Just when India is going through its biggest push towards digitisation, a bunch of hackers have reminded the country about the perils of the process. Over the last week, a handful of personal and institutional Twitter handles were hacked and filled with abusive posts. However, there was more to this digital identity heist than what the hackers could post on the platform. They had also tapped into the email database of at least two of these individuals and generated no level of outrage or legal scrutiny from any quarters.
This brings us one important question India must be asking itself as it tries out new ways to make virtual payments and transactions. Are we, as a nation, equipped to protect ourselves online? The answer is an easy ‘no’, as the events of the past week have clearly shown us. It is even more scary that, as a society, we are happy to live with the knowledge that our digital lives are compromised multiple times every day. According to the latest Norton Cyber Security Insights Report, Indians exhibit an alarming complacency when it comes to doing the right thing online. We top when it comes to falling victim to ransomware and still have no qualms about clicking on links send from unknown sources.
Twitter does not comment on individual cases, but it seems what happened over the past week with Rahul Gandhi, INC India, Barkha Dutt and Ravish Tiwari’s handles was more to do with the emails used to generate the Twitter profiles and so much as the social media accounts themselves. That would explain why there are email dumps being touted as booty. Incidents like this have happened across the world, more recently in the US, where hacking was a poll issue. But when hackers seem to slip into the role of activists, then there is a message in the way they have chosen targets and exposed data. Nothing, however, gives it legitimacy, especially when there is data like this involved. The incidents of the past week are, for instance, punishable under various sections of the IT Act 2008, with sentences not less that a two-year imprisonment.
Any email account these days is a window into the person who owns it, their identities, personalities, private lives and, more dangerously, financial profiles. Most Indians don’t even realise that our digital identities are now so inextricably linked to our actual persona—just a simple SMS from a bank stating your balance could end up being a key to exploit you, and email access is like opening the entire door. We still have a nonchalant attitude towards cyber security, looking at it as someone else’s problem, until, of course, it hits us where it hurts.
Then there is digital banking, for which millions of Indians have been enlisted over the past few weeks. Some are trying out mobile payments for the first time, initially very small amounts, often helped by those who know better. In fact, Prime Minister Narendra Modi recently asked the digitally literate to help at least 10 others to initiate their digital payments. We can just hope that none of these people have any mala fide intentions in mind when they go out to help, because digital transactions is one place you might not want others to get a look in. Understand this in the context of how easy mobile transactions are these days—it takes seconds to make a Paytm payment to a shopkeeper or a friend, and all you need is their phone number. A lot of first-time users will take some time to understand the intricacies of the system, at least well enough to not be duped by others. These are early days, but I am convinced we’ll be hearing about some crimes related to fraudulent digital payments soon. When e-wallet players like Paytm and Freecharge are reporting 10x growth in money added and 4x growth in transaction values, it is unlikely that it would not interest cyber criminals.
This is where the government has to really step in. If we have to go digital, then we have to go digital safely, not swiftly. Here, strong laws and penalties are crucial to make everyone understand that even a Rs 50 fraudulent transfer would be dealt with severely. Given that our digital payment platforms are also linked to the Aadhaar platform, there is a clear-cut case for the government to keep a hawk’s eye on how this segment evolves. Also, while the government does the extra bit to make people aware of how to make online transactions and promote a cashless economy, it has to put in similar efforts to teach them how to stay safe online. The push for digitisation cannot be at the cost of the digital security of its citizens.