Let's Build a Responsible Cyber Society
15th Year in service of Netizens

Naavi's Payment


Contact Address
About Us




Privacy Policy, Editorial Policy & Disclaimer


Business Enquiries




Cyber Law Forum

RSS Subscription

[Valid RSS]


"This website is the Wikipedia of Indian Cyber Laws".. A Visitor's remark

"Watch This Site as a Daily Habit. It may save careers".. A Banker's remark as an advise to fellow Bankers

Naavi is a Cyberlaw consultant based in Bangalore and specializes as Cyber law compliance advisor for the industry.

Why CISO's of Banks will be guilty of murder

Feb 29: This is in continuation of the previous articles on how Bank fraud victims are suffering heart attacks because of the loss of their  life time savings and focuses on the responsibility of the CISOs.... More

SBI is unconvincing in explaining Patna ATM Frauds

Feb 29: 22 ATM fraud cases are reported to have been filed in SBI ATMs in Patna involving a loss of Rs 12 lakhs to different customers including Rs 4 lakhs by a retired Police officer. (Refer article in TOI) GM of the Bank has blamed the customers for taking the help of strangers and not protecting the PIN. However the GM has failed to explain how the fraudsters have been able to withdraw money only with the PINs even if they get access to it without the presence of a Card. If the ATMs can be operated without Cards or with cloned cards, the responsibility for having such ATMs must be taken up by the Bank. If there were guards and CCTV as claimed by the GM, why they are not able to find out those who withdrew the money?. Banks should stop lying about their security and RBI should stop being silent. In fact the Ombudsman in Patna should ensure that all the losses are recovered from the Bank on the lines of the recommendations of the Damodaran Committee. Related Article in TOI

Indian BPO Owner Charged of Extortion

Feb28: An Ahmedabad Call Center owner has been charged of running an extortion racket threatening US customers and forcing them to pay non existing loan dues. The incident reported charges the owner directly of having committed the offence and not for vicarious liabilities for his employee's actions. It is alarming that an owner should commit such a fraud but if true it is a big shame on the BPO industry in India. It is more probable that such frauds may be committed by employees of the Call Centers in which case the owner still takes the liability for the action of its employees but could consider covering such losses through insurance and appropriate due diligence. Report in Livemint

Megaupload owner arrested

Feb 28: The owner Mr Kim Dotcom of megaupload.com allegedly one of the sites mis-using the concept os secure cloud hosting to host and distribute pirated content has been arrested. Related Article

Blood of Bank fraud victims are on these hands...

Feb 26: Naavi has been crusading against the Indian Bankers who are in pursuit of commercial profits even at the cost of the lives of their customers. The days when we considered "Customer is the King.." as suggested by Mahatma Gandhi is over. Today most bankers have no idea how their services are making their customers lose  several years of their active life. A series of articles are presented here on the current status of E Banking customers in India..

1. Indian Media is Insensitive..here

2. Blood of Bank fraud victims are on these hands...

Watch out for more articles...

SMS Texting Banned in HIPAA Context

Feb 23: The Joint Commission on Accreditation of Healthcare Organizations (JCAHO) recently issued a “ban” on physician texting, saying it’s “not acceptable” for medical professionals to communicate patient information via SMS. This is likely to push for the use of secure messaging systems. RBI should take note of this development as they are pushing the use of mobiles in Indian Banking system unmindful of the risks. JCAHO is an independent, not-for-profit organization, which  accredits and certifies more than 19,000 health care organizations and programs in the United States. Joint Commission accreditation and certification is recognized nationwide as a symbol of quality that reflects an organization’s commitment to meeting certain performance standards. Related Article

Surge in HIPAA  Compliance Issues

Feb 23: According to a recent research in US, data breaches in 2011 have risen by 32% while at the same time regulations have become more stringent. Covered entities are therefore seeing a squeeze from both sides with increasing risks and increasing regulatory pressures. It is reported that 92% of all healthcare institutions have experienced data breach incidents atleast once in last two years and each such incident costs on an average USD 2.2 million. Related Story

TRAI should Investigate Billing Frauds

Feb 23: After the Number Portability has been introduced in the mobile circles, companies are finding that if there are any billing disputes, customers opt for MNP and move out. However MNP is still not available for data cards and it appears that mobile companies are now focusing on cheating customers on data transactions which are more difficult to verify. Airtel being the leader in the industry appears to be also leading in this scam. It is essential for TRAI to introduce a system whereby false data billing can be identified and customers saved from such frauds.

Recently executives of MTS have been arrested in Mumbai for misusing the KYC forms issued by one customer and using it to issue data cards to another after switching photographs to boost sales.

Airtel has been doing this by falsely billing data usage on cards even when they are not in use. ( I am refering to my own account as an example). Such false billing has also been observed on the mobile. It appears that this is prevalent in 3G connections. I have also demanded Airtel to provide me a study of 3G speeds available in Bangalore in different parts to substantiate their marketing claims. I allege that Airtel 3G does not provide 3G speeds but substantially operates only on 2G networks. Their marketing claims are therefore false. I have also asked them to provide me the details of my data usage with reference to the IP addresses and destinations and I am yet to receive their reply.

It may be necessary for a large scale investigation to unearth a corporate fraud in Airtel billing department TRAI should stake steps in this regard.

TRAI should also ensure that the data card device should be portable across different service providers so that the customer is not locked onto a service provider if he does not want to.   Also see

AIRTEL sends bills in transparent covers

Feb  23: In a bizarre observation, Midday reported that hundreds of customers of Airtel received their bills in transparent covers with the entire bill being visible. Has anybody in Airtel heard of "Privacy", "Sensitive Personal Information", "Reasonable Security Practice"?. The incident is a clear violation of Section 43A and 79 of ITA 2008 and action needs to be taken against the Company. Mid Day article

Ethical hacker in UK jailed for 8 months

Feb22: An ethical hacker in UK was jailed for 8 months for hacking Face Book. The matter was unearthed in a regular security review at Face Book and investigated by FBI claiming that it has rights to deal with hackers in UK. Passing the judgment Judge Alistair McCreth observed that the hacking could have potentially caused very serious consequences to Face Book but agreed that the hacker did not have any intention of making any commercial gain. The Court observed that there could be an indication of an "Asperger's Syndrome"  in the hacker's behaviour of trying to prove himself to his father.  Related Article

Bangladesh Hackers/Terrorists give notice through You Tube

Feb 21: Hackers from Bangladesh appear to be using You Tube to send a message to India. They have sent a few demands which are more that of terrorists and threaten a large scale hacking of Indian sites if their demands are not met. The threat is made out in the name of the Bangladesh Cyber Army. It would be interesting to know what the Indian Government response would be apart from perhaps asking for the video to be taken down.  Video

Laws More Misused than applied purposefully

Feb 21: The case of a web journalist in Bangkok being tried for publication of comments by visitors on her website is a case where the intermediary is being held unreasonably liable for an offence committed by some body else. If more such cases surface, the intermediaries will be so much afraid of posting any content that Internet ceases to be of any value as a medium of free expression. This approach may lend legitimacy to underground publications who may work outside the legal control. If we want "Responsible Behaviour of Netizens" it is also necessary that regulators are reasonable in their approach to political criticism. Related Article

Case Filed For Disclosure of Face Book Security Architecture

Feb 19: A security specialist in Hyderabad has filed a case in AP High Court seeking directions to GOI to demand disclosure of the security architecture of Face Book. It has also demanded that Face Book should use stringent identitification measures such as  Face Recognition before opening of profiles to avoid fake profiles... Report in TOI

HSBC Bank into massive money laundering?

Feb 16: In a shocking revelation, an ex employee of HSBC has revealed that there is a massive money laundering operation going on in HSBC and is reportedly produced more than 1000 customer pages as evidence. The employee who was working as a Relationship Manager has said “I was shocked to find accounts through which millions of dollars were being deposited and withdrawn without any apparent business activity being conducted,...Then when I went to visit the business, I found nothing – shell companies, vacant offices with no furniture, or no such business whatsoever at the address listed on the account records.” Read the full story here

In response to this expose, HSBC has tried to force the publication to withdraw the story. Read report here. To ensure that the stories will be available for the readers, they are archieved by Naavi.org/ceac.in to be used if required.

This story also corroborates what Mr Yash, a security professional in Bangalore has been stating on his attempts to bring to public knowledge the security vulnerabilities in the E banking system.

E Banking Security Guarantee Scheme

Feb 12: Naavi.org has been in the forefront of a crusade to make E Banking systems safer for the Bank Customers. Here is a suggestion that the RBI can implement in this direction. This could be a temporary or a permanent measure that can ensure safety of the funds of the E-Banking Customer and could be the only solution for survival of the Indian Banking at this point of time... More

Reduction of Phishing in Ahmedabad

Feb 12: Police in Ahmedabad have reported substantial reduction of Phishing in Ahmedabad after a leading local bank introduced IP filtering system to eliminate Nigerian IP addresses. If this is possible for one bank in one city it should  perhaps be adopted by all other banks. Related Article


Face Book Responds to Victims

Feb 12: During the last week two victims who had seen false profiles being created in their  names on Face Book found a quick relief after the matter was suitably taken up with the Face Book team through a Section 79 notice from Naavi.org. Face Book appears to have set up a new grievance redressal mechanism to meet such requests. These two cases were not cases of freedom of speech. One was the case in which obscene pictures were posted in the profile and in the other pictures stolen from a lost mobile had been used. We congratulate Facebook for their quick response. It has given relief to two young girls who were facing extreme stress on account of the activity of the some irresponsible cyber criminals.

Will RBI take note of this?

Feb10: Security researchers have identified a mobile botnet which appears to have compromised more than 100,000 Android devices. Though at present this botnet seems to be targeting mobiles in China, it gives notice of a serious security threat even to India where RBI is pushing mobile usage for Internet banking. Naavi.org has been repeatedly warning RBI that security in Internet Banking itself is unacceptable and if transactions are extended to mobile devices further doors of opportunity will be opened out for criminals at the expense of Bank customers. Related Article

Indian Banking System in danger of collapse..What are the solutions?

Feb 8: Given the alarming security situation in E Banking and continued apathy of the RBI and collective failure of the ministries of Finance, Home and IT in the Central Government, here are some immediate measures required to ensure survival of the Banking system.... More

Three More Phishing Cases in Pune

Feb 8: Three phishing cases were registered involving a loss of Rs 17.5 lakhs to three customers in Pune. Fraudsters are making merry since banks are collaborating with the fraudsters with their lack of basic due diligence in the conduct of Banking and continued failure of Governance of the RBI. Report in Midday

Media Takes Notice of E Banking Vulnerabilities

Feb 7: The vulnerabilities in the E banking systems in India has slowly started getting the attention of the media. In a detailed article on the subject Moneylife.in has detailed the risk of Man in the Browser attack. Details

Bomb is ticking to destroy the Indian Banking System

Feb 7: Naavi.org has constituted an "Expert Group on  E Banking Security" consisting of representatives from different walks of life to which a security professional in Bangalore made a demo of vulnerabilities in the Indian E Banking Systems. The group is now contemplating further action to draw the attention of the RBI and the Government of India to find answers to some of the concerns raised during the demo. ... More

Report on Privacy Symposium

Feb7: Here is a report in Tehelka on the Privacy Sympoisum held in Delhi on 4th February 2012. Report

20 Canara Bank Accounts Hacked through ATM

Feb 5: Naavi.org had reported a few month's back about an ATM fraud in which a Bank of India customer had lost Rs 40,000/- through fraudulent withdrawal  through a Canara Bank ATM. It had been pointed out in that case that Canara Bank was not having a CCTV camera in the ATM. Now it is reported that 20 account holders have suffered similar losses in Yelahanka town where it has been found that fraudsters had deployed cameras to watch the customer's passwords. Obviously this must have been coupled with closing of the card itself. It is also a practice in Canara Bank not to appoint any guards at the ATM which makes it easy for fraudsters to manipulate the machines without being observed. This is a systemic flaw for which the Bank needs to be pulled up. Unfortunately when this case was brought before the Banking Ombudsman Mr Palanisamy, he dismissed the customer's complaint and even ruled that no appeal can be made. Had he been fair in his decision at that time he would have pulled up the Bank and the current fraud might have been avoided. Report in Youtube

Now even BBC agrees..Indian Banks wake up!

Feb 5: In the last week a serious discussion has ensued in India about the weaknesses in the E Banking security. Despite the security professional Mr Yash demonstrating the weakness through a video recording of how a genuine Bank customer may find himself cheated on the E banking platform, Indian Banks have failed to respond to the public announcement of the threat. Out of the three Banks used by Mr Yash to demonstrate the weakness, one has used its influence to bring down the you tube video, the other has issued a legal notice and the third has sent goons to the security professional's house to threaten him. If this is the attitude of the Banks it appears they are not interested in securing the Banking transactions.

The reason for this apathy stems from the fact that they are aware that the legal system in India is in favour of the Banks since victims are financially unable to sustain the litigation. Presently two cases which were decided in favour of the customer are pending on appeal at the CAT with Government of India preferring to keep the institution closed by failing to appoint a Chair Person for the last 7 months. In the meantime Banks are working overtime to get absurd interim orders from some obliging adjudicators against the customers using their financial muscle knowing fully well that it will take a long time for the case to get sorted out and by that time the customer would be frustrated enough and withdraw his case.

Now BBC has also spoken about the Man In the Browser attacks similar to what Mr Yash was pointing out. Hopefully Indian administrators will now wake up. Related Article

HSBC Bank sends goons to silence a Security Professional

Feb 2: An ethical hacker from Bangalore who decided to disclose an E Banking vulnerability has found that the bank instead of correcting the vulnerability would like to silence him. Unlike another Bank which sent a legal notice for defamation, it is reported that HSBC Bank sent its recovery goons to his house when he was not available and caused annoyance and threat to his family members. RBI should take note of this illegal behavior of the Bank and conduct a suitable investigation.

Advertisements cause denial of access

Feb 2: We are all aware that ads provide for monetization of content sites and are therefore a good thing to be there in support of the free Internet system. But of late advertisers are becoming greedy and want to usurp the content space. Just as some times on TV we find that serials exist for the ads, Cricket matches are played for the ads, the web content is also becoming secondary to ads. I am not speaking of "Parked" websites which are deliberately created for monetizing zero content. I refer to respected news paper sites which are overwhelmed by the "Pop Up Ads" and "Video Ads". The Pop Up ads cover up the entire page and prevents the visitor from viewing the content for which he visited the site. Besides there is an increasing trend of video ads that gulp bandwidth of the user. It is also becoming increasingly common to disable closure of such ads just as pornographic ads used to be. I saw one such ad today in the Business World site at the URL http://businessworld.in/businessworld/businessworld/content/SC-Quashes-122-Telecoms-Licences-Issued-2008.html-1. The ad itself belonged to Microsoft.. There are similar ads on other sites and by other advertisers. I consider this as "Denial of Service" and "Diminishing the value or utility of  information  residing inside a computer resource" which are offences under ITA 2000/8. The advertiser as well as the publication will be responsible for such an offence. I wish respectable publications ensure that ads remain in the side bar and can pop out only on user's request. Similarly video ads should by default be in pause mode and the user should have the option to play it either in the allocated space or on full screen mode. See the ad here

Director CERT Clarifies

Feb 1: Director of CERT-IN, Mr Gulshan Rai has clarified in an interview with Mint that Government of India has so far not exercised its discretion in any case of Website blocking but only acted on Court orders. Details

For Articles of Earlier Date Browse through Archives



PR Syndicate honours 'Cyber Law Guru of India', Na.Vijayashankar

PR Syndicate, (an organization of Corporate PR Professionals in Chennai,)  celebrated its First Anniversary on 20th January 2007 at Russian Cultural Centre. On the occasion, "Award of Excellence in Public Life"  was presented to 'Cyber Law Guru of India' Na.Vijayashankar...More


  What is Naavi.org?

Naavi.org is India's premier portal on Cyber Law. It is not only an information portal containing information on several aspects concerning Information Technology Law in India but also represents the focal point of several services around Cyber Law carried on by Naavi.

The first such service is the Cyber Law College a virtual Cyber Law education center in India which provides various courses on Cyber Law.

The second key service is the Cyber Evidence Archival center which provides a key service to help administration of   justice in Cyber Crime cases.

The third key service is the domain name look-alikes dispute resolution service which provides a unique solution for websites with similar looking domain names to co exist.

The fourth key service is the online mediation and arbitration service another unique global service.

The fifth key service is the CyLawCom service which represents the Cyber Law Compliance related education, audit and implementation assistance service.

Additionally, Naavi.org is in the process of development of four sub organizations namely the Digital Society Foundation, Naavi.net, International Cyber Law Research Center and Cyber Crime Complaints and Resolution Assistance Center. Digital Society Foundation is a Trust formed with the objective of representing the voice of Netizens in various fora and work like an NGO to protect their interests. Naavi.net is meant to develop a collaborative distributed network of LPO consultants. International Cyber Law Research Center would support research in Cyber Laws and Cyber Crime Complaints and Resolution Assistance Center would try to provide some support to victims of Cyber Crimes.

Together, Naavi.org represents a "Cyber Law Vision" that goes beyond being a mere portal. Started in 1997, when the concept of Cyber Law was new across the globe, consistent efforts over the last decade has brought Naavi.org to the beginning of "Phase 2" in which the services are ready to reach out to a larger section. This is recognized as the phase of collaborations and growth by association. Naavi.org will therefore be entering into a series of associations to develop each dimension of its vision with an appropriate partner. Individuals, Organizations and Commercial houses which have synergistic relationship with the activities of Naavi.org are welcome to join hands in commercial and non commercial projects of Naavi.org.


If you would like to know  more about Naavi, the information is available here.

For Any Payments to be made to Naavi online :  Naavi_s Payment Center

[Valid RSS]

RSS Subscription

Posts in Bloggernews.net





Search Naavi.org

Deep Links

ITA 2008

ITA 2000- Rules

Archived News



Cyber Evidence Archival Center



Legal BPO



Cyber Law College



Reference Sites

Global Cyber Law Resouces

Legal Information

Cyberlaw Stanford


Law & Tech Blog



Cyber Frauds

Cyber Crime Cases

Cyber Crime cases2


Bank Frauds Forum


Consumer Forum

Consumer Forum-2




Safe surfing






CAT Website

List of AOs


Misc Naavi Initiatives

Naavi Cricket Rating

Cyber Democracy




Personal Links

Daily News

Daily Horoscope