New Version of Android Virus hits India

It is reported that a new version of the Android virus “selfmite” has appeared in the wild. The virus sends SMS messages to all the contacts with a hyper link which if clicked will install a malicious app.

Details are available here

It appears that the virus uses shortened URL service of GoDaddy and can be re configured remotely to change the URL.

At present the virus can spread only through the clicking of the URL in an SMS.  The users should therefore be vary of clicking on any URL even if it is part of an SMS from a friend.

The threat hurts the use of a mobile for browsing internet and can seriously affect the plans unveiled recently by Face Book founder to make certain basic internet services free from the face book applications.

Industry should ensure that mobile anti virus systems are strengthened to prevent such viruses.


Share Button
Print Friendly

Concurrent Civil and Criminal Cases

Recently, I came across an article on the web discussing how a criminal conviction or trial proceedings can produce evidence for a civil compensation. (Related Article). This was regarding a proceeding in Canada. The points raised here appeared to be relevant in India in Cyber Crime cases and hence the following comments can be made.

In many of the Cyber Crime Cases we come across a Civil and Criminal dispute being tried in different fora simultaneously. For example, the Police may pursue a bank fraud case while the victim may invoke Adjudication under ITA 2008.

Normally, a criminal case takes a longer time and a stronger evidence (Beyond Reasonable Doubt) to result in conviction. But a civil proceeding under the special provisions of adjudication and Cyber Appellate Tribunal (CAT) can be completed much quicker. Also these judicial process in adjudication being of the enquiry commission type, it is more victim friendly.

Though victim compensation can also be provided by a criminal court, traditionally the criminal courts in India are reluctant to go deep into evaluation of financial compensation which may involve opportunity loss or gain, interest and litigation expenses etc. (There could be exceptions such as the recent prevention of corruption case of J Jayalalitha where the session’s judge did take the trouble to make proper estimate of the wrongful gain the accused might have made). Also the criminal cases are pursued by the state and the public prosecutors and the victim’s interest may not always be a priority.

Hence where a civil remedy is separately available, the victim   always prefers to explore such alternate remedies. This is mostly true in Cyber Crime cases.

It may be recalled that in the land mark Umashankar Vs ICICI Bank adjudication case, the adjudicator’s verdict was that the Bank was liable for paying compensation to the victim for the fraudulent loss suffered by him. At the same time Tamil Nadu police was (and is) pursuing the criminal case against the identified ultimate fraudster. An issue was raised by the undersigned with the Tamil Nadu police that it should pursue the case of criminal negligence and complicity by ICICI Bank and its officials in the light of the positive findings of the Adjudicator.

However, TN police hesitated and did not proceeded even to conduct a proper enquiry and take up investigation against any of the officials of the Bank.

At least in future, Police should take advantage of the availability of an earlier civil compensation verdict where it is relevant.

Of course this argument would not apply to Karnataka where the IT Secretary acting as an adjudicator has actually jeopardized the system of criminal justice also by holding in effect that Section 66 of ITA 2000/8 cannot be invoked by a Corporate victim nor any person can invoke Section 66 on a Company. This can also extend to many other sections of ITA 2000/8 and make the act completely redundant in the State.

Unfortunately in the absence of an operating CAT, the decision of the Adjudicator remains a precedent since more than 2 years. It is disappointing that the judicial authorities such as the Karnataka High Court and the Administrative bodies such as the Government have not yet observed the highly undesirable criminal justice system that is now prevailing in Karnataka in the domain of Cyber Crimes on account of this decision. As otherwise they would have taken proactive steps to correct the same.

Karnataka Government now has on its hands the opinion of the Law department as well as the Cyber Crime Police that the subject decision of the Adjudicator is not correct but is yet to take a proactive action to correct the situation. Mr Siddaramaiah the honourable Chief Minister of the State is himself a law graduate and can personally appreciate the correctness or otherwise of the decision without any expert opinion but unfortunately the matter has not yet come to his attention.

The Karnataka Judiciary which covered itself with glory in the J Jayalalitha case would do well to bestow its attention on what has been stating time and again that in the absence of a corrective action, the said decision  has renedered Karnataka a “Cyber Crime Haven”.

Let this Diwali shed light on the situation and some positive action by the Karnataka Government and or Karnataka High Court.

(Details of the Adjudication Decision referred to here is available in several earlier discussions in this site: Plight of Cyber Crime Victims in Karnataka:: Will the CM of Karnataka respond?)



Share Button
Print Friendly

Union Law Ministry remembers Cyber Appellate Tribunal

Today’s Indian Express surprisingly carried an article titled “Crash Course in Cyber Laws for Tech-Savvy Judiciary” in which the forgotten institution called “Cyber Appellate Tribunal” was remembered. The article speaks of the growing Cyber Crime risks in the country and the need to train the Judges. It indicates that the Union Law Ministry is contemplating training programs across the Country through Judicial Academies to increase awareness of Cyber Laws.

The undersigned is already involved in such programs and would welcome the move of the ministry to expand this further.

What may be noted is that so far it was the Ministry of Communications and Information Technology which was addressing the needs of Cyber Laws and the Law Ministry was not in the picture. Now that the same Minister heads both the ministries, it appears that the controls are getting passed to the Law Ministry either completely or partially.

The article made a passing mention Cyber Appellate Tribunal (CAT) acknowledging that it has remained dysfunctional for some time now. The undersigned has been on a relentless mission to get the Cyber Appellate Tribunal re-activated and has been sending representations to all the concerned executives. Even yesterday, a detailed representation has been sent to the Chief Justice of India with the hope that action would be taken up to appoint the Chair person for CAT. It is good that this article has drawn attention to the existence of this non functioning office.

It must be also mentioned that the earlier representations of the undersigned as well as the one sent yesterday have all been also referred to the Minister of Communications and IT as well as the Prime Minister and others. But so far there has been no positive response.

The Narendra Modi Government which has indicated a big push to E Governance has also failed to respond to E Mails and messages sent through PMO India website indicating that the Government is still far from being ready for E-Governance. The representation of yesterday has therefore been sent by the good old “Snail Mail” and I hope it will reach the desk of the relevant Ministers and elicit a response.

In the light of such lack of response to E Mail communications, from the Government, it was surprising that some body from the Government was speaking of Cyber Laws and need for training of the Judiciary.

I hope the winds of change will now begin to appear and congratulate the Law Ministry for taking the lead when the IT Ministry has abdicated its responsibility.


Share Button
Print Friendly

I call for an “All India Cyber Law Awareness Movement”

In another regrettable incident, a talented young person from Patna who was earlier praised by none other than Dr Abdul Kalam for his technical skills has been arrested now for a criminal activity.

The 25 year old tech genius by name Shivendu Madhav from Bihar had reportedly earlier developed and demonstrated a search engine like Google to Dr Kalam in one of the exhibitions and   received accolades. He had also sold one of his technical blogs to an US professor for Rs 4.5 lakhs. He was therefore neither short of money nor recognition and future career prospects. Yet he decided to use his talents to develop a fake railway recruitment portal and duped lakhs of jobless youths promising them jobs via RRB Bhopal.

Refer Article in TOI

The youth has since been arrested and some of his accomplices are now being traced. Law will take its course and probably this young genius will be punished. As a routine we can also congratulate the police team and appreciate their work.

However, as information security professionals we need to sit back and reflect why such things happen. I am reminded of an earlier case where a youth was arrested in Bangalore for ATM frauds and it was found that he had a very lucrative employment. It appears that the traditional behavioral science theories are being over turned in the current generation where “Negative Motivation” influenced by unrealistic material expectations in the society over ride the traditional motivators such as “Security”, “Reasonable Money” and “Recognition”. People seem to be greedy for more and more money and are willing to risk their future for immediate gains.

This indicates

a) Lack of Ethical training in our IT education.

b) Lack of fear of the law.

I therefore call upon the Ministry of Information Technology to initiate an all India program of ” Creating an Ethical IT Work Force” as a part of the Cyber Security initiative. Such a program requires Cyber Law Education and  Awareness of the consequences of violation of Cyber Laws right from the XI standard when Compute science knowledge gets imparted to our students. We may call this “Cyber Ethics Education”.

Mr Modi has embarked on a “Clean India” program in memory of Mahatma Gandhi from today. I suppose what Mr Ravi Shankar Prasad has to initiate is a “Cyber Law Compliant Mindset Development Program”.

As regular followers of this site are aware, the undersigned has been pursuing “Karnataka Cyber Law Awareness Movement” or “saibar kanUnu PrajnaaMdOLana” (ಸೈಬರ್ ಕಾನೂನು ಪ್ರಜ್ಞಾಂದೋಳನ) and done several programs across Karnataka in the last decade. During the days when Mr H.K.Patil was the law minister of the state under S.M.Krishna’s regime as CM, the undersigned had also discussed several such initiatives with the then Karnataka Government authorities. KLE Society of educational institutions had provided support for the initiative in a big way. But over the years the interest appears to have waned as agencies other than Naavi’s initiatives failed to sustain the movement and Naavi’s initiatives could not sustain on their own due to lack of resources.

In fact one of the activities that these initiatives highlighted was the celebration of October 17 as the “Digital Society Day” to commemorate the notification of ITA 2000. This year this could be a day which Mr Ravi Shankar Prasad should consider to promote some positive action in improving the Cyber Law Awareness in the country.   “Bangalore Cyber Security Summits” conducted in Bangalore during the days when Mr Ashok Manoli was the IT Secretary were also part of such an effort with the participation of the local Government. They need to be revived.

Unfortunately over the next few years the movement withered out and slowly Karnataka lost the momentum it had gained as a “Cyber Law Capital of India”.

The current incident reminds me once again that the concept of “Cyber law Awareness Movement” retains its relevance and needs to be pursued. IIIT Law (International Institute of Information Technology Law), a trust based in Bangalore, Cyber Society of India (CySi) in Chennai are two surviving institutions co-promoted by the undersigned in the past to address the work related to Cyber Law Awareness in the community. Of these CySi is active and doing some good work in Chennai. IIIT Law has lost steam and efforts are being made to pull it back on rails.

I call upon the Karnataka Government as well as well private educational institutions and other related bodies with necessary resources to take up the cause of rebuilding the Karnataka Cyber Law Awareness Movement and also extend it as an “All India Cyber Law Awareness Movement”  (AICLAM).

Such a movement of this type  is an essential part of “Cyber Security” which Mr Modi stressed during his UN General Assembly address recently and therefore meets the objectives set forth by the current Government at the center.

Will Mr Ravishankar Prasad, the IT Minister in Delhi and the PMO consider this?


(I Invite suggestions from the public in this regard. Please also spread this message widely)

Share Button
Print Friendly

“International City Zone” scheme suggested to address US investor’s concerns

Many of the journalists interviewing prospective investors in US have been suggesting that investor’s are concerned about the laws in India some of which are archaic (eg labour and land laws) and some are whimsical (retrospective taxation). Investors are also concerned with the lack of business oriented Governance.

As a solution to these concerns I suggested the creation of one new law providing for setting up of “International City Zone” . I am not advocating here a real estate project with high rise buildings etc though they could also be a part of the scheme. What I am advocating is creating a new City which is Governed by the investors themselves with whatever laws are necessary to make the city a self sufficient economic entity. The city will make its own labour laws, tax laws etc with the sole objective of promoting business in this zone from which goods and services can be exported both to other parts of India and abroad. It will be a free trade zone with ability to source inputs from the globe.

The scheme would only mandate payment of a certain percentage of revenue turnover to India as royalty. Some other aspects have already been outlined in the previous article. Other issues can be discussed and sorted out.

I hope the suggestions would be given a due consideration.


Share Button
Print Friendly

Will RuPay challenge VISA/Master and be a Global Brand?

The JanDhan Yojana recently launched by the Modi Government has created an unexpected shakeup in the card markets at least in the Indian geographical boundaries. Under the scheme which is mainly intended to bring a large population of low income Government scheme beneficiaries into the Banking network, around 5 crore new Bank accounts are reported to have already been opened in the last month or so.

All these account holders will be provided with a “RuPay” debit card by the participating Banks. These cards will be cleared through the payment gateway created by the National Payment Corporation of India ( Promoted by a consortium of Indian Banks with the blessings of RBI,  will be issued by most of the Indian Banks and could grow in numbers in the coming days.

Rupay will approximately charge Rs 15 per card as processing fee to a single bank against Rs 25 of the other providers, a 40% reduction in service cost for Rupay compared with other providers. Hence it is expected that Rupay may reduce the card processing charges incurred by the Banks had they used VISA?Master debit cards for the same purpose.

Refer article in FE

According to one estimate, about 2.5 million new cards will be issued each month in the near future under the JanDhan yojana itself. These cards will be associated with an overdraft of Rs 5000/- and accident insurance benefits. In view of the huge numbers involved there is a speculation that the RuPay cards may give tough competition to Visa/Master cards.

However, it is expected that RuPay cards will be initially  used by the beneficiaries mainly to draw money out of ATMs. Gradually it may be used as a direct payment instrument just like other credit/debit cards at the merchant establishments. Most such establishments could be in the network used by the intended beneficiaries of Government schemes such as stores selling farm inputs in villages etc.

It should however be recognized that any business that starts with such a huge business foundation under the patronage of the Government has the potential to challenge the established players.

However the card usage at the merchant level is unlikely to grow at the same pace as the issue since there is lot of marketing efforts and logistics involved in promoting such a card usage by merchant establishments which NPCI may not be capable of.

Hence the RuPay Cards represent a challenge typical to India where there could be a huge potential in a public sector venture but which does not get converted into a profitable business model. The examples of the Railways, BSNL, etc are similar cases to take note of.

Mr Modi has however been credited with the ability to turn Public sector potential into commercial successes and RuPay Cards present one such opportunity.

It is possible that “RuPay” as a brand if not properly handled would be considered a “Low Income Group” brand and be a drag in commercial terms. Hence ensuring that a proper brand image is built around “RuPay” if it has to be a success in a commercially lucrative market”.

I wish NPCI recognizes the great  potential of RuPay Cards to be a challenger for Visa/Masters and develops a suitable strategy to harness the brand to be a real challenge to Visa/Masters.

This would require NPCI to  promote the RuPay cards for use by general public other than  Government scheme beneficiaries.  In this context the “RuPay” Payment gateway service has to challenge the Visa/masters rather than the cards themselves.

NPCI  should therefore promote RuPay payment gateway separately. It can also allow issue of RuPay premium cards for the general public.

Probably NPCI needs professional planning in this direction to harness “RuPay” as a global brand. A good public private partnership  would be essential for this purpose.

Also see article in

Also see article in


Share Button
Print Friendly