IT Security Summit 2013 held at Pune

Posted on June 8, 2013 by Vijayashankar Na

The College of Agricultural Banking, Pune, a premier training institute for Bankers in India an arm of the Reserve Bank of India conducted a two day workshop on IT Security. Attended by over 40 CISOs of different Banks, the two day event discussed various issues surrounding Information Security in Banking.

The program was inaugurated by the Principal of College of Agricultural Banking (CAB), Mrs Meena Hemachandra and Mr G.Gopalakrishna, ED of RBI addressed the gathering through a Video Conference and highlighted the measures required to be taken by Banks for complying with the Information Security guidelines recommended by the committee headed by him.

Mr Avinash Kadam of ISACA discussed the  COBIT 5  framework for Information Security Management.  Mr Patrick Kishore of IDRBT and Mr Kunal Pande of KPMG explained the issues surrounding measurement and evaluation of Information Security implementation.

Subsequently,  Mr Sastry of IDRBT explained the various initiatives taken by IDRBT in promoting Mobile Banking and Mr Sanjay Shinde (DCP, Pune) sharing some of his experiences in handling Cyber Crimes in the Banking sector.

This was followed by a discussion on the Legal aspects of information security for Banks by Naavi which included some thoughts on the measures that Banks, RBI and the CISOs needs to take to mitigate Legal Risks. (A Copy of the presentation made on this occasion may be requested from Naavi)

On the second day, Mrs Radha Somashekar, of RBI explained the initiatives taken under Payments and Settlement Act including the initiatives for use of Aadhar as an authentication feature for some of the Banking requirements. This was followed by a presentation by Dr Gulshan Rai, of IN-CERT on the Cyber Threats that needs to be taken into consideration by the Bankers.

The workshop ended with four different groups of the participants making presenting their view on the issues confronting the Information Security implementation in the Banks including their suggestions to be considered by the RBI.

The program ended with a valedictory address from Dr H.Krsihnamurthy of IISc, Bangalore.

The two day program coordinated by Mr Sundar Murthy of CAB gave an excellent opportunity for the Bankers from all over India to understand the views of RBI on some of the key issues sorrounding safety of Banking.

Naavi

Posted in Bank, ITA 2008, RBI | Leave a comment

Cyber Appellate Tribunal Chairman-Status

Posted on June 5, 2013 by Vijayashankar Na

Ever since the earlier Chairperson of Cyber Appellate Tribunal (CAT), Justice Mr Rajesh Tandon approached super annuation in June 2011, Naavi has been requesting for quick appointment of a new Chairperson in replacement of Mr Tandon or continue Mr Tandon until an alternate arrangement could me made.

However continuation of a person who attains super annuation is not within the executive powers and hence a decision for appointment of an alternate person had to be taken byt he DIT before Mr Tandon retired at the end of June 2011. Unfortunately, despite several eligible persons showing their interest for taking up the responsibilty the Government did not succeed in completing the formalities of the appointment in time and CAT became headless.

Several requests have been made in this regard by Naavi to the Ministers of the Union Government and attention of the President of India and Chief Justice of India have also been drawn into the requirement. But there was no action from DIT.

In December 2011, Justice S.K.Krishnan, former judge of High Court of Madras was appointed as a “Member Judiciary”. But he was not designated as “Chair Person” and hence had to remain in office without discharging any judicial responsibilities until Nove 2012 when he too attained super annuation. Why was he appointed without authority to conduct proceedings remain a mystery.

While the Government found time to appoint a “Member Technical” and “Head of Department” for CAT, the position of Chair person remained vacant all these days.

While some litigants bypassed the CAT and went for Writ Petitions to the High Court in lieu of an appeal at CAT whenever the need arose, applications already filed with CAT were stuck. The option of withdrawing of the appeal from CAT and filing a writ petition was daisy since the High Court could always hold the view that the remedy at CAT should be exhausted before the High Court is apporached.

The situation was therefore very confusing and called for resolution through judicial interevention.

In this context, a PIL had been filed in Karnataka High Court by an advocate Mr Chaitanya bringing to the notice of the High Court that several Cyber Crime victims were waiting for the CAT to be operational since their appeals were pending for a long time unattended at CAT. (WP37577/2012). After several months of delay,  the advocate for the Government of India filed a few documents  on 3rd of June, 2013, that revealed that on April 3, 2013, the Union Minister Mr Kapil Sibal had written a letter to the Chief Justice of India recommending one person for the post and requesting for the Screening Committee of the Supreme Court to approve the posting. On 10th April 2013, the CJI has also replied stating that such a meeting would be convened at the earliest.

The PIL therefore has had its tiny effect of making the Minister take one small step in the appointment after two years of inactivity. It is not clear why it took the Ministry 2 years to suggest one name for the post.

The Court is yet to dispose off the case and is now deliberating on the developments so far. Since the action appears to be pending with the screening committee at Supreme Court, it may be difficult for the Karnataka High Court to give any strong directions. It is possible that the screening committee of the Supreme Court may not find favour with the recommendation made by the Minister and request for alternate names. The situation may turn out to be similar to the case of appointment of Lok Ayuktas in Karnataka and Gujarat where the  difference of opinion between the Judiciary and Executive caused prolonged delays.

It is possible that the High Court may therefore seriously consider supporting the use of Writ Petitions to the High Courts as a remedy though this would not be useful for the cases now pending with CAT where hearings are already in progress.

This would bypass the CAT but there appears to be no other option at present to provide remedies to the Cyber Crime victims of India. Such a measure would be required at least as a temporary measure until CAT becomes functional once again.

The next date of hearing of the PIL in Karnataka High Court is July 1, 2013 and we need to see if there is any further development in this period.

Naavi

Posted in Cyber Crime, Cyber Law, ITA 2008, Uncategorized | Leave a comment

Android Mobile Virus for Phishing found in South Korea

Posted on June 4, 2013 by Vijayashankar Na

A Phishing malware operating int he Android mobile platform has been detected in South Korea. McAfee Mobile Security detects this threat as Android/FakeBankDropper.A and Android/FakeBank.A and alerts mobile users if it is present

This new trojan targets, South-Korean bank users with a  fake message that asks users to install the new anit-malware protection. The message carries a link which installs an application replacing the genuine bank application. On installation, the trojan asks users to enter the banking credentials such as account number, password, Internet banking ID, social security number.  The collected info is later sent to remote server.

What is today observed in the South Korean market may tomorrow enter the Indian market also. Bankers who areMobile  promoting mobile banking in India needs to take note.

Naavi.org recommends customers of Banks not to use Mobile Banking untill the mobile security scenario matures.

Naavi

Posted in Cyber Crime, Cyber Law, ITA 2008 | Leave a comment

PIL on Non Appointment of CAT Chairman

Posted on June 3, 2013 by Vijayashankar Na

A Writ Petition (WP37477/2012) filed in Karnataka High Court regarding the non appointment of a Chair person for Cyber Appellate Tribunal will be coming up for hearing today.

During the past several hearings, the Government advocate has been requesting time to file a reply on behalf of the Government of India. Hope a reply will be filed today.

It appears from the news paper reports today that the Government of India is trying to change the system of appointments to the judicial positions and have a greater say for the Government in the appointments.

Probably in the CAT chairman’s appointment also the Government of India has a specific interest which could be the reason for the non appointment of the Chairperson. Whether it is Lok Ayukta in Karnataka or Gujarat or the CAT Chair person, it appears that the politicians want to have a greater say in judicial appointments. While such interest is understandable in the Lok Ayukta appointments since the appointee is expected to handle politically sensitive cases, there is no such consideration in the CAT appointment. The delay and the reluctance of the Government is therefore indicative of some personal interest of the Ministry officials in the appointment rather than the Government as a whole. Now that the same minister heads both the IT and Law Ministry, there is no inter ministerial conflict either. The implications on who is behind the delay is therefore clearer than before.

Cyber Criminals of the Country are happy that the political and judicial confusions on the matter of appointment of a judicial authority gives them more time to continue their nefarious activities without the fear of law.

Naavi

Posted in Uncategorized | Leave a comment

Security Breach reported at Naavi.org Server end

Posted on May 30, 2013 by Vijayashankar Na

It has been reported that due to a security breach at the server end, three unauthorized URLs had been hosted under the domain of naavi.org for some time during the last week.

The URLs hosted/intended to host malicious codes.

There was no link to these URLs from any of the naavi.org pages. Hence none of the visitors to the site were affected by the links.

The URLs were reportedly meant for hosting a cloned Paypal page which was meant for phishing.

The URLs have since been removed.

The hosting of Naavi.org is on a shared hosting service provided by a prominent hosting provider with decades of experience in the field and we hope that the security breach would be effectively addressed at their end.

This is for public information and highlights the unavoidable risks in hosting arising out of vulnerabilities at the server end on which the clients have no control.

Naavi

Posted in Cyber Law, ITA 2008 | Leave a comment

Cyber Criminals Rejoice in Karnataka

Posted on May 27, 2013 by Vijayashankar Na

It is a black day in the State of Karnataka. For some time now, Cyber Criminals in Karnataka can rejoice that no case can be booked against them under ITA 2008 for hacking of a Bank or any Company systems.

The reason is that the Karnataka High Court has passed an order of huge ramifications under  an extremely narrow procedural view and quashed an order of the Adjudicator of Karnataka dated 26th April 2013. This was a justified corrective order passed by the State Adjudicator in an attempt to correct an earlier defective order to the effect that “No Company can be proceeded against nor no Company can invoke Section 43 of ITA 2000/8”.

Since Section 43 also defines Cyber Crimes under Section 66, what is not applicable in Section 43 is not applicable in Section 66 also. Hence the defective order had the unsavoury effect of nullifying a large part of ITA 2008.

If therefore tomorrow there is a hacking of Infosys or Wipro in Karnataka, the companies cannot invoke Section 66 of ITA 2008. Perhaps they have to invoke the law of “Tresspass” under IPC !

 The defective order on Section 43 about “Companies being outside the purview of Section 43” was first given on December 27, 2011 and it prevailed as a precedent until 26th April 2013 when on an intervention of the Karnataka Human Rights Commission, it had been cancelled by the present Adjudicator. Between the period Dec 27, 2011 to 26th April 2013, the Cyber Criminal friendly situation as described above was prevailing.

After 26th April 2013, a silver lining had appeared on the horizon that the office of adjudicator in Karnataka would come back alive.

The reason why the order of 26th April 2013 was quashed is stated to be because of a procedural omission to issue a notice to one of the petitioners who was the respondent in the adjudication complaint. Whatever be the reason, the effect remains the same.

This  order today from Karnataka High Court has given the defective order a seal of approval and a pall of gloom has descended on the Cyber Crime victims of Karnataka who are asking whether Karnataka High Court should have victimized these members of public for a simple procedural irregularity which could have been condoned in the interest of the public.

It appears that Karnataka has now slipped from Digital Age to an dark ancient age.

It is therefore a black day for Karnataka in the history of Cyber Crime justice.

Cyber Crime victims of Karnataka have to therefore wait until the procedural irregularity is corrected by the Adjudicator issuing a fresh notice to all the parties to the complaint that he intends cancelling the earlier order and invite objections if any, then consider the objections and come to a conclusion.

Until such time the dark days continue.

Naavi

ನ್ಯಾಯದೇವತೆಯೇ ಕಣ್ಣು ಬಿಡಮ್ಮ ಎಂದು ನಾವೆಲ್ಲ ಪ್ರಾರ್ಥಿಸೋಣ

Posted in Bank, Cyber Crime, ITA 2008 | Leave a comment