“Your network has been breached and all data was encrypted.” The message on the screens of NIMHANS desktops provided a link to connect with the sales department of the ransomware and mentioned that the user has to purchase its decryption software, alluding to blackmail.
NIMHANS faced cybersecurity threats following a ransomware attack in March 2022. While there are concerns about patient data being compromised, and the functioning of the causality department, the director contended that only some computers were infected.
In a new avatar of digital crime, several consumers of Bescom have received specious communication conveying that the power connections to their respective homes will be severed due to the default in payment of electric bills. Those who reacted to this communique had their bank accounts compromised.
As civil society is encouraged to embrace digital technology, they are at greater risk of disruptions by various cybersecurity incidents. The marginalization of civil society in the broader political discourse and cybersecurity ecosystems at the global and national levels renders it vulnerable to policy and practice.
While governments around the globe spend billions of dollars on protecting state-owned critical infrastructure (CI) and private corporations have generous cybersecurity budgets, the participation of civil society in cybersecurity rarely goes beyond tokenism.
For one, civil society seldom represents a significant commercial threat which merits the kind of expenditure commercial CI warrants. As civil society is often outside the ambit of CI, it is not subjected to legal provisions of cybersecurity laws. Furthermore, tech companies do not find it financially stimulating to invest in technology to secure smartphones sold off the shelf for mass consumption.
A bouquet of threats
A study published in February observes that India alone has over 750 million smartphone users, expected to rise to over a billion by 2026, driven by sales in its vast rural hinterland. Very few of these users understand the threats that online hackers pose.
Despite Google’s claims, experts have continued to detect malware in the so-called sanitized Google Play app. Apart from apps with overtly malicious intents, there are scammer apps on Google Play that pose as bonafide services like applications for social welfare payments but hijack the user data or even freeze the device in return for payment of a fee.
Banking Trojans are even more fatal, allowing hackers to access the user’s current session and personal mobile banking account without knowing the login password. Another app can take screenshots of the user’s screen, thus recording critical data related to banking transactions. Finally, spyware like the infamous Pegasus could easily hack into almost any smartphone.
The current cybercrime scenario is disquieting as predators send umpteen messages to consumers to play on ignorance and more on their greed. With the latest technology, predators can alter existing videos and photographs to create fake content; with Artificial Intelligence (AI), ‘deepfakes’; can be fabricated, which are almost impossible to differentiate from genuine ones. Such technology has great potential for digital manipulation and fraud.
When an email is sent, an online search is done, or a photo is shared on social media, we are sure to have left behind a trail of personal data that represents our ‘digital footprint’. These digital footprints are permanent and extremely hard to erase. The data include the activities we perform in apps and online and consists of the geographical coordinates - as we take our devices with us just about everywhere, we go.
The way ahead
A ‘national security-centric’ narrative currently triumphs over cybersecurity policies and practices. Extracted from a realist theory of geopolitics, where nation states compete, the principal cybersecurity threats are characterized as those that cause damage to critical infrastructure within their territorial jurisdictions.
The preferred alternative would be to adopt a ‘citizen-centric’ approach to digital security that strives for indivisible network security, assured data privacy and the broadest possible scope of homo-centric experience. It would seek to ensure that such essentials are vigorously supervised and guarded by multiple layers of independent oversight and review.
(Tobby Simon is the Founder and President of Synergia Foundation and a Commissioner at the Global Commission on Internet Governance)