written 5.2 years ago by |
In February 2009 , Nielsen survey on the profile of cybercafes users in India, it was found that 90$\%$ of the audience, across eight cities and $3,500$ cafes, were male and in the age group of $15-35$ years; 52$\%$ were of graduates and postgraduates, though almost over 50$\%$ were students. Hence, it is extremely important to understand the IT security and governance practiced in the cybercafes.
In the past several years, many instances have been reported in India, where cybercafes are known to be used for either real or false terrorist communication. Cybercrimes such as stealing of bank passwords and subsequent fraudulent withdrawal of money have also happened through cybercafes. Cybercafes have also been used regularly for sending obscene mails to harass people.
Public computers, usually referred to the systems, available in cybercafes, hold two types of risks. First, we do not know what programs are installed on the computer - that is, risk of malicious programs such as keyloggers or Spyware, which maybe running at the background that can capture the keystrokes to know the passwords and other confidential information and/or monitor the browsing behavior. Second, over-the-shoulder peeping (i.e., shoulder surfing) can enable others to find out your passwords. Therefore, one has to be extremely careful about protecting his/her privacy on such systems, as one does not know who will use computer after him/her.
Indian Information Technology Act (ITA) 2000 does not define cybercafes and interprets cybercafes as "network service providers" referred to under the erstwhile Section 79 , which imposed on them a responsibility for "due diligence" failing which they would be liable for the offenses committed in their network. The concept of "due diligence" was interpreted from the various provisions in cyber cafe regulations where available or normal responsibilities were expected from network service providers.
Cybercriminals prefer cybercafes to carry out their activities. The criminals tend to identify one particular personal computer PC to prepare it for their use. Cybercriminals will visit these cafes at a particular time and on the prescribed frequency, maybe alternate day or twice a week.
A recent survey conducted in one of the metropolitan cities in India reveals the following facts,
- Pirated software(s) such as OS, browser, office automation software(s) (e.g., Microsoft Office) are installed in all the computers.
- Antivirus software is found to be not updated to the latest patch and/or antivirus signature.
- Several cybercafes had installed the software called "Deep Freeze" for protecting the computers from prospective malware attacks.
- Annual maintenance contract (AMC) found to be not in a place for servicing the computers; hence, hard disks for all the computers are not formatted unless the computer is down. Not having the AMC is a risk from cybercrime perspective because a cybercriminal can install a Malicious Code on a computer and conduct criminal activities without any interruption.
- Pornographic websites and other similar websites with indecent contents are not blocked.
- Cybercafe owners have very less awareness about IT Security and IT Governance.
- Government/ISPs/State Police (cyber cell wing) do not seem to provide IT Governance guidelines to cybercafe owners.
- Cybercafe association or State Police (cyber cell wing) do not seem to conduct periodic visits to cybercafes - one of the cybercafe owners whom we interviewed expressed a view that the police will not visit a cybercafe unless criminal activity is registered by fling an First Information Report (FIR). Cybercafe owners feel that police either have a very little knowledge about the technical aspects. involved in cybercrimes and/or about conceptual understanding of IT security.
There are thousands of cybercafes across India. In the event that a central agency takes up the responsibility for monitoring cybercafes, an individual should take care while visiting and/or operating from cybercafe.
Here are a few tips for safety and security while using the computer in a cybercafe:
1. Always logout: While checking E-Mails or logging into chatting services such as instant messaging or using any other service that requires a username and a password, always click "logout" or sign out" before leaving the system. Simply closing the browser window is not enough, because if somebody uses the same service after you then one can get an easy access to your account. However, do not save your login information through options that allow automatic login. Disable such options before logon.
body uses the same service after you then one can get an easy access to your account. However, do not save your login information through options that allow automatic login. Disable such options before logon.
2. Stay with the computer: While surfing/browsing, one should not leave the system unattended for any period of time. If one has to go out, logout and close all browser windows.
3. Clear history and temporary files: Internet Explorer saves pages that you have visited in the history folder and in temporary Internet files.Your passwords may also be stored in the browser if that option has been enabled on the computer that you have used.Therefore, before you begin browsing, do the following in case of the browser Internet Explorer:
- Go to Tools $\rightarrow$ Internet options $\rightarrow$ click the Content tab $\rightarrow$ click Auto Complete. If the checkboxes for passwords are selected, deselect them. Click OK twice.
- After you have finished browsing, you should clear the history and temporary Internet files folders. For this, go to Tools $\rightarrow$ Internet options again $\rightarrow$ click the General tab $\rightarrow$ go to Temporary Internet Files $\rightarrow$ click Delete Files and then click Delete Cookies.
- Then, under history, click clear history. Wait for the process to finish before leaving the computer.
4. Be alert: One should have to stay alert and aware of the surroundings while using a public computer. Snooping over the shoulder is an easy way of getting your username and password.
5. Avoid online financial transactions: Ideally one should avoid online banking, shopping or other transactions that require one to provide personal, confidential and sensitive information such as credit card or bank account details. In case of urgency one has to do it; however, one should take the precaution of changing all the passwords as soon as possible. One should change the passwords using a more trusted computer, such as at home and/or in office.
6. Change password
7. Virtual keyboard: Nowadays almost every bank has provided the virtual keyboard on their website.
8. Security warnings: One should take utmost care while accessing the websites of any banks/financial institution.
Individual should take care while accessing computers in public places, that is, accessing the Internet in public places such as hotels, libraries and holiday resorts. Moreover, one should not forget that whatever is applicable for cybercafes (i.e., from information security perspective) is also true in the case of all other all public places where the Internet is made available. Hence, one should follow all tips about safety and security while operating the systems from these facilities.