New Versions of
Naavi's E books
Available in PDF format at affordable prices
Awake and Stop Not until Indian E Banking is made Safe
Laws are Present, Implementation is wanting
August 31: Here is a copy of an interview of
Naavi in Kannada published in the weekly magazine VijayaNext from
Nagpur Cyber Security Summit
August30: The second annual cyber security
summit at Nagpur will be held on September 7th and 8th. Issues such as
the freedom of speech and social media may come for discussion during
the meet. Naavi along with Mr Rodney Ryder, Rakshit Tandon and other
experts are expected to participate.
Report in TOI :
Simultaneously another meet is to be held in
Jabalpur in which some of the above experts will also participate. The
twin initiatives are being lead by Advocate Mahendra Limaye of Nagpur.
Press Council Wants to regulate Social Media
Aug 29: Press Council of India (PCI) has
reportedly urged the Government to bring the Social Media under its
US District Court holds Bank responsible for wire
Aug 29: An US District Court has ruled that
the Bank which approved a wire transfer which was not in keeping with
the known transactions history of the customer is liable for the
Who has identified the sites to be blocked?
August 29: There appears to be some question
as to who idenitfied the sites to be blocked in the current NE Crisis.
According to this TOI report, NTRO idenitfied most websites and the
orders were executed through CERT-IN.
Blocking of Websites in India
August 27: The blocking of over 300 web URLs
in India has come for a wide debate on whether this was justified an
whether this is an indirect measure to take control of the Internet
media by the Government. The copies of the four orders which list the
URLs as released by Economic Times are available here:
Is Government taking over Internet?
August 24: The blocking of several websites
following the rumors floated by some Pakistani elements was justified by
the Government on the basis of National Security. Now that the crisis
seems to have been averted, this is the time to review the current
status of Internet Censorship in India. Center for Internet Society
(www.cis-india.org) has published a report on the websites blocked
by the Government. It is clear that the Government has invoked Internet
Emergency powers available under ITA 2008 but has failed to follow
From the developments it appears that the Government
is using this incident as an excuse to take over Internet and the Social
Media so that it cannot be used as a public communication tool at a time
when the Coalgate scandal is posing an embarrassment to the ruling party
and the Anna Hazare/Baba Ramdev groups are threatening to upset the
election prospects of Congress.
New Threats to Online Banking
August 21: Stuxnet, Duqu followed by Flame were
all sophisticated malicious codes designed to destroy probably the
Iranian nuclear systems but could also be of adverse consequences to
others. India has also suffered thousands of infections of these
malicious codes and spent enormous money to secure its resources.
Now it appears that a new threat named "Mahdi" has
emerged again in Iran. This is believed to be part of a covert US and
Isreli effort to monitor and delay Iranian nuclear program.
Cyber Terrorism at work?
August 20: The recent incidents in India
following a series of SMS messages being circulated to threaten people
of Assamese origin living in different parts of India back to Assam has
thrown open discussions on whether it is an act of "Cyber Terrorism" or
"Cyber War" or a combination of both.
In interpreting Section 66F, the key may be to
interpret the words "without authorization". In the instant case, the
perpetrators of the crime have accessed the SMS system and some websites
and used the services to commit the crime. The service providers which
may be the MSPs or the hosting companies or the domain name registrars
had not provided the service to be used for the purpose of such
terrorist activities. Hence it would amount to "Unauthorised access" of
the service. Hence there is a good reason for the incident to be booked
under Section 66F of ITA 2008...More
Bharti Airtel 4G network in the shadow of China Risk
August 9: Despite the knowledge that Chinese
Government controls the telecom majors in their country and is active in
international espionage and cyber wars, Bharti Airtel is reported to
have adopted a dependence on the Chinese firm ZTE for roll out of 4G
services in Kolkata. It is interesting to note that the relationship has
started with West Bengal which is politically sensitive. This issue
represents a conflict between commercial considerations and
national security and needs to be investigated at the highest
ATM Fraud in Mysore
August 8: It is reported that two customers of
State Bank of Mysore at Mysore have lost money through ATM frauds with
cloned cards being used to draw money. One of the drawals is from a
foreign country while the other is from Chennai when both customers are
in Mysore. It would be interesting to see how SBM reacts to this blatant
failure of security.
In the past some of the cases like this have been
settled by the Ombudsman though in an earlier case in Bangalore, the
Ombudsman at Bangalore had refused to protect the customer and favoured
the bank. Hopefully in this case he would be more responsive.
Earlier the Adjudicator of Karnataka was also in
favour of Banks and customer of Banks in India facing cyber crimes were
in an unenviable situation. Hopefully the new Adjudicator would see
Vishing in Tirunelveli
August 8: Naavi.org has received a report from
Tirunelveli of a fraud in ICICI Bank in which it is reported that the
fraudsters repeatedly used telephone to call the customer as
representatives of the Bank and extracted the OTP. It is time for RBI to
recognize that the 2F authentication as it is being implemented now is
ineffective in such cases.
New Adjudicator in Karnataka
August 8: Mr I S N Prasad, IAS has been
appointed as the new IT Secretary in Karnataka and therefore assumes
responsibility as the adjudicator of Karnataka. He replaces Mr
M.N.Vidyashankar. He has assumed charge from 9th July 2012.
Bank Frauds up by 53%
August8: Speaking in a conference of vigilance
officers of Banks, the CBI chief has stated that banks lost Rs 3799
crores in 2011 as compared to Rs 2017 crores in 2009-10.
Importance of Information Security
August8: Indian Outsourcing industry which is
estimated to have a market share of around 58.5% is realizing the
importance of Information Security and this is likely to improve the
career prospects for IS professionals. Apart from the prospects of
outsourcing, increasing number of cyber crimes has contributed to the
growing importance of information security.
The recent Stanchart issue has once again indicated
that it is not only the technical aspects of Information Security which
is of concern to Indian companies but legal compliance as well. In this
three dimensional approach suggested by Naavi under the
IISF-309 framework (version4)
Stanchart accused of Non Compliance of US Laws
August 7: Standard Chartered Bank has been
accused of not having complied with US laws regarding ban of
transactions with Iranian customers and is facing the threat of losing
New York Banking license.
An NDTV report highlighted a remark in the report
which pointed out that the Back office operations of the Bank including
the compliance part was outsourced to India and passing comments that
the incident could affect the Outsourcing business.
Report in NDTV. The issue is not related to outsourcing and is
related to non compliance of US regulations. The Bank has however
refuted the allegation. THE NDTV report is therefore misplaced.
The incident however highlights the fact that BPOs
need to focus on "Legal Compliance" in multiple countries as part of
their business strategy.
IDRBT Releases IS Framework for Banks
August 5: IDRBT has released an IS framework
for Banks based on the Gopalakrishna Working Group recommendations for
the guidance of Banks. The Framework has been developed for "Enterprise
Security", "Platform Security", "Application Security" and "Data
Security". It has been drafted with the contributions from people drawn
from different Banks.
The attempt to define a IS framework for Banks is
appreciable but the document does not appear to provide the required
clarity to the IS function of a Bank. It has however been endorsed by
the IDRBT and released by the Governor and hence should get some
attention amongst the Bankers. Since every major Bank is involved in the
drawing of the framework, every Bank should start implementing at least
part of the recommendations within its Bank.
Naavi.org, is however of the opinion that the
framework is in conflict with some of the earlier guidelines of RBI. A
suitable preliminary message has been sent to the RBI and will be
followed up with a detailed report which may be made public at the