Powered by cricketnext logo
5-min read

Here's Why your Social Media Timeline Shows Your e-Shopping Wishlist

Welcome to the digital age where everything is public. The government could be trying to read your mails, but the giant corporations are already reading them.

Subhajit Sengupta | CNN-News18SubhajitSG

Updated:August 4, 2017, 2:02 PM IST
Here's Why your Social Media Timeline Shows Your e-Shopping Wishlist
(Image: Network18 Creatives)
New Delhi: In December 2013, Christmas shoppers in the United States got a rude jolt when details of over 70 million credit cards were stolen from point of sale (POS) systems of about 2000, Target Corp stores. A forensic analysis revealed that the attackers could have found out the possible vulnerability in the system by a simple Google search.

The attackers discovered how Target’s data server could be accessed using their vendors’ network. A malware was sent to a refrigeration vendor’s laptop, which ultimately helped them run away with 11 GB of critical data. The fallout was massive. Apart from credit card and identity theft, this led to huge fall in the share prices of Target and ultimately led to the resignation of the company’s CEO.

In another case, unknown hackers attempted a billion-dollar bank ‘robbery’ in February 2016. Instructions to transfer $951 million of Bangladesh Bank’s money was issued to the Federal Reserve Bank of New York. Over $101 million was transferred to various bank accounts in Philippines, Sri Lanka and other parts of Asia, before a typo alerted the Fed Bank, which, in turn, raised questions with their counterpart in Bangladesh. But before Bangladesh Bank could figure out what was happening, $101 million was already gone.

As per a report in The Wire, “Bangladesh Bank managed to get Pan Asia Banking to cancel the $20 million that it had already received and reroute that money back to Bangladesh Bank’s New York Fed account. But the $81 million that went to Rizal Bank in the Philippines was gone. It had already been credited to multiple accounts—reportedly belonging to casinos in the Philippines—and all but $68,000 of it was withdrawn on February 5 and 9 before further withdrawals were halted.”

The FBI which was probing the crime hinted that this was a state-sponsored theft via the ‘North Korean’ hackers. These are not isolated instances from distant parts of the universe. In a world divided by governments and linked by the World Wide Web, no crime is local. There are no geographical limitations of the perpetrators of cybercrime, but all these come in when the sleuths try to catch them.

Closer home, during the recent ransomware strike, operations at a terminal of the Jawaharlal Nehru Port Trust (JNPT), India’s largest container port, came to a halt. AP Moller-Maersk, one of the affected companies globally, operates the Gateway Terminals India (GTI) at JNPT.

‘Petya’ virus crippled computers running Microsoft Corp’s Windows by encrypting hard drives and overwriting files. They then demanded $300 in bitcoin currency to restore access. It is not known if there was any permanent loss of data of the JNPT or if they had to hand out any amount to get back access.

Not only the port trust, a number of small businesses and individuals were also attacked. FIRs were also registered by the Maharashtra police but soon after, to the horror of the cops, even Maharashtra police became a victim of the ransomware attack.


In their 2015 annual report, Indian Computer Emergency Response Team (CERT-In) handled 49,455 incidents of cybercrime. These were Website Intrusion Malware Propagation, Malicious Code, Phishing, Distributed Denial of Service attacks, Website Defacements and Unauthorised Scanning activities. In addition, 61628 spam incidents were also reported to CERT-In.

But as per the National Crime Record Bureau, only 11,592 FIRs were registered. Of them, less than 47% were chargesheeted and only an abysmal 34% of the cases ended up in conviction. This means that only 1.78% cases handled by the government’s own team result in conviction. But does CERT-In handle all cybercrime cases? Maybe not.

As per an ASSOCHAM-Mahindra SSG study, the number of cybercrime cases in India in 2015 was around 3 lakhs. Clearly, there’s more to the data with CERT-In.

Additionally, the annual growth rate of cybercrime in India is over 110%.


Globally, experts say the approach to fight digital crime has been wrong. Traditionally, the law enforcing agencies have been lagging way behind the cyber criminals. Thus security has become vendor-driven through a number of private enterprises that provide various anti-virus, firewall and anti-malware services.

The market is controlled by the likes of Norton, Symantec, Kaspersky, and others. These companies, thus, only act as gatekeepers and do not instill fear in the minds of criminals.

But there is a question mark on the capabilities of the anti-virus companies as well. As per a study by Imperva, a data security firm, and students from the Technion-Israel Institute of Technology, the initial detection rate or the ability of an anti-virus to identify a suspect or malicious file on the very first scan was less than 5%. Products from the top 40 vendors were put to the test and a total of 13,000 scans were made.

To rectify this, Interpol’s INTERPOL Global Cybercrime Expert Group was created. Set up by an IPS officer, Dr. Madan Mohan Oberoi, this cross-sector group brings together experts from different cyber-related fields to provide advice on cyber-strategy, research, training, forensics and operations.

The cybercrime division helps coordinate transnational cybercrime investigations and operations, either on-site or remotely from the INTERPOL Global Complex for Innovation (IGCI) in Singapore. This, as per the Interpol, involves intelligence sharing and providing guidance on best practices in conducting cybercrime investigations.


Data security is a myth. Apart from the malware and bots, there are a number of companies to whom we submit our privacy, willingly.

Leading the pack are Facebook and Google. Have you ever noticed how the moment you search for a particular product online or in any of the e-commerce websites, it comes as an advertisement on your Facebook timeline? Or a similar product company sends you an email on your Gmail.

If you add a friend on WhatsApp, his or her name comes as a ‘suggested friend’ on Facebook. Or does your smartphone give you a prompt about when to leave for the airport if you have a flight ticket in your email? You are being watched, monitored and your likes, dislikes, choices and desires are all stored, to be sold to the highest bidder.

If terms and conditions, which we quickly ‘OK’ while downloading the apps or creating an account, are read, these details would tumble. In this information age, data is supreme, services can be free, if behavioral data keep coming, in return.

Welcome to the digital age where everything is public. The government could be trying to read your emails, but the giant corporations are already reading them.

Also Watch

| Edited by: Puja Menon
Read full article