You are here: Home » Companies » Features
Business Standard

Indian companies still to come out of the closet on cyber crime

Cases of cyber crime in Indian offices are on the rise, but mostly, such cases are settled by the HR dept

Aparna Kalra  |  New Delhi 

A labyrinth of confusion leads to the small but neat fourth-floor office of Unistal Systems in Delhi's Nehru Place.

The promoter of the Rs 20-crore company which manufactures software and tools, Alok Gupta, has battled a data theft case against a former employee since 2007. Gupta has the best legal brains on his side; well-known lawyer Pavan Duggal represents him in a civil suit, and the cyber cell of the Central Bureau of Investigation, or CBI, handles the criminal case. But Gupta is disappointed; the perpetrator never went to prison and the source code of the software stolen from him (source code is a language described by The Economist as a string of zeroes and ones) is still out in the market.


"They are selling it," says Gupta. "I have lost interest in the case".

Gupta says the Indian legal system is just not equipped to deal with cyber crime; the police is only a little better- it is just getting its cells into shape. The cell, which handled Gupta's case, for instance, has jurisdiction in only eight states; 10 have rejected its request and 10 have yet to respond to the cell's request it be allowed to advice on cyber crimes the states cannot solve, or even collect evidence related to such crimes in those states.

No clear data exists on in corporate India. The Reserve Bank of India releases figures only on fraud in Internet transactions in banks, which, in 2012, went up to Rs 53 crore from Rs 40 crore two years earlier. But is more than just credit card fraud or software piracy. It includes a whole gamut of crimes such as data theft, sexual harassment, cyber stalking, cyber bullying, circulating sexually explicit material and unsolicited friendliness.

"Even if there is no sexual content and all you are offering is 'Have you read this book' and other stuff repeatedly to a colleague on intra-office messenger, you are guilty of unsolicited friendliness," says N S Nappinai, a lawyer who practises in the Bombay High Court and specialises in cyber law and privacy issues. She says ranging from data theft to publishing sexually explicit images are on the rise in Indian offices.

The concern with in the corporate world is a worldwide issue. "..this time my unease does not resolve around financial threats, but another issue - cyber security. Most notably, after chatting to corporate executives at Davos this year, it is clear many are suffering from a deluge of cyber attacks," wrote Financial Times columnist Gillian Tett in January.

Companies, however, don't want to talk about their exposure to cyber fraud openly. "..the overwhelming majority of today are terrified of talking too publicly about the issue for fear of suffering stigma or sparking panic. It is even tougher for shareholders to work out the degree to which individual are being targeted" said Tett.

WHAT IS
  • Cyber crime can be against a person, a company or a nation and its institutions
     
  • Against a person, it is unauthorised access to personal content on social media or on a computer; against a company, it can be stealing of data against a nation it is attack on its bureaucratic sites, airport systems, or several together within its soil. (In recent months, The New York Times, Washington Post and Wall Street Journal have all disclosed that their operations have been attacked)
     
  • Most cyber crimes are done remotely; with the criminal far away from the victim, can even be controlled from another country.
     
  • In India, is punishable under the Information Technology Act, its provisions are supplemented by the Indian Penal Code to make a case stronger.
     
  • A number of states have a cyber cell (such as the Mumbai Police cell) but not all. The jurisdiction of the cell is limited as law & order is a state subject.

The reason why matters is because its potential to damage business is huge. Data theft can rob a company of future earnings; for a bank, crores can disappear with the click of a button. For an individual, can be as big as loss of personal data or even a morphed nude picture going viral.

Duggal, who has handled cyber litigation for 15 years, says of every 10 people using the Internet, six are victims of One reason why such cases are on the rise is that people are unaware when they are committing such crimes. They are equally unsure about reporting them or even who to turn to.

"There is no transparency or clarity on jurisdiction. Where do you go for your remedy-cell or local police?" says Nappinai. "I always advise my clients to first register a case with the local police station and then approach the cell; otherwise the case will get lost. To a large extent, it works."

The Information Technology Act was formed in 2000 with the intention to regulate e-commerce. Amendments were made to the Act in 2008 to widen its ambit to include and child pornography.

The Act, in the news for its now-infamous Section 66A which concerns hosting offensive information of the Internet, draws different opinions in the legal world.

"It is a toothless act," says Duggal, who reports that only seven cases of have reached conviction in the country. But the law itself is not the only problem. Policing in cyber crimes is slow, often not reacting fast enough results in evidence being obliterated.

Another reason for fewer convictions could also be the veil of secrecy that put over Mostly, such cases are settled by the human resource department within closed walls as they are wary of the publicity arising out of it.

"Ninety per cent cases are sorted out (out of court)", says Nappinai.

Data theft is hardly something any company wants to advertise, especially when it deals with personal information and multiple geographies such as the US and the UK where data protection acts are strong. To tackle crime, are increasingly coming out with Internet usage policies, privacy policies and Internet audits as part of their HR codes. They are also banding together to address this issue and smoke it out into the open.

The Bombay Chamber of Commerce and Industry, for instance, recently held a one-day session on mobile security. "A lot of such as in insurance, banking, online bookings and so on are conducting business on employees' mobile devices. It is easy to secure a laptop or a desktop, but how do you secure a mobile which anyone in the family can end-up using?" says Hanuman Tripathi, head of Mumbai-based banking software solutions company Infrasoft Technologies, who chaired the session which had a 60-strong audience of CIOs.

Lawyer Duggal says that hybrid mobiles or smartphones are the next frontier for criminals of the cyber world.

"You yourself are putting so much of your profile out there. Telemarketing have no problem getting cell numbers, e-mail identities, bank accounts," says Tripathi.

"We need special judges, who are trained in IT; we need forensic labs in at least the metros," says Gupta of Unistal.

RECOMMENDED FOR YOU