cyber times international journal of
TRANSCRIPT
Cyber Times International Journal of
Technology & Management
Vol. 5, Issue 2, April 2012 – September 2012
ISSN: 2278-7518
EDITOR-IN-CHIEF
Dr. Anup Girdhar
EDITORIAL ADVISORY BOARD
Dr. Sushila Madan
Dr. A.K. Saini
Mr. Mukul Girdhar
EXECUTIVE EDITORS
Ms. Kanika Trehan
Mr. Rakesh Laxman Patil
“Cyber Times International Journal of Technology & Management”. All rights reserved. No part
of this journal may be reproduced, republished, stored, or transmitted in any form or by any
means, electronic, mechanical, photocopying, recording, or otherwise, without the prior
permission of the publisher in writing. Any person who does any unauthorized act in relation to
this journal publication may be liable to criminal prosecution and civil claims for damages.
Editorial Office & Administrative Address:
The Editor,
310 Suneja Tower-II,
District Centre, Janak Puri,
New Delhi-110058.
ISSN: 2278-7518
Phone: 011-25595729, +91-9312903095
Website: http://journal.cybertimes.in
Email: [email protected]
Disclaimer: Views and information expressed in the Research Papers or Articles are those of the
respective authors. “Cyber Times International Journal of Technology & Management”, its
Editorial Board, Editor and Publisher (Cyber Times) disclaim the Responsibility and Liability for
any statement of fact or option made by the contributors. The content of the papers are written by
their respective authors. The originality and authenticity of the papers and the explanation of
information and views expressed therein are the sole responsibility of the authors. However,
effort is made to acknowledge source material relied upon or referred to, however; “Cyber Times
International Journal of Technology & Management” does not accept any responsibility for any
unintentional mistakes & errors.
Cyber Times International Journal of Technology & Management, Bi-Annually, Vol.5, Issue 2, has been Published,
Printed and Edited by Dr. Anup Girdhar, on behalf of Cyber Times, at 310 Suneja Tower-II, District Centre, Janak
Puri, New Delhi-110058.
From the Editor’s Desk
At the outset, I take this opportunity to thank all the contributors and readers for making “Cyber
Times – International Journal of Technology & Management” an outstanding success.
The response that we have received from the Researchers, Authors, Academicians, Law-
Enforcement Agencies and Industry Professionals for sending their Research Papers/ Articles for
publication is duly acknowledged across the globe.
We are pleased to present the Volume 5, Issue 2, of “Cyber Times International Journal of
Technology & Management” which include three major categories and sub-categories under
Technology, Management, and Research Articles which are as follows:
Technology
Cloud Computing, Artificial Intelligence, Wireless Networks, Cyber Security and Network
Attacks, Penetration Testing, Cyber Laws, Cyber Crime Investigation, Data Mining, Databases,
Mobile Commerce, Software Testing, etc.
Management
Management Strategies, Human Resources, Business Intelligence, Global Retail Industry,
Business Process Outsourcing, Indian Economy, Performance Management, Risk Management,
International Business.
Research Articles
Atomic Power and Open Source Software.
I am sure that this issue will generate immense interest of Readers in different aspects of
Technology & Management.
We look forward to receive your valuable and future contributions to make this journal a joint
endeavor.
With Warm Regards,
Editor-in-Chief
General Information
� “Cyber Times International Journal of Technology & Management” is published bi-
annually. All editorial and administrative correspondence for publication should be
addressed to The Editor, Cyber Times.
� The Abstracts received for the final publication are screened by the Evaluation
Committee for approval and only the selected Papers/ Abstracts will be published in each
edition. Further information is available in the “Guidelines for paper Submission”
section.
� Annual Subscription details for obtaining the journal are provided separately and the
interested persons may avail the same accordingly after filling the Annual subscription
form.
� This journal is meant for education, reference and learning purposes. The author(s) of this
of the book has/have taken all reasonable care to ensure that the contents of the book do
not violate any existing copyright or other intellectual property rights of any person/
company/ institution in any manner whatsoever. In the event the author(s) has/have been
unable to track any source and if any copyright has been inadvertently infringed, please
notify the publisher in writing for the corrective action.
� Copyright © “Cyber Times International Journal of Technology & Management”. All
rights reserved. No part of this journal may be reproduced, republished, stored, or
transmitted in any form or by any means, electronic, mechanical, photocopying,
recording, or otherwise, without the prior permission of the publisher in writing. Any
person who does any unauthorized act in relation to this journal publication may be liable
to criminal prosecution and civil claims for damages.
� Other Publications:
• Cyber Times Newspaper (English) – RNI No: DELENG/2008/25470
• Cyber Times Newspaper (Hindi) – RNI No. DELHIN/1999/00462
� Printed & Published by: Cyber Times
310 Suneja Tower-II, District Centre,
Janak Puri, New Delhi-110058 �
�
CONTENTS �
SECTION-I
TECHNOLOGY
1. A Comparative Study on Technologies for Secure Transaction in 01
Mobile Commerce Jyoti Batra Arora & Dr. Sushila Madan
2. A survey of coverage on wireless sensor network 15 Poonam, Vikas Verma & Neha Nandra
3. Penetration testing in wireless environment 24Leena Madan & Shalini Bhartiya
4. Penetrating Through the Dark Clouds Of Cyber-Weapons 30 Sadikali Shaikh & Dr. Anup Girdhar
5. Comparative Study of Testing Practices of Accounting Software 36
Developed By Different CMM Level Companies Sonia Gupta, Tripti Mishra & Dr. Prakash Sharma
6. Transition from ipv4 to ipv6 an immediate need for development
of Indian IT Industry 43 Shahnawaz Sarwar & Aiman Zubair
7. Power of police officer and other officer u/s 80 of Information
Technology (amendment) Act 2008 51 Snehal H. Vakilna
8. Architectural View For Improving Performance of Data Mining And OLAP 59 Prakash M. Kene
9. Study of Adaptable Behavior of Intelligent Machines According to The 66
Changes in the Environment & Surrounding in Comparison to Human Sushil Singh Rauthan
10. Biometric Applications For Public Safety: A Brief Survey 69 Rajeev Kumar Chauhan, J. P. Pandey & Bhavesh Kumar Chauhan
11. The Management of Application Security in Cloud Computing 78 Pravin B. Mahadik
12. Cyber Crime And Cyber Law In India 87 Seema Vijay Rane & Pankaj Anil Choudhari
13. Security over Cloud 97 Sakshi Garg
14. Spread Spectrum with Chaotic System Using Colpitts Oscillator 101 Nandini Pathak & Rinkoo Bhatia
15. An Approach to Secure Mobile Agents 108 Pravin Mittal & Anuj Mangal
16. Emergency Hospital Service Provider Through SMS (Mobile) Service 114 Nandita Khazanchi
17. Comparative observations in terms of security measures among Prominent
Database Systems 129 Amit Rana
SECTION-II
MANAGEMENT
18. Quadra-P-Proven Management Framework to implement Business Intelligence
Platform Successfully 137 Aryya Bhattacharyya, Robert Diveley & Abraham George
19. Building a case for Research in work family linkages: Perspectives from 150
Academic and Popular Research Mousumi Padhi & Dr. Snigdha Pattnaik
20. Significant Development in Global Retail Industry with Reference to Economic
Reforms in Asia and Africa 160 Dr. Jagadeesha M
21. The Life of Virtual Humans: The Relationship Between Self-Efficacy,
Depression, Subjective Happiness and Satisfaction with Life 170 Soma Parija & Dr. Asmita Shukla
22. Analyzing Retention Dimensions With Respect To Different Demographic
Profiles of Employees: A Study of BPO Employees in India 181 Dr. Santoshi Sengupta
23. Global Financial Crisis and Its Impact on Indian Economy 192 Gurpreet Kaur
24. A Literature Review Exploring Generational Differences in Values
& Organizational Commitment at Work 201 Abhilasha & Dr. Suman Pathak
25. Performance Management System At Rites Ltd.– Management Of Change 217 Kanupriya Malhotra, Amanpreet Kaur Luthra & Prabhjot Kaur
26. Study of Key Factors Behind Effective HR Practices in IT Companies in
Vidarbha Region, Maharashtra. 229
Nirja C. Upadhye
27. Risk Management: Basel Requirements For Banks 238
Dr. Amneet Kaur
28. Study of Business Entry Process and Experience by Foreign Companies in India 247
Shriram S. Dawkhar
SECTION-III
RESEARCH ARTICLES
29. Atomic Power & Future Of India 256 Dr. Neelam Goyal �Bharat kee Parmanu Saheli)
30. Open Source Software License: Risks & Perils 261 Tushar Kale
SECTION-IV
CASE STUDY
31. Comparison Of Success Factors Of B2C E- Commerce Travel Websites
Based On Step Model 265 Geetanjali Sahi & Dr. Sushila Madan
�
������������ ���� �������������������������������������� �
�������������������� !��"�#�� ����� !�
30
PENETRATING THROUGH
THE DARK CLOUDS
OF
CYBER-WEAPONS
By
Sadikali Shaikh
Certified Security Analyst
Email: [email protected]
Dr. Anup Girdhar
CEO-Founder Sedulity Solutions & Technologies
Email: [email protected]
ABSTRACT
Currently our cyber world is surrounded by dark clouds of
‘cyber-weapons’ in form of malwares. These are the type of
Malwares which are extremely complicated and were never
seen in past 20 years. Many experts say these cyber weapons
have more destructing power than an atom bomb. Many rumors
are flowing on internet regarding the creator of such deadliest
cyber weapons. Iran is the first country who has faced the
thunder & storms of the deadliest cloud of cyber weapons.
Many Iranian govt. offices, Oil industries & Nuclear plants
where destructed with help of these cyber weapons. Iran’s
‘CERT’ team has displayed information regarding the
infectious component of malwares on their website too. Firstly
when these malwares were intercepted, the originating C&C
servers through which these malwares communicated were
unknown & every country pointed out the finger towards
another. In this research we have tried to dig lots of hidden
information which throw lights on various aspects of cyber-
warfare & the cyber weapons used in it. This research throws
light on how to tackle a situation if a country is targeted as an
attack and where to launch the complaint in such situation. The
world need and strict law against such actions and better
security measures when national security of the any country
comes under picture.
Keywords: Cyber Crime, Cyber War, Malware, Stuxnet.
������������ ���� �������������������������������������� �
�������������������� !��"�#�� ����� !�
31
INTRODUCTION
Few months’ back New York Times published an article which revealed how some of the
developed countries were involved in the global cyber war [1]. The below research &
information are gathered from interviews of top developed country officials delivered via
various media and communication channels.
Reuters reported few months back that a computer virus named Flame had infected thousands
of systems in Middle East [2]. This virus has been spreading invisibly, that cleared the
intention that the cyber world is heading towards a cyber-war. The source of virus is still
mysterious. Besides Iran, Kaspersky a Russian multinational computer Security Company
also came across Flame, while going over the ports related to another virus that was invented
in Iran’s internet network.
The Kaspersky researcher found a mysterious malware which was responsible for hacking
into number of users. So they started to look at all suspicious activity in the region and try to
match the signatures with already known viruses. After going through different archive file
they were driven to a different module of application which then turns to be a big threat. That
new module was very professional and not been used for targeted attacks in the region before.
DIGGING THROUGH THE CYBER CLOUDS
CREATION OF THE CYBER WEAPON
The shared scale of Flame destructive capabilities has battle major computer companies
worldwide. This is the first time the world has seen a virus like Flame. In 20yrs no one has
seen a virus as complicated as this one. Flame 20MB (Megabyte) fingerprint shows that it
was designed to all-encompassing tool. It wasn’t design to be a virus only. Most of the
viruses are about 20KB to 30KB, but this virus was much bigger about 100times bigger.
From this we can conclude that Flame was not design and created by ordinary group. A lot of
expertise is behind it and from the signature of the virus we can tell that it took a long time to
make. To do this you need a team of expert and right facilities. It’s unlikely that any entity
will invest so much money in a virus that was only made to do a little damage.
REASONS WHY MALWARE WAS NOT DETECTED FOR SO LONG TIME
Until only few months ago none of the top antivirus companies’ software was able to detect
Flame. Flame would select its victim and choose its root very carefully. It was transferred by
small portable devices like flash memory sticks. It was constantly controlled by C&C servers.
These servers showed which computer it wanted to infect. One of the reasons why it was not
detected for so long time because it attacked very limited numbers of users within specific
geographical area and due to which it did not got into attention of antivirus and security
researcher. Another reason is, Flame actually checks for presence of antivirus software on the
system before executing some serious actions, and if it finds any antivirus or security solution
then it tries to behave more silently and accurately by not executing any executable files. This
is how it escapes from detection of antivirus and heuristic search engine software.
������������ ���� �������������������������������������� �
�������������������� !��"�#�� ����� !�
32
FLAME MALWARE WAS MADE FOR A SPECIFIC TARGET
Statistics and report shows flame main target was Iran [3]. It was detected on Iran systems
185 times, 95 attacks have been reported in occupied Palestine territories. It was found
attacking Iran’s resistant group in Gaza. 32 attacks were reported in Sudan, 29 attacks in
Syria.
HOW THESE MALWARE SPREADS INTO THE SYSTEM
For virus like Flame to work, someone has to plug-in an infected USB flash drive, the carriers
might not even know that he has got a flame virus on his flash which he probably picked up
from the internet [8]. Once this super smart virus finds its target it sets to work. Flame has the
ability to recruit other virus when it needs to. The virus has its specific usage and definition.
Flame is a package that can do many things like you are up against a control panel. With
normal viruses we are dealing with code having certain predetermined function and different
technologies are used to create it. But when it comes to Flame we see a virus which is more
likely to a tool, capable of utilizing other tools to achieve objectives that are constantly
changing. It will adapt itself to any new target or objective its designers give it.
The Flame virus eavesdrops on computer users and steals information in different ways. It
takes screenshots. Turn on computers microphone audio, logs keystrokes and detect
password. Intercept Bluetooth communication with other devices. All this information is then
send to C&C server listed in its coding system. It can cripple more than 100 antivirus
software, antimalware and firewalls.
When it infects the computer it activates Bluetooth system and start searching for other
devices. It can access mobile phones in the vicinity and copy their contact list. It then sends
its information via VPN. The flame virus first infiltrated the computer systems at Iran’s Oil
terminal and then the telecommunication network. Iran’s oil company was force to shut down
the internet connection of all its branches. Damage Flame can cause was considerable and
really hard to define. We cannot put price on the information the flame virus has manage to
steal. That information might be top secret data we don’t know what Flame has taken out
from the Iran. But we can see that the damage Flame did by making the systems inaccessible.
Some of the system Flame infected completely crashed. They cannot be used any more. By
doing this, virus wanted to make its presence known. All information was vital.
Few important statements given by officials regarding this Mysterious Malware
A Kaspersky searcher in his blog said that [4]:
“It’s highly unlikely such a sophisticated piece of malware could have been made by a group
that did not have the backing of a nation.”
The way Flame work shows much bigger entity made it. It wasn’t a small group or
individual. The tools Flame used like Wiper proof of death. It is likely that government was
behind the creation of such tools.
An interesting observation in this regard is of Israel’s Vice Premier Moshe Ya’ alone. In an
interview with Army Radio he hinted that Jerusalem was behind this cyber-attack saying [5]:
������������ ���� �������������������������������������� �
�������������������� !��"�#�� ����� !�
33
“Israel’s is blessed to be a nation possessing superior technology. These achievements of
ours open up all kinds of possibilities for us. Whoever sees the Iranian threat as a serious
threat would be likely to take different steps including these in order to hurt them.”
And as for USA, US Senator John McCain had criticized President Brack Obama few months
back for leaking information about Stuxnet. According to the US Senator [6]:
“Again we see these leaks to the media about ongoing operations, which is incredibly
disturbing. Doesn’t this give some benefit to our adversaries?”
This comment by Senator McCain confirms that Stuxnet virus was Washington’s doing. This
comment has itself promoted reactions across US itself. A committee has been formed to
look into the matter and see whether it was a part of the campaign strategy or these are all
fabricated.
HISTORY OF STUXNET
Flame was not the first computer virus to be used against country like Iran. In 2006 US lead
invasion in Afghanistan, and Iraq waged for it. And no sooner the Stuxnet virus hit Iran.
According to article in New York Times Washington, US was quote up with war against Iran
so it started a cyber-attack against Islamic Republic for the time been. Article explained how
Digame edged President Bush to military attack on Iran. But Washington decided that the
time wasn’t right. Then General James joins forces with Intelligence officials with radical
idea of cyber war against Iran. The US, NSA and Israel 82100 unit came down with complex
computer worm that later came to be known as Stuxnet. In 2010 it accidently became public
due to programming error that allowed it to escape the nuclear plant and spread around the
world.
This Stuxnet worm infected the industrial system been used in Iran nuclear power facilities.
By doing so it manages to do certain pump inside the system which inflated too much and
then explode. That made the industrial system no way a computerize system breakdown.
Stuxnet virus temporarily took out nearly one thousand out of Five thousands centrifuges
from the nuclear plant. Michael Y. Heyden the former CIA chief in an interview to
international media said [7]:
“This is the first attack of a major nature in which a cyber-attack was used to effect physical
destruction.”
The level of destruction stuxnet caused was immense, but the expert says Flame is on a whole
new level.
In stuxnet researcher were looking at a code with a specific objective. It targeted certain
system; send some of the information on that system outside the country. It got some
feedback that instructed to cripple that system. But Flame doesn’t have a specific code. Flame
can help another virus like Stuxnet or any other virus or malware. It can use them as tool to
reach objective.
������������ ���� �������������������������������������� �
�������������������� !��"�#�� ����� !�
34
CAN SUCH ACTIONS BE CONSIDERED ACTS OF WAR OR THEY
ARE JUST CYBER CRIME?
Via computer virus certain entity are causing physical damage to systems of other countries.
This is an act of espionage that violates countries sovereignty and cause millions of dollars of
damage. The cyber war is new concept and has just entered the international narrative. We
have cold war and hot wars now we have cyber wars in virtual world. Real world happen in
physical world and cyber war in virtual world. The real and virtual worlds have been linked.
Many countries have cyber armies. They announce these via media. For example in Russia
the seriousness of cyber war is second to the nuclear war. China has a very equipped cyber
military and so do USA and Israel. So the general attitude towards the whole thing is war
like. The aggressor doesn’t officially announce that he has launched a cyber-attack with
target. The international authority’s strategies hammer out to ensure security in cyberspace
that is drawn up by United Nations to regard any cyber-attack as world crime. A cyber-attack
if done against US soil; Washington does give himself a right to launch a counter attack even
a military attack. But can other countries like Iran counter the cyber-attack by filling the
complaint? Is there any international body that has the power to follow up in such cases?
OPTIONS BEFORE COUNTRIES IF THEY ARE TARGETED IN
CYBER ATTACK
From legal standpoint countries like Iran have many options when it comes to cyber-attack it
has been hit with. The first step might be to take case to the UN Security Council. Article 37
and 36, chapter 7 of UN charter provide this. Any country can prefer such cases to UN
Security Council, especially Iran which has become a victim of cyber-attacks. Depending
upon the severity of attack the council can put down as a threat to peace or violence of
sovereignty.
But other expert say because no major event or tragedy has been cause by cyber wars and
attacks the urgency haven’t been felt to define it or a law as that will punish such acts. Law
expert says this has to happen soon. The destruction cyber war could cause might be far
worse than nuclear war. Imagine if there would be an electricity failure in an airplane or a
banking system becomes a target. So mankind has to form an international organization or
foundation to define cyber warfare, like it has with other types of war. It has to be declared
what is and isn’t allowed. The systems been used to control dams and industries could be
attacked. Two viruses Stuxnet and Flame have created lots of damage. Imagine what will
happen if they get into other systems. The world has to establish an international
organization.
The question is can Iran make a formal complaint against US. The law as which we have now
are for the real world. We don’t have an international justice system to matter related to
cyberspace. Talking for the laws made for the real world lawmakers have to regulate
cyberspace too especially those cyber-crimes that affect the real world.
������������ ���� �������������������������������������� �
�������������������� !��"�#�� ����� !�
35
CONCLUSION
Cyber security is a matter of national security which if violated could do considerable harm.
Because of this certain nations have created new military unit that focuses on countering
cyber-attacks. The big question is would country like Iran be legally justified or will we see
an equal and opposite reaction by cyberspace or military. And the answer is big yes!!!
If someone is attack they have the right to defend themselves, its natural. When someone is
attack and attack claims the life of scientist then there is no reason why shouldn’t they defend
themselves. The root of the problem hasn’t been address by the law yet. But cyber-attacks are
happening so there will be counter attacks.
War has taken many forms down the edge. Getting progressively more intense and
destructive and now new edge has begun the edge of cyber war. Some say that it can do more
damage than atomic bombs. The Stuxnet attack of Nuclear Plant signals the beginning and
then followed the Flame. These were Washington’s first attack outside its own border. And
Iran is the first nation so far that really has to response for such attacks especially when laws
are yet to tackle this new threat heads on. The dimensions and scopes of cyber war are still
not very tangible to its people. The US may be the front runner in these forms of attack but
Washington has very little control and no one knows who will master it.
REFERENCES
[1] New York Times, Newspaper published date: June 1, 2012 by “David E. Sanger”
[2] Reuters, Newspaper published date: May 28, 2012 by “Jim Finkle”
[3] Israel national news, Newspaper published date: May 6, 2012 by “Tzvi Ben Gedalyahu”
[4] Blog link:
http://www.securelist.com/en/analysis/204792254/Kaspersky_Security_Bulletin_2012_M
alware_Evolution,“Flame and Gauss”
[5] DNA, Newspaper published date: May 30, 2012
[6] Israel national news, Newspaper published date: May 6, 2012 by “Elad Benari”
[7] New York Times, Newspaper published date: June 1, 2012 by “David E. Sanger”
[8] Study Material of ‘Certified Cyber Security Professional’ by “Sedulity Solutions &
Technologies” Authored by “Dr. Anup Girdhar”.