Recently, the news of Compromise of Bank of India website resulting in the automatic downloading of Trojans to the computers of visitors highlighted the risk to common men of slack web security by business entities.
Now another interesting incident has come to our notice where the public are being taken for a ride by a spammer. The spammer appears to have introduced a script in one of the web pages of the Indian Express website and any person who visits the page is directed to the website of the spammer. Indian Express is perhaps unaware of the compromise. It is also unaware that while the present intrusion is only leading to a spam, a similar technique can be used to plant trojans to the visitors of the news paper website in future. Hence it should not be ignored. What is interesting is that the redirection beneficiary can be identified and if necessary can be booked under Information Technology Act 2000.
Cyber Crime Complaints and Resolution Assistance Center, Bangalore, (A Public Service Division of Naavi.org) has recorded the incident and brought it to the notice of Indian Express with a request to file a complaint at an appropriate Cyber Crime Police Station. We await their response. As Cyber crime observers know, many times organizations in their false pretension of “Security Image” fail to make such incidents public and therefore avoid filing of complaints. This therefore encourages the offenders to continue their activity since the Risk-Reward ration of the crime is in their favour.
I hope Indian Express will be an exception to this rule. At the same time, it may be pointed out that both Cyber Crime Police as well as the Adjudicator in India have the powers to take suo-moto action in such cases though it is a bit of an utopian dream to expect them to do so.