Saturday, October 21, 2017

Prashant Mali images of Gartner Security & Risk Conference in Dubai







Prashant Mali images of Information Intelligence Conclave 2017







 My favourite picture
 my favourite portrait



Prashant Mali SKYDIVING Thrilling Experience in Dubai

Prashant Mali SKYDIVING Thrilling Experience in Dubai


16th October first day of Diwali festival in India, so when India started their Diwali celebrations i was booked for my life time experience at the Dubai Skydive i.e the agency which helps people sky dive in dubai. The cost is around Rs. 35000 which includes flying, diving and photography with storage device.
i was called to checkin at 12:00 had a long wait till 2:15 PM as i had a long rush before and a lunch break. I found many girls from Asia and americas and 20 percent boys strange but true. there 2-3 type of divers like professionals, amateurs and first timers like me. The energy in the camp is vibrant and radiant. Jumpers go and come back in regular time intervals, it is a 20 minute journey.
I dont know but i had a sheer determination and focus so even beautiful girls around me didn't bother me much nor did i was talking to any one. I waited for my chance to come, once my name was announced i found out one guy from mumbai with me too, i could than lodge my belongings to his bag as no lockers are provided.
The companion trainer and diver was allocated along with my camera lady. My companion name was Joseph Junior, he looked very serious types but confident . my camera lady took some videos of me and introduced her to me. A small electric vehicle took us to the close by airport or flying strip which runs into the ocean.
We are ready to be boarded in the plane , the air strip is noisy as the plane makes rattling noise of its 
turbo prop. In side the plane dont expect any air hostesses, its a bench type sitting on both sides. we were 15 of us, 4 were self jumpers. Every sky diver like me as 2 persons for support. first the plane flies almost horizontal and then suddenly the angle changes and some us slide down as it starts climbing. We can the picturesque buildings, the sky line of dubai below.





In the plane some are somber, some are preparing, some watching out of window and some are super excited for the jump of their life.










I was cheerful as if i jump daily, i had put complete confidence in God and my pillion diver . i was waiting for the experience














i was second in line to jump and i was prepared and tied along with my jumper, i got ready without a single point of fear in mind, frankly saying i never saw myself being so much patient and calm and that to 18000 ft up above in the sky. Probably i was feeling like Darr ke agey jeet hai.. there is a win ahead of fear. 18,000ft extreme jumps (altitude only available at CSC): approximately 90 seconds in freefall, 5-7 minutes under the parachute before landing 
i was readied to jump, my photographer went ahead to take my pictures and video of my jump, kudos to her coz when we jumped on chest she jumped on back to catch our jumping moments, she kept smiling and that made me smile to. you can see i was so tempted to jump.

After i jumped or sky dived few seconds were out of the world, the air guzzles around you as you go keep falling from the sky to the beautiful Palm islands. those few seconds are important if you loose your concentration and mind you loose the experience of your life and even the pictures taken of you will be spoilt. you need to focus on three things, what is your trainer telling you, where is your photographer and enjoy the fall and scene around you.

All good scene is accompanied with good amount of air pressure as your face is unprotected but your eyes are. The feeling of leaving the plane is similar to when you've just jumped on a trampoline and you're in mid air, starting to descend back down. It only takes a few seconds after leaving the plane for you body to reach terminal velocity. After that, it feels more like moving down a cushion of air. You can feel the pressure of the wind on your body. 
The scenic Palm, a man made island in dubai with the help of land filling is a marvellous treat to your eyes. Then comes a spin, which confused me a bit but was joyful.
The best picture which i have, where i was smiling as if i only smiled through the diving experience was one below. i even used it as diwali greetings and as DP on my WhatsApp.
One of the other scenes you see is the incomplete Dubai World islands, the other ambitious project which seems to be stalled as of date. the small islands which you see below me in next picture is the Dubai World project where there would be islands in the shape of countries.
The picture below depicts the pressure on my face, when i opened it to smile for the camera. you can zoom to see it. It's too loud to carry on a conversation, but not loud enough that you have to wear earplugs in freefall. You may be able to hear screams, but that's about it. Once the parachute opens, it's actually pretty quiet, with the sound of a light breeze. You will be able to speak in a normal voice with your instructor while flying the canopy
  
The best part is when the parachute opens and the fall stabilises, i small thud a pull and the parachute opens which also tightens your gear around you. It doesn't hurt. The harness is adjusted to you before your jump and tightened so that there's no real shock from it pulling when the parachute opens. Grab your belt and pull your pants up. It's about like that.You suddenly are in standing and then sitting position carrying your weight. The scene becomes awesome when the parachute goes around the Dubai skyline. I felt a bit fearful when the partner was loosening the harness, i felt like the harness would but cut loose and i may go down.













Flying, Diving and on parachute all experience are  highly recommended and i wish to do it again, i  had a perfect landing as the photo shows below, cleberating my triumph 
  












I have uploaded complete video on youtube and the link is below, enjoy and comment too
https://youtu.be/SPFPFOALLRU

Monday, October 2, 2017

E-tender Landmark case judgment in Shapoorji Pallonji Co Vs State, Mhada, NIC & Ors


Final Judgement for Download

E-tender case of BDD Chawl Development project of MAHADA
Verified button pressing not registered on the software, but the tender files submitted on the server. Hon. Bombay HC asks NIC to team with MAHADA to submit the uploaded files and consider Shapoorji Pallonji Co. Pvt. Ltd as valid bidder.

This was the best landmark judgement where i (Prashant Mali) was acting as Expert Legal Counsel in e-tender matter along with Iqbal Chagla & Ravi Kadam (famous Sr. Advocates). My Legal opinion delivered earlier played a crucial role in defending the matter.
For this was one of the historical case in my carrier and also is a landmark case in e-tender and Information technology domain.

Shapoorji Pallonji & Company Pvt. Ltd. Vs State of Maharashtra, Mhada, NIC & Ors

A interesting Judgement in e-tender & technology Case of Bombay High Court
11000 Crores India Biggest Redevelopment Project of BDD Chawls in Mumbai

The bid document was to be down loaded from the e­tender website ww.mahatenders.gov.in from 3rd April, 2017 to 17th May, 2017 and the bidders were advised to refer to bidders' manual kit available at http://mahatenders.gov.in for details about e­tender process to be followed. The last date of the submission of the OnLine bid was scheduled as 17th May, 2017 which was extended from time to time and lastly it was fixed as 27th July, 2017 at 13.00 hours IST. NIC was entrusted with the duty of officially hosting, designing and developing websites and servers for various governmental agencies as an expert body and hosts http://mahatenders.gov.in on its server, this particular tender for BDD Chawls was hosted for MHADA.
Shapoorji Pallonji Pvt. Ltd raised certain pre­bid queries and uploaded its technical and financial bid on 27th July, 2017 at about 12.16 hrs on e­procurement system . 

The Contention

In this case, the Shapoorji Pallonji Pvt. Ltd my client has uploaded the technical and financial documents before the bid submission end date and time. However, it was alleged that they have not clicked on the freeze button. Unless or otherwise the freeze button is clicked, the document will not be available to the tender inviting authority i.e MHADA and will remain in the area allocated for the bidder in the servers of NIC.
What was the solution:
So in Public Interest NIC was needed retrieve the encrypted bid files uploaded to their servers by my client and submit the uploaded files to MHADA for decryption and consideration for bidding .
Court held that that technology has its own glitches and the moot question is whether such glitches, which causes substantial injustice are permitted to be cured manually. Court said when as on today we have not reached a stage where the systems is full proof and gives a guarantee that it is not susceptible to any error.The impact of technology in our life today, is unimaginable. We use technology every day and it has saved us of time and efforts. Introduction of the e­-tendering system has made the cumbersome process of tenders simple, faster and also free from unnecessary human intervention. However, in a situation with which we have dealt with above, the question is whether the use of the technology has offered solutions or it has created issues. The increased dependency on modern technology has reduced our creativity and human being is dependent upon the said technology which undisputedly is an useful servant but a dangerous master. In words of Albert Einstein “human spirit must prevail over technology”. 
In the present case in hand court observes that uncertainty prevails in certain areas and no technology can make the system 'full proof' and as such a situation where the technology can err, we cannot completely exclude the element of human intervention in exceptional circumstances. Ultimately, it is the human being who controls the technology and when it errs, it is for the human being to rectify it. No solution is coming from the expert and the technology operator­ NIC as to what happens if the “freeze button is not clicked”. 
On the other hand, the NIC itself shows that once the bids are uploaded, they remain safe and saved and human intervention is not possible. Court felt it expedient to intervene in the technological procedure since we feel that the technology has failed to serve its intended purpose in the present case and interest of justice call for intervention. Every citizen has legal and fundamental rights which are required to be protected and in a digital world the said rights cannot be lost sight of but the same are to be protected by providing alternative and effective solutions, to be introduced into the modern technology/web­system and in the process of tender it is very much necessary to ensure that the bidders are not shunted out of the procedure only on account of any technical glitch and technology needs to be developed in a manner to cater to their needs without causing any delay in the scheduled time. We also makes it clear that we are inclined to grant relief to the petitioners, considering 'public interest and the fact that the bid of petitioners (technical/financial) are already sealed after their uploading and no changes are possible now, and we treat this as sealed packets submitted within date and time as per tender document.


Court issued directions to the NIC to access the files containing the bid documents of the petitioners and transfer and/or make it available to respondent no.2 MHADA which would decrypt the said files and consider the bid documents of the petitioners as a “valid bid” with the assistance of the NIC and open the technical bid of the Shapoorji Pallonji Co. Pvt Ltd..


Final Judgement for Download

Sunday, September 10, 2017

Cyber Crime in 2017 - India

More than 27,000 #cybercrime reported in first half 2017, according to #MEITY. The figure was 50,362 for entire 2016 in India

Friday, August 25, 2017

Your Mobile Phones are hacked using Fake Replacement Parts When sent for repair. Are you aware ?


To the layman, a chip may be just a chip but its utility is more than just making your smartphone work. Even screens, external slots, camera and other attachments have enough hardware capability on them to act as potential hack vectors. There have been multiple researches on this point that a simple chip replacement or addition can compromise your smartphone significantly. The major source of such hacks have undoubtedly been the mobile repair centers. More so in India than anywhere else, there is a workaround presented for any hardware glitch. Glitches that the manufacturers themselves never claim to fix. Your iPhone charging port goes wrong; the authorized service centers only offer to replace the phone at a staggering cost whereas a local market guy will replace the charging port for $10. 

The source of these replacement parts are unknown, all the repair centers know is that they get it without any branding or packaging but they have good results. In what researchers are calling the “chip-in-the-middle-attack”, a screen replacement is demonstrated with an exactly original like screen replacement with an add-on chip that compromises the communication system of the device. In a demonstration video, it has also been shown that how the chip can power off the display and perform notorious tasks like taking pictures, logging behavior and patterns and streaming camera feed to the attacker. This is indeed an upcoming risk originating in hostile nations that are manufacturing replacement parts are selling them for practically no money because the cost of data that they receive in return is unimaginable. This chip in the middle attack is a newly coined term but such illicit activities have been going on since a long time. Counterfeit SIM slots with phony IMEIs have been found in stolen phones which led to major busts in this underground mafia of cell phone thefts. 

As a point of caution and awareness, one must make sure that when something goes wrong with their devices, they approach an authorized service center to get them repaired and always make sure to wipe your phone clean before giving it for repairs because there are also cases where these technicians have copied data from mobiles that are given for repair and when they find that one whatsapp video to earn money, they will go to any extent. In one case, where private pictures of a couple were sold at a pan shop for Rs. 10 per picture. 

Tuesday, August 15, 2017

Ecommerce Online Consumers can file a case anywhere on Sellers in India

Landmark Decision for Online Marketplaces: Online buyers can register a case on sellers anywhere in India.
By Prashant Mali     
Spicejet Ltd Vs Ranju Aery      
The issue of jurisdiction has made a lot of people sweat in the recent past since the Internet has come into play. With the nation recognizing different forms of businesses that are Internet-dependent, the law has definitely had some catching up to do. I have personally utilized this independence day holiday to research all important legislation and case law in this matter and through this blog, I would like to make my research available for everyone to study.
As a practicing Ecommerce Lawyer and Cyber thought leader of the country, I feel that this recent decision of Supreme Court dated 4th August 2017 in the case of Spicejet Ltd is krantikari or as it is referred to in Law, a landmark decision. As per the case law deduced from this decision, it will be apt to say that an online buyer may sue a seller at any place. For the purpose of clarification, an online buyer here means any person who has purchased any goods via a seller online.
In my opinion, this will affect all ecommerce buyers like all of us and give them a much needed relief freeing them of the bounds of local jurisdictions but simultaneously, it will also increase the sellers’ overhead now as lawyers will need to appointed across all consumer forum jurisdictions that they have customers in. This observation lays emphasis on my earlier thoughts about ensuring Online Dispute Resolution (ODR) in cases involving Mobile wallets and E-Commerce.
In over-the-counter purchases, a consumer can file a complaint in the consumer court only within the local limits where the company/ opposite party resides, carries on business or where the transaction takes place (by the bare reading of the CPC). However, now the law says that online consumers can sue a company for deficiency in services at any consumer court of their choice. In these times, when E-Commerce trading is growing rapidly, this ruling from the Supreme Court has brought a big relief for consumers purchasing goods through websites and E-Commerce apps. 
A bench of Justices Adarsh K Goel and S Abdul Nazeer on 4th August 2017 upheld a six month old ruling of the National Consumer Dispute Redressal Commission (NCDRC). The NCDRC had ordered Spicejet Ltd. to pay Rs 1.25 lakh compensation to Ms. Ranju Aery for cancellation of a flight. She had booked a ticket (Chandigarh to Delhi via Bagdodra and Kolkata) on yatra.com on June 23, 2015. The airline cancelled her return flight from Kolkata to Delhi without any reason and provided her no alternative. She approached the consumer court in Chandigarh and secured an order against Spicejet. In the appeal, the airline claimed that the Chandigarh court did not have jurisdiction to hear the case as the place of business of the company was at Gurugram. The airline relied on Section 11 of Consumer Protection Act which allows a complaint to be instituted by a consumer within the local limits of where the opposite party resides or carries on business or where cause of action arises.
Rejecting this argument, the NCDRC in its order of February 7, 2017 found the company guilty of cancelling her flight without reason when on that day 128 flights took off from Kolkata without any delay. The NCDRC noted that the airline gave no explanation for cancellation and failed to make any alternative arrangements. The consumer also stated her grief wherein she discloses that she purchased the ticket at a cost of Rs 80,855 after borrowing money from her relatives at Kolkata. Besides the compensation, the NCDRC directed the airline to refund the consumer Rs 80,855 with interest at the rate of nine per cent after deducting the airfare between Kolkata and Delhi. The company was also to compensate Rs 10,000 towards litigation cost. It has also been reported via news houses that the Supreme Court found no reasons to interfere with the National Commission’s order.
By reading the provisions of Consumers Protection Act, 1986 and I.T. Act, 2000 and with the help of the ratio of the judgement in A.B.C. Laminart Pvt. Ltd. and anr.'s case, we can safely hold that, where contracts for services and/or goods are entered into over the internet (or online as such transactions are commonly referred to), for the purposes of consumer complaints, part of the cause of action arises interalia, at the complainant’s place of business, if acceptance of the contract is communicated to her through the internet, including the medium of email. Further, irrespective of the fact, whether or not the contract is one made over the internet, cause of action would also continue to arise at any of the places
(a) where the contract is performed or is to be performed or
(b) where money under the contract is either payable or paid or
(c) where repudiation of the contract is received, if any.
As such, it cannot be disputed that a consumer forum is competent to entertain a consumer complaint, even if only an infinitesimal part of cause of action arises within its territorial jurisdiction. As a result, territorial jurisdiction over a consumer complaint would lie with the consumer forum situated at any place, where any of the aforementioned causes of action arises. This, of course, is in addition to the other places, where a consumer may choose to file a complaint in accordance with the other provisions of Section 11 (2) of the CPA, 1986. It was reiterated in the case of M.D.Air Deccan vs Shri Ram Gopal Agarwal where the State Consumer Disputes Redressal Forum interpreted Section 13 of the IT Act along with Section 11 of the CPA.
Conclusion:
To cope up with the technology law has to take the help of technology; as Charles Clark once remarked ‘The answer to the machine is in the machine’. Indeed, the perfect reply to the technological abuses is the application of technological innovation.
This is a landmark case in ecommerce dispute resolution and jurisdiction issues. This is a big relief for ecommerce buyers such as of Amazon, Flipkart, Naaptol, Myntra, online insurance providers, Travel portals etc. I feel online consumers have got clarity now that a case can be filed against online sellers sitting in their own homes as all consumer disputes also can be filed online with or without lawyers help. I feel the ratio held in the above case can safely be included in the next scheduled amendment of The IT Act, 2000 
The Court Orders for Download are available on following links below

Friday, August 4, 2017

A man from Odisha gets six years of Jail in cyber pornography Section 67A: A Revenge Porn Case

Judgement Dowload link

Judicial Magistrate in Puri today sentenced a man to six years of imprisonment in a cyber pornography (A revenge Porn) case, stated to be the first such case.
Puri Sub-Divisional Judicial Magistrate Shibasis Giri also slapped a Rs-9,000 fine on the convict, Jayanta Kumar Das an alleged RTI activist, A fake profile was created by the accused in the name of the victim woman from Puri Township in a pornographic site, who then had uploaded the woman’s name, address, photo and phone number on a pornographic website in 2012 to take revenge against her husband.After her personal info was posed on the site, the victim started receiving calls from numerous persons enquiring about her interest in paid sex and wife swapping.
The husband of the woman, a local journalist, had written about several cases involving the convict.
The crime branch had arrested Das on September 18, 2012, following a complaint filed by the victim in July.He was booked under several sections of the Indian Penal Code and Information Technology Act, 2000. Sections 292, 465, 469, 500 of the Indian Penal Code and 66(C) and 67A of the Information Technology Act,2000(cyber law of India) were applied
The conviction was procured on evidence, including crucial witness statements of scientists from the Central Forensic Science Laboratory, Kolkata.

My Views:
I highly appreciate the conviction upheld as India is short of convictions for cyber crimes committed. This remains first of a kind of conviction in odisha state and could be a first serious conviction of a revenge porn in India. Maligning and destroying a girls life by defaming her online often kills a ladies zeal to live. 
I feel if the convict moves for appeal, his punishment under sections of IPC would be set aside by the High Court in the light of decision made under Sharat Babu Digumarti Vs State Govt of NCT of Delhi but punishment under Sections 66(c) & 67A could be confirmed on merits of the case.

Thursday, July 27, 2017

What do we mean by a “right of privacy” in India?

What do we mean by a “right of privacy” in India?

Justice Cooley in 1888 defined it simply as a right to be left alone. Alternatively, it may be defined as a right to be anonymous. The two definitions are quite different but both are important, and the right to be anonymous is a form of privacy that has particularly significant implications in cyberspace. In legal terms, our right of privacy amounts to a right to be free from government intrusion into certain areas of our lives and a right to be free from intrusion by other individuals into our “private” lives. The former is protected largely through Constitutional interpretation and a number of statutes; the latter is protected largely through the common law under tort principles.
Before 1890 no English or American court had ever granted relief based on such a claim as “invasion of privacy.” 
However, in 1890 a Harvard Law Review article by Samuel Warren and Louis Brandeis examined a number of cases ostensibly decided on other grounds, and concluded that these decisions were actually based on a broader principle, a right of privacy. Warren and Brandeis claimed such a principle was in fact necessary to deal with what was seen as the growing problem of excesses of the press. New York was the first state to confront this issue head on in the wake of the article. Several lower courts had held the existence of a right of privacy.
The New York State Court of Appeals (which is, oddly, the State’s highest court – the “Supreme Court” is the State’s entry level court) got to review the matter in the case of Roberson v. Rochester Folding Box Company in 1902. In this case, the defendant had used a picture of an attractive young woman to advertise its flour without her consent. In a 4–3 decision, the Court of Appeals held that there was no legal precedent for such “right of privacy.” Furthermore, the Court felt that recognizing a right of privacy was a poor idea because, first, the alleged harm was of a purely mental character and would thus be difficult to prove or disprove; second, recognizing a right of privacy would lead to a flood of litigation; third, there would be difficulty in distinguishing between “public” and “private” figures, whose protections under a right of privacy would differ; and finally because it might lead to undue restrictions on the freedom of the press.
A public outcry followed the decision and, in its next session, the New York State Legislature passed a law banning the use of a person’s name or picture “for advertising purposes or for the purposes of trade” without the person’s written consent. By the 1930s “virtually” all jurisdictions had recognized the Right of Privacy, either by statute or through the common law.
Man’s house is his castle.a well-known proverb is also getting legal recognition as Right to Privacy. Human beings have a natural need to autonomy or control over confidential part of their. This need is inherent in human behaviour  and now this has been recognized as fundamental right to privacy. It is not a right against physical restrains but it is a right against psychological restrain or encroachment of right . USA, UK, India, and at International level UDHR, ECHR, ICCPR has recognized this right as fundamental right.
Position in India
Right to Privacy is not explicit in the Constitution of India, so it is a subject of judicial interpretation. The judicial interpretations of fundamental right bring it within the purview of fundamental right. The journey of this project would start from the search of answer of issue that whether the right to privacy is a fundamental right, through analysis of cases and some pioneering work of scholars.
In India, after the case of R. Rajagopal alias R. R. Gopal v State of Tamil Nadu and People s Union for Civil Liberties (PUCL) v Union of India , the right to privacy is well recognized as Right to Life. In the case of People s Union for Civil Liberties (PUCL) v Union of India (Telephone Taping Case) Supreme of India also observed Article 17 of ICCPR and Article 12 of UDHN.
The apex court is hearing the Aadhaar card privacy issue.The Government is of a view and has argued before Supreme Court that “there is a fundamental right to privacy, but it is a wholly qualified right”.  The constitution bench of Supreme Court in the same case have said "Can this court define privacy? You can't make a catalogue of what constitutes privacy. Privacy is so amorphous and includes everything... if we make any attempt to catalogue privacy it will have disastrous consequences," 
What now evolves remains to be seen, but i agree that Privacy cannot be an absolute right. I also agree that Data Privacy is bigger than Right to Privacy in this cyber age. India definitely needs Data Privacy or Data Protection Act.

Sunday, July 23, 2017

Why does India need Data Privacy or Protection Law ?


Why does India need a Data Protection Law?
Apart from appeasing European Union for sharing data with Indian companies, One of the reason is
presently all Data of ours -Search, Emails, Chats of Google, FB, Hotmail, Whatsapp are stored in Californian Servers, USA Jurisdiction.

US Foriegn Intelligence Survivelenace Court (FISA) with a single penstroke court gag order can take all Indian MPs, PMO, Home Minister,MEA's etc Email data and Analyse them for leverage in Intl' Affairs, Thats a severe Threat, #privacy intrusion. 

Not to mention even the Locations of each Citizen,Official in India can be monitored by US NSA analysts as of now with #Whatsapp, Android Phones relaying data back to USA servers. 
Hence a Data Protection Law in India is a need of the Hour.

Monday, July 3, 2017

Prashant Mali Interview in Business Standard Newpaper

Ransom-payers are also the cause of ransomware proliferation: Prashant Mali

The ransom to retrieve files was reportedly $300, to be paid in virtual currency bitcoins

Nikita Puri 
Operations at a terminal of the country’s largest container port, in Mumbai, came to a standstill earlier this week. The process of loading and unloading containers was halted as the port’s computers shut down after a major that swept across the globe. The aggressiveness of the malware showed that such attacks were capable of bringing both corporate and government networks to a sudden halt. The ransom to retrieve files was reportedly $300, to be paid in virtual currency bitcoins. expert Prashant Mali, also an advocate at the Bombay High Court, tells Nikita Puri how to prevent mass-scale civil disruptions that future cyber attacks can result in. Edited excerpts:
 
First we had individual companies and high-networth individuals who were targets of ransomware, then WannaCry hit servers across the globe. Now another malware, which some are identifying as Petya, has sent corporations into a tizzy. Do you foresee more such threats?

 
To date, financial cyber crime has only grown and it is yet to peak, so I would say it’s written on the wall that many more such attacks are expected in the near future. Such threats loom large as the ransom is paid in bitcoins, so the criminals aren’t caught. One thing the police and the government can do is to ensure that citizens make compulsory declarations of purchase of bitcoins and other (like ethereum) when they file their income tax returns. This can help the government see who pays and how much because, I feel, ransom-payers are also the cause of ransomware proliferation.
 
confirm that the malware isn't really a ransomware, but a wiper designed to destroy data. Reportedly, because of “ its aggressive features,” the malware makes it impossible to retrieve certain files leading many to believe that this attack may not have been for money. Can this be seen as an attempt to test how far companies will go to protect data?
 
Even if cyber attacks don’t cause financial damage, they definitely throw open defences. Identifying fortresses that have holes in their system can be of interest to the state and non-state actors. This data of the number of loopholes is in demand and is sold at a premium price. There are different types of involved in the dark world: many a time those who look for such holes, those who attack, and those who intend to get ransoms are all different.
 
Companies are often wary of making such attacks public. Security firm Symantec has said that India is the worst hit in Asia, but we have confirmation only from Mumbai’s Do you think information sharing could actually help build a better defence against such attacks?
 
By not reporting such attacks, companies are depriving the nation of a knowledge database that can help other companies develop better defences. Symantec and other (security) vendors also cannot be fully relied upon because fear is what they harp on. The more fear they put in Indians, the more they sell security products. The Insurance Regulatory and Development Authority of India and insurance companies should make it compulsory for clients to file a First Information Report (FIR) before claiming cyber insurance. Once reporting to some government agency becomes mandatory to claim insurance, companies would be motivated.
 
What are the security measures that one must take to avoid such attacks? 
 
No one can be immune in cyber space and that's the reality. Only cyber awareness in organisations can bring in cyber resilience. I would advise organisations to have multi-prong policies to establish a cyber security culture. I feel the highest level of cyber safety can be achieved by establishing a cyber security culture in the company, and a country can be cyber resilient by cultivating a culture of cyber security in society. Government should quadruple its budget for digital literacy programmes. For the government to be ahead of hackers, we need cyber spies: our law and enforcement agencies should implant cyber spies among cyber criminals. The chatter within their group helps the state to be ready for what is coming: we need cyber intelligence. 
 
Do you think companies should have ethical hackers on their pay rolls
 
I have an issue with the term “ethical hackers” because legally this isn’t right: those are two contradictory terms put together. who use these terms are either doing it for branding purpose or are students. Companies should opt for services by cyber security researchers. 
 
Are India’s cyber laws equipped to handle such large-scale attacks?
 
No. Laws can be invoked when prima facie evidence is found against criminals and investigation can be completed if attribution to a criminal is possible. The legal framework to help enforcement agencies in India has serious flaws. Large-scale cyber attacks need multiple law and enforcement agencies to work together along with CERT-In (Indian Computer Emergency Response Team), but the protocol for this is yet to be developed. 
 
In the future, cyber attacks are going to affect government facilities meant for citizens: like centres for health, water etcetera. Even municipalities should coordinate with the aforementioned agencies to avoid mass scale civil disruption from cyber attacks.

Navy man in Jail for 2 years for Child Pornography, cyber crime in India

Navy man gets 2 years Jail for Child Pornography, cyber crime in India : Cyber crime conviction By Prashant Mali In the case of D...