Friday, August 17, 2012

BackTrack 5 R3 Released For Download

Backtrack is one of the highest rated and acclaimed Linux security distribution of the world. It is used by numerous security professionals and companies to perform various security and penetration testing related tasks.

The best part about Backtrack is that you can install it on a DVD, USB drive or any other media of your choice that supports Backtrack installation. Once installed, backtrack can be booted from the media and there is no requirement to install it on the hard disk of your computer. Of course, you can also install it on the hard drive of your computer if you wish to do so.

If you are using a Backtrack 5R2 version you can also upgrade it to Backtrack 5R3 as BackTrack 5 R3 has been released on 13th of August, 2012 for download.

Perry4Law Techno Legal Base (PTLB) strongly recommend you to download a copy of backtrack 5R3 for your pen testing and cyber security arsenal.

Backtrack versions are also part of techno legal software repositories of Perry4Law and PTLB that are used to provide various techno legal trainings in India and abroad. These include skills development in India in the fields of cyber law, cyber security, cyber forensics, penetration testing, malware analysis, etc.

We thank the Backtrack community in general and Linux community and open source community in particular for their hard work and commitment to strengthen cyber security, cyber forensics, pen testing, malware analysis and such similar capabilities.

Saturday, August 11, 2012

Establishment Of E-Courts In India And Their Implementation

Indian judicial and legal systems are very slow to adopt information and communication technology (ICT). Although some steps have been taken to computerise the Indian courts yet by and large they are insufficient and not relevant.

Electronic delivery of justice in India is urgently needed. E-courts and ODR in India are essential part of electronic delivery of justice in India. Despite the pressing need for establishment of e-courts in India we are still waiting for the establishment of first e-court of India. Till august 2012 we do not have even a single e-court in India.

The e-courts project of India has failed to materialise in India and establishment of e-courts in India is still a distant dream. We need to expedite the constitution and opening of e-courts in India as soon as possible.  

There are many reasons for failure of e-courts in India but the chief among them is lack of expertise and judicial will to implement the e-court project. There is no dearth of funds for this project but its implementation is very poor. The e-court committee has so far failed to implement the e-court project effectively.

We at Perry4Law and PTLB have now taken very significant steps in this crucial direction. We have launched dedicated portals pertaining to electronic courts, e-judiciary, ODR India, online arbitration, etc. Further, Perry4Law and PTLB are also managing the exclusive techno legal e-courts training and consultancy centre of India.

To strengthen the initiatives and projects of Perry4Law and PTLB and to take these projects and initiatives to the next level of development, Perry4Law and PTLB are in the process of launching four crucial projects. These are:

(1) Electronic Courts: This initiative would provide e-courts services to national and international organisations, governments, companies, individuals, etc. At this platform you would be able to resolve your disputes through use of techno legal methods and procedures.

(2) E-Judiciary: This initiative would provide research, policy formulations, training, consultancy, project execution support, etc to various national and international stakeholders. It would cover areas like e-courts, e-judiciary, legal enablement of ICT in courts and judiciary, etc.

(3) ODR India: This is an India specific platform that would resolve various inter party disputes in an online environment. Techno legal methods and procedures would be used to resolve various disputes through Arbitration, Conciliation, Mediation and other similar methods.

(4) Online Arbitration: This initiative would provide ODR services to world at large. Individuals, organisations, companies, etc may resolve their disputes through this platform by using our techno legal dispute resolution services.

Indian judiciary in general and e-court committee in particular has to play a more pro active role for the establishment of e-courts in India. In the absence of institutional expertise, e-court committee must also include other members that have actual expertise to manage the project.

Tuesday, August 7, 2012

Cyber Security Challenges For The Smart Grids In India

These days most of the public utilities are managed and coordinated by information and communication technology (ICT). In many cases, these utilities are managed through remote administration as well. This is also the stage and process that makes these utilities vulnerable to cyber attacks.

Keeping this fact in mind, critical infrastructure protection in India in general and cyber security of automated power grids of India in particular must be ensured with latest technology and international best practices.

Cyber security issues in India are emerging day by day. Similarly, the cyber security awareness in India is also increasing. However, cyber security capabilities of India are still not up to the mark. Cyber security skills developments in India are urgently required.

There would be many cyber security challenges for future smart grids of India. The evolution of SCADA system, deficiencies and shortcomings of existing power devices and vulnerabilities of software managing SCADA systems are areas of special concern for India.

These days power grids are centrally connected and integrated in nature from the stage of power generation to it transmission and distribution. A compromise of such power grids   can lead to power outages/blackout or even damage to power system devices and thereby huge loss to the utilities.

Further, renewable energy/distributed generation demands are the added feature of smart grid and due to networked control future power system will be much more vulnerable to cyber terrorism attacks, cyber warfare activities and cyber espionage attempts. Therefore, before switching to smart grids, India must consider cyber security challenges for them as well.

Perry4Law and Perry4Law Techno Legal Base (PTLB) are in the process of drafting of cyber security best practices for smart grids in India. We invite professional collaborations and cooperation in this regard from various smart grid stakeholders. If interested, kindly send your proposals while communicating with us so that we can consider collaborative aspects of such proposals.

Sunday, August 5, 2012

Mobile Banking Cyber Security In India

Cyber security in India is facing many challenges and problems. One of the major problems of cyber security in India is that various stakeholders are not at all interested in ensuring cyber security for their respective organisations. However, the worst part of Indian cyber security initiatives is that Indian government is pushing hard initiatives like mobile banking, mobile commerce, etc without effective and robust cyber security capabilities at place.

For instance, although the Reserve Bank of India (RBI) has mandated for strict cyber security requirements for banks of India yet most of the Indian banks have done nothing in this regard. RBI has also insisted upon ensuring of cyber security of banks in India. In fact, recently RBI warned Indian banks for inadequate cyber security as well. This is resulting in increased financial crimes and cyber crimes in India.

The cyber laws and cyber security trends in India 2011 by Perry4Law and Perry4Law Techno Legal Base (PTLB) also proved this point. Even the mobile cyber security in India is missing. In these circumstances, mobile banking in India has become really risky. In fact, mobile banking cyber security in India is almost missing and this has put the customers at grave risks. Mobile banking cyber security is required in India on a priority basis before any mobile banking scheme is launched in India.

Although Internet banking guidelines in India by RBI have been issued yet no such guidelines have been issued by RBI regarding mobile banking so far. Further, it is also not clear who would bear the loss arising out of a banking transaction that is a direct result of a financial or cyber crime. Banks are passing the buck to consumers even when they are at fault by not ensuring sufficient cyber security.

Banks of India are not realising that they are under a legal obligation to ensure cyber law due diligence for their banking transactions. In the absence of cyber law due diligence, it is the responsibility of banks of India to bear any loss arising out of any financial or cyber crime.

Perry4Law and PTLB recommend that banks in India must not only ensure cyber security for their transactions but also adhere to the cyber law due diligence requirements as are mandatory in India. 

Privacy Laws In India And Privacy Rights In India

We have no dedicated statutory or constitutional privacy laws In India. However, the Supreme Court of India has interpreted Article 21 of Indian Constitution as the source of constitutional right to privacy in India. For some strange reasons, privacy rights and laws in India have always been ignored by Indian government. Even the proposed draft right to privacy bill 2011 of India remained another assurance till now.

Similar is the case regarding data protection laws in India. Till now we have no dedicated data protection laws in India. Clearly, data protection laws in India and privacy rights in India are urgently required to be formulated. Indian government must pay urgent attention to privacy rights, privacy laws and data protection laws in India.

The Supreme Court of India in Kharak Singh v. State of U.P. (AIR 1963 SC 1295) recognised the Right to Privacy as an integral part of the Right to Life and Personal Liberty which is a fundamental right guaranteed to every individual.

In the case of R. Rajgopal v. State of Tamil Nadu (1994 (6) SCC 632) the Supreme Court laid down that personal information may not be published without consent whether truthful or otherwise and whether laudatory or critical, unless they are part of public records.

Similarly, Section 21 of the Juvenile Justice Act, 2000 Prohibits the publication of names and other particulars of children which may lead to identification of the child involved in proceedings under the Act.

The cyber law of India incorporated in the Information Technology Act, 2000 (IT Act 2000) provides few provisions regarding data protection and privacy aspects. The Act defines Data as any information, knowledge, facts, concepts or instructions being processed (or intended to be processed) in a computer system or network. The disclosure of personal data is prohibited and there are stringent provisions for protection of sensitive personal data.

The IT Act 2000 was amended by the Information Technology Amendment Act 2008 (IT Act 2008). The IT Act 2008 introduced Section 72A that confers protection against disclosure of personal information in breach of a lawful contract.

Section 72A mandates that if any person or intermediary has become privy to any personal information of another, while providing services under the terms of a lawful contract, any disclosure of such information to a third party, without the consent of the person concerned and with the intention to cause or with knowledge that he is likely to cause wrongful loss or wrongful gain, or in breach of the contract is punishable with upto three years imprisonment or fine upto five lakh rupees or both. The term “intermediary” means a person who on behalf of another person receives, stores or transmits that record or provides any service with respect to that record.

Further, section 43A of the IT Act 2000 provides for compensation by way of damages in case a body corporate handling any sensitive personal data or information in a computer resource is negligent in implementing and maintaining reasonable security practices and procedures and thereby causes wrongful loss or wrongful gain to any person.

Reasonable security practices and procedures have been defined in the Section as those which are designed to protect such information from unauthorised access, damage, use, modification, disclosure or impairment to protect such information from unauthorized access, damage, use, modification, disclosure or impairment.

In April 2011, the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules 2011 were notified. These new rules regulate the collection, disclosure, transfer and storage of sensitive personal data and widen the scope of the regulation provided in Section 43A.

Sensitive personal data is defined under the Rules as information relating to a data subject’s:

(i) Password;
(ii) Financial information such as Bank account or credit card or debit card or other payment instrument details;
(iii) Physical, physiological and mental health condition;
(iv) Sexual orientation;
(v) Medical records and history;
(vi) Biometric information;
(vii) Any detail relating to the above clauses as provided to body corporate for providing service; and
(viii) Any of the information received under above clauses by body corporate for processing, stored or processed under lawful contract or otherwise

Information that is freely available or accessible in the public domain, or furnished under the Right to Information Act 2005 or any other law in force, is not regarded as sensitive personal data.

With regard to consent the said rules provide that the consent has to be obtained from the provider of sensitive personal data in writing through letter, fax or email regarding purpose of usage before collection of such data. The information is to be collected for a lawful purpose and only where it is necessary to do so.

Privacy related provisions are also incorporated in other Indian statutes as well. These include Indian Telegraph Act, 1885, Indian Contract Act, 1872, Specific Relief Act, 1963, Public Financial Institution Act, 1983, Consumer Protection Act, 1986, Credit Information Companies (Regulations) Act, 2005, etc. We would discuss this issue more in our subsequent posts.

Saturday, August 4, 2012

Critical Infrastructure Protection In India

Critical infrastructures like power utilities, transportation, banking systems, stock markets, medical institutions, etc are essential part of our day to day lives. There disruption for even few hours can cause great loss and discomfort. At times this may also result in casualties of human lives.

In these circumstances, critical infrastructure protection in India is needed. To achieve this we need a critical ICT infrastructure protection policy of India that must be formulated and implemented as soon as possible. Although a national critical information infrastructure protection centre (NCIPC) of India has been proposed by India yet no action has been taken in this regard so far.

It is high time that critical infrastructure protection (CIP) and homeland security (HS) in India must be taken seriously and effective steps in this direction must be taken.  The best way to achieve this is to formulate a suitable techno legal cyber security policy of India that must include CIP aspect as well.


Cyber security in India and its challenges and problems cannot be effectively managed till we have robust and techno legal cyber security capabilities in India. We need a skilled cyber security workforce in India that can tackle present as well as future cyber security challenges. Cyber security skills development in India must be ensured to meet this objective.

Perry4Law and Perry4Law Techno Legal Base (PTLB) recommend that Indian government must urgently formulate cyber security policy and critical infrastructure protection policy for India.

Monday, July 30, 2012

Importance Of Cyber Forensics For India

Cyber forensics in India is one of the most important fields for effective legal and judicial system of India. Indian Approach towards cyber forensics has been lukewarm so far. It is only now that India has started paying attention to cyber forensics.

There are very few cyber forensics firms and companies operating in India. Cyber forensics is a dynamic field that requires continuous updates and modifications. Thus, cyber forensics companies and firms in India must innovate.

Further, cyber forensics research centers in India must be established to meet the research and development needs of India in the field of cyber forensics. The distance learning courses for computer forensics in India must be encouraged to develop cyber forensics skills in India. The cyber forensic investigation solutions in India are needed to establish cyber forensics procedures and best practices in India.

World over stakeholders are planning to use technology to fight drugs, human trafficking and illicit networks. Cyber forensics can play a crucial role in order to achieve this objective.

Cyber forensics professionals must be aware of the basics of Internet protocol (IP) address system as that is the starting point for all cyber forensics and cyber security related exercises. IP address tracking methods and techniques for e-mails must also be well understood. A special care must be taken of IP address spoofing and its defenses.

There are certain challenges that cyber forensics professionals may face in their day to day affairs. For instance, cyber forensics of hidden Internet is a challenging and daunting task.  Cyber forensics professionals must be well prepared to tackle new and unexplored challenges from cyberspace.

Further, legal and judicial fraternity of India needs scientific knowledge. Police, lawyers and judges must be aware about the basic level knowledge of cyber forensics. Technology laws like cyber law must also be well known to legal and judicial fraternity in India.  While undertaking a trial, the judges in India must realise that IP address should not be the sole criteria for arrest and conviction.

Perry4Law and Perry4Law Techno Legal Base (PTLB) hope that India would consider these aspects and various stakeholders would work collectively in this crucial and much needed direction.

Saturday, July 21, 2012

Cyber Crimes Trends In India 2012

Perry4Law and Perry4Law Techno Legal Base (PTLB) have been providing ICT trends in India since 2005-06. The ICT trends in India 2009 and subsequent trends have discussed both the positive and negative aspects of Indian ICT policies and strategies.

We have also been providing cyber law trends in India and cyber security trends in India for long. The cyber law trends of India 2012 and cyber laws and cyber security trends in India 2011 are the latest in this regard.

In this work, Perry4Law and PTLB are discussing the existing and potential cyber crimes trends in India 2012 and onwards. In India cyber crimes are mostly confined to identity thefts, obscene fake profiles at networking sites, threatening e-mails, websites defacement, cracking incidences, etc.

These cases are mostly crimes committed by novice and script kiddies. However, India has been facing growing cases of cyber attacks against its critical infrastructure and strategic computers. Further, the abuse of Hidden Internet is also going to increase in India in future.

Perry4Law and PTLB believe that we need to pay a special attention to critical infrastructure protection in India, homeland security of India, cyber security of India, etc. Similarly, critical ICT infrastructure protection policy of India and cyber security policy of India are also required to be formulated as soon as possible.

We also believe that technology can play a more direct and pro active role to fight against illicit networks, transnational crimes, white collor crimes, etc. Naturally, law enforcement technologies in India must be upgraded and law enforcement official must be imparted techno legal trainings so that they can tackle technology related crimes effectively and efficiently in India.

Modernisation of law enforcement agencies of India is need of the hour. In short, we need cyber police reforms in India where cyber skills of police personnel of India must be urgently developed. Further, cyber forensics skills developments of police in India also need to be taken seriously.

We would provide more detailed cyber crimes trends in India and worldwide subsequently. If you are part of an international organisation, law enforcement agency or any other organisation that is dealing and fighting with cyber crimes, feel free to contact us and have professional relationship with us in this regard.

Friday, July 20, 2012

Use Of Technology To Fight Cross Border, Transnational And White Collor Crimes

Technology has increasingly being used to commit cross border, transnational and white collor crimes. As law enforcement technologies evolved even cyber criminals devised novel and undetectable methods to indulge in their nefarious activities.

Use of Hidden Internet for committing cross border, transnational and white collor crimes has increased a lot. Since the activities are not available and accessible to ordinary search engines and net surfers, the Hidden Internet has become a breeding ground for cyber criminals.

Now it has been proposed to use technology to fight drugs, human trafficking and illicit networks. Technology is also been used to prevent and tackle cyber crimes and cyber attacks. Now even Google and Interpol have decided to use technology to fight these crimes.

We at Perry4Law and PTLB welcome this move of Google and Interpol. We also believe that Hidden Internet would post tremendous challenges before Google and Interpol in their drive against white color crimes and transborder crimes. It would be a good idea to explore methods to take care of crimes originating at Hidden Internet as well.

Saturday, June 16, 2012

Natgrid Project Of India: The Do Or Die Stage


The National Intelligence Grid (Natgrid) Project of India is one of the most ambitious Projects of India. It has been passing through rough weathers in the past. The good news is that the Cabinet Committee on Security (CCS) has approved an Rs 1,100-crore allocation for the NATGRID and has also granted an extension to it. The CCS has also allowed NATGRID to acquire certain technological items mentioned in the Detailed Project Report (DPR).

The bad news is that till now we have no Accountability and Transparency about the NATGRID Project. Another major lacuna of NATGRID Project is that it is beyond the reach of Parliamentary Oversight in India. Similar problems are also plaguing the National Counter Terrorism Centre of India.

Recently the Department of Telecommunication (DOT) refused to allow the Home Ministry of India to intercept private communications disregarding individual Privacy under the pretext of National Security. Civil Liberties Issues have been raised from time to time in India vis-à-vis National Security Projects like NATGRID. They cannot be ignored in India any more.

I hope these “Shortcomings” of the NATGRID Project and NCTC would be removed very soon and NATGRID Project and NCTC would be a valuable tool for strengthening National Security of India. I also hope that Indian Government would maintain a “Balance” between National Security and Privacy Protection requirements in India while implementing Projects like NATGRID.

Now coming back to the recent new lease of life that has been given to NATGRID by CCS. The funds granted to NATGRID would be utilised for procuring equipment, technology and for building a data centre. We need to have High Security Infrastructure and Secured Communication Lines, opined NATGRID Chief Raghu Raman.

I also believe that this “Technological Upgradation” is a must for NATGRID Project to successfully complete the next stage. However, this is not an easy task especially keeping in mind the Red Tape that is hindering the successful implementation of NATGRID Project of India.