The Indian government has itself been the victim of three such social engineering attacks, all from China. The most recent was LuckyCat, which targeted Indian and Japanese government computers beginning June 2011. In all, it hit 233 computers.

“Earlier, hackers targeted servers, so organisations set up firewalls,” says Dhruv Soi, Director of Torrid Networks. “So, hackers are now targeting employees.” Soi – and every cyber security expert BT spoke to – considers social engineering the biggest threat to a company’s data.

Read More…

Applying an SSL certificate to make the website work upon the HTTPS protocol doesn’t provide any protection to the web application because HTTPS merely secures the communication channel so that an intruder can’t read any data traveling between the visitor’s Internet browser and the website. Similarly, the network firewall protects the server on which the website is hosted from external threats and doesn’t provide any kind of security to the website.

PCQuest magazine in its current edition features an article from Torrid Networks on “10 ways to secure your website”.

Read More…

Profile:
Application Security Consultant

Role & Responsibilities:
1.    Perform Threat Modeling against mission critical business applications
2.    Conduct manual security code review for Java/J2EE/Struts based applications
3.    Provide application security consulting to developers, software architects and DBAs
4.    Managing application security risk metrics across the organization and publishing dashboards for management reporting
5.    Participate in developing application security strategic and tactical plans for the organization

Skills:
1.    Sound knowledge of Java/J2EE/Struts platform from both development and security code review aspects
2.    Experience in Threat Modeling and architecture review of enterprise applications
3.    Out-of-the box application security expertise, OWASP Top 10 and much beyond
4.    Excellent communication and presentation skills

Location:
Delhi NCR

Experience:
5-10 years of experience with Die-hard passion for application security.

Preference:
1.    J2EE Developer turned application security expert will be preferred

Note: This profile is not for penetration testers or black box testing experts.

To know more on what do we do, day in and day out, please visit our website: www.torridnetworks.com

Submit your updated resume at the earliest to careers@torridnetworks.com

The Problem

Torrid Networks started off with a routine SMTP tests to check if the server was open relay, missing spoofing protection or SMTP vulnerabilities. Things were well in place and server was configured pretty neat. Next step was to check the effectiveness of anti-spam solution, which was tested by submitting recent spam samples and were caught by the anti-spam engine. We quickly arrived at a conclusion that there weren’t any configuration issues neither with Mail Transport Agent (MTA) nor with the underlying spam engine.

As obvious, the investigation went towards the log analysis of the mail server and the problem was caught within few minutes. Emails were being sent using authentic mail accounts to external users from outside IP addresses. It was clearly indicating a compromise of email passwords to launch spam from customer’s email server. Our team checked with the customer on the compromised email accounts and customer agreed on carrying default password for newly created mailboxes. Moreover, it was an open source solution based email server without any mechanism in the email server to expire the passwords or to only allow enforcement of complex passwords. In the first step, customer was advised to change the passwords for all the users whose accounts were being abused by the spammers.

Problem deepened when the investigation team found the repeating pattern of the problem and another set of mailboxes got abused in the same way as previously. Logs were picked up once again to drill it to the bottom and the second round of the analysis wasn’t a surprise, it was a brute force attack against the mail server to guess the credentials and send bulk emails after successful compromise.

The Solution

It was time to work on brute force protection against mailboxes in the server utilizing the limited resources available with the customer. Mail server software being used was postfix and it by default creates a log file for every successful and failed login attempt at /var/log/maillog in the Linux server. Analysis suggested that the brute force attack was coming from distributed IP addresses and IP ranges so it was hard to identify which IP address or range to block. Fail2ban software, a free and open source software, was identified to protect the server from brute force attacks. It checks for the failed attempts in the log files using its inbuilt database of regular expressions and creates a TCPWrapper or iptables rule to block the source IP address. Fail2ban rules were enabled to block IP addresses brute forcing for email passwords or SSH passwords with a threshold of 2 failed attempts and limit of 10hrs to keep the IP blocked.

In couple of hours it was a long list of blocked IP addresses and everything looked perfect with SPAM reduced to almost zero. However, the server was still under the close observation. After a day or so, investigation team realized that the attack was targeted one and attackers were changing the strategy to counter every protection our team was suggesting to the customer. It was revealed during the third round of investigation that now the spammers were making only single attempt from one IP address bypassing the fail2ban rule to block an IP after 2 failed attempts and moreover the IP addresses were changing rapidly as opposed to the previous round of investigation. We couldn’t suggest to block the IP after single attempt because that way even legit users could get blocked leading to Denial of Services (DoS).

We started figuring out the patterns of the IP addresses which we thought of skipping by relying simply on fail2ban just to get a clue on which way to proceed with. Team analyzed nearly 100 IP addresses from where the brute force was being attempted. All those IP addresses were found to be Chinese IP addresses. Customer was using CISCO firewall but it was outsourced to external party for management and wanted us to derive a solution on the server itself rather coordinating with firewall management team to block Chinese IP addresses.

Torrid Networks’ team quickly gathered chinese IP address ranges from the public but authentic sources and prepared a list for iptables rules. SPAM came to halt by using the combination of denying all the Chinese ranges and implementing fail2ban rules. Customer is also recommended to update the mailing solution to the latest version to enforce password policies.

Click here to download the list of Chinese IP ranges used.

The Bangladeshi hackers said their action was in response to the alleged killings by BSF on the border between the two countries. The Bangladeshi hackers group identifying itself as Black HAT Hackers claimed to have hacked thousands of Indian websites in retaliation to the cyber attacks by the Indian Cyber Army and Indishell which have hacked over 400 Bangladeshi websites. The Black HAT Hackers also claimed to have opposition to the Tapaimukh Dam.

Cyber security expert and Director at Torrid Networks, Dhruv Soi said, “With Bangladeshi hackers joining the cyber offensives against India, the Government of India must adopt better mechanisms to safeguard cyber space.” On the side note Soi adds, Government of India needs to work with professional and niche ethical hacking companies. Without claiming any promotion here, our company has proven its mettle to many critical government departments. Be it safeguarding Common Wealth Games website where international hacking groups sweared to hack it, or its a routine web application security. Whatsoever government departments we have worked with so far, we did a commendable job which is lauded by the management of those departments, resulting in business references for us.

On the contrary of this, most of the government departments are engaged with lowest-bid counters and the results comes quick, not so pleasant otherwise. Indian government needs to think a step ahead to fight the cyber criminal and convert its low-bid approach to high-tech deliverable, else the government online systems will always be seen as victim of this never ending cycle.

Read More…

Status:

Closed

Profile:
Information Security Analyst

Role & Responsibilities:
1. To conduct network and application penetration testing for clients
2. Conduct architecture reviews of networks and design/code review of applications
3. Participate in ongoing information security research activities and publish white papers

Skills:
1. Good programing knowledge of atleast one programming language
2. Good communication skills
3. Knowledge of ethical hacking, tools and techniques, CEH is preferred

Experience:
1-3years. We are biased on high passion for ethical hacking than experience or certifications. You bring passion, we will develop the skills!

For more information, visit us at www.torridnetworks.com. Post your resume to careers@torridnetworks.com

Experts claim that the volume of such attacks increases on Independence Day and Republic Day. “The message posted by hackers from both countries carry a tone of jingoism and hatred. Now, hackers have started expressing their rage on 7/11 and 26/11 too,” said Dhruv Soi, a cyber crime expert and Director at Torrid Networks to MidDay news.

Meanwhile, cyber crime experts believe that the government should use such skilled resources to work for the nation. “The government should use the hackers the way China does. However, I think we are not yet ready to change the cyber security approach from sleeping mode to aggressive mode,” Soi added.

Read More…

The Pakistan Cyber Army, an unidentified group of Pakistani hackers, has announced that they will avenge the latest attack on as many as 30 Pakistan Government websites by Indian hackers.

Cyber security expert and Director at Torrid Networks Dhruv Soi says, “Cyber attacks between the two countries are getting more frequent than before and now we observe such attacks almost on daily basis. Cyber attacks will never die on the internet, and systems should be fully secured to handle it.”

Read More…

Torrid Networks, a global leader in application security consulting marked it as a minor incident in comparison to recent espionage operations carried out across the border. “I would say in comparison to the cyber attacks on Indian security and intelligence installations in the last two years, the defacement of Sonia Gandhi’s profile is a minor incident, but it still shows how vulnerable the Indian cyber space is,” said Dhruv Soi, a cyber security expert and director of Torrid Networks, which specialises in information security.

Read More…

The National Technical Research Organisation (NTRO) has entered into a Memorandum of Understanding (MoU) with the Mumbai-based NSD that was launched on 26/11 this year for cooperation in the cyber security domian.

Cyber security expert and Director of Torrid Networks, Dhruv Soi told The Pioneer, “It is good that a national database of cyber security experts and ethical hackers is being developed. This, coupled with organisation of conferences on cyber security, will help in overcoming the challenge of finding talent in the cyber security domain, especially in times of crisis situation.”

Elaborating further, Soi said security and IT professionals present the latest research papers during such conferences and participants can analyse the emerging threats and correspondingly take counter measures.

Read More…