16 May, 2010


NEW DELHI (AFP) - Indian police have detained a Ukranian man charged in the US over a hacking case involving the theft of 40 million credit and debit card numbers, police said Wednesday.

Sergey V. Storchak was detained after he landed in New Delhi on a domestic flight from the southwestern holiday state of Goa on Monday, a police spokesman said.

He is one of 11 people wanted by the US Justice Department in "the largest hacking and identity theft case ever prosecuted," according to a statement on the department's website dated August 2008.

Besides Storchak, three Americans, two Ukrainians, two Chinese, one Estonian, a Belarussian and an unidentified suspect were on the wanted list, the justice department said.

The group is accused of obtaining credit and debit card numbers by hacking into the computer networks of major US retailers -- including book seller Barnes and Noble, OfficeMax, shoe retailer DSW and Sports Authority

Once inside the network, "sniffer programmes" captured credit card numbers, passwords and account information. The data was stored in encrypted servers controlled from eastern Europe and the United States.

Some stolen numbers were sold to other criminals, while others were encoded on blank cards and used to withdraw tens of thousands of dollars from bank machines, the statement says.

The Mail Today reported Storchak was arrested after a tip-off by the US Federal Bureau of Investigation (FBI).

"His photo was handed over to the CISF (Central Indian Security Force) personnel so that they could identify him," said an unnamed Delhi police official quoted by the report.

"His presence was also confirmed by the airline official as his name was there on the passenger list."

The FBI will have to formally apply for Storchak's extradition to take him to the United States, the report said.

05 March, 2010

Nandan Nilekani to test the waters for unique IDs

NEW DELHI: Unique Identification Authority of India (UIDAI), the ambitious project that aims to give every citizen an identification card, is about to launch a series of tests to demonstrate its feasibility as a precursor to the actual rollout later this year.

The project, which received an outlay of Rs 1,900 crore in the budget, will kick off the so-called proof of concept projects in Bihar, Andhra Pradesh and Karnataka this month. The tests will parse different aspects of technology including biometric systems, security, data centre linkages and servers and address key issues such as duplication and fraud.

At least 60,000 people in these states will be covered by the tests before they lead to a prototype sometime in July.

UIDAI, headed by tech czar Nandan Nilekani, had a budget of Rs 120 crore for this fiscal. But keeping in mind the greater costs involved in the rollout, the finance minister has spiked its budget by over 15 times for the next fiscal. The money will be used to set up registrars, enrollment costs, servers, data centres, a central data repository in Delhi, a data backup in Bangalore, regional offices and for other related activities.

UIDAI aims to provide a unique 16-digit number ID card to at least 600 million residents over the next five years starting from August.

The agency, whose regional offices in Bangalore and Hyderabad are already functional, will set up six more in Delhi, Mumbai, Chandigarh, Lucknow, Gauwhati and Ranchi.

These developments come in the midst of the agency’s expansionary moves. UIDAI will add 11 experts from the industry for functions spanning HR, knowledge management, process and operations this week.

The experts will be part of the core project management team comprising chief architect Pramod Varma, technology head Srikant Nadhmuni and Shankar Maruwada who leads UIDAI’s demand generation and marketing activities. With the new hires, UIDAI’s total workforce will increase to 30, or 10% of the planned 300 employees it will eventually have.

23 February, 2010

State Bank of India Credit Card Complaints - FRAUD


This article is about the one which I read when I surfing through the details of fraud and the information breach that is happening at Banks and the kind of information misuse happening in places where we place our trust. I do present the entire bitter experience a lady has undergone.

I am working in one of the Tata companies and that's how I received my Tata SBI credit card a few years ago. Today I writing in because I am an employee at 'a' particular company but only to tell you my story in brief and my experience with the SBI credit card.

The trust and faith I put in the name - TATA and State Bank of India is immense. There couldn't have been a more perfect combination to establish trust and credibility. However, this morning Feb 22, 2010 was an absolute shock and horrifying episode for me. I got a call from 0124 3992391 saying the below-

"Hi Ma'am, we are calling from the Income Tax Department - verification unit and we would like to verify your contact details". I was caught in the middle of something at my workplace and I politely asked what was this regarding to which the guy at the other end said " we are calling from the Income Tax Department, your address details are getting 'kharab' which means spoilt and hence we need to update it. I wasn't quite sure about what was happening but on insisting thought the financial year is coming to an end and maybe Income Tax Department - Government of India needs these details. I updated my address with this guy on the phone and gave the guy my current address, when he asked for a phone number, an alternate number I was going to give my mother's but then decided to give my office number.

For some strange reason I felt that there was something amiss as I am an individual who has been dealing and handling my IT stuff through my office (which of course is reputed and managed with expertise). I decided to ask the guy some details saying where are you calling from in Income Tax etc etc. to which he started floundering and hung up. I called the guy back as I had his number on my mobile. When I asked which office is this and the guy who received the phone asked - Is this Ms XXX

Moreover, this particular number was called back on by a colleague of mine and when the person received the call on asking why he said he was from the Icome Tax Department, he said " madam humne jooth bola, main apko bata rahan huin, ye hamara kaam hain". Now, you can get all the call logs between me and this number. There were a total of 2 calls I made this morning and they called me 3 times.

I knew immediately that this was a case of fraud. These guys were calling on behalf of SBI and saying they are calling from Income Tax Department. This is the highest amount of breach of personal details/private information.

Last month when I wanted to write a cheque for almost 20,000 to pay SBI, instead of writing January (01), I wrote February (02). I didn't know this till I started getting calls from SBI. When I explained that I had put in the cheque and gave them details, they were relieved at every call but never stopped calling me. I decided to call the SBI call centre myself and questioned why they are calling me to which they said - No payment is received BUT at the same time acknowledged that they have a cheque dated Feb. for Rs 19,586. Now they know that as - as of today the payment has gone through and SBI received the payment. I got a mobile SMS confirming that.

Even if I ignore the number of calls I got harassing me for the payment, my biggest problem is the call which was made today. Government of India call - Income Tax Department calling me for some verification!!!!!! This is unacceptable and should be dealt with absolute severity!!!!!!! It's a 'FRAUD' of the first order and there is no denying that. It has completely shattered the faith I had in this collaboration.

I have called up the call centre and spoken to some Prashant and Kaustabh Banerjee (Manager) who confirmed that the call was made from one of the floors in Gurgaon and he is looking into it and that it will be taken seriously..basically all the things you say to your customer when they are annoyed at the other end. While I was in chat with the SBI call centre, another call came from 0124 3992391 (I picked it up as Prashant the SBI associate asked me to) and the person who spoke at the other end sounded like a Haryanvi criminal. I am using these words not out of bias but any associate who loses his/her tone of politeness is not fit to be doing that job (especially when I was just struggling to find out who they were). Just to let you know this particular call was just made to ask me " Kya aap hamain batayangi kya hua" when I asked which company are you calling from he said " aapko batana hain ki nahi". I said you should ask your employee to which he said "humne Abhiskek is baath kari, he said he called from Income Tax Department'. I asked him to hang up and he just banged the phone.

I feel at loss. I have given my private information to a company that has no control over its processes. I feel it was a total Quality Control breach too.

Phishing on the Indian Tax department

Security experts in Symantec has cautioned tax payers of a large scale pishing attack just when tax payers are set to file their annual returns.

Here are inputs from Ratnamala Dam Manna, Director, Security Technology and Response, Symantec:

Situation backgrounder

As per the last count, India has a tax-paying population of 31.5 million and with citizens getting increasingly prosperous and entering the tax bracket, the number is bound to increase. Furthermore the entire process has become less cumbersome for the average tax-payer since it has gone online. Add to that, the fact that India today has a burgeoning broadband penetration and a steadily increasing tech savvy population.
The popularity of online filing has increased again this year, with online filing of returns hitting a new high. No wonder then, they have entered the radar of cybercriminals.

Scammers offer you Tax Refunds

Fraudsters never seem to rest. They now have turned their attention towards phishing on the Indian Income Tax Department. It is the season of tax returns in India and it is known that people will file their income tax returns during this time of fiscal year in India. Hence, phishers have chosen the right time to phish the market as most of the users are not aware of these attacks.

Attackers send emails with subject line as “ Tax Return!“ with the below content:

“Dear applicant, After the last annual calculation of your fiscal activity we have determined that you are eligible a tax refund of XXX Rupees. To access the form for your tax refund please click here.”

There is a link as “Tax Refund Online Form” in this email that leads to a phishing site which is a spoof of the Indian Tax Department site “incometaxindia.gov.in”. The webpage ask customers to submit their sensitive information like personal information, bank and credit card details.

After submitting the information the page redirects to the legit site of Indian Tax Department. The domain name of the fraud site is hosted on US based servers.

Internet users are advised to follow best practices to avoid phishing attacks. Here are some basic tips for avoiding online scams:

* Please be careful regarding such kind of emails and URLs.
* Do not visit any links in the emails.
* Do not enter any of your details this kind of sites.
* Please use the legit site of http://www.incometaxindia.gov.in/ for any help regarding the income tax refund.

Facebook, PayPal pair up

Facebook members will soon be able to use PayPal to make purchases, the two companies said last week, reports SFGate.

Facebook and PayPal, a unit of eBay, said they have agreed to a strategic relationship that will allow Facebook advertisers to offer the PayPal online payment system as an option.

Facebook will also offer PayPal for members to purchase virtual goods through its own Facebook Credits, which the Palo Alto social media giant has been testing for some games and applications.

Suppliers defend chip, PIN

Banking industry suppliers have lined up to defend chip and PIN, following the release of research last week from Cambridge University demonstrating how cyber crooks might be able to bypass security controls on credit and debit card transactions in shops, says The Register.

A four-man team from Cambridge University demonstrated how it might be possible to make 'verified by PIN' transactions using stolen (but uncancelled) cards without knowing the correct PIN number. The man-in-the-middle works by tricking a card into thinking a chip-and-signature transaction is taking place while the terminal gets a signal that a correct PIN has been entered.

But suppliers such as Thales and The Logic Group point out that chip and PIN has been a success in driving down the levels of fraud in retail transactions, while acknowledging that plastic card fraud has been displaced to the Internet and overseas ATM machines, rather than reduced, since the introduction of chip and PIN.

Mobile banking to double

The number of people subscribing to mobile banking services is set to annually double over the next five years, according to new reports, states BCS.

By 2015, the number of people around the world who will carry out financial transactions via their mobile devices will be approximately 407 million, a study by ABI Research found.

While growth in the sector has so far been slow in Europe and North America, Asia-Pacific markets have already increased hugely in number, led by India. There are currently already 52.2 million people who subscribe to mobile banking services within the Asian continent.