Header image alt text

Naavi.org

Building a Responsible Cyber Society…Since 1998


Where there is Money, there will be Fraud” is a truth which all traditional Bankers know. Hence the essence of Good Banking is building security into the culture of the organization and into its systems. The legacy paper based systems in Banks have been robust enough to ensure that Frauds are detected quickly if and when it happens and no fraud will succeed without collusion of multiple persons and negligence of multiple persons.

Future of Banking

With the change over from paper based banking to electronic banking, the risk has increased many fold since the procedures of Banking have now been subordinated to the “Systems” designed by “IT Professionals” who are not “Bankers”.

I am reminded of one of the early warnings given out (some time around 2005) by Mr A. T. Panneer Selvam, the former Chairman of Union Bank of India (and an Ex DGM of IOB in which the undersigned worked a few decades back) who said “Future of Banking belongs to IT Professionals”. I have quoted this a number of times in my lectures promoting the advent of digital Banking before shifting to the current slogan that “Future of Banking belongs to Information Security Professionals”.

Need for Information Security Culture

The PNB fraud has highlighted this need to develop an “Information Security Culture” in Banks on a priority basis.

People in the Information Security try to design many sophisticated tools to secure the “Confidentiality”, Integrity” and “Availability” of information which they define as the contours of information security. But if an authorized system owner shares his password to another, then the entire system of security built around the system of password crumbles.

In the PNB case, it appears that the Password of an AGM was shared with a Deputy Manager. So far the name of the AGM who shared his Level 5 Password with Mr Gokulnath Shetty has not come to open. He is an abetter for the crime and should also cool his heels in the jail for some time. It may be more than one official of the banks who shared his password with his juniors and all of them should now be held responsible along with  Mr Gokulnath Shetty who shared the password with an outsider client in what can only be said as “Incredible”.

In June 2016, we saw TCS employees sharing passwords issued for an employee of a different company amongst themselves and hacked into a US Company resulting in a legal suit of US $940 million on the Company. Fortunately the Directors and CEO escaped criminal charges and contained the damage to a civil suit.

This menace of “Password Sharing” that has now reached a new dimension with password being shared with an outsider clearly indicates that our Information Security designers are at fault to first of all rely on the system of Passwords and then not have adequate measures to control the risks.

Design Faults

If we have dual keys to our strong room where cash is kept and electronic locks that can be opened only at a certain time by certain biometric authentication etc., why is that the SWIFT systems cannot use digital signatures backed by biometric based cryptographic keys and RFID based identity cards etc to build layers of security which ensures that the system cannot be operated except from within a specific system in the Bank? Why every transaction is not immediately deposited in a different system and audited independently of the maker and checker who might have colluded?

The security design in banks is faulty and I have already said that the makers of FINACLE software for which our Banks have paid a fortune should accept that their security design has left the Indian Banking system vulnerable.

Inaction by RBI

When I spotted and pointed out extreme recklessness of ICICI Bank ,PNB and Axis bank during the adjudication proceedings of some Phishing Frauds,   I had personally represented to RBI that they should suspend the Internet Banking licences of some of the branches involved in the commission of Phishing frauds.

Had RBI atleast sent one harsh letter to the Banks at that time, perhaps this PNB fraud would not have happenned. Mr K.R.Kamat was the Chairman then and he continued to raise to greater heights after the frauds were pointed out.

The fraud in which more than Rs 1.6 crores were lost by an exporter  in PNB was a clear indication of complicity by the Noida branch of PNB but Mr Kamat took no action. This case is still languishing in the Delhi National Consumer Forum and the judges who have been adjourning the case year after year obviously at the instance of the bank will have to introspect if they could have contributed indirectly to the current Rs 11400 crore PNB Fraud.

The Governors, Deputy Governors and other Executives of RBI whom I repeatedly appealed to for action but who did not respond should introspect if they are also responsible for not initiating specific action in time which has caused the present mess.

Appointment of Directors

Without diverting back into the software issue and irritating my friends in IT industry more, and also not again speaking of the RBI as a toothless paper pusher who is good in drafting guidelines without any power to implement them, I would today like to say that the root cause for the malaise lies with the Finance Ministry in their system of appointment of Independent Directors of Banks, Chair persons and other Directors.

The clean up therefore should start here at the Board level appointments in each of the Banks.  For Indian political system  to think of progress we needed a Narendra Modi to succeed Mr Manmohan Singh. Similarly, for any Bank whether it is PNB or SBI, ICICI Bank or HDFC Bank, Allahabad Bank or Union Bank, it is necessary that the head of the institution should be not only efficient from the domain perspective but also scrupulously honest. We cannot expect every Chairman to be an Information Security expert but it is for this reason that he has a Board to assist him. Every member of the Board should therefore be equally honest besides being an expert in some part of the domain.

The constitution of the Board of Directors is the biggest internal and external control for the Banks. Without correcting this, if we try to tinker with our Firewalls, Software and Hardware, we will not be able to achieve the security that we are trying to achieve.

The politicians and media who are questioning Mr Narendra Modi that Mr Hari Prasad’s letter was not acted upon by the PMO must ask why all the public postings at Naavi.org in which Banks like ICICI Bank, PNB, AXIS Bank and SBI in particular were pointed out for lack if information security practices leading to frauds were not acted upon by the respective Banks and RBI.

I had called upon the Independent Directors of the Banks with a request ” If You are a Bank Director.. Your Independence Day Resolution Should be…” after the Bangladesh Bank SWIFT fraud to ensure that the RBI guidelines on the “Cyber Security Framework” should be diligently implemented by the Banks. I am not however sure if any of the independent directors raised the issue in any of the Board meetings.

These Independent Directors have failed to discharge their responsibilities like what Mr Dubey of Allahabad Bank tried to do and therefore should bear the vicarious liability for the PNB fraud.

The Ball is in the Court of Mr Arun Jaitely

If these Directors were incapable of protecting the Banks and the Chair persons were both inefficient but also complicit in the frauds, the responsibility goes upto the Finance Ministry under Mr Aurn Jaitely and the Secretaries in the Finance Ministry who have appointed these Chairmen and Directors for their own considerations. While commenting on the Bitcoin issue, I have repeatedly stated that I have doubts on the culture of the Finance Ministry built under the regime of Mr P Chidambaram and urged Mr Arun Jaitely to take suitable corrective action.

Now we need to repeat this request once again for Mr Arun Jaitely to prove his commitment to clean up the Banks by kicking out non functional Directors and replacing them with vigilant, honest individuals of repute who can ask questions of the Chairmen and Board. Many of the Chairmen themselves need to be eased out though in a manner that does not destabilize the system. All independent Directors in PNB and other Banks which have given loans to Nirav Modi, Mehul Chokshi companies must be removed tomorrow and replaced with appropriate persons.

Will Mr Arun Jaitely have the necessary commitment?

Naavi


Reference Articles:

Naavi.org has been carrying on a crusade against Bank frauds in the Digital era and discussed many issues in the past. If the authorities had taken some action on these warnings, we would have perhaps not be in the situation we are now in. Some of these warnings were to individual Banks, some to RBI and some to the Government itself. I hope at least now some body will find time to examine how security in Indian Digital Banking industry can be improved with appropriate regulatory action. The ball is the court of Mr Arun Jaitely, the Finance Minister.

For immediate reference some of the past articles are indicated here:

Axis Bank ATM license should be cancelled by RBI

Does SBI Cards pose a special risk for customers because of Incompetence and possible collusion?

Will RBI disclose “Sanction Mechanism” to enforce sanctity of Banking license conditions?

Let RBI show Who is the Boss

1710 Bank Frauds reported by Police..Does RBI have a count?

RBI cannot remain silent.. and so also NPCI, CERT and Ministers of Home, IT and Finance1>

Banks want their negligence to be underwritten by the Customers. Do you agree Mr Urjit Patel?

Yet another Bank Fraud.. What will RBI say?

This credit card fraud should be a lesson to Judges, Adjudicators and Banking Ombudsmen

Another Great E Banking Robbery Could destroy our Banking system

Protect Bank Consumers from Frauds or be prepared for disaster..A warning to BJP Government

90% growth in Credit Card Frauds … Dear Police, How Many Banks have you Charged?

SWIFT Hacking exposes Indian Banks to huge Risks

RBI’s conspiracy by silence

Negligence of Export Promotion Councils, ECGC and Banks lead to Rs 2.35 crore fraud

Has RBI really woken up from its slumber?

What does the new RBI Governor has to say for this?

..The list is endless. May be a search page like this will help

Whatever was the technological urge for Mr Satoshi in  creating the block chain technology and Bitcoin is a thing of the past. The present status of Bitcoin is as a currency of the criminals. Many of my friends may hate me for saying this but I would like to say Bitcoin today is a currency of the criminals, by the criminals and for the criminals. It is not for honest individuals. It could have been at one time..but not today.

All Bitcoin holders are not criminals… but they could be

This is not to say that all those persons who possess Bitcoins today are criminals. But Bitcoin as a commodity and used as a currency is a product meant for criminals. If honest persons want to also use it, it is their choice.

(Ed: Reminds me of a Kannada proverb: “ಈಚಲ ಮರದ ಕೆಳಗೆ ಕುಳಿತು ಮಜ್ಜಿಗೆ ಕುಡಿದಂತೆ ” meaning “Like sitting under a palm tree and drinking butter milk” )

Bitcoin is the Perfect Black Money

There is a wide support for Bitcoins in India and the support is not surprising at all considering that India is a leading country in the world when it comes to corruption and Black money.

Bitcoin is a “Perfect Black Money” because it is anonymous and transferable across the globe at the click of a button. Just as an e-mail flies across, lakhs of rupees can fly across from India to another country either to one’s own account or to somebody elses’s account.

A Bitcoin wallet which can hold multiple Bitcoin addresses or a simple Bitcoin address for a single transaction can be created as easy as signing up for an e-mail account without any KYC formalities. Money can be transferred into this wallet or address by buying Bitcoins in cash or through bank account or through cards or through western Union or Paypal. If money is transferred through Bank account then there may be a KYC and identification. But there are other means that the black money people know which can easily convert their black money into Bitcoins.

It is therefore correct to call Bitcoin as the “Perfect Black Money”.

Bitcoin is also instantly fungible into 1317 (as of Dec 31, 2017)  other crypto currencies at a click of a button and also convertible into a few legit currencies in the world.

Hence there is no doubt that many Indians including many in the Government bureaucracy and in regulatory agencies are very much in favour of Bitcoins being legally recognized so that all their ill gotten wealth can be held in the “benami numbered account” called  Bitcoin addresses or wallets. Each transaction can be in a different Bitcoin address and for much less than 1 bitcoin (1 bitcoin can be  reduced into units of bitcoins starting from a Satoshi  which is 1 bitcoin divided by 100 million).

As it is, Bitcoin addresses are anonymous since they are public keys associated with private keys of a crypto key pair and the owner holds the private key confidentially. Whoever knows the private key is the owner of the bitcoin. If one wants to transfer the bitcoin, to another, he can do so simply by transferring the bitcoin in his control to another bitcoin address or wallet whose private key is known only to the transferee.

What more do you want to call Bitcoin a “Perfect Black Money” and a darling of all those who support black money and corruption in India?

All this is being explained here not to make people knowledgeable so that they can adopt to the use of Bitcoins to hide their black money. if this happens, it would be a tragedy.

Have you been already poisoned?

But the reason I am putting out this post in public is to tell our decision makers in the Government of India including Mr Modi, Mr Amit Shah, Mr Arun Jaitely and others that when you hear some experts saying that Bitcoin is great, Block chain technology is even greater, that country and this country has legalized Bitcoins etc and try to coax you into believing that all those who are opposing Bitcoins are either technology sceptics or jealous of others who are making money etc, please donot believe them. Many of them might have already asked you to have a “Free Trial of Bitcoin technology” and created an account for you and loaded some bitcoins in your account already. Remember that this is “Poison” and if you touch it, you will be consumed by it.

If you are still not touched by this poison, please come out boldly and confirm it to the citizens of India. Otherwise we will presume that you are all already posioned with Bitcoin.

Why Bitcoin is a currency of the Criminals, By the criminals and for the Criminals?

Bitcoin was created by the criminal syndicates of the dark web who sell crime ware, viruses, conduct ransomware attacks, extort money, sell drugs and illegal arms both offline and online. They obviously donot want any central authority to know of their transactions and hence prefer to deal with Bitcoins. Mr Satoshi who remains anonymous till date could be the biggest crook of all and posing himself as a technologist created an infrastructure for criminal funding.

The entire eco system of Block chains was created to support criminal activity and along with the spread of cyber crimes, the popularity of Bitcoins and other crypto currencies as well as the underlying technology respectably called the innovative “Block Chain” grew. Blockchain is the alter ego of Bitcoins and many believe that if Block chain technology is pushed into the main stream then Bitcoins will automatically survive and grow.

Bitcoin itself is a creation of the software and there is no physical currency or backing of a reserve or a Government promise. But it is being traded at a value of Rs 13-15 lakhs per bitcoins. Now a “Derivative of the Bitcoin” is being created which is another level of imaginary “virtualization of the virtual” with a value proposition for the gullible to pick up. It is a “bubble of bubbles” in another perspective and could burst along with the Bitcoin bubble one day ..unless the world is full of people who want to live in the dream of bubbles. There are many such people around now and they are their tribe may even grow further.

We also note that already Bitcoin block chain has hard forked once and it is anticipated that a third fork is likely to form soon. What it means to the bitcoin value, only future will unveil.

Those who are promoting Bitcoins in this uncertain environment are only trying to fool others and make money. Hence the system is full of criminals.

It is therefore not surprising that Cyber Criminals in the dark web transact only with Bitcoins (or its fungible new versions like Monero or Ripple etc, which may be more secretive than Bitcoins and better for Black money holders).

Since there are only Criminals who are technologically savvy who are working around these Crypto currencies, they also indulge in ICO scams, hacking int Crypto currency exchanges, creating malwares for mining bitcoin/crypto currencies and embedding it into softwares, apps, IoT applications etc so that all of us will use our data and devices to work as slaves and mine cryptocurrencies silently for the criminals as part of the Crypto botnet.

Is Government of India unaware of this?

I would not believe that Mr Arun Jaitely or the Finance Secretary or the SEBI Chairman or the RBI Governor is unaware of the fact that Bitcoin is a “Perfect Black Money” and hence it is great for politicians and other black money holders.

But Government strangely says that “They are Observing”… Observing what?.. the speculation where 4-5 lakh members of the public have already invested in bitcoins through the exchanges? We can  note that these are innocent persons who have given their KYC and received notices.. this does not include those who have opened Bitcoin wallet account with agencies outside India including in Singapore which is developing into a hub of Bitcoin exchanges even for Indian entrepreneurs.

What the Finance Ministry is doing in being a silent supporter of speculation is absolutely unacceptable. They are deliberately not taking action to ban the use of Bitcoins. Chairman of SEBI is publicly in favour of Bitcoins. Ministry gives out conflicting statements now and then so that speculation thrives. RBI appears to be against Bitcoins but seems to have been kept silent by the Finance Ministry.

I want Mr Modi  to show his commitment to removal of Black money in India by immediately taking up a total ban on all Privately created Crypto currencies like Bitcoin, Ripple, Etherium, Monero etc…

Mr Amit Shah may kindly note

If Modi Government does not ban Bitcoins and Crypto currencies, it will appear as if the Government has developed a cold feet in its fight against Black money and corruption. It will lose the moral authority to say that they have done everything to root out Black money.

This  matter may come to haunt BJP in its next election in Karnataka where they have to explain why BJP was interested in demonetization of physical currencies only and are not willing to demonetize the crypto currencies?….

Security Issues

Apart from the issue of Black money creation, recognition of Bitcoins in India will bring in a market capitalization of over Rs 36 lakh crores of money into the floating currency in India and could completely upset the economic stability of the country.

Most of this Rs 36 lakh crores would be in the control of our enemies including China and ISI and will be used to fund terrorists in India. It will be impossible to trace the ownership and transactions of these currencies and our law enforcement persons will be looking like bakras when they have to prove “Money Trail” in Courts in corruption and criminal cases.

Criminals will go scot-free and Terrorists and Naxalites will be able to get funds easily for their operations to break India.

This is the future of India if Bitcoins are not eliminated from the Indian scenario forthwith.

History will Judge Mr Arun Jaitely

Mr Arun Jaitely will go down in history as the person who by his inaction to ban Bitcoin caused the country to collapse.

Will he or Will he not? …ban Bitcoins and all Crypto currencies…. now or when? will be the question.

Dear Finance Minsiter, Do you have a response?

Easy Way to ban Bitcoins and Crypto Currencies

If Crypto currencies are declared as “Benami Properties” since it is held in anonymous identity, dealing with them becomes illegal ab-initio.

Also ITA 2008 provides certain encryption guidelines which the Currencies violate and hence they are already not legal.

All so called Bitcoin exchanges in India are operating without either RBI or SEBI clearance whether they follow KYC or not. They are illegal operations ab-initio.

Projecting anything as a “Currency” violates the RBI Act and is punishable. Marketing of Bitcoins  as a “Currency”, is therefore illegal per se.

We only need the Government to use these existing provisions of law and these Crypto currencies can be eliminated. …

Where there is a will, there is a way. But Government appears to be only trying to find a way out for the criminals rather than punish them in the interest of the nation. Kindly prove me wrong.

Our fight against Bitcoin continues….. 

PS: It is surprising that the media and even Mr Subramanya Swamy is silent on Bitcoins. We can understand the reluctance of the media but why Mr Swamy is silent?.. We await his clarification.

Naavi

Earlier Articles

PS: It is ironic that Google Ads may be serving ads on Bitcoin on this site even as you are reading. I donot endorse those ads.

Naavi