Cash Trapping at ATMs..New Fraud
Oct 31: We are aware of the "Lebanese Loop"
technique of ATM frauds where the objective is to trap the ATM card. Now
most ATMs have been shifted to the swipe and remove type where the
"Lebanese Loop" does not work. It appears that a new technique is being
developed for "Cash Trapping" where cash does'nt come out and after the
customer leaves, fraudsters go in and release the trapped cash. This
fraud might not have yet been reported in India but is expected any
When such frauds happen, customers approach the
Banking ombudsman for releif. I would like the Banking Ombudsman of
Bangalore Mr Palanisami to make a special note of this new fraud
technique since in such cases the technical report from the ATM would be
"Transaction Successful. Cash dispensed". Since Mr Palanisami is known
not look beyond this report, we may see any complaints made to him from
customers referred to him may be rejected.
It is necessary fpr Banking Ombudsmen to understand
that the fraud is a result of the Bank's negligence because of non
availability of CCTV, non availability of the Guard and non availability
of a working Hotline. Banking Ombudsmen have a tendency to ignore
all such negligence as was done by Mr Palanisami as he did in the case
of the ATM fraud case referred to him by a customer of Bank of India and
conveniently rejected by him.
As long as Banking Ombudsmen are insensitive to the
victim's problems and unaware of the techniques adopted by fraudsters,
Indian Bank customers are in the danger of losing money through ATMs.
Deadline..October 31, 2011
The Reserve Bank of India mandated to all Banks through its
Circular letter dated 29th April 2011 that recommendations of the G
Gopalakrishna Working group on Information Security and Electronic
Banking shall be implemented during the year 2010-2011 and progress
reported in the annual report of the coming year.
Further RBI advised that by October 31, 2011, meaning
today, Banks should have put in place the initial compliance plan which
does not require major budgetary changes....More
Naavi on Digital Wills
Oct 29: Naavi has written a detailed article
"Inheritance of Digital Assets" a copy of which is found here.
Forbes India recently carried an article on the subject in which
naavi was also quoted.
Naavi speaks at Bangalore Science Forum
October 27: Naavi addressed a gathering of
academicians and students at National College, Basavanagudi, Bangalore.
A report in
Prajavani is here.
Business Line removes an article from the Internet
October 24: In a surprising move, it appears
that Hindu Business Line has removed an article dated October 24th which
spoke about an IIM professor losing Rs 18 lakhs to SMS fraud from its
Full article :
Report in ibnlive :
P.S: It has now been clarified by BL that the
article is now available at a different location under a different
headline within their site at
Axis Bank trades on CAT information
October21: Axis Bank which handles the CAT
(Common Admission Test for IIMs) applications is reportedly using the
information of applicants to hawk its own services.
If there is any lawful contract between the applicant
and the bank that the personal information is not to be used by the Bank
for other purposes, this could be considered as an offence under Section
72A of ITA 2008 which imposes a possibility of three year imprisonment
to the Bank's officials. Though such a written contract may not be
existing, it should be "Implied" since Axis bank is handling the CAT
applications on behalf of IIMs as an intermediary and such an
undertaking is part of the collection and limited usage principle under
Section 43A of ITA 2008.
It is to be noted that IIM has reportedly indicated
that they have not authorized Axis Bank to use the information and this
could be considered as evidence that the disclosure is "Unauthorised".
It would be interesting if the affected
person files a complaint on this behalf both with the Police for
criminal prosecution and with the Adjudicator for damages.
Railways to Accept Virtual Reservation Message as
October 21: There are instances when a train
passenger does not carry a "Print out" of his e-tickets. According
to Railway Board Letter No.2008/TG-I/10/P/SMS dated 20.07.2011, it now
appears that a "Virtual Reservation Message" (VRM) would be acceptable
as a ticket. VRM includes a screen shot of the e ticket as displayed on
a laptop or a mobile phone. This is a convenient feature for many since
they carry the laptops with them most of the time and show the ticket
copy more easily than a print out. Hope the TTE does not scratch out the
laptop screen in acknowledgement!.
Copy of order.
In case the TTE does not accept, and charges a fine,
a receipt of the fine (the receipt should clearly mention why the fine
was charged) may be sent to
one may get refund.
IIMs invoke ITA
2008 to hold a threat on CAT attendees
October 19: In what could be called an
unprecedented move which challenges certain concepts of law and freedom
of expression, IIMs collectively have issued a threat to all the CAT
aspirants this year that they shall sign a "Non Disclosure Agreement"
before taking the test and not discuss the questions after the exam.
Such disclosure is being threatened as an unauthorized disclosure of
information under ITA 2008 as well as a violation of the Indian Contract
Act and the Copyright Act. Prof Janakiraman Moorthy, convener of CAT has
threatened the students that they would be charged under ITA 2008 for
punishment upto 3 years. The threat is a sad reflection of the lack of
confidence of the organizers in formulating an appropriate test plan
that is difficult to remember and a large number of questions to work
with. The proposal poses an interesting legal challenge which is likely
to be debated for its legal validity....More
E Banking is now Even More vulnerable
October 19: If RBI does not wake up fast, E
Banking in India is doomed. The recent findings of a new Trojan which is
a variant of Zeus and SpyEye has the capability of not only logging key
strokes but also change the mobile number associated with the bank
account so that the OTP system can be defeated. A series of Phishing
transactions reported recently involving State Bank of India and
Vodafone indicates that the trojan may be already active in India. One
leg of the fraud in this mode involves the obtaining of control over a
SIM card with a compromised KYC. It is inevitable for customers
therefore to seek remedy for such frauds through vicarious liabilities
being hoisted on Banks and MSPs. But the best bet for customers is to
keep the Internet Bank accounts separate from non Internet bank accounts
and ensure that the balance in the Internet bank account is kept to the
Hacking Case against Sanjiv Bhatt?
October 18: It is reported that Ahmedabad
Police are investigating an accusation that Mr Sajiv Bhatt the anti Modi
IPS officer for hacking an email account. The report in Dainik Bhaskar
quotes a Police official sstating that the case may be filed under
Section 66A and it is non bailable.
I suppose the report is wrong since the reported
offence appears to be under Section 66 and is bailable. Hope the Police
donot make a mistake when they file a complaint and embarrass
Report in Dainik Bhaskar
Women CEO arrested in Mumbai.. Lesson for HR Managers
Oct 17: The report that a woman CEO of a
reputed company was arrested in Mumbai for posting a defamatory
information about a subordinate shows how ignorant are IT officials
Article in TOI. The article has however been questioned for veracity
since it has not revealed the names of the people involved and also
indicates that the Police let the accused off though the offence was
Cognizable and indicated a highly depraved mind in charge of a Company
capable of harming many others.
A similar case had been observed several years back
when an administrative manager had complained to the police about an
obscene morphed photograph of a senior marketing official had been
circulated within the company. When the Police investigated they found
that the email originated from the residence of the promoter director of
the Company. The case was quietly withdrawn.
Yet another case in Chennai was a case of a colleague
who sent defamatory emails about a lady colleague to frustrate her
promotion. This case could not progress since the Hong Kong based ISP
did not provide the IP address resolution and the Chennai police could
not move CBI for intervention of Interpol.
Employer-Employee of Colleague-Colleague disputes
finding expression in Cyber offences is a trend which HR managers have
to take note. Naavi has identified this as the "Cyber Offendo Mania"
requiring special techniques in identifying such tendencies in employees
so that remedial efforts can be taken in time.
Related Article on Cyber Offendo Mania :
Another incident where Cyber offendo Mania manifested
An Interesting Adjudication Decision from Maharashtra
October 16: In an interesting decision from
the Adjudicator of Maharashtra, an estranged wife has been found guilty
of "Unauthorized Access" under Section 43 and extracting e-mails and
chat session details of her husband and father in law and producing them
in support of her dowry harassment case. The adjudicator however has
only imposed a nominal penalty under Section 66C of Rs 150/-.
Copy of the
Judgment is found here. Once the decision of Section 43 is confirmed
it also confirms an offence under Section 66 and hence prosecution may
be continued by the Police. (Earlier order of CAT relevant to this case
The adjudicator has restrained himself from
imposing a penalty since he has not found a quantification of a wrongful
loss. It would be interesting to see how the matrimonial court would
treat the illegally produced evidence. If the illegally produced
evidence is accepted by the matrimonial court then the "Wrongful harm"
caused by the act would crystallize. In that case a cause of action may
arise for the complainants to appeal for compensation under ITA 2008 for
a decision already made.
however is a land mark decision in its own category and will be a good
precedent for future reference. Mr Rajesh Aggarwal, the Adjudicator has
therefore provided a valuable contribution to the development of
Adjudication system and to Cyber Jurisprudence in India.
Cyber Safety Week in Pune
Oct 16: Pune Police in association with DSCI
successfully concluded the Cyber Safety Week to improve the
awareness of Cyber Safety issues in the community including the Police
force. At the concluding session on October 15th, Naavi addressed
the group of Police officers and IT professionals and discussed the
legal aspects of Cyber Crimes.
Believe even if your Bank account is Credited!
October 14: Here is an example of a fraud
which marks a new way of using "Phishing". (See details here). This
makes one wonder how can one trust our Bankers even if they confirm that
our account has been credited. Here the customer got an email
confirmation through a "Phishing Mail" to persuade the recipient to ship
a Camera which he registered for selling on a E Commerce website. The
email was a fake. Fortunately in this case the customer was vigilant and
did not part with the goods.
However there was an earlier instance in Bangalore
where an Exporter made a shipment on the basis of money credited to him
at State Bank of Mysore through their correspondent Bank's Nostro
Account. After shipment the payment was reversed because the foreign
bank reversed their entry citing some technical reasons. SBM had no
sympathies to the victim of the Cyber Fraud and promptly squeezed the
customer through DRT proceedings. (Current position in this case not
Cyber Cafe Regulations..in TN
Oct 13: An interesting article on Cyber Cafe
regulations can be found
Chinese Company Huawei's link to Chinese Military
Oct12: For a long time every body knows that
China is slowly spreading its tentacles across the digital space through
Manchurian Chips and other forms of backdoors being installed in other
countries. Now CIA has again brought out a report stating the obvious
that Huawei is linked to Chinese military. Despite such overwhelming
revelations, Indian Government has its utmost faith in Chinese
technology and has allowed Chinese suppliers to dominate the Indian IT
industry. It is unfortunate that even the scientific community like IISc
as well as the IT industry has not recognized the Chinese Risks and
taken effective counter measures. It is time that India develops a
suitable IT strategy to reduce the dependence on China over the next few
years. In fact this should be one of the policy objectives for the
German Government involved in Cyber Terrorism?
Oct10: F Secure has indicated that it has
identified a malware which appears to have been spread by the German
Government for the purpose of snooping. The malware is the wild and can
infect computers of non Germans also. This therefore could expose German
Government to liabilities under the Cyber laws of other countries. In
certain courtiers like India this amounts to "Cyber Terrorism". F Secure
has also revealed that such "Official Malware" is often discussed in the
anti virus circles and F Secure itself assures the public that they
would not allow any such Trojans going undetected. It is suspected that
FBI has prevailed upon some AV manufacturers to leave their snooping
malware unreported. Probably China may not be far behind.
Law of Internet For Exporters
Oct 08: Here is an article on Cyber Laws for
Exporters at Exim Matters.com :
The law of internet for
CD Books for Conferences
Oct 08: A special scheme for Naavi's E Books
to be distributed in Conferences or to Customers or Employees of
Companies where creation of an awareness of Cyber Laws is relevant is
now available. Organizers of Conferences may buy the books
in bulk to be rendered on CDs with no extra costs. They can also get the
sponsorship name embedded on each page of the book. They can also
sell ad pages to others for a cost.
Details Available here
Cyber Laws for the Politicians
Oct 08: Naavi has often said that Cyber Laws
should be for the Netizens and By the Netizens. However in India
laws are passed ostensibly for the common man but implemented only for
the politicians and to protect their interests. People with money may
also get the law to support them.
It is only on rare occasions that law protects the
common man and most such cases depend on an individual honest officer in
the Police or the Government.
controversy regarding application of ITA 2008 for a cartoonist who
showed Sharad Pawar as a pole dancer revealing an asset of only Rs 12
crores is a case in point.
Naavi's Comments on National IT Policy
Oct 08: The National Policy on Electronics
focussses on developing India to a global leader in VLSI and a
significant player in the ESDM industry. These are welcome. Concern
areas are the "Long term partnerships in critical sector", "Security"
and "Implementation". ...
National IT Policy for more mobile services
Oct 08: GOI has released a draft IT policy for
the nation for public comments. The policy is well drafted and
makes the right sounds. However it is clear that what drives IT in India
is Government expenditure on hardware. Earlier it was investment in
computers. Now it is investment in Mobile devices. As a part of the
policy probably several thousands of thousands of Crores would be spent
on the purpose.
If this investment is directed towards indigenous
hardware development as in the Akaash scheme there could be some long
term development. The Policy makes a mention of developing the
indigenous hardware industry making India the ESDM hub. (Electronic
Systems Design and Manufacturing hub). Hope it will be pursued during
in ET : Public
US Drone Control infected with Keylogger Virus
Oct 08: In a security breach of serious
military implications, it is found that computers controlling the Drones
used by US military for remote controlled attacks in Afghanistan have
been infected by a virus. It is stated that the Virus is persisting
despite several attempts to remove it and includes a Key Logger.
OTP Passwords Could be hijacked
Oct 07: It is reported that a social
engineering method is being adopted to hijack OTP issued by Banks for
transaction authorization. The trick appears to send and SMS to the
victim and make him change the assigned mobile number..
Chennai Introduces new Cyber Cafe Regulations
Oct 06: Tamil Nadu appears to have taken the
initiative in introducing new Cyber Cafe regulations as suggested in the
GOI rules of April 11 2011. One of the regulations is a requirement that
hard and soft copies of the visitor's register on a monthly basis to the
Report in Hindu
Bank of America under Cyber Attack
Oct 06: It is reported that Bank of America is
under a Cyber Attack. It is possible that the attack could be a new test
launch from China of one of its Cyber War heads. Bank has however denied
that the outages are due to a Cyber attack and claim it as a result of
some technology upgrade going wrong..Related
QR Codes can be deceptive
Oct 05: QR Codes are a good system for reading
of small content by mobiles. It is often used for updating address book
or product details. It is necessary for us to remember that QR Code can
also be used for executing malicious codes since the user cannot
normally know what is the embedded content unless there is a "Preview"
Massive Insecurity in Mobile Devices
Oct 05: Massive security vulnerabilities have
been found in HTC mobile devices leading to potential data loss and
compromise of control. It is necessary for RBI to take note of these
developments before pushing Mobile Banking in India. Already RBI has put
Indian Banking customers in grave risk through Internet Banking. Though
security guidance is in place, commercial Banks have no respect for RBI
Chinese Cyber Intrusions are Intolerable
October 5: In a reiteration of what is known,
USA is now pointing out that China could be behind recent Cyber Attacks
on Sony and other corporate. Cyber Espionage activities of China are in
the nature of Cyber wars and is aimed at gaining economic control over
the world. India is more vulnerable than others since our political
masters donot have the guts to even point out physical intrusions of
China. As long as we donot recognize the Chinese threat and act in
defense, the future of India is at stake. The Indian Companies who work
for China in pursuance of short term profits also need to rethink on
their strategy. We need to monitor the knowledge transfer to China
through our IT projects. In the meantime as a nation we need to have a
strategy for reducing the dependence on China for our IT hardware. We
need people like Sam Pitroda to think of a strategy for the purpose. We
need to explore if a national internet backbone of high bandwidth
(Without Chinese hardware) and a low tech network computer (indigenously
developed) could be a solution worth exploring in this regard.
Simultaneously development of an indigenous OS is also required.
Fine Print Clause on Web Contract disallowed by
October1: Naavi has been arguing that the
Click wrap contracts are not valid in India particularly the individual
clauses that also qualify for rejection as fine print clause. Now an
Isreli Court has taken a similar view. In Civ. (Tel Aviv) 1963-05-11
Malka v. Ava Financial, Plaintiff argued that the forum selection clause
was “hidden” in an online contract whose terms he never read. In
addition, he argued that such choice constitutes an “unfair term” in a
contract of adhesion under the Standard Form Contract Act, 1982. The
Standard Form Contract Act enumerates a list of contractual provisions
which are presumptively unfair, including unreasonable or unilateral
forum selection (but not choice of law).The court rejected the
defendants’ reliance on the forum selection clause, effectively
establishing Israeli jurisdiction over the case. Some of the
observations made in the judgment also has relevance to the defense
that PNB has taken in one of the Phishing cases to shift the
jurisdiction from Chennai to Delhi.
Digital Society Month
October 1: October is a significant month for
Cyber Law observers in India. It was on 17th October 2000 that India
created a judicially acceptable Digital Society by providing legal
recognition to electronic document and digital signature when ITA 2000
was notified. It was again in October 2009, this time on 27th that ITA
2008 was notified. In recognition of the importance of this month, I
urge all Cyber Law practitioners to undertake activities that contribute
towards creating a responsible Cyber Society.
Three Months since CAT is closed
October1: On June 30 this year the Presiding
officer of Cyber Appellate Tribunal retired and even after three months
the DIT has not found a replacement. It is therefore necessary for
the Chief Justice of India to take notice of the vacancy and take steps
to persuade retired judges known for their integrity to take up this
important position. If Judges have hesitation because of self perception
of technical inadequacy, GOI can consider appointing a technical member
to CAT so that all sittings can be held by a two member CAT. This is
already provided for in ITA 2008 and would provide the confidence to the
Judicial member who will remain to be the Chair person to adequately
address complicated technical issues.
Cyber Espionage Risk for China travelers
October1: Cyber risks with China are well
known. However this article indicates the seriousness of the risks to
foreign business travelers to China. The articles suggest that
electronic data carried on laptops and ipads are likely to be
compromised if used in China. It is stated that some travelers strip
their laptops of important data before they travel to China and some
others use sensitive data stored in pen drives and opened only offline.
Some seem to prefer "Use and throw" devices for their China visit. The
precautions which some business travelers are reportedly following are
an eye opener to Indians who may travel. In particular the officials of
the Government who travel to China need to also follow these