5 Types of Cyber Crime in Nepal You should know About

The internet is a medium which enables the spread of information and communication between people at a world-wide level. The internet is a ‘free’ medium, with no international laws and regulations upon it, therefore, it is extremely difficult to both monitor and prohibit transactions that occur within it. A Cyber Crime is an act of creating, distributing, altering, stealing, misusing and destroying information through the computer manipulation of cyberspace; without the use of physical force and against the will or interest of the victim.

5 Main Cyber Crime in Nepal

Social Media Related Cyber Crime

Social Media related cyber crime in Nepal includes using Porn Content in social Media or creating fake profiles to intentionally harm someone with the use of Facebook, Twitter, Instagram or any social Media Platform.

In the year 2070, a total of 19 cases of Social Media Cybercrimes were reported. With the trending use of Social Media, the number of cases has increased to 35 in 2072. It has been seen that the number of female victims is more. Using Naked Pictures in social Media to take revenge has been the most cases according to Crime Investigation Bureau (CIB) Nepal.

A Government staff name Raju Shah was under police custody when a comment against the contemporaneous home minister Bam Dev Gautam was tracked on Facebook. Raju Shah was found guilty when he demanded death sentence against Minister Bam Dev Gautam who was caught in a photo breaking a traffic rule.

Piracy Related crime

Any Content which has been copied to make a duplicate copy is considered as Piracy. Using unauthorized trademarks and copying source code without having the License to use it is considered Piracy Crime.

Example, the font used in Company logos can also be related to piracy crime, if the font is not listed free for business purposes. Even though this related crime is not a possibility in today’s context of Nepal, but we can see a various example of Font piracy. Read a story of Font Piracy.

Also, Source Code piracy case have been heard in Nepal lately. Since the case has not been solved, the whole story is an unsolved mystery. It has been allegedly reported that a software company filed a case against a Media House for copying their source code.

Fake Profile Marketing

Creating or using a fake profile, fake website or email to create a bad image or inappropriate marketing is also considered as cybercrime. We can see various examples of fake profiles, fake websites, and spam emails. Spreading unwanted and inappropriate message using fake profile is considered a Fake Profile Marketing. This rule also implies to businesses where a fake product is sold. Marketing of fake duplicate product using the name of a different brand also comes under the Fake Marketing Cyber Crime.

Threatening Using Email

Email threat is not much common cybercrime in Nepal. If an email contains a threat or warning in mentality to harm or disturb any individual or any organisation, this is considered as a cyber crime.

Website Hacking

Website Hacking means taking control from the website owner to a person who hacks the website. Nowadays most of the government websites are attacked by hackers. Many governmental websites including the president’s website were hacked. Any complaint on website hacking can be a serious offence in terms of the cyber law in Nepal.

Recently, a group of Nepalese hacker named Anonymous opnep breached into the server of Nepal Telecom. Hackers gained access to all the details of NTC users that include username, citizenship name, father’s name as well as other private information. Metropolitan Crime Division recently tracked the hackers down and arrested 18-year-old Bikash Paudel for hacking over 200 websites including the NTC website.

Unauthorized Access

Unauthorised access is one of the common issues in cybercrime world. Getting access to a website, programme, server, service, or other system using someone else’s account or other methods is called Unauthorized Access.

Examples of the unauthorised use of computers include an employee using a company computer to send a personal e-mail or someone gaining access to a bank computer and  performing an unauthorised transfer.

Online Business of Restricted Materials

The business involving the buying and selling of illegal or restricted materials can be a case of cyber crime. One interesting case had come up when a Nepali citizen named Kirtan Pokhrel was arrested for creating an event related to sexual tourism. The Event was named Bunga Bunga which promised to have girls of ages 13 to 17.

Continue Reading →

Forensic Firm that Unlocked Terrorist's iPhone 5C is Close to Crack iPhone 6

The FBI didn't disclose the identity of the third-party company that helped them access the San Bernardino iPhone, but it has been widely believed that the Israeli mobile forensic firm Cellebrite was hired by the FBI to put an end to the Apple vs. FBI case.

For those unfamiliar in the Apple vs. FBI case: Apple was engaged in a legal battle with the Department of Justice over a court order that was forcing the company to write software, which could disable passcode protection on terrorist's iPhone, helping them access data on it.

However, Apple refused to comply with the court order, so the FBI hired an unknown third-party firm, most likely Cellebrite, who managed to successfully hack the locked iPhone 5C used by the terrorist in the San Bernardino shooting incident last year.

he new method helped the Federal Bureau of Investigation (FBI) to hack iPhone 5C, but that wasn't the FBI's victory as the method didn't work on iPhone 5S and later iPhone models.

Cellebrite is on its Way to Hack the Locked iPhone 6

Now, Cellebrite is reportedly "optimistic" about Hacking the more Secure iPhone 6.

CNN reports that an Italian architect, named Leonardo Fabbretti, met with Cellebrite last week whether the company could help him gain access to a locked iPhone 6 that belonged to his dead son.

Fabbretti's son, Dama Fabbretti, was passed away from bone cancer last September at the age of 13. However, before his death, the son added his father's thumbprint to allow him to access the phone.

Fabbretti was trying to access the messages, notes, and photos of his dead son on the iPhone 6, but unfortunately, the phone had a restart. It now required the passcode for unlocking, and his father doesn't know the code.

Fabbretti initially contacted Apple on March 21, and the company reportedly tried to help the grieving father, but they found that the iPhone was not backed up to the cloud. Expressing sympathy, the company told him that there was nothing they could do.

Hacking iPhone 6 for Free

After watching Fabbretti's story in the news, Cellebrite offered to help the man by hacking the iPhone 6 for free. Fabbretti met with the company employees last week at its office in northern Italy and said:

"The meeting went well. They were able to download the directories with the iPhone's content, but there is still work to be done in order to access the files."

According to the company, there are chances of accessing the files on locked iPhone 6 that contain photos and conversations of the son with the dad, along with a handful of videos taken just 3 days before his son died.

Both Cellebrite, as well as Apple, have yet to comment on the case.

If the Cellebrite gets the success in creating a new method to unlock iPhone 6, undoubtedly the company will sell its tool to the FBI agents to solve their several pending cases, in the same way, it helped the agency accessing the terrorist's locked iPhone 5C.

Continue Reading →

Hackers can spy on your calls and track location, using just your phone number

 IN BRIEF

The famous ‘60 Minutes’ television show shocked some viewers Sunday evening when ateam of German hackers demonstrated how they spied on an iPhone used by U.S. Congressman, then recorded his phone calls and tracked his movement through LosAngeles.

Hackers leverage a security flaw in SS7 (Signalling System Seven) protocol that allowshackers to track phone locations, listen in on calls and text messages.

The global telecom network SS7 is still vulnerable to several security flaws that could let hackers andspy agencies listen to personal phone calls and intercept SMSes on a potentially massive scale, despite the most advanced encryption used by cellular networks.

All one need is the target's phone number to track him/her anywhere on the planet and eveneavesdrop on the conversations.

SS7 or Signalling System Number 7 is a telephony signaling protocol used by more than 800telecommunication operators around the world to exchange information with one another, cross-carrier billing, enabling roaming, and other features.

Hackers Spied on US Congressman's Smartphone

With US Congressman Ted Lieu's permission for a piece broadcast Sunday night by 60 Minutes, Karsten Nohl of German Security Research Labs was able to intercept his iPhone, record phone call made from his phone to a reporter, and track his precise location in real-time.

During the phone call about the cell phone network hacking, Lieu said: "First, it's really creepy, and second, it makes me angry."

"Last year, the President of the United States called me on my phone, and we discussed some issues," he added. "So if hackers were listening in, they'd know that phone conversation, and that is immensely troubling."

What's more awful is that the designing flaws in SS7 have been in circulation since 2014, when the same German researchers' team alerted the world to it. Some flaws were patched, but few apparently remain or intentionally left, as some observers argue, for governments to snoop on its targets.

The major problem with SS7 is that if any one of the telecom operators is hacked or employs a rogue admin, a large scale of information, including voice calls, text messages, billing information, relaying metadata and subscriber data, is wide open to interception.

The weakness affects all phones, whether it's iOS, Android, or whatever, and is a major security issue. Although the network operators are unwilling or unable to patch the hole, there is little the smartphone users can do.

How Can You Avoid this Hack?

The best mitigation is to use communication apps – that offers "end-to-end encryption" to encrypt your data before it leaves your smartphone – over your phone's standard calling feature.

Lieu, who sits on House subcommittees for information technology and national security, also argues for Strong Encryption that, according to the Federal Bureau of Investigation (FBI), make itharder to solve crimes.

Lieu strongly criticized the United States agencies, if any, that may have ignored such serious vulnerabilities that affect Billions of cellular customers.

"The people who knew about this flaw [or flaws] should be fired," Lieu said on the show. "You can't have 300-some Million Americans—and really, right, the global citizenry — be at risk of having their phone conversations intercepted with a known flaw, simply because some intelligence agencies might get some data."

Few of such apps that are popular and offers end-to-end encryption are Signal, WhatsApp, and Apple's iMessage service that keep users communications safe from prying eyes and ears.

Continue Reading →

The Best Way to Send and Receive End-to-End Encrypted Emails

How many of you know the fact that your daily e-mails are passaged through a deep espionage filter?

This was unknown until the whistleblower Edward Snowden broke all the surveillance secrets, which made privacy and security important for all Internet users than ever before.

I often get asked "How to send encrypted email?", "How can I protect my emails from prying eyes?" and "Which is the best encrypted email service?".

Although, there are a number of encryption tools that offers encrypted email service to ensure that no one can see what you are sending to someone else.

One such tool to send encrypted emails is PGP (Pretty Good Privacy), an encryption tool designed to protect users’ emails from snooping.

However, setting up a PGP Environment for non-tech users is quite a difficult task, so more than 97% of the Internet users, including government officials, are still communicating via unencrypted email services i.e. Gmail, Yahoo, and other.

But here is good news for all those non-techies, but privacy-conscious Internet users, who wish to use encrypted e-mail communication without any hassle.

Solution — ProtonMail.

ProtonMail, developed by CERN and MIT scientists, is a free, open source and end-to-end encrypted email service that offers the simplest and best way to maintain secure communications to keep user's personal data secure.

ProtonMail Now Available for iOS and Android Users

ProtonMail has been invite-only since 2014, but now the email service has made itself available to everyone and launched new mobile apps.

If you opt for a free account, you'll get all of the basic features including:

• A smart-looking app to access your end-to-end encrypted emails easily
• 500MB of storage capacity
• Sending 150 Messages per day
• Two-factor authentication to access your encrypted email inbox

To increase storage capacity, you can purchase ProtonMail's paid accounts.

NOTE – Always remember your password to decrypt the email inbox. Once forgot, you would no longer retrieve your encrypted emails.

Key Features:

Even if someone intercepts your communication, he/she can not read your conversations because all emails you send or receive with other ProtonMail users are automatically encrypted end-to-end by the service.

In addition, for communicating with non-ProtonMail email addresses i.e. Gmail users, all you need to do is:

• Create a message
• Just click the encryption button
• Set a random password

Once done, your encrypted email recipient will get a link to the message with a prompt to enter his/her same password in order to read it.

Another friendly feature that ProtonMail offers is Self-destructing emails. All you need to do is set an expiration date for an encrypted email you send, and it will get self-deleted from the recipient’s inbox once the date arrives.

Why ProtonMail won't have to comply with American Laws?

In a previous article, I explained that ProtonMail is based in Switzerland, so it won't have to comply with American courts’ demands to provide users data.

In worst case, if a Swiss court ordered ProtonMail to provide data, they will get only the heaps of encrypted data as the company doesn’t store the encryption keys.

ProtonMail has gained an enormous amount of popularity during its developing stages.

ProtonMail encrypts the data on the browser before it communicates with the server, therefore only encrypted data is stored in the email service servers, making it significantly more secure for those looking for an extra layer of privacy.

Source : Click Here

Continue Reading →

How to Make $100,000? Just Hack Google Chromebook

Yes, you could earn $100,000 if you have the hacking skills and love to play with electronics and gadgets.

Google has doubled its top bug bounty for hackers who can crack its Chromebook or Chromebox machine over the Web.

So if you want to get a big fat check from Google, you must have the ability to hack a Chromebook remotely, that means your exploit must be delivered via a Web page.

How to Earn $100,000 from Google

The Chrome security team announced Monday that the top Prize for hacking Chromebook remotely has now been increased from $50,000 at $100,000 after nobody managed to successfully hack its Chromebook laptops last year.

The Top bug bounty will be payable to the first person – the one who executes a 'persistent compromise' of the Chromebook while the machine is in Guest Mode.

In other words, the hacker must be able to compromise the Chromebook when the machine is in a locked-down state to ensure its user privacy. 

Moreover, the hack must still work even when the system is reset.

"Last year we introduced $50,000 rewards for the persistent compromise of a Chromebook in guest mode," the Google Security Blog reads.
"Since we introduced the $50,000 reward, we have not had a successful submission. Great research deserves great awards, so we're putting up a standing [6-figure] sum, available all year round with no quotas and no maximum reward pool."

Bug bounties have become an essential part of information security and have been offered by major Silicon Valley companies to hackers and security researchers who discover vulnerabilities in their products or services.

Last year, Google paid out more than $2,000,000 in bug bounties overall to hackers and researchers who found bugs across its services – including $12,000 to Sanmay Ved, an Amazon employee, who managed to buy Google.com domain.

So Keep Hunting, Keep Earning!

Source : Click Here

Continue Reading →

Apple Engineers say they may Quit if ordered to Unlock iPhone by FBI

Apple Vs. FBI battle over mobile encryption case is taking more twists and turns with every day pass by.

On one hand, the US Department of Justice (DOJ) is boldly warning Apple that it might compel the company to hand over the source code of its full iOS operating system along with the private electronic signature needed to run a modified iOS version on an iPhone, if…

…Apple does not help the Federal Bureau of Investigation (FBI) unlock iPhone 5C belonging to one of the San Bernardino terrorists.

And on the other hand, Apple CEO Tim Cook is evident on his part, saying that the FBI wants the company to effectively create the "software equivalent of cancer" that would likely open up all iPhones to malicious hackers.

Now, some Apple engineers who actually develop the iPhone encryption technology could refuse to help the law enforcement break security measures on iPhone, even if Apple as a company decides to cooperate with the FBI.

Apple Emplyees to Quit their Jobs

Citing more than a half-dozen current and former Apple engineers, The New York Times report claims that the engineers may refuse the work or even "quit their jobs" if a court order compels them to create a backdoor for the very software they once worked to secure.

"Apple employees are already discussing what they will do if ordered to help law enforcement authorities," reads the report. "Some say they may balk at the work, while others may even quit their high-paying jobs rather than undermine the security of the software they have already created."

Apple previously said that building a new backdoored version of iOS to satisfy the FBI's demand would require up to a month of work and a team of 6-10 engineers, naturally Apple's top software engineers.

However, Apple employees said they already have "a good idea who those employees would be." They include:

1. A former aerospace engineer who developed software for the iPhone, iPad and Apple TV.
2. A senior quality-assurance engineer who is an expert "bug catcher" with experience in testing Apple products.
3. An employee specializes in security architecture for the operating systems powering Apple products including iPhone, Mac and Apple TV.

The FBI wants Apple assistant to help the authorities bypass security mechanisms on the San Bernardino shooter Syed Farook's iPhone 5C so that they can extract data from the phone.

Given that the San Bernardino case is currently working its way through the courts and that no one is prepared to stand down, the possibility that Apple might have to comply with the orders is probably years away.

Source : click here

Continue Reading →

Bored With Chess? Here's How To Play Basketball in Facebook Messenger

Hope all of you have enjoyed the Game of Chess in the Facebook Messenger.

But if you're quite bored playing Chess or not really good at the game, then you probably felt a bit excited about Facebook's recent inclusion of a little Basketball mini-game into Messenger.

Now you can play Basketball through Facebook Messenger, just by typing in the Basketball emoji and sending to one of your friends. This would enable a secret Basketball mini-game between you and your friend.

Here's How to Play Basketball:

Just locate the basketball emoji from your emoji list, send to one of your friends and click it to start the game.

Once sent, you would be taken to the Basketball court in a pure white background, where there is no sidebars of any friend suggestions or any promotional ads; only appears a basketball and a hoop, nothing else!

All you have to do:

Just Swipe up and Toss the basketball into the hoop.

A single swipe on your phone in the direction of the hoop to bask in the ball. Facebook also encourages your gameplay with various emojis after each basket.

On successful basket, Game appreciates your gameplay by displaying various emojis like Thumbs Up, Hands Up, Claps and Smiles. On a miss, Game warns you by showing emojis like "Surprised", "Feared," and similar.

Messenger will also display your scores in between, based on your successful baskets. Your goal is to challenge your friend to see who can get the most consecutive baskets.

To play this game, the Facebook users should have the latest version of Messenger installed on their mobile phone.

The addition of such mini-games into Facebook's messaging platform would be a loneliness breaker.

As this game had been unveiled after a couple of weeks of Chess, let's hope Facebook would integrate more games like caroms or snooker in its upcoming rollouts.
Source : Click Here

Continue Reading →