From the Press - Cyber Crime Articles

Innovation time for India's cyber crime
BY ALLEN O'BRIEN
Date: November 12, 2003

An employee of the Bank of India tapped his organisation’s computer network and gathered data on all keys pressed, including passwords, by monitoring the CCTV. Finally, he was caught.

Nazim Shah, an Iranian hacker, was arrested recently for utilising computer networks to illegally transfer cash into his account and using ATMs to withdraw cash from the Commercial Bank of China.

GS Bhatnagar, a resident of south Delhi, realised that Rs 10,000 had been siphoned off from his account at SBI through his ATM card. This, when Bhatnagar had never used his card.

MBA graduate Akaash Singh hacked into an ATM facility using a counterfeit card to mop up several lakhs of cash from a Canara Bank branch in Chennai while using a metallic sleeve.

Malice in wonderland is indeed growing curiouser and curiouser by the day. Says cyber-crime lawyer Sunjay Mathur, ‘‘ Each time a cyber crime is detected, there is talk of strengthening the security network. However, in many cases, the organisation concerned doesn’t take necessary steps. Consequently, crime of a similar nature is repeated.’’

Even though the actual value of losses accruing to cyber crime in India might not be substantial, nearly 39 per cent of these cases are related to banks and financial institutions excluding those of the government. The inference here is that criminals find banks to be a lucrative target for their ingenuity — a word which finds many interpretations. ‘‘Cyber crime may be data-related — such as data diddling/tampering, theft of data, blackmail using data, unauthorised locking of data, and entry into databases; system-related such as tampering with programmes, changing programme logic, trojan horse programmes; hacking; mailbox bombing,’’ elaborates National Centre for Research in Computer Crimes (NCRCC) director Rakesh Goyal.

Simultaneously, instances of credit-card fraud have become common given the growing popularity of credit card transactions, Internet banking and ATMs. ‘‘Carelessness while conducting ATM transactions has increased the risks associated with technology-driven financial transactions because a third party gains access to PIN (personal identification number) and other personal information of a genuine user. A Lebanese Loop scam, for instance, involves a plastic or metal sleeve constructed to fit into the card slot of an ATM machine. When a user inserts a card into the slot, the card is caught in the sleeve. When the PIN is entered, the transaction does not follow and the scamster, pretending to be a good Samaritan’ urges the victim to try again, taking note of the PIN as it is repeatedly entered. Meanwhile the victim gives up and the scamster removes the card with the help of a tool and drains out the user’s account,’’ informs computer spyware specialist, Apex India, Nandini Chawla.

At the same time, with leading software companies in India installing secure ID solutions alongside global companies , things seem to be on the positive front. ‘‘Organisations are beginning to really understand the pitfalls of making their information available to various parties even within the organisation. Still, certain companies are reluctant to install Intranet security systems,’’ says Srikiran Raghavan, regional manager for India operations, RSA Security.

As of now, the dot-con man seems to be a few clicks ahead of cyber-crime sleuths. At the same time, the search engine is on. Only the website story can reveal how long the cyber criminal is able to Escape the Net of the law.

back