Cyber criminals on the rampage...
We shall call her Neetha. In her mid 30s, Neetha was an executive
employed in a private firm in Sri Lanka. Her numerous official duties
entailed regular overseas travel. An outgoing personality with a wide
circle of friends Neetha just like any other person of the modern age,
relied on her email and social networking sites to keep in touch with
Her busy schedule at work, hardly permitted personal calls or fun
outings with her buddies. Neetha knew she could rely on her friends for
anything and her exchanges of e-mails in the 'inbox' provided ample
proof of this. She was a trusted friend.
A perfect catch for a cyber predator. A few months back, as she had
done on many occasions, Neetha hopped into a flight bound for Europe.
She was on an official visit to meet some clients. The distance did not
prevent her from making contact with her friends on the Internet. Neetha
stepped into a computer kiosk at the airport during a transit and logged
into her personal email to check the inbox. She was anxious to know if
there had been any urgent mails from her friends or if the office had
made any contact.
Little did she knew that someone had been waiting there for a
potential 'prey'. The man with evil in his mind had manipulated the
computer that she was using at the time.
A 'keylogger' was installed to track the key strokes and retrieve her
user name and password - an attempt was on to steal her virtual
identity. Oblivious to all this, Neetha checked her mail and left the
airport. After a successful week long trip she returned. Upon coming
back she rang up a few friends to let them know.
The story then began to unfold. The friends, ever relieved to hear
her voice, bombarded her with endless inquiries. What happened? Who
stole your money? Are you ok? Why didn't you reply to our mails? Did
they catch the thief? What in the world gave them the idea that she was
swindled during the trip, Neetha could not imagine.
Upon inquiry, she learned that her friends had received e-mails
purportedly from her (to be exact from her e-mail account) claiming that
she was mugged overseas. She lost her purse with money and her credit
card and the mobile phone, it was written.
The mails appealed to them to deposit money in a bank account. She
needed cash urgently to get back home. Several of her friends, as
expected, sent money to the account number mentioned in the emails.
Neetha quickly lodged a complaint with the police about the incident.
Tech CERT, a computer emergency response team which is part of the 'lk'
domain, approached by the victim got into action to retrieve her mail
account to prevent further damage. "We could not find the man who robbed
the money as he was a foreigner, based in another country but we managed
to get her mailing account back in order," Chief Operating Officer of
TechCERT Dileepa Lathsara told the Sunday Observer.
By the time, the damage was already done and her friends had lost
substantial amount of cash.
"It is unfortunate that other than retrieving the email accounts we
can do little to trace the cyber criminal. Tracing and taking legal
action against a foreigner is a highly complex issue due to various
reasons, especially since it interferes with the laws of other
countries," he said adding that the Internet users must take the safety
aspects more seriously.
He said the Internet was a very convenient tool for people to make
numerous transactions and maintain social interaction, in a world where
people were compelled to become workaholics. But it's a must they update
themselves of the threats and ways to avoid them.
Neetha's case may not strike as a serious one since no one was
injured as a result of this incident. But dangerous criminals are now
creeping into Sri Lanka cyber space and this trend is on the rise.
The cases currently reported in Sri Lanka are mostly about identity
theft and credit card scams. In other cases reported to TechCERT,
schoolchildren have been blackmailed and demanded money to return their
face book accounts. "For a child a face book account could perhaps mean
He warned that parents should have a close watch over their children
having access to Internet adding that it won't be that long before
people use this to kidnap individuals for ransom. This is actually
happening in other countries.
"The Internet is dangerous if you don't use your head. Anyone can
fake their identities on the net. The person whom you chat on the
Internet may be a completely different person than who you think he is.
A man can say he is a woman. An older woman can pretend to be a teenage
The TechCERT team was approached to resolve a similar case. A man who
got friendly with a young girl in a chat room, started visiting her
house when the parents were away.
This guy cunningly took hold of her heart as well as her intimate and
private belongings that he could create a lot of embarrassment to her as
well as to the parents, if the information was publicised.
When ultimately she was ready to see through him and let go of him,
he was ready to blackmail them. Lathsara said they could not divulge a
lot of details of their clients as it would be a breach of trust. In the
case with Neetha, immediately after tracking her user name and password
in the airport kiosk, the swindler changed the password, cutting the
user's own access to the account.
While she is busy abroad, the criminal had ample time to collect
money from her friends.
If you receive such suspicious emails, the wisest advice is to verify
the authenticity of the mail by personally speaking to the 'source', be
it a friend, a relative or a colleague - to ring them up or drop a mail
saying or to confirm by a call. He said trying to verify via mail will
not be useful, as the identity hijacker may send an appropriate reply.
The best advice the computer experts give is to avoid opening your
personal accounts at public kiosks. Browsing the Internet will be safe
but personal accounts protected by passwords should not be opened in
public places unless you are vigilant of the threats that can come your
These criminals know how to get into the system in a computer in a
public place to download harmful software even if they do not have the
administrator password. "A computer criminal is a computer genius. There
are ways to get hold of your personal details when you use even a
wireless connection in a public place.
They could 'sniff' the 'wireless packets' and extract the passwords
and the user name to gain access to emails, face book or other
The software used by criminals, such as for key logging, hacking and
phishing are widely available on the net. This is most unfortunate.
A search engine could download hundreds of pages with these software
in an instant.
If you think you have nothing to hide or protect, and need not worry
about identity theft. Beware, computer criminals can make use of your
good name to swindle others like in Neetha's case or hijack your
facebook account with personal and intimate details about you or your
family and demand money to return it.
According to TechCERT Sri Lanka has enacted laws to fight computer
crime, but the masses are yet to be enlightened of protective laws. Most
of the ordinary surfers are sitting ducks and take little effort to
update themselves on ways to keep their virtual identities safe. The law
enforcement authorities and the judiciary too need more awareness.
Ways to protect yourself when online or on facebook
1. Securely log into facebook.com using https://www.facebook.com.
This will prevent people who eavesdrop on your network from seeing your
2. Limit the amount of personal information given to Facebook
(Especially your location, date of birth, contact details). You can
adjust the information shown to your friends by adjusting the privacy
3. Make limited profile lists where you can initially add suspicious
friends to that list and after close inspection you may add them to the
appropriate lists where more information about you is available.
4. Configure Facebook privacy settings to control the information
shown to people and search engines.
5. Beware of phishing e-mail and suspicious links designated as from
Facebook. Think twice before you click on a link. A phishing e-mail is a
particular e-mail message, which is specially crafted for users to
click. Once the link is clicked it may download a virus and the virus
can get installed on your machine without your knowledge.
Some links may lead to Facebook-like login interfaces which are
designed to capture your log-in details. Therefore pay close attention
on the web address as there can be fake login sites with addresses like
www.faecbook.com(note the typo!) or any other address which looks like
facebook.com. You can check the authenticity of the Facebook site by
looking at its digital certificate which is available when you access
Facebook using https://www.facebook.com.
Similar incidents can happen if you click on links which are on
Facebook walls, feeds and mail messages.
6. Think twice before you add a person as a Friend. If possible,
e-mail or call him/her to check if he/she has actually sent you a friend
request, prior to adding him/her.
7. Facebook has an inbuilt chatting application. Never chat with
people you do not know or send information that could identify you.
8. Use a strong password that no one can guess and make sure that you
change it regularly.
Log into Facebook using only trusted computers. There may be software
such as Keyloggers, which will record every keystroke you perform in a
computer system. Becareful with whom you share the password with. If the
password is used in a weak manner it can get compromised.
Good Security habits
How can you minimise access to your information?
You maybe able to easily identify people who could, legitimately or
not, gain physical access to your computerófamily members, roommates,
co-workers, members of a cleaning crew, and maybe others. Identifying
people who could gain remote access to your computer becomes much more
difficult. As long as you have a computer and connect it to a network,
you are vulnerable to someone or something else accessing or corrupting
your information; however, you can develop habits that make it more
Lock your computer when you are away from it
A few minutes is enough time for someone else to destroy or corrupt
your information. Locking your computer prevents another person from
being able to simply sit down at your computer and access all of your
Disconnect your computer from the Internet when you arenít using it
disconnecting may mean disabling a wireless connection, turning off your
computer or modem, or disconnecting cables. The development of
technologies such as DSL and cable modems have made it possible for
users to be online all the time, but this convenience comes with risks.
When you are connected, make sure that you have a firewall enabled.
Evaluate your security settings Enabling certain features to increase
convenience or functionality may leave you more vulnerable to being
attacked. It is important to examine the settings, particularly the
security settings, and select options that meet your needs without
putting you at increased risk. Source: Carnegie Mellon University