Just when India is going through its biggest push towards digitisation, a group of hackers have reminded the country about the perils of the process. Over the last week, several personal and institutional Twitter handles have been hacked and filled with abusive posts. However, there was more to this digital identity heist than what the hackers could post on the platform. They had also tapped into the email database of at least two of these individuals, and generated no level of outrage or legal scrutiny from any quarter.
This brings us to an important question that India must ask itself as it tries out new ways to make virtual payments and transactions. Are we as a nation equipped to protect ourselves online? The answer is an easy no, as the events of the past week have shown. It is even more scary that as a society we are happy to live with the knowledge that our digital lives are compromised multiple times every day. According to the latest Norton Cyber Security Insights Report, Indians exhibit an alarming complacency when it comes to doing the right thing online. Indians top when it comes to falling victim to ransomware, and still seem unable to stop clicking on links from unknown sources.
Twitter does not comment on individual cases, but it seems what happened over the past week with the handle of Congress vice-president Rahul Gandhi, his party’s official handle, and the handles of NDTV journalists Barkha Dutt and Ravish Kumar, had more to do with the emails used to generate the Twitter profiles and not so much the social media accounts themselves. That would explain why there are email dumps being advertised as booty.
Incidents like these have happened across the world — recently in the US, where hacking, allegedly by Russian online entities, is a major ongoing issue. When hackers have slipped into the role of activists, they have often chosen to convey messages in the way they have chosen targets and exposed data. Everything is illegal, of course — the incidents of the past week are, for instance, punishable under various sections of the IT Act, 2008 with sentences of not less than two years.
Any email account these days is a window into the person who owns it, their identities, personalities, private lives and, more dangerously, financial profiles. Most Indians don’t even realise how their digital identities are now so inextricably linked to their actual personas. Just a simple SMS from a bank stating your balance could end up being a key to exploit you, and email access is like opening the entire door.
Millions of Indians have been enlisted for digital banking over the past few weeks. Some are trying out mobile payments for the first time, initially with very small amounts, often helped by those who know better. Prime Minister Narendra Modi recently asked the digitally literate to help at least 10 others to initiate their digital payments. The problem, though, could be with the intentions of those who help, because digital transactions is one place you might not want others to look into.
This has to be understood in the context of how easy mobile transactions are these days — it takes barely seconds to make a Paytm payment to a shopkeeper or friend — and all you need is their phone number. A lot of the first-time users will take some time to understand the intricacies of the system, at least well enough to not be duped by others. These are early days, but expect to hear of crimes related to fraudulent digital payments soon. Simply because at a time when e-wallet players like Paytm and Freecharge are reporting 10X growth in money added and 4X growth in transaction values, it is unlikely that cyber criminals would not be interested.
And this is where the government has to step in. If India has to go digital, it has to go digital safely, even if it isn’t that swiftly. And here, strong laws and penalties are crucial to send out the message that a fraudulent money transfer of even Rs 50 would be dealt with severely. Given that our digital payment platforms are also linked to the Aadhar platform, there is a powerful case for the government to keep a hawk eye on how this segment evolves. Also, while the government pushes online transactions and a cashless economy, it has to put in similar efforts to teach people how to stay safe online. The push for digitisation cannot be at the cost of the digital security of citizens.