New Delhi, July 29: India is pretty low down on the totem pole for cyber crimes: way behind the malicious, crooked and cross-wired geeks in the US, China and Europe.

A research by US-based IT security and control firm SophosLabs shows that only 2.8 per cent of all spam or malware — software designed to infiltrate or damage a computer system — comes out of India.

The US tops the chart with 19.8 per cent followed by China at 7.5 per cent. But the study also shows that China has overtaken the US in hosting Web pages that secretly install malicious programs on computers to steal private information or send spam e-mails.

Another report reveals that Europe produces more spam than any other continent. What all this shows is a loose confederacy of cyber criminals: a single cyber crime operation can now be distributed among different groups in several countries.

One may create a ‘botnet’; another rents those computers to send credit scam e-mails; a third party transfers funds using the fraudulently obtained banking information. Sometimes each operation is on a different continent.

There is no evidence yet of an emerging cyber mafia – an organised syndicate of cyber criminals but we could get there eventually.

Culture matters

India clearly isn’t part of the confederacy – at least not yet. Why not? One reason suggested — in the West – is that India shows a “cultural difference”, basically a lower susceptibility to crime in general. The only cyber crimes have been a few individuals who have stolen data or information and traded for small personal gains. It still hasn’t developed into a serious organised groups of criminals.

“In India, strong family-oriented values act as a dampener for any cyber crime related to infiltrating computers with malware, spams and viruses,” says Nandkumar Saravade, director of cyber security at the National Association of Software and Services Companies.

There is another reason: geeks in India get well-paying jobs. And that’s one reason why they shy away from illegally profiteering from their programming knowledge, say analysts. “We also have cyber-crime cells cropping up in different parts of the country, further reducing the chances of relaying malware,” Saravade added.

However, analysts warn that security professionals should expect Indian’s malware contribution to grow in the next few years.

During December 2006, over 400 Indian websites came under attack by hacker groups, compared with 340 sites that were defaced during the previous month. This takes the total number of websites that were defaced during 2006 to about 5,200, according to CERT-In, the nodal agency monitoring the country’s cyber security.

PC count

“Cyber-crime increases with PC penetration. With PC and broadband penetration on a high in the country, computers and networks are more exposed to virus and malware attacks,” said a senior KPMG analyst.

India is also witnessing a personal computer growth spree. “By the end of 2008, India would be using more than 19 million PCs. This figure would increase to 157 million computers by the end of 2015, translating into 250 million computer users,” said Simon Yates, a Forrester researcher.

“Moreover, with hackers seeking financial gain, there is an uptrend in cyber crimes,” said web security experts. Hackers in the past attacked mainly because it afforded them the opportunity to pound their chests and win some acclaim within their peer group.

Once they acquire information, there is “an underground supply chain” where hackers can sell and trade in bank account or credit card passwords, said Patrick Runald, senior security specialist of F-Secure Security Labs, Kuala Lumpur.

With cyber crimes expected to rise, internet security firms along with the government are working on new strategies and solutions to keep cyber space free of worms and viruses and generating huge revenues in the process.

Anti-virus solutions

A new analysis from Frost & Sullivan’s World Anti-Malware Products Markets’ revealed that the world market for anti-virus solutions reached $4.7 billion in 2006, up 17.1 per cent, from about $4 billion in the previous year. It expects this market to grow at a 10.9 per cent CAGR from 2006, reaching $9.7 billion by 2013.

“The industry is looking at a 100 per cent growth in anti-virus products and 40 per cent growth in cyber security services,” said Vishak Raman, country manager, Fortinet — a real time network protection firm.

The department of technology is working on the feasibility of an early warning system that would alert any computer system of a potential attack. The project, if successful, will also help zero in on viruses and worms entering through different Internet service providers in critical organisations such as banks, BPOs, railways and airports.

Cyber security firms like Cyberoam, F-Secure and Fortinet are developing new solutions to filter spam mails.