Almost on daily basis, there is at least one report about some major data leak, mostly hacked by techies and put on sale. With almost everything about people stored in huge data logs with multinationals and the government, the failure of the custodian in protecting the basic information about people is quite a scary scenario, writes Masood Hussain
The University of Kashmir took its own time to react. The data, its public relations office said, is being “analyzed in-depth” and depending upon the outcome, the varsity will take “an appropriate legal recourse”. The office was reacting to the report that data of almost a million students from Kashmir is being sold on the web at US $250.
An apparent hacker, ViktorLustig, went to the dark web outlet, Breached Forums to claim that he has a huge database involving a lot of data about students and employees of the University of Kashmir. He suggested that “serious buyers” approach him on Telegram for details of the deal. Hours after the leak, the hacker delisted his entry but that did not offer any solace to the region’s oldest university.
The “leak” is part of the serious crime that has came part of the information revolution that literally rules the world. It is a data age where robotics, artificial intelligence and literally the tech-savvy new generation rule the roost.
“Our private information is so easily available to every corporate bloodsucker that sometimes I get goosebumps to read some of the emails which often land up in my spam folder,” businessman and social activist, Mohammad Afaaq Sayeed wrote on his Facebook. “My car insurance is due on 17 August and for the last 3 days, I am being spammed by different Insurance companies on my email and through telephone calls. I am being asked to purchase it through them only, needless to say.” He went on to say: “My post-paid telephone bill is due and I am being spammed by banks to pay for it using their banking apps. So much so, that the exact amount of my bill is also known to all of them. My CIBIL ratings are being conveyed to me by Fintech firms and different loan amounts are being offered to me without me ever asking for it.”
This is the era, in which we live – a utopian world where nothing is secret. Who we are, what are capacities could be and what have been doing for all these years in the last one decade or so, everybody knows ever where. Sometimes, it is scary when an anonymous caller reveals information on the phone that even individuals have not shared with their families!
Two Different Crimes
The cyber-world is a parallel universe and the crimes endemic to the virtual world are interestingly different. A fraudster who befriends people on social media and then siphons their saving is one star, a basic class of crimes that the Cyber Police is routinely investigating. In most of these cases, the criminals use a maze of webs that in certain cases, it is practically impossible to locate them.
The arrest of two Nigerian cheats by the Cyber Police in Srinagar is one such basic crime in which the fraudsters fell into the web of not having much knowledge about the vastness of cybercrime. Cybercrime has gone so sophisticated that even 10 minutes after the bank accounts are accessed; it is very difficult to locate the money trail. This is despite the fact that, unlike the real world, the virtual world ensures the footprints are not erased. The fact is the data once stored on a device is literally indestructible. It only depends on the mastery of the techie to revive it.
However, the second set of crimes is gory. People, under the laws of the land, and the requirements of the service delivery institutions are supposed to offer their information. These institutions are trusted to keep the information without compromising the integrity of the individuals. When this information comes to the market, it is much serious crime. The data leak of the University of Kashmir falls in this category.
Over the last few years, hundreds of such leaks took place within and outside India. Only last week, the personal information of 28 crore Indian provident fund subscribers was reportedly leaked on the web by some hackers. The data leaked according to a Ukraine-based cyber-security researcher, Bob Diachenko – who said he shared the information with Indian Computer Emergency Response Team (CERT-In), includes information that can be used by vested interests to generate fake identities, documents and even access their accounts.
Within 12 hours of the researcher’s tweet, the two IP addresses operating from India went down. “Even after a reverse DNS analysis the source of the hackers could not be traced,” the report said.
In February last year, the personal data of around 26 lakh Airtel users – all belonging to Jammu and Kashmir – was hacked and put on sale for the US $3500 in Bitcoins. Cyber security researcher, Rajshekhar Rajaharia told reporters that the information included telephone numbers, addresses, Aadhaar numbers and other details. The company, however, disputed the claim.
These leaks are just a routine. In its latest report, The State of Data Breach Intelligence, Flashpoint – a technology company working on data leaks, said there were 1980 major breaches in the first six months of 2022 across the world. In sixty per cent of the cases, these leaks were the outcome of hacking.
The interesting input, however, was the number of records exposed dropped dramatically in comparison to the first six months of 2021 – from 27.3 billion records to 1.4 billion records. “The combined Healthcare and Social Service economic sector reported the most breaches in 2022 H1,” it said, indicating that the data leaks are funded by businesses who wish to reach people and sell their products or solutions.
The world is actually changing at a much faster pace, perhaps for the first time in human history. Everything is skirting so fast that a cell phone or a personal computer is literally emerging as the virtual clone of its handler. Just a few years more, there will possibly be no banks at all. There may not be crowded business streets also. Even the schools and media houses may have virtual beings delivering lectures or disseminating news on their cell phone screens. The process has actually started and Srinagar cannot stay away from the trend that will take over the world.
Just a few years more and the Metaverse will take over. Most of the world would get virtual and a goggle will make the net difference between a person spending millions to reach Gulmarg for skiing on the powder snow and the guy doing the same thing virtually from South Africa. We already had a Kashmir super surgeon in London, Dr Noor ul Owase Jeelani using a virtual reality simulation to separate the four-year-old Brazilian twins who were operating with a fused brain and a skull. They were eventually separated in a physical operation but the basic information evolved while attempting the same virtually.
As all this is literally invading humankind, the biggest issue remains – how to retain the anonymity of an individual who dislikes being paraded naked virtually with all his information made public at a cost. This is the issue that is at the top of the new world debates and it has already started. It has been years now that the transparency champions and individual privacy activists have been fighting over the issue.
The world powers may make people believe that they have control over the web. The fact is that the web is as free as oxygen. The real challenge would be for the civilised government, which, across the world got massive information about its citizenry during the Covid10, in certain cases even monitoring the fever of individuals using their phones and without letting them know. Information is vital for all governments but the government as custodian of the data and the government as a user or in certain cases abuser of the data needs to be tackled earliest. The government must legislate at a faster pace to protect people’s rights to own the data they generate. Data is deadly but it is vital for democracy.