We, Indians, love freebies. When someone offers something free, we readily share our personal details, including name, mobile number and email IDs. Even the government is (forcibly) taking your thumb print or biometric data under the pretext of providing subsidy. The bigger question is: What do they do with your data or how do they store it? Unfortunately, the scene is not too promising. Especially on the government front, there is no clarity on how such data would be stored. This is leading to situations where someone, who has access to the data, is storing it without adequate encryption. And they use systems that are connected with the Internet, without proper safeguards.
Even for most government departments, ‘Digital India’ means storing data in Excel files and uploading it on their websites for all to see or download. This is what is called ‘transparency’! Unfortunately, such apathy towards digital data maintenance is an invitation for hackers and cyber attacks. But then in India, this is ‘chalta hai’.
For example, the National Institute for Smart Government (NISG), a not-for-profit company set up in 2002 by the Government of India and NASSCOM, has its website marked by Google with the words, ‘This site may be hacked’. Google says, “A hacker might have changed some of the existing pages on the site or added new spam pages and if you visit the site, you could be redirected to spam or malware.”
Why did I mention NISG? Because, NISG provides advisory and consulting services to the Central and state governments, as well as public sector units, for adopting and implementation of ICT solutions. Incidentally, NISG has called for applications from candidates for managing the Central Identities Data Repository (CIDR) for the Aadhaar project. Imagine how hackers would love such an entity as NISG that has data of over a billion people! A cyber attack on such a facility can potentially endanger not only the data by also the lives of people.
During 2016, there were over 50,300 cyber security incidents in India like phishing, website intrusions and defacements, virus and denial of service attacks, reveals data from the Indian Computer Emergency Response Team (CERT-In). One of the main reasons for such incidents was not paying enough attention to software.
Cyber attacks have become increasingly sophisticated and dangerous, as the Stuxnet worm had demonstrated. A few years ago, Stuxnet, the mysterious worm, caused havoc in Iran’s nuclear programme. Stuxnet is believed to be a cyber weapon jointly built by America and Israel. Unfortunately, years after this scariest of virus attacks, not much has changed in cyber space except that hackers are now finding it easy to steal, or even buy, codes created by national security teams. WannaCry, the ransomware, was the result of leaked hacking tools from the US National Security Agency (NSA).
If you think such things happen only abroad, as we do not have any valuable things that can be stolen or misused, you are wrong. Remember, in 2016, about 3.2 million debit cards issued by big banks in India were compromised and the banks had a tough time replacing the plastic cards and codes.
Can we, as individuals, help prevent cyber attacks? Yes, we can, by following certain rules. We should use only authentic software, update it regularly, not leak personal information in public domain, share information only on a ‘need to know’ basis with anyone—be it the government or any private entity. Also, follow simple rules like not engage with strangers and not be enticed by ‘attractive’ offers.
Future wars will be fought in cyberspace and, if India is not careful, the enemy can cause havoc.