• Investment World
• eWorld
• Brand Line
• Mentor
• Life
• Brand Quest
• The New Manager

Stocks

• Quotes
• SE Diary
• Scoreboard
• Open-End Mutual Fund

Cross Currency

• Rates
  
  

Shipping

• Ports
  
  

Archives

• Yesterday
• Datewise
• Resources
• In Focus
• In Depth

Group Sites

• The Hindu
• The Hindu ePaper
• Business Line
• Business Line ePaper
• Sportstar
• Frontline
• The Hindu eBooks
• The Hindu Images

R.K.Raghavan

These are tricky days for those who are in cyberspace most of their waking hours but care very little about security.

Millions of predators are said to hover round the Net just waiting to steal sensitive information. These thieves adopt all kinds of stratagems, chief of which is to pass themselves off as someone else.

This menace, involving plundering of names, pictures and whole documents such as a passport, credit card, etc, in order to commit a spectrum of crimes, is now so much of a worldwide phenomenon that a whole conference held recently in Courmayeur (Mont Blanc, Italy) was devoted to it. Organised by the International Scientific and Professional Advisory Council (ISPAC) of the United Nations, the meet attracted experts from wide-ranging disciplines and professions. These included policemen, forensic scientists, judges, academics and researchers.

The delegates were told that stolen identity documents were used mainly to procure cash, conceal one’s identity when fleeing from law, applying for loans to buy vehicles, obtain cell-phones and services and gain government benefits. In the US alone, there were nearly 9 million adult victims of identity fraud during 2006. I wish we had similar figures for India!

Although the focus was on how identities were stolen online, there were references also to organised crime such as human trafficking that is committed in the conventional way without the use of computers.

The consensus on the occasion was that the problem was real, huge in terms of the volume of crime it spawned, intricate (because attacks were sometimes sponsored by the State or those close to it) and multidimensional, requiring handling on a war footing. This was especially in the context of the exponential growth of e-commerce and Internet-banking that we are now witness to. The repeated message at the meeting was that international cooperation was of the essence if even marginal success against identity theft was to be achieved.

Naturally, ‘Phishing’ was a term that was used rather liberally by all speakers at the Courmayeur conference. Deceptive Web sites that mimic real ones belonging to financial institutions, no doubt, cause enormous economic loss. We must remember that these undeniably lead to an erosion in public faith over the ability of these institutions to protect information and, therefore, customer interests.

While awareness through systematic education has helped somewhat to stem the rot, what is causing alarm is the unabated volume of plastic money frauds. No one can deny that the technology of the underworld has overtaken the one employed by credit card-issuing companies. The speed and finesse with which cards can be duplicated even as you present them to complete purchase transactions has been overwhelming, even to the best of policemen and banks.

There are simple low-cost devices available in the market that can, within minutes, skim stored information from a genuine card with a view to producing duplicate credit cards. Not surprisingly, therefore, many companies these days set apart a percentage of their earnings to write off fraudulent use of cards, especially at supermarkets and restaurants.

Another growing area of criminal deviance are attacks against ATMs, which have become part and parcel of modern banking. These are now major targets for identity thieves. After fraudsters obtain the PIN of ATM customers through social engineering or subverted technology, machines have been broken into with amazing ease.

The volume of such crime is so high that this industry has developed what is known as a Cognito system to combat ATM crime. There is also a suggestion that favours an international directory, which lays down standards for recording, reporting and researching ATM crime. This is of great relevance to the banking industry in our country in the context of the rapid proliferation of ATMs.

We see occasional press reports of how criminals in India vandalise machines as also overpower security guards at such points. Beyond this we do not have statistics that would highlight the need for making ATMs less vulnerable to either frauds or physical attacks.

An interesting form of deception reported by a Chinese Professor was the rising frauds using text messages over mobile phones where the caller uses the identity of established companies. These messages offer low-price high-quality goods, university degrees, university entrance examination questions/keys or game awards. The reach of each message is nearly 10,000 persons. Imagine the impact of this fraud on a population of more than a billion, of whom there are at least 60 million mobile users. This type of fraud is very relevant to us also because of the staggering growth in the number of mobile phones.

A matter of great concern is the increasing resort to stolen identities by terrorist organisations. These bodies require their members to travel across countries for disseminating propaganda, imparting training or stage spectacular actions. The intensification of immigration checks, especially after 9/11, has made such movements extremely difficult. This is why there is a spurt in the trade of false passports.

These are genuine passports issued to respectable citizens from whom documents are stolen by those who assist terrorists. The passports are ripped apart to introduce new pictures and otherwise tamper with essential details to permit a totally new person, normally a terrorist or any one habituated to conventional crime, gain entry into a country of choice. This explains why about 40 countries, such as the US and the UK, have moved or are in the process of moving to passports having biometric features, otherwise known as e-passports. This is only at a discussion stage in India.

While initially the face was the only part of the body that was the base for biometrics, later fingerprints also came to be employed. An e-passport basically carries a chip that stores both bio data and a photo of the individual to whom it is issued. Validation at an immigration point is through a passport reader that can locate any mismatch between what is on the chip when a passport is presented to the immigration and what was on it before.

How fraud-proof this document is, only time can tell! Since the data on the chip is digitally signed, an e-passport is believed to be a major challenge to the criminal trying to misuse it.

The Economic and Social Council of the United Nations has appointed a Group of Experts to study the problem of falsification of identity for dishonest purposes. The Group has already submitted a report that is under examination by the Crime Commission of the UN based in Vienna. The Courmayeur conference was briefed on the findings of the group and its recommendations, whose focus was on enhanced security for passports and other travel-related identity documents, and the creation of special law enforcement staff trained in the area.

What is encouraging is the availability of private research bodies that deem it worth their while to experiment with new methods to investigate and identify groups indulging in identity theft. A non-profit organisation that was represented at Courmayeur, Cymru of Boston, claims it watches the Net all the time to locate the illegal goings-on. Its tally is about 12,000 distinct malware samples every day.

According to Cymru, the ‘digital shopping mall’ that assists fraudsters is engaged in the sale of malware, bots, passports, birth certificates, and similar merchandise.

Cymru helps organisations subjected to a cyber attack to identify the source from which it was launched, provided the complaint is lodged with them within days of the attack.

Availability of this capability should excite cyber crime investigators groping in the dark. Alongside this there is a need to strengthen the law that can effectively detect and neutralise identity thieves. The proposed amendment to the Indian Penal Code (IPC) to introduce a new offence called ‘Identity Theft” is, therefore, a welcome move.

The writer is a former CBI Director who is currently Adviser (Security) to TCS Ltd.

More Stories on : Security | Insight | Security Musings

Article E-Mail :: Comment :: Syndication :: Printer Friendly Page

Stories in this Section
All the world’s your turf

Copyright © 2007, The Hindu Business Line. Republication or redissemination of the contents of this screen are expressly prohibited without the written consent of The Hindu Business Line