"This website is the Wikipedia of Indian Cyber Laws".. A Visitor's remark
Cyber Squatting and ITA 2008?
Nov26: A case of an FIR being registered under ITA 2008 against a person who registered a domain name pratibhapatil.com has been reported from Delhi. Mr Neeraj Arora has given a good analysis of the mis-interpretation of ITA 2008 in the enclosed article. There are two other issues to consider. One is whether the site indicates that "pratibhapatil" refers only to the President of India and whether there was a case of "attempted impersonation". From the information available proving "Wrongful harm" may also not be easy. The Court may take a view on this while the Police can perhaps "teach a lesson" to the errant person who dared take on a protected personality. It would perhaps be interesting to have a full reading of the public prosecutor's opinion in this regard.
Berners Lee on threat to Net Neutrality
Nov25: Berners Lee, often called the father of the world wide web expressed regret that the new developments on the Internet threaten the basic principles on which the world wide web was created. In particular he has highlighted that social networking sites such as Facebook and Linked in collect information from Netizens and prevent it from being shared on the Internet. He also highlighted that wireless Internet providers deliberately slow down access to websites which donot join their preimium network. .. Detailed article in ciol
CBI and Nasscom to set up Cyber Crime Center
Nov23: In a welcome move, the CBI and Nasscom has come together to collaborate on the setting up of a Cyber Crime center which may undertake training, share information on forensics, best practices etc. Hopefully this will improve the capacity of the law enforcement to tackle the emerging threats. Related Article
Cost of Cyber Crimes.. A Study
Nov20: A report from the Ponemon Institute, "The First Annual Cost of Cyber crime Study" published in July 2010 found that successful cybr attcks now cost large enterprises on an average $6 millions a year. Report
Anti Phishing Initiatives in US support Digital Signatures
Nov 18: Anti Phishing initiatives in US (Refer Consumer Advice from antiphishing.org) seem to support our view that Digital Signature does hold the potential of reducing the incidence of Phishing frauds. It is a legal mandate in India that electronic documents can be authenticated only by means of a digital signature. However, Banks in India seem to take things for granted when it comes to legal compliance and are not serious in implementation of the digital signatures for their own communication as well as for Internet Banking.
Why and How Reserve Bank of India is remaining silent even if it is aware that its own Internet Banking guidelines of June 2001 is being ignored completely is a mystery. Perhaps the RBI, just like what our PMO did in the case of the 2G scam considers its duty done when it sends the circular and does not consider it responsible to act on its implementation. Perhaps we need a Supreme Court directive to wake up RBI to its duties.
Mumbai is Botnet Capital of India
Nov18: According to Symantec's Internet Security report XV, Mumbai is reported to be have 50% of bot infected computers in India, followed by Delhi at 13% and Hyderabad at 7%. In 2009 about 62,623 bot-net infected computers have been identified in India according to Symantec. Bangalore appear to have around 6% of them. Report in Hindu
ECI considering Paper Trail on EVMs
Nov17: Election commission of India has invited political parties to submit their views on the introduction of paper trails for EVMs. This has been a matter of discussion for some time and Naavi has also put forth some suggestions. Hopefully Political parties will find time to react to this request of the ECI. Reference articles: Solution to EVM Controversy: , Clarifications on Cyber Law Compliancy of EVMs:
Another Double Fraud.. at PNB
Nov 17: The Statesman has carried a report today about a double fraud that occurred at Punjab National Bank, Raja Street, T. Nagar, Chennai in which nearly Rs 9 lakhs was fraudulently withdrawn from two accounts and distributed to more than 30 fraud beneficiaries across India. The incident occurred during September 2009 and has come to light since both victims have approached the Adjudicator of Tamil Nadu for relief under ITA 2000/8.
What is alarming is that in a single Bank and branch within a gap of a week week two victims, 9 lakh fraud and 30 fraudster gang has come to light. If a proper nationwide enquiry is instituted and a proper estimate of such losses are made across all Banks, it appears that the Indian Banking system is in the brink of disaster caused by improper technology use. Despite several reminders from Naavi.org to RBI and IBA, there has been no response from the regulators about why they remained quiet despite the frauds being reported again and again.
The situation bears similarity to the CAG observation in the 2G spectrum case where the PMO and other ministries were content in sending a disapproving notes to the Minister and remained a silent spectator to the rest of the developments. Hope we donot need Mr Subramanya Swamy or Supreme Court to bring justice to the people. The report : Also see : Also see Comments from Gills
Double Cancellation Fraud
Nov 16: In an ingenious fraud involving exploitation of a computer programme has been detected in Kolkata. The fraud involving over Rs 2 crores were committed by two persons simultaneously cancelling the Jet air tickets, one at the jet counter and one online getting double refund. The fraud became possible since there was 40 seconds delay between the the jet counter cancellation instruction to reach the server. Detailed story
Security flaws with Mobile Companies exploited
Nov13: Police in Mumbai have busted a well thought out exploit of Cyber Fraudsters who used the weaknesses in the mobile companies combined with the dependence of Banks on mobile numbers to defraud Bank customers. The modus operandi was to steal the customer data from mobile companies, report loss of SIM card and obtaining duplicate SIM cards.The control over the mobile was then used to get the passwords on bank accounts changed and hack into the Bank account. Probably this would have been used in conjunction with a normal phishing to circumvent the mobile alert based security which the Bank was using. The thieves were clever enough to launch the mobile disablement on a saturday so that customers were unable to contact the mobile companies even after they notice the problem. In some of the Phishing frauds of late we can also see that the transfers were made on the dead of the night and moneys withdrawn through ATMs before the banks opened next day. The mobile fraud also indicates such planning to strike when the organization is closed. This highlights the need for mobile and banking companies to have a 24X7 desk for fraud reporting so that the customer can contact them at any time. In case of a Bank, there is no need for the Bank to allow after hour transactions except under very special circumstances. Like mobile banking, "Night Banking" should be only on specific request and not by default. Related report
1 Million Chinese Mobiles infected with Virus
Nov 13: As per a report in a Shanghai Daily, a virus by name the 'zombie' virus, hidden in a bogus antivirus application, has infected over 1 million mobiles in China. The virus can send the phone user's SIM card information to hackers, who then remotely control the phone to send URL links. The attack is estimated to cost the users a combined 2 million yuan ($300,000 U.S.) per day. Report
Digital IDs Across Europe
Nov 13: Digital IDs have been spreading across the continent in recent years. Estonia has had one for nearly a decade, with a slew of electronic government services, and legally binding digital signatures to go along with it. Belgium, Sweden, Spain, Portugal all currently have electronic ID cards, and there are plans in place to release such cards in Luxembourg and the Czech Republic. However, Germany which recently introduced digital ID cards got stuck with security vulnerabilities and had to stop issuance pending correction of security flaws. Despite the flaws which will be corrected in due course, it is clear that the world is moving towards digital ID cards and India also has to move in this direction. Related Article
The security issue has arisen because of the smart card system adopted by the authorities through deficiencies in the software used in the card readers. it appears that the problem is not serious and can be resolved easily. However it may require real time connectivity.
Naavi has been advocating the DVIIS system for a long time now for such applications and the UID is also implementing a similar technology. However UID has not yet integrated the digital signature system. Naavi has ow proposed a UDID (Universal Digital ID Card) which provides for secured digital signature along with the normal parameters associated with an ID card and can even be supplemented with an RFID tag if required.
In case UID authorities would like a pilot to be organized for demonstrating the UDID, the same can be organized. Any corporate entity which wants to substitute its present ID cards with UDID may also request for a suitable solution which can be customized for the requirement of the organization.
Cloud Computing Risks
Nov11: US Government has released a federal risk management guideline for Cloud security. A Copy of the guideline called Federal Risk and Authorization Management Program (FedRAMP) is available here. This was was developed to provide a standard approach for assessing, authorizing and monitoring cloud computing services and products used by the federal government. This could also be a good reference document in India for "Reasonable Security Practices" under ITA 2008.
Fake Call Center in Kolkata
Nov8: A report in Guardian UK suggests a major scam from Kolkata involving fake phone calls to customers in UK stating that they are calling from Microsoft and giving suggestions which involve total compromise of security. Details are available in this accompanying article.
One of the security observers has reported the following two addresses in Kolkata registered for the fraudster's websites:
1: mypccare.com: Zeal IT Solutions Pvt. Ltd, (zealinfo123@gmail.com), CD-202, Sector-1,Salt Lake City, , Kolkata, West Bengal,700064, IN, Tel. +033.65486467
2.: onlinepccare.com: Onlinepccare, M.K.Shah (opccare@gmail.com), 835,Pblock new alipore, Kolkata, West bengal,700053, IN, Tel. +091.3340101614
We urge Kolkata Police to investigate and publish their findings for public awareness. We also invite rebuttals if any from the above mentioned companies.
Indian Banks in a mess because of faulty software
Nov 7: I draw the attention of Reserve Bank of India to my observation in one of the major Banks in India where two debits (part of several unauthorized debits that occurred in the account) reflect in the customer’s account at the branch but does not reflect in the records of the Internet Banking department extracted from perhaps the core banking server....It appears that the traditional double entry book keeping in the Bank where every debit must have a corresponding credit does not work in the internet banking system...Are we sitting on a volcano of frauds that may burst any time and take the Indian bank down and along with it the Bank shares in the stock market and the economy?...
I hope the indicative information in this article will make RBI or the Ministry of Finance to take necessary action which the depositors of Banks would expect from the regulatory authorities.... Details
Neighborhood Bankers.. Are they RBI licensed?
Nov 4: A report has appeared in NY Times about a micro Banking project supposed to be under operation in Delhi. While the entrepreneurial spirit displayed is highly appreciable, if the service is run as indicated in the report, it appears to be not in compliance with the Banking law in India... Article
Indian Banks on the verge of Collapsing???
Nov: 4: As a person involved in information security area, and advising public on Cyber Crime issues, I often come across information about frauds in Banks. One such recent incident has triggered a huge concern in me that we may be in for a major bank collapse due to inadequate security systems in the Bank and inadequate supervision from the Reserve Bank of India....More
Fake Clinics come up in USA
Nov 4: FBI busted a massive identity theft racket where identities of patients as well as doctors were stolen to create fake clinics for the purpose of raising fake biils. The scam spread over 25 states involved a fraud of US $165 million. 52 persons were arrested. Report
Fined for Delay in Notification of Data Breach
Nov4: Breach Notification is a new obligation that HITECH Act has hoisted in Business Associates in US under HIPAA. Designers of the website of Wellpoint, a health insurance enabled online applications to be submitted by public and the information so collected was left on the web server in a manner that it was accessible to others. For this potential breach, which lasted for 137 days, Though notified in end February, the Company failed to notify the affected persons and the AG's office as required under the law (in Indian State where the company is located0 only in June 2010. AGs office has now fined the company $300000/- for the delay. Report
Lucrative EHR market in USA.. for HIPAA_HITECH Compliant Companies only!
Nov3: After the passage of the HITECH Act in USA, Health Care providers in USA are eligible for massive subsidies for meaningful use of Electronic Health Records. This is a great opportunity for software companies in India of a type offered by the Y2K issue in the last decade. The US Government has set aside $19.2 billion for subsidies nd the total market for EHR related services is estimated to be over $50 billion. According to a recent report only 20 percent of U.S. hospitals have EHR systems, but starting next year the typical 500-bed hospital will be eligible for $6 million in federal funds to implement an EHR and will eventually face $3.2 million a year in penalties if it fails to have a system in place. In order to establish oneself in this market, it is necessary for Indian companies to make their software HIPAA-HITECH compliant. If as per the report, 80% of US hospitals are now moving into EHR systems, it also indicates a massive growth potential for the medical transcription industry which also requires HIPAA-HITECH compliance. Naavi as a leading HIPAA Compliance consultant in India expects that Medical Transcription companies in India should speed up implementation of HIPAA-HITECH Compliance without which it would not be feasible for the US vendors to pass on transcription business to them. Related Story
CBI Enquiry on Tatkal Reservation Scam
Nov1: Some time back Naavi.org had highlighted the possible fraud in tatkal booking manipulating the online reservation system. A website which had published a script that could hack into IRCTC website and book tatkal tickets was also revealed. After Times Now TV reporter contacted the software professional who had put up the script, the site was removed. IRCTC also changed some of its design elements which could have made the old script obsolete. Now this report suggests that CBI is enquiring into possible staff involvement in the reservation scam. We trust that the investigation would also check the use of online reservation facility and possible use of malicious software to make the booking. Report in NDTV
PR Syndicate honours 'Cyber Law Guru of India', Na.Vijayashankar
PR Syndicate, (an organization of Corporate PR Professionals in Chennai,) celebrated its First Anniversary on 20th January 2007 at Russian Cultural Centre. On the occasion, "Award of Excellence in Public Life" was presented to 'Cyber Law Guru of India' Na.Vijayashankar...More
What is Naavi.org?
Naavi.org is India's premier portal on Cyber Law. It is not only an information portal containing information on several aspects concerning Information Technology Law in India but also represents the focal point of several services around Cyber Law carried on by Naavi.
The first such service is the Cyber Law College a virtual Cyber Law education center in India which provides various courses on Cyber Law.
The second key service is the Cyber Evidence Archival center which provides a key service to help administration of justice in Cyber Crime cases.
The third key service is the domain name look-alikes dispute resolution service which provides a unique solution for websites with similar looking domain names to co exist.
The fourth key service is the online mediation and arbitration service another unique global service.
The fifth key service is the CyLawCom service which represents the Cyber Law Compliance related education, audit and implementation assistance service.
Additionally, Naavi.org is in the process of development of four sub organizations namely the Digital Society Foundation, Naavi.net, International Cyber Law Research Center and Cyber Crime Complaints and Resolution Assistance Center. Digital Society Foundation is a Trust formed with the objective of representing the voice of Netizens in various fora and work like an NGO to protect their interests. Naavi.net is meant to develop a collaborative distributed network of LPO consultants. International Cyber Law Research Center would support research in Cyber Laws and Cyber Crime Complaints and Resolution Assistance Center would try to provide some support to victims of Cyber Crimes.
Together, Naavi.org represents a "Cyber Law Vision" that goes beyond being a mere portal. Started in 1997, when the concept of Cyber Law was new across the globe, consistent efforts over the last decade has brought Naavi.org to the beginning of "Phase 2" in which the services are ready to reach out to a larger section. This is recognized as the phase of collaborations and growth by association. Naavi.org will therefore be entering into a series of associations to develop each dimension of its vision with an appropriate partner. Individuals, Organizations and Commercial houses which have synergistic relationship with the activities of Naavi.org are welcome to join hands in commercial and non commercial projects of Naavi.org.
Naavi
If you would like to know more about Naavi, the information is available here.
For Any Payments to be made to Naavi online : Naavi_s Payment Center