Photographs: Kacper Pempel/Reuters Aparna Kalra in New Delhi
A labyrinth of confusion leads to the small but neat fourth-floor office of Unistal Systems in Delhi's Nehru Place. The promoter of the Rs 20-crore company which manufactures data recovery software and tools, Alok Gupta, has battled a data theft case against a former employee since 2007.
Gupta has the best legal brains on his side; well-known lawyer Pavan Duggal represents him in a civil suit, and the cyber cell of the Central Bureau of Investigation, or CBI, handles the criminal case. But Gupta is disappointed; the perpetrator never went to prison and the source code of the software stolen from him (source code is a language described by The Economist as a string of zeroes and ones) is still out in the market.
"They are selling it," says Gupta. "I have lost interest in the case".
...
Indian companies afraid to report cyber crime
Image: Police officers of the Cyber Terror Response Centre are reflected as they walk out of their office at the headquarters of the National Police Agency in Seoul, South Korea.Photographs: Jo Yong-Hak/Reuters
Gupta says the Indian legal system is just not equipped to deal with cyber crime; the police is only a little better - it is just getting its cyber crime cells into shape. The CBI cyber crime cell, which handled Gupta's case, for instance, has jurisdiction in only eight states; 10 have rejected its request and 10 have yet to respond to the cell's request it be allowed to advice on cyber crimes the states cannot solve, or even collect evidence related to such crimes in those states.
No clear data exists on cyber crime in corporate India. The Reserve Bank of India releases figures only on fraud in Internet transactions in banks, which, in 2012, went up to Rs 53 crore (Rs 530 million) from Rs 40 crore (Rs 400 million) two years earlier.
...
Indian companies afraid to report cyber crime
Image: An analyst looks at code in the malware lab of a cyber security defence lab at the Idaho National Laboratory in Idaho Falls, Idaho, United States.Photographs: Jim Urquhart/Reuters
But cyber crime is more than just credit card fraud or software piracy. It includes a whole gamut of crimes such as data theft, sexual harassment, cyber stalking, cyber bullying, circulating sexually explicit material and unsolicited friendliness.
"Even if there is no sexual content and all you are offering is 'Have you read this book' and other stuff repeatedly to a colleague on intra-office messenger, you are guilty of unsolicited friendliness," says N S Nappinai, a lawyer who practises in the Bombay High Court and specialises in cyber law and privacy issues.
She says cyber crime ranging from data theft to publishing sexually explicit images are on the rise in Indian offices.
...
Indian companies afraid to report cyber crime
Image: Analysts work in a watch and warning center of a cyber security defense lab at the Idaho National Laboratory in Idaho Falls, Idaho, United States.Photographs: Jim Urquhart/Reuters
The concern with cyber crime in the corporate world is a worldwide issue. "..this time my unease does not resolve around financial threats, but another issue - cyber security. Most notably, after chatting to corporate executives at Davos this year, it is clear many are suffering from a deluge of cyber attacks," wrote Financial Times columnist Gillian Tett in January.
Companies, however, don't want to talk about their exposure to cyber fraud openly. "The overwhelming majority of companies today are terrified of talking too publicly about the issue for fear of suffering stigma or sparking panic. It is even tougher for shareholders to work out the degree to which individual companies are being targeted" said Tett.
...
Indian companies afraid to report cyber crime
Image: Attacking team members work to hack into a network during a drill at a Department of Homeland Security cyber security defense lab at the Idaho National Laboratory in Idaho Falls, Idaho, United States.Photographs: Jim Urquhart/Reuters
The reason why cyber crime matters is because its potential to damage business is huge. Data theft can rob a company of future earnings; for a bank, crores can disappear with the ...
Indian companies afraid to report cyber crime
Image: Mark Fabro, a training consultant working with the U.S. Department of Homeland Security, explains how systems can be exploited at a cyber security defense lab at the Idaho National Laboratory in Idaho Falls, Idaho, United States.Photographs: Jim Urquhart/Reuters
"There is no transparency or clarity on jurisdiction. Where do you go for your remedy - cyber crime cell or local police?" says Nappinai. "I always advise my clients to first register a case with the local police station and then approach the cyber crime cell; otherwise the case will get lost. To a large extent, it works."
The Information Technology Act was formed in 2000 with the intention to regulate e-commerce. Amendments were made to the Act in 2008 to widen its ambit to include cyber crime and child pornography.
The Act, in the news for its now-infamous Section 66A which concerns hosting offensive information of the Internet, draws different opinions in the legal world.
...
Indian companies afraid to report cyber crime
Image: A computer is seen down after hacking at main office of broadcaster YTN in Seoul, South Korea.Photographs: Handout/Reuters
"It is a toothless act," says Duggal, who reports that only seven cases of cyber crime have reached conviction in the country. But the law itself is not the only problem. Policing in cyber crimes is slow, often not reacting fast enough results in evidence being obliterated.
Another reason for fewer convictions could also be the veil of secrecy that companies put over cyber crime. Mostly, such cases are settled by the human resource department within closed walls as they are wary of the publicity arising out of it.
"Ninety per cent cases are sorted out (out of court)", says Nappinai.
...
Indian companies afraid to report cyber crime
Image: A researcher of Hauri, an IT security software company investigating computer viruses, works at a lab of the company in Seoul, South Korea.Photographs: Lee Jae-Won/Reuters
Data theft is hardly something any company wants to advertise, especially when it deals with personal information and multiple geographies such as the US and the UK where data protection acts are strong.
To tackle crime, companies are increasingly coming out with Internet usage policies, privacy policies and Internet audits as part of their HR codes. They are also banding together to address this issue and smoke it out into the open. The Bombay Chamber of Commerce and Industry, for instance, recently held a one-day session on mobile security.
...
Indian companies afraid to report cyber crime
Image: John Bumgarner, a cyber warfare expert who is chief technology officer of the US Cyber Consequences Unit, a non-profit group that studies the impact of cyber threats, holds a notebook computer while posing for a portrait in Charlotte, North Carolina, United States.Photographs: John Adkisson/Reuters
"A lot of companies such as in insurance, banking, online bookings and so on are conducting business on employees' mobile devices. It is easy to secure a laptop or a desktop, but how do you secure a mobile which anyone in the family can end-up using?" says Hanuman Tripathi, head of Mumbai-based banking software solutions company Infrasoft Technologies, who chaired the session which had a 60-strong audience of CIOs.
...
Indian companies afraid to report cyber crime
Image: A cameraman films behind a computer screen at the Cyber Security Operation Centre in Bangkok, Thailand.Photographs: Kerek Wongsa/Reuters
Lawyer Duggal says that hybrid mobiles or smartphones are the next frontier for criminals of the cyber world. "You yourself are putting so much of your profile out there. Telemarketing companies have no problem getting cell numbers, e-mail identities, bank accounts," says Tripathi.
"We need special judges, who are trained in IT; we need forensic labs in at least the metros," says Gupta of Unistal.
article