Abhi 2.0 on Technology

First published in the Hindustan Times (Mumbai edition)

Column in HT Cafe

A recent article in Forbes magazine had me a bit startled when it claimed that India, along with the UK barely accounts for 2% of the world’s cybercrime. “No way”, was my first thought! On examining the article carefully, I came across a sentence that, in my opinion, shredded the hack-job hypothesis – “Researchers at Sophos Labs say they … can roughly identify the host country of malicious software by tracing the default language of the computer on which it was programmed.” That has to be the most flimsy basis ever for such a study! A quick survey of all the computers in my immediate vicinity in office proved me right – almost no one in India, irrespective of operating system used, bothers to change his or her default language from US English to UK. I have no numbers to support this (does anyone?) but overwhelming personal, anecdotal and logical evidence suggests that the Queen’s dialect isn’t the default option on even a fraction on computers in this country. In the same article, NASSCOM’s director of cyber-security praises the legit IT industry for giving folks with computer skills better things to do. This is true to a limited extent, though what is not discussed is that our IT-BPO boom creates an altogether new ecosystem of lucrative “data crime”. The phenomenon is rampant in India, especially in smaller firms but is not defined as cyber crime in this particular survey.

*****

Memories of covering India’s first high-profile cybercrime – my first major assignment as a hack (as in journo not techie) – are still fresh! It was the most bizarre sequence of events that I’d ever witnessed. For days on end we were briefed that a “hacker” (as in techie not journo) was defacing the Mumbai Police’s Cyber Crime Cell website and taunting the cops of the newly formed division. The way in which the cops who were briefing the press pronounced the name brought visions of a respectable doctor of Maharashtrian origin on the lines of Savarkar, Gavaskar, Dandekar and therefore this Dr. Neyu-kar. It was only when we actually saw a screenshot of the defaced page did we realise that it was someone aping the famous Pentagon hacker who went by the alias of Dr. Nuker as in “nuclear” or as George W would say “nu – killer”. As if that wasn’t comical enough, the culprits were caught by tracing their IP address, not to a particular machine, but a general geographic area and then physically sweeping every cybercafe in the vicinity hoping to get lucky. Lucky the police were though in their enthusiasm, they roughed up one of the two teenage pranksters a bit and he later accused them of torture. Six months later, they were offering the same kids software jobs with the “rehabilitation” tag. The boy who’s arm was allegedly broken wasn’t amused and declined the “offer”. To be fair, the Mumbai Police’s cybercrime wing has come up by leaps and bounds in the five years since the incident. Hell, there was a time when other police stations would transfer cases of computer equipment theft to them. I swear I’m not making that up – a senior cop assured me that it actually happened!

*****

Some interesting news from the hacker community: Two Indians, Nitin and Vipin Kumar, who run a security consultancy called nvlabs.in were supposed to present at the prestigious and often controversial BlackHat conference in Las Vegas, this past weekend. The duo claimed to have cracked the most widely used, supposedly impenetrable, hardware-based encryption system that powers, among others, Windows Vista’s much hyped advanced security features. The briefing, “TPMkit: Breaking the Legend of [Trusted Computing Group’s Trusted Platform Module] and Vista (BitLocker),” was mysteriously withdrawn from the conference without any explanation. I tried contacting the duo who (after asking me to send an encrypted email for safety) politely declined comment as did the event organisers. The Kumars apparently impressed audiences when they presented a different paper on a similar theme at the Amsterdam leg of the Conference series, earlier this year. Online forums are now buzzing with conspiracy theories as to why the “superhack” was mysteriously withdrawn from BlackHat – a conference that has drawn criticism in the past for exposing security vulnerabilities and making them public.