Earlier this week, the official Twitter account of Congress Vice-President Rahul Gandhi was hacked. Hours later, the Congress party’s verified account was also compromised. In both cases, miscreants posted abusive tweets. Advocate PRASHANT MALI
, cyber security and cyber law expert at Bombay High Court, tells Shakya Mitra
why it is easier to hack high-profile accounts and discusses the challenges the country has to overcome in the transition to Digital India.
When a hacking attack, like the one on the Twitter accounts of Rahul Gandhi and the Congress, takes place, can the people who handle these accounts block it instantly?
No, because the hackers take complete control of the account and even change the security question. However, when Twitter receives multiple complaints from vigilant followers, the social networking service suspends the account for some time to curtail the damage.
Twitter has been the target of such hacking attacks on more than one occasion in the recent past. Is it then more vulnerable than other websites that involve sharing of personal details?
I would argue that Twitter is a playground for trolls and advocates of free speech. Spats here are common and often they attract more followers and retweets. When an account gets hacked, maximum damage happens to people who are active users. These are the primary reasons why Twitter accounts are the favourite of hackers and, hence, more vulnerable.
Could human error have played a part in both cases of hacking? And, aren’t high-profile accounts difficult to hack into?
Yes, weak, unchanged and shared password is the primary reason in this case. In fact, high-profile accounts are more susceptible to hacking
as they are often managed by social media managers who, in turn, have staff. So, the passwords are kept weak for easy remembrance and often shared across many people and many applications. I am sure hackers know of Rahul Gandhi’s passwords for other sites too. His team needs to change them immediately.
How fragile is cyber security in India? If a hacker can break into anyone’s account, isn’t then India’s security as a nation too under threat?
That’s true across the world. Even military systems across countries get compromised. A determined hacker is a lone wolf attacker who rarely gets noticed and is often not suspected by agencies. India is the weakest because we possess neither active nor passive cyber policing mechanism. India needs a cyber police
different from the police enforcing law physically.
Given that India doesn’t have a strong cyber security law, how risky is the push towards Digital India? There have also been incidents of debit card frauds. Do you think such incidents reinforce these doubts?
When it comes to the law and grievance handling mechanism of Digital India, I think it was never thought out even in the vision statement. How can citizens have faith in Digital India
if their hard-earned money is looted by cyber criminals and cyber fraudsters from banks, and there is no active forum to seek compensation or damages? The adjudication mechanism under the IT Act, 2000, has failed miserably. To inspire trust, the central government must do three things. First, unleash a nationwide cyber security awareness programme with specific provisions and targets in the annual budget. Second, have separate cyber-crime criminal and civil courts at the district level. Third, create a separate cyber police
force in all states with coordination across the country.
What precautions should people take to protect their internet accounts and bank details?
Have a password for your mobile phone, digital wallet and bank account. Don’t save bank details in the wallet application. Never do banking on free Wi-Fi. Before selling your mobile or computer, format the hard disk. Any time you see your mobile phone blocked, please call the bank from another number and freeze the account. Do not click on untrusted links you get on SMS, WhatsApp or email. Avoid phone banking to prevent social engineering through phishing attacks.