Cyber Policing Initiatives in Kerala

Posted on June 8, 2013 by Vijayashankar Na

Kerala Police have initiated a unique step to strengthen the Cyber Crime mitigation effortsby involving select members of public as “Honorary Police Officers”.

It may be recalled here that in Chennai, a senior Police officer by name Mr Prateep Phillip had initiated the “Friends of Police” program which had received international acclaim. Naavi has been suggesting that this concept should be extended to Cyber Policing also. The Kerala initiatve appears to be a step in this direction and could be useful in getting the much needed assistance from Cyber Security experts in tackling the menace of Cyber Crimes.

Related Story

Naavi

Posted in Uncategorized | Leave a comment

IT Security Summit 2013 held at Pune

Posted on June 8, 2013 by Vijayashankar Na

The College of Agricultural Banking, Pune, a premier training institute for Bankers in India an arm of the Reserve Bank of India conducted a two day workshop on IT Security. Attended by over 40 CISOs of different Banks, the two day event discussed various issues surrounding Information Security in Banking.

The program was inaugurated by the Principal of College of Agricultural Banking (CAB), Mrs Meena Hemachandra and Mr G.Gopalakrishna, ED of RBI addressed the gathering through a Video Conference and highlighted the measures required to be taken by Banks for complying with the Information Security guidelines recommended by the committee headed by him.

Mr Avinash Kadam of ISACA discussed the  COBIT 5  framework for Information Security Management.  Mr Patrick Kishore of IDRBT and Mr Kunal Pande of KPMG explained the issues surrounding measurement and evaluation of Information Security implementation.

Subsequently,  Mr Sastry of IDRBT explained the various initiatives taken by IDRBT in promoting Mobile Banking and Mr Sanjay Shinde (DCP, Pune) sharing some of his experiences in handling Cyber Crimes in the Banking sector.

This was followed by a discussion on the Legal aspects of information security for Banks by Naavi which included some thoughts on the measures that Banks, RBI and the CISOs needs to take to mitigate Legal Risks. (A Copy of the presentation made on this occasion may be requested from Naavi)

On the second day, Mrs Radha Somashekar, of RBI explained the initiatives taken under Payments and Settlement Act including the initiatives for use of Aadhar as an authentication feature for some of the Banking requirements. This was followed by a presentation by Dr Gulshan Rai, of IN-CERT on the Cyber Threats that needs to be taken into consideration by the Bankers.

The workshop ended with four different groups of the participants making presenting their view on the issues confronting the Information Security implementation in the Banks including their suggestions to be considered by the RBI.

The program ended with a valedictory address from Dr H.Krsihnamurthy of IISc, Bangalore.

The two day program coordinated by Mr Sundar Murthy of CAB gave an excellent opportunity for the Bankers from all over India to understand the views of RBI on some of the key issues sorrounding safety of Banking.

Naavi

Posted in Bank, ITA 2008, RBI | Leave a comment

Cyber Appellate Tribunal Chairman-Status

Posted on June 5, 2013 by Vijayashankar Na

Ever since the earlier Chairperson of Cyber Appellate Tribunal (CAT), Justice Mr Rajesh Tandon approached super annuation in June 2011, Naavi has been requesting for quick appointment of a new Chairperson in replacement of Mr Tandon or continue Mr Tandon until an alternate arrangement could me made.

However continuation of a person who attains super annuation is not within the executive powers and hence a decision for appointment of an alternate person had to be taken byt he DIT before Mr Tandon retired at the end of June 2011. Unfortunately, despite several eligible persons showing their interest for taking up the responsibilty the Government did not succeed in completing the formalities of the appointment in time and CAT became headless.

Several requests have been made in this regard by Naavi to the Ministers of the Union Government and attention of the President of India and Chief Justice of India have also been drawn into the requirement. But there was no action from DIT.

In December 2011, Justice S.K.Krishnan, former judge of High Court of Madras was appointed as a “Member Judiciary”. But he was not designated as “Chair Person” and hence had to remain in office without discharging any judicial responsibilities until Nove 2012 when he too attained super annuation. Why was he appointed without authority to conduct proceedings remain a mystery.

While the Government found time to appoint a “Member Technical” and “Head of Department” for CAT, the position of Chair person remained vacant all these days.

While some litigants bypassed the CAT and went for Writ Petitions to the High Court in lieu of an appeal at CAT whenever the need arose, applications already filed with CAT were stuck. The option of withdrawing of the appeal from CAT and filing a writ petition was daisy since the High Court could always hold the view that the remedy at CAT should be exhausted before the High Court is apporached.

The situation was therefore very confusing and called for resolution through judicial interevention.

In this context, a PIL had been filed in Karnataka High Court by an advocate Mr Chaitanya bringing to the notice of the High Court that several Cyber Crime victims were waiting for the CAT to be operational since their appeals were pending for a long time unattended at CAT. (WP37577/2012). After several months of delay,  the advocate for the Government of India filed a few documents  on 3rd of June, 2013, that revealed that on April 3, 2013, the Union Minister Mr Kapil Sibal had written a letter to the Chief Justice of India recommending one person for the post and requesting for the Screening Committee of the Supreme Court to approve the posting. On 10th April 2013, the CJI has also replied stating that such a meeting would be convened at the earliest.

The PIL therefore has had its tiny effect of making the Minister take one small step in the appointment after two years of inactivity. It is not clear why it took the Ministry 2 years to suggest one name for the post.

The Court is yet to dispose off the case and is now deliberating on the developments so far. Since the action appears to be pending with the screening committee at Supreme Court, it may be difficult for the Karnataka High Court to give any strong directions. It is possible that the screening committee of the Supreme Court may not find favour with the recommendation made by the Minister and request for alternate names. The situation may turn out to be similar to the case of appointment of Lok Ayuktas in Karnataka and Gujarat where the  difference of opinion between the Judiciary and Executive caused prolonged delays.

It is possible that the High Court may therefore seriously consider supporting the use of Writ Petitions to the High Courts as a remedy though this would not be useful for the cases now pending with CAT where hearings are already in progress.

This would bypass the CAT but there appears to be no other option at present to provide remedies to the Cyber Crime victims of India. Such a measure would be required at least as a temporary measure until CAT becomes functional once again.

The next date of hearing of the PIL in Karnataka High Court is July 1, 2013 and we need to see if there is any further development in this period.

Naavi

Posted in Cyber Crime, Cyber Law, ITA 2008, Uncategorized | Leave a comment

Android Mobile Virus for Phishing found in South Korea

Posted on June 4, 2013 by Vijayashankar Na

A Phishing malware operating int he Android mobile platform has been detected in South Korea. McAfee Mobile Security detects this threat as Android/FakeBankDropper.A and Android/FakeBank.A and alerts mobile users if it is present

This new trojan targets, South-Korean bank users with a  fake message that asks users to install the new anit-malware protection. The message carries a link which installs an application replacing the genuine bank application. On installation, the trojan asks users to enter the banking credentials such as account number, password, Internet banking ID, social security number.  The collected info is later sent to remote server.

What is today observed in the South Korean market may tomorrow enter the Indian market also. Bankers who areMobile  promoting mobile banking in India needs to take note.

Naavi.org recommends customers of Banks not to use Mobile Banking untill the mobile security scenario matures.

Naavi

Posted in Cyber Crime, Cyber Law, ITA 2008 | Leave a comment

PIL on Non Appointment of CAT Chairman

Posted on June 3, 2013 by Vijayashankar Na

A Writ Petition (WP37477/2012) filed in Karnataka High Court regarding the non appointment of a Chair person for Cyber Appellate Tribunal will be coming up for hearing today.

During the past several hearings, the Government advocate has been requesting time to file a reply on behalf of the Government of India. Hope a reply will be filed today.

It appears from the news paper reports today that the Government of India is trying to change the system of appointments to the judicial positions and have a greater say for the Government in the appointments.

Probably in the CAT chairman’s appointment also the Government of India has a specific interest which could be the reason for the non appointment of the Chairperson. Whether it is Lok Ayukta in Karnataka or Gujarat or the CAT Chair person, it appears that the politicians want to have a greater say in judicial appointments. While such interest is understandable in the Lok Ayukta appointments since the appointee is expected to handle politically sensitive cases, there is no such consideration in the CAT appointment. The delay and the reluctance of the Government is therefore indicative of some personal interest of the Ministry officials in the appointment rather than the Government as a whole. Now that the same minister heads both the IT and Law Ministry, there is no inter ministerial conflict either. The implications on who is behind the delay is therefore clearer than before.

Cyber Criminals of the Country are happy that the political and judicial confusions on the matter of appointment of a judicial authority gives them more time to continue their nefarious activities without the fear of law.

Naavi

Posted in Uncategorized | Leave a comment

Security Breach reported at Naavi.org Server end

Posted on May 30, 2013 by Vijayashankar Na

It has been reported that due to a security breach at the server end, three unauthorized URLs had been hosted under the domain of naavi.org for some time during the last week.

The URLs hosted/intended to host malicious codes.

There was no link to these URLs from any of the naavi.org pages. Hence none of the visitors to the site were affected by the links.

The URLs were reportedly meant for hosting a cloned Paypal page which was meant for phishing.

The URLs have since been removed.

The hosting of Naavi.org is on a shared hosting service provided by a prominent hosting provider with decades of experience in the field and we hope that the security breach would be effectively addressed at their end.

This is for public information and highlights the unavoidable risks in hosting arising out of vulnerabilities at the server end on which the clients have no control.

Naavi

Posted in Cyber Law, ITA 2008 | Leave a comment