Lack of privacy laws in India allow cyber criminals to misuse users’ data on social networks.
Facebook users got an unexpected eyeful this week, as pornographic and violent images infiltrated their news feeds in a coordinated spam attack. Users were tricked into copying codes into their browser’s address bar and unwittingly share offensive pictures on their profile. A section of the 35 million registered Indian users on Facebook was also subject to abusive videos on the site.
Is there a legal answer to recurring hacking and spam attacks? Cyber security expert Vijay Mukhi says, “There's no easy legal recourse available to Indian users, as Facebook data is hosted outside India. If any user has to file a complaint against Facebook, the confusion is whether the laws applied would be US cyber laws or Indian ones.”
He says though cyber criminals (often based outside the country) hack email accounts, websites and impose bogus profiles of celebrities across the web there's no straight legal route to book them. “The most you can do is track the machine that originated the hack attack or spam. It is difficult to identify the person behind the crime, since cyber criminals use hacked PCs and stolen IP addresses and user data to perpetuate attacks,” he adds.
|I AM REGULAR ON THE SOCIAL WEB, WHAT SHOULD I DO?|
|* Be cautious about suspicious newsfeed updates from friends and do not click on suspicious links. Notify your friends about suspicious links, videos, images or content on their profile pages.|
|* Clean up your profile page if you are tricked into spreading suspicious content, and report it to Facebook by clicking the ‘X’ button on the right corner of the message.|
|* Educate your friends about common threats and scams.|
|* Install a security application (Facebook apps, McAfee, Websense, Trend Micro, Symantec, Sophos and BitDefender have free security apps) to protect your account and filter suspicious newsfeed.|
Most hackers spread spam on sites like Facebook through video clips or a page link that appears on the ‘walls’ of one's friends, followed by a few curious clicks that trick the user into taking part in a fake survey and spreading the scam message unintentionally. Yashraj Vakil, chief operating officer, digital agency Red Digital, says, “The group Anonymous hackers, which launched the attack on Facebook on Thursday, is the same that had hacked the Sony Playstation network and compromised user data and credit card details.” The hacker group reportedly launched the spam attack on Facebook to warn the company against sharing data with the US government.
Vinoo Thomas, technical product manager, McAfee, says, “In most forms of cyber attack on social networks, it is the user who clicks on malicious links and, unknowingly, passes on the virus or spam to his contacts. This form of attack can be only controlled when users stop clicking on suspicious links.” These spam attacks are often armed with malware that finds its way into the user's computer when clicked. Malware can also gain access to our personal information and passwords.
Facebook, on its official security page, clarifies, “It's worth keeping in mind that no system is perfect. If someone freely gives his password to an attacker, or clicks on a suspicious link, our algorithms and systems can only provide so much protection. In the end, security is a partnership between Facebook and the people who use it.” The social networking site, which has 800 million subscribers worldwide, claims it checks 640,000 user actions per second, performs 20 billion classification checks every day, and is looked after by the Facebook Site Integrity team, which comprises 25 engineers.
The attacks are not restricted to Facebook alone. Google+, which launched its business pages a week ago, is already fighting hackers. Bank of America's profile page, featuring the company's logo, links to its website, and the address and phone numbers of its New York headquarters, was compromised. The account posted defamatory comments against homeowners who failed to pay their mortgage dues.
Mukhi, who has advised several companies and high-profile celebrities to protect their online identities, believes cyber criminals recognise the confusion over cyber laws and are making the most of it. “If cyber criminals are to be controlled, there is a need to have an international Interpol force, which abides by global cyber laws. Unify the cyber laws to manage the growing cyber black market,” he says.
Vakil of Red Digital adds while hack attacks on company websites remain under the jurisdiction of cyber laws, it is the lack of privacy laws in India that allows cyber criminals to misuse users' data on social networks. “In the US, when the Sony Playstation network was hacked, users filed lawsuits against the company. In India, users who lost their data could do nothing. If this gap is not plugged, cyber criminals would always be the most active on social networks,” he says.