cyber times international journal of

Cyber Times International Journal of

Technology & Management

Vol. 5, Issue 2, April 2012 – September 2012

ISSN: 2278-7518

EDITOR-IN-CHIEF

Dr. Anup Girdhar

EDITORIAL ADVISORY BOARD

Dr. Sushila Madan

Dr. A.K. Saini

Mr. Mukul Girdhar

EXECUTIVE EDITORS

Ms. Kanika Trehan

Mr. Rakesh Laxman Patil

“Cyber Times International Journal of Technology & Management”. All rights reserved. No part

of this journal may be reproduced, republished, stored, or transmitted in any form or by any

means, electronic, mechanical, photocopying, recording, or otherwise, without the prior

permission of the publisher in writing. Any person who does any unauthorized act in relation to

this journal publication may be liable to criminal prosecution and civil claims for damages.

Editorial Office & Administrative Address:

The Editor,

310 Suneja Tower-II,

District Centre, Janak Puri,

New Delhi-110058.

ISSN: 2278-7518

Phone: 011-25595729, +91-9312903095

Website: http://journal.cybertimes.in

Email: [email protected]

Disclaimer: Views and information expressed in the Research Papers or Articles are those of the

respective authors. “Cyber Times International Journal of Technology & Management”, its

Editorial Board, Editor and Publisher (Cyber Times) disclaim the Responsibility and Liability for

any statement of fact or option made by the contributors. The content of the papers are written by

their respective authors. The originality and authenticity of the papers and the explanation of

information and views expressed therein are the sole responsibility of the authors. However,

effort is made to acknowledge source material relied upon or referred to, however; “Cyber Times

International Journal of Technology & Management” does not accept any responsibility for any

unintentional mistakes & errors.

Cyber Times International Journal of Technology & Management, Bi-Annually, Vol.5, Issue 2, has been Published,

Printed and Edited by Dr. Anup Girdhar, on behalf of Cyber Times, at 310 Suneja Tower-II, District Centre, Janak

Puri, New Delhi-110058.

From the Editor’s Desk

At the outset, I take this opportunity to thank all the contributors and readers for making “Cyber

Times – International Journal of Technology & Management” an outstanding success.

The response that we have received from the Researchers, Authors, Academicians, Law-

Enforcement Agencies and Industry Professionals for sending their Research Papers/ Articles for

publication is duly acknowledged across the globe.

We are pleased to present the Volume 5, Issue 2, of “Cyber Times International Journal of

Technology & Management” which include three major categories and sub-categories under

Technology, Management, and Research Articles which are as follows:

Technology

Cloud Computing, Artificial Intelligence, Wireless Networks, Cyber Security and Network

Attacks, Penetration Testing, Cyber Laws, Cyber Crime Investigation, Data Mining, Databases,

Mobile Commerce, Software Testing, etc.

Management

Management Strategies, Human Resources, Business Intelligence, Global Retail Industry,

Business Process Outsourcing, Indian Economy, Performance Management, Risk Management,

International Business.

Research Articles

Atomic Power and Open Source Software.

I am sure that this issue will generate immense interest of Readers in different aspects of

Technology & Management.

We look forward to receive your valuable and future contributions to make this journal a joint

endeavor.

With Warm Regards,

Editor-in-Chief

General Information

� “Cyber Times International Journal of Technology & Management” is published bi-

annually. All editorial and administrative correspondence for publication should be

addressed to The Editor, Cyber Times.

� The Abstracts received for the final publication are screened by the Evaluation

Committee for approval and only the selected Papers/ Abstracts will be published in each

edition. Further information is available in the “Guidelines for paper Submission”

section.

� Annual Subscription details for obtaining the journal are provided separately and the

interested persons may avail the same accordingly after filling the Annual subscription

form.

� This journal is meant for education, reference and learning purposes. The author(s) of this

of the book has/have taken all reasonable care to ensure that the contents of the book do

not violate any existing copyright or other intellectual property rights of any person/

company/ institution in any manner whatsoever. In the event the author(s) has/have been

unable to track any source and if any copyright has been inadvertently infringed, please

notify the publisher in writing for the corrective action.

� Copyright © “Cyber Times International Journal of Technology & Management”. All

rights reserved. No part of this journal may be reproduced, republished, stored, or

transmitted in any form or by any means, electronic, mechanical, photocopying,

recording, or otherwise, without the prior permission of the publisher in writing. Any

person who does any unauthorized act in relation to this journal publication may be liable

to criminal prosecution and civil claims for damages.

� Other Publications:

• Cyber Times Newspaper (English) – RNI No: DELENG/2008/25470

• Cyber Times Newspaper (Hindi) – RNI No. DELHIN/1999/00462

� Printed & Published by: Cyber Times

310 Suneja Tower-II, District Centre,

Janak Puri, New Delhi-110058 �

�

CONTENTS �

SECTION-I

TECHNOLOGY

1. A Comparative Study on Technologies for Secure Transaction in 01

Mobile Commerce Jyoti Batra Arora & Dr. Sushila Madan

2. A survey of coverage on wireless sensor network 15 Poonam, Vikas Verma & Neha Nandra

3. Penetration testing in wireless environment 24Leena Madan & Shalini Bhartiya

4. Penetrating Through the Dark Clouds Of Cyber-Weapons 30 Sadikali Shaikh & Dr. Anup Girdhar

5. Comparative Study of Testing Practices of Accounting Software 36

Developed By Different CMM Level Companies Sonia Gupta, Tripti Mishra & Dr. Prakash Sharma

6. Transition from ipv4 to ipv6 an immediate need for development

of Indian IT Industry 43 Shahnawaz Sarwar & Aiman Zubair

7. Power of police officer and other officer u/s 80 of Information

Technology (amendment) Act 2008 51 Snehal H. Vakilna

8. Architectural View For Improving Performance of Data Mining And OLAP 59 Prakash M. Kene

9. Study of Adaptable Behavior of Intelligent Machines According to The 66

Changes in the Environment & Surrounding in Comparison to Human Sushil Singh Rauthan

10. Biometric Applications For Public Safety: A Brief Survey 69 Rajeev Kumar Chauhan, J. P. Pandey & Bhavesh Kumar Chauhan

11. The Management of Application Security in Cloud Computing 78 Pravin B. Mahadik

12. Cyber Crime And Cyber Law In India 87 Seema Vijay Rane & Pankaj Anil Choudhari

13. Security over Cloud 97 Sakshi Garg

14. Spread Spectrum with Chaotic System Using Colpitts Oscillator 101 Nandini Pathak & Rinkoo Bhatia

15. An Approach to Secure Mobile Agents 108 Pravin Mittal & Anuj Mangal

16. Emergency Hospital Service Provider Through SMS (Mobile) Service 114 Nandita Khazanchi

17. Comparative observations in terms of security measures among Prominent

Database Systems 129 Amit Rana

SECTION-II

MANAGEMENT

18. Quadra-P-Proven Management Framework to implement Business Intelligence

Platform Successfully 137 Aryya Bhattacharyya, Robert Diveley & Abraham George

19. Building a case for Research in work family linkages: Perspectives from 150

Academic and Popular Research Mousumi Padhi & Dr. Snigdha Pattnaik

20. Significant Development in Global Retail Industry with Reference to Economic

Reforms in Asia and Africa 160 Dr. Jagadeesha M

21. The Life of Virtual Humans: The Relationship Between Self-Efficacy,

Depression, Subjective Happiness and Satisfaction with Life 170 Soma Parija & Dr. Asmita Shukla

22. Analyzing Retention Dimensions With Respect To Different Demographic

Profiles of Employees: A Study of BPO Employees in India 181 Dr. Santoshi Sengupta

23. Global Financial Crisis and Its Impact on Indian Economy 192 Gurpreet Kaur

24. A Literature Review Exploring Generational Differences in Values

& Organizational Commitment at Work 201 Abhilasha & Dr. Suman Pathak

25. Performance Management System At Rites Ltd.– Management Of Change 217 Kanupriya Malhotra, Amanpreet Kaur Luthra & Prabhjot Kaur

26. Study of Key Factors Behind Effective HR Practices in IT Companies in

Vidarbha Region, Maharashtra. 229

Nirja C. Upadhye

27. Risk Management: Basel Requirements For Banks 238

Dr. Amneet Kaur

28. Study of Business Entry Process and Experience by Foreign Companies in India 247

Shriram S. Dawkhar

SECTION-III

RESEARCH ARTICLES

29. Atomic Power & Future Of India 256 Dr. Neelam Goyal �Bharat kee Parmanu Saheli)

30. Open Source Software License: Risks & Perils 261 Tushar Kale

SECTION-IV

CASE STUDY

31. Comparison Of Success Factors Of B2C E- Commerce Travel Websites

Based On Step Model 265 Geetanjali Sahi & Dr. Sushila Madan

��

�� !��"�#�� !�

30

PENETRATING THROUGH

THE DARK CLOUDS

OF

CYBER-WEAPONS

By

Sadikali Shaikh

Certified Security Analyst


Dr. Anup Girdhar

CEO-Founder Sedulity Solutions & Technologies


ABSTRACT

Currently our cyber world is surrounded by dark clouds of

‘cyber-weapons’ in form of malwares. These are the type of

Malwares which are extremely complicated and were never

seen in past 20 years. Many experts say these cyber weapons

have more destructing power than an atom bomb. Many rumors

are flowing on internet regarding the creator of such deadliest

cyber weapons. Iran is the first country who has faced the

thunder & storms of the deadliest cloud of cyber weapons.

Many Iranian govt. offices, Oil industries & Nuclear plants

where destructed with help of these cyber weapons. Iran’s

‘CERT’ team has displayed information regarding the

infectious component of malwares on their website too. Firstly

when these malwares were intercepted, the originating C&C

servers through which these malwares communicated were

unknown & every country pointed out the finger towards

another. In this research we have tried to dig lots of hidden

information which throw lights on various aspects of cyber-

warfare & the cyber weapons used in it. This research throws

light on how to tackle a situation if a country is targeted as an

attack and where to launch the complaint in such situation. The

world need and strict law against such actions and better

security measures when national security of the any country

comes under picture.

Keywords: Cyber Crime, Cyber War, Malware, Stuxnet.

��

�� !��"�#�� !�

31

INTRODUCTION

Few months’ back New York Times published an article which revealed how some of the

developed countries were involved in the global cyber war [1]. The below research &

information are gathered from interviews of top developed country officials delivered via

various media and communication channels.

Reuters reported few months back that a computer virus named Flame had infected thousands

of systems in Middle East [2]. This virus has been spreading invisibly, that cleared the

intention that the cyber world is heading towards a cyber-war. The source of virus is still

mysterious. Besides Iran, Kaspersky a Russian multinational computer Security Company

also came across Flame, while going over the ports related to another virus that was invented

in Iran’s internet network.

The Kaspersky researcher found a mysterious malware which was responsible for hacking

into number of users. So they started to look at all suspicious activity in the region and try to

match the signatures with already known viruses. After going through different archive file

they were driven to a different module of application which then turns to be a big threat. That

new module was very professional and not been used for targeted attacks in the region before.

DIGGING THROUGH THE CYBER CLOUDS

CREATION OF THE CYBER WEAPON

The shared scale of Flame destructive capabilities has battle major computer companies

worldwide. This is the first time the world has seen a virus like Flame. In 20yrs no one has

seen a virus as complicated as this one. Flame 20MB (Megabyte) fingerprint shows that it

was designed to all-encompassing tool. It wasn’t design to be a virus only. Most of the

viruses are about 20KB to 30KB, but this virus was much bigger about 100times bigger.

From this we can conclude that Flame was not design and created by ordinary group. A lot of

expertise is behind it and from the signature of the virus we can tell that it took a long time to

make. To do this you need a team of expert and right facilities. It’s unlikely that any entity

will invest so much money in a virus that was only made to do a little damage.

REASONS WHY MALWARE WAS NOT DETECTED FOR SO LONG TIME

Until only few months ago none of the top antivirus companies’ software was able to detect

Flame. Flame would select its victim and choose its root very carefully. It was transferred by

small portable devices like flash memory sticks. It was constantly controlled by C&C servers.

These servers showed which computer it wanted to infect. One of the reasons why it was not

detected for so long time because it attacked very limited numbers of users within specific

geographical area and due to which it did not got into attention of antivirus and security

researcher. Another reason is, Flame actually checks for presence of antivirus software on the

system before executing some serious actions, and if it finds any antivirus or security solution

then it tries to behave more silently and accurately by not executing any executable files. This

is how it escapes from detection of antivirus and heuristic search engine software.

��

�� !��"�#�� !�

32

FLAME MALWARE WAS MADE FOR A SPECIFIC TARGET

Statistics and report shows flame main target was Iran [3]. It was detected on Iran systems

185 times, 95 attacks have been reported in occupied Palestine territories. It was found

attacking Iran’s resistant group in Gaza. 32 attacks were reported in Sudan, 29 attacks in

Syria.

HOW THESE MALWARE SPREADS INTO THE SYSTEM

For virus like Flame to work, someone has to plug-in an infected USB flash drive, the carriers

might not even know that he has got a flame virus on his flash which he probably picked up

from the internet [8]. Once this super smart virus finds its target it sets to work. Flame has the

ability to recruit other virus when it needs to. The virus has its specific usage and definition.

Flame is a package that can do many things like you are up against a control panel. With

normal viruses we are dealing with code having certain predetermined function and different

technologies are used to create it. But when it comes to Flame we see a virus which is more

likely to a tool, capable of utilizing other tools to achieve objectives that are constantly

changing. It will adapt itself to any new target or objective its designers give it.

The Flame virus eavesdrops on computer users and steals information in different ways. It

takes screenshots. Turn on computers microphone audio, logs keystrokes and detect

password. Intercept Bluetooth communication with other devices. All this information is then

send to C&C server listed in its coding system. It can cripple more than 100 antivirus

software, antimalware and firewalls.

When it infects the computer it activates Bluetooth system and start searching for other

devices. It can access mobile phones in the vicinity and copy their contact list. It then sends

its information via VPN. The flame virus first infiltrated the computer systems at Iran’s Oil

terminal and then the telecommunication network. Iran’s oil company was force to shut down

the internet connection of all its branches. Damage Flame can cause was considerable and

really hard to define. We cannot put price on the information the flame virus has manage to

steal. That information might be top secret data we don’t know what Flame has taken out

from the Iran. But we can see that the damage Flame did by making the systems inaccessible.

Some of the system Flame infected completely crashed. They cannot be used any more. By

doing this, virus wanted to make its presence known. All information was vital.

Few important statements given by officials regarding this Mysterious Malware

A Kaspersky searcher in his blog said that [4]:

“It’s highly unlikely such a sophisticated piece of malware could have been made by a group

that did not have the backing of a nation.”

The way Flame work shows much bigger entity made it. It wasn’t a small group or

individual. The tools Flame used like Wiper proof of death. It is likely that government was

behind the creation of such tools.

An interesting observation in this regard is of Israel’s Vice Premier Moshe Ya’ alone. In an

interview with Army Radio he hinted that Jerusalem was behind this cyber-attack saying [5]:

��

�� !��"�#�� !�

33

“Israel’s is blessed to be a nation possessing superior technology. These achievements of

ours open up all kinds of possibilities for us. Whoever sees the Iranian threat as a serious

threat would be likely to take different steps including these in order to hurt them.”

And as for USA, US Senator John McCain had criticized President Brack Obama few months

back for leaking information about Stuxnet. According to the US Senator [6]:

“Again we see these leaks to the media about ongoing operations, which is incredibly

disturbing. Doesn’t this give some benefit to our adversaries?”

This comment by Senator McCain confirms that Stuxnet virus was Washington’s doing. This

comment has itself promoted reactions across US itself. A committee has been formed to

look into the matter and see whether it was a part of the campaign strategy or these are all

fabricated.

HISTORY OF STUXNET

Flame was not the first computer virus to be used against country like Iran. In 2006 US lead

invasion in Afghanistan, and Iraq waged for it. And no sooner the Stuxnet virus hit Iran.

According to article in New York Times Washington, US was quote up with war against Iran

so it started a cyber-attack against Islamic Republic for the time been. Article explained how

Digame edged President Bush to military attack on Iran. But Washington decided that the

time wasn’t right. Then General James joins forces with Intelligence officials with radical

idea of cyber war against Iran. The US, NSA and Israel 82100 unit came down with complex

computer worm that later came to be known as Stuxnet. In 2010 it accidently became public

due to programming error that allowed it to escape the nuclear plant and spread around the

world.

This Stuxnet worm infected the industrial system been used in Iran nuclear power facilities.

By doing so it manages to do certain pump inside the system which inflated too much and

then explode. That made the industrial system no way a computerize system breakdown.

Stuxnet virus temporarily took out nearly one thousand out of Five thousands centrifuges

from the nuclear plant. Michael Y. Heyden the former CIA chief in an interview to

international media said [7]:

“This is the first attack of a major nature in which a cyber-attack was used to effect physical

destruction.”

The level of destruction stuxnet caused was immense, but the expert says Flame is on a whole

new level.

In stuxnet researcher were looking at a code with a specific objective. It targeted certain

system; send some of the information on that system outside the country. It got some

feedback that instructed to cripple that system. But Flame doesn’t have a specific code. Flame

can help another virus like Stuxnet or any other virus or malware. It can use them as tool to

reach objective.

��

�� !��"�#�� !�

34

CAN SUCH ACTIONS BE CONSIDERED ACTS OF WAR OR THEY

ARE JUST CYBER CRIME?

Via computer virus certain entity are causing physical damage to systems of other countries.

This is an act of espionage that violates countries sovereignty and cause millions of dollars of

damage. The cyber war is new concept and has just entered the international narrative. We

have cold war and hot wars now we have cyber wars in virtual world. Real world happen in

physical world and cyber war in virtual world. The real and virtual worlds have been linked.

Many countries have cyber armies. They announce these via media. For example in Russia

the seriousness of cyber war is second to the nuclear war. China has a very equipped cyber

military and so do USA and Israel. So the general attitude towards the whole thing is war

like. The aggressor doesn’t officially announce that he has launched a cyber-attack with

target. The international authority’s strategies hammer out to ensure security in cyberspace

that is drawn up by United Nations to regard any cyber-attack as world crime. A cyber-attack

if done against US soil; Washington does give himself a right to launch a counter attack even

a military attack. But can other countries like Iran counter the cyber-attack by filling the

complaint? Is there any international body that has the power to follow up in such cases?

OPTIONS BEFORE COUNTRIES IF THEY ARE TARGETED IN

CYBER ATTACK

From legal standpoint countries like Iran have many options when it comes to cyber-attack it

has been hit with. The first step might be to take case to the UN Security Council. Article 37

and 36, chapter 7 of UN charter provide this. Any country can prefer such cases to UN

Security Council, especially Iran which has become a victim of cyber-attacks. Depending

upon the severity of attack the council can put down as a threat to peace or violence of

sovereignty.

But other expert say because no major event or tragedy has been cause by cyber wars and

attacks the urgency haven’t been felt to define it or a law as that will punish such acts. Law

expert says this has to happen soon. The destruction cyber war could cause might be far

worse than nuclear war. Imagine if there would be an electricity failure in an airplane or a

banking system becomes a target. So mankind has to form an international organization or

foundation to define cyber warfare, like it has with other types of war. It has to be declared

what is and isn’t allowed. The systems been used to control dams and industries could be

attacked. Two viruses Stuxnet and Flame have created lots of damage. Imagine what will

happen if they get into other systems. The world has to establish an international

organization.

The question is can Iran make a formal complaint against US. The law as which we have now

are for the real world. We don’t have an international justice system to matter related to

cyberspace. Talking for the laws made for the real world lawmakers have to regulate

cyberspace too especially those cyber-crimes that affect the real world.

��

�� !��"�#�� !�

35

CONCLUSION

Cyber security is a matter of national security which if violated could do considerable harm.

Because of this certain nations have created new military unit that focuses on countering

cyber-attacks. The big question is would country like Iran be legally justified or will we see

an equal and opposite reaction by cyberspace or military. And the answer is big yes!!!

If someone is attack they have the right to defend themselves, its natural. When someone is

attack and attack claims the life of scientist then there is no reason why shouldn’t they defend

themselves. The root of the problem hasn’t been address by the law yet. But cyber-attacks are

happening so there will be counter attacks.

War has taken many forms down the edge. Getting progressively more intense and

destructive and now new edge has begun the edge of cyber war. Some say that it can do more

damage than atomic bombs. The Stuxnet attack of Nuclear Plant signals the beginning and

then followed the Flame. These were Washington’s first attack outside its own border. And

Iran is the first nation so far that really has to response for such attacks especially when laws

are yet to tackle this new threat heads on. The dimensions and scopes of cyber war are still

not very tangible to its people. The US may be the front runner in these forms of attack but

Washington has very little control and no one knows who will master it.

REFERENCES

[1] New York Times, Newspaper published date: June 1, 2012 by “David E. Sanger”

[2] Reuters, Newspaper published date: May 28, 2012 by “Jim Finkle”

[3] Israel national news, Newspaper published date: May 6, 2012 by “Tzvi Ben Gedalyahu”

[4] Blog link:

http://www.securelist.com/en/analysis/204792254/Kaspersky_Security_Bulletin_2012_M

alware_Evolution,“Flame and Gauss”

[5] DNA, Newspaper published date: May 30, 2012

[6] Israel national news, Newspaper published date: May 6, 2012 by “Elad Benari”

[7] New York Times, Newspaper published date: June 1, 2012 by “David E. Sanger”

[8] Study Material of ‘Certified Cyber Security Professional’ by “Sedulity Solutions &

Technologies” Authored by “Dr. Anup Girdhar”.

cyber times international journal of

Documents