Monday, July 24, 2017

What is Data Privacy and why is it an important issue?

The question of whether privacy is a fundamental right is being argued before the honorable Supreme Court of India. It is a topic to which a young India is waking up too. Privacy is often equated with Liberty, and young Indians wants adequate protection to express themselves.

Privacy according to Wikipedia is the ability of an individual or group to seclude themselves, or information about themselves, and thereby express themselves selectively. There is little contention over the fact that privacy is an essential element of Liberty and the voluntary disclosure of private information is both part of human relationships and a digitized economy.

The reason for debating data privacy is due to the inherent potential for surveillance and disclosure of electronic records which constitute privacy such as sexual orientation, medical records, credit card information, and email.

Disclosure could take place due to wrongful use and distribution of the data such as for marketing, surveillance by governments or outright data theft by cyber criminals. In each case, a cybercitizens right to disclosure specific information to specific companies or people, for a specific purpose is violated.

Citizens in western countries are legally protected through data protection regulation. There are eight principles designed to prevent unauthorized use of personal data by government, organizations and individuals

Lawfulness, Fairness & Transparency
Personal data need to be processed based on the consent given by data subjects. Companies have an obligation to tell data subjects what their personal data will be used for. Data acquired cannot be sold to other entities say marketers.
Purpose limitation
Personal data collected for one purpose should not be used for a different purpose. If data was collected to deliver an insurance service, it cannot be used to market a different product.
Data minimization
Organizations should restrict collection of personal data to only those attributes needed to achieve the purpose for which consent from the data subject has been received.
Accuracy
Data has to be collected, processed and used in a manner which ensures that it is accurate. A data subject has to right to inspect and even alter the data.
Storage limitation
Personal data should be collected for a specific purpose and not be retained for longer than necessary in relation to this purposes.
Integrity and confidentiality
Organizations that collect this data are responsible for its security against data thefts and data entry/processing errors that may alter the integrity of data.
Accountability
Organizations are accountable for the data in their possession
Cross Border Personal information
Requirements.
Personal information must be processed and stored  in secured environment which must be ensured if the data is processed outside the border of the country

It is important for cybercitizens to understand their privacy rights particularly in context of information that can be misused for financial gain or to cause reputational damage.




Friday, July 21, 2017

Looking for love on Matrimonial Sites! Watch out for the Fraudsters

On Oct 2014, I wrote a blog titled “Conmen use fake matrimonial profiles to scam prospective grooms seeking arranged marriages” warning cyber citizens on matrimonial scams. Unfortunately, since then it appears that these scams have become common and lucrative.

These scams earned between 4 lakhs to 1.2 crore rupees (6000 – 200000 USD). Victims were women in their 30’s who had posted their profiles on matrimonial portals. They were emotionally blinded and trusted the online relationship.

The scams used in reported cases in The Times of India, July 20, 2017, were custom harassment, gift clearance or urgent need of money due to a financial or medical emergency.

 31 year old nurse
Conned to accept a parcel that apparently was to contain 15000 GBP ( approx. 12 lakhs)
Paid Rs 4.2 Lakhs ( 6000 USD) to a fake courier company
40 year woman
Conned to bail her suitor out of a sticky payment at the  customs
Paid 74 lakhs (11000 USD) into several accounts
Young Woman
Conned to bail out her UK based suitor as custom officials had caught him carrying a lot of pounds
Paid Rs 4.8 Lakhs (7000 USD)
35 year old woman
Conned into supporting an allegedly US based suitor out of his financial difficulties
Paid Rs 1.2 Crore  (184000 USD)
40 year old woman
Conned into bailing out her UK suitor due to a sticky payment at customs
Paid Rs 4.65 Lakhs (7000 USD)

There will be a large number of unreported scams as they involve threats of defamation using explicit photos or video’s shared during the relationship.

I would again remind cybercitizens, that conmen actively target you, use social engineering techniques to gain your trust, and know how to hide themselves on the Internet. These conmen are often difficult to trace or it is simply too expensive to do so.


My recommendation is to use common sense when in an untrusted and unverified relationship. Any request for money should sound a loud buzzer in your brain. Do not also share content of sexual nature which could later be used against you.

Thursday, July 20, 2017

LuciusonSecurity ranked among the Top 100 Information Security Blogs for Data Security Professionals

LuciusonSecurity is privileged to be chosen as one of the Top 100 Information Security Blogs for Data Security Professionals in 2017 by feedspot.com.






Disgruntled Driver asks Share Ride Cab Company OLA to Pay Ransom for Kidnapped Passenger

A doctor called a shared ride cab to drive him to the private hospital where he worked. The shared ride arrived on time, but instead of taking the doctor to his destination, the driver threatened the doctor and kidnapped him.  The OLA cab driver, in turn posted a ransom request of Rs 5 Crore (750,000 USD) to the shared ride company, even calling up the hospital were the doctor worked to pressurize the company into paying. The Delhi police, were successful after a 13 day chase to free the doctor unharmed and nab the kidnapper.

The motive for the kidnapping was to teach the shared ride company a lesson as they were miffed due to alleged nonpayment of incentives.

The incident simply highlights the damage disgruntled employees can cause, many a times due to uncontrolled emotions. While the kidnapping seems to be one of a kind, incidents caused by employees in the workplace is quite common. In the early days, it used to be sabotage of plan and machinery, but in a digital world it is the theft of IP, data or even online defamation of the company and its personnel.