If I am not wrong we are now in the Kalyug age, but nowadays it seems more like Leak-Yug seeing the amount of data being hacked, leaked, stolen and conned. The other day I was wondering what will follow Kalyug and it seems that after this leaky yug will come the NagnYug (Nude-Yug)! Our personal information is already leaked and sold globally, all our moves are monitored and logged, so it seems silly to worry about privacy! We are all wearing the emperor’s robes – you, me, mankind have already handed over our everything and biometrics to state and non-state actors.

 Even Tim Berners-Lee is worried and says we need to save the internet and that “We’ve lost control of our personal data”. There is more but we got to look at other things too.

In India data leaks don’t happen <LOL> it just doesn’t happen in India, period (It cant happen here because “Haamare paas Maa hai”). Every “report” is a rumor or a saajish by Pakistan or the Opposition party. So, custodians like UIDAI, IRCTC, NPCI, Banks, are all too strongly protected to allow anyone (or anything) within. Nothing reported outside is true.

For example, CERT-In site went down for a few hours, allegedly hacked or DOSsed, but the CERT boss maintains that it did not happen, and that he has the logs to prove it. No DOS, no downtime – the outside world was miraging!

Lets look at some good news…. RBI has been making the security moves for quite some time, moving ahead slowly and steadily. Now IRDA joins them in the quest for making the insurance domain secure – they have released a Cyber Security Framework – the draft is put out for public comments.  Kudos! At the same time Min of IT has also put out a draft IoT Policy  and Draft rules for Security of Prepaid Payment Instruments under provisions of IT Act 2000 inviting comment. Kudos once more!

And some crappy news… The elections in five states are over, but EVMs are making more news than the winners and losers are sore. Every party (except the winner) is accusing this dumb machine of being a BJP pawn and stealing their votes. Videos from 2010 have surfaced and the media is (as usual) going bonkers discussing the weaknesses. Much to be written, but, in the meanwhile enjoy this EVM Hack Video <LOL – I love the seriousness of the ‘research’ team – goras add so much more authenticity to any shit. My friend Samir has a well researched blog but …

My take is that this is really not possible, even though the weaknesses seem obvious – the reason is that the logistics of carrying out such a fraud / change / hack are too big to go unnoticed.

Cyber skirmishes

  • CERT-In website was down for 3 hours, as per reports, but this is denied by CERT and they say they have the logs to prove it… Does Mr Bahl expect us to believe that we will EVER get to see the logs which he is flaunting – give me a break!
  • Flushing Responsible Disclosure down the drain – A friend called to ask what to do with a discovery about a serious vulnerability in Canara Bank and Shoplclues – I advised that he should just shut up and let them get rogered, rather than him getting rogered, for doing a good deed. Indian business owners and CxOs are mostly stuck-up types and need to read (and re-read) the first lines of this blog. Then the CxO needs to thank God for the messiah who shared the vulnerability and saved his job. My apologies for this but nincompoops deserve no better.
  • Whatsapp and Telegram are hugely popular and a critical vulnerability was disclosed that allows anyone to take over the account(s)
  • Your Sex life is also not private – smart sex toy maker hit by a class action suit after it was disclosed that they were collecting usage information and more!

Troubles in Unicorn Land (very exciting place to be in)

The ecommerce domain continues to have a lot of issues – it was always about money, but now it is about fraud, boardrooms and bedrooms. Shopclues is in the news because the founder wife kicked out her founder husband ; and he has disclosed that she is in bed with the CEO. Stayzilla had shut shop and now the founder was arrested for some payment default and co-founder gets a death threat to his son’s life  , it is high handed action and the police is facing flak for the same. Flipkart managed to get a billion dollars and may be out of ICU, they seem to be  breathing ok , and their valuation is back at $ 15 billion. At the same time Roomstonite shut shop and Snapdeal loses two more senior executives. Some more dirt … TVF CEO Arunabh Kumar faces over 50 sexual harassment accusations


  • A very smart SMS Fraud Fraudsters get sophisticated and the payload becomes better. Users have been getting an SMS, which is quite convincing, asking them to call a phone number for an apparent vishing attack.
  • McDonalds India seems to have put their burgers out in the open  and apparently compromises personal customer data. They say there is no payment data (so this is not sensitive.. LMFAO)  
  • Life may become a bit more difficult for cyber cops as Facebook changes their policy and prohibits the use of surveillance tools on the data on their site  
  • Security flaw found in Whatsapp and Telegram (mentioned above)
  • ATM users beware of this pinhole camera – when using the ATM make sure you cover the pinpad.



  • The positive moves by government and regulatory agencies to define cyber security policy by IRDA and DeiTY as discussed earlier
  •  Conversations with a number of government officials and academicians are very uplifting and a lot of work is being done all round to bring about a mature cyber security posture. Best wishes to all.



Concluding take: we already have IoT and a host of vulnerable technologies which are good enough to shoot ourselves, so why a new genre of cyber weapons!


  • Ravichandran

    Dear Mr Dinesh
    Agree with you 100% on all counts. CERT-IN will acknowledge that they have been hacked if McKafee says it. By the way do they maintain logs? Banks are above the law so nobody can question them. RBI is moving slowly the problem is the pace is glacial. As regulator it is a failure seeing that they do not have the personal qualified or otherwise to fill up the monitoring department let alone the security. side. India does not leak data. It is there for the taking. And everybody and anybody has got access to it. When banks, corporates corporations and bodies collecting data store them outside the country with no idea about the contract being signed by them why should anybody worry about small things like the value of data being accessed by all. Do keep writing atleast we will have each other shoulders to weep on.

    • Hahah… Ravi I like the thought of mutually providing shoulders to cry upon! However, about the capability / skill shortage it is something that the babus have been talking since the past so many years. And all that they have been able to show is a lot of gas – nothing else. Shortage will grow and grow and so will the woes. I need to write about this someday! Please do visit my other site (indiawatch.in)

Leave a Reply

Your email address will not be published. Required fields are marked *