Nirmal John's 'Breach' reminds us that anyone can be a victim of cybertheft

Eyes on you: A villager in Rajasthan goes through the process of eye scanning for the Unique Identification (UID) database system
At a time when the Indian government is creating what could arguably be called the largest and most valuable database in the world, Breach is a timely reminder of all we didn’t even know could go wrong with it. Written in the style of a racy, pacey bestseller, this book describes several of the biggest cases of data theft, piracy and phishing that have occurred in India in recent times. 

Author Nirmal John has used these cases to demonstrate that in the digital age, neither individual nor company can ever be truly safe. Dealing with data crimes, as these cases illustrate, is problematic in the present context — underground networks, marketplaces on the dark web, a growing community of hackers and no definitive international agreement on policing the internet makes it near impossible to crack data theft. More disturbingly, John illustrates through these cases, the familiar Indian tendency of shrouding such crimes in secrecy. Each cybercrime offers potential learning opportunities that also get swept under the carpet when the victim refuses to speak up…

Fittingly, the first breach John writes about involves a large, influential but unnamed company that became a victim of phishing in 2011. It began when the CEO opened an attachment to an email supposedly sent by a journalist he knew. The attachment was an EXE file disguised as a word document, which instantly began mining data from the company’s systems. In response, the police arrested the journalist, who claimed he was an innocent hack, not hacker. It took two White Hats (hackers who use their powers for good), dozens of Red Bulls and trays of sandwiches to trace the hackers to Israel. While this exonerated the journalist, the case illustrates the difficulty of nabbing data thieves across international borders. 
Breach, Remarkable stories of espionage and data theft and the fight to keep secrets safe, Author: Nirmal John, Publisher: Penguin, Pages: 272, Price: Rs 399
Elsewhere in Breach, the author writes about the time when data from the online food platform Zomato was hacked in 2017. When Zomato discovered that some of its data was available for purchase on the dark web, instead of calling the cops, the company’s techies engaged with the hacker and paid him an undisclosed sum in bitcoin. In return, he took the data off the web, but the company has no way of ensuring he doesn’t use it again. It comes down to, John writes, trust. But the message repeated loud and clear in the book is that when it comes to the web, trust is nothing but an often uneasy truce.   

Next, John examines the increasingly fraught issue of piracy in the entertainment industry. Tracking and blocking rogue websites that make a living of online piracy is problematic, as any ensuing investigation must infringe also on individual privacy. Add to this the fact that most hackers genuinely believe that data on the internet must be free to share, and the issue develops complexities that people are only now beginning to recognise. 

When the founder of the web’s largest peer-to-peer sharing platform, KickAss Torrents’ Artem Vaulin was arrested, a petition to free him began online and stated that the Freedom to Share was a basic human right. Such incidents highlight the problems with policing cybercrime in an anonymous, borderless virtual world in which proxies make it complicated to follow a trail online. Also, laws differ widely across borders — what might be sedition in one country could be free speech in another. Watching pornography and buying weed are two more examples of acts that are differently viewed in different countries. 

Consequently, Breach offers some interesting takeaways. First, our complete dependence on external technologies and platforms leaves Indians especially vulnerable to external snooping. The only way out is to become technologically innovative rather than consumers of imported technology. 

Second, John highlights the need for specific and intensive training of the police in India to deal with cyber fraud and data theft. 

Third, while India has one of the most active bounty-hunting hacker communities in the world who are hired by international players to detect flaws in their databases, this trend hasn’t quite caught on in India. 

Indian corporations, even banks, have a long way to go before they proactively protect their data. If, as the author writes, KPMG’s leader of cyber security practice could become a victim of cyber theft, nobody is safe. Not surprisingly, John places the issue of data safety in the context of the Aadhaar database. Indians, he avers, do not understand the concept and ramifications of online privacy. 

Neither do we truly understand how crippling a cyberterrorist attack could be. Most significantly, he calls out the conspiracy of silence in the government as well as corporate boardrooms that has surrounded cases of data theft and cybercrime. As long as these data breaches are brushed under the carpet, a comprehensive national strategy on data protection will not be able to evolve.  
Indian corporations, even banks, have a long way to go before they proactively protect their data
Although Breach does a great job of making the reader doublethink every online transaction s/he contemplates, it disappoints by not offering more suggestions on how individuals might protect themselves online. Still, it is a rivetingly informative read, not only for companies and policymakers, but also for the average individual who likes to shop or bank online. It is also a peek into the dark new world that exists behind our clean, anonymous computers and smartphones — a Frankenstein we have created, but simply don’t know enough about yet.