Data thieves find a way to get you

Every time you press the send button on your e-mail, it is out in the ether for anyone to intercept. The data on your computer can be compromised any time, with hackers tunnelling in through your broadband connection. They can get straight to your hard drive using your mobile code and steal your data.

Cyber thieves are out there and thriving, and data theft can cost you a lifetime’s fortune. Says Data Infosys CEO and MD Ajay Data: “No email is private unless it is encrypted.

Once the e-mail leaves your mailbox, it can easily be intercepted during transmission.” Though for a good cause to keep a check on cyber terrorism, mail providers like Yahoo and MSN scan all your mail. However, this ability can be easily misused.

So how do cyber thieves operate? Like most thieves, they use the smallest opening available to get in unnoticed. Data thieves thrive on the fact that despite your unique Domain Name System (DNS) address, there is always a trail available on the net to your computer for hackers to follow.

“In fact, most illegal sites, especially pornographic ones, have a special kind of software. The moment one logs on to the site, the software gets downloaded on the machine being used. This is like a burglar having a key to your house,” says independent systems integrator Arvind Gupta who heads the Delhi-based Shanu Computers.

Alternatively, all software packages typically have what are called ActiveX controls. For instance, most packages have assistants that act as a backdoor for software vendors to allow remote help and patch delivery against problems. However, these also turn out to be the biggest entry points for uninvited visitors.

As is true in the physical world, it is usually the users’ callousness that makes data theft easier. While the larger BPO and IT services players follow stringent data privacy norms, there are the smaller sub-contractors who may be lax with their security set-up enabling  employees to walk out with data on the pen drive. A global third-party study commissioned by Cisco Systems reveals that while most remote workers say they are aware of security issues, their behaviour suggests otherwise. (SEE BOX)

This callousness on the part of some companies has cost the Indian BPO industry its reputation. Recently, Channel 4 claimed that middlemen like Sushank Chandak were stealing the personal data of British clients from BPOs and selling it. Earlier, police arrested an HSBC employee Nadeem Kashmiri in Bangalore in connection with alleged financial wrongdoing. In yet another scandal, the UK-based tabloid The Sun reported that it had obtained personal details of 1,000 British bank customers by

paying $5,000 to Karan Bahree, a Delhi-based company’s employee. These instances of alleged data theft actually exposed the inability of Indian laws to deal with data theft. Interestingly, in 11 years of India’s exposure to the Internet and six-and-a-half years of existence of IT Act 2000, there has only been one cyber crime and one BPO conviction each.

Says Supreme Court advocate and cyber law expert Pavan Duggal: “Most cyber crime cases filed in Bangalore have what is called the ‘B report’ which indicates that no action can be taken on the complaint because there is no clear framework to collect or handle electronic evidence.”

But cyber thieves may not rejoice for long, especially with the impending amendments to the IT Act 2000, among other things. Says National Association of Software and Service Companies (Nasscom) President Kiran Karnik, “We are setting up a national registry of employees in the IT software and services industry. We are also training enforcement officials and creating awareness in the judiciary in India on cyber crimes.”