by Nirmal John
5 ‘Six Arrested for Trying to Blackmail Baahubali Producers’, PTI, May 2017.
6 ‘Six Arrested for Trying to Blackmail Baahubali Producers’, PTI, May 2017.
7 IANS, ‘MP Police Bust Pirated-film Racket’, Business Standard, July 2015.
8 ‘Media for the Masses: The Promise Unfolds’, KPMG Report, April 2017.
9 Imdb.com.
10 ‘Pirates vs Movie Makers’, Fortune India, October 2012.
11 Global Piracy Report 2017, Muso.
12 From Jared Der-Yeghiayan’s criminal complaint against Artem Vaulin filed in the United States District Court, Northern District of Illinois, Eastern Division, Documentcloud.org.
13 Nyay Bhushan, ‘Hollywood Film Revenue in India Rises 10 Percent, Boosted by Dubbed Versions’, Hollywood Reporter, March 2017.
1 ‘Digital Payments: Analysing the Cyber Landscape’, KPMG Report, April 2017.
2 Sugata Ghosh, ‘Hitachi Hackers Cashed in on Security Gaps in India’s Worst-ever Cybersecurity Breach’, Economic Times, February 2017.
3 ‘Final Investigation Report Completed; Hitachi Payment Services Suffered Breach due to Sophisticated Malware Attack in Mid-2016’, Hitachi Payment Services, February 2017.
4 ‘Statement Pertaining to Press Reports on Debit Card Compromise’, NPCI Press Release, October 2016.
5 Vishwanath Nair and Gopika Gopakumar, ‘India’s Largest Data Breach Involving Debit Cards Went Undetected for 3 Months’, Livemint, October 2016.
6 Saloni Shukla and Pratik Bhakta, ‘3.2 Million Debit Cards Compromised; SBI, HDFC Bank, ICICI, YES Bank and Axis Worst Hit’, Economics Times, October 2016.
7 IANS, ‘SBI Blocks 600,000 Debit Cards After Security Breach’, NDTV Gadgets, October 2016.
8 ‘Extradition’, Cbi.nic.in.
9 ‘Mapping of India’s Cyber Security-Related Bilateral Agreements’, Centre for Internet and Society, India, December 2016.
10 Kathy Gilsinan, ‘Interpol at 100: Does the World’s Police Force Work?’ Atlantic, May 2014.
11 Marc Goodman, Future Crimes, London: Bantam Press, 2015.
12 Loksabha.nic.in.
13 Loksabha.nic.in.
14 ‘Data on Police Organizations’, Bureau of Police Research and Development.
15 Factly, ‘90% of Indian Cops Work for More than 8 Hours a Day’, Newslaundry, May 2015.
16 ‘Information Technology & Cyber Risk in Banking Sector—The Emerging Fault Lines’, Reserve Bank of India, 7 September 2016.
17 Progress Report, Pradhan Mantri Jan Dhan Yojana.
18 ‘Fintech in India: A Global Growth Story’, KPMG Report, June 2016.
19 ‘Customer Service in Banks: Caveat Venditor’, Reserve Bank of India, 23 May 2016.
20 ‘Digital Payments Analysing the Cyber Landscape’, KPMG, April 2017.
21 ‘Digital Payments Analysing the Cyber Landscape’, KPMG, April 2017.
22 M. Rajendran, ‘Security Alert: Frauds Can Clone Your SIM, Use Your Credit Card’, Hindustan Times, February 2014.
1 ‘India Internet Usage Stats and Telecommunications Market Report’, Internet World Stats.
2 Vivek Law, ‘From Dot to Dust’, India Today, May 2002.
3 N. Shivapriya, ‘Why Sanjeev Bikhchandani, the Naukri Man, Wants to Be a Builder and Funder with Info Edge’, Economic Times, September 2015.
4 Sanaya Dalal, ‘How I Founded My Own Company at 26’, Rediff.com, October 2007.
5 Priyanka Sahay, ‘What You Need to Know about Indiamart’, Livemint, March 2016.
6 Ibid.
7 Taylor Kubota, ‘Under the Right Circumstances, Anyone Can Become an Internet Troll’, Stanford Engineering.
8 Data Breach Investigation Report, Verizon, 2017.
9 Jamie Condliffe, ‘The 25 Most Popular Passwords of 2015: We’re All Such Idiots’, Gizmodo, January 2016.
10 ‘Global Economic Crime Survey 2016: An India Perspective’, PwC.
1 ‘Response to Cyber Attack’, WPP, June 2017.
2 Sujit Mahamulkar and Savio D Souza, ‘Ransomware Hits 150 PCs at Maha Mantralaya’, Times of India, May 2016.
3 Symantec Security Response, ‘Locky Ransomware on Aggressive Hunt for Victims’, Symantec, February 2016.
4 Paul Ducklin, ‘Locky Ransomware—What You Need to Know’, Naked Security by Sophos, February 2016.
5 ‘34 Cases of WannaCry, Petya Ransomware Reported to CERT-In in May, June: Govt’, PTI, July 2017.
6 Adam McNeil, ‘How Did the WannaCry Ransomworm Spread?’, Blog.Malwarebytes.com, May 2017.
7 Marvin the Robot, ‘New Petya/NotPetya/ExPetr Ransomware Outbreak’, Kaspersky Blog, June 2017.
8 Rob Price, ‘The NSA Exploit Used in the WannaCry Cyberattack Was also Used to Build a Money-making Botnet’, Business Insider, May 2017.
9 Brad Smith, ‘The Need for Urgent Collective Action to Keep People Safe Online: Lessons from Last Week’s Cyberattack’, Microsoft Blog, May 2017.
10 Ellen Nakashima, ‘The NSA has Linked the WannaCry Computer Worm to North Korea’, Washington Post, June 2017.
11 ‘WannaCry Attack: 70% of the ATMs in India are Particularly Vulnerable to Ransomware’, Firstpost, May 2017.
12 ‘Support for Windows XP Ended’, Microsoft.com, April 2014.
1 Sudhi Ranjan Sen, ‘Vulnerable India: A Government Website Was Hacked Every Other Day In 2016’, Huffington Post, February 2017.
2 ‘Ministry of Home Affairs Website Hacked’, Times of India, February 2017.
3 ‘Indian Government Website Hacked by Terrorist Group Al Qaeda’, Indian Express, March 2016.
4 Prashant K. Nanda, ‘IIT Delhi, Other University Websites Hacked by pro-Pakistan Group’, Livemint, April 2017.
5 ‘NSG Website Hacked, Defaced with Abusive Message against PM Narendra Modi’, NDTV, January 2017.
6 ‘Trai Website Hacked after it Releases Over 1 Million Email IDs; Anonymous India Claims Responsibility’, Firstpost, July 2015.
7 Karrishma Modhy, ‘Indian Army Site Hacked: Does India Have the Right Attitude to Tackle Cyber-crime?’, Firstpost, April 2015.
8 Rituparna Chatterjee, ‘Website of Antrix, ISRO’s Marketing Arm, Hacked’, Huffington Post, July 2016.
9 ‘Over 700 Government Websites Hacked from 2013 to 2016’, Times of India, February 2017.
10 Global CyberSecurity Index 2017, ITU.
11 Jonathan Diamond, ‘India’s National Cyber Security Policy in Review’, Centre for Internet and Society, India, July 2013.
12 ‘Personal Data of Individuals Held by UIDAI Is Fully Safe and Secure’, Press Information Bureau, Ministry of Electronics and IT, Government of India, March 2017.
13 Leakage of Aadhar Data, Unstarred Question, https://www.uidai.gov.in/images/loksabha/LS574.pdf.
14 Komal Gupta and Suranjana Roy, ‘UIDAI Temporarily Halts Aadhaar Payments by Axis Bank, Two Others’, Livemint, February 2017.
15 Johnson T. A., ‘IIT Graduate, His Firm Booked for Hacking Aadhaar Data’, Indian Express, July 2017.
16 Amber Sinha and Srinivas Kodali, ‘(Updated) Information Security Practices of Aadhaar (or lack thereof): A Documentation of Public Availability of Aadhaar Numbers with Sensitive Personal Financial Information’, Centre for Internet and Society, India, May 2017.
17 Lok Sabha Unstarred Question No. 806.
18 Kim Zetter, ‘How Obama Endangered Us All With Stuxnet’, The Daily Beast, November 2014.
19 Russell Brandom, ‘The Petya Ransomware Is Starting to Look like a Cyberattack in Disguise’, Verge, June 2017.
20 Raghu Raman, Everyman’s War: Strategy, Security and Terrorism in India, RHI, 2013.
21 Sarah Gordon, ‘Cyberterrorism?’, Symantec, 2003.
22 ‘French Submarine Builder in Massive Leak Scandal’, Australian, August 2016.
23 ‘Scorpene Data Leaked in France: Navy’, The Hindu, September 2016.
24 Kate Conger, ‘Air Force Launches Bug Bounty Program’, TechCrunch, April 2017.
1 ‘Cybercrime will Cost
Businesses over $2 Trillion by 2019’, Juniper Research, May 2015.
2 ‘Gartner Says India Security Market Is on Pace to Grow 10.6 Percent in 2016’, Gartner, September 2016.
3 ‘Net Ninjas’, Fortune India, June 2015.
4 ‘Net Ninjas’, Fortune India, June 2015.
5 ‘Net Ninjas’, Fortune India, June 2015.
6 Roman V. Yampolskiy, ‘AI Is the Future of Cybersecurity, for Better and for Worse’, Harvard Business Review.
7 ‘US CEO Outlook 2017: Disrupt and Grow’, KPMG, 2017.
1 Sarah Rose, For All the Tea in China, Arrow Books, 2009.
2 ‘Inside India’s Coder Boom’, Fortune India, October 2015.
Acknowledgements
It was about two years back that I got an email from Lohit Jagwani, my commissioning editor from Penguin Random House exploring the possibility of expanding a story on data theft that I had written for Fortune India into a book. As I am guessing first time authors often do in a fit of excitement, I immediately said yes! I mean, how hard can it be to write a book?
Naïve, I know. I now understand that writing a book is in a different order of magnitude than writing a 2500 word piece for Fortune India. Through my journey writing this book, Lohit has been an absolute rock star, constantly supporting and egging me on, even when I was having doubts about whether I would be able to pull it off. Here’s to him and the rest of the team at Penguin Random House who edited the manuscript, designed the cover and the lawyers who vetted it.
To Sahir and Raviraj, there’s nothing I enjoy more than the conversations with you guys where you spook me with all the crazy stories that you live through every day of your lives. To Gunjan, Naina and everyone at Zomato who, unlike most of corporate India, had the gumption to be transparent. To Rajkumar Akella who is fighting piracy every day. To Atul Gupta who helped me illustrate the point that no one is safe from data theft. To Brijesh Agarwal and his team for telling me the story of their fight. To the many hackers I met during the course of reporting for this book, from Anand Prakash to Bikash Barai to KP and the many who chose to remain in the shadows. To Saket Modi for making sure that conversations on data theft don’t remain confined in an echo chamber. To everyone at the Centre for Internet and Society, KPMG, EY, PwC, Deloitte and the countless others who wrote the reports and books which formed an important foundation for my research for this book.
Over the last few months, several sources I connected with during the course of reporting opted out of talking to me for this book. I thank them for demonstrating my point that data theft is an issue that we are too shy to talk about.
A huge slice of gratitude to everyone else who did talk to me, from those I have quoted to those who wanted to remain anonymous. To all those behind the reports and the books that have been quoted in this book.
Lohita, you may not know it, but this book wouldn’t have been possible if I hadn’t met you while reporting for that piracy story all those years back. Thank you for connecting me to so many people.
To Xavier, macha, you were one of the first people to tell me that I should write a book. Thank you for the faith.
To Rahul, Sheelika and the rest of the brilliant folks at TeamIndus for encouraging me along my moonshot.
To Kunal Talgeri, for being a journalist’s journalist and a fantastic friend and for the hours we spent debating everything.
To Brinda, if it weren’t for all the faith and the encouragement to pursue stories that were different, this book wouldn’t have happened.
To Richa, you were around when Penguin connected with me all those months back. Thank you for being a rock of a friend.
To Aswin, for nearly three decades of friendship.
To Nina, Nipa, Manmeet, Neha, Kimmy, Roma, Saumya, Jai Mohan, thank you for being friends to die for.
Issac, for the conversations with a fellow newbie author that helped calm my nerves through the last few months of writing this book.
To Tanmoy and Seetha, the most wonderful couple ever and the two people I know I can always count on, from Madrid to Mayur Vihar.
To Anupama, for proving Plato was right.
To everyone at Fortune India, where I started this journey and for the stories they encouraged me to pursue, many of which form the basis of this book.
To the Times Group, where I hope to continue telling stories that are different.
To all the hackers in the world who use their power to improve humanity.
To my teachers and colleagues in Kerala, Delhi, Mumbai and Bengaluru and around the world.
To my family in Kerala and Bengaluru and everywhere around the world.
To everyone I know I am forgetting to thank.
To my sister Malini and her family, Reni, Achu and Ammu.
To Appa and Amma, my parents who have given me so much love and care, especially for always encouraging me to create my own path.
THE BEGINNING
Let the conversation begin…
Follow the Penguin Twitter.com@penguinbooks
Keep up-to-date with all our stories YouTube.com/penguinbooks
Pin ‘Penguin Books’ to your Pinterest
Like ‘Penguin Books’ on Facebook.com/penguinbooks
Find out more about the author and
discover more stories like this at Penguin.co.in
PORTFOLIO
UK | Canada | Ireland | Australia
New Zealand | India | South Africa
Penguin Books is part of the Penguin Random House group of companies whose addresses can be found at global.penguinrandomhouse.com.
This collection published 2017
Copyright © Nirmal John 2017
The moral right of the author has been asserted
Jacket images © Parag Chitale
ISBN: 978-0-143-42631-8
This digital edition published in 2017.
e-ISBN: 978-9-387-32660-6
This book is sold subject to the condition that it shall not, by way of trade or otherwise, be lent, resold, hired out, or otherwise circulated without the publisher’s prior consent in any form of binding or cover other than that in which it is published and without a similar condition including this condition being imposed on the subsequent purchaser.