Advertisment
Annuals

Growing Menace

author-image
DQI Bureau
New Update

The dynamics of the fraud scenario is changing worldwide. IT in general and

Internet in particular, is emerging as the key battleground perpetrating fraud.

Therefore, technology today, is becoming the key enabler of frauds, making it

simpler to conduct and more difficult to counter.

Advertisment

The variety of criminal activities, which can be committed with or against

information systems, has become surprisingly diverse in the last couple of

years.

While the worldwide scenario on cyber frauds looks bad, the situation in

India isn't better either. Though no concrete data is available, it is roughly

estimated that the cyber crime witnessed an increase of about 40-50% in 2005.

Driving Factors



According to Deepankar Sanwalka, executive director and head of Forensic at

KPMG India, IT's role in frauds has grown significantly, considering the fact

that more and more information for the corporates is residing in the IT systems

such as ERP and databases.  

Advertisment

The online criminal activity has also grown significantly with the increase

in software security flaws. According to California-based research company,

Cupertino, last six months (early 2006) have witnessed a record 1,862 new

software vulnerabilities. Rakesh Mittal, president and COO of Corbus feels that

security holes in Web-based programs are serious threats for businesses.

Attackers can use them to bypass security measures such as Internet firewalls.

Cyber fraudsters are now looking at exploitation of code vulnerabilities in

popular programs such as Microsoft Windows. These include 'zero-day'

attacks, which take advantage of security vulnerability on the same day that the

flaw becomes generally known.

Who's at Risk?



According to Kartik Shahani, director, Sales, India and SAARC, McAfee,

enterprises dealing with both their internal as well as customer sensitive data

would be at risk, as the information could be used for getting financial gains.

Arpinder Singh, director, Forensic at KPMG India believes that the prevalence of

cyber threats is the highest among the IT/ITeS and the financial sector. He

adds, the average age of the employees, specifically in IT and BPO, is

relatively younger and they use Internet widely. A greater technical know-how

further helps. “However, this doesn't rule out the growing cyber fraud

menace in other industry segments, especially biotech, pharma, and FMCG where

information on pricing, costing, and R&D are extremely critical and at high

risk to be prone to theft,” adds Singh.

Changing Dynamics of Cyber Frauds



According to Mittal, for the new generation of financially motivated

hackers, 2006 has brought numerous opportunities to develop more sophisticated

methods. Cyber fraud is emerging in the form of electronic vandalism, terrorism,

extortion, stealing telecommunications services, telecommunications piracy,

pornography, telemarketing fraud, electronic fund transfer crime, and electronic

money laundering. Surendra Singh, head, South East Asia and India, Websense says

businesses are now facing a new type of information security threat whose

characteristics are less widespread in number, more insidious, better-targeted,

financially-motivated, and driven by organized crime.

Advertisment
Guidelines

for the CIO

  • Risk profiling

    should be done and countermeasures be taken.

  • Regulatory and

    Compliance Mandates be put in place.

  • Process for audit

    and is reviewed at regular intervals. Audits carried as frequently as

    possible.

  • Process though

    stringent must not be so complex and cumbersome that the users cannot

    get the desired productivity.



    -Kartik Shahani, director,Sales, India and SAARC, McAfee
Expected

Future Trends in Cyber Fraud

  • Increase in use of

    Really Simple Syndication (RSS) to circumvent frequent updates and

    patches.

  • Increase in cases

    of theft of corporate data: As personal information used for identity

    theft becomes more difficult to steal, we anticipate increased

    interest in cyber theft of corporate roadmaps, plans, and engineering

    schematics, diagrams.

  • Web-borne worms and

    blogs will continue to be avenues for exploitation

  • Criminals will take

    advantage of Web scripting languages and unpatched machines to launch

    worms.

  • Voice over Internet

    protocol (VoIP) phishing or vishing.

  • Online gaming

    consoles that connect to the Internet for updates may be open to

    creative exploits designed to co-opt computer resources for attacks.



    -Surendra Singh, head, South East Asia and India, Websense

The trend of bot-led denial-of-service attacks has also increased at an

alarming rate. There has also been a shift towards profiting from current

events, in particular, donation scams for natural disasters. Prime examples were

sites purporting to collect donations for Tsunami or Hurricane Katrina victims.

'Virtual Social Networks' or 'Network of Friends' such as Ringo, MySpace,

Hi5, Plaxo, and Bebo etc can be used for frauds.

Identity Theft: A Growing Scourge



From the early days of 'dumpster diving' to sophisticated online fraud,

identity thieves are always on the prowl for new ways to steal information. The

growing ubiquity of digital data has resulted in an exponential increase in

identity theft over the last 2-3 years. And even, while it continues to remain

mostly under wraps with few cases being reported. Identity theft is becoming

more sophisticated.

Advertisment

Considering the growing complexity and economic impact of the threat, it is

time for the enterprises to graduate to primary defense mechanism such as

role-based management system (role-based access control). According to Navin

Agrawal, practice head, Security Governance, Wipro Infotech, the enterprises

need to concentrate on developing authentication tools around the application

processes, and on the back end, instituting better data-sharing practices, and

streamlining consumer reporting requirements.

Growth Statistics



If you thought that it could not happen to you, think again. Identity theft

is becoming more rampant. As reported by some surveys, the incidence of

victimization caused by identity theft increased from11% to 20% in 2001-2002 and

80% in 2002—2003. The manifold growth continues, say experts.

Experts feel that the increase in identity theft cases is being seen

in India as well. However, as Singh points out, such cases are still

highly under-reported for fear of harassment and negative publicity According to

Capt Felix Mohan, director of SecureSynergy, identity theft has become an

epidemic of frightening proportions as it becomes the number one consumer crime

in the US with someone losing ones identity every two-and-a-half seconds. “In

India concrete statistics on the extent of identity theft is not available, it

would be fair to assume a rapid escalation in identity theft and fraud with

increase in the number of net banking and e-commerce transactions,” he adds.

Advertisment

However, he further cautions that while the common perception is that the

largest risk of identity theft is while buying online, surveys have found that

most of the identity fraud is committed by someone who knows the victim.

Growing Threat Areas



Phishing, pharming, pretexting, skimming, card-not-present fraud, keystroke

catchers, database theft, mail theft, and stealing from residence have grown

considerably in the last 2-3 years.
Cyber

fraudsters are now looking at exploitation of code vulnerabilities in

popular programs such as Microsoft Windows
Advertisment

Phishing is the Internet's biggest identity theft scam and is widely

prevalent in India and has emerged as the primary method used by eCriminals to

extract identities. As per Websense's Web@work survey conducted in India in

2005, almost one in four employees (23% out of the 400 surveyed) stated that

they have given out financial, personal, or confidential data, such as corporate

network passwords or social security numbers, as a result of a phishing



attack.

Effective Remedy



Lack of adequate security can lead to breach, which in turn can lead to huge

damages, both tangible and intangible, for both individuals and enterprises.

This has resulted in a growing traction towards technology tools such as

identity management to safeguard against identity theft. However, technology

tools need to be effectively complemented with the adoption of the right policy

framework for an effective prevention, say experts.

Advertisment

Identity management solutions include access control, directory services,

directory services, and profile update, management of identities. Elaborating on

the trends in the identity management space, Agrawal points out that access

control and profile update are among the promising new technologies in this

domain. He adds that some of the mature and widely deployed technologies

are directory services, especially those using light-weight directory

access protocol (LDAP), password management, Web access management, and Web

single sign-on. “These technologies have significant install bases in

production, and demonstrate real and measurable RoI,” he explains.

To counter identity theft and fraud at a broader and national level, Capt.

Mohan suggests the government to focus on three areas, i.e. legislating specific

provisions to counter identity theft, enabling flow of information from credit

bureaus to consumers, and implementing an identity fraud alert registry.

The IT Act 2000 in its present form does not have any specific provision to

deal with identity thefts. However, the Expert Committee on Amendments to the IT

Act 2000 (whose report is presently under consideration by the government) has

recommended insertion of new sections relating to identity theft in the Indian

Penal Code (IPC). The committee has also sought provisions

for fine and punishments.

Shipra Arora



shipraa@cybermedia.co.in

Advertisment