Does the future look too rosy for us, – the new digital India?
It’s not beyond reasonable reservation. While our government is pressing for cashless transaction, a thick mantle of fear hangs loosely around the wrong encryption policy and slack cyber security measures taken by AM-ADMI. It’s not a question-and-answer session anymore. It’s probably been answered already: we will be at a bigger loss if correct steps are not taken right away!
Common people loosing money online regularly, find no solace from anywhere – neither from the banks nor from the administration. Government wants to connect every village council digitally in one year which is a good idea indeed, but what will happen to the consumers who are constantly being encouraged to participate in this digital revolution without knowing the basic components about the imminent dangers staying for them in the dark? Is there any visible effort – have you seen any – of making people aware about the cyber security threats that have been posing as the biggest of all menaces?
The famous security software farm Kaspersky Lab in a recent statement has given us mind boggling statistics of cyber money laundering and two very recent incidents in India just add more woes to it. What Kaspersky Lab says is nothing new except the amount which is much bigger than before – an Internet user loses around Rs. 32,400 on an average to every cyber attack. The cursing side of this report is over half of Internet users who lose money at the hands of cyber criminals only get some, or none of their stolen money back.
Where have all the money gone?
Not India alone, the whole world is asking the same question and trying to find out the lost treasure. The mysterious trail leads us to ineffable transactions that are often favorably coined as Dark Web; but it is actually half truth. With many cases going unreported, the true economic cost is prone to be drastically higher and cyber criminals are continually looking for new ways to exploit and defraud computer illiterate consumers who are not on their guard all the time. It actually happens to them on the Open Web before our widened eyes. The trail does not lead to the Dark Web always.
Think about the recent online trading scam that had duped around seven lakh people of Rs. 3,700 crore and Uttar Pradesh Special Task Force (STF) nabbed three on 2nd February, in and around Lakhnau and Noida. These people were duped on the pretext of getting money instead of clicking specific links provided to them. A Noida based Info Solutions Company has been behind this humongous online trading fraud as far STF claims. According to the report filed by the news agency PTI on 2nd February, the Noida based Ablaze info solutions Private Limited started this fraudulent activity by operating through online portal http://Socialtrade.biz and later changed to http://Frenzzup.com. The Noida-based company’s Director and its technical head were arrested and an FIR was lodged at Soorajpur police station in Noida. At the time of the arrest the company had a balance of 500 crore in their bank account in sector 63 which police had sealed. The mechanism was simple – the trusting users were asked to deposit money ranging from Rs. 5,750 to 57,500 and they were provided few links to like and click them. The company assured that each link would fetch them Rs. 5. While investigating STF had found that around nine lakh users were registered to that company and deposited around Rs. 3,7000 crore.
Will these people ever get back their money? You cannot count on it!
The scam had been around 3,700 crore in a rough estimation when the arrests were made; now think about the rest of the money! Enforcement Directorate has also started investigating about this huge scam and hopefully they will solve the riddle.
It’s a modern treasure hunt – a ‘Catch me if you can’ type Hollywood chasing thriller where lots of lost money never come back and vanish into blue! Here ‘blue’ literally means dark cyber world.
Now consider another incident that was also busted in the first week of February. It took place in Ahmedabad. Deepak Agrawal, a businessman and complainant, in his FIR registered with cyber cell of city police, said his mobile sim suddenly got deactivated. While inquiring into this discrepancy he confronted a bizarre truth – his mobile service provider said he had asked for a new SIM card which was totally wrong – he had not requested any such. He had a sneaking suspicion and checked his Oriental Bank of Commerce account and he was devastated to find that Rs 1.05 crore had been transferred to nineteen accounts from his account, most of them in Delhi, West Bengal and Uttar Pradesh. Cyber thugs probably used his duplicate SIM to receive the OTP and transferred money from his account. But real truth will come out later as police blocked all the 19 accounts and started investigation.
Now many may wonder how these cyber criminals can make profit from these illegal transactions when regular incidents of credit card data breach coming out in the main stream media. We all know that the old encryption policy only serves to accentuate the inadequacy of provisions for sufferers. By now ‘dark web’ also should happen to becoming the household name especially after the conviction of Rose Ulbricht, the owner of the drug marketplace Silk Road and people often tend to connect them together without knowing what actually are happening behind the curtain.
So far several international crime rings have been busted where we come to know that these illegal transactions have root in Russia and Eastern European countries. These countries sank in estimation of English speaking world. We have never known about the opposite view. Dark web belongs to everywhere; one cannot raise fingers only to China or Russia since there are no alternative versions available. The mechanism of conversion is same everywhere. It’s always easy to convert any amount of money to bitcoin, a specially encrypted currency available online, in America than any other country. Remember, the United States is a heaven for carders. They always have a card up their sleeve. Usually brokers acquire the stolen card numbers in a huge amount. These are then sold to carders. According to the bulk of information obtainable with the card the price varies. People, who buy, sell stolen credit or debit card details are called carders. They try to make the trace-route very difficult.
Stolen credit cards are used to charge pre-paid cards that involve illegal shell game. These pre-paid cards are then used to purchase store specific gift cards, such as from Amazon for example. With the help of the gift cards carders buy high value goods and this process makes it difficult for companies to trace; by the time it’s figured out, the criminals are in the possession of the purchased goods. Furthermore they sell these goods either in the black market or these packages are shipped via re-shipping scam. You have probably seen the advertisement: “easy work from job” and these jobs are listed in legitimate channels. Credulous persons are hired for re-shipping and they are usually shipped to outside countries.
Rose Ulbricht, the convicted owner of the drug marketplace on Dark Web, Silk Road, adhered to the same process although they restricted their activities to only drugs barring any other sales such as pornography, weapons or personal data (stolen this way). There are numerous places on the dark web where stolen data are available through carders.
There are fears that this new disease will spread like fire and as this fire is stoked up, the number of cyber attacks increases. This fear has recently been expressed by our Union minister Kiren Rijiju. As far the news agency PTI, Rijiju admitted that “securing financial modes of payment through digital means is the need of the hour.” He said, “This rapid development of digital technologies and wide range of services provided for activities in cyberspace raises issues of serious concern for the government,” and not only the fear of stealing money through cyber means; he added, “The very nature of internet allows for unprecedented collaboration and interaction among particular communities of criminals and this I can record to the latest challenge of ISIS which we are facing in India. Just 10 or 15 years back, we would have been sitting quietly here.”
When the Union minister admitting, “India needs to secure its digital payments, put everything on secure networks to provide secure payments to its citizens and it is not an easy task. In the MHA we keep updating ourselves. I can clearly see the challenges and which is not going to be easy for all of us”, the banking and insuring system globally as well as in India lack far behind. Capgemini’s Digital Transformation Institute’s survey of 7,600 consumers in France, Germany, India, the Netherlands, Spain, Sweden, the United Kingdom and the United States, found that just 21 per cent of banking executives were highly confident about detecting a breach. It comes around 1 in 5! Most interestingly banks and insurers enjoy notably more trusts from its customers in the cyber security of their systems which is whopping 83 percent than any other sector. In India the picture is really bleak as around 78 per cent of consumers would only switch bank in case of a data breach. As Mike Turner, Global Cyber security Chief Operating Officer at Capgemini admitting, “Consumers implicitly trust banks with their money and data, but this faith is rooted in a mistaken belief (that) their provider can be 100 per cent secure”, the report said regarding India, “lack of consumer awareness can be partly explained by the fact that the concept of data privacy and protection is at a very nascent stage and no guidelines on reporting of data breaches exist.”
The great cyber robberies have already exposed our sordid underbelly and in this remorseful scenario consumer awareness should be the MANTRA of the new digital India.
What else can we do?
Sanjib Sinha 