Cyber crime risk in free public WiFi
While
announcing the go-ahead for the free Wi-Fi scheme on Thursday, Chief
Minister Arvind Kejriwal said that with 11,000 hotspots, the project
will be the biggest initiative of its kind not just in India but the
world.
Once rolled out, the facility will allow smartphone and PC users to avail free Internet services within a 50-metre radius at parks, mohalla clinics and markets.
The facility might take another three months to kick-off, but it has already unleashed a barrage of cyber security concerns - as it comes at a time when more than 75% of cases registered with Delhi Police's cyber cell last year remain unsolved.
Cyber experts fear that the free Wi-Fi in public places could act as an invitation to cyber criminals who hide beneath the veil of the Internet's anonymity and therefore, identifying the culprit will prove difficult for investigators.
"The scale of the hotspots has the potential of providing fodder to cyber criminals unless the government comes up with a foolproof monitoring and regulation mechanism," says cybercrime expert Amit Dubey, founder of Root64, a non-profit foundation that works in the area of preventing cybercrime.
PREVIOUS EXPERIENCES
The threat of unsecured Wi-Fi network first came to light in India in 2008 when the Mumbai police arrested 20 members of banned terror outfit Indian Mujahideeen who allegedly sent emails to media houses moments before the serial bombings in New Delhi and Ahmedabad.
The mails were sent from three locations in Mumbai by misusing unsecured Wi-Fi connections. In the same year, American national Ken Haywood's Wi-fi connection was used to send a terror email to news channels five minutes before the August 26 Ahmedabad blasts.
In 2015, another incident underlined the enormity of the security risk in offering free Wi-Fi at public places. A researcher armed with a $100 device walked into Bengaluru airport and easily hacked into the computers of hundreds of users who had connected to the airport's complimentary WiFi.
While he was at it, he also accessed the users' WhatsApp conversations, credit card numbers and encrypted user names and passwords for good measure. "Unfortunately no one is following the security norms in providing free WiFi. Even at airports and other public places, users should provide KYCs before logging in as per the norms. Only phone numbers and email IDs are asked for. But all of us know getting a virtual phone number and an email ID is not difficult these days," Dubey said.
Another misuse of public WiFi was illustrated by the fact that most passengers at Patna railway station downloaded porn clips using free data available in 2016, according to Railway officials Indian Railway provides free Wi-Fi services at a large number of railway stations across the country.
Questioned about the misuse of free Internet data, Chief Minister Kejriwal said, "We will be building whatever safeguards are required." Cyber security expert Pawan Duggal says chances of misuse are high in the Indian context if adequate safeguards are not put in place.
"Or else, we will see a sudden jump in cases pertaining to misuse of WiFi. It will be very hard to tackle and crack these cases. Even if the investigation comes back to the IP address since it will be a public Wi-Fi, it will be very difficult to identify the person behind the criminal activity," says Duggal, advocating minimum entry-level terms for identification of the person and the device before providing access.
"Currently the conviction rates of cybercrime in the country are less than 1 per cent but the police department is well-equipped to deal with cases pertaining to misuse of public WiFi," Duggal said.
According to data compiled by Delhi Police, out of 327 cases registered between January 2017 and November 30, 2018, a probe could be completed only in 71 cases (21.7 per cent). Meanwhile, of the 160-odd cases registered, the cyber cell managed to complete investigations in only 26 cases in 2018.
These cases also include credit and debit card frauds. Senior officials in Delhi Police said that the Delhi government had not approached them or conducted any meeting to discuss the implications and potential misuse of free Wi-Fi. "We would have helped the government in providing precautionary and mandatory measures in terms of cyber-related issues. It is very likely that cybercrime will increase and free Wi-Fi will be misused," said an official in the Delhi Police's Cyber Cell unit, requesting anonymity.
HOW IT WORKS
At present, Hyderabad has the highest number of hotspots in the country -- where people can use free Wi-Fi for 30 minutes at as many as 1,000 public locations. The Telangana government is, however, planning to expand the service to 2,000 more locations in the next two months. Mumbai has 500 public locations to access free Wi-Fi, Bengaluru has 400 and Kolkata 149 hotspots to access free Wi-Fi.
Internationally, the Taiwan government-backed free "iTaiwan" wireless network, launched in 2011, has as many as 5,000 hotspots in major tourist spots, transportation hubs, cultural establishments and government offices located across the island nation. In Delhi, as per the plan, a user can access the 15 GB per month free Internet with a maximum speed of 200 Mbps by just entering the mobile number, followed by a one-time password (OTP).
At each hotspot, at the most 200 users will be able to access the facility at a particular time. One of the poll promises of the Aam Aadmi Party government, free Wi-Fi is being launched months ahead of Delhi Assembly polls scheduled in February 2020. But the existing free Wi-Fi zones in the Capital remain unutilised. Mail Today discovered that the public at large doesn't use the facility.
Whether it is Connaught Place, Khan Market or Dilli Haat, people either do not avail of the NDMC facility, or have difficulty connecting their devices to the free network. "When the free WiFi was installed in CP, I used it for a day or two but now it is very difficult to connect," said Tania (30), employed with an MNC in Connaught Place.
Speaking to Mail Today, an NDMC official confirmed that the WiFi booths already installed do not function properly and the network hangs most of the time. "We are working on the issue and will soon resolve the problem," the official said.
In response to the question of how significant the project is at a time when mobile phone Internet has become really affordable, Kejriwal said he somewhat agreed to the fact. "The thing is, it's still something that the youth ask me about and it was our poll promise," he said.
POLITICS OVER WIFI
The Opposition has already termed the announcement a poll gimmick, citing the long delay since 2015 when the AAP had taken office promising to make Delhi a WiFi city. "It is just an election stunt announced because the tenure of Kejriwal government is coming to an end," said Delhi BJP president Manoj Tiwari.
BJP Leader of Opposition in the Assembly Vijender Gupta also criticised the AAP government for missing the deadline and bringing it to life when elections are around the corner. Delhi Congress working president Rajesh Lilothia, too, questioned the timing and rationale behind the move. "These days, every service provider is giving free data at affordable rates. Then what is the relevance of this announcement now?" he asked.
Once rolled out, the facility will allow smartphone and PC users to avail free Internet services within a 50-metre radius at parks, mohalla clinics and markets.
The facility might take another three months to kick-off, but it has already unleashed a barrage of cyber security concerns - as it comes at a time when more than 75% of cases registered with Delhi Police's cyber cell last year remain unsolved.
Cyber experts fear that the free Wi-Fi in public places could act as an invitation to cyber criminals who hide beneath the veil of the Internet's anonymity and therefore, identifying the culprit will prove difficult for investigators.
"The scale of the hotspots has the potential of providing fodder to cyber criminals unless the government comes up with a foolproof monitoring and regulation mechanism," says cybercrime expert Amit Dubey, founder of Root64, a non-profit foundation that works in the area of preventing cybercrime.
PREVIOUS EXPERIENCES
The threat of unsecured Wi-Fi network first came to light in India in 2008 when the Mumbai police arrested 20 members of banned terror outfit Indian Mujahideeen who allegedly sent emails to media houses moments before the serial bombings in New Delhi and Ahmedabad.
The mails were sent from three locations in Mumbai by misusing unsecured Wi-Fi connections. In the same year, American national Ken Haywood's Wi-fi connection was used to send a terror email to news channels five minutes before the August 26 Ahmedabad blasts.
In 2015, another incident underlined the enormity of the security risk in offering free Wi-Fi at public places. A researcher armed with a $100 device walked into Bengaluru airport and easily hacked into the computers of hundreds of users who had connected to the airport's complimentary WiFi.
While he was at it, he also accessed the users' WhatsApp conversations, credit card numbers and encrypted user names and passwords for good measure. "Unfortunately no one is following the security norms in providing free WiFi. Even at airports and other public places, users should provide KYCs before logging in as per the norms. Only phone numbers and email IDs are asked for. But all of us know getting a virtual phone number and an email ID is not difficult these days," Dubey said.
Another misuse of public WiFi was illustrated by the fact that most passengers at Patna railway station downloaded porn clips using free data available in 2016, according to Railway officials Indian Railway provides free Wi-Fi services at a large number of railway stations across the country.
Questioned about the misuse of free Internet data, Chief Minister Kejriwal said, "We will be building whatever safeguards are required." Cyber security expert Pawan Duggal says chances of misuse are high in the Indian context if adequate safeguards are not put in place.
"Or else, we will see a sudden jump in cases pertaining to misuse of WiFi. It will be very hard to tackle and crack these cases. Even if the investigation comes back to the IP address since it will be a public Wi-Fi, it will be very difficult to identify the person behind the criminal activity," says Duggal, advocating minimum entry-level terms for identification of the person and the device before providing access.
"Currently the conviction rates of cybercrime in the country are less than 1 per cent but the police department is well-equipped to deal with cases pertaining to misuse of public WiFi," Duggal said.
According to data compiled by Delhi Police, out of 327 cases registered between January 2017 and November 30, 2018, a probe could be completed only in 71 cases (21.7 per cent). Meanwhile, of the 160-odd cases registered, the cyber cell managed to complete investigations in only 26 cases in 2018.
These cases also include credit and debit card frauds. Senior officials in Delhi Police said that the Delhi government had not approached them or conducted any meeting to discuss the implications and potential misuse of free Wi-Fi. "We would have helped the government in providing precautionary and mandatory measures in terms of cyber-related issues. It is very likely that cybercrime will increase and free Wi-Fi will be misused," said an official in the Delhi Police's Cyber Cell unit, requesting anonymity.
HOW IT WORKS
At present, Hyderabad has the highest number of hotspots in the country -- where people can use free Wi-Fi for 30 minutes at as many as 1,000 public locations. The Telangana government is, however, planning to expand the service to 2,000 more locations in the next two months. Mumbai has 500 public locations to access free Wi-Fi, Bengaluru has 400 and Kolkata 149 hotspots to access free Wi-Fi.
Internationally, the Taiwan government-backed free "iTaiwan" wireless network, launched in 2011, has as many as 5,000 hotspots in major tourist spots, transportation hubs, cultural establishments and government offices located across the island nation. In Delhi, as per the plan, a user can access the 15 GB per month free Internet with a maximum speed of 200 Mbps by just entering the mobile number, followed by a one-time password (OTP).
At each hotspot, at the most 200 users will be able to access the facility at a particular time. One of the poll promises of the Aam Aadmi Party government, free Wi-Fi is being launched months ahead of Delhi Assembly polls scheduled in February 2020. But the existing free Wi-Fi zones in the Capital remain unutilised. Mail Today discovered that the public at large doesn't use the facility.
Whether it is Connaught Place, Khan Market or Dilli Haat, people either do not avail of the NDMC facility, or have difficulty connecting their devices to the free network. "When the free WiFi was installed in CP, I used it for a day or two but now it is very difficult to connect," said Tania (30), employed with an MNC in Connaught Place.
Speaking to Mail Today, an NDMC official confirmed that the WiFi booths already installed do not function properly and the network hangs most of the time. "We are working on the issue and will soon resolve the problem," the official said.
In response to the question of how significant the project is at a time when mobile phone Internet has become really affordable, Kejriwal said he somewhat agreed to the fact. "The thing is, it's still something that the youth ask me about and it was our poll promise," he said.
POLITICS OVER WIFI
The Opposition has already termed the announcement a poll gimmick, citing the long delay since 2015 when the AAP had taken office promising to make Delhi a WiFi city. "It is just an election stunt announced because the tenure of Kejriwal government is coming to an end," said Delhi BJP president Manoj Tiwari.
BJP Leader of Opposition in the Assembly Vijender Gupta also criticised the AAP government for missing the deadline and bringing it to life when elections are around the corner. Delhi Congress working president Rajesh Lilothia, too, questioned the timing and rationale behind the move. "These days, every service provider is giving free data at affordable rates. Then what is the relevance of this announcement now?" he asked.
Source:https://www.indiatoday.in/mail-today/story/cyber-crime-risk-in-free-public-wifi-1579617-2019-08-11
Comments