Some days are such that , after reading the cyber-crime section in the newspaper I feel like banging my head against the wall. Today was one such day and the reason : Government of India’s Income-Tax portal. Read more about this over here.
From the perspective of the law when we look at this news-snippet, two individuals had accessed Income Tax e-filing accounts of some very well-known Indian personalities eg. Shah Rukh Khan, Sachin Tendulkar, MS Dhoni, Salman Khan etc. Even though no harm has been done by accessing their records but those who really want to perpetrate a crime they can surely do some tangible damage. However, I wont be discussing on how to execute the second part of the crime, let the guys at Income Tax portal think, after all they are ones who designed this website along with its so called stringent security measures.
NOTE: One has to remember that whenever I look at the Govt. of India’s web security I have always preferred to turn a blind eye towards it . However not this time. The reason being as simple as locking the door and hanging the lock keys besides the lock. Also expecting that no one will use these keys to unlock the door.
Identity Theft
This entire Income-Tax fiasco is a classic example of “Identity Theft”. So here we are, asking some crucial questions: If you are an Indian, then how easy / difficult to steal your Identity.
Lack of privacy laws will surely bring forth quite a lot of legal cases in the near future and interestingly, the irony: Lack of privacy laws being used by the Indian Government to deploy CMS and snoop on citizens. I have discussed extensively about Privacy and CMS over here .
There are numerous databases, managed by the Indian Government which provide unhindered legal access to personal data of its citizens. In case you own a business and fall under Pvt. Ltd. sector then again Government of India has made it possible to provide a publicly accessible search interface.
Normal belief is that Income-Tax details are construed to be highly personal, however, since we are living in India, our right to privacy is limited to the 4 walls of our home.
Permanent Account Number (PAN Card) is a unique card provided to all the tax paying citizens and everyone believes that it is very difficult to find someones PAN card details, unless and until they have access to the physical card or a photocopy.
To know the PAN Card number one needs to have access to
1: Name
2: Father’s Name
3: Last Name
4: Date of Birth
5: The required skill-set to Solve the Numeric CAPTCHA
To login into the portal what is the basic requirement , one would ask
1: Username
2: Password
In case you forget the password then the only additional information required to change the password is a Security Question. *ouch*
Income Tax Security Question
Anyone who is a celebrity is going to rue the fact that they have a PAN card and their PAN Card Details are protected by a service whose password can be changed by anyone. To find information about the common Indian person is a bit difficult however not impossible.
How much time does it take to know the answer of these questions when it concerns a celebrity?
Moreover, just because a government portal is asking you to provide your mother’s name , it is not necessary to provide the real name. All that is required is a string of characters which you can remember.
Let us talk about some common sense, shall we? Show me ONE Indian Tax Payer who doesn’t own a mobile phone . The answer to this question is the solution for the present problem.
Some of you may point out to usage of Duplicate Mobile SIM Card and also we have seen an increase in the number of cyber-crimes in India related to banking sector which targeted yet another problem related to Know your Customer (KYC) norms followed by the telcos wherein Duplicate SIM cards were provided, and this resulted in emptying of bank accounts of the victims.
These incidents shouldn’t deter the Government of India’s Income Tax Portal from binding the mobile number with the login. As such it is the tax-payers money which will be used and uptill now, it is the tax-payers money which was being used to design this pathetic security system.
5 Comments
Service Tax Rules
Informative post. All information’s are very useful.
R Sachin
Presently, Income-TAX has introduced manual intervention for password change.
hyderali
How?
CCA India
Can anybody misuse information of Permanent Account Number (PAN Card)
pan status
Yes anyone can misuse your pan card number, from the number they get all information of transiction, just get all information of your pan card online by Know Your Pan