Nov 8th, 2008 | Cyber Crime, Cyber Security, E-Terrorism, Internet Abuse, Pakistan | No Comments
Hack At Your Own Peril - Pakistan Passes Law to Criminalize Cyber Terrorism With Death Penalty
Pakistan President, Asif Ali Zardari signed The Prevention of Electronic Crimes Ordinance making it a law to counter internet crimes. The Ordinance shall have retrospective effect from 29th Septamber, 2008.
The Ordinance defines internet crime done to cause death shall be punishable with capital punishment.
The ordinance applies to “any person, group or organization who, with terroristic intent utilizes, accesses or causes to be accessed a computer or computer network or electronic system or electronic device or by any available means, and thereby knowingly engages in or attempts to engage in a terroristic act.”
It also states that cyber terrorism shall be considered
(a) altering by addition, deletion, or change or attempting to alter information that may result in the imminent injury, sickness, or death to any segment of the population;
(b) transmission or attempted transmission of a harmful program with the purpose of substantially disrupting or disabling any computer network operated by the Government or any public entity;
(c) aiding the commission of or attempting to aid the commission of an act of violence against the sovereignty of Pakistan, whether or not the commission of such act of violence is actually completed; or
(d) stealing or copying, or attempting to steal or copy, or secure classified information or data necessary to manufacture any form of chemical, biological or nuclear weapon, or any other weapon of mass destruction.
Technorati Tags: Hacking Terrorism internet cyber act ordinance law enforcement
Jul 9th, 2007 | Cyber Crime, Cyber Security | No Comments
Precautions are taken by E-businesses and other companies to avoid identity theft under Internet Law, as reported in an E-mail Article.
While not all identity theft crimes can be prevented, much harm can be avoided if users and companies holding private data take appropriate steps to avoid it. Small companies, financial institutions, and even sophisticated e-businesses must take preventive measures to assure protection of private and confidential information or they may be liable under United States (“U.S.’) data protection and privacy laws.
Which precautions should e-Businesses take to protect customers’ data and avoid cyber fraud? And Which precautions should service institutions take to avoid violation of data protection laws?
Identity theft has become a worldwide problem with international consequences. Yet, it can be minimized if Internet users and e-business entities take adequate precautionary measures to protect against transmission of data to unauthorized parties. Indeed, most of these measures may be included in domestic legislation on data protection and privacy laws to which companies, be they e-companies or not, must abide. Once users reveal their personal information, such as in the course of an e-commerce transaction (i.e. by providing credit card information), the e-business processing the transaction bears responsibility to secure that information from unauthorized use through methods such as encryption and the use of secure Web sites.
Which precautions should e-Businesses take to protect customer’s data and avoid cyber fraud?
All e-businesses should develop and publish a privacy policy in their website. This privacy policy includes provisions related to the protection of customer data according to legal standards and specific type of business. This policy should be followed strictly and all employees of the business should receive appropriate training so that they can properly follow it. Further, e-businesses must continually monitor the efficacy of their privacy policy and must ensure its compliance by the company’s employees. For this purpose, it is often advisable for an e-commerce organization (particularly if it processes a large amount of customer data) to appoint a security and privacy controller. The organization should take active measures to research and respond to any consumer complaints regarding the following items:
• Storing data in payment systems:- The e-business should store only those data elements that it absolutely requires to properly process payment transactions and to remove unnecessary customers’ data. The organization should also verify that its payment system deletes temporary data files with payment records. In the event that the processing of payments is outsourced, the primary company must ensure that the outsourcing entity has strict security and privacy policies and that its employees and agents adhere to such policies. In addition, an organization must ensure that its server log files do not inadvertently store customer payment information.
• Access to payment systems:- It is not advisable to give many employees access to databases or payment application software. Access to payment systems and software must be restricted to trust-worthy personnel.
Employees who have access to sensitive data or payment systems should always be monitored. It is advisable for an organization will perform spot-checks and to verify that its employees are working within the scope of their jobs. It is vital that an organization should immediately report any security breach or loss of computer systems to appropriate authorities and that an organization should institute appropriate mechanisms for ensuring the adequate reporting of security breaches. Finally, e-business organizations should only ask customers for information that is absolutely necessary to complete their transactions.
Which precautions should service institutions take regarding data protection?
The following are some measures e-business and service institutions should take to protect its customers’ data:
• Service providers, particularly Internet-based service providers must institute, update and publish a privacy policy. It is also advisable to appoint a consumer data and privacy controller. The controller should be responsible for implementing data protection policies, monitoring its compliance and addressing any consumer complaints.
• In addition to a privacy policy, companies should have a security policy that is clearly documented, understood by employees, and continually monitored and modified as appropriate.
• Companies should encrypt sensitive data. Encryption refers to the practice of altering data by using a secret code so as to render the data unintelligible to unauthorized parties. In encryption, only an authorized application in possession of a special key can read the data. It is particularly important to encrypt sensitive data, like credit card account data, in databases. Companies should also manage the issuance and maintenance of encryption keys which includes the institution of a key management best practices policy, including measures related to the obsolete keys and the re-issuance of keys. Companies should use sufficiently large key lengths and should use updated cryptographic technology to assure the integrity of private data over the storage time.
•Companies should also maintain backup tapes and other off-line systems to properly store sensitive data.
• Service institutions must monitor employee’s access to sensitive information.
Some US companies are governed by the Fair Credit Reporting Act (FCRA) and if the company is not covered under the FCRA, then these companies should institute an appropriate mechanism to collect, investigate and resolve end-user complaints.
Jul 9th, 2007 | Cyber Crime, Cyber Security | No Comments
ONLINE DATA PROTECTION
Precautions are taken by E-businesses and other companies to avoid identity theft under Internet Law, as reported in an E-mail Article.
While not all identity theft crimes can be prevented, much harm can be avoided if users and companies holding private data take appropriate steps to avoid it. Small companies, financial institutions, and even sophisticated e-businesses must take preventive measures to assure protection of private and confidential information or they may be liable under United States (“U.S.’) data protection and privacy laws.
Which precautions should e-Businesses take to protect customers’ data and avoid cyber fraud? And Which precautions should service institutions take to avoid violation of data protection laws?
Identity theft has become a worldwide problem with international consequences. Yet, it can be minimized if Internet users and e-business entities take adequate precautionary measures to protect against transmission of data to unauthorized parties. Indeed, most of these measures may be included in domestic legislation on data protection and privacy laws to which companies, be they e-companies or not, must abide. Once users reveal their personal information, such as in the course of an e-commerce transaction (i.e. by providing credit card information), the e-business processing the transaction bears responsibility to secure that information from unauthorized use through methods such as encryption and the use of secure Web sites.
Which precautions should e-Businesses take to protect customer’s data and avoid cyber fraud?
All e-businesses should develop and publish a privacy policy in their website. This privacy policy includes provisions related to the protection of customer data according to legal standards and specific type of business. This policy should be followed strictly and all employees of the business should receive appropriate training so that they can properly follow it. Further, e-businesses must continually monitor the efficacy of their privacy policy and must ensure its compliance by the company’s employees. For this purpose, it is often advisable for an e-commerce organization (particularly if it processes a large amount of customer data) to appoint a security and privacy controller. The organization should take active measures to research and respond to any consumer complaints regarding the following items:
• Storing data in payment systems:- The e-business should store only those data elements that it absolutely requires to properly process payment transactions and to remove unnecessary customers’ data. The organization should also verify that its payment system deletes temporary data files with payment records. In the event that the processing of payments is outsourced, the primary company must ensure that the outsourcing entity has strict security and privacy policies and that its employees and agents adhere to such policies. In addition, an organization must ensure that its server log files do not inadvertently store customer payment information.
• Access to payment systems:- It is not advisable to give many employees access to databases or payment application software. Access to payment systems and software must be restricted to trust-worthy personnel.
Employees who have access to sensitive data or payment systems should always be monitored. It is advisable for an organization will perform spot-checks and to verify that its employees are working within the scope of their jobs. It is vital that an organization should immediately report any security breach or loss of computer systems to appropriate authorities and that an organization should institute appropriate mechanisms for ensuring the adequate reporting of security breaches. Finally, e-business organizations should only ask customers for information that is absolutely necessary to complete their transactions.
Which precautions should service institutions take regarding data protection?
The following are some measures e-business and service institutions should take to protect its customers’ data:
• Service providers, particularly Internet-based service providers must institute, update and publish a privacy policy. It is also advisable to appoint a consumer data and privacy controller. The controller should be responsible for implementing data protection policies, monitoring its compliance and addressing any consumer complaints.
• In addition to a privacy policy, companies should have a security policy that is clearly documented, understood by employees, and continually monitored and modified as appropriate.
• Companies should encrypt sensitive data. Encryption refers to the practice of altering data by using a secret code so as to render the data unintelligible to unauthorized parties. In encryption, only an authorized application in possession of a special key can read the data. It is particularly important to encrypt sensitive data, like credit card account data, in databases. Companies should also manage the issuance and maintenance of encryption keys which includes the institution of a key management best practices policy, including measures related to the obsolete keys and the re-issuance of keys. Companies should use sufficiently large key lengths and should use updated cryptographic technology to assure the integrity of private data over the storage time.
•Companies should also maintain backup tapes and other off-line systems to properly store sensitive data.
• Service institutions must monitor employee’s access to sensitive information.
Some US companies are governed by the Fair Credit Reporting Act (FCRA) and if the company is not covered under the FCRA, then these companies should institute an appropriate mechanism to collect, investigate and resolve end-user complaints.
Jun 21st, 2007 | Cyber Security | No Comments
LAST YEAR when MySpace.com was just taking off as a popular site for self-profiles, I had a discussion about it with a young lady who was ecstatic about the chance to get to know other kids. She thought of her MySpace and Facebook online profiles as wonderful tools for expanding her social life. These social networking Web sites, she said, make it easy to exchange personal information with teenagers like herself. In her adolescent exuberance, her vision of MySpace possibilities was full of innocent, chatty encounters with kids her own age. My view was less optimistic. I thought of it as a place where older guys could lie in wait for unsuspecting prey to take the bait.
In a bygone era, she might have enjoyed exchanging letters with a pen pal thousands of miles away. The distance alone was a shield against the unknown. But the Internet means instant communication with strangers, whose intentions you can never be sure of. What we discovered was that I was hung up on the old-fashioned dictum “Don’t talk to strangers.” She, on the other hand, sensed no danger. All she could see was unlimited potential for social adventures in cyberspace. But MySpace.com early last month purged 7,000 sex offenders from its accounts. The thing about young people is that they approach life believing they are invulnerable. They’re guided by a twisted corollary of Murphy’s Law — if something bad is going to happen, it’s going to happen to somebody else and not to me.
A 17-year-old Clifton girl discovered the hard way that Murphy’s law applied to Internet dating the same way it applies to anything else. She met the guy on a MySpace clone, Localhookupz.com. She went to his house when his parents weren’t home. That cyber-encounter resulted in a rape allegation against an 18-year old Clifton man. He’s been charged with assaulting the high school girl. After being charged with second degree sexual assault, he spent a week in jail and is now out on bail. If convicted, he’d have to register as a sex offender.
The state attorney general’s office scored a victory of sorts over sexual predators who use the Internet to entice victims — often children — into dangerous encounters. MySpace stopped resisting and turned over the names and e-mail addresses of known sex offenders who had opened accounts on the company’s social network of 180 million subscribers. The unknown ones are still free to prowl the site and pounce on children. This week, MySpace complied with New Jersey’s subpoena that sought additional information on the offenders.
Illinois and Connecticut law enforcement officials, after reviewing the MySpace names, may send some sex-offenders back to jail: signing up and interacting with kids constitutes a parole violation. Getting names and e-mail addresses of potential child molesters is a small victory. MySpace complied — reluctantly — after attorneys general in several states made an issue of registered sexual offenders mixing it up with fun-loving kids. But hundreds of sexual predators never identified as such may still be registered with MySpace. In addition, other networking sites like Localhookupz have not scoured their records for predators like MySpace did under pressure.
A lot more preventive steps are needed to protect starry-eyed cyber-socializers. Issues of privacy are raised when law enforcement gets involved, but parents can’t be on top of every keystroke children make or Web site they visit. Kids can start by using better judgment and following common-sense rules. Seemingly sweet teen girls and fresh-faced guys offering profiles on MySpace.com may actually be adults with sinister intentions. Even if some stranger your own age invites you over with no parents around, it’s definitely not for a challenging game of Scrabble.
