protection of Indian cyberspace, national counter terrorism centre (NCTC) of India, cyber security challenges of India, cyber preparedness of India, the Wassenaar Arrangement and cyber security issues, intelligence agencies reforms in India, banking cyber security, techno legal analysis of Gameover Zeus, cyber crimes insurance in India, smart cities cyber security in India, etc.

As on date we have no dedicated cyber security laws in India. This is the reason why cyber security is more ignored than complied with in India. Even the blooming e-commerce industry of India is devoid of required cyber security practices and requirements. Cyber security of banks in India is also not upto the mark. This has forced the Reserve Bank of India to constitute a IT subsidiary that would consider, monitor and prescribe cyber security related rules, regulations and practices for banks in India. Even the Companies Act 2013 has prescribed cyber security obligations for the directors of companies. This is in addition to the cyber law obligations of banks and directors of Indian companies.

It is well understood that international legal issues of cyber attacks are not easy to handle. Nevertheless, Indian government cannot afford to ignore this situation and it must urgently work towards making Indian cyber security robust, resilent and effective. P4LO hopes that our readers would find our blog on international legal issues of cyber attacks, cyber law and cyber security useful.

Good News for Auditors – Nipper Studio 2.3.4 Is Here and Includes a Check Point Configuration Retriever

With the launch of Nipper Studio’s 2.3.4, Titania is integrating Check Point devices into the
software’s remote audit functionality. Now auditors will be able to use the tool to remotely retrieve files from Check Point devices, with the configuration retriever supported by Nipper Studio 2.3.4. This includes the Check Point management systems, thus allowing the auditing of multiple devices simultaneously.

Aside from the convenience that remote auditing adds to any Nipper Studio audit, the configuration retriever was created specifically to assist Titania customers. Check Point software can run on a variety of different operating systems and platforms, but extracting the configuration file is a time-consuming process that many auditors often struggle with. The configuration retriever is designed to simplify the process and reduce support time for penetration testers.

As well as the configuration retriever, Nipper Studio 2.3.4 has also added the “Exclude
Vulnerabilities” functionality for vulnerability auditing, which allows users to specify vulnerabilities that may be erroneously flagged due to the system they operate. The “Exclude Security Issues” functionality was already available for security auditing, in order to exempt specific issues for bespoke network setups. This enhancement was added in response to customer feedback carefully reviewed by the Technical Team.

Nipper Studio was designed by Ian Whiting, a former penetration tester who truly believed that “an auditor’s time is best spent assessing things that require human input, while mundane and routine tasks are excellent candidates for automation”. This was the underlying concept for Nipper Studio. Today the software serves information security professionals worldwide, in more than 60 countries, while features and functionalities continue to be added in answer to their needs.

Visit the real page here - http://cybersecurityauditing.blogspot.com/2014/10/good-news-for-auditors-nipper-studio.html

Open Source Intelligence (OSINT) By Intelligence Agencies Through Social Media Websites

Social Networking websites are rich source of sensitive and personal information. This information is mostly shared voluntarily by the users of such Social Networking websites but in many cases they are also forced to part with this information to have access and continued access to such websites. Naturally, Intelligence Agencies have "Inherent Interest" in such information especially those Intelligence Agencies who belong to the same Nation where such Social Networking websites are located.

Intelligence Agencies gather such information either with a Court Warrant or without the same. Further, they also gather such information by simply analysing the "Publically Available Information" by creating an account at the concerned Social Networking website. In short, Intelligence Agencies have been engaged in “Intelligence Gathering Activities” for long. This may be covert or overt, technological or non technological, legal or illegal and so on. But this gathering exercise was there and it is going to be there in future as well.

However, modern practice of Intelligence Gathering is crucially different from traditional practices. Traditional Intelligence Gathering was more on the side of Human Intelligence (HUMINT) whereas the contemporary one is based more upon Information and Communication Technology (ICT).

As far as Technological Intelligence Gathering is concerned, Social Media is a “Favourite Destination” for Intelligence and Security Agencies. Social Media is a favourite destination because it is a “Gold Mine” of valuable and voluntary information available for ready reference. Social Media also provides the best platform for Open Source Intelligence (OSINT).

Social Media also, in majority of cases, provides a “Legally Obtainable” and “Legally Relevant” Evidence. Since the “Information” or “Evidence” is available “Openly” and to “Public at Large” and in a “Non Confidential” manner, generally any such acquired Information or Evidence can be “Relied Upon” in a Court of Law. However, “Admissibility” of such Evidence is subject to the “Discretion” of the Court and well established “Legal Principles”.

Besides Intelligence Agencies, Military Forces are also using Social Media to gain Information relevant to their uses. Military and Intelligence Agencies have been using “Fake Profiles” to get such Information. The aim may be to get a “Predictive Behaviour or Trend” or to obtain any other Information that is of “Strategic Importance”.

Getting Information from Social Media requires good Communication and Data Mining Skills. However, while doing so, one must not violate any Civil Liberties or Laws Protecting such Information. Although many countries have Social Media Laws, we have no dedicated Social Media Laws in India. Even we do not have any Social Media Policy of India.

Social Networking Laws in India are urgently required. To start with, we must have a Social Networking Policy of India. Open Source Intelligence through Social Media Platforms would raise a number of Techno Legal Issues, especially Civil Liberty Issues. For instance, questions like what constitutes “Public Data”, how can a Person Legally obtains Data, what is the “Relevancy” of such Information/Data, how the “Admissibility” of such Information/Data would be decided, etc would be asked.

Similarly, Privacy Issues, Speech and Expression Issues, scope and nature of E-Surveillance, etc would also be required to be resolved in future. This is a new field for both Law makers and Law Enforcers and needs an “Urgent Attention” of Parliament of India.

View more info here - http://cybersecuritylegalissues.blogspot.com/2015/12/open-source-intelligence-osint-by.html