Thursday, March 31, 2011

Lively discussions at the formal launch of CSA's largest Chapter

The Mumbai Cloud Security Alliance (CSA) chapter with 280 members and the largest in the world was launched last tuesday. Microsoft and KPMG were proud host to the event which saw over 80 members gather for the inaugural meet. A short video recorded keynote made by Jim Reavis, the founder director of CSA delighted the audience.  I will not dwell much into the events as they are well described by my fellow founder Mumbai CSA Director L.S. Subramanium in his blog post " Inauguration of the CSA Mumbai Chapter ".

The audience consisted of  a mix of senior vendor representatives, cloud professionals and endusers trying to gauge the Indian cloud and cloud security market. The discussions were very informative and I gained from the contributions of a well informed set of members. The following paragraphs summarises the discussions.

Cloud is till in early stages in India. There are no early Industry adopters yet. Most companies and professionals are trying to become cloud aware and prepare cloud plans. Senior executives in business and local government are keen to understand how a cloud strategy could shape or affect their business

Most of the existing cloud service providers infrastructure are outside India. There were concerns on the legal issues in using these clouds and the extent of forensic evidence that could be collected from third party cloud providers. My personal opinion has been that we should use clouds where the jurisdiction of Indian laws applies and where no foreign government can seize/spy on financial and other critical data.

It was clear that the difference between a true cloud and an Internet hosted solution was grey. Many examples of cloud solutions were in reality hosted solutions. To that extent there was cloudification of what was already available to create a buzz. Neverthless, cloud is here to stay. The farsight of the CSA in building a security architecture when the "very concept of a cloud is hazy" shows.

One of the most interesting parts of the discussion was on a point made that mass cloud adoption should be consumer driven and the real test of the cloud is how consumers use it. There was an interesting discussion on syncronising contact information between Nokia and Blackberry using Gmail. The puritan may argue against this being a cloud example, but it proves an important point.

There was interest from the banking sector on the use of cloud. There were mixed discussion of the conservativeness of the Indian banking regulator and their acceptability to cloud based banking solutions. I am of the opinion that a conservative approach to public clouds hosting financial data is best and strict restriction should be imposed on using clouds outside India.

There were some excellent questions on How to Select a Cloud Provider?  and The Key Security Concerns of CIO's? These questions are well answered in an article I wrote titled " Eight Questions CIO's should ask on Cloud Security " in SC magazine last November.

As Microsoft was the host, there were the usual questions on the security of Microsoft's Cloud based services.

All in all the food was great. I have a tasty helping of penne with my choice of toppings. Met a few colleagues from the past, some way back to my early days when India's built its first wide area X.25 networks and ofcourse made new friends.

Related Blogposts

A Strategic Approach to Security Risk while CloudSourcing which highlights the inportance of contractual and audit clauses in cloud contracts

Tuesday, March 29, 2011

State Sponsored Telephone Tapping and World Cup Cricket

World Cup Cricket is a much loved sport in the Indian subcontinent. Organized underground betting syndicates rake in billions of dollars when major games are played. Fixing a match enhances the profitability of the operation and it is therefore not surprising that there have been several instances of match fixing or allegations of match fixing in recent past.
In India and Pakistan, cricket is an emotive issue, particularly when played against each other.  In Pakistan a loss against India brings up allegation of match fixing, and it was therefore not surprising to read this quote redacted from the Times of India by a Pakistani Minister to their national team, ahead of tomorrow’s India Pakistan semifinal, which said “I gave a warning that there should be no match-fixing. I am keeping a close watch. If any such thing happens, we are going to take action,” He said he was sure the team had “very clean members”, but still, intelligence was being gathered on “who are meeting them and the position of their telephones”.
Was this an ideal threat or misuse of state machinery to tap the player’s phones? Did the minister unintentionally speak the truth? You decide.  This is yet another instance of how the power to tap phones can be blatantly misused by governments against prominent citizens.  In a previous post, I wrote about how Governments can use mobile phones to spy on citizens in a socially networked world.

Sunday, March 27, 2011

Twitter pranks can have significant economic and social impacts

On 23rd March 2011, amidst a stifling hot Wednesday afternoon in Mumbai, tweets and smses stating that the supporting cables on the Mumbai sealink, a landmark construction and major route in the metropolis had broken spread across the city. Multiple forwards ensured the message went viral. Frantic calls by citizens overloaded traffic police call centers attempting to verify contents and traffic congestion was caused by divertion onto alternate routes. The sealink is the only route which offers predictable travel time from the central business districts to the airport. Business executives plan their airport departure based on it. Beside the larger economic consequence and impact to daily life, it maligned the reputation of the company that built the sealink and caused a fall in revenue from toll collection.

The tweet read “Please avoid the Bandra Worli sea link, three supporting cables have just collapsed.Worly sea face jammed.Please RT” and the SMS "Please avoid the sea link as three supporting columns have just collapsed. Worli sea face is jammed. Please tell your loved ones to avoid the inconvenience."

An investigation by the Mumbai cyber police, traced the origin to a Twitter account of a film producer who claimed to have sent the message as a prank intended for a few friends. The film producer had no significant fanbase, with only 2000 odd twitter followers. And although the tweet did state “PL RT” there was no “#sealink”, yet, it apparently spun out of control and snowballed into a major scare.

This event amply demonstrated the impact a rumour spread either intentionally, unintentionally, or retweeted, by a prominent individual on Twitter can have in today’s real-time world. More importantly it shows how a spurious message introduced through a hacked account of a celebrity, prominent person or government organization can have devastating consequences. I normally advise my clients in the Telecom Industry to safeguard their SMS applications from unauthorised uses such as forwarding malicious bulk smses which are intended to cause panic. But as this incident shows, the power is now in the hands of many individuals through Twitter.

Simply put, there has to be a responsibility towards what one tweets and retweets as it is a public communication. Every user should take care to ensure that they take precautions to ensure that their twitter ids are not compromised. On a smaller scale, compromised twitter accounts can be misused to send malicious tweets to your friends publicly or post self derogatory messages.

I look forward to see how the investigation progresses and the punishment awarded under the Indian IT Act.

Thursday, March 24, 2011

Governments need to shape up on Information security

Governments are writing cyber laws to tackle security and privacy breaches. The laws are two fold. They penalise business for inadequate due dillegence and perpetuators of cybercrime. The recent draft of a set of rules associated with the Indian IT act specified that the Indian industry should follow a security management standard (ISO 27001).

The Indian Government however is not under the ambit of these rules as they apply to only organisations termed as "body corporate", nor does the Government have a comprehensive policy to implement a security management program to enhance security governance processes, as it launches several egovernance initiatives.

I highlighted the importance of a comprehensive national IT security management framework in an earlier post titled "Porn Surfing & Social Networking a Cyber Risk", where unrestricted Internet access was used to access sites which could be used as an actor vector by hackers. The Indian government was also a victim of a large espionage network called Ghostnet and many key programs hit by Stuxnet a specially crafted peice of malware designed to attack nuclear and space facilities.

While reading this article "Auditor calls for Government ban on Gmail, Hotmail" in the SC Magazine Australia where "the Australian National Audit Office has called on all government agencies to block free web-based email services like Gmail and Hotmail to mitigate security and information integrity risks" it seemed to me that the world over governments seem remarkly slow in the implementation of even a rudimentary set of security policies. The audit office recommended restrictions on Internet access, better password management, patching and content filtering. These recommendations are so basic that the gap between an adequate security posture and what is currently implemented would be fairly large.

Governments should take the lead and set an example in organisational security excellence as they are the largest respository of citizen data and provide services that validate the real identity of a citizens such as social security numbers, passports, citizen id's and so forth. Failure to do so will ensure that organised criminals and unfriendly governments can disrupt ongoing IT initiatives and systems.

Wednesday, March 23, 2011

Fraudster uses Hackers and Spammers in "Pump and Dump" securities scam

It is quite common to read about circular trading by small groups of stock brokers to pump up the price of a stock which they later dump at a sizeable profit. Many small investor caught in the dizzying growth of the stock price lose money. In one instance, I was a victim and found that when the stock fell, it was so quick, that exit was virtually impossible until the time it reached a point where I lost a big chunk of my investments.

The SC magazine recently reported in an article titled "Texas ringleader of pump-and-dump scam arrested" that a fraudster used the services of hackers, email spammers and botnet operators to disseminate misleading information to create a market buzz, as well as break into third-party brokerage accounts, liquidate stocks and use the balance to purchase shares of the manipulated stocks.

The fraudster acted on behalf of a set of promoters who wished to manipulate their companies stock.

I found this fraud to be a truly ingenious and sophisticated way to make money. It demonstrated that a clever person acting as a middlemen between unscrupulous operators and hackers can find several ways to custom create scams for select audiences. This type of scam is more sophisticated than the more common lottery and advanced fee frauds.

Fighting Scam Emails through Simple Intellectual Deduction

In my last post “Online Scams how you get suckered and the little you can do about it?” I pointed out the difficulty in protecting oneself from online scams. There is no prescription to fool proof security, but there are a few tips that normal users can follow to avoid becoming a fraud victim. I compiled these after an analysis of the last 30 scam mails sent me in February.

Check out the story. Check the seller’s reputation

Scam emails had repetitive stories and overtly invited recipients to be part of the scam and take a share of the spoils. They common stories were business proposals, invitations to take a share of unclaimed money, assistance to claim inheritance and award payouts. A summary of the stories in scam emails sent to me last month is listed below:


business proposal
business proposal
cash award
casino free bonus
dating/collection personal info
Father killed by business partner
helping to get my inheritance
helping to get my inheritance
helping to get my inheritance
job scam
lottery win
payment in thanks for past help
Relationship
Relationship
share in inheritance
share in spoils
share in spoils
share in spoils
share in spoils
share in spoils
share in spoils
share in spoils
Stealing from greedy politicians
Stealing from greedy politicians
suspension of unused accounts by Yahoo
United Nations Payment to you



The best way is prevention. Before entering into an online transaction, undertake due diligence to ascertain the legitimacy of the party you are dealing with. Remember there is no refund as the scamsters is an illegitimate business far away in another country, and you do not want the hassle of even trying to recover the few hundred dollars you were conned for.

Review your financial and credit card statements for unknown expenses

Incorrect entries or suspicious transactions serve as a warning bell. You may have downloaded malware which stole your banking or credit card credentials which the scammer is currently using. The source may have been correspondance you undertook with a scammer in reply to a scam email. Reset your password and run an antivirus scan to detect malware. Be aware of what legitimate sites ask for by acquainting yourself with the sites procedure before entering into a transaction

Shoddy titles
Most scam mails have shoddy subject lines which are crude and unsophisticated. These are easy to detect and typically have an urgent or  confiding tone.I have listed down a few. There are some without subject lines too.

PAYMENT INFORMATION FROM WESTERN UNION HEAD OFFICE
looking forward for your urgent response.
NOTICE AND CONTACT NOW
My Dearest
Can I confide in you?
Message From Bill Gate
Yahoo Lottery Award
Good Day!!!
From Miss Aisha.
transferringa the sum of ($39.5)million to your account
FROM THE DESK OF MR.PHILIPE TARA.
FROM THE DESK OF MR.PHILIPE TARA.
Hello
JOB OPPORTUNITY IN BRUNEL HOTEL LONDON
CALL ME AFTER GOING THROUGH MY PROPOSAL @+226 75444302
Reply me urgent plz
When Casino royalty heads to play, WinnerPalace is where they go
Australia Online National Lottery


Scam mail senders used common titles
Most of the titles were related to the scam story. Most common were audit manager, foreign exchange managers and bills and exchange managers in a bank for scams involving unrecovered sums. There was inheritance claims where the titles used were son/daughter of a chief or minister. One or two used barrister or lawyer.

Monday, March 21, 2011

Specialized software to help undercover agents monitor social networks

Tom worked under dim lights, posting late into the night. The topic would invariably be child pornography, amply demonstrated by the vivid images he traded with his friends. There was not much he knew about them, except that they shared the same sexual perversion for young children.
It had all started quite simply, when he accepted a pen pal request from Duke who claimed to run orphanages from where he produced a variety of child pornography. As his conversations grew he was invited to join this special group. It had many members from various parts of the world who shared the same sexual desire. Tom initially was a passive pedophile, content to browse child porn. This group offered him the ability to participate in the actual act of seduction using social networks. Members provided information on techniques to lure children online, to build fake personas, how to befriend them, earn their trust, find out their weakness and eventually pressurize them to share objectionable pictures and blackmail. The group had over sixty members, mostly anonymous.
Recently, several of these members received a knock on their door from their local police force, who seized their computers and booked them for crimes against children. Tom was actually Cynthia one of the many men and women who don fake personas, lying in wait for the opportunity to infiltrate these groups. They have a different life as men and women of crime forces, but put on a different mask online each day as undercover agents building their network of friends, creating fictitious persona and infiltrating such groups. Many have more than one profile.
This particular story was a figment of my imagination but under it lurks a dark lurid reality. The world over social networks are used by criminals, terrorist, sex offenders and drug peddlers, not only for interactions with their own kind but to subvert youth and lure them as pawns or agents. Cynthia and agents like her work their best to keep the online world safe. On similar lines in real life last Wednesday, Europol said it broke up the largest international ring of pedophiles with 70,000  members across the globe.
In  a news report titled “US military developing software to 'influence Internet conversations” the US military was reported to have contracted a software company to build programs that “will let it secretly manipulate social media sites such as Facebook and Twitter by using fake online personas to influence Internet conversations and spread pro-American propaganda.”
Such software allows a single agent play multiple personas on online networks. It will not be long before more sophisticated behaviour based intelligence gathering and analysis products are available that can help government agencies monitor and track cyber criminals, terrorist, sex offenders and of course if used incorrectly normal people.

Friday, March 18, 2011

Security Strip: Tom and the Lottery Scam




Related Comic Strips

1) Corporate Espionage Tom engaged in a fiercely competitive deal in Singapore
2) The Secret Tom creates a super strong password

Thursday, March 17, 2011

Fighting Email Scam through Simple Technical Detection

Over the last months, I received over 30 scam emails. I analyzed these mails to determine if there were technical commonalities that would help a lay user detect fraudulent emails. I found a two.
All the scam mails came from free webmail ids such as gmail and Yahoo, and for those which promised an award the user name was typically modified to resemble the company which offered the award
A scam mail promising an award from Microsoft titled “Message from Bill Gate” was sent from a personal id jdettmer2005@verizon.net but requesting claimants to write to microsoftgame3@gala.net. In normal course the id would have been abc@microsoft.com  but to make it sound official “Microsoft” has been added into the username
Most scam mails have the reply address different from the senders address
Scam emails which require victims to communicate with the scammer in over 60% of the cases had a different reply address. This was done by setting a field in the email header unknown to a normal user. Identification is simple; when you click the reply button compare the reply-to address with the senders address in the body of the email. In most cases they were easy to distinguish as different, but in some made difficult
Easy: Sender Email - socoibr01mr@insing.com  Reply To  mr.zongosunkala@yahoo.fr
Tricky: Sender Email - vivianmbaye2011@gmail.com  Reply To  vivianmbaye02011@gmail.com
Recommendation
       Keep your desktop updated with the latest antivirus and change passwords every 60  days. Reduces your risk of downloaded malicious software remaining undetected for a long time and prevent downloads of known malware. If you do detect malware in a scan, it may be advisable to change your passwords.  In any case frequent change of passwords reduces your window of exposure.

Wednesday, March 16, 2011

Stolen ID’s used to provide cell numbers to antisocial elements

To curb the misuse of mobile telephone connection by terrorists and antisocial elements the Indian Government mandated that these connections be given only after validation of the buyer’s photo identity proof and address verification. For a large mobile population like India this turns out to be a large and costly exercise. There were some loopholes whereby a customer could use the phone for between 1 to 2 days without verifications. The news article “When KYC norms go for a toss with prepaid mobile connectionsbeautifully describes them.
There were two news items in the last month or so that caught my attention. The first is of sleuths descending on the house of a woman who had 117 cell phone connections but no phone. Someone had misused her identity to obtain a phone connection, and in a second case Hawkers were selling SIM cards at a premium without verification documents. They used 1000 copies of a single stolen or forged ID proof to purchase these cards which were later sold to antisocial elements.
Verification of your cell number has become a crucial factor in crime detection and surveillance of known criminals.  Unverified SIMS enables them to be anonymous. It is a petty crime as far as the hawker is concerned but enables a far more sinister outcome.
Such incidents simply reflect how the very people this process was meant for easily evade it, while over 600 million others need to comply.

Tuesday, March 15, 2011

Fake Pilots a Big Threat to India’s National Security

In the Sept 9/11 attacks on the World Trade Center in the US, Al Qaeda cadre hijacked commercial airliners and flew them into the twin towers and the Pentagon. The cadre trained with local US flight schools to be able to fly these planes. They posed as passengers, boarded planes with tools and used them effectively to take control of the aircraft from unsuspecting crews. This attack resulted in a worldwide revamp of airline security. Stronger aircraft doors, stricter passenger screening, stiff restrictions on what passengers carry onboard and the recent more controversial body scanners.
Not many know that the original intent of Al Qaeda was to fly these planes into nuclear power plants. We have all witnessed in the last few days the unfortunate incident in Japan and the consequence on nuclear safety. A fully fueled plane is a devastating weapon.
Therefore it was shocking when five Indian pilots who had been flying for years were alleged to have paid for the licenses and submitted forged mark sheets to qualify. This incident beyond implication to passenger safety has serious implications on national security, and calls to question the mechanism used and sufficiency of pilot background checks.  Given the utmost care taken in ensuring aircraft reliability and air safety one would assume that a pilot would be thoroughly vetted for national security as well as competency. Sometimes such perceptions form a critical vulnerability which can easily be exploited by individuals within the system or who have good knowledge of it.
India’s growing economy has resulted in a rapid rise of private and commercial planes and a demand for a large number of pilots and stewards. if not appropriately fixed the problem can multiply.

All nations should have a comprehensive government run security vetting procedure for checking the background of pilots before recruitment and monitoring their contacts and activities after recruitment. Many rely only on a employer recruitment check. This would prevent entry of terrorist as pilots and future induction of pilots into terrorist activities.

Investigations are on. The racket could be much bigger. Read the article “Fake pilots: Aviation regulator screens 3,000 licences

Monday, March 14, 2011

Facebook faces the same security threats that Microsoft did years ago?

Microsoft operating systems and applications are undoubtedly the most popular. Their  wide spread use made them a soft target for computer hackers who comprised initially of individuals who abhorred Microsoft’s monopoly but recently shifted  to organized and well funded criminal gangs and governments intents on cyber crime, corporate espionage and stealing military secrets. With the greatly enhanced level of funding and sophistication, building secure software and plugging security breaches in software with large attack surfaces like Windows became a significant challenge. Bill Gates mandate on building secure software over quick releases was a significant milestone in cyber security. It made the DNA of Microsoft which controlled 90% of the cyber risk focus on ensuring security over functionality and backward compatibility.  It’s not perfect but it’s working.
Facebook as the dominant social networking platform is a concentrated platform of individuals and therefore the focus of cyber attention by the same set of organised criminals and governments as a medium to spam, scam, defraud, steal indentities and spy.
The mistakes Microsoft made as an emerging, dominant organization seem quite similar to the technical security issues which plague Facebook, which has suffered several high profile exposures as a result of exploited api functionality, technical vulnerabilities and unverified third party applications. Not to mention, their own internal policy to revert privacy settings. The very recent hacking of Mark Zuckerberg’s and Nicholas Sarkozy’s page is a wakeup call from a hacker we should actually reward.
Security weaknesses usually arise from two primary reasons. The first is an inherent belief that growth in marketshare is the fundamental parameter of success and secondly the inherent lack of security in the buildup of the original code which requires a massive investment to overhaul. Merely patching existing code in an expanding code base introduces further vulnerabilities.
Security risks manifest themselves overtime in a single instance of a high profile breach. Whatever the legal stance may be and the agreements signed by members to indemnify free social media platforms, there will always be that one instance which may result in a breach so large that ensuing litigations or customer dissatisfaction may pull the company under. Microsoft realized this at the expense of market share in recent years.

Thursday, March 10, 2011

Precise Cyberlaws are a pressing need in the Digital Age

Cyber law is evolving and far from perfect in creation and enforcement. Current laws attempt to address cybercrime and data privacy. Recent exposures by WikiLeaks and the citizen uprisings in the Middle East have raised issues of national security and the extent of a citizen's right to online expression. Governments want to fetter this right bringing in legal liability for social networking abuse which would help address issues related to national security, cyber bullying, cyber crime, defamation, pornography and cyber harrassment.  I firmly believe that an appropriate cyber legal and regulatory system is urgently needed.

However, the evolving nature and incomplete understanding of how the digital age works by law makers results in loosely worded laws which infringe on citizens liberty beyond what one may call reasonable. Freedom once given is also difficult to take away. This lack of understanding has led to public outcry in several democratic countries and was clearly demonstrated in the recent wording of the Indian IT Act, which made bloggers responsible for what they publish as well as readers comments which are " threatening, abusive, objectionable, defamatory, vulgar, racial, among other categories", and legally equated bloggers to content hosters and ISP's who on behalf of another receives, stores or transmits any electronic record.

India is democratic and the government will listen and rectify. I am afraid that such incidents will continue to be repeated unless dedicated time and effort in precise cyberlaw creation is put in by institutions. This will involve public-judiciary participation, education of the judiciary and law makers, wider consensus on law making and governmental collaboration on a harmonised global cyber law framework.The news article titled " Plan to muzzle bloggers sparks outcry " in the Times of India better describes the Indian Bloggers outcry.

Tuesday, March 8, 2011

Governments can use mobile phones to spy on citizens

The recent upturn in several countries ruled by monarchs, dictators or single party governments where in some way citizens felt discriminated was fueled by social networks which formed, consolidated and communicated citizen opinion locally, nationally and internationally. The online platforms helped organize street protests and influence international opinion through mass circulation of cell phone images of violence, fervor and military crack downs.
The world and indeed most of these governments were unaware of the impact this new order of communication could have. Last minute attempts to crack down by blocking or sniffing Facebook communications in Tunisia or the attempt to shut down the Internet in Egypt were unsuccessful.
Governments learn quickly. I would not be surprised if there are ongoing attempts by a few to turn the one piece of technology that billions of people carry around; the mobile phone into a sophisticated spying device.
So just what can be done,
I wrote in several posts that all forms of communications; messages and phone calls could be spied upon by governments using existing machinery at telecom exchanges. In addition, a mobile phone can be used to track your location or a group gathering on streets or in homes. Do not be surprised if in the next few years, mobile phones (in some countries) come preloaded with software that turns it into a bug to listen in on private conversations.
So it turns out that carrying a mobile phone at all times may not be a good idea. But in a year or so this technology will not only in the phone, but in TV’s and cars too. Technologies that can potential invade life is at hand.
The only prevention is a strong judiciary, constitution and democracy. 

Monday, March 7, 2011

Email spam designed to fudge a recipient’s thought process

In the Indian city of Mumbai, fruit sellers hawk fruits on small colorful wooden stalls lining crowded market roads. Indians typically haggle before settling on a mutually agreeable price.  A ten percent reduction or an extra fruit is normally an agreeable bargain. The buyer however does not know the true value of the fruit and the negotiation starts at the reference price set by the seller. If you visit a few vendors to check, you will quickly realize the price is remarkably consistent and not competitive. In this way the seller always gets his price minus the mark up built in to satisfy the buyer. The buyer’s negotiation is to the terms set by the seller.
In a similar manner email scammers attempts to set out the process for verifying their scam stories in the emails they send. Self justification built into the story is cleverly intended to fudge or limit the victim’s verification thought process.  
I received two nearly identical scam mails copied below within a few hours of each other. This set of mail clearly shows how a recipient’s verification process is fudged and the mail content rapidly tampered with to beat spam filters in an attempt to get them into inboxes.
Self justification was proved by enclosing a BBC new link on an actual incident, which is built into the story, and limiting the recipients’ verification by citing physical harm if the email is disclosed. The recipient does not realize that there are a few billion copies of the same email in circulation.
The first mail was caught by my Yahoo spam filter and sent to the spam folder. The second was not. The spammer had within a few hours modified several words in the email to ensure that it would beat the filter and land in the Yahoo inbox. This improves the chances that a user will read and believe in the scam, as mail in spam folders makes recipient cautious. For a spammer who is paid per response, it increases remuneration. The spam filter was defeated by modifying the title, greetings, and key words.
Trust you will find it interesting to compare both mails.  I have tested the links using McAfee site advisor which found them to be safe.

First Email

Sat, March 5, 2011 11:25:40 AM
Can I confide in you?


From:
Riah Yak <riayak@fasbfmail.com>
 






Dearest One,

Compliment of the season to you and yours. my name is Riah Justin YAK,I am 25 years old Girl,from Southern Sudan.I want to confide in you, I need to tell you more things, because I need your help to stand as my trustee.

My father Dr. Justin YAK Arop was the former Minister for SPLA Affairs and Special Adviser to President Salva Kiir of South Sudan for Decentralization. My father Dr. Justin YAK and my mother including other top Military officers and top government officials where on board with the plane crashed on Friday May 02, 2008. You can read more about the crash through the below site:
http://news.bbc.co.uk/2/hi/africa/7380412.stm

Some months after the burial of my parent, my uncle conspired with my stepmother and sold my father's properties to a Chinese Expatriate. On a faithful morning I opened my father's briefcase and found out some vital documents which my beloved late father used in deposit some Money and GOLD DUST worth 250KG 22 carat alluvial Gold Dust which was deposited in a Finance& Security company in Burkina Faso , under my name as the next of kin beneficiary, this is the reason why  I traveled down here in Burkina Faso to withdraw
the money so that I can start a better life and take care of myself.

The great disappointment when i arrived here in burkina faso, the director of the finance company whom I met in person told me that my present status does not permit me by the local law to clear money or make a transfer of money into an account, he advice me to provide a trustee who will help me to receive the money into an international bank account or I should wait till when I will get married then i can come for the claim with my husband as it was demanded by their Authority..

I have chosen to contact you after my prayers and I believe that you will not betray my trust. But rather take me as your own blood sister and help me. Though you maybe wondering why I am so soon revealing myself to you without knowing you, well, I will say that my mind convinced me that you are the true person to help me. More so, I will like to disclose much to you if you can help me to relocate to your country because my uncle has threatened to assassinate me if care is not taken. The amount involve is $4.5 Million USD and I have confirmed from the Finance and security here in Burkina Faso.

However, you will help by recommending a nice University in your country so that I can complete my studies. It is my intention to compensate you with 15% of the total money and GOLD for your services and the balance shall be my capital in your establishment ,so as soon as I receive your interest towards
helping me, I will quickly put things into action immediately and in the light of the above, I shall appreciate an urgent message indicating your ability and willingness to handle this transaction sincerely. Please do keep this only to your self.

I beg you not to disclose it till i come over to your country after the transfer hits your bank account because I am afraid of my wicked uncle who must not know about this.

Thanks with lots of regards to your family.

Sincerely yours,

Riah Justin YAK.

Second Email – Modified to beat the spam filter
Sat, March 5, 2011 3:11:49 PM
My Dearest,


From:
Missregina Justin <missreginayak@sify.com>
Add to Contacts
To:
 










My Dearest,
     
      I am writing this mail to you With due respect trust and humanity, i appeal to you to exercise a little patience and read through my letter i feel quite safe dealing with you in this important business having gone through your remarkable profile, honestly i am writing this email to you with pains, tears and sorrow from my heart, i will really like to have a good relationship with you and i have a special reason why i decided to contact you, i decided to contact you due to the urgency of my situation, My name is Miss.Regina Justin Yak, 24yrs old female and I from Sudan in  Africa. My father was the former Minister for SPLA Affairs and Special Adviser to President Salva Kiir of South Sudan for Decentralization. My father Dr.Justin Yak, and my mother including other top Military officers and top government officials had been on board when the plane crashed on Friday May 02, 2008. You can read more about the crash through the below site:http://news.bbc.co.uk/2/hi/africa/7380412.stm

After the burial of my father, my stepmother and uncle conspired and sold my father's property to an Italian Expertrate which the shared the money among themselves and live nothing for me. One faithful morning, I opened my father's briefcase and found out the documents which he have deposited huge amount of money in one bank in Burkina Faso with my name as the next of kin. I travelled to Burkina Faso to withdraw the money for a better life so that I can take care of myself and start a new life, on my arrival, the Bank Director whom I met in person told me that my father's instruction to the bank is that the money would only be release to me when I am married or present a trustee who will help me and invest the money overseas... I am in search of an honest and reliable person who will help me and stand as my trustee so that I will present him to the Bank for transfer of the money to his bank account overseas.

I have chosen to contact you after my prayers and I believe that you will not betray my trust. But rather take me as your own sister. Though you may wonder why I am so soon revealing myself to you without knowing you, well I will say that my mind convinced me that you may be the true person to help me.. Moreover, I will like to disclose much to you if you can help me to relocate to your country because my stepmothers have threatened to assinate me. The amount is($5.6USD)Million United State Dollars, and I have confirmed from the bank in Burkina Faso on my arrival, You will also help me to place the money in a more profitable business venture in your Country. However, you will help by recommending a nice University in your country so that I can complete my studies. It is my intention to compensate you with 10% of the total money for your services and the balance shall be my capital in your establishment. As soon as I receive your positive response showing your interest I will put things into action immediately. In the light of the above, I shall appreciate an urgent message indicating your ability and willingness to handle this transaction sincerely. Awaiting your urgent and positive response. Please do keep this only to your self for now until the bank will transfer the fund. I beg you not to disclose it till i come over because I am afraid of my wreaked stepmother who has threatened to kill me and have the money alone ,I thank God Today that am out from my country (SUDAN) but now In (Burkina Faso) where my father deposited these money with my name as the next of Kin. I have the documents for the claims.

Yours Sincerely  Miss.Regina Justin Yak.


Related Posts:  “Online Email Scams a multibillion dollar business or not? You decide” and How you get suckered in Online scams and the little one can do about it?

Friday, March 4, 2011

Cyber Ethics, Safety and Security Education is essential for Indian Children?

India is an emerging economy investing in computerization and broadband for rapid and balanced economic development. The Indian government has embarked on large egovernance programs and enablers like the Unique ID program (UID) which provides a unique biometric based ID for all Indian residents. The private sector has begun using ecommerce and the IT industry has established India as a leading destination for IT services.
Grooming our children in computer use is a well recognized essential. Today’s generation is a technology savvy one. It is quite common to observe young children surfing and gaming on the Internet. Most children do not realize what a pre-computer era was.
But the impetus on cyber education to ensure use of the Internet in a responsible, safe and secure manner is lacking in educational curriculums. The onus on cyber education is largely placed on the Indian parent who may not be familiar with computers or the Internet. This generation gap does not make them good teachers with proud or technology unsavvy parents allowing their children liberties with simple restrictions on Internet time and stricter parents forbidding their children altogether.
It is not practical to shield this generation from the use of the Internet. Children find ways through phone or computer, via a friend’s home and so forth. Children by nature love to play pranks. Knowingly or unknowingly they can indulge in a variety of pranks from bullying, obscenity, hoaxes and hacking.  Some fall victim to online criminals and pedophiles.  Some play pranks which economically affect the nation and its institutions like the recent case of a prankster caller phoning a Mumbai college to say that a bomb had been planted on the premises. 300 girl students were evacuated minutes after they started their exam.  
At the same time, it is not advisable to allow children the use the Internet without instruction. The middle path lies in a system of cyber education to prepare our citizens as netizens in cyber ethics and the safe and responsible use of the Internet. In my opinion, cyber education should be taught by schools as many parents are yet unfamiliar with the Internet. Such a program should be endorsed by the education ministry, be a part of the ongoing IT curriculum, and include comprehensive training of school teachers across the country. Perhaps a national children cyber safety day in schools may help increase awareness.