The Hindu Business Line : No clear clue

The emphasis of many firms on encryption, in addition to traditional firewalls and Intrusion Detection Systems, deserves the attention of Indian firms.

The lens yields no details.

Some bizarre incidents in recent weeks make me sit up and ask myself the popular question: What is going to be the pattern of cyber space abuse in the years to come?

If the instances that I cite in this column are any pointer, my response is: `Unpredictable', with a capital `U'! There does not seem be a pattern at all that will provide the crystal ball. In the first case I have in mind, an inexperienced government lawyer in the US, Carla J. Martin, who works for the Transportation Security Administration, is on the mat for her indiscretions on the Net. She was not smart enough to know that her computer will be the one in Washington D.C. that will be under maximum scrutiny, because she was assisting the prosecution team arrayed against Zacarias Moussaoui, the only 9/11 conspirator brought to trial.

Being an aggressive and essentially behind-the-scene strategist, she went overboard imploring prosecution witnesses not to cooperate with the defence lawyers. All this she did through e-mail! She was learnt to have influenced the testimony of seven witnesses and tendered them advice that she was not supposed to give. How did the Court get to know about her misconduct? The e-mails that she sent on the subject were in the hands of the Trial Judge — we do not know how — and these were proof beyond dispute of her injudicious behaviour. It is possible someone in the defence camp had intercepted her communication and tipped off the Court! Or she was so blatant in her approach that the whole world around her got to know of her e-mail communication.

Whatever be the case, she is in deep trouble, and has now been forced to go on leave. While stealing e-mails in the course of their traffic may be common, in what context will it be done is anybody's guess. Stolen mails can either be used for extortion or used against the sender or recipient in judicial proceedings. The undeniable multi-national reach of cyber crime is another feature that makes predictions on future modus operandi of cyber abuse an even more arduous exercise. The discovery of an Internet services developer for Netcraft based in Bath (England) indicated that some criminals had hacked one of the servers of a bank in China and later used the violated server to host phishing sites for the purpose of stealing information from both an auction site and an American bank.

Can anything more international be conceived in our day-to-day lives? The original victim here was the Shanghai branch of the China Construction Bank. The latter is a government-owned financial institution with a mind-boggling number of 14,000 branches. It all started with a suspicious-looking e-mail received by a user of Netcraft's free phishing toolbar. This led to phishing sites in directories hidden in the Construction Bank's hacked server. One of the deceitful sites offered customers of Chase Bank a fee of $20 for filling out a survey that called for the respondent's personal information, such as bank card and social security numbers and the Personal Identification Number (PIN).

A Netcraft investigation also stumbled on a fraudulent eBay log-in page with an IP address traceable to the Chinese bank. Netcraft's conjecture is that there is either security vulnerability on the bank server or there is an infection in the latter traceable to a worm. It is possible that the bank itself is unaware of these goings-on! In any case, this is an unusual case of a stolen tool being used to commit further larceny. Ingenuity being the order of the day, cyberspace thus offers limitless opportunities to try one's extraordinary skills.

Hold-up in cyberspace

A third incident(Business Line dated March 17, 2006) is about a bug detected by a security firm called LURHQ that locks up a user's file with encryption. The user in such a case receives an e-mail pointing out that his file had been encrypted and that he would have to shell out $300 for it to be unlocked. This abominable act can rightly be looked upon as a `holdup' in cyberspace with the aid of a `ransomware'! LURHQ and Sophos, an anti-virus vendor, are said to have hit upon a password that comes to your rescue in such an eventuality. Whoever unleashed the bug has committed a crime that deserves a deterrent penalty. Although LURHQ says such a misdeed had come to notice more than a decade ago, it is possible newer methods will be evolved to strangulate you in cyberspace causing financial loss and mental stress.

Two recent surveys, one by IBM and another by Braun Research on behalf of IBM, establish the magnitude of international business's concern about the impact of cyber crime on their finances and reputation. While threats from insiders are no doubt a cause for worry, what is forbidding to many firms is that the lone hacker working single-handedly is slowly yielding place to organised criminal groups. The emphasis, therefore, of many firms on encryption, in addition to traditional firewalls and Intrusion Detection Systems, deserves the attention of many Indian corporations that are becoming increasingly vulnerable because of their growing wealth and expanding international links.

I would like to end with a hilarious happening reported from South Korea. This is the case of a young woman who did not clean up after her dog littered on the subway. One fellow-commuter caught this on his cell-phone camera and posted it on the Internet. While a section of Koreans was outraged at this apparent intrusion of the privacy of the woman, another lambasted her for her lack of civic sense. There was even a countrywide private initiative to track her down so as to discipline her. The consequence? Many innocent citizens, who even remotely resembled the lady on the subway, were harassed! Can there be greater abuse of cyberspace, however funny the "dog poop girl" may be?

The writer is a former CBI Director who is currently Adviser to Tata Consultancy Services Ltd.

Picture by S. Siva Saravanan

More Stories on : Security | Internet | Security Musings

Article E-Mail :: Comment :: Syndication :: Printer Friendly Page