Identity Theft and Its Repercussions on India’S State Security
The term Identity theft was coined in year 1964 and referred to the act of pretending to be someone else by impersonating that person's identity, typically to gain unauthorized access. One of the most bizarre cases of identity theft in recent history was when a mother of a Highschool cheerleader in US, stole her school pass to attend school and join the cheerleading squad.
While cases such as these bring a smile to the face, identity theft in itself has become one of the most dangerous crimes in the world today. In the digital age, stealing a user's identity has become much easier and safer. One of the biggest cases of identity theft occurred in occurred between 1999 and 2000 and was orchestrated by a credit-company help desk employee named Philip Cummings stole thousands of credit reports by using passwords of the company. In recent times, a couple - Amar Singh and his wife Neha Punjani Singh were arrested for their roles in a $13 million identity theft scam.
Conservative figures put the cost of identity theft in US alone as $ 21 billion in the year 2012. In India, we see numerous cases every week on unauthorized transfer of funds, stealing of financial records, or unauthorized use of credit card information. While the law of the land protects the user from paying off these fraudulent charges, the mental agony and the time spent in resolving the case prevents most of the users from taking such matters to court.
Fortunately, as of yet, in India, we have seen such cases limited to disputes between financial institutions and consumer. But what happens if a Government institution gets entangled in this. It has been reported in US that IRS might have delivered $5 billion in refunds to identity thieves. How long before a similar scam hits our own shores?
While we are rapidly moving to an e-office, paper free environment, in terms of protecting our digital assets we lag far behind the information super power of the world. As a result, the dangers we face are multifold.
India is in the process of setting up the largest Crime and Criminal Tracking Network & systems - CCTNS with an outlay of Rs. 2000 crores. The project aims at creating a comprehensive and integrated system for enhancing the efficiency and effectiveness of policing at the Police Station level. The system will be used to connect stations all over the country and feed in digital information of FIR's, Interrogation Reports etc.
As of yet, the project has not catered for security of users credentials. Imagine a situation, where a hacker steals the user credentials of an officer and creates a fraudulent FIR against you or even fills in your details with connect to an Interrogation report. Voila! Without being even aware of it, you have got a criminal tag against you which will continue to haunt you till you are able to convince the authorities that that charges are fraudulent. The worst is that the officer with whose stolen identity the charges have been framed may not be aware about it till much later if ever.
The same holds true for the multiple e-office programs currently in implementation in multiple paramilitary forces. By the very nature of their work and the terrain in question, the access has to be given to remote units over internet or preferable a Virtual private network.
In such cases it has become extremely critical to protect users credentials even if they themselves are reluctant to take measures to do so.
Two factor authentication is a time tested technique against Identity theft. While multifactor authentication tools such as Hard Token, USB Token etc offer flexibility along with giving unbreakable security, other forms such as image based login etc are gaining popularity as well.
The target for the user is to choose a vendor and technology which offers him premium safety without compromising on convenience of use. With Two factor authentication being the last wall of security, countries such as US has an unofficial policy of choosing Two Factor Authentication vendors from within their own country especially where Defense establishments are concerned. Iran, while setting up their internal mail servers for the entire country seems to be following this logic as well for implementing Two Factor Authentication within it.
With Prism and data leakage a reality in the world we live in, defense establishments in India and other countries in South East Asia may well follow suit and choose indigenous vendors for Two Factor Authentication.
While cases such as these bring a smile to the face, identity theft in itself has become one of the most dangerous crimes in the world today. In the digital age, stealing a user's identity has become much easier and safer. One of the biggest cases of identity theft occurred in occurred between 1999 and 2000 and was orchestrated by a credit-company help desk employee named Philip Cummings stole thousands of credit reports by using passwords of the company. In recent times, a couple - Amar Singh and his wife Neha Punjani Singh were arrested for their roles in a $13 million identity theft scam.
Conservative figures put the cost of identity theft in US alone as $ 21 billion in the year 2012. In India, we see numerous cases every week on unauthorized transfer of funds, stealing of financial records, or unauthorized use of credit card information. While the law of the land protects the user from paying off these fraudulent charges, the mental agony and the time spent in resolving the case prevents most of the users from taking such matters to court.
Fortunately, as of yet, in India, we have seen such cases limited to disputes between financial institutions and consumer. But what happens if a Government institution gets entangled in this. It has been reported in US that IRS might have delivered $5 billion in refunds to identity thieves. How long before a similar scam hits our own shores?
While we are rapidly moving to an e-office, paper free environment, in terms of protecting our digital assets we lag far behind the information super power of the world. As a result, the dangers we face are multifold.
India is in the process of setting up the largest Crime and Criminal Tracking Network & systems - CCTNS with an outlay of Rs. 2000 crores. The project aims at creating a comprehensive and integrated system for enhancing the efficiency and effectiveness of policing at the Police Station level. The system will be used to connect stations all over the country and feed in digital information of FIR's, Interrogation Reports etc.
As of yet, the project has not catered for security of users credentials. Imagine a situation, where a hacker steals the user credentials of an officer and creates a fraudulent FIR against you or even fills in your details with connect to an Interrogation report. Voila! Without being even aware of it, you have got a criminal tag against you which will continue to haunt you till you are able to convince the authorities that that charges are fraudulent. The worst is that the officer with whose stolen identity the charges have been framed may not be aware about it till much later if ever.
The same holds true for the multiple e-office programs currently in implementation in multiple paramilitary forces. By the very nature of their work and the terrain in question, the access has to be given to remote units over internet or preferable a Virtual private network.
In such cases it has become extremely critical to protect users credentials even if they themselves are reluctant to take measures to do so.
Two factor authentication is a time tested technique against Identity theft. While multifactor authentication tools such as Hard Token, USB Token etc offer flexibility along with giving unbreakable security, other forms such as image based login etc are gaining popularity as well.
The target for the user is to choose a vendor and technology which offers him premium safety without compromising on convenience of use. With Two factor authentication being the last wall of security, countries such as US has an unofficial policy of choosing Two Factor Authentication vendors from within their own country especially where Defense establishments are concerned. Iran, while setting up their internal mail servers for the entire country seems to be following this logic as well for implementing Two Factor Authentication within it.
With Prism and data leakage a reality in the world we live in, defense establishments in India and other countries in South East Asia may well follow suit and choose indigenous vendors for Two Factor Authentication.