Cyber Catastrophe in the horizon.. 70000 domains in India under Cyber Attack

Posted on September 24, 2020 by Vijayashankar Na

(This is a continuation of the several articles on Net4India issue that Naavi.org has been highlighting)

Action on the Complaint

Since I have been receiving many e-mails regarding the issue of Net4India which it is difficult to respond to individually, I shall henceforth be posting my views directly here.

At present I have communicated with Mr Vikram Bajaj, the Resolution Professional, Mr Samiran Gupta, ICANN country head in India. Both have promised to help but have not been able to resolve the issue.

Mr Vikram Bajaj is seeking further directions from NCLT and Mr Samiran Gupta is perhaps  bound by ICANN policies.

It appears that the issue of how Net4India was given a loan of Rs 194 crores by SBI which became an NPA is to be considered as a potential fraud which requires CBI investigation. The promoters of the company are not in India and are taking refuge in UK like Vijay Mallya.

In the meantime, the Bankruptcy proceedings have been started but NCLT perhaps was not informed about the interests of thousands of customers who were also creditors of Net4India (I refer to this as the 70000 community. The exact number is not known).

NCLT did not issue notices to these small and big creditors who had paid advance money in their accounts and were continuing to make payments for renewal and other services.  If an inventory of creditors had been drawn up, the cumulative amount due to these customers many of them were registered as resellers would have surfaced.

Each of the domain names registered represented a contractual obligation of Net4India to keep the domain operative and was guaranteed by ICANN. The value of the domain name was created out of such contracts. Each of the 70000 plus domains had an opportunity cost in terms of the fees payable for registration and also the additional costs involved in shifting the domain names to an alternative service provider.

It is to be noted that the company had continued its service even during the time the resolution proceedings were going on and it was only in recent times  that some specific actions were visible on the customer dash board  to discontinue some services.

It is also noted that after we raised the issue through this forum,  a few have received AuthCodes for transfer of domain names. This indicates that resolution of specific issues are still possible but there have been no common resolution.

After we had a brief meeting of some of the concerned members, Mr Mahendra Limaye, Advocate has agreed to correspond with the RP and try to find a resolution. If required and if costs are taken care of, he may be prepared to take the issue as a PIL. Those of you who prefer this route may indicate it separately in a communication to Mr Limaye. Some of you have copied such requests to me and atleast a few seem to have hesitation in sharing the information.

I have indicated that all persons who want to take up further action in this regard have to first send a request to Mr Vikram.bajaj@gmail.com. Later if they want they can contact Mr Limaye.

Larger Issues need to be addressed

Naavi.org will however continue its efforts to ensure that there are appropriate systemic changes that are brought to the system of Domain Name registrations and how the registrars may function and how the consumer are not held to ransom because of business failures of the registrars.

These are issues that have been ignored by ICANN, NIXI, as well as the MeitY. We need to ensure that lasting changes are brought to our legal system if necessary through Notifications under ITA 2000 or even amendment to ITA 2000 so that this kind of problems donot recur at least in India.

As one of the measures,  I am invoking the attention of the Finance Ministry, the Law Ministry, the IT Ministry and the Ministry of Consumer Affairs, all of whom have a stake in this resolution. CERT-In and NIXI should also be interested in finding technical solutions to a Cyber Catastrophe  that appears to be imminent.

If  70000 domains in India had been discontinued by  China or Pakistan we would have called it as a Cyber Attack and it would have been discussed by Mr Ajit Doval, Cert-In and other cyber security policy makers.

But what is happening now is that this largescale discontinuance of domains is occurring because of our own making. This issue has to be addressed by our authorities to find a resolution and cannot be left to be decided as a NPA recovery issue.

CBI Enquiry Required

The root cause of the problem is the Banking Fraud with State Bank of India. The Finance Ministry has not flagged this fraud and not conducted an investigation. RBI has not so far come up with its views on this NPA of Net4India, how it was built up.  No CBI enquiry was ordered by RBI. SBI vigilance department also has not made public any action taken by them to prevent this NPA.

I request that the Finance Minister Mrs Nirmala Sitharaman, to take action on this end immediately by initiating a CBI investigation.

The CBI enquiry should not be confined to SBI loan fraud but also extend to how the NCLT was mislead into suppressing the interests of the 70000 customers who were also creditors of Net4India and  how without giving any notice to them, the bankruptcy proceedings were continued in favour of one applicant.

I request the Ministry of Finance and RBI to also intervene in the proceedings of NCLT on the next hearing date of October 1st.

NCLT ignoring the value of Data Asset

We have raised the issue of NCLT ignoring the value of data as an asset of this company which is a different academic debate which we will continue.

It is our belief that NCLT did not recognize the existence of the data asset in the organization and just as a ransomware causes denial of service, the bankruptcy proceedings without addressing the issue of these customers was a flaw.

If the value of this data namely the cumulative opportunity cost related to the services of  70000 customers along with the Intellectual Property Rights that are going to be adversely affected, is  considered, it would perhaps be more than the Rs 194 crores that the company owed to SBI.

By not factoring this data asset in the insolvency determination the NCLT decision itself appears incorrect. This value is available only on a going concern basis and NCLT has simply destroyed the value by itself by not letting the business continue.

Just imagine that if these 70000 domains expire over the next few months and get registered by alternate registrants world wide, the businesses of all these domain name owners will come to a stand still and the IPR on the domain names will be lost.

ICANN should consider this as a global Cyber catastrophe and try to address the issue.

I request Mr Samiran Gupta of ICANN to file his intervention in the NCLT proceedings on October 1st and ensure that the interests of the Domain Owners world over are represented in this resolution.

Ministry of IT

We do accept that NCLT ignoring the value of data as an asset is to be expected since it is a more sophisticated thought not commonly understood in the legal or judicial fraternity.

But the same ignorance cannot be accepted on the part of the MeitY. Though this controversy has been in discussion for some time and the Ministry of IT has been part of the communication loop, no statement has come forth from Sri Ravishankar Prasad the Minister of IT and Law nor from the Secretary IT or from other departmental heads in MeitY.

We are discussing the Non Personal Data Governance law as proposed by Kris Gopalakrishna Committee report and discussing how to unlock the value of data  besides the Personal Data Protection Bill.

MeitY should have therefore realized that the Net4India issue is not simply a recovery of an NPA of Rs 194 crores by sale of immovable property but involved a larger issue of 70000 domain owners being deprived of their virtual property along with the cumulative value of their balances in the accounts with Net4India. This represents hard cash like the balances in a Bank which is going into liquidation.

It was the responsibility of MeitY to intervene with the NCLT proceedings and ensure Business Continuity even while the recovery of the Rs 194 crores through sale of property was being discussed.

I request the Secretary of MeitY to intervene in the next hearing of NCLT which I understand is on October 1st.

Ministry of Consumer Affairs

So far, the Ministry of Consumer Affairs has not been brought into picture in this controversy. But since the consumer interests of 70000 plus consumers of Net4India is being threatened, it is necessary for Mr Ram Vilas Paswan to ask his secretary to intervene. Since Mr Paswan was once a Minister of Communication technology, he should be able to quickly perceive that closing an ISP through an insolvency petition is also serving a death sentence on the customers who in this case number 70000.

If the NCLT had considered that Net4India is a Going Concern and the fate of 70000 businesses are dependent on the entity continuing its services until they can be parked with an alternate service provider, then the insolvency proceedings would have gone smoothly. In fact if the data asset had been recognized, NCLT might have not even considered Net4India insolvent.

Now it is the responsibility of the Ministry of Consumer affairs to collectively represent the interests of the 70000 consumers and intervene in the NCLT proceedings on October 1st.

Net Impact

I am aware that by suggesting a CBI enquiry and filing of intervention petitions by ICANN, MeitY, Ministry of Finance, RBI, Ministry of Consumer Affairs etc , I am complicating the process.

Some would say that all those who raise their voice can be satisfied by resolving their issue selectively so that the opposition dies down naturally and this should suffice. But the need to address the larger community interests drives me to take up this issue further.

I will be bringing information contained here in to Mr Mahendra Limaye who is in communication with the Resolution Professional and to the other parties. Being in a public cyber space,  the information should be considered as reaching the NCLT also.

Hence if NCLT is concerned about the general public, there is one immediate solution  that it can consider. On October 1st when the next hearing takes place, NCLT can on its own  admit that these issues were not brought to its attention earlier and therefore it would review its earlier order.

In the process NCLT can

a) suspend the insolvency proceedings,

b) appoint a technical team which can be supervised by the Resolution Professional with the assistance of one or more representatives from NIXI or the MeitY

c) Ensure that all the services of Net4India are immediately restored.

d) issue a request for bid for taking over of the Registrar business of Net4India  by another registrar

e) Direct NIXI and ICANN to set up special cells to receive domain name related complaints related to dot in and other domains, and initiate domain name transfers as may be requested by the customers

These can bring quick resolution of the problem while the CBI enquiry and other reforms can continue in the background.

These measures would protect the IPR of the domain name users and also the continuity of business.

In case there is a run on Net4India and this has to be prevented, then NCLT may also order an automatic “On Credit” renewal of all domain names expiring at Net4India for at least one year so that the panic can subside and an alternate registrar can take over the business smoothly.

Shall we hope for such a development on October 1st?

Is the media aware of this problem and ensure that pressure is brought on the authorities?

Let’s wait and see.

P.S: I have tried to present the issue as I see it.

There could be some errors in my reading the situation from the public information I have access to.

It is possible that all the parties mentioned above including NCLT might have already taken note of these concerns and my criticisms may be misplaced.

May be Mr Vikram and Samiran are genuinely trying hard to resolve the issue and donot deserve criticisms I am making. 

If so, my apologies to all concerned. But the proof of pudding is in the eating. We want the issue to be resolved instantly without further delay. Otherwise, the fight has to continue.

I request all the visitors to spread this information through the social media so that it draws the attention of the media and the Government. As a part of this campaign to raise awareness of the problem, make this following banner which has a hyperlink to this article viral.

Naavi

 

 

About Vijayashankar Na

Naavi is a veteran Cyber Law specialist in India and is presently working from Bangalore as an Information Assurance Consultant. Pioneered concepts such as ITA 2008 compliance, Naavi is also the founder of Cyber Law College, a virtual Cyber Law Education institution. He now has been focusing on the projects such as Secure Digital India and Cyber Insurance
This entry was posted in Cyber Law. Bookmark the permalink.

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.