Year 2007 in retrospect
Another eventful year 2007 is behind us. The digital society in India entered its 9th year of existence. The year marked some new beginnings and also opened up some concern areas. Let's try to recall some of the important developments in the field of Cyber Law in India and also in the history of Naavi.org... More
ICICI Bank Phishing Fraud reported from Delhi
The ICICI Bank Phishing attempt reported in these columns earlier have started surfacing in the form of victims reporting the frauds. One such case has been reported by a Delhi customer of ICIC Bank who has found around RS 76000/- drawn from his Internet Banking account following the response to the phishing mail. What is to be noted is that the money has been credited to ICICI bank accounts in Mumbai before the trail was lost.
For the general information of victims, we would like to suggest victims to take immediate action to protect their interests by filing a complaint with the Police. We also urge the Police to register the cases not only under the sections of fraud under IPC but also under Section 66 of ITA 2000 (Diminishing the value of information and causing injury to information residing inside a computer resulting in wrongful harm). Case may also be registered against the Intermediary Banks (Under Section 85 for vicarious liability due to lack of due diligence). The Bank from which the money finally went untraceable will also be liable under the Anti Money Laundering Act.
Cyber Crime Complaints and Resolution Assistance center (www.ccc-rac.in) would provide assistance required by the victims through the group of advocates associated with the center where required.
74% of e-mails are Spam.. Who Benefits?
Symantec observes that over 74% of mails reaching India are spam mails. It also warns that spammers are teaming with criminals and providing a channel for spreading of Trojans and Frauds. In discussing the solution to this problem, we need to recognize that Spam is not getting reduced because ISPs are not cooperating in the reduction of Spam. The reason is that ISPs are directly benefiting from the proliferation of Spam and unless they are made responsible for the ill effects of Spam, the situation cannot improve. Symantec Report
One More Phishing Attack in ICICI Bank Name
Cyber Crime Complaints and Resolution Assistance Center ( www.ccc-rac.in ) has come across yet another phishing mail attacking the ICICI Bank account holders. (The e-mail ). The mail contains a hyperlink which is linked to the URL : http://br.geocities.com/icici_bankupdate/ICICI.htm
The page appears to have been disabled at present by geocities.com. It is also interesting to observe that when the site was visited with Firefox, an automated alert was generated while no such alert was generated in the Internet Explorer. (See the pages here)
Header information indicates that the mail has been originated from the @icicibank.com domain. This was also the case of an earlier phishing mail received on 21st December. Security specialists at ICICI Bank may check if their mail servers are compromised or this is simply a case of spoofing..
Convergence Conflict Surfaces in Mobile TV
Allocation of spectrum for Mobile TVs has reportedly created differences between the I&B Ministry and the Ministry of Communications and IT. While the TRAI looks at the issue of allocation of spectrum as the Telecom domain, the MCIT is concerned about the IP TV broadcasters. The problem however is that the convergence of technologies has left both the TV and Cable Industry and the Internet industry in the same business place and they need to integrate and compete with one another. It may be recalled that it was on the issue of such differences that the Communication Convergence Bill 2001 was shelved. It is perhaps time to think once again if the time is ripe for passing a uniform legislation for the convergence industry and bring it under one regulatory authority. Related Article in Hindu Business Line
Beware of the New Year Phishing Attacks
The creativity of criminals can be seen in the exploitation of every event which is socially considered important by individuals for any reason. With the coming of the New Year, now a Phishing attack has been launched in the name of ICICI Bank hinting that the Bank is undertaking an annual security drill and in order to keep one's account secure in 2008, they need to log in and update their accounts. This in effect is the content of the e-mail which has been sent to all ICICI Bank customers.
Copy of the mail is seen here.
Copy of the header information of the mail is available here.
Recipients may note that the hyperlink given in the mail links to a different website which is the indication that this is a phishing mail. We also observe that the sender's address is from the icicibank.com domain.
We request public not to respond to the mail and also request ICICI Bank to take necessary remedial action.
Address of Dr Abdul Kalam at SDM College Mangalore
Dr Abdul Kalam recently visited Mangalore and delivered a lecture to the students at SDM Law College. Amongst other things he singled out Cyber Law as one of the important segments of law for law students. Full Speech
Need for Protecting the E-Governance Assets
A spate of e-mail threats that have been received in recent days threatening in each case a terrorist action indicates their confidence that their e-mails will not be traced. Probably they are right since there are umpteen number of service providers who are ready to help them with technology for masking their identity. These "Anonymizer" tools which are meant to protect the "Privacy" of an individual also comes in handy for criminals. Today we are seeing the spate of e-mails some of which may be only pranks. But these incidents also indicate the possibility that soon similar channels will be used for launching cyber attacks on Indian information assets. As more and more aspects of Governance shifts to the e-space, the e-Governance assets become vulnerable to these attacks.
Sooner we realize these threats and take action, better it is for India. Naavi has observed that the awareness of Information security needs particularly the augmented security which we prefer to call "Techno Legal Security" as different from the normal Firewall security is in adequate in the e-Governance sphere. As a result a number of good initiatives in e-Governance fall woefully short in addressing the cyber law compliance issues. It appears that there needs to a mandating of such security initiatives in the e-governance sector through a specific legislation such as an "E-Governance Act".
Naavi.org welcomes thoughts on this issue "Do We Need an E-Governance Act of India" to supplement the Information Technology Act 2000? and if so what should be the scope of such an Act. If you have a view, write to firstname.lastname@example.org
Human Rights and Netizens
Speaking at the valedictory function of the two day National Conference on Human Rights conducted by KILPAR (Karnataka Institute for Legal and Parliamentary Reforms) and SDM Law College at Mangalore on the 16th December, 2007, Naavi underscored the need for Human Rights Activists to also debate on how Human Rights are violated through Cyber Space. He also highlighted that human rights activists are already considering a drafting of a "Universal Declaration of Netizen's Rights" and Indian activists should also start taking interest in the same.
It may be recalled that the Cyber Crimes Complaints and Resolution Assistance Center (CCC-RAC) of Naavi.org has already started acting in the domain of "Human Rights in the Netizen sphere". Human Rights Activists who would like to support the activities of Naavi may contact the center at Bangalore. A branch of the center is proposed to be opened at Mangalore and if appropriate interest is shown by others, Naavi.org intends to open such units elsewhere. (18/12/2007)
Attacks from China are more than from Pakistan
In what must be considered as a matter of grave concern, security experts are indicating that Cyber attacks from China have increased to such an extent recently that they have surpassed attacks from Pakistan. It appears that China is developing an expertise in Cyber Warfare which challenges the US dominance in Cyber Space. Read the article in Mint
As Naavi.org has repeatedly brought out in these columns, we need a national strategy for cyber space security which should encompass the Cyber crime prevention activities of the Police as well as the Information Security activities of the IT users. Digital Society Foundation recently organized a seminar in Bangalore to focus on this issue. But we need more such seminars to discuss what needs to be done on an all India basis.
One of the other stake holders who seem to be need some nudging in this regard is the e-Governance sector. The e-Governance sector in India is still in the "Enablement mode" and in a bid to find innovative use of ICT in Governance, security aspects are being ignored. In the Banking segment also there is less than adequate security concern basically because the Banks are dependent on software vendors who are not keen to introduce security features on an ongoing basis since it means a "Cost" to them. They forget that with their reluctance, they are adding a "Deferred Cost" to their customers and perhaps a "Deferred Security Threat" to the nation.
Hopefully, the growing Chinese dominance in Cyber War fare will wake up our authorities.
Intermediaries Get a Jolt From Supreme Court
In what should be considered as a major legal decision in India affecting the domain of Cyber Crimes, Supreme Court of India has held that Intermediaries could also be guilty under narcotics control laws if the facilities are used to distribute banned drugs in the country and abroad.
The Court said that the network providers could not be treated merely as "innocent intermediaries" under the Information Technology Act. The immunity provided by the Act from prosecution referred only to offences under the that law but did not extend to the nefarious trade, the bench headed by Justice S B Sinha emphasised.
In this case, Sanjay Kedia, a highly qualified person set up two companies, Xponse Technologies and Xponse Services, and designed, developed and hosted a pharmaceutical website and was using it to distribute huge quantities of drugs in the US from Kolkotta. In view of the "overwhelming inculpatory evidence" the court denied his bail application.
This is of great importance in the light of the demand for exemption of liabilities under the proposed amendments to ITA 2000. This may also be treated as one of the first Case Laws that become relevant for future discussions on Cyber Crime liability. Report in BS
Experts Allege Cyber War preparation by China
The computer security firm McAfee has compiled a report with input from Nato, the FBI, and the Serious Organised Crime Agency, that according to Nato insiders, the wave of cyber attacks that hit Estonia earlier this year, disrupting government, news and bank servers for weeks, was the tip of the iceberg. According to the report, a "cyber cold war" is developing as international web espionage and cyber-attacks become the biggest threats to internet security.
Targets include air traffic control, financial markets, government computer networks and utility providers. In September, the Guardian reported that Chinese hackers, including some believed to be from the state military, had been attacking the computer networks of British government departments, including the Foreign Office. China has spelled out in a white paper that "informationised armed forces" are part of its military strategy... Report in Guardian
PR Syndicate honours 'Cyber Law Guru of India', Na.Vijayashankar
PR Syndicate, (an organization of Corporate PR Professionals in Chennai,) celebrated its First Anniversary on 20th January 2007 at Russian Cultural Centre. On the occassion, "Award of Excellence in Public Life" was presented to 'Cyber Law Guru of India' Na.Vijayashankar...More
Naavi's latest book "Cyber Laws Demystified" was soft launched at the Nimhans Convention Center during the Indian Police Congress. The book is a comprehensive coverage on Cyber Laws both ITA-2000 as well as IPR and other issues.
Structured into 24 chapters it also covers the proposed amendments to ITA-2000 in detail as an appendix. A copy of the Information Technology Act 2000 is also appended to the book.
The book also has several individual chapters on the legal issues of Cyber Banking, Cyber Advertising, Cyber Taxation and Cyber Terrorism.
The book is priced at Rs 750/-.
For Enquiries and Bulk orders click here. :
What is Naavi.org?
Naavi.org is India's premier portal on Cyber Law. It is not only an information portal containing information on several aspects concerning Information Technology Law in India but also represents the focal point of several services around Cyber Law carried on by Naavi.
The first such service is the Cyber Law College a virtual Cyber Law education center in India which provides various courses on Cyber Law.
The second key service is the Cyber Evidence Archival center which provides a key service to help administration of justice in Cyber Crime cases.
The third key service is the domain name look-alikes dispute resolution service which provides a unique solution for websites with similar looking domain names to co exist.
The fourth key service is the online mediation and arbitration service another unique global service.
The fifth key service is the CyLawCom service which represents the Cyber Law Compliance related education, audit and implementation assistance service.
Additionally, Naavi.org is in the process of development of four sub organizations namely the Digital Society Foundation, Naavi.net, International Cyber Law Research Center and Cyber Crime Complaints and Resolution Assistance Center. Digital Society Foundation is a Trust formed with the objective of representing the voice of Netizens in various fora and work like an NGO to protect their interests. Naavi.net is meant to develop a collaborative distributed network of LPO consultants. International Cyber Law Research Center would support research in Cyber Laws and Cyber Crime Complaints and Resolution Assistance Center would try to provide some support to victims of Cyber Crimes.
Together, Naavi.org represents a "Cyber Law Vision" that goes beyond being a mere portal. Started in 1997, when the concept of Cyber Law was new across the globe, consistent efforts over the last decade has brought Naavi.org to the beginning of "Phase 2" in which the services are ready to reach out to a larger section. This is recognized as the phase of collaborations and growth by association. Naavi.org will therefore be entering into a series of associations to develop each dimension of its vision with an appropriate partner. Individuals, Organizations and Commercial houses which have synergistic relationship with the activities of Naavi.org are welcome to join hands in commercial and non commercial projects of Naavi.org.
Add Your Comments Here
If you would like to know more about Naavi, the information is available here.
For Any Payments to be made to Naavi online : Naavi_s Payment Center