• Investment World
• eWorld
• Brand Line
• Mentor
• Life
• Canvas
• Praxis
• Urban Pulse
• Brand Quest
• The New Manager

Stocks

• Quotes
• SE Diary
• Scoreboard
• Open-End Mutual Fund

Cross Currency

• Rates
  
  

Shipping

• Ports
  
  

Archives

• Yesterday
• Datewise
• Resources
• In Focus
• In Depth

Group Sites

• The Hindu
• Business Line
• Sportstar
• Frontline
• The Hindu eBooks
• The Hindu Images

R.K Raghavan

Recent incidents of unauthorised access throw the spotlight on measures to protect sensitive data in cyberspace.

It has been an eventful fortnight since I signed off last. Three incidents — two at home and one in the UK — are important enough to figure in our reckoning for quite some time. They raise serious questions over existing measures to protect sensitive data and keep our systems free from the virus menace.

The first happening is at Airtel. From the little I know of the company, it has a well-organised security system that takes care of its operations over a very wide geography.

Airtel, like many others in the business of telecommunication in our country, enjoys a good reputation for reliability and uninterrupted service even in the most difficult parts of the country. When such an organisation suffers an attack, we need to sit up and take note of it.

In the latest occurrence, 28-year-old Ankit Srivastava of Ghaziabad has been arrested for gaining unauthorised access to Airtel's computer data bank. He is said to have laid hands on call details of nearly 20 telephones, many of them belonging to persons in authority at the national capital. Worse was his blackmail of the company, threatening that he would go public with the information of his successful intrusion. Ankit's father is a UP government official and his brother works for a computer firm.

The Delhi Police, after arresting Ankit, have seized his laptop and a CD containing stolen data. There is speculation that his operation had possibly been at someone else's behest. This is yet to be established.

Another incident has been reported from Bangalore where an HSBC-run call centre has been the victim of a misdeed by one of its own employees.

According to a complaint lodged with the police by HSBC Electronic Data Processing Ltd, which handles the bank's back-office operations in India, an employee by name Nadim Kashmiri unauthorisedly accessed credit card and debit card information of some British customers and passed them on to his associates belonging to a criminal gang. As a result, 16 UK customers of HSBC lost money worth £233,000, which was transferred illegally into accounts in India.

Nadim is the son of a small-time poultry trader who had migrated to Bangalore about three decades ago from Kashmir. Modestly educated and considered unsteady by the family, Nadim had first worked for a cell-phone company and later moved into the call centre. According to one report, his data theft was at the instance of some individuals abroad who had promised him a foreign trip!

The MOOp attack

The third incident I have on hand is the daring attempt of an international gang to infect a large number of computers by installing a spy ware. Comprising two Britons and a Finn, the group is said to be an expert in writing programmes that evade the watchful eye of even the best of anti-virus software companies.

Known as MOOp, the three individuals had been targeting British business since 2005 and had been connected via an online company. Scotland Yard is still examining the computers and servers seized from the accused. What is amusing is that while two of the criminals are in their twenties, the third is 62. This is one instance where the traditional profile of cyber criminals, as young adventurers often wanting to show off to their girl friends, has received a beating.

I would not, however, set much score by this one incident to debunk existing theories that it is those who are in their teens or at least below 30s who are the predominant brains behind cyber crime. It is only once in a while that a 60-year-old freak collaborates with those who are half his age. It was possibly the lure of money that had influenced this Briton, unless you can prove that he was acting under malice against specific adversaries. In any case I would be interested in knowing more about his background.

The MOOp episode is once again illustrative of international collusion so easily forged these days. The conspirators need not be known to one another for a length of time or have met physically. Online meeting of minds is enough to design and execute a crime, as long as each participant is assured of a sum of money!

Of the three cases cited, I would rate the attack on Airtel as the most dangerous, because it has national security implications. The huge dependence on cell-phones by those in authority and the reliance of the whole link on Internet-based systems are factors that demand high security investment by companies that offer telecommunication services. If law enforcement agencies such as the IB and CBI would like to have a major say in such matters, they cannot be blamed.

The HSBC episode should again provide grist to the mill of anti-outsourcing lobbies in the West. It also raises questions about how serious BPOs are about background checks of their employees. The present feeling is that their high attrition rates compel them to be lax on this front.

When your car vanishes

Now something more interesting to all of you who are proud owners of ultramodern cars with state-of-the-art computerised security locks. If what I hear from the UK and the US is true, you cannot any longer be smug that your automobile is absolutely safe from car thieves.

As recently as April this year, soccer icon David Beckham had his second armour-plated ravishing BMW X5 stolen by gangs in Madrid while the superstar was having dinner with his two sons. The two thefts were within a period of six months. While a Bulgarian gang was suspected for the Madrid incident, experts believe that the criminals had used a laptop and a transmitter to open the car's locks!

As early as two years ago, a Johns Hopkins research team had successfully established that with the help of a laptop, antenna and specific software it is possible to copy the code transmitted by an RFID chip built into the ignition key. Both auto companies, that pride themselves on having devised the most secure of cars, and Texas Instruments, which made the chip, were shocked by the Johns Hopkins demonstration.

I wonder whether they have done anything more to protect the interests of motorists!

(The writer is a former CBI Director who is currently Adviser (Security) to TCS Ltd.)

More Stories on : Security | Internet | Security Musings

Article E-Mail :: Comment :: Syndication :: Printer Friendly Page

Stories in this Section
See the light

Copyright © 2006, The Hindu Business Line. Republication or redissemination of the contents of this screen are expressly prohibited without the written consent of The Hindu Business Line