All posts by Payal Dhar

Delhi Rolls Out a Massive Network of Surveillance Cameras

Post Syndicated from Payal Dhar original https://spectrum.ieee.org/tech-talk/consumer-electronics/audiovideo/delhi-rolls-out-a-massive-network-of-closedcircuit-tvs-to-fight-crime

The state government says closed-circuit TVs will help fight crime, but digital liberties activists are concerned about the project’s lack of transparency

In India, the government of Delhi is rolling out an ambitious video surveillance program as a crime-prevention measure. Technicians will install more than a quarter million closed-circuit TV (CCTV) cameras near residential and commercial properties across the city, and in schools. A central monitoring system is expected to take care of behind-the-scenes logistics, though authorities have not shared details on how the feeds will be monitored.

After delays due to political and legal wrangles, the installations began on 7 and 8 July. The first cameras to go up in a residential area were installed in Laxmi Bai Nagar, at a housing society for government employees, and at the upmarket Pandara Road in New Delhi. When the roll out is complete, there will be an average of 4,000 cameras in each of Delhi’s 70 assembly constituencies, for a total of around 280,000 cameras.

In early 2020, the National Capital Territory of Delhi (usually just called ‘Delhi’), which includes New Delhi, the capital of India, will vote to elect a new state assembly. Lowering the crime rates is a key election issue for the incumbent Aam Aadmi Party (literally, Common Man’s [sic] Party). The party has promised that the CCTV cameras will deter premeditated crime and foster a semblance of order among the general public.

Cyberespionage Collective Platinum Targets South Asian Governments

Post Syndicated from Payal Dhar original https://spectrum.ieee.org/tech-talk/telecom/security/cyberespionage-collective-platinum-returns-with-a-steganographybased-attack

Kaspersky says the group used an HTML-based exploit that’s almost impossible to detect

Following a trail of suspicious digital crumbs left in cloud-based systems across South Asia, Kaspersky Lab’s security researchers have uncovered a steganography-based attack carried out by a cyberespionage group called Platinum. The attack targeted government, military, and diplomatic entities in the region.

Platinum was active years ago, but was since believed to have been disarmed. Kaspersky’s cyber-sleuths, however, now suspect that Platinum might have been operating covertly since 2012, through an “elaborate and thoroughly crafted” campaign that allowed it to go undetected for a long time.

The group’s latest campaign harnessed a classic hacking tool known as steganography. “Steganography is the art of concealing a file of any format or communication in another file in order to deceive unwanted people from discovering the existence of [the hidden] initial file or message,” says Somdip Dey, a U.K.-based computer scientist with a special interest in steganography at the University of Essex and the Samsung R&D Institute.

Digital Doppelgängers Fool Advanced Anti-Fraud Tech

Post Syndicated from Payal Dhar original https://spectrum.ieee.org/tech-talk/telecom/security/digital-doppelgngers-fool-advanced-antifraud-tech

With traces of a user’s browsing history and online behavior, hackers can build a fake virtual “twin” and use it to log in to a victim’s accounts

As new security technologies shield us from cybercrime, a slew of adversarial technologies match them, step for step. The latest such advance is the rise of digital doppelgängers—virtual entities that mimic real user behaviors authentic enough to fool advanced anti-fraud algorithms.

In February, Kaspersky Lab’s fraud-detection teams busted a darknet marketplace called Genesis that was selling digital identities starting from US $5 and going up to US $200. The price depended on the value of the purchased profile—for example, a digital mask that included a full user profile with bank login information would cost more than just a browser fingerprint.

The masks purchased at Genesis could be used through a browser and proxy connection to mimic a real user’s activity. Coupled with stolen (legitimate) user accounts, the attacker was then free to make new, trusted transactions in their name—including with credit cards.