"This website is the Wikipedia of Indian Cyber Laws".. A Visitor's remark
REQUEST ONLINE MEETING
Solution to EVM Controversy
Aug 26: The recent controversy on EVM vulnerability revolves around the possibility of tampering the EVM by fixing a gadget inside which can be wirelessly manipulated from outside.
I would like to present such a solution here in below which satisfies all these three segments for consideration for all the parties concerned including Mr Subramanya Swamy who is in the forefront of the current movement... More
Aug 26: There has been an intense discussion on EVMs in India after the arrest of Hariprasad who was involved in a demonstration of the vulnerability of the EVMs.The issues raised fall into the following categories.
1.Was it ethical to arrest Mr Hariprasad whose intention was only to alert the GOI on the technical issues involved in security?
2.Is the vulnerability of EVM an issue which comes under ITA 2008?
3. Are there any solutions for maintaining confidentiality of voting along with keeping a paper trail?
Naavi's G-Mail account retrieved.. for the time being
Aug 25: After a day of intense efforts, Naavi was able to restore his control on his gmail account which had been hacked by some one who had changed the recovery mail details as well as security questions. Simultaneously the hacker had also taken control of Naavi's vsnl e mail account and that also had to be extricated by contacting the company. Unfortunately Google does not provide the details of the IP address from which the hacker operated the modifications unless the law enforcement intervenes. The next step of course is an investigation if necessary with the intervention of the Police to find out who was responsible for the hacking.
IRCTC to bar Online booking by Agents
Aug 25: After frequent complaints from individuals about the difficulties in Tatkal booking because of block bookings by agents, Railways appears to have taken steps to ban the agents from online booking for a period of one hour from 8.00 am to 9.00 am. Ref: report
In the light of the revelations about the use of "User end Scripts" to automate the bookings and breaking of Captcha, it has become evident that the system is being abused significantly. Common men were disillusioned of late with the online bookings particularly for Tatkal booking and would welcome this move whole heartedly. At the same time IRCTC needs to tighten the security to disable user end scripts and also black list the user accounts of those who use the automated scripts. They should also retain the option to cancel the booked tickets without refunds where they can record proper evidence on such wrongful use. Since technically any use of scripts such as available at Vrarun Kumar's blog is illegal (Offence under Section 66 of ITA 2008), the penalty of losing the booking is a necessary measure that IRCTC should take.
It is also reported that the Railways may start an alternate online booking site to remove the monopoly of IRCTC. Report The additional booking facility is likely to be introduced through http://www.indianrail.gov.in/
Naavi's email account appears hacked
Aug 24: One of Naavi's e-mail account at gmail appears to have been hacked. A complaint has been lodged with Google and action is awaited. In the meantime if any of naavi's contact receives spam or fraud e-mails such as "I am stranded in Africa.. send money.. etc". Kindly ignore and send me the IP address and copies of such e-mails at my alternate e-mail address.
PESIT to Introduce Cyber Laws as Electives in BE Course
Aug 23: PESIT, one of the leading Engineering Colleges in Karnataka has taken a pioneering step in introducing Cyber Laws as an elective Course for the Engineering Students of the 7th Semester from the current semester. Naavi will be the lead faculty for this program which is the first time any Engineering College in Karnataka has introduced Cyber Laws in their curriculum.
IRCTC Site Hacking Secrets
Aug 23: Naavi has been highlighting the possibility of IRCTC website being abused and misused. Now one of the tools used for hacking IRCTC site has now been revealed. This report also highlights the urgent need for our Engineers to be made aware of Cyber Laws. The report highlights the weak security measures adopted by IRCTC and their negligence when it has been brought to their notice. Report in Techgoss : Earlier article of Naavi
Notice Under Sec 69A and 79 to Google
Aug 22: Google has been issued notices under Sec 69A and 79 for wrongly depicting parts of India in J&K as not belonging to India. Refer Report : The map has since been corrected according to this report:
Pan African Cyber Crime Legal Network Proposed
Aug 22: In order to bring uniformity to the laws in the African Countries, a proposal is bring mooted to introduce a common legislative framework for combating Cyber Crimes in the African Countries. .. Report
EVM Vulnerability Exposer..arrested
Aug 22: In an unfortunate development, it is reported that Mr Hariprasad one of the persons who demonstrated that EVM used in India can be tampered with has been arrested. A team of three persons including Mr Hariprasad had announced some time back that the EVMs could be pre programmed to favour a specific candidate. A Video of the demo was also made available in you tube. Now the Indian resident Mr Hariprasad has been arrested on the charge of theft of EVM used for the demo. See Details here.
Electronic Cheque Counterfeiting
Aug 22: Cheque counterfeiting is an old art. But in the era of digital record keeping, counterfeiting also seems to have been automated through a digital process. In a new fraud that has been reported from Russia, fraudsters hacked into websites providing services for cheque image archival and downloaded images of genuine cheques with signatures and used the data for generation of counterfeit cheques. This highlights the need for security wherever such sensitive information is stored. India is testing the truncated cheques in Delhi clearing house. Under this system the cheque images get stored in the bank's systems. It is possible that some Banks might have outsourced the truncation system. In all such cases the security process needs to be reviewed as a part of due diligence and the stored data needs to be appropriately encrypted for safety. Related Article
HUWEI to disclose Source Code to Indian Govt
Aug: 20: Huwei Technologies the Chinese Company which has supplied several telecommunication equipments and software to the Indian telecom companies has announced that it will accept the security requirements of the Indian Government and provide source code and design details of its equipments supplied to India.... Detailed Article
Indian Member of Nigerian Gang Arrested
Aug13: A resident of Andheri was arrested by Mumbai Police in what appears to be a phishing case involving ICICI Bank. It must be noted here that the Bank in this case lodged the complaint with the Police quickly and it resulted in the Police taking a prompt action. In earlier instances, Banks have been known to refuse to complain to the Police and this many times resulted in the offenders escaping the Police net because of the delayed investigation. Good to know that ICICI Bank has learnt a lesson out of Umashankar Case in which it was ordered to pay compensation. Report in TOI
ITA 2008 audit a View
Aug 12: A three step process for ITA 2008 audit and compliance is discussed by Vicky Shah, a security professional. Article in techtarget.in
Internet Banking Fraud at ICICI Bank
Aug 11: A customer of Gaziabad has reported that Rs 6444 has been fraudulently debited from his ICICI bank account in six different transactions (4X1111+2X1000) though he has not been a respondent of any phishing. The incident is typical of the latest strategy of fraudsters to remove money from Banks in small amounts so that victims donot consider it profitable to pursue complaints. As expected, ICICI Bank refuses to take responsibility when the customer approaches them and asks the customer to make his own private complaint. We request the authorities to take appropriate action to ensure that customers of Banks are not subjected to the risks of insecure Banking. Anti Phishing Action Force will take up this issue with the necessary authorities.
Germany Develops Own Mobile for Security
Aug10: Germany has advised its Government officials against using Blackberry or Apple iPhone for security reasons. Instead they recommend use of the locally developed phone Simko2. Is it because Blackberry is less secure? or it opens it's communication to US but not to Germany?.. Perhaps time will tell. ..Related Article
Aug 09: ATM users in India are exposed to a kind of PIN theft risk that has been brought to focus with an arrest in Kolkata. The risk arises because the machine (only one type of machines where the users insert the card and withdraw is said to have this vulnerability) reads the PIN, stores in its cache memory and goes blank under certain circumstances. The machine can then be released by inserting a screwdriver but at that time the PIN remains in memory and can be used to withdraw money from the account of the user whose PIN remained stuck. This is clearly a vulnerability of the machine and the liability on account of this vulnerability should fall on the Bank. The Bank in turn should get indemnified by the supplier of the embedded software that runs the system with this bug. Related Article in ET
Indian Cyber Army being set up?
Aug 09: According to this report in ET steps are being taken by the Indian Government to set up a Cyber Army of professionals to protect the National Cyber Security interests. . Report in ET
Bank Fined for KYC failure
Aug 06: RBI has fined ICICI Bank Rs 5 lakhs each for failure to follow KYC norms. It is also reported that the government had in 2009 informed Parliament that ICICI Bank was twice issued a warning letter or advisory note in the previous two years for violating RBI guidelines. In 2007-08, ICICI Bank was accused of violating RBI guidelines/directives in opening new deposit accounts. This had led to opening of fictitious accounts by fraudsters at the bank’s Patna branch. Report
IS Policy for Telecom Operators
August 05: Recent controversies related to the Blackberry service provider and the demand of the Indian and UAE Governments that they be provided monitoring access to the data transmitted within the network has focused on the IS needs of the service providers. Naavi has always been stating that the ITA 2008 provisions make telecom companies liable for 7 years imprisonment if they are unable to comply with certain regulatory prescriptions under the Act. It is better for telecom companies to continue their dialogue and come to an amicable solution with the Government without making it an ego clash. Security is paramount and if the Government compromises its present stand it will be accused of being soft on security. It is therefore necessary to address the Privacy concerns as well as prevent abuse of the powers that the monitoring provides to the Government.
Dumpster Diving Costs US $ 1 million
August1: An US Company has been fined US$ 1 million for having disposed off pill bottles with labels containing information identifiable with patents in the trash can as a violation of the HIPAA Privacy rule. Detailed Report
FIR Within 2 days
Aug 1: Union Home Ministry has advised Police that FIR s have to be registered within 2 days of a complaint or rejected. Also police have been advised to issue an acknowledgement of the complaint. These were a long pending demand of public particularly in Cyber Crime cases where there was hesitation by the Police some times to recognize a crime. TOI report