What started with attacks on unsuspecting victims has now become a well-organised industry with clear business plans
Cyber-crime and privacy breach in India has been growing exponentially every few months. In this scenario, it is important for every user to understand the risks associated with transactions in cyber space; implications of data leaks and privacy breaches through social media or email transactions and your remedies, said Nandkumar Saravade and Dr Rakesh Goyal, two experts in cyber security and risk management. They were speaking at a houseful seminar organised by Moneylife Foundation in Mumbai. Mr Saravade is a former IPS officer and director for cyber security and compliance at NASSCOM. He has just taken over as chief executive at Data Security Council of India (DSCI).
According to Mr Saravade, lack of user awareness about Internet, cyber laws and risks pose a big challenge in India. When we consider the wide strata of users, from tech-savvy to new users, as well as different socio-economic conditions, demographics, culture and age, making users aware about the risk and saving them from cyber frauds is a challenge before law enforcement agencies as well as the government, he said.
According to Mr Saravade, what started with attacks on unsuspecting victims has now become a well-organised industry with clear business plans based on understanding of the market, distribution network and business development by going into virgin territories. He said, “Small and medium enterprises in India have seen targeted attacks on their e-mail accounts to give fraudulent instructions to their banks to remit funds to mule accounts abroad. In addition, traditional fraudsters like those running pyramid schemes have taken to the Internet for casting their nets far and wide, the SpeakAsia case being a prime example. The numbers tell the story: 2.6 million investors lost Rs2,276 crore in a Ponzi scheme which ran for a mere few months.”
“Cyber criminals exploit jurisdictional arbitrage knowing the practical difficulties faced by the police in investigating cases outside their jurisdiction. The fight against cyber fraud is challenging when the judiciary clubs financial cases along with other kinds of schemes. Therefore, there is a need to revisit current laws—some over a century old; new focused legislation in the domain is an immediate requirement to keep up with the rapidly scaling fraud landscape,” Mr Saravade.
Speaking about privacy in cyber space and how it can affect the user, Dr Rakesh Goyal, director-general of the Centre for Research and Prevention of Computer Crimes and MD of Sysman Computers Pvt Ltd, highlighted that advancement of cyber technology has not only made it easier to communicate, socialise, complete financial transactions at a click of a button and a host of other benefits, it has also made it even easier for others to access the data you share over the Internet.
Dr Goyal, who has 42 years’ experience, including 24 years in IT security consulting, explained how cyber space works. “There is no free lunch,” he said, “You may get a free service, but companies, in turn, access your personal information to analyse your market-related behaviour. This is then sold to spammers, marketing analysts, blackmailers, competitors or even by State players for surveillance. Cyber thieves look to steal you bank passwords and credit card data.”
In the world of smartphone technology, your mobile phone acts as your personal computer. Many unknowingly authorise applications to access their data. “You use free app, they steal your data,” quipped Dr Goyal. “These apps can effortlessly access your name, age, address, email, phone number, take full network control, call phone numbers, send messages, access your location and record audio and video,” he cautioned.
“There are several ways your data can be stolen,” explained Dr Goyal, a PhD holder in cyber security. “It can be by inserting malware, spyware, key loggers, botnet or malvertisement,” he said. “Even if you access a malicious or unsecured websites your data can be siphoned off. Unpatched bugs in your operating system or applications, too, can be a window through which your data can be accessed.”
“Therefore, the next time you put your information on the web, look at the costs versus benefits. Remember, your identity is at stake; your assets are at stake; and your existence is at stake. You should be responsible for your own security,” concluded Dr Goyal.