Year 2007 in retrospect

Another eventful year 2007 is behind us. The digital society in India entered its 9th  year of existence. The year marked some new beginnings and also opened up some concern areas. Let's try to recall some of the important developments in the field of Cyber Law in India and also in the history of Naavi.org... More

ICICI Bank Phishing Fraud reported from Delhi

The ICICI Bank Phishing attempt reported in these columns earlier have started surfacing in the form of victims reporting the frauds. One such case has been reported by a Delhi customer of ICIC Bank who has found around RS 76000/- drawn from his Internet Banking account following the response to the phishing mail. What is to be noted is that the money has been credited to ICICI bank accounts in Mumbai before the trail was lost.

For the general information of victims, we would like to suggest victims to take immediate action to protect their interests by filing a complaint with the Police. We also urge the Police to register the cases not only under the sections of fraud under IPC but also under Section 66 of ITA 2000 (Diminishing the value of information and causing injury to information residing inside a computer resulting in  wrongful harm). Case may also be registered against the Intermediary Banks (Under Section 85 for vicarious liability due to lack of due diligence). The Bank from which the money finally went untraceable will also be liable under the Anti Money Laundering Act.

Cyber Crime Complaints and Resolution Assistance center (www.ccc-rac.in)  would provide assistance required by the victims through the group of advocates associated with the center where required.

74% of e-mails are Spam.. Who Benefits?

Symantec observes that over 74% of mails reaching India are spam mails. It also warns that spammers are teaming with criminals and providing a channel for spreading of Trojans and Frauds. In discussing the solution to this problem, we need to recognize that Spam is not getting reduced because ISPs are not cooperating in the reduction of Spam. The reason is that ISPs are directly benefiting from the proliferation of Spam and unless they are made responsible for the ill effects of Spam, the situation cannot improve. Symantec Report

One More Phishing Attack in ICICI Bank Name

Cyber Crime Complaints and Resolution Assistance Center ( www.ccc-rac.in ) has come across yet another phishing mail attacking the ICICI Bank account holders. (The e-mail ). The mail contains a hyperlink which is linked to the URL : http://br.geocities.com/icici_bankupdate/ICICI.htm

The page appears to have been disabled at present by geocities.com.  It is also interesting to observe that when the site was visited with Firefox, an automated alert was generated while no such alert was generated in the Internet Explorer. (See the pages here)

Header information indicates that the mail has been originated from the @icicibank.com domain. This was also the case of an earlier phishing mail received on 21st December. Security specialists at ICICI Bank may check if their mail servers are compromised or this is simply a case of spoofing..

Convergence Conflict Surfaces in Mobile TV

Allocation of spectrum for Mobile TVs has reportedly created differences between the I&B Ministry and the Ministry of Communications and IT. While the TRAI looks at the issue of allocation of spectrum as the Telecom domain, the MCIT is concerned about the IP TV broadcasters. The problem however is that the convergence of technologies has left both the TV and Cable Industry and the Internet industry in the same business place and they need to integrate and compete with one another. It may be recalled that it was on the issue of such differences that the Communication Convergence Bill 2001 was shelved. It is perhaps time to think once again if the time is ripe for passing a uniform legislation for the convergence industry and bring it under one regulatory authority. Related Article in Hindu Business Line

Beware of the New Year Phishing Attacks

The creativity of criminals can be seen in the exploitation of every event which is socially considered important by individuals for any reason. With the coming of the New Year, now a Phishing attack has been launched in the name of ICICI Bank hinting that the Bank is undertaking an annual security drill and in order to keep one's account secure in 2008, they need to log in and update their accounts. This in effect is the content of the e-mail which has been sent to all ICICI Bank customers.

Copy of the mail is seen here.

Copy of the header information of the mail is available here.

Recipients may note that the hyperlink given in the mail links to a different website which is the indication that this is a phishing mail. We also observe that the sender's address is from the icicibank.com domain.

We request public not to respond to the mail and also request ICICI Bank to take necessary remedial action.

Address of Dr Abdul Kalam at SDM College Mangalore

Dr Abdul Kalam recently visited Mangalore and delivered a lecture to the students at SDM Law College. Amongst other things he singled out Cyber Law as one of the important segments of law for law students.  Full Speech

Need for Protecting the E-Governance Assets

A spate of e-mail threats that have been received in recent days threatening in each case a terrorist action indicates  their confidence that their e-mails will not be traced. Probably they are right since there are umpteen number of service providers who are ready to help them with technology for masking their identity. These "Anonymizer" tools which are meant to protect the "Privacy" of an individual also comes in handy for criminals. Today we are seeing the spate of e-mails some of which may be only pranks. But these incidents also indicate the possibility that soon similar channels will be used for launching cyber attacks on Indian information assets. As more and more aspects of Governance shifts to the e-space, the e-Governance assets become vulnerable to these attacks.

Sooner we realize these threats and take action, better it is for India. Naavi has observed that the awareness of Information security needs particularly the augmented security which we prefer to call "Techno Legal Security" as different from the normal Firewall security is in adequate in the e-Governance sphere. As a result a number of good initiatives in e-Governance fall woefully short in addressing the cyber law compliance issues. It appears that there needs to a mandating of such security initiatives in the e-governance sector through a specific legislation such as an "E-Governance Act".

Naavi.org welcomes thoughts on this issue "Do We Need an E-Governance Act of India" to supplement the Information Technology Act 2000? and if so what should be the scope of such an Act. If you have a view, write to naavi@vsnl.com 

Human Rights and Netizens

Speaking at the valedictory function of the two day National Conference on Human Rights conducted by KILPAR (Karnataka Institute for  Legal and Parliamentary Reforms) and SDM Law College at Mangalore on the 16th December, 2007, Naavi underscored the need for Human Rights Activists to also debate on how Human Rights are violated through Cyber Space. He also highlighted that human rights activists are already considering a drafting of a "Universal Declaration of Netizen's Rights" and Indian activists should also start taking interest in the same.

It may be recalled that the Cyber Crimes Complaints and Resolution Assistance Center (CCC-RAC) of Naavi.org has already started acting in the domain of "Human Rights in the Netizen sphere". Human Rights Activists who would like to support the activities of Naavi may contact the center at Bangalore. A branch of the center is proposed to be opened at Mangalore and if appropriate interest is shown by others, Naavi.org intends to open such units elsewhere. (18/12/2007)

Attacks from China are more than from Pakistan

In what must be considered as a matter of grave concern, security experts are indicating that Cyber attacks from China have increased to such an extent recently that they have surpassed attacks from Pakistan. It appears that China is developing an expertise in Cyber Warfare which challenges the US dominance in Cyber Space.  Read the article in Mint

As Naavi.org has repeatedly brought out in these columns, we need a national strategy for cyber space security which should encompass the Cyber crime prevention activities of the Police as well as the Information Security activities of the IT users. Digital Society Foundation recently organized a seminar in Bangalore to focus on this issue. But we need more such seminars to discuss what needs to be done on an all India basis.

One of the other stake holders who seem to be need some nudging in this regard is the e-Governance sector. The e-Governance sector in India is still in the "Enablement mode" and in a bid to find innovative use of ICT in Governance, security aspects are being ignored. In the Banking segment also there is less than adequate security concern basically because the Banks are dependent on software vendors who are not keen to introduce security features on an ongoing basis since it means a "Cost" to them. They forget that with their reluctance, they are adding a "Deferred Cost" to their customers and perhaps a "Deferred Security Threat" to the nation.

Hopefully, the growing Chinese dominance in Cyber War fare will wake up our authorities.

Intermediaries Get a Jolt From Supreme Court

In what should be considered as a major legal decision in India affecting the domain of Cyber Crimes, Supreme Court of India has held that Intermediaries  could also be guilty under narcotics control laws if the facilities are used to distribute banned drugs in the country and abroad.

The Court said that the network providers could not be treated merely as "innocent intermediaries" under the Information Technology Act. The immunity provided by the Act from prosecution referred only to offences under the that law but did not extend to the nefarious trade, the bench headed by Justice S B Sinha emphasised.

In this case, Sanjay Kedia, a highly qualified person set up two companies, Xponse Technologies and Xponse Services, and designed, developed and hosted a pharmaceutical website and was using it to distribute huge quantities of drugs in the US from Kolkotta. In view of the "overwhelming inculpatory evidence" the court denied his bail application.

This is of great importance in the light of the demand for exemption of liabilities under the proposed amendments to ITA 2000. This may also be treated as one of the first Case Laws that become relevant for future discussions on Cyber Crime liability. Report in BS

Experts Allege Cyber War preparation by China

The computer security firm McAfee has compiled a report with input from Nato, the FBI, and the Serious Organised Crime Agency, that according to Nato insiders, the wave of cyber attacks that hit Estonia earlier this year, disrupting government, news and bank servers for weeks, was the tip of the iceberg. According to the report, a "cyber cold war" is developing as international web espionage and cyber-attacks become the biggest threats to internet security.

Targets include air traffic control, financial markets, government computer networks and utility providers. In September, the Guardian reported that Chinese hackers, including some believed to be from the state military, had been attacking the computer networks of British government departments, including the Foreign Office. China has spelled out in a white paper that "informationised armed forces" are part of its military strategy... Report in Guardian