Spyware developer charged by Australian Police after 14,500 sales
PLUS: India open to space tourism; China/Indonesia infosec pact; Paytm denies breach; Infosys dodges government again; and more
Asia In Brief Australia's federal police (AFP) on Friday charged a man with creating and profiting from spyware that allowed total remote control of victims' computers.
The AFP alleges the man wrote the spyware when he was 15 and in the nine years since has sold it to more than 14,500 individuals across 128 countries.
The spyware, named Imminent Monitor, was popular among domestic violence perpetrators and other criminals. It controlled webcams and microphones on devices and logged keystrokes.
The AFP detected and shut down the software in 2019 – but not before the man charged over its creation and sale netted between AU$300,000 and AU$400,000 ($210,000 to $280,000) from the software.
The AFP identified 201 individuals in Australia who bought the software. Of those who did so, 12.4 percent are named as respondents on domestic violence orders, and one is named on the Child Sex Offender Register. -
– Simon Sharwood
India open to sharing its space tech for tourism
India's Department of Space is open to adapting the nation's crewed spaceflight tech for orbital tourism.
In an answer to a parliamentary question on notice released last week, minister for space Dr Jitendra Singh noted the nation has no laws, nor plans to make laws, concerning space tourism in the country. But Singh also pointed out that India's Space Research Organisation (ISRO) is developing technology with applications for human rated launch vehicles, orbital modules, life support systems, crew escape systems, human-centric product, and crew recovery – which could act as "building blocks" for space tourism.
The above-mentioned tech is being developed for India's Gagaanyaan mission, which aims to send three astronauts into low Earth orbit for a week to conduct microgravity experiments. If successful, it will become India's first crewed spacecraft.
But while Gagaanyaan won't lift off until 2024 or later, private startups in the space industry are already operating in India. Singh said 15 start-ups are working in the domain of satellite services and the country is building a database of private activities in the space sector. "Greater participation of non-government entities is envisaged in carrying out end-to-end activities," said the department.
Half of Australians abused online, a quarter of Aussies do the abusing
Half of Australians have been subjected to technology-facilitated abuse (TFA), and a quarter of them perpetrate it, according to a study released last week by the National Research Organisation for Women's Safety (ANROW). The Organisation defines such abuse as including "harassing behaviours, sexual violence and image-based sexual abuse, monitoring and controlling behaviours, and emotional abuse and threats."
The report, titled Technology-facilitated abuse: National survey of Australian adults' experiences [PDF], used a sample of 4,562 subjects and found that approximately one in three TFA victimization experiences occurred "in a current or former intimate partner relationship." Australians with a disability, the LGBTQ+ community, and indigenous Australians were more likely to have experienced TFA than other groups. "TFA victimization was associated with higher levels of psychological distress, consistent with moderately severe mental ill-health," the report states. ANROWS said the study is the first of its kind in Australia, and therefore provides a basis for future studies and development of policy to address the issue.
– Simon Sharwood
Infosys again skips meeting about controversial non-compete clause
Infosys CEO Salil Parekh said the company is working with respective authorities regarding concerns over its staff non-compete clause, despite failing to show up at three meetings with the Labour Ministry in New Delhi and one with the Government of Karnataka Labour Department since April. "Our HR leadership, the leadership from the company, are working very closely with the respective authorities both locally and centrally," said Parekh in the company's Q1F23 press conference on July 24. He added that the purpose of the clause is to protect client confidentiality.
"We have no constraints within the company which precludes anyone from choosing what they want to do and we've had extensive discussions and meetings with the appropriate authorities," said the CEO.
Labor rights organization Nascent Information Technology Employees Senate (NITES) told The Register Parekh's comments were "misleading."
"The company's representatives are using dilatory tactics to avoid attending the meetings held at Labour Commissioner Offices in Delhi and Bengaluru," said NITES president Harpreet Singh Saluja.
According to Saluja, Parekh's argument is flawed as confidentiality is already covered in a separate clause and therefore a non-compete agreement is not necessary to protect clients. The labor org boss said the next meeting with the State Labour Department is scheduled for August 17. The Register has asked Infosys to explain what it means by working "closely" with the authorities and whether it will attend the August meeting.
Paytm denies Firefox Monitor report of 3.4 million customer data breach
Indian mobile payments and financial services company Paytm denied allegations this week that it suffered a 3.4 million customer data breach in August 2020. In a tweet, the company called reports of the breach "unsubstantiated" and said it was working with Firefox to resolve the matter.
Media outlets have wrongly reported the breach of Paytm Mall data. We strongly reject such unsubstantiated reports as the hacker and Cybel had themselves confirmed that there was no breach. Also, the alleged data breach was reported in August 2020 & has no connection with Paytm. pic.twitter.com/6HC1npCbZp— Paytm Mall (@PaytmMall) July 27, 2022
Firefox Monitor claimed it discovered and verified the leak as provided by haveibeenpwned.com. The breach tracking site said the leak contained phone numbers, email addresses, dates of birth, genders, geographic locations, income levels, names, and purchases.
"It can sometimes take months or years for credentials exposed in a data breach to appear on the dark web. Breaches get added to our database as soon as they have been discovered and verified," wrote Firefox Monitor.
China, Indonesia, sign infosec pact
The Cyberspace Administration of the People's Republic of China and the National Network and Cryptography Bureau of the Republic of Indonesia have signed a joint action plan for cyber security cooperation.
The document was signed as Indonesian president Joko Widodo met China's Xi Jinping. Indonesia's English-language account of the meeting describes the joint action plan as encompassing "custom information exchange and enforcement [and] cyber security capacity building."
– Simon Sharwood®