British airways: How was it hacked?

British airways has warned customers that about 3 lakh 80 thousand card payments on its website and app were compromised. According to BA, the breach relates to bookings made between 10:58 pm on 21st August 2018 and 9:45pm on 5th September.

If you have booked a ticket during the above period of breach, British Airways said it is in the process of contacting all effected customers and advising them to contact their bank or card provider and follow their advice. Accordingly to British Airways the incident has been resolved and all systems are working normally.

Though British Airways has not revealed any technical details about this breach, but security experts do have some suggestions on possible methods used.

Personal information including name, email addresses, credit card details, which include credit card number, expiry date and the three digits CVV code where stolen by the hacker. But how could this be possible?

Since the CVV code was stolen, it can be deduced that the breach could have happened at the point of entry, since CVV codes are not meant to be stored by companies and are only used during verification of a transaction. One of a possible way in which this could have been done is by using a script on the website which managed to intercept all the above data.

Websites have been increasingly embedding code from third party suppliers to run payment authorization, for authentication, chat, placing ad etc, it could be possible that one of these scripts, which had access to the above data could be vulnerable or compromised. It could also be possible that an insider, who had access to the system, may have tampered with the website and placed the malicious code.

The real reason of compromise will only be known once British Airways reveals the details. Such details could help other enterprises to re-audit their security and improve it.

GajShield Security team will keep you updated with the latest details on the British Airways breach and also guide on how enterprises can improve their security to prevent such breaches.

Read More

Cyber security risks to watch out for before streaming FIFA 2018 matches!


With the start of FIFA World Cup on June 14, many fans around the world are already looking for streaming websites to watch the action in live! Seldom do they understand the risks that come with it. Today we, at GajShield decode different security risks that many fans will be exposed to, when looking for streaming sites where they can watch the matches taking place at Russia 2018.

Several websites that fans may click on to, for streaming are illegal with pirated content and many others are used by cybercriminals to compromise on user’s devices and personal information. These scams go beyond invasive advertisements which by the way, these webpages are populated with! These campaigns are spread by email to compromise user’s devices. Various malicious campaigns are designed to take advantage of the anxiety of many soccer fans around the world who are looking for various ways to view matches and when caught up in World Cup fever, they become more exposed to risks as their desire to watch the matches easily overtakes their common sense.

Annoying advertisements : Annoying Advertisements appear in plenty on such websites. Clicking on such ads can prompt a direct download of unwanted, malicious software into the browser which may spy on your activities, or could even take you through to pages that still look like livestreaming services but instead, download malware onto your computer.

Botnets: Botnets, though may go undetected, but are found at large on such streaming websites. Botnets are a collection of software robots, or bots, that can create an army of infected computers which are also known as zombies and are remotely controlled by the originator. Botnets can send spam emails with viruses attached, they spread all types of malware and use your computer as part of a denial of service attack against other systems without even you knowing about it!

Wi-Fi Eavesdropping

WiFi eavesdropping is another dangerous method used by many cyber criminals to capture personal information. WiFi eavesdropping involves virtual “listening in” of your personal information that is shared over an unsecure WiFi network that is not encrypted. This method can potentially access your computer with the right equipment and easily steal your personal information including logins and passwords.


Worms are a very common threat to the Internet and computers worldwide. A worm, unlike a virus, goes to work on its own without attaching itself to files or programs. It lives in your computer memory, it does not damage or change the hard drive and it can easily propagate by sending itself to other computers in a network, within the company or the Internet itself.

These Worms can cause a tremendous amount of damage by shutting down parts of the Internet, thereby wreaking havoc on an internal network and costing companies enormous amounts of lost revenue.

Miners on Streaming sites

You can also find various websites whose main purpose isn’t streaming matches but mining crypto currency This is a growing phenomenon where sports and movie streaming sites have been used with increasing frequency.

While these are just few of the many threats to your personal information, and devices when watching a simple soccer match, we strongly advise you to stay protected with a security solution to avoid the threats to take better advantage of you.

Stay secured with GajShield.

Everything you need to know about VPNFilter Malware


VPNFilter Malware

It has been just reported that a dangerous malware called VPNFilter is targeting increasing number of makes and models of devices, with its additional capabilities like secretly injecting malicious content over web traffic through an infected router. This capability, called SSLER lets VPNFilter stage a kind of man in the middle attack, with an aim to spy on victims to steal sensitive data. Using this capability, SSLer allows the actor in delivering exploits to endpoints.

It has been found out that this malware is continuously targeting more makes and models of devices. With its additional and increased capabilities, exploits can now be delivered to end points and reboots can be overridden.


VPN Filter is a sophisticated malware which uses known vulnerabilities to infect routers made by Linksys, MikroTik, Netgear, QNAP and TP-Link. Once installed, the malware uses a central infrastructure to install specialized plug-ins on the router. One plug-in allows hackers to listen to their victims’ Internet traffic to steal their Web identifiers; another one targets a protocol used in industrial control networks, such as in the power grid. A third plug-in allows attackers to paralyze any or all infected hardware. Together, all of the infected units in dozens of countries make up a 500,000-router strong botnet.

Effect of VPNFilter malware

This dangerous VPNFilter malware can actually infect over 70 different device models and atleast 500,000 broadband and wireless routers across the globe have already been infected so far. In addition to products from Asus, D Link and Huawei, this malware is now targeting more models from Netgear and MicroTik . The growing spread of this malware has given rise to concerns across the world.

Known infected devices

Asus: RT-AC66U, RT-N10, RT-N10E, RT-N10U, RT-N56U, and RT-N66U.

D-Link: DES-1210-08P, DIR-300, DIR-300A, DSR-250N, DSR-500N, DSR-1000, and DSR-1000N.

Huawei: HG8245.

Linksys: E1200, E2500, E3000 E3200, E4200, RV082, and WRVS4400N.

Mikrotik: CCR1009, CCR1016, CCR1036, CCR1072, CRS109, CRS112, CRS125, RB411, RB450, RB750, RB911, RB921, RB941, RB951, RB952, RB960, RB962, RB1100, RB1200, RB2011, RB3011, RB Groove, RB Omnitik, and STX5.

Netgear: DG834, DGN1000, DGN2200, DGN3500, FVS318N, MBRN3000, R6400, R7000, R8000, WNR1000, WNR2000, WNR2200, WNR4000, WNDR3700, WNDR4000, WNDR4300, WNDR4300-TN, and UTM50.

QNAP: TS251, TS439 Pro, and other QNAP NAS devices running QTS software.

TP-Link: R600VPN, TL-WR741ND, and TL-WR841N.

Ubiquiti: NSM2 and PBE M5.


Solution for VPNFilter attack

What makes VPNFilter all the way nastier is the fact that it is extremely difficult to delete. While rebooting your router can temporarily remove the router bricking and spying functions of the malware, however, not all of the malicious code can be taken care of as many of these routers are built with weak default passwords or they contain software bugs that remain unpatched. In order to fully clear it, you'll have to initiate a hard reset, which will restore the router's factory settings.

Kindly note that firmware upgrades from most router manufactures against this malware are now available and it is recommended to upgrade your router firmware on priority to avoid this vulnerability to affect your security.

GDPR and India: Where do Indian data protection laws stand?

data protection

Privacy of an individual and an organisation is a fundamental right that protects his inner sphere. With the massive data breach by Facebook, the far from over concern about data protection is back in limelight. While there are many questions raised about the fundamental rights of privacy, data protection, etc. can we say its high time we need our own data protection laws and regulations to be established?

The Europeans have devised a data regulation model, GDPR (General Data Protection and Regulation) that aims at harmonizing the data privacy laws in Europe to protect and empower all European citizens’ data privacy. India being a developing nation, we believe has a great opportunity to research, innovate and come up with a new regulatory framework. We do not necessarily have to implement an outdated model to govern data privacy by replicating the laws of other nations but devise policies that are relatable to our nation as a whole.

What GDPR exactly is?
GDPR is a complex data regulatory framework with a huge number of restrictions on processing of data and information. It aims at reshaping the way organisations across Europe approach data privacy. GDPR’s underlying principles stem from the German constitutional court that had created a right to informational self determination in the year 1983.

The primary aim of GDPR is to reshape the way organisations approach data privacy. GDPR applies to all the companies processing and holding personal data of subjects residing in European Union and non compliance on GDPR will levy you 4% fine on your annual turnover.

While Europe has devised a clean regulation term for governance of data protection with GDPR, should India be the next one in line?

Current state of laws with respect to cybersecurity in India
While data protection laws in India are loosely constructed, Information Technology Amended Act, 2008 (ITAA) under Sections 43-A and 72A of the Act. Compensation for failure to protect data (Section 43-A) as an amendment in 2008, which states the liability of a body corporate to compensate in case of negligence in maintaining and securing the “sensitive data.” However, the Act fails to define “sensitive data” and states the same as “personal information as may be prescribed by the Central government.”

Clearly, the data protection laws in India are poorly drafted and application of the same can raise serious questions taking into consideration the current turn of events.

While breach of data privacy is considered to be a serious offence and is punishable under Section 72-A (introduced by an amendment in 2008), which penalises the offender for a three year imprisonment or a maximum fine of Rs 5 lakh, The laws certainly seem to be very vague about personal information and data.

Though a latest draft was introduced in Rajya Sabha in 2014 providing a small definition of “personal information” and vaguely explains the role of a Data Controller, the bill also fails to underline the issue relating to outsourced data and the liabilities of companies outsourcing and hosting the data.

While it is imperative to protect an individual’s privacy and data, we also need to take into consideration that while fundamental rights of an individual may be universal, but the way they are enforced should be different and adaptive as per different jurisdictions. The regulations drafted in India for data protection and privacy should conform to the problems that we, Indians face in our organisations and personal lives and try to devise a solution for the same.

Privacy and protection of an individual’s data is and should be the top priority of the governing bodies and it is high time that we devised regulatory rules for the same. That being said, it is extremely imperative to revise the current state of data protection and privacy laws in India to safeguard personal information and data in a rightful manner. Stronger data protection and governance laws are the need of the hour.

Is your privacy secured on facebook?

fb breach

Around 2.2 billion of people around the world actively use facebook to connect with their friends, family, and to socialize, which means 2.2 billion people around the world showcase their lives on this giant social media platform. Facebook authorities say, with such a large number of people, they ensure that the users’ data is always safe guarded through the terms and conditions described in their Privacy Policy.

But with the recent events that are happening, a shocking news has come into light. The Internet is on fire with outrage right now about the alleged data breach that has impacted the private information of more than 50 million individuals.

This furor is based on the alleged data breach carried out through the company, Cambridge Analytics that worked with Donald Trump’s election team which harvested millions of profiles of US voters. This has been one of the biggest alleged data breaches and has left a huge concern of privacy protection on everyone’s mind around the world. This supposed breach was carried out through an application on facebook called “thisisyourdigitallife”. Through this company, in collaboration with Cambridge Analytics, hundreds and thousands of users were paid to take a personality test and agreed to have their data collected for academic purposes through “app permissions” However, the app also collected the information of the test-takers’ Facebook friends, leading to the accumulation of a data pool tens of millions-strong. Facebook’s “platform policy” allowed only collection of friends’ data to improve user experience in the app and barred it being sold on or used for advertising. The discovery of the unprecedented data harvesting, and the use to which it was put, raises urgent new questions about Facebook’s role in targeting voters in the US presidential election but moreover about protecting an individual’s data and privacy.

With the security and privacy of over 50 million users been compromised, serious questions have been raised about how much can we trust facebook on safeguarding our privacy as a social networking platform. While Cambridge Analytica and Facebook are one focus of an inquiry into data and politics by the British Information Commissioner’s Office. Separately, the Electoral Commission is also investigating what role Cambridge Analytica played in the EU referendum.

How to secure your personal information on social media?

Here are some steps that you can take to safeguard your social media presence to avoid being a victim of any kind of data breach, it’s better to be safe than sorry.

  1. Though facebook has inbuilt security options, they can often be confusing and hard to find. One easy way to find them is by going to the Help Center.

  2. Note the best security practices as specified in the Help Center on Facebook. Where facebook points you in the direction of changing your security settings for the better.

  3. Understand the privacy settings completely. From there you can edit a number of your security settings, including contact information and applications.

  4. It is a violation of Facebook’s terms of services to use a fake name on an account, there is always the possibility that people you don’t want to find you will. You can block such people from your facebook profile. You can also report the sender to Facebook.

  5. Keep a check on authorised applications to revoke access from any third party application that uses your information but you don’t use that particular app anymore. These applications could be games or tests like “What would you look like in future” or “Which celebrity you resemble”

  6. Avoid giving permissions to third party applications to post on your behalf or access your personal information as this can be quite risky.

As with any social networking site and the Web in general, much of your information is out there for public consumption. It’s up to you and only you to use the tools provided by Facebook to protect yourself. The simplest rule of all is: If you don’t want others to know about it, don’t post it.