The cybercrime and privacy breach in India has been mutating every few months. In this scenario, it is important for every user to understand risks associated with transactions in cyber space; implications of data leaks and privacy breaches through social media or email transactions and your remedies, say Nandkumar Saravade and Dr Rakesh Goyal, two experts in cyber security and risk management. They were speaking at a houseful seminar organised by Moneylife Foundation in Mumbai.
According to Mr Saravade, who just took over as chief executive at Data Security Council of India (DSCI), user awareness about internet, cyber laws and risks pose a big challenge in India. Especially, when we consider the wide strata of users, from tech savvy to new users, as well as different socio-economic conditions, demographics, culture and age, making them aware about the risk and saving them from cyber frauds is a significant challenge before law enforcement agencies as well as the government, he said.
“Cyber criminals exploit jurisdictional arbitrage knowing the practical difficulties faced by police in investigating outside their jurisdiction. The fight against cyber fraud is challenging when the judiciary clubs financial cases along with other kinds of schemes. Therefore, there is a need to revisit current laws – some over a century old and new focused legislation in the domain is an immediate requirement to keep up with the rapidly scaling fraud landscape,” Mr Saravade, the former IPS officer and Director for Cyber Security and compliance at NASSCOM, said.
According to Mr Saravade, what started with opportunistic attacks on unsuspecting victims has now become a well-organised industry with clear business plans based on understanding of the market, distribution network and business development by going into virgin territories. He said, “Small and medium enterprises in India have seen targeted attacks on their e-mail accounts to give fraudulent instructions to their banks to remit funds to mule accounts abroad. In addition, traditional fraudsters like those running pyramid schemes have taken to the Internet for casting their nets far and wide, the SpeakAsia case being a prime example. The numbers tell the story: 26 lakh investors lost Rs2,276 crore, in a Ponzi scheme which ran for a mere few months.”
Speaking about privacy in cyber space and how it can affect the user, Dr Rakesh Goyal, the Director-General of Centre for Research and Prevention of Computer Crimes and MD of Sysman Computers Pvt Ltd highlighted that the advancement of cyber technology has not only made it easier to communicate, socialise, complete financial transactions at a click of a button and a host of other benefits, but it has even made it easier for others to easily access the data you share over the net.
Dr Goyal, who has 42 years’ experience including 24 years in IT security consulting, explained how cyber space works. “There is no free lunch,” he said, “You may get a free service, but the companies in turn access your personal information to analyse your marketing and related behaviour. This is then sold to spammers, marketing analysts, blackmailers, competitors or even by state players for surveillance. Cyber thieves look to steal you bank passwords and credit card data.”
“There are several ways your data can be stolen,” explained Dr Goyal, a PhD holder in Cyber Security. “It can be by inserting malware, spyware, key loggers, botnet or malvertisement,” he said. “Even if you access a malicious or unsecure websites your data can be siphoned off. Unpatched bugs in your operating system or applications too, can be a window through which your data can be accessed.”
In the world of smartphone technology, your mobile phone acts as your personal computer. Many unknowingly authorise applications to access their data. Free gaming applications or even an app, as simple as, a mobile flashlight can be used to access all the data you store on your mobile phone. “You use free app, they steal your data,” quipped Dr Goyal. “These apps can effortlessly access your name, age, address, email, phone number, take full network control, call phone numbers, send messages, access your location and record audio and video,” he cautioned.
“Therefore, next time you put your information on the web, look at the costs versus benefits. Remember, your identity is at stake, your assets are at stake and your existence is at stake. You should be responsible for your own security,” concluded Dr Goyal.