Digital Security: Staring at a Digital Nightmare
(Brian Katt at the English language Wikipedia via Wikimedia Commons)
Digital security in India is akin to a house with open doors and windows. Anyone could walk in and rob the safe. Is the government being imprudent in pushing digitisation without taking care of cyber security?
Abeer Kapoor & Nikhil Thiyyar Delhi
The audacious hacking of the Twitter handle of Rahul Gandhi, Vijay Mallya, Barkha Dutt and Ravish Kumar by ‘Anonymous’ inspired ‘Legion’ has had an inadvertent outcome. The hoi polloi of the country who have taken to online banking and digital transactions are deeply concerned about potential and costly breaches to cyber security of the country. The general public is slowly but surely waking up to the fact that there are organisations on the ‘dark web’ that are used by political organisations and companies with deep pockets for nefarious purposes like mass surveillance. This gnawing anxiety is especially pertinent at a time when the country is digitising at a frenetic pace ever since demonetisation happened. While the government is pushing for digital payments through mobile apps, chipset manufacturer Qualcomm has reported that most e-wallets and mobile banking applications do not use hardware level security which can make transactions more secure.
Following the slew of hacking incidents there is a growing familiarity with shadow entities like ‘Legion’. Legion is a motley group of men/women, most of them millennials in possession of a colossal amount of data — nearly forty servers worth. A key aspect that hasn't got traction in the cyber security debate that has ensued is the demand for more stringent data privacy laws. How in the first place did someone like Legion gain access to these servers?
In the 2015 dark comedy film ‘Brand New Testament’, the daughter of God, borrows his computer and in one fell swoop leaks the amount of time everyone has to live via text message to the entire world. This action has immediate consequences, and the film follows the chaos that such a move causes. Akin to the premise of the film, the treasure trove of data that Legion sits upon is frightening. This data could run into several hundreds and thousands of terabytes of information and might contain several hundreds and thousands of Aadhar numbers, personal details and bank account numbers. While we eagerly await the next data dump of people like Vijay Mallya or Lalit Modi, who we as a collective want to incarcerate, the next target could be you or me. What prevents Legion from releasing your entire digital data to the wider public?
While we are promised a gateway into a ‘Digital India’, and a cashless future, do we really feel safe? A sobering reality check is the fact that the economies of Iran and Venezuela were savaged through incisive cyber attacks.
Legion promises a replay of what these economies have gone through. They promise that if all the information that they have is released, it will lead to utter chaos. While they have been adamant that their hacks are not politically motivated, their attacks suggest otherwise. Is the country prepared for a digital onslaught that could bring the whole nation to a standstill?
They now claim that they have managed to get their hands on a data trove related to the BJP, which is allegedly installing a malware onto people's computers that would also give them access to other computers and servers. These software infiltrate firewalls and take charge of the computer - once malware is downloaded in the system often disguised as something else.
Despite Legion’s sophomoric attempts to look anarchic, but independent- there are suggestions that these hacks smell fishy. There are rumours that these hacks are not only politically motivated, but their patterns reflect vendetta-driven hacking. Some people allude to the fact that these hackers might not be who they claim to be, and say that these hacks could be led by paid organisations that help swing public opinion on social media websites and manipulate surveys. Hundreds of mercenary hacking operations are running in the world that have discredited the political opposition, swung elections and painted people as good, bad and downright ugly. In the aftermath of the presidential elections outgoing President Barack Obama has alleged that hacking of the Podesta Emails are one of the main reasons as to why Hillary Clinton lost.
The relationship between governments and nebulous, murky international 'hacking' organisations is an old one. Many a time companies such as Hacking Team (HT), an Italian company that has called itself an offensive hacking agency, have claimed to be in touch with the Indian government and political parties. Some hacking companies have tried to sell their 'infesting' or hacking softwares to the government and also given a demo to get officials onboard. HT has a software called Galileo that can take over and get the data from a mobile phone in the same room, and according to Wikileaks they have tried selling it to local Indian police repeatedly. Wikileaks has exposed the relationship between Hacking Team, several law enforcement and political organisations in India and Israel. HT is one of many such organisations that are looking to pose as hackers to protect, and take an offensive stand against political or any other opponents.
If what Legion and other hackers promise is true then we may be staring at a digital nightmare.