Cyber Laws For CxO
Be Aware... Be Empowered
April 2010
Editor
Naavi
www.naavi.org
Publisher
Ujvala Consultants Pvt Ltd
www.ujvala.com
News Snippets
ICICI Bank Held Liable for Phishing
Phishing is a very common type of Cyber Crime occurring in India. On April 12th 2010, the adjudicator of Tamil Nadu, Sri PWC Davidar pronounced a landmark judgment in respect of a complaint lodged with him under ITA 2000 by a customer of ICICI Bank who had lost Rs 6.46 lakhs through Phishing. The award directed the Bank to pay the customer the amount fraudulently transferred in the Phishing transaction along with expenses and interest amounting to a total of Rs 12.85 lakhs.
It was interesting to note that the Adjudicator amongst other things pointed out that ICICI Bank did not use Digital Signature for its normal e-mail communications with the Customers as required under ITA 2000 and RBI guidelines.
The adjudicator also pointed out that the amount was transferred from the Victim’s account to the fraudster’s account which was also kept in the same Bank and later Bank found that the fraudster had provided false address at the time of opening of the account and had become untraceable indicating further negligence in following the KYC guidelines under the Anti Money Laundering Act.
The Adjudicator found the Bank liable under Section 85 of ITA 2000 for lack of “Due Diligence”.
This was the first such award given by any Adjudicator in India and could be a forerunner to a overhauling of the Information Security policies and procedures in Banks.
The judgment also highlights the need for Banks and other organizations to assess Section 85 Risks through appropriate ITA 2008 compliance audit and initiate necessary Risk Mitigation steps.
(Copy of judgment is available at www.naavi.org)
Suspect Business Models
In recent days several innovative business propositions are being introduced in the Internet in India which has raised certain issues of legality.
One such model is the “Penny Auction” where bids are invited on an expensive product in paise units or fractions of paisa with the assurance that the lowest unique bidder would win the bid. Successful bids are announced “ Black Berry Mobile successfully bid at Rs 1.26” etc. Attracted by the lure of winning bids at ridiculous rates, new members join the scheme.
Firstly the members find out that when they bid say Rs 1.20 for a TV costing Rs 60,000 and re-bid at 1.19 or 1.18 etc, each such bid costs them a membership currency which may be Rs 7,8 or 9 per bid. When a person makes 10 or 12 bids , he would have already spent more than 100 rupees.
Finally the software is so manipulated that fake bids are put in and no genuine bidder wins.
Recently one such site admitted to an unsuccessful bidder that there was a bug in the software and offered to repay the amount used by him in the bid.
However hundreds of other bidders would have already lost money and the site would have enriched itself with what they have admitted as a software bug.
Similarly, there are sites which assure 3% per day return for viewing ads or invest in Foreign exchange etc which are mostly scams built on technically feasible business models.
Such scams were more prevalent abroad and are slowly percolating to India.
Sooner the regulators wake up and initiate action on such websites, better it is for the community.
Copyright Act Amendment Bill Introduced
Government of India has introduced a Bill to amend Indian Copyright Act 1957 in the Rajya Sabha. Earlier in 2006, a Bill for the same purpose had been introduced but it lapsed without being passed.
The present Bill is expected to address issues of Digital Copyright such as Digital Rights Management, Contributory Infringement, Liability of Websites facilitating Copyright Infringement etc.
Music industry had been lobbying for some amendments to protect their interests which are expected to be addressed specially in the Bill.
(Copy of the amendment Bill available at www.naavi.org)
Cyber Crime Awareness Program in Nasik
CCITO, a private organization based in Nasik has undertaken a program for conducting Cyber Crime awareness programs through out the State of Maharashtra. The organization launched its activities at Nasik with a two day program for senior Police Officers on April 9th and 10th.
Naavi along with several other professionals participated in the program which is expected to be a forerunner for a series of such programs to be conducted in several cities of Maharashtra.
Botnets in India
Over 13 million PCs in 190 countries were reported to have been part of a major Botnet identified as “Mariposa” which was dismantled recently. India along with Mexico, Brazil, Korea and Columbia was amongst the top 4 countries involved in the Botnet.
Botnet is essentially a computer which is capable of being operated remotely by some body who has installed a malicious code in the computer or is able to exploit a vulnerability in any of the software running in the computer. Botnets are created by crime syndicates to launch denial of service attacks or steal data. The extent of loss likely to have been caused by Mariposa is difficult to estimate and may cross several millions of dollars.
The malware was designed to spread through USB drives, instant messenger programs and on peer-to-peer (P2P) networks. In addition, the malware attempted to spread on Microsoft's Internet Explorer (IE) 6 browser.
One way attackers spread the malware was by sending out malicious links in instant messages on MSN Messenger. When a user clicked on the link, it brought up a page that appeared to be an update for Adobe Flash Player. If that page was viewed using IE 6, the malware would be automatically installed via drive-by download, requiring no user interaction.
Botnets could be serious hazards since it may use the innocent user as an attacker and commit grave offences including Cyber Terrorsim or Cyber Warfare.
Users need to safeguard against their computers being part of a Botnet by using effective Trojan removal tools and also reduce its malicious use by not keeping the computer connected to Internet at all times.
2010 State of Enterprise Security in India
Cyber crimes and attacks cost Indian companies Rs 58 lakh in revenue in 2009 and affected over 66% of Indian enterprises, according to a study by internet security providers, Symantec Corp.
According to the findings over and above these revenue losses, Indian enterprises also lost an average of Rs 94.56 lakh in organisation, customer and employee data, and an average of Rs 84.57 lakh in productivity costs last year.
The study further found that close to half of the of Indian Enterprises saw cyber security as their top issue, rating it above threats from natural disasters, terrorism and traditional crime combined.
[Collected from various sources]
A PDF Copy of the News Letter would be sent by e-mail to all persons who subscribe. Subscription is free.