Business

India steps up battle against rising cyber crime wave

Surfing internet
Image caption As the number of people coming online in India rises so could the victims of hackers

As Ankit Fadia, 28, works on his laptop, his fingers furiously tapping away, there is silence in the packed auditorium in central Delhi. 

His projector throws images of codes and symbols onto a white wall, and then suddenly, the crowd bursts into spontaneous applause.

Another website has been successfully hacked and unlocked.

But rather than doing something illegal, Mr Fadia, who describes himself as an ethical hacker, says he is trying to protect people and businesses from a rising wave of cyber crime.

"The difficulty about tackling cyber crime is that it's increasing all the time," says Mr Fadia.

"If we control one set of attacks there are hundreds more the next minute. That's why we need our systems, policing, the law, prepared for this kind of cyber onslaught."

Spam manager

According to a recent report by global research and accounting firm Ernst and Young, data or information theft was the most committed fraud in India last year.

That data can be anything from personal details, to bank accounts, to company contacts and secrets.

Ernst and Young warns that it could cost companies as much as 5% of their profits if they are targeted by cyber criminals.

At the same time, there has been an increase in nuisance internet issues such as spamming, with India recently overtaking the US to become the top global contributor of junk messages.

Media playback is unsupported on your device
Media captionThe BBC's Shilpa Kannan reports on what companies are doing to protect themselves from cyber attacks

And while this jams an inbox and is a headache for the consumer, for the government there are also more serious issues, such as national security and trying to avoid a potential cyber attack by a terrorist group.

According to the Minister of State for Communications and IT, Sachin Pilot, more than 100 Indian government websites were hacked in the first three months of 2012.

It is no surprise then that the government has been trying to step up its policing of cyberspace, and is mulling plans to build a National Cyber Coordination Centre, which will detect malicious cyber attacks and issue early warning alerts.

The IT industry lobby group Nasscom has also recommended establishing a cyber command centre which would sit within the defence forces. They argue the cyber command should be equipped with defensive and offensive cyber weapons and staff trained in cyber warfare.

Grey men

But for observers such as hacker and author Mr Fadia, India already has some firepower in place with its Information Technology Act that was passed in 2000.

The issue, however, is not with the law, rather the implementation of it.

"Though India has laws aimed at tackling cyber crime, it isn't used effectively," explains Mr Fadia, who has tied up with the national police academy in Hyderabad and helps train police officers in understanding cyber crime.

"Even when arrests are made, very few people actually get convicted."

Experts say that even if you go after the criminals it is not always easy to catch them because they usually operate behind the wall of anonymity that the internet offers.

According to Arpinder Singh, head of Ernst and Young's Fraud Investigation and Dispute Services, the company recently tried to identify the profile of an Indian cyber fraudster.

What they found was that the fraudster had changed significantly.

Now, typically, they are a male middle-management employee in his 30's who is very ambitious and tech savvy. He can work anonymously from a remote location.

This makes it harder to trace any wrongdoer, a task that will only get harder as India's internet population grows from its current level of about 120 million, or about 10% of the current population.

Mr Singh warns that as more people come online the risks to companies both big and small will increase.

Safe practice

One small firm that is already taking defensive measures is UC Infosystems.

In a busy office in west Delhi, the company's technicians are breaking down electronic equipment and consumer gadgets so they can service their parts.

As well as being full of computers and keyboards, the office is also brimming with confidential information such as client orders and addresses, payment methods and other financial data.

In an increasingly competitive business, the founder of the firm wants to make sure nothing can be lost or stolen.

"Though we are a small business, all our data is online," explains Sanjeev Sharma.

"My accounts department processes financial data; the service staff can access client addresses and phone numbers.

"I have to consider the possibility that my competition can steal the data. That puts not just my business at risk, but all my valuable client data at risk."

More on this story

Related Internet links

The BBC is not responsible for the content of external Internet sites