Governments must have Cyber Security Strategy

Cyber crimes including hacking and denial of service attacks, phishing, virus and worm influx are not only threats against individuals (i.e. consumers) but a number of these threats are increasingly being targeted at governments. With information being stored largely on online repositories, hackers (not just individuals but often large organized criminal groups) are aiming to infiltrate government websites and networks to steal or tamper with crucial data. And it is imperative that nations with major Internet population and broadband usage should look at a planned and effective strategy to counter the rising number of threats. Cyber warfare is becoming rather rampant and it is mandatory for nations to consider a cyber security strategy as an integral part of their arsenal to defend as well as respond to outside cyber threats. Specialised government funded cyber labs with state of the art technology to track, trace and crack resourced by talented individuals is now a major necessity.

The BBC News Reportstates that UK has already launched a cyber security strategy to counter such cyber attacks. The strategic units are aimed at ensuring that the government is better prepared to defend and combat such attacks.

Advertisements

Phishing targets banking customers in India

Phishing has been one of the most dangerous crimes affecting global cyber users for quite a few years now. Although apparently considered easy to spot, phishing scams can be rather deceptively intelligent and even the most educated and sceptical cyber users can often fall prey to the most basic phishing scams. Phishing essentially is a scam where the fraudster masquerades as a reliable source in an attempt to steal valuable confidential data i.e. passwords, credit card numbers, access codes etc. However the sheer variety of phishing methods deployed in the cyberspace has intrigued enforcement agencies and fooled users around the world. But an important platform for the phishing scam’s incredible outreach has been the alarming growth of spam or unsolicited emails. A vast majority of phishing emails are in fact unleashed indiscriminately targeting cyber users randomly but sometimes these emails are also sent to specific target databases acquired through nefarious means. However the rise of spam in the Indian cyberspace has played a dangerously direct role in the growth of phishing scams, password stealing URLs and victims in India. Most phishing scams are targeted to steal financial information or access codes to control financial data. Hence it is not surprising that the banking sector is undoubtedly one of the favourite hunting zones for scammers prowling the cyberspace. Databases of bank customers are being traded in the black market allowing phishing scammers to send more appropriate spams targeted at actual bank customers.

 

Customers usually receive an innocuous email requesting them to update their access information (password etc.) by going to the login site after clicking the URL provided in the email. As expected the URLs are spoofed links leading the innocent customers to a bogus lookalike or deceptively similar website of their banks. Whether owing to ignorance or negligence, often the customer ends up going to the malicious URL which then steals their passwords allowing scammers to log in to the customer’s actual bank account online and make money transfers  to their chosen beneficiaries. The beneficiaries chosen by these scammers are usually native citizens who are recruited to become the scammer’s money mule through simple recruitment methods including recruitment sites, newspaper adverts, online job alerts etc. The money mule or the beneficiary provides his banking details to the scammer who ends up depositing the entire phishing money into their legitimate accounts. The mules thereafter withdraw the stolen money and send it by various means to the actual beneficiaries suitably delegated by the original scammer. Unfortunately for law enforcement agencies, the only crucial link ends with these money mules who had physically received money in their accounts. However most of these money mules are being virtually operated by scammers sitting abroad and hence it becomes extremely difficult for cyber crime cells or investigating officers to collect evidence or gain anything substantial in a majority of these cases against the main perpetrators.

 

Rules to avoid bank phishing are rather simple. Banks providing online account management facilities to customers never send or request confidential data by electronic means. Customers receiving such emails must straight away delete such emails and never even bother to venture trying the sent URLs. If the customers really want to visit their online bank accounts’ login page, they should just type the URL in the Address Bar manually rather than clicking any link from an email or from a webpage. Customers should also check the SSL Security Status as all banks deploy the SSL Security System on their login webpages. Further customers should also ensure to inform their local branch about the receipt of any such emails so that the Bank can issue a general warning or notification to all its customers about any such scam which may be operating at that time.

New Cyber Fraud Hits India – “Online Journal Publishing Scam”

The cyberspace is increasingly becoming like a world where you spend more time avoiding frauds, scams and malicious attacks rather than actually using the space for something creative. Cyberspace is already crawling with millions of malware like viruses, worms, Trojans and spyware; hackers are attacking computers to create large botnets of compromised zombie computers and scammers spending their evil brain cells on designing effective scams through phishing, pharming, money mule or even the hopelessly simple yet effective advance fee fraud (419 Fraud). Whether it is a new type of cyber fraud or an old fraud with a twist, cyberspace is a dangerous place for those oblivious or unaware of its diabolical facade. For those who have been keeping themselves updated about the various tricks unleashed by cyber criminals, be surprised as a new scam seems to have hit town and is quite frankly deceptively dangerous. The “journal publishing scam” (as I would like to call it) is a fraud aimed at primarily the lecturers, professors, readers or researchers who like getting their creative writing and thoughts published in various online journals and e-magazines. Even students looking to debut on their publishing efforts and needing a viable space to pen their intellect in order to glamorise their CVs and profiles are an easy target of this shameless scam.

 

So what is the online journal publishing scam all about? Well the whole thing starts with the set up of a website designed as a popular journal publishing site with journals available in a wide variety of areas including science, technology, law, medicine or anything creative and believable. The scammers put up their site along with links to description of each and every claimed journal and even go to the extent of providing an Editorial Board filled with representatives from across the world. As expected the fictitious Board Members are ofcourse made to look like they have seriously academic profiles with little room for doubting their genius. Nothing in these sites look apparently suspicious and information about these alleged journals look almost believable for anyone looking to seriously publish their work. This scam is perhaps aimed more at those individuals who have little or non existent knowledge about publishing online as a frequent publisher would perhaps be able to sniff out the scam. In reality there is neither a publishing team nor editorial board and most frankly the senders of the email have also never published any online journal or magazine. The claim on their sites is usually that they are a charitable organization with no sponsors and hardly any revenue. They sustain themselves on a meagre amount of “Handling Fee” that is to be sent by those authors who are allowed to publish their work by the Editorial Team. Emails are sent to the possible targets requesting the recipients to submit articles for publishing. The emails contain links to their site and a number of email addresses where the articles or white papers can be submitted for perusal and scrutiny. Although initial emails never mention the dangerous “handling fee”, the websites will inadvertently mention this in a naive and innocent manner hoping to lure oblivious and budding writers. For those who mistakenly send their articles receive a confirmation from the Board informing them that their articles or papers have been accepted for submission and that a “handling fee” must be paid by the successful author in order for the paper to be published. Authors who have probably already been lured into this scam end up paying the small amounts hoping to see their writing online in the chosen journals. Money gets transferred and the scam is complete. I dont think I need to expressly mention here but nonetheless I will state that ofcourse the journals (or the articles) never get published. As far as hitting the database for potential victims are concerned, I guess that they are targetting academic organizations (with email addresses), professors or lecturers (with direct email contact available online) or even students going through online advertisements in order to publish their work somewhere. As far as the scam is concerned, it is designed for specific target populations and hence not expected to get major returns for the scammers unlike the popular and very obvious 419 frauds or advance fee frauds reaching millions of email users everyday. Email users are becoming increasingly aware of the scam techniques and methods and hence it is only natural that the perpetrators are coming up with new ideas. Although the new journal publishing scam may not be churning out billions of dollars, it surely has the potential to rake in quite a signficant amount considering the number of people who are looking for options to publish online.

 

The golden rule of almost any form of the Advance Fee or 419 Fraud is that there is always undoubtedly a request for a small payment irrespective of the jargon used whether “processing fee” or “handling fee” or “commission” or even “bank transfer charges”. So beware the next time an email crops up in the inbox or the junk folder inviting article submissions for academic journals online. Frankly any reputed or credible online publishing journals will never be sending unsolicited emails randomly to users across the world inviting article submissions.

Cyber Civil Liabilities in Eastern India

It has been almost eight and a half years since the inception of  the Indian cyber laws in the form of “The Information Technology Act, 2000” but the implementation or use of the statute’s provisions related to cyber civil liabilities seems to have never even been considered significant enough whether by individual clients or even corporate entities in the eastern part of India (specifically Kolkata). Ordinary civil courts are barred from having any jurisdiction in matters pertaining to The IT Act thereby making the roles of the Adjudicating Officer as well as the Cyber Tribunal (Delhi) much more emphatic. However unfortunately, the city of Kolkata has hardly seen any matters reaching the Adjudicating Officer.

 

The IT Act enumerates the various civil liabilities under Chapter IX of the statute including provisions related to unauthorized access, introduction of contaminants, copying, downloading, damage, disruption, denial of access and provides the possibility of the victim receiving a maximum compensation of upto Rs. One Crore. It is strangely surprising that a major city like Kolkata has hardly got any matters registered with the Adjudicating Officer and if records are to go by, currently there seems to be not even a single matter before the AO. This may lead many to come to the hasty conclusion that cyber crimes have not reached the cyber horizon of the city’s large database of Internet users, but this would be an erroneous assessment if only relied upon records.

 

The fact is Kolkata does have its fair share of cyber crimes and abuse and Cyber Crime Cells of the city are having to investigate several matters as we speak. But what needs to be realised is that perhaps the existence of the cyber civil liabilities provides an easier opportunity for victims to get compensation as the “Penalties” provisions completely undermine the requirement of any knowledge or intention. Thus the occurence of any event as described under the various sub-sections of Section 43 would prima facie entitle the victim to a possible compensation, although the said is entirely dependent on the Adjudicating Officer who has to assess the compensation on various factors as mentioned in the statute. The civil liability provisions should be seen as a convenient redressal opportunity for those city businesses who seem to get periodically affected by nuisances such as cyber trespass or unauthorised access, introduction of malicious programs, damages or disruption to computers, access denial instances and such other scenarios. The forum is available for them to approach and try for a legitimate compensation under the Act, however unfortunately this forum continues to be ignored and undermined. It is not that the city’s young breed of professionals are not aware of cyber laws and such related provisions as my personal experience tells me that a large number of the young graduates today are cyber savvy and more aware bout technology related laws than many give them credit for. Although a very personal opinion, but I can argue that the city’s lack of cyber civil matters owes more to the lack of awareness among victims of the available grievance redressal forum that exists for them to easily access.

Being the promoter and supporter of cyber laws in Kolkata, I hope that I will be able to actively bring this issue up for discussions on important platforms including symposiums, conferences and workshops that will be hosted by Global School of Tech Juris in the near future. I am certain that the right amount of awareness among the city netizens will bring about a positive change thus opening the doors to cyber civil matters which will ensure that citizens are not only able to use this forum to redress their grievances but also that the budding legal professionals will be able to give this area a serious thought.