Rediff.com« Back to articlePrint this article

Can cyber criminals loot your money?

December 22, 2016 06:39 IST

Difficult for citizens to have faith in Digital India under current circumstances

'How can citizens have faith in Digital India if their hard-earned money is looted by cyber criminals and cyber fraudsters from banks, and there is no active forum to seek compensation or damages?'

Advocate Prashant Mali, cyber security and cyber law expert at the Bombay high court, discusses with Shakya Mitra the challenges the country has to overcome in the transition to Digital India.

When a hacking attack, like the one on the Twitter accounts of Rahul Gandhi and the Congress, takes place, can the people who handle these accounts block it instantly?

No, because the hackers take complete control of the account and even change the security question.

However, when Twitter receives multiple complaints from vigilant followers, the social networking service suspends the account for some time to curtail the damage.

Twitter has been the target of such hacking attacks on more than one occasion in the recent past. Is it then more vulnerable than other Web sites that involve sharing of personal details?

I would argue that Twitter is a playground for trolls and advocates of free speech.

Spats here are common and often they attract more followers and retweets.

When an account gets hacked, maximum damage happens to people who are active users.

These are the primary reasons why Twitter accounts are the favourite of hackers and, hence, more vulnerable.

Could human error have played a part in both cases of hacking? And, aren't high-profile accounts difficult to hack into?

Yes, weak, unchanged and shared password is the primary reason in this case.

In fact, high-profile accounts are more susceptible to hacking as they are often managed by social media managers who, in turn, have staff.

So, the passwords are kept weak for easy remembrance and often shared across many people and many applications.

I am sure the hackers know of Rahul Gandhi's passwords for other sites too. His team needs to change them immediately.

How fragile is cyber security in India? If a hacker can break into anyone's account, isn't then India's security as a nation too under threat?

That's true across the world. Even military systems across countries get compromised.

A determined hacker is a lone wolf attacker who rarely gets noticed and is often not suspected by agencies.

India is the weakest because we possess neither an active nor passive cyber policing mechanism.

India needs a cyber police different from the police enforcing law physically.

Given that India doesn't have a strong cyber security law, how risky is the push towards Digital India? There have also been incidents of debit card frauds.
Do you think such incidents reinforce these doubts?


When it comes to the law and grievance handling mechanism of Digital India, I think it was never thought out even in the vision statement.

How can citizens have faith in Digital India if their hard-earned money is looted by cyber criminals and cyber fraudsters from banks, and there is no active forum to seek compensation or damages?

The adjudication mechanism under the IT Act, 2000, has failed miserably.

To inspire trust, the central government must do three things.

First, unleash a nation-wide cyber security awareness programme with specific provisions and targets in the annual Budget.

Second, have separate cyber-crime criminal and civil courts at the district level.

Third, create a separate cyber police force in all states with coordination across the country.

What precautions should people take to protect their Internet accounts and bank details?

Have a password for your mobile phone, digital wallet and bank account.

Don't save bank details in the wallet application.

Never do banking on free Wi-Fi.

Before selling your mobile or computer, format the hard disk.

Any time you see your mobile phone blocked, please call the bank from another number and freeze the account.

Do not click on untrusted links you get on SMS, WhatsApp or email.

Avoid phone banking to prevent social engineering through phishing attacks.

Shakya Mitra
Source: source image