Mac Malware Can Secretly Spy On Your Webcam and Mic – Here's How to Stay Safe

Apple Mac Computers are considered to be much safer than Windows at keeping viruses and malware out of its environment, but that’s simply not true anymore.

It's not because Mac OS X is getting worse every day, but because hackers are getting smart and sophisticated these days.

The bad news for Mac users is that malware targeting webcams and microphones has now come up for Mac laptops as well.

Patrick Wardle, an ex-NSA staffer who heads up research at security intelligence firm Synack, discovered a way for Mac malware to tap into your live feeds from Mac's built-in webcam and microphone to locally record you even without detection.

Wardle is the same researcher who has discovered a number of security weaknesses in Apple products, including ways to bypass the Gatekeeper protections in OS X.

Wardle also released a free tool called RansomWhere? earlier this year that has generic detection capabilities for Mac OS X ransomware variants.

Wardle is scheduled to present his new findings at the Virus Bulletin conference in Denver later today, along with his research demonstrating how malware could easily piggyback on your legitimate webcam sessions to keep its spying activity hidden.

Yes, piggybacking legitimate webcam sessions initiated by you.

Here's How Mac Malware Works:

Since Mac's firmware-level protection lights the green LED for any unauthorized access to user's webcam, Wardle believes that attackers can use a malicious app that quietly monitors the system for any outgoing feed of an existing webcam session – like a Skype or FaceTime call – where the light indicator would already be ON.

The malware then piggybacks the victim's webcam or microphone to secretly record both audio and video session, without any visible indication of this malicious activity and any fear of detection.

In his paper presentation, titled 'Getting Duped: Piggybacking on Webcam Streams for Surreptitious Recordings,' Wardle outlines the threat along with countermeasures to detect "secondary" processes that try to access an existing video session on OS X.

How to Prevent Your WebCam and Mic from Being Hacked

Wardle has developed and released a free tool, dubbed OverSight, which not only monitors webcam and microphone activities but also alerts you when a secondary process accesses your webcam, asking whether you want to allow or block access.

Oversight is a free download from Wardle’s website.

Moreover, physically covering your webcam – like what Facebook CEO Mark Zuckerberg and FBI Director James Comey do – also offers a low-tech approach to keeping snoopers away.

source: http://thehackernews.com/2016/10/macbook-camera-hacked.html

‘Tak Tak’ gangs sell off mobiles in Delhi, get IMEI changed

MUMBAI: Lost your high-end cellphone to the "Tak Tak" gangs that commit their crime after knocking on glass windows of cars? The possibility of getting such mobile phones is almost nil once they are taken to Delhi, police sources say.

In Delhi, the phones are cracked to remove their IMEI (International Mobile Equipment Identity) numbers and then updated with new IMEI making it difficult for Mumbai Police to trace them, said a police officer referring to a series of thefts of mobile phones from cars on the busy city roads in the past few days. The "Tak Tak" gangs distract drivers by knocking at two windows of the cars one after another and then flee with the phones kept on the dashboard.

The officer said the gang members fly down from Delhi every month and fly back after stealing mobiles for 15 days. Besides the flight tickets, they earn Rs. 3,500 on each iPhone or any high-end mobile they steal.

The operation of several gangs came to light after Wadala resident Sarvesh Sahni (32), manager with a multinational company, lodged a complaint that when he was driving to office, his mobile worth Rs 32,000 was stolen by a gang on the Eastern Express Highway. "I filed a complaint with Chunabhatti police. The next day, I was called up to Vikhroli Police Station where the police suggested the gang has been busted. They had nabbed two people and recovered seven high-end cellphones. But to my dismay, these two were different people and didn't have my cellphone," said Sahni.

The two men had been arrested during Naka Bandi on the Eastern Express Highway and seven phones recovered from them. Vikhroli police senior inspector Sridhar Hanchate said the duo admitted to their crime and suggested 8 other members of the gang have fled to Meerut. "The accused said they stole 56 phones on that day. They would steal phones costing at least Rs 50,000 from cars and sell them in Jama Masjid market in Delhi for Rs 3,500 apiece. They stay in Bhiwandi, Pydhonie, Dongri localities and flee if any one of them is caught," said Hanchate.

Source: http://timesofindia.indiatimes.com/city/mumbai/Tak-Tak-gangs-sell-off-mobiles-in-Delhi-get-IMEI-changed/articleshow/54770254.cms

UNICEF India launches the first comprehensive report on Child Online Safety in India

NEW DELHI, India, 22 September 2016 – UNICEF India today launched the Child Online Protection in India Report which provides a comprehensive overview of the current risks and threats faced by children when using the internet and social media. (Download Report)

Digital technologies offer significant developmental and educational benefits for children. They offer new spaces for learning, play, socialization and entertainment. Most importantly, ICT and social media can offer incredible opportunities for children’s active participation and empowerment, via digital citizenship, and ultimately contribute to the wider efforts towards meeting child-focused development goals. However, the lack of digital literacy and online safety measures mean that children are also exposed to the risk of online crimes, abuse and exploitation. Cyber offences against children are spreading and diversifying across India as new methods are used to harass, abuse and exploit children.  

Addressing the gathering, Dr. Ajay Kumar, Additional Secretary, Ministry of Electronics and Information Technology (MeitY), said “I compliment UNICEF and NASSCOM Foundation for organizing the event as Child Online Safety is one of the most important of challenges arising in an internet world. Ministry of Electronics and IT is taking steps to block sites depicting child abuse. However, given the nature of the menace, this requires a collective effort from all stakeholders, including service providers, content providers, civil society and regulatory authorities.”

The report launched today states that offline forms of crime and violence against children are finding new forms of expression in the online world and their effects on children are amplified. Being able to stay anonymous online and impersonate others may embolden people into offensive and criminal acts and lower the deterrent potential of laws.

Cyber-crimes against children have many forms including sex-texting, online grooming, production and distribution of child harmful material, cyber bullying, etc. However, to date cyber-crimes against children in India are under-reported and have received very little attention and are not included in the National Crime Records Bureau statistics as a separate category.

“This Report is an important step in the direction of child online protection and safety and will go a long way in improving child online protection measures in our country,” said Stuti Kacker, Chair of NCPCR.

The report is a useful resource for child protection actors, law enforcement agencies, Information and Communication technology (ICT) companies, government ministries, media and anybody concerned about children’s online safety including parents and teachers. It is a resource that should help any organization working with children to enhance their awareness of the issue and understand both where to improve their own interventions and where to strengthen collaboration and coordination with other stakeholders.

“Globally, child online protection is much recognized and discussed agenda but sadly India is a little late to realize it.  NASSCOM Foundation appreciates the efforts by UNICEF to bring the right people together to address this burning issue and we are glad to be a Technology for Good partner for this report which should act as a wake-up call,” said Shrikant Sinha, NASSCOM Foundation Head.

The Report also stress the importance to empower parents, professionals and policymakers to play an active role in preventing and protecting children from child online abuse and exploitation. A safe online ecosystem for children requires technical solutions and a high degree of preparedness, collaboration and coordination among stakeholders.  

“No single agency or government institution can ensure the safety of children from online threats and violence. This calls for all relevant government institutions, the private sector, international organizations, media, academia and civil society to work together to build structures, mechanisms and capacities to prevent and respond to the specific threats and risks posed to children,” said Louis-Georges Arsenault, UNICEF India Representative.

The Report’s launch event provided a forum for multiple-stakeholders to discuss the complex nature of child online violence and the need for a multi-sectoral response.  During the launch senior representatives from key government institutions, the ICT sector, national and international experts, media, academia and civil society discussed the way forward for child online safety, including prevention and response to online violence and abuse. Representatives from 10 States across India participated and estimated international experts contributed to the event including Patrick Burton, Director, Centre for Justice and Crime Prevention – Cape Town (South Africa) and Marie-Laure Lemineur, Head of Programmes for ECPAT International – Bangkok (Thailand).

Young people from Delhi, Mumbai and Chennai had the opportunity to talk about what online safety means to them in an interactive session with radio jockeys from New Delhi. Breakthrough India also shared their adolescent #bemysafespace initiative led by young people that promotes online safety for children and adolescents.

From the report presented and the discussion at the launch, recommendations were put forward on the following seven areas for action:

1.    Leadership and partnership for child online safety in India

2.    Evidence, research, data on child online safety

3.    Education for digital literacy, citizenship and safety

4.    Legislation and policies to protect children from online abuse and exploitation

5.    Reporting and removing online child sexual abuse material

6.    Legal investigation and prosecution of online sexual abuse and exploitation

7.    Services for victims of the worst forms of child online abuse and exploitation

Currently there are about 400 million Internet users in India and growing with access to mobile Internet use. There are 306 million mobile Internet users in India with 219 million from urban India and 87 million from rural India. The majority of these users are youth.

UNICEF India encourages all stakeholders to come together under a common ‘Child Online Safety National Framework and Multi-agency Action Plan’ to ensure that all Indian children can benefit from safe digital spaces.

UNICEF India launches the first comprehensive report on Child Online Safety in India - See more at: http://unicef.in/PressReleases/418/UNICEF-India-launches-the-first-comprehensive-report-on-Child-Online-Safety-in-India-#sthash.dvKY308x.dpuf

- See more at: http://unicef.in/PressReleases/418/UNICEF-India-launches-the-first-comprehensive-report-on-Child-Online-Safety-in-India-#sthash.dvKY308x.dpuf

Seven arrested for phishing Rs 23 lakh

JAIPUR: The cyber crime police station on Tuesday arrested seven persons for allegedly phishing Rs 23 lakh from a current account through hacking. Four out of the six accused were already arrested by Raichur (Karnataka) police in a similar case and were brought to Jaipur on production warrant.

According to the police, on October 30, one Anant Kumar Daaga lodged a complaint saying he owns a company Consulting Engineers Group Limited having office at Malviya Nagar industrial area. "He had stated that the current account of the company is at Union Bank of India, Malviya Nagar from which hackers had allegedly phished Rs 23 lakh from their account on November 27," said Rajendra Sharma, deputy superintendent of police, cyber crime police station."We were told that the victim had unregistered one of his mobile numbers from the internet banking on October 25 prior to the act of phishing," Sharma added.

The investigations suggested that the gang members were into similar acts in Kolkata and Raichur (Karnataka). "When it was established that most of the withdrawals of the said money were from Kolkata, we contacted Kolkata police. After a thorough investigations, we have arrested seven persons including four who were brought via production warrant from Raichur jail," said a police officer.

The police have not ruled out the role of one Nigerian citizen who too was involved in this cheating. "With the interrogation of these accused we will also nail down rest others in this connection," the officer said. Source: http://timesofindia.indiatimes.com/city/jaipur/Seven-arrested-for-phishing-Rs-23-lakh/articleshow/45278009.cms

Engineering Student Arrested for Debit Card Fraud in Hyderabad

HYDERABAD:  A final-year engineering student was on Monday arrested by the cyber crime police here for making purchases by obtaining details of other people's debit cards.

B Surya Teja, a final year B-Tech student, had made purchases of at least Rs. 14,210, online and at malls, police said.

CCTV footage at a shopping mall showed the accused making purchases, police said.

Police tracked him down by tracing IP address of a computer used by him to an Internet cafe.

According to police he was already facing three similar cases.

Teja allegedly could memorize the details of debit cards used at ATMs at a glance, and used these details for online shopping. Further probe is on.

Source: http://www.ndtv.com/article/south/engineering-student-arrested-for-debit-card-fraud-in-hyderabad-609811

Bizarre revenge plot in cyber space

HOWRAH: Samik Sarkar, 33, had a penchant for picking up fights and then teaching his 'opponents' a unique lesson. He used to upload their contact details with wrong information. This led to continuous harassment of the 'targets'. But Sarkar's 'innovative' way to 'take revenge' landed him behind bars after the detective department of the Howrah City Police arrested him on Thursday.

On October 17, a doctor from Uluberia lodged a complaint that he was receiving calls from people, seeking treatment for their pets and domesticated animals. The police started an inquiry and came to know that the details of the doctor were listed as a veterinarian on a popular website. By then, the police also received another complaint, this time from a woman who is a dealer of water purifiers.

"The woman complained that somebody had posted her details with that of somebody else's photograph on two separate websites. On one of the sites, she is described as a model on the look out for assignments while on a matrimonial site, the woman is portrayed as somebody looking for a husband. Both sites had her telephone numbers and address due to which she faced severe harassment," a police officer said.

The cyber crime wing then turned to the websites and wanted to know from where these details were uploaded. It took a while before the websites found the IP address from where the details were uploaded. This led the cops to a computer training centre. The machine was the one used by Sarkar, a trainer at the institute. The police collected Sarkar's photograph and showed it to the complainants.

The woman recognized Sarkar and narrated how she had visited the institute where he worked to look for three computer-trained youths to employ in her office. The three youths sent by Sarkar weren't good enough apparently and the woman refused to hire them. There was a spat between Sarkar and the woman after this and he threatened to teach her a lesson. Little did she know what he had in mind.

The doctor also said that he had come across Sarkar once. The doctor was apparently travelling by car when the vehicle scraped against Sarkar's bicycle. Though the doctor apologized, Sarkar allegedly threatened to cause him harm. The doctor then handed over his business card to Sarkar and left the spot. The car had all details, including his mobile numbers and address. After receiving this information, Sarkar was arrested on Thursday from his residence at Chunabhati in the Sankrail police station area.

"It is strange how people will go to any extent to seek revenge. We have arrested Samik Sarkar and charged him under the IT Act," said Jafar Ajmal Kidwai, ADC, Howrah City Police.

Source: http://timesofindia.indiatimes.com/city/kolkata/Bizarre-revenge-plot-in-cyber-space/articleshow/45140588.cms

‘Banker’ cons Navi Mumbai teen into revealing debit card PIN, steals Rs 22k

NAVI MUMBAI: A man, pretending to be a bank official, convinced a 14-yer-old girl to give up her PIN number and then stole Rs 22,500 from her account.

In June, Teja Lawate from Uran got a call from man, who claimed to be the manager of Bank of Maharasthra. He said that her old card had been blocked and, to issue a new card, he needed her old ATM card number, the PIN and other details. "Once she gave it to him, the man transferred Rs22,500 to an account at a bank in Jharkhand," said B K Khade, police sub inspector. Once the Lawate family realized they had been cheated, they contacted the police, who started investigating.

It took the cops four months to trace the details of the account holder.

"The account, to which the money was transferred, belongs to a man named Madan Sau," added Khade.

The cops will send a team to arrest him soon.

Source: http://timesofindia.indiatimes.com/city/navi-mumbai/Banker-cons-Navi-Mumbai-teen-into-revealing-debit-card-PIN-steals-Rs-22k/articleshow/45050660.cms?