Header image alt text

Naavi.org

Building a Responsible Cyber Society…Since 1998

MHA advisory on Cyber Crime Prevention and Control

Posted by Vijayashankar Na on January 31, 2018
Posted in Cyber Law  | Tagged With: , , , , | No Comments yet, please leave one

The Ministry of Home Affairs released a circular on 13th January 2018 to all the State Governments and UT Administrators recommending some measures towards better Cyber Crime prevention in the respective Sstates and UTs.

Copy of the Advisory

The Circular took forward a couple of recommendations which the T. K. Vishwanathan Committee on amendment to ITA 2008  was supposed to have proposed.

In particular, it has now proposed that the States should act on the setting up of

a) State Cyber Crime Coordination Cell and

b) District Cyber Crime Cells

This was proposed as a suggested amendment to the Criminal Procedure Code. Instead of the Center attempting to make amendment to CrPc, it appears that the responsibility has now been cast on the respective State Governments.

We need to wait and watch which State Governments are more concerned about Cyber Crime prevention and take action.

In these suggestions, it is proposed that the State may set up a State level coordination cell headed by a senior police officer of the ADGP/IG rank and ensure a district level, station level facilitation of cyber crime prevention activities. This will ensure that a police officer with the right kind of orientation to Cyber issues can be assigned this responsibility and the legacy system which is burdened with physical security responsibilities is not burdened with Cyber Crime prevention management which is alien to their culture. It is a great opportunity for the Police system to bring about a seminal change in the way Cyber Crimes are presently handled in the States.

The second suggestion to form District level Cyber Crime cells is also a significant step in the direction of better Cyber Crime Prevention since it envisages a support system for the SPs in the districts in which at least three domain experts in Information Technology. Mobile Telephony, Digital Forensics and Cyber Laws hired from the market. This is an acknowledgement that it is not always possible to get the expertise from within the recruits to the Police system and there is a need for public-private partnership.

The procedure to be adopted for involving the external persons need to be properly conceived. It is preferable if these “Experts” are not on an employment contract. If so it will become another Government job and will be decided on the basis of money and influence. Instead the SP should be given powers to recruit the assistance of experts by creating an expert panel and pay consultancy fees on short term contract basis. Only then the services of real experts would be available. Otherwise the system would degrade over a system into yet another Government department and will not be of use.

The Advisory of the MHA highlights the need for inter-state cooperation in Cyber Crime investigations which should be facilitated to a large extent if the State level Coordination cell becomes operational in most of the State. Naavi.org had tried to convince TN and Karnataka Cyber Crime Police Stations to take an initiative in this direction more than a decade back to bring together all the four southern states into a monthly meeting. But the idea was not taken up formally to higher levels by the then officers though I had received a positive response from both TN and Karnataka officers.

The idea of “Mobile” Cyber Forensic labs proposed is also a recommendation that had been made to Karnataka Police long time back and it is good to see the idea being revived now. The Mobile units would assist in “Quick Response” to Cyber Crime complaints so that evidence should be secured at the earliest. It is needless to say that the evidence gathering team should be fully aware of the legal issues involved in maintaining the Chain of Custody and the Section 65B evidentiary certification requirements so that they donot accidentally render evidence un-usable.

The Advisory also suggests use of BPR&D resources for capacity building and release of funds for training of Police on Cyber Crime related skills. Hopefully it would be put to good use by the States.

Another important suggestion made by the advisory is to set up a “Cyber Intelligence” system to monitor the Internet including the “Deep Web”. This brings us back to another ancient suggestion made by Naavi to set up a “Friends of Cyber Police” system where voluntary members from the public would assist the Cyber Crime Police with information and assistance to track crimes.

We must however recall the recent incident where a hacking group had stated that when they had penetrated several sleeping terror cells and wanted to pass on the information to the Government, there was lack of interest . This was perhaps in Kerala where the State Government is known to be supportive of some communal forces and hence might not have shown interest. But I hope MHA must have by this time taken up the matter under their investigation and the Central Government should take steps to see that such complaints should not arise in future.

As regards “Online Complaints”, it appeared that the website mentioned in the advisory is still not functioning. I had recently put out a detailed article How Do We Improve Cyber Crime Management System in India?.. and also suggested a procedure  to Relieve Cyber Police in India of needless burden and make them more focused.I wish the suggestion is taken up for immediate implementation at least by some of the States.

This suggestion was based on an actual experience where it was found that Mumbai Cyber Crime Cell was reluctant to initiate an investigation of a complaint by issuing an IP resolution request and the delay will ensure that the tracking trails vanish. The Mumbai Cyber Crime Police were therefore guilty of deliberately allowing the potential accused to get away and the top management of the Mumbai Police were unable to take preventive action. This will remain an example of how corruption in the Cyber Crime policing system affect the success of Cyber Crime investigations and Naavi.org will continue to talk about this though it may not be palatable to MHA both in the center and Maharashtra state.

The suggestion of the online complaint receiving system along with the suggested “Friends of Cyber Police” and “Raising of IP resolution request by designated NGOs” would go a long way in addressing the issues raised by Naavi in the Mumbai Cyber Crime investigation fiasco.

I hope the MHA takes up follow up action on the Advisory and push at least the BJP ruled states to start implementing the suggestions.

Naavi

Reference Articles

How Long Will Google take to resolve an IP Address?… Make all intermediaries pay for the delay
I was on 16 and Going on 17….I need everyone….to know me and comply…says ITA 2000/8 Proposed Amendments to ITA 2000 and Privacy Protection
Redefining the scope of ITA 2008.. in the amendments..
Suggestions on Modification of ITA 2008
Domain Name Regulation in ITA 2000..to be amended
Police, Prosecutors and Judiciary: Please Don’t Create Fake Laws out of your misinterpretation
How to Relieve Cyber Police in India of needless burden and make them more focused

Mr Kapil Sibal who was the minister for IT in the UPA 2 Government is seeking election from Delhi Chandi Chowk which is going to polls on 10th of April 2014. Though this site is not a political site and I keep my political opinions to a different forum, I would like to bring to the notice of all that Mr Kapil Sibal was singularly responsible for all the cyber crime victims of India to be denied justice for last two years and voters  need to remember this disservice while voting for him.

It was way back in June 2011 that Justice Rajesh Tandon retired as the chair person of Cyber Appellate Tribunal, Delhi which is the apex appeal court supervising the decisions of the Adjudicating officers of all States and Union territories who form the trial court system for civil disputes for all Cyber Crimes and offences under Information Technology Act. (ITA 2000/8).

Though it was known that the position of Chair person would become vacant, Mr Kapil Sibal did not take any action to fill up the vacancy in time before the retirement.

Since then Mr Kapil Sibal tried to recommend one particular person for the post and when the Chief Justice of India asked for alternate recommendations, refused to send alternate recommendations.  He even kept one Jutice Mr S.K.Krishnan wait for 9 months in the Tribunal without giving him the necessary authority to take up cases. Even when Courts issued notices on the delay, Mr Kapil Sibal gave a political reply that the appointment will be completed expeditiously but never took any action to fill the vacancy. All this was done so that the person whom he favoured alone becomes the Chair Person. He was arrogant and adamant to keep the Court shut since the Chief Justice did not agree with him.

As a result, several judgements which were on appeal in this court including the appeal of ICICI Bank Vs S.Umashankar, Gunashekar Vs PNB, Vijaykumar Vs PNB, Rajedra Yadav Vs ICICI Bank, Gujarat Petrosynthese Vs Axis Bank were all held up in various stages of decision.

To compound the problem, the adjudicator of Karnataka Mr M.N.Vidyashankar gave a bizarre judgement annulling the entire Information Technology Act to benefit Axis Bank and his decision remained effective because the Cyber Appellate Tribunal was not functioning. Even Karnataka High Court failed in recognizing the impact of this biased decision of Mr Vidyashankar virtually shutting all legal remedies of Cyber Justice to cyber crime victims in Karantaka. The Government of Karnataka failed to take any remedial action.

The details of all these developments have been documented in this site in many of the earlier posts.

Thus Mr Kapil Sibal trying to post one favoured individual as the Chair person of Cyber Appellate Tribunal virtually shut off the Cyber Justice system in India. Any number of appeals to people lime Manmohan Singh, Sonia Gandhi, Rahul Gandhi, Pranab Kumar Mukherjee, Chief Justice of India etc failed to see any action and Cyber Crime victims of India have remained  cursing the system. By the time the next Government takes charge and remedies the situation, many of the victims would have grown old and lost interest in fighting for justice.

I sincerely wish that the voters of Chandni Chowk Delhi make Mr Kapil Sibal  pay for their misery of the cyber crime victims by voting against him.

Naavi

Government is on a holiday

Posted by Vijayashankar Na on December 24, 2012
Posted in Cyber CrimeCyber Law  | Tagged With: , | No Comments yet, please leave one

The Lieutenant Governor of Delhi who was enjoying a holiday in US while the city was burning has now come back to India. Many hope that there will be some accountability for what happens in Delhi now. People have criticized the insensitivity of various political persons including the Prime Minister who did not consider it necessary to speak on the incident until the media started commenting on the irrelevance of the PM’s role in Governance.

As a person observing the Cyber Law scenario in India since its birth, it appears that what we are seeing in Delhi administration is also what we are seeing in the administration of Cyber Law related policy issues for which the Ministry of Communications and Information Technology is accountable. This ministry is headed by Mr Kapil Sibal with Mr Milind Deora as his deputy. Nearly for the last one and half years the undersigned has been constantly reminding the ministry that the post of the “Chair Person” of Cyber Appellate Tribunal (CAT) is lying vacant and without the appointment the Cyber Judicial system in the country is absent. The matter has been brought to the attention of the Chief Justice of India, President of India, the UPA Chair person as well as Mr Rahul Gandhi through various means.

But for reasons known to the department, no action has been taken in posting a chairman for the CAT.

What is revealing is that during this time, one retired High Court Judge of Madras High Court, Shri S.K.Krishan was appointed as the Judicial member at CAT and was otherwise eligible to be designated as the Chair person. Despite requests he was not designated and he worked from December 2011 to November 2012 without being able to hold any hearings and attained super annuation.

The Government in the meantime appointed a Head of Department of CAT and another person as the Technical Member of CAT. However, on the appointment of the Chair person there has been no information.

The only apparent reason is that appointment of the Chairperson is not to the liking of some vested interests or there is no consensus from the committee responsible for selection on the candidate selected for the post.

I wish some body in Delhi make an RTI application to find out why the Ministry is unable to appoint a person to the post of the Chair person of CAT.

I call upon the authorities such as the Ministers in charge to come up with a public statement in this regard. I wish the national media takes up this issue which is extremely important for the victims of Cyber Crime suffering without a judicial remedy from June 2011 and wake up the Government from it’s slumber.

Naavi

Mobile Crimes to be the focus in 2013

Posted by Vijayashankar Na on December 18, 2012
Posted in Cyber Crime  | Tagged With: , , , | No Comments yet, please leave one

Symantec has predicted that in 2013, Cyber Crimes in India is likely to grow in the Mobile segment. It is estimated that there are around 137 million Internet Users in India and nearly 70% of them use mobile to access Internet. Simultaneously the Social Media user base also is said to have increased from 38 million to 60 million in 2012. These two aspects are predicted to attract Cyber Criminals to target these segments. Details

Mobile users need to be extremely careful while using their smart phones for critical internet applications such as Banking. It would be better not to use mobiles for Internet Banking since Indian Banks are not responsible enough to secure their internet banking platform and there is little legal support to customers. Also it is necessary to fortify the smartphone with an anti virus for whatever it is worth and be selective in downloading apps to mitigate the malware risks.

Banks are under Attack.. Beware

Posted by Vijayashankar Na on December 16, 2012
Posted in BankInformation Assurance  | Tagged With: , , , | 1 Comment

Security specialists have put out a grave warning about a massive Cyber attack planned against 30 major US Banks. RSA recently announced that a gang of Criminals had developed a sophisticated Trojan under a project idenitified as “Project Blitzkreig” which has been successfully tested.Security firm McAfee has warned that the full fledged attack is imminent in the coming days.

Though the present threat advisory is for US Banks, it includes CitiBank, E Bay and PayPal which has operations in India. Also the technology can reasonably be expected to be used to attack the Indian Banks since Indian Banking security is weaker compared to the US Banks and the Cyber Crime knowledge, technology and tools spread fast across the globe.

The scheme appears to involve logging in to the banks from Computers which are cloned to represent the home computers of the customers so that inconvenient security questions can be avoided.

It also uses the familiar method of circumventing the daily transfer/individual transaction limits by using many “Mules” as is normally done in phishing cases.

Indian Banks in the recent days have tried to increase the transaction limits without hardening their security. Hence the risks to Indian Customers are higher. There is also a tendency in Indian Banks to fight with its customers in cases of such frauds and drag them to Courts if they seek remedy. The Government of India which has kept the Cyber Appellate Tribunal closed for the last 2 years is indirectly acting to discourage the Banks from seeking legal remedy. Though RBI has been providing necessary guidance to Banks to secure the customer interests and to absorb Cyber Fraud liability through insurance, Banks are ignoring the RBI’s mandate.

We hope RBI and GOI will take note of this new threat and try to implement remedial measures at the earliest.

Related Article: cnn.com :: Computerworld

Virtual Key Board unsafe under IE

Posted by Vijayashankar Na on December 13, 2012
Posted in BankInformation Assurance  | Tagged With: , , , , | No Comments yet, please leave one

Dec 13: A vulnerability in Internet Explorer is said to make it possible for a hacker to track the mouse cursor movements on the screen. This would make the “Virtual key board” system used by some Banks for password entry useless. At present the vulnerability is identified for IE and many would use other browsers. However some sites  are compatible only with IE and force users to use IE. In such cases vicarious liabilities may attach on the site for inadequate security. Related Article