Did you tweet your BBM PIN? We know about it

BlackBerry officially released BBM for Android and iOS on 22nd Oct, 2013. And within 24 hours, the net download of the BBM app had hit 10m. People are crazily sharing there BBM PINs all over the Internet, most popular places being Facebook, Twitter and blogs. Several hashtags related to BBM have been trending on Twitter at various locations and this is what caught our eye – people sharing their PINs recklessly, seeking for friends, bragging about getting a PIN finally before the others or after a long wait! Do you think there is no harm in posting your PIN publicly? Then go through several posts on BlackBerry forums about users being spammed through PIN to PIN messages. Publicly posting the PIN is a definite invitation to spam.

When such a huge amount of BBM PIN sharing caught our attention, Mayank and I (with some inputs from PK) quickly used some of our old scripts and put together this website which displays the most recent tweets where users have shared their BBM PINS in plain text

There might be few false positives or a couple of encoding errors here and there, but we have tried to keep the errors as low as possible. Have a look at the volume of tweets with BBM PINs. In a span of less than a day, we collected about 79K tweets talking about BBM and about 24K (and constantly increasing) tweets with BBM PINs in plain text. Some users are even sharing their PINs via Instagram images and screenshots of their phone screen.

If you are interested in knowing more, please write to pk [at] iiitd [dot] ac [dot] in.

Moments for life! My first International trip to USA

Well, it’s been 2 months since I returned from the United States of America but it all still looks fresh as I sit down to put it in words! 🙂

It was about a year back that I learnt my plausible visit to the University at Buffalo (UB), NY and the news left me all afluttered! As much as I was excited for my first international travel to this beautiful country, my parents were equally nervous as I am known to be an over-pampered and not-so-independent girl (yea, majority including my parents think so :(). The most important thing for my travel was to get a passport! (I didn’t have one by then ;)). All the formalities for passport and visa were done within no time and I was all set to fly! The days passed by, and the excitement grew by leaps and bounds and it was just packing, packing and more packing. Finally, on June 7, 2013, I left my home at 1 AM with all the excitement and thrill. As the huge Boeing 777 was waiting for me, I bid adieu to friends and family. Within no time, I was sitting in my plane to get to my next humble abode for 2 months. As I lay down, enveloped with clouds, I suddenly realized that I am away from home for long 60 days leaving me nervous and anxious! But the very fact of freedom and independence shooed that feeling away! 😉 With a smooth continuous flight of 15 hours, rare did I know what was next in my kitty! As I sipped a cup of coffee at the large JFK airport, NY, it was announced that my connecting flight was cancelled due to bad weather. The next I got into my senses, I was running back and forth to get another flight and collect my baggage. I felt really low and disappointed to get another flight, 6 hours later and that too from a different airport. With all these glitches, finally I was standing in my apartment admiring my new room and the feeling of being in a new country altogether finally sinked in. Next was the big day, my first day at UB which was entirely a different experience.

The large campus at UB with breath-taking greens and multi-cultured people was difficult to capture in a frame. It took me nearly 2 hours to cover the whole campus. At UB, I got an opportunity to work in the Jacobs Management Centre (The word management sounds confusing but we worked in information and security! :)) under the esteemed guidance of Prof. Hejamadi Raghav Rao. Adapting to the new international setting was less of an issue, thanks to my project partner Rajarshi Chakraborty (PhD@UB) for making things easy (We had already met by then since he visited us at IIITD the previous month, lucky me!). Well, honestly there was no time to get comfortable since we had a deadline after 15 days :D. The work culture there was a little different than what is being followed in India. There were strict working hours from 9:00 AM to 6:00 PM with usually free weekends. It was also different in a sense that in India we used to work together in lab (a noisy one! :D) and there I was given a separate room to work. Unfortunately, since it was a summer time, I missed meeting a lot of students in the university as most of them had gone to their native places. My research work was exciting and challenging and I enjoyed every bit of it it in the apt motivational ambience at UB. My project advisors, Prof. H.R. Rao in the US and PK, here in India, were a great support throughout. I learnt a lot of things at UB and had an opportunity of interacting with some great minds. I also got a chance to attend Western New York Cyber Security conference by ISecure, a conference for discussing the concerns arising in Information Security. Since the conference was near Niagara, I managed to get a quick short trip to the heavenly Niagara Falls. During the last week of my stay, Rajarshi offered me for a dinner at a Thai restaurant. Being a total vegetarian, I had a tough time selecting a dish for myself and end up having an eggplant (Brinjal, in simple terms, which I don’t eat in India :D). Quite an experience!

Apparently, this blog is incomplete without the mention of ‘masti’ and ‘mazaa’ I had in the US. I was lucky enough to have cousins there who helped in exploring cities like New York and Washington and visit some really beautiful places like Statue of Liberty, Madame Tassauds, Niagara Falls, Virginia beaches accompanied with loads and loads of shopping! I got a chance to witness the mind blowing fire cracker show on the Independence Day. I made new friends and did lots of chatting, dance and fun together. This trip also marked the beginning of my cooking skills (and end too for that matter :P), doing groceries and other regular stuff which I could have never imagined myself doing! 😀

Below is an image of me at Madame Tassauds with the waxed Big B! 😀
Overall, the experience was quite satisfying, both personally and professionally. I would like to thank my advisor PK and Prof. H.R Rao for giving me this wonderful opportunity. Looking forward to such exposures in life. Stay tuned! 🙂

 

My work, my pride!

Privacy in Open Government Data

As they say, ideas can be life changing… and an idea changed my life too (in a positive way, of course! :)).

It is amazing and satisfying to see how ideas turn into reality! It was an year back I, along with Mayank Gupta (B.Tech , DCE) started working on an idea which revolved around the lines of open government data and its potential malicious use. Information portals in the form of the e-governance websites (e.g., voter-id, driving license, mtnl phone directory) run by Delhi Government in India provide access to personally identifiable information (PII) of the residents of Delhi. Information like name, address, age, date of birth, voter-id, driver’s license number, and father’s name is openly and freely available. With the increase in Cyber security thefts online and increasing privacy awareness among Indian citizens, we thought it would be an interesting problem to encash. And Voila! It actually turned to be in consonance with our ideas :).

The project was planned in various phases / stages. The first phase was identifying the open government sources and going through their privacy policies to check if data collection was permissible or not. Next step was to write PHP scripts to start extracting the information. Within a month, we had approximately 8 million voter-id and 2.5 million driving license records in our local repository. We also collected data from 5 popular social networking sites viz. Facebook, Twitter, Google+, Foursquare and LinkedIn. Public API calls were used to extract the data. Now the next step was to create awareness and spread it among masses. To make this possible, we developed a system which could highlight the public availability and easy accessibility of such PII. Hence, OCEAN: Open Source Collation of eGovernment data and Networks was developed and deployed on January 21, 2013. The input to the system is the name of the individual to be searched and the system returns a candidate set with same name and personal attributes associated with each individual. Interestingly, aggregation of data within the voter-id database helped in creating a family tree which connected people within a family. Below is an image which shows the family tree of Srishti Rawat (a random name, details blackened for privacy purposes).

The system is gaining popularity and has been in talks in privacy research community since its deployment.  Within a short span of time, 398 unique visitors have been recorded in the system (as on May 18, 2013). OCEAN brought lot of accolades to me, Dr. PK and Precog.

  • Article published in national daily, Hindustan (April 16, 2013) [pic attached]
  • Best poster award at IITK Security and Privacy Symposium 2013
  • Accepted poster at IBM I-care 2012, IISc Bangalore

I would also like to thank Swetank Kumar Saha, Sudip Mittal and Daksha Yadav (B.Tech, IIITD) for doing the initial thinking and simple prototype for this work.

Hopefully this effort serves as an eye-opener to general public and other stakeholders in the country.