Does the dream of new digital India look too rosy? Yes. It’s not beyond reasonable reservation. While our government is pressing for cashless transaction, a thick mantle of fear hangs loosely around the weak encryption policy and slack cyber security measures taken by common people. We are already in for a bigger loss if correct steps are not taken right away.
Common people, who lose money online regularly, find no solace from anywhere – neither from the banks nor from the administration. The government wants to connect every village council digitally in one year, which is a good idea indeed. But what will happen to the consumers who are constantly being encouraged to participate in this digital revolution without knowing the basic components about the imminent dangers staying for them in the dark? Is there any visible effort to make people aware about the cyber security threats that have become one of the biggest of all menaces?
The famous security software firm Kaspersky Lab in a recent statement has given us mind-boggling statistics of cyber money laundering and two very recent incidents in India just add to the woes. What it says is nothing new except the amount which is much bigger than before – an Internet user loses around 32,400 on an average to every cyber attack. The gloomiest part of this report is that over half of Internet users who lose money at the hands of cyber criminals only get some, or none of their stolen money back.
Where have all the money gone? Not only India, but the whole world is trying to find out the lost treasure. The mysterious trail leads us to ineffable transactions that are often favorably coined as Dark Web. This is actually half truth. With many cases going unreported, the true economic cost is prone to be drastically higher and cyber criminals are continually looking for new ways to exploit and defraud computer-illiterate consumers who are not on their guard all the time. It generally happens to them on the Open Web. However, the trail does not lead to the Dark Web always.
Think about the recent online trading scam that had duped around seven lakh people of Rs. 3,700 crore and Uttar Pradesh Special Task Force (STF) nabbed three on 2 February, in and around Lucknow and Noida. These people were duped on the pretext of getting money instead of clicking specific links provided to them. A Noida based Info Solutions Company has been behind this humongous online trading fraud as far as STF claims.
According to the report filed by the news agency PTI on 2nd February, the Noida based Ablaze info solutions Private Limited started this fraudulent activity by operating through online portal http://Socialtrade.biz and later changed to http://Frenzzup.com.
The Noida-based company’s Director and its technical head were arrested and an FIR was lodged at Soorajpur police station in Noida. At the time of the arrest the company had a balance of 500 crore in their bank account in Sector 63 office, which police had sealed. The mechanism was simple. The unsuspecting users were asked to deposit money ranging from 5,750 to 57,500. They were provided few links to like and click them. The company assured that each link would fetch them 5. While investigating STF had found that around nine lakh users had registered with company and deposited around 3,7000 crore.
Will these people ever get back their money? You cannot count on it! The scam had been worth around 3,700 crore as per a rough estimation when the arrests were made. Now think about the rest of the money. Enforcement Directorate has also started investigating about this huge scam and hopefully they will solve the riddle. It’s a modern treasure hunt — a ‘Catch-me-if-you-can’ type Hollywood chasing thriller where lots of lost money never come back and vanish into blue! Here ‘blue’ literally means dark cyber world.
Now consider another incident that was also busted in the first week of February. It took place in Ahmedabad. Deepak Agrawal, a businessman and complainant, in his FIR registered with cyber cell of city police, said his mobile SIM suddenly got deactivated. While inquiring into this discrepancy, he confronted a bizarre truth. His mobile service provider said he had asked for a new SIM card which was totally wrong. He did not make any such request. He had a sneaking suspicion. When he checked his Oriental Bank of Commerce account, he was devastated to find that 1.05 crore had been transferred to nineteen accounts from his account. Most of them in Delhi, West Bengal and Uttar Pradesh. Cyber thugs probably used his duplicate SIM to receive the OTP and transferred money from his account. But the truth will come out later as police blocked all the 19 accounts and started investigation.
Banks and insurers notably enjoy more trust of their customers in the cyber security of their system than any other sector
Now many may wonder how these cyber criminals can make profit from these illegal transactions when regular incidents of credit card data breach coming out in the main stream media. We all know that the old encryption policy only serves to accentuate the inadequacy of provisions for sufferers. By now ‘dark web’ also should happen to becoming the household name especially after the conviction of Rose Ulbricht, the owner of the drug marketplace Silk Road and people often tend to connect them together without knowing what actually are happening behind the curtain.
So far several international crime rings have been busted where we come to know that these illegal transactions have root in Russia and Eastern European countries. These countries sank in estimation of English speaking world. We have never known about the opposite view. Dark web belongs to everywhere. One cannot raise fingers only towards China or Russia. The mechanism of conversion is same everywhere. It’s always easy to convert any amount of money to bitcoin, a specially encrypted currency available online, in America than any other country. Remember, the United States is a heaven for carders. They always have a card up their sleeve. Usually brokers acquire the stolen card numbers in bulk. These are then sold to carders. According to the bulk of information obtainable with the card, the price varies. People, who buy or sell stolen credit or debit card details are called carders. They try to make the trace-route very difficult.
Stolen credit cards are used to charge pre-paid cards that involve illegal shell game. These pre-paid cards are then used to purchase store specific gift cards, such as from Amazon for example. With the help of the gift cards carders buy high value goods and this process makes it difficult for companies to trace them. By the time it’s figured out, the criminals are in the possession of the purchased goods. Furthermore, they sell these goods either in the black market or these packages are shipped via re-shipping scam. You have probably seen the advertisement: “easy work from job” and these jobs are listed in legitimate channels. Credulous persons are hired for re-shipping and they are usually shipped to outside countries.
Rose Ulbricht, the convicted owner of the drug marketplace on Dark Web, Silk Road, adhered to the same process although they restricted their activities to only drugs barring any other sales such as pornography, weapons or personal data (stolen this way). There are numerous places on the dark web where stolen data are available through carders.
There are fears that this new disease will spread like fire and the number of cyber attacks will increase. “Securing financial modes of payment through digital means is the need of the hour. This rapid development of digital technologies and wide range of services provided for activities in cyberspace raises issues of serious concern for the government, and not only the fear of stealing money through cyber means,” Minister of State for Home Affairs Kiren Rijiju recently admitted. “The very nature of internet allows for unprecedented collaboration and interaction among particular communities of criminals and this I can record to the latest challenge of ISIS which we are facing in India. Just 10 or 15 years back, we would have been sitting quietly here.”
Amid increasing number of cyber robbery cases, consumer awareness should be the mantra of the new digital India
While the minister admitted that “India needs to secure its digital payments, put everything on secure networks to provide secure payments to its citizens and it is not an easy task. In the MHA we keep updating ourselves. I can clearly see the challenges and which is not going to be easy for all of us”, the banking and global insuring system, India’s lag far behind. Capgemini’s Digital Transformation Institute’s survey of 7,600 consumers in France, Germany, India, the Netherlands, Spain, Sweden, the United Kingdom and the United States, found that only 21 per cent of banking executives were highly confident about detecting a breach. Interestingly, banks and insurers enjoy notably more trusts from their customers in the cyber security of their system, which is whopping 83 percent than any other sector.
In India, the picture is quite bleak as around 78 per cent of consumers would only switch bank in case of a data breach.
Mike Turner, Global Cyber security Chief Operating Officer at Capgemini, recently admitted, “Consumers implicitly trust banks with their money and data, but this faith is rooted in a mistaken belief (that) their provider can be 100 per cent secure”, the report said regarding India, “lack of consumer awareness can be partly explained by the fact that the concept of data privacy and protection is at a very nascent stage and no guidelines on reporting of data breaches exist.” The great cyber-robberies have already exposed our sordid underbelly. In this remorseful scenario, consumer awareness should be the mantra of the new digital India.