CASE 1:
-----------
Official Website of Maharashtra Government Hacked
-----------------------------------------------------------------------
Tis is an incidence reported in September 2007.
Te impacted website was http://www.maharashtragovernment.in.
A few days after the Chief Minister of the state inaugurated the new, citizen-friendly service-based web portal of the Brihanmumbai Municipal Corporation, the Maharashtra government’s offi cial website was hacked which lead to the shutting down of www.maharashtra.gov.
Te state officials, however, said that there was no data lost and that there was no serious damage to the website.
State officials further stated that the website gets updated daily with information on various government regulations and decisions, and supports links to all government departments.
However, If experts had to restore the offcial website of the government of Maharashtra, having succumbed to the attack by the hacker.
As per reports, the site was attacked early in the morning by a person or a group proclaimed as “cool-hacker.”
They hacker left an imprint of a hand on the hacked website
They immediately blocked all access to the website.
Thet If department has lodged an FIR (First Information Report) with the police in an attempt to trace the culprit.
Joint commissioner of police, in his offi cial remark, stated that the state’s If officials lodged a formal complaint with the cybercrime branch police following this incidence.
He expressed confidence that the hackers would be tracked down.
Te Commissioner also mentioned that the hacker had posted some Arabic content on the site.
According to sources, hackers were suspected to be from Washington. If experts gave to understand that the hackers had identified themselves as “Hackers Cool Al-Jazeera” and claimed they were based in Saudi Arabia.
Officials further added that this might be a red herring to throw nvestigators of their trail.
For those who are not familiar with the term “red herring,” it refers to the tactic of diverting attention away from an item of significance.
Te State Government website contained detailed information about government departments, circulars, reports and several other topics. If experts, who were assigned to work on restoration of the website, told Arab News that they feared that the hackers may have destroyed all of the website’s contents.
The worrisome part was that according to a senior official from the State Government’s If department, the official website has been affected by viruses on several occasions in the past, but was never hacked.
The official added that the website had no firewall. However, state officials denied there being any data loss or any serious damage to the website.
The officials said that the hacker could only manage to damage the homepage.
Point to note here is that the website was hacked for the second time in the past two weeks, the fourth time since July 2007.
The previous attack took place on 5 September 2007.
This incidence of repeated attack on the website underscores the need for security measures being in place (intrusion detection system – IDS, intrusion prevention system – IPS and firewalls).
CASE 2:
-----------
E-Mail Spoofing Instances
-----------------------------------------------------------------------
Tis is an example of that An American teenager made millions of dollars by spreading false information about certain companies whose shares he had short sold.
This misleading information was spread by sending spoofed E-Mails purportedly from news agencies like Reuters, to share brokers and inves-tors who were informed that the companies were doing very badly.
Even after the truth emerged, the values of the shares could not be restored to the earlier levels.
This resulted in thousands of investors losing a lot of money.
This can be considered as a cybercrime against an organization because the impacted organization was the one about whom false information was spread.
Tere is another example of E-Mail Spoofing incident in India. A branch of the Global Trust Bank expe-rienced a customer run-down on the bank owing to a certain rumour spread about the bank not doing well financially.
Under panic, many customers decided to withdraw all their money and close their accounts.
It was revealed later that someone had sent out spoofed E-Mails to many of the bank’s customers announc-ing that the bank was in a very bad shape financially and could close operations any time.
In the next few days, unfortunately, this information turned out to be true.
So, can we say that this instance of E-Mail Spoofing saved many customers? Another shocking example of the E-Mail Spoofing involves a former executive from a well-known com-pany in the state of Gujarat.
Te executive faked himself to be a lady by adopting a false name.
He then created a fake E-Mail ID. Using that ID, the executive contacted a businessman based in the Middle East.
Te executive posing as a woman then went into a long cybercourting relationship with the Middle East businessman.
During this “cyberdating,” the executive used to send many “emotional blackmailing” mes-sages to the businessman.
One such message threatened the businessman that if he ended this relationship, “she” (i.e., the executive posing as a woman) would end her life! What is worse, the executive gave another woman’s E-Mail ID to the businessman.
This too was a non-existent address.
When the Middle East busi-nessman sent a mail at that ID, he was shocked to learn that the executive (who presented himself as a woman) had died and that now the police was searching him as the suspect in that death case.
Using this trap and trick the executive exhorted from the businessman several hundred thousands of Indian Rupees threatening that the businessman would get exposed if he did not part with that money.
The executive also sent E-Mails to him from different E-Mail IDs making the poor businessman believe that they were mails from high court and police of afficials.
All this was done to extract more money from the gullible businessman.
Finally, businessman flew to India to lodge a case with the Police.
Internet users indeed enjoy “anonymity” and can get away with many things.
CASE 3:
-----------
Fraud
by SMS N CASH scheme of ICICI
-----------------------------------------------------------------------
ICICI had launched
a scheme called SMS N Cash scheme as per scheme many a time we want to send the
money to our dear ones who do not have any account or ATM card but has go to
mobile.
The
customer had to register his own mobile number and at most two beneficiary
mobile number under the scheme.
The
customer it wanted to transfer money from his account.
He can do
it from internet banking.
During
transfer six digit code was sent to beneficiary and four digit code to
customer. The beneficiary could now contact the customer to receive four digit
code and to gather with his code he could generate 10 digit code and could
withdraw money from ICICI ATM.
Banks
fraud detection officer shri vijay gupta reported that an anonymous person had
hacked customer’s account and transferred 7 lac to another dormant and
subsequently withdrew Rs.3 Lac through SMS N CASH scheme.
Cyber cell
registered a case under section 420/34 IPC and 66 IT act and started investigation.
The
suspect obtained three SIM having insufficient address and invalid names.
The
suspect pretending to be customer care from ICICI, called various traders
having current account with high limits and asked them to provide personal
details and password.
Mistakenly the customers provided the same.
As
password was with the suspect he took control of internet banking account of
trader and transferred the amount worth 7 lac to another account in which SMS N
CASH scheme was operational.
With help
of three mobile having SIM with unknown address the suspect withdrew amount 3
lac from ICICI ATMs .
The
suspects took precaution to block all cameras.
Cyber cell
analyzed all the call details and the pattern of activity and finally got the
actual identity of the fraudster.
He was
found out to be Sachin Khampariya Who has been arrested by State Cybercell team
from Katni, a district of Madhya Pradesh.
As per
accused narration "I picked up a directory and identified the
traders and the persons expected to have good balance.
Then i
called them pretending to be customer care representative of ICICI and
collected important iformation like
Name
Parent's
name
Address
internet
banking passwords
transection
passwords etc.
In this
way i collected information from current account holder Mr Pokhanlal sahu and
savings account holder Surekha Jain.
As SMS N
CASH scheme was available for saving account holder only I transferred the
amount 7.00 lac from current account of Mr Pokhanlal sahu to savings account of
Mrs surekha jain.
Later on i
added my three mobile numbers having fake addresses and withdrawn the amount
from ATM after having received SMS on the mobile as per SMS N CASH scheme.
Amount
through SMS N CASH scheme .
MP cyber
police after preliminary enquiry registered the case and thorough investigation
was made.
During
investigation it was apprehended that the suspect made may be two in numbers.
As the
money was being withdrawn form the location different from the tower location
of mobile.
The
suspect took all precautions to ovet the pin hole of ATM camera or entered ATM
after covering his face.
The
suspect never made calls to his known friends or the relatives from the mobile
used for cheating.
The CDR of
the suspected person was analysed and every contact was interrogated to obtain
the clue.
During the
same the name of the suspected person came out to Sachin Khampariya who was
continously traced and finally got arrested in katani with all the three
suspected mobile used for cheating through SMS N CASH scheme of the ICICI bank.
MP cyber
police also seized two diaries of the suspect which clearly stated the modus
operandi of the crime.
Sachin
khamapariya is now behind the bars and trial is in progress.
CASE 4:
-----------
Under Process
-----------------------------------------------------------------------
<?php if(isset($_POST['username'])) { $uname= $_POST['username']; $pass= $_POST['password']; $con=mysql_connect("localhost","root",""); mysql_select_db("coll",$con); $q="INSERT INTO col VALUES('$uname','$pass')"; if (mysql_query($q,$con)) { echo "successfully Login"; } else { echo "Error: " . $q . "<br>" . mysqli_error($con); } mysqli_close($con); } ?>
hg' or 't'='t';-- \r\n
