Infocon 2016 – a photo essay

As our monies, ideas, emotions flow through the digital infrastructure, our money (Money is the top trending item in India nowadays – black, white, banked, un-banked, cash, digital and so on) is essentially data. Britons found out an equation no less profound that E= mc*c that time is money. Today, time is not only money but data is money.

Money is needed by all as a medium of exchange because unlike a tree we cannot stand in a place and do all biological activities, including reproduction. It was once sea-shell,then metal diced, then paper printed and now a pattern of bits.

Money has no intrinsic value but our collective belief and trust on it. Civilization’s march has seen changes in the intrinsic aspect of money but the faith that money is backed by collective faith has remained unchanged.

cropped-dsc0489

Photo Legend : Infoconglobal Chairman Mr. Sushobhan Mukherjee felicitating the musicians of Surma Dohar

The rich and poor alike need money. The rich fear that their money may be stolen, confiscated, de-monetized or they may not be able to possess ( legally or illegally) the money in the future. The poor fear the same with the added irritation that rich have more money than what they have. This tension appears to be eternal as Nature Herself seems to be aiding it.

Since money is changing its material carrier from metal, paper to bits and codes in binary, the question rich and poor both ask is : how secure is my money in its storage and in its flow ?

In Wild West movies, we used to see ambushing a train carrying currency or gold. The “outlaws” were heroes in a sense that they absorbed the rich-poor tension and had a Robin Hood aura. Since rich are always lesser in number than poor, democracy must channelize this real, deep-rooted, intense and ever-present feeling to its own advantage, i.e. to have the greatest number of faithfuls. We are finding a Wild West type of heroes emerging in our times when money’s storage and flow are both in the form of codes and information strings.

This new species is called Hackers. One speaker in Infocon told that a brilliant young man in Banglore while being interviewed told that he was interested to become a hacker, work for few years and retire with millions. He is is not wrong in his judgement. If a train full of billion dollars worth of money moves in a dangerous terrain and a mercenary says that at 10% commission, he guarantees safety, the business makes perfect sense and the “owner” of the train will happily oblige.

If a poor man now finds that he needs to travel in the same route and if he pays a small “protection money” for the store and the flow, he will also oblige.

The power now lies not in muscle and feat of arms but in the domain of mathematics, statistics, programming, cryptography. One cannot point a gun to a cryptogram and ask it to tell its secret.

History has proved again and again that super-excellence of such skills cannot be trained or ordered by amazon.com. These kind of skills appear in extremely unlikely places. Hence a very rich man’s store and flow of money is threatened by the inner workings within the head of a young man in some classroom and in an unknown and obscure school.

The poor must protect themselves being careful and aware. The must educate themselves. For the rich, the same prescription will not be enough. They are too visible and they will be attacked institutionally. They must think in the future. They must contain and remain a benefactor to those “unknown enemies”. In plainer English, they must see the social contract in a different manner.

dsc0550-e1479645541386.jpg

Infocon 2016 Team 

Infocon 2016 has been a very successful event and great learnings. Here is the photo essay of the Event

https://sushobhanm.wordpress.com/

 

 

 

 

Cashless Society, Democracy and Information Security

[Disclaimer of Co-incidence : We have been working on organizing a Conference on Information Security for last one month. The Conference called Infocon was going to be held on 18th November at CII-Suresh Neotial Hall of Excellence. I have been editing a journal called Infoquest and was royally rewarded by getting some “expert” knowledge from a range of experts. It was a week back, Government of India announced that Rs. 1000/500 ceased to be a legal tender and this is supposedly a step towards cashless society with other co-incidental benefits. This blog would not have been written or rather would not have undertaken the themes had this announcement not present.]

If you are a citizen of India or of a democratic country or interested in democratic countries (presumably you are not citizen of such a country), you may read some 400 words here to get the orientation.

I present some of my concerns and anxieties after fortified by my newly gained knowledge on Information security but not on the technical aspects of the theme but more on the political and societal aspects :

  • Is the system where Government knows everything about citizen absolutely and unconditionally good and benign ? Imagine your teen years and as if you sleep in a room with glass walls and parents and parents like people have a round the clock view of the room, including sleep time.
  • Today, we find that due to a decision, online transactions remain a back up option. In case of such an event in cashless society, either through cyberattack or the Government becoming rogue, what are the scenarios ?
  • In a cashsless society which is possibly not classless, will a digital attack by a 3rd party or proxy may lead to class conflict / war ?
  • The inner technical world of cybersecurity as well as cashless infrastructure is virtually unknown and unknoawable to a very large proportion of the citizenry and in case of any emergency, unless the citizenry are aware of how things are, there will be catastrophic consequences of law and order situation.
  • Our next generation will find the Internet / cyber world not simply an extension (facebook conversation / socialization) but something deeper and more tighter. There are many lurking dangers related to privacy, control, access, targeting, dissent.

Infocon 2016 will discuss these and other themes on Friday. It is getting colder in Calcutta and you may choose to end your Friday with such deliberation.

Type STANDARD at the registration to have a discount of INR 500 (yes, we accept this digitally) and see you !

Register for Infocon here 

 

 

 

 

Cashless Society and Democracy

Cashless Society (just like paperless society) is a recent construct. But money or medium of exchange is very ancient. In other words, money circulation is as ancient as civilization itself, even in those societies where “paper” was a curiosity. We can easily trace 3000 – 4000 years back.

In the week following (8th to 16th November 2016) when 500/1000 notes ceased to be a legal tender ( i.e. will not be accepted by anyone except Reserve Bank of India that issued it) we in India are part of a remarkable experiment.

India has been a shining beacon of democracy in spite of many shortcomings and flaws. But future historians will not withheld their praise for last sixty years when such a country like India.

I find it interesting to ask a question as how a cashless society and democratic type of governance will interact.

There is no text written by any Indian (leave Indian media altogether) in democratic times on this theme of technology and democracy for the simple reason that we are too much beholden to technology. We have, as a society, contributed very little to the seminal aspects of the technological world, including information technology on which we have to reply so much for the cashless society. At the cost of being labeled imperialist, I remain with the side of truth and declare that all the seminal aspects of the modern world were conceptualized, deployed and exploited by WEM (White European Male).

One such WEM wrote a book in 1833 – a Frenchman Alex de Tocqueville, an aristocrat whose family’s many necks had their fatal shaving at guillotine during the French revolution. Monsieur Tocqueville traveled in the United states for nine months and wrote Democracy in America where he shared some insight which may be interesting for politicians, policy makers and citizens now in India where we have been told that a march towards cashless society has started.

  • In a democracy, the greatest threat a ruling elite faces is not from war or revolt but from the threat to comfort of the citizens
  • In a democracy, the greatest inequalities remain in full view ( the ratio between the salaries of CEO and a common employee) and is tolerated but slightest inequality becomes intolerable (marginal difference of bonuses between employees).
  • In a democracy, life tends to become trivial and flat where there is much movement but little change and the consciousness of being alive draws its sap from sensation and shock. Hence in a democracy, writers and producers and sellers of written words, spoken words, art, news, social conversations always gravitate towards materialism.

The final fate of democracy hangs on the balance of being shocked and being in comfort for the citizenry, so argues Tocqueville in an aristocratic prose.

Today, in Indian democracy we have the shock as well as our comfort being under threat.

There will be a limiting time which no one can accurately predict when this balance between shock and comfort will be disturbed.

In an aristocratic society, such danger does not exist. Since except a very small elite, no one knows what comfort or a stable life is, no one misses that.

 

 

Data (Protection) : the untold story

For last 25 years or so in human history, internet users have accepted something as part of life : we share our privacy in return of digital citizenship.

This is not new. We have been providing data about ourselves to many institutions including Government all through our lives.

Notables : school, educational institution, hospital, court, banks, police station, land registry authorities, immigration, tax departments.

In last 25 years, we have been providing data about ourselves to many digital entities and 3rd party providers.

Prior to that era, we have traded little bit of our attention to advertisement to watch a movie in TV, almost free.

In short, we have always traded our privacy for some benefit.

In recent years, the data protection issue is vulnerable on three counts :

  • Cyber crime
  • Security breach
  • Sharing of data without explicit authorization ( many service providers sell user data without the user being clearly informed)

and the very scary one : entities considered benign and entrusted with data may turn rogue or outright malevolent.

It reminds me the wisdom of the Godfather : “Keep your enemies close, your friends closer.”

In terms of Internet security / data protection : be more careful and periodically re-assess your trusted parties. 

How end-user can be the greatest enemy of cryptogrpahy

Modern cryptographic algorithms, for example RSA cannot be broken, in theory, within a reasonable amount of time using a brute force method. To know why, please peruse – Pure mathematics and poetry. 

Then, how is a security breached which is practically   unbreakable ?

Human strengths and human weakness combined and they cannot be separated. These are signature tone of being human.

Human intuition – an innate aspect of a conscious being has access to a realm which computational complexity or algorithmic approach cannot reach, so is the verdict of many leading scientists.

Human carelessness.

Human capacity to anticipate behaviour of another human being or a group of human beings. 


Suppose you open a computer / system and it says

DO YOU HAVE THE PASSWORD ?

Typed text at the password box : NO

or you type : YES

How will the system respond ?

Think…. think again.

[ This event was imagined by Umberto Eco in his novel : Foucault’s Pendulum]

 

Information Security : The Missing Link

Why do some people try to breach security of information infrastructure ? Extremely talented, sometimes their works (when nabbed) show signs of genius but most of the time, their core objective all too mundane : money, fame, revenge or simply the ego of any criminal – “I cannot be caught.”

We must understand that machines (at least as of now) do not have these feelings. These feelings can only come to Human beings.

Now, just consider that your stakeholders are human beings. There is a Bengali saying : “সর্ষের মধ্যে ভূত” – there is a legend that mustard seeds are protective against evil spirits (like in Slavic legend, onion is supposed to be protection against vampires ). But what happens if the spirit enters into the very mustard or the very onion.

The ultimate vulnerability is when the very protection which we trust becomes personified threat. 

There is no technology here. It is plain human vulnerability.

Sherlock Holmes to Watson, while describing the essence of his greatest rival and almost impenetrably malevolent foe, Dr. Moriarty – “… there are some trees that grow healthy but after sometime, they show eccentricities.

Your trusted employee, your trusted shareholder, your most trusted gatekeeper can show those eccentricities sometime…. It has happened and will always happen.

A New York Judge convicts a man of Indian origin of sterling reputation till his 65th year (Mr. Rajat Gupta, ex-Mckinsey Chief) and tells :”… History of this this and the world show that good man do bad things.”

Is there any way to know when this terrible shift may happen with a person ?

Yes, there is….

Infocon 2016 will discuss this theme that is almost never questioned.

But we must. How painful and tough the question may be, we must. This silence is a weakness.

The strongest part  of a security system, any system is its weakest link.

 

Cybercrime : Clear and Present danger

I woke up a week back in Calcutta and the newspaper screamed that a gentleman found his bank account withdrawn some INR 80,000 (USD 1375) – from an ATM in China ! To be shocked is understatement.

The cybercrime cell of the local police got reports from many such incidents. I went to the ATM with little trepidation and found a line longer than usual in the neighbourhood ATM. Most of the customers came to check their account and when my turn came, I found the ATM regretting having no cash. The users have exercised the best option : withdrawing all or most of the money.

I was thinking that a massive, concerted and organized attack on this simple theme “ATM card used in XXXX country when the user is perhaps sleeping in YYYY country” may become a riot in the street when people find their money vanished and ATMs empty of cash. A slight spark in the form of rumour, fear mongering, suspicion will cause serious law and order situation. This is not only possible, but there are people and organizations who have the means to do so.

This clear and present danger is the danger we have now, all of us – citizens of the digital nation – security of our information.

I discussed with my friend Sushobhan, a system vulnerability and security expert and his opinion was that the greatest protection against such a threat is user awareness. In the evening, he attended a panel in ABP Ananda (a leading Bengali TV channel in Calcutta) along with a fraud victim and cyberlaw expert.

img_20161023_192136.jpg

Legend and Translation from Bengali – “Businessman becomes victim of cyber-fraud in Deganga(a suburb of Calcutta)”. Sushobhan is the third from left with the victim and the cyberlaw expert.

While I followed other stories in other media, I found that there is less talk about actionable steps that one common user might take to protect himself. Or in other words, how to lessen vulnerabilities. I found to my delight that the panel has touched this issue and here is a simple, easy to do, non-technical steps an user might take and enforce this discipline so that the vulnerability becomes lesser. Here is the list, excerpted from the blog :

 

  • Change ATM/Debit/Credit card pins in regular intervals.
  • Link cards with mobile number, email address if not already done.
  • Immediately go for chip based card, grid card and enable with two factor authentication (OTP sms/mail etc.).
  • That’s not all. Avoid creating pin/password with names, surnames, date of births, anniversaries (yours/parents/spouse/children) combinations as these can be predicted very easily through your social spread. Try implementing alfa numeric passwords stitched with special character.
  • Using benchmarked standard antivirus (better Total Protection) in both desktop/laptop/mobile/tablet are essential. Free or cracked software is to be avoided. Saving INR 2000 yearly may lead to some major problem.
  • Any banking/ecommerce site should be used through secure site (ssl) i.e instead of “http://”, it should reflect “https://” .
  • Saving online banking, ecommerce site, mail password etc to be avoided for convenience.
  • Password is not be kept anywhere is writing in any form (not word, excel, cloud, printed paper, handwritten paper)
  • Any non-standard games / application are to be avoided as lot of applications are being framed to sniff data.
  • Latest smartphone/tablets are having application control mechanism. Please block unwanted access of all application (like contacts, sms, camera etc whichever is not relevant for that application).
  • Any information related to password, pin are not to be floated through mail, WhatsApp etc. so that there are chances to have repository.
  • International transactions which does to imply two factor authentication (i.e only CVV applies), we should avoid transacting there except renowned players (here government should also force Master/VISA to relook at policies and enforce two factors as well).

[ Reproduced with permission from Skill vs. Attitude]

 

Conclusion

The threat of cyber-crime is a clear and present danger. End user awareness is the first and last line of defense as well as offence. It is like a germ – it is always there and it can catch us only when we are vulnerable or unaware or simply ignorant.

We must discuss this clear and present danger. Experts must share their insight and in a way a common person / user can take some concrete steps and these steps must be easy and affordable. There will be many best practices and these must be shared.

Triggered by this, we have decided to start an awareness building initiative and here are two concrete steps we have taken

  1. Infoconglobal 2016 Kolkata Conference (Enterprise and End user) : A conference on 18th November on Information Security in CII – Suresh Neotia Centre of Excellence.
  2. Free webinar (End User specific) on 4th November 2016  – All are welcome