"Watch This Site as a Daily Habit. It may save careers".. A Banker's remark as an advise to fellow Bankers

---

Cash Trapping at ATMs..New Fraud

Oct 31: We are aware of the "Lebanese Loop" technique of ATM frauds where the objective is to trap the ATM card. Now most ATMs have been shifted to the swipe and remove type where the "Lebanese Loop" does not work. It appears that a new technique is being developed for "Cash Trapping" where cash does'nt come out and after the customer leaves, fraudsters go in and release the trapped cash. This fraud might not have yet been reported in India but is expected any time.

When such frauds happen, customers approach the Banking ombudsman for releif. I would like the Banking Ombudsman of Bangalore Mr Palanisami to make a special note of this new fraud technique since in such cases the technical report from the ATM would be "Transaction Successful. Cash dispensed". Since Mr Palanisami is known  not look beyond this report, we may see any complaints made to him from customers referred to him may be rejected.

It is necessary fpr Banking Ombudsmen to understand that the fraud is a result of the Bank's negligence because of non availability of CCTV, non availability of the Guard and non availability of a working Hotline. Banking Ombudsmen  have a tendency to ignore all such negligence as was done by Mr Palanisami as he did in the case of the ATM fraud case referred to him by a customer of Bank of India and conveniently rejected by him.

As long as Banking Ombudsmen are insensitive to the victim's problems and unaware of the techniques adopted by fraudsters, Indian Bank customers are in the danger of losing money through ATMs.

GGWG Compliance Deadline..October 31, 2011

October 31: The Reserve Bank of India mandated to all Banks through its Circular letter dated 29th April 2011 that recommendations of the G Gopalakrishna Working group on Information Security and Electronic Banking shall be implemented during the year 2010-2011 and progress reported in the annual report of the coming year.

Further RBI advised that by October 31, 2011, meaning today, Banks should have put in place the initial compliance plan which does not require major budgetary changes....More

Naavi on Digital Wills

Oct 29: Naavi has written a detailed article on the "Inheritance of Digital Assets" a copy of which is found here. Forbes India recently carried an article on the subject in which naavi was also quoted.

Naavi speaks at Bangalore Science Forum

October 27: Naavi addressed a gathering of academicians and students at National College, Basavanagudi, Bangalore. A report in Prajavani is here.

Hindu Business Line removes an article from the Internet

October 24: In a surprising move, it appears that Hindu Business Line has removed an article dated October 24th which spoke about an IIM professor losing Rs 18 lakhs to SMS fraud from its Internet site. Details : Full article : Report in ibnlive :

P.S:  It has now been clarified by BL that the article is now available at a different location under a different headline within their site at http://www.thehindubusinessline.com/industry-and-economy/banking/article2568032.ece?ref=wl_industry-and-economy

Axis Bank trades on CAT information

October21: Axis Bank which handles the CAT (Common Admission Test for IIMs) applications is reportedly using the information of applicants to hawk its own services. Report

If there is any lawful contract between the applicant and the bank that the personal information is not to be used by the Bank for other purposes, this could be considered as an offence under Section 72A of ITA 2008 which imposes a possibility of three year imprisonment to the Bank's officials. Though such a written contract may not be existing, it should be "Implied" since Axis bank is handling the CAT applications on behalf of IIMs as an intermediary and such an undertaking is part of the collection and limited usage principle under Section 43A of ITA 2008.

It is to be noted that IIM has reportedly indicated that they have not authorized Axis Bank to use the information and this could be considered as evidence that the disclosure is "Unauthorised".

It would be interesting if the affected person files a complaint on this behalf both with the Police for criminal prosecution and with the Adjudicator for damages.

Railways to Accept Virtual Reservation Message as tickets

October 21: There are instances when a train passenger does not carry a "Print out" of his e-tickets.  According to Railway Board Letter No.2008/TG-I/10/P/SMS dated 20.07.2011, it now appears that a "Virtual Reservation Message" (VRM) would be acceptable as a ticket. VRM includes a screen shot of the e ticket as displayed on a laptop or a mobile phone. This is a convenient feature for many since they carry the laptops with them most of the time and show the ticket copy more easily than a print out. Hope the TTE does not scratch out the laptop screen in acknowledgement!. Copy of order.

In case the TTE does not accept, and charges a fine,  a receipt of the fine (the receipt should clearly mention why the fine was charged) may be sent to  care@irctc.co.in and one may get refund.

IIMs invoke ITA 2008 to hold a threat on CAT attendees

October 19: In what could be called an unprecedented move which challenges certain concepts of law and freedom of expression, IIMs collectively have issued a threat to all the CAT aspirants this year that they shall sign a "Non Disclosure Agreement" before taking the test and not discuss the questions after the exam. Such disclosure is being threatened as an unauthorized disclosure of information under ITA 2008 as well as a violation of the Indian Contract Act and the Copyright Act. Prof Janakiraman Moorthy, convener of CAT has threatened the students that they would be charged under ITA 2008 for punishment upto 3 years. The threat is a sad reflection of the lack of confidence of the organizers in formulating an appropriate test plan that is difficult to remember and a large number of questions to work with. The proposal poses an interesting legal challenge which is likely to be debated for its legal validity....More

E Banking is now Even More vulnerable

October 19: If RBI does not wake up fast, E Banking in India is doomed. The recent findings of a new Trojan which is a variant of Zeus and SpyEye has the capability of not only logging key strokes but also change the mobile number associated with the bank account so that the OTP system can be defeated. A series of Phishing transactions reported recently involving State Bank of India and Vodafone indicates that the trojan may be already active in India. One leg of the fraud in this mode involves the obtaining of control over a SIM card with a compromised KYC. It is inevitable for customers therefore to seek remedy for such frauds through vicarious liabilities being hoisted on Banks and MSPs. But the best bet for customers is to keep the Internet Bank accounts separate from non Internet bank accounts and ensure that the balance in the Internet bank account is kept to the minimum. Related Story

Hacking Case against Sanjiv Bhatt?

October 18: It is reported that Ahmedabad Police are investigating an accusation that Mr Sajiv Bhatt the anti Modi IPS officer for hacking an email account. The report in Dainik Bhaskar quotes a Police official sstating that the case may be filed under Section 66A and it is non bailable.

I suppose the report is wrong since the reported offence appears to be under Section 66 and is bailable. Hope the Police donot make a mistake when they file a complaint and embarrass themselves... Report in Dainik Bhaskar

Women CEO arrested in Mumbai.. Lesson for HR Managers

Oct 17: The report that a woman CEO of a reputed company was arrested in Mumbai for posting a defamatory information about a subordinate shows how ignorant are IT officials about law. Article in TOI. The article has however been questioned for veracity since it has not revealed the names of the people involved and also indicates that the Police let the accused off though the offence was Cognizable and indicated a highly depraved mind in charge of a Company capable of harming many others.

A similar case had been observed several years back when an administrative manager had complained to the police about an obscene morphed photograph of a senior marketing official had been circulated within the company. When the Police investigated they found that the email originated from the residence of the promoter director of the Company. The case was quietly withdrawn.

Yet another case in Chennai was a case of a colleague who sent defamatory emails about a lady colleague to frustrate her promotion. This case could not progress since the Hong Kong based ISP did not provide the IP address resolution and the Chennai police could not move CBI for intervention of Interpol.

Employer-Employee of Colleague-Colleague disputes finding expression in Cyber offences is a trend which HR managers have to take note. Naavi has identified this as the "Cyber Offendo Mania" requiring special techniques in identifying such tendencies in employees so that remedial efforts can be taken in time. Related Article on Cyber Offendo Mania : Another incident where Cyber offendo Mania manifested

An Interesting Adjudication Decision from Maharashtra

October 16: In an interesting decision from the Adjudicator of Maharashtra, an estranged wife has been found guilty of "Unauthorized Access" under Section 43 and extracting e-mails and chat session details of her husband and father in law and producing them in support of her dowry harassment case. The adjudicator however has only imposed a nominal penalty under Section 66C of Rs 150/-. Copy of the Judgment is found here. Once the decision of Section 43 is confirmed it also confirms an offence under Section 66 and hence prosecution may be continued by the Police. (Earlier order of CAT relevant to this case is available here)

The adjudicator has restrained himself from imposing a penalty since he has not found a quantification of a wrongful loss. It would be interesting to see how the matrimonial court would treat the illegally produced evidence. If the illegally produced evidence is accepted by the matrimonial court then the "Wrongful harm" caused by the act would crystallize. In that case a cause of action may arise for the complainants to appeal for compensation under ITA 2008 for a decision already made.

This decision however is a land mark decision in its own category and will be a good precedent for future reference. Mr Rajesh Aggarwal, the Adjudicator has therefore provided a valuable contribution  to the development of Adjudication system and to Cyber Jurisprudence in India.

Cyber Safety Week in Pune

Oct 16: Pune Police in association with DSCI successfully concluded the Cyber Safety Week to  improve the awareness of Cyber Safety issues in the community including the Police force. At the concluding session on October 15th,  Naavi addressed the group of Police officers and IT professionals and discussed the legal aspects of Cyber Crimes.

Don't Believe even if your Bank account is Credited!

October 14: Here is an example of a fraud which marks a new way of using "Phishing". (See details here). This  makes one wonder how can one trust our Bankers even if they confirm that our account has been credited. Here the customer got an email confirmation through a "Phishing Mail" to persuade the recipient to ship a Camera which he registered for selling on a E Commerce website. The email was a fake. Fortunately in this case the customer was vigilant and did not part with the goods.

However there was an earlier instance in Bangalore where an Exporter made a shipment on the basis of money credited to him at State Bank of Mysore through their correspondent Bank's Nostro Account. After shipment the payment was reversed because the foreign bank reversed their entry citing some technical reasons. SBM had no sympathies to the victim of the Cyber Fraud and promptly squeezed the customer through DRT proceedings. (Current position in this case not known)... More

Cyber Cafe Regulations..in TN

Oct 13: An interesting article on Cyber Cafe regulations can be found here.

---

Chinese Company Huawei's link to Chinese Military

Oct12: For a long time every body knows that China is slowly spreading its tentacles across the digital space through Manchurian Chips and other forms of backdoors being installed in other countries. Now CIA has again brought out a report stating the obvious that Huawei is linked to Chinese military. Despite such overwhelming revelations, Indian Government has its utmost faith in Chinese technology and has allowed Chinese suppliers to dominate the Indian IT industry. It is unfortunate that even the scientific community like IISc as well as the IT industry has not recognized the Chinese Risks and taken effective counter measures. It is time that India develops a suitable IT strategy to reduce the dependence on China over the next few years. In fact this should be one of the policy objectives for the Government. Related story

German Government involved in Cyber Terrorism?

Oct10: F Secure has indicated that it has identified a malware which appears to have been spread by the German Government for the purpose of snooping. The malware is the wild and can infect computers of non Germans also. This therefore could expose German Government to liabilities under the Cyber laws of other countries. In certain courtiers like India this amounts to "Cyber Terrorism". F Secure has also revealed that such "Official Malware" is often discussed in the anti virus circles and F Secure itself assures the public that they would not allow any such Trojans going undetected. It is suspected that FBI has prevailed upon some AV manufacturers to leave their snooping malware unreported. Probably China may not be far behind. Related Article

Law of Internet For Exporters

Oct 08: Here is an article on Cyber Laws for Exporters at Exim Matters.com : The law of internet for exporters

CD Books for Conferences

Oct 08: A special scheme for Naavi's E Books to be distributed in Conferences or to Customers or Employees of Companies where creation of an awareness of Cyber Laws is relevant is now available.  Organizers of Conferences may buy the books in bulk to be rendered on CDs with no extra costs. They can also get the sponsorship name embedded on each page of the book.  They can also sell ad pages to others for a cost. Details Available here

Cyber Laws for the Politicians

Oct 08: Naavi has often said that Cyber Laws should be for the Netizens and  By the Netizens. However in India laws are passed ostensibly for the common man but implemented only for the politicians and to protect their interests. People with money may also get the law to support them.

It is only on rare occasions that law protects the common man and most such cases depend on an individual honest officer in the Police or the Government.

The recent controversy regarding application of ITA 2008 for a cartoonist who showed Sharad Pawar as a pole dancer revealing an asset of only Rs 12 crores is a case in point.

Naavi's Comments on National IT Policy

Oct 08: The National Policy on Electronics focussses on developing India to a global leader in VLSI and a significant player in the ESDM industry. These are welcome. Concern areas are the "Long term partnerships in critical sector", "Security" and "Implementation". ... More

National IT Policy for more mobile services

Oct 08: GOI has released a draft IT policy for the nation for public comments.  The policy is well drafted and makes the right sounds. However it is clear that what drives IT in India is Government expenditure on hardware. Earlier it was investment in computers. Now it is investment in Mobile devices. As a part of the policy probably several thousands of thousands of Crores would be spent on the purpose.

If this investment is directed towards indigenous hardware development as in the Akaash scheme there could be some long term development. The Policy makes a mention of developing the indigenous hardware industry making India the ESDM hub. (Electronic Systems Design and Manufacturing hub). Hope it will be pursued during implementation.  Report in ET : Public Consultation

US Drone Control infected with Keylogger Virus

Oct 08: In a security breach of serious military implications, it is found that computers controlling the Drones used by US military for remote controlled attacks in Afghanistan have been infected by a virus. It is stated that the Virus is persisting despite several attempts to remove it and includes a Key Logger. Related REport

OTP Passwords Could be hijacked

Oct 07:  It is reported that a social engineering method is being adopted to hijack OTP issued by Banks for transaction authorization. The trick appears to send and SMS to the victim and make him change the assigned mobile number.. Related Report

Chennai Introduces new Cyber Cafe Regulations

Oct 06: Tamil Nadu appears to have taken the initiative in introducing new Cyber Cafe regulations as suggested in the GOI rules of April 11 2011. One of the regulations is a requirement that hard and soft copies of the visitor's register on a monthly basis to the Police.  Report in Hindu

Bank of America under Cyber Attack

Oct 06: It is reported that Bank of America is under a Cyber Attack. It is possible that the attack could be a new test launch from China of one of its Cyber War heads. Bank has however denied that the outages are due to a Cyber attack and claim it as a result of some technology upgrade going wrong..Related Article : BOA denial

QR Codes can be deceptive

Oct 05: QR Codes are a good system for reading of small content by mobiles. It is often used for updating address book or product details. It is necessary for us to remember that QR Code can also be used for executing malicious codes since the user cannot normally know what is the embedded content unless there is a "Preview" facility. Related Article.

Massive Insecurity in Mobile Devices

Oct 05: Massive security vulnerabilities have been found in HTC mobile devices leading to potential data loss and compromise of control. It is necessary for RBI to take note of these developments before pushing Mobile Banking in India. Already RBI has put Indian Banking customers in grave risk through Internet Banking. Though security guidance is in place, commercial Banks have no respect for RBI guidelines. Related Article

Chinese Cyber Intrusions are Intolerable

October 5: In a reiteration of what is known, USA is now pointing out that China could be behind recent Cyber Attacks on Sony and other corporate. Cyber Espionage activities of China are in the nature of Cyber wars and is aimed at gaining economic control over the world. India is more vulnerable than others since our political masters donot have the guts to even point out physical intrusions of China. As long as we donot recognize the Chinese threat and act in defense, the future of India is at stake. The Indian Companies who work for China in pursuance of short term profits also need to rethink on their strategy. We need to monitor the knowledge transfer to China through our IT projects. In the meantime as a nation we need to have a strategy for reducing the dependence on China for our IT hardware. We need people like Sam Pitroda to think of a strategy for the purpose. We need to explore if a national internet backbone of high bandwidth (Without Chinese hardware) and a low tech network computer (indigenously developed) could be a solution worth exploring in this regard. Simultaneously development of an indigenous OS is also required.  Related Article

Fine Print Clause on Web Contract disallowed by Isreli Court

October1: Naavi has been arguing that the Click wrap contracts are not valid in India particularly the individual clauses that also qualify for rejection as fine print clause. Now an Isreli Court has taken a similar view. In Civ. (Tel Aviv) 1963-05-11 Malka v. Ava Financial, Plaintiff argued that the forum selection clause was “hidden” in an online contract whose terms he never read. In addition, he argued that such choice constitutes an “unfair term” in a contract of adhesion under the Standard Form Contract Act, 1982. The Standard Form Contract Act enumerates a list of contractual provisions which are presumptively unfair, including unreasonable or unilateral forum selection (but not choice of law).The court rejected the defendants’ reliance on the forum selection clause, effectively establishing Israeli jurisdiction over the case. Some of the observations made in the judgment also has relevance to the defense that PNB has taken in one of the Phishing cases to shift the jurisdiction from Chennai to Delhi. Details

Digital Society Month

October 1: October is a significant month for Cyber Law observers in India. It was on 17th October 2000 that India created a judicially acceptable Digital Society by providing legal recognition to electronic document and digital signature when ITA 2000 was notified. It was again in October 2009, this time on 27th that ITA 2008 was notified. In recognition of the importance of this month, I urge all Cyber Law practitioners to undertake activities that contribute towards creating a responsible Cyber Society.

Three Months since CAT is closed

October1: On June 30 this year the Presiding officer of Cyber Appellate Tribunal retired and even after three months the DIT has not found a replacement.  It is therefore necessary for the Chief Justice of India to take notice of the vacancy and take steps to persuade retired judges known for their integrity to take up this important position. If Judges have hesitation because of self perception of technical inadequacy, GOI can consider appointing a technical member to CAT so that all sittings can be held by a two member CAT. This is already provided for in ITA 2008 and would provide the confidence to the Judicial member who will remain to be the Chair person to adequately address complicated technical issues.

Cyber Espionage Risk for China travelers

October1: Cyber risks with China are well known. However this article indicates the seriousness of the risks to foreign business travelers to China. The articles suggest that electronic data carried on laptops and ipads are likely to be compromised if used in China. It is stated that some travelers strip their laptops of important data before they travel to China and some others use sensitive data stored in pen drives and opened only offline. Some seem to prefer "Use and throw" devices for their China visit. The precautions which some business travelers are reportedly following are an eye opener to Indians who may travel. In particular the officials of the Government who travel to China need to also follow these precautions. Related article

 

Visit
www.Naavi.net

Visit
www.lookalikes.in