Privacy, in bits and bytes News Archive News

It is good cyber crimes are being reported. Earlier, they8217;d be hushed up to prevent embarrassment for the organisations involved

Written by Subimalbhattacharjee

July 3, 2006 12:00 AM IST

5 min read

Three incidents have happened in the recent past involving cyberspace. An HSBC call centre employee in Bangalore had passed on banking details of some 20 UK based customers to accomplices who siphoned off almost Rs 2 crore. The employee had given false information and yet got employed in the BPO. The second incident was that of Ankit Shrivastava, an alleged hacker who exploited a loophole in the Airtel website and got the call details of key PMO officials and senior police officials. He thereafter demanded Rs 1 crore from Airtel for not divulging those call details. Airtel smartly lodged a police complaint. The third is the case of S.S. Paul, a system analyst of the National Security Council Secretariat who was passing on sensitive information to an American woman he had met in the course of an Indo-US cyber security meet last year.

Investigations are on in all three cases and more and more revelations are coming out. The initial arrests have been made. Some of the issues that haunt the Indian cyber march 8212; like security of BPOs, cyber extortion and confidentiality and security of data 8212; have been highlighted.

No doubt these incidents create awe about the extent to which cyber crimes are growing in our country, but at the same time they also show the helplessness that we still have in curbing such incidents. The good part is that cyber crimes are being reported because in most cases such incidents are generally hushed up to prevent embarrassment to the organisations involved. With IT penetration increasing and more and more people moving on to the online convenience of communicating, banking and shopping, such incidents reflect on the state of our preparedness in issues of technological regime. While India has had cyber legislation for a few years in the form of the Information Technology Act 2000, the past few incidents have shown that these laws need to be revamped to incorporate more possibilities. The call for more stringent punishment in the existing clauses and a separate data protection law are being again called for. Similarly, the readiness of the police force to deal with techno crimes is still much below the desired level on a national scale, although the police have done an excellent job in investigating some of the cases. There needs to be more involvement both in terms of cyber surveillance and cyber forensics. Likewise the responsibility of organisations like HSBC or Airtel has to be of the highest order and they need to install and ensure robust security practices.

While these incidents have resulted in awareness and a few remedial steps, they are still seen mainly as questions of commerce and privacy. The fact that today terrorists and organised syndicates use cyberspace for communicating and even launching attacks is still not being taken seriously. The implications of such incidents from a national security point of view are yet to be investigated. The absence of the geographical barrier makes it possible for such crimes to have major impact on our security. One of the biggest usage of the internet by terrorists is for collecting funds. Therefore, banking operations have to be conducted amidst the highest order of security and confidentiality. Likewise, the call records of government functionaries must be protected from hackers.

Globally, the advanced nations have looked at all forms of cyber attacks under something known as the critical information infrastructure protection CIIP. This CIIP policy is a comprehensive one, where the critical information infrastructures are defined, and measures are taken to deal with all forms of cyber attacks. In India we are yet to have a CIIP policy although issues related to cyberspace are being dealt with more and more. While at the highest level we have the National Information Board NIB under the National Security Advisor to look at policy issues relating to cyberspace, there is almost no action from the NIB because it rarely meets. Most efforts are by the ministry of communications 038; IT through the offices of the Controller of Certifying Authorities CCA and the Computer Emergency Response Team CERT-IN. CERT-IN has so far been doing a good job by sending the right alerts but nowhere in the government set-up are such advisories understood in their full ramifications.

These three incidents should stir us to more action so that we are ready with a policy to handle them professionally.

Tags: