ONGC,197,CR.,FRAUD,HACKER,USIN law ONGC 197 CR. FRAUD: HACKER USING APT FOR CYBERHEIST


Bankruptcy is a situation, wherein an individual is termed as unable to discharge all the debts. When a person or a company is not able to pay off its creditors, it has an obligation to file a bankruptcy suit. In fact, a bankruptcy suit is a When you work with an attorney, you will have no problem reducing the risks associated with getting your case in front of a judge and jury, or other formal court, when you need to. However, every case is different. It is important to work wi


International business trade is facing an unprecedented threat of frauds from organized crime, particularly, an intelligent, knowledgeable group of hackers and recent fraud with ONGC is one of the crime involving huge amount of Rs. 197 Cr. Such scams earlier known as Man-In-the-Email Scam now involves sophisticated modus operandi and targets businesses working with foreign suppliers that regularly perform wire transfer payments. Cyber Crimes have become lucrative with a high returns coupled with low risk and as such the hackers have become very focused and motivated. They are not in hurry to launch and attack quickly but act in a slow and steady but aggressively and successfully penetrate the network with various different attack methods and then, clandestinely hide its presence while achieving a well developed, multi-level foothold in the environment.The fact of the case as revealed from various news in the media indicates that the commercial transactions regarding sale of naptha between ONGC and Aramco, a Saudi Arabia based Oil Company were exploited by the hackers to commit Cyberheist crime involving the misappropriation of the highest money so far in India. The ONGC aggrieved to deliver 36,000 ton of naptha to Aramco for Rs. 100 Cr. and communication on behalf of ONGC were being carried out from email address ‘[email protected]. The company did not get the money for the consignment on time and on enquiry, got the response on the email that the payment has been delayed due to public holiday and meanwhile, the company has also delivered the second consignment of naptha worth of Rs. 97 Cr. to Aramco. Later on, the company came to know from Aramco that the money have been transferred to Bangkok Bank Public Company Ltd. on the request of ONGC which has been received from email id [email protected]. The said account in which the money was transferred does not belong to ONGC nor the ONGC has sent any request.        The first phase of the attack requires the hacker to identify the target entities and the access to the commercial transactions which may become soft target for cyberheist fraud which is done through phishing. Through phishing, the hackers identifies the potential and soft targets and for the purpose of phishing the hackers may use various techniques such as spoofed emails, deceptive URL, URL Obfuscation, Link Manipulation, DNS Based Attack, Malware Based Attack, Content Injection, SQL Injection & Cross site Scripting etc. The information based on the successful compromise of the targets are analyzed and the targets are identified.In the second phase, after identifying the target, hackers collects the complete information of the entities involved, authentication details as well as systems and designated employees as such crimes require update and continuous information of the transactions. For this purpose, Remote- Access Trojans are used which will install itself, in such a way, at the target computer that it would become active every time the computer is started subsequent to the installation. Once a Trojan client, such as W32.Shadesrat, FAKEM, BlackShades, Back Orifice, Netbus, Bionet, or SubSeven, is installed on the target computer, the controlling computer is able to intercept information about the target computer. Through this covered channel the master computer will be able to download files from and upload files to the target. These crimes are committed by the fraudsters who are highly intelligent and knowledgeable and takes over the communication between the parties and would act as Man-In-Middle. These intelligent fraudsters monitor and analyze the identified targets and protocol necessary to perform wire transfer within specific business environment.  In the third phase, the attackers would execute the attack by either changing the bank details in the invoice which are being sent by the seller to the buyer or would sent a separate mail for change of bank detail to receive the payment from the buyer. At this stage, since sensitivity is high and any suspicion to either of the parties may foil the game plan of hacker, the hacker normally resort to the creation of fake emails so that the seller may not come to know about the change of bank detail and if any query regarding the change of bank detail is raised, the same is also replied by the hacker to satisfy the buyer regarding the genuineness of the bank details.In the fourth phase, the attackers after receiving the money immediately transfer the money to various other accounts over different jurisdictions and even can convert the same into virtual currencies whereby, through different layering, it is not possible for the investigation agencies to find out the beneficiaries. The money is transferred to the accounts of unwitting money mules who are recruited as a bogus work-at-home jobs and as such these person also become victim of these scams and they receive the fraudulent funds in their accounts and then, directed by the fraudsters to transfer the funds to other jurisdictions.          The offence is scattered in international sphere as the fake email may have been originated from one country, target computer is in another country, funds may have been misappropriated in another country or subsequently transferred to different countries. As the crime crosses international boundaries, the investigation of such complex issues shoots up exponentially and the chances of the criminal been identified, recovery of misappropriated money and prosecution of the criminal decreases. Further, the police may lack the skill to investigate these technical crimes and to find the type of malware with which the system is infecting, source of malware etc. The investigation of such cases requires the analysis of various interdependencies and the information which may be required from various countries. In the absence of any International Treaty to expedite and facilitate the investigation of such crimes and extradition of offenders makes it difficult to bring the case to the logical conclusion. Further, the volatile nature of electronic evidence, different legal systems and lack of cooperation between countries ultimately reduces the probability of detection, prosecution to nullity.Given the present scenario and the manner in which cyber crimes are exponentially increasing, becoming more and more technical and organized by intelligent criminals, the companies cannot eliminate these threats but it can protect itself by introducing appropriate security mechanism, security awareness, security training and preventing these threats from exploiting vulnerabilities in its environment. The cyber threats have acquired alarming proportion particularly in India due to non-registration of the cases, lack of skill with the police to investigate and absence of forensic capabilities with the law enforcement agencies. The cyber security skills are still being interpreted in terms of security softwares, forensic hardware/software, firewall etc. and the recent breaches in the case of Sony Hack, JP Morgan, Target etc. have clearly establish that these gadgets would play very limited role in protecting the information security enterprise architecture. The need of the hour is to have strong security structure of the enterprise information framework and to implement preventive model which can be supported by the detective, recovery and corrective mechanism to strength the enterprise security infrastructure. The companies need to include the clauses in the agreement with the parties which can cater to the risk emerging from the cyber threats which are dynamically changing and would require the involvement of information technology expert.Read Full Story at –http://www.neerajaarora.com/ongc-197-cr-fraud-hacker-using-apt-for-cyberheist/ RegardsNeeraj AaroraCyber Lawyerhttp://in.linkedin.com/in/neerajcyberlawyer

ONGC,197,CR.,FRAUD,HACKER,USIN

law

Everything You Need to Know About Employment Lawyers in Los

By and large, the employment law in the US is state-specific, which means hiring a lawyer specializing in the domain must be well-versed about the rules and regulations relating to employment in the state is vital. On the other hand, the leg ...

law

Can Your Ex-Husband Claim Custody If You Are Remarried?

Family Lawyers of Dubai herein wishes to address this reoccurring issue of custody of the child or children, should the mother re-marries following UAE Shariah Law.The very concern of this article is to understand the circumstances where th ...

law

A Will Lawyer Can Make Sure Your Will Is Legally Binding

A last will and testament is a legally enforceable document by which the creator of the will, also known as the testator, expresses their wishes as to how their property is to be distributed after death.They also assign a person to manage th ...

law

Estate Planning Tools a Living Trust In Michigan

There are various options for estate planning. One of them is the living trust.A living trust or "revocable" trust is a legal document through which your assets are placed into a trust during your lifetime. Upon your death, your assets in th ...

law

How Much Do You Know About Living Trust Michigan?

A living trust in Michigan is a very popular estate planning tool which allows you to easily pass your assets to your heirs privately by avoiding probate court. This differs from a will because a last will and testament requires probate cour ...

law

Are you aware of New Electronic Arrests In UAE?

The concerned Law is in line with the new Penal Code of UAE (Federal Decree-Law number 17 of 2018 amending Federal Law number 35 of 1992) allowing for confinement of accused in a specific area that is either his place of residence or other s ...

law

Dont Miss Out New Electronic Insurance Policies In UAE!

Bearing in mind, the electronic insurances, Insurance Authority along with UAE Government, issued a draft for Electronic Insurance regulations (the Draft Law) in early in this year. The intention behind the issuance of this Law was to govern ...

law

'Long live Nirbhaya', 'Bharat Mata ki Jai'! Slogans chanted

At 3:30 AM when the convicts were woken up, they finally came to grips with the reality of their awaiting death.As the clock struck 5.30 AM on Friday, the crowd assembled outside the Tihar Jail burst into celebration and even distributed swe ...

law

Nirbhaya's Mother On March 20 Death Warrant For Rapists

Nirbhaya assault and murder case A 23-year-old paramedic understudy Nirbhaya was assaulted inside a showing transport to six people on December 16, 2012, in Delhi. The unfortunate casualty was seriously attacked and tossed out and about alo ...

law

What To Look

Have you ever been injured due to someone else's carelessness? Have you lost a loved one due to somebody's reckless driving? The pain in such situations can be excruciating enough to break you. But this is just the time you need to be strong ...

law

The Constitution of the United States

The constitution delegates enumerated powers to the national government. For instance, Article one of the United States Constitution spells out 27 powers to Congress. Section 8 of this article provides Congress with among others, the power t ...

law

Chapter 7 Bankruptcy Lawyer: All You Need About Its Process

In legal terms, chapter 7-bankruptcy is extensively acknowledged as a liquidation method bankruptcy process. According to the rule, in chapter 7-bankruptcy, the court authorized trustee has the right to liquidate or sell a considerable porti ...

law

What You Should Know About Freelancing In Dubai?

It also reduces the cost for big companies to hire freelancer rather than employing the specialist. Nevertheless, Top Lawyers of Dubai have witnessed the hesitance in opting for freelancing in Dubai regardless of numerous attractions. Accor ...