It usually happens at the height of a bull phase. When dozens of company results are flooding newspaper offices everyday, an occasional fraudster slips in what looks like an authentic press release, with fake company results/information aimed at manipulating share prices. The fraud usually provides a one-time exit route to desperate speculators and is detected within a day -- sometimes even before the paper goes to print. The scams were rare; in fact, I cannot remember more than four such cases in my 16 years as a journalist.
The e-world has changed the speed of fraud too. Last week Reuters reported the posting of a hoax news release on the official corporate website of Aastrom Boisciences Inc. The fraudsters entered the site and posted a false notice of a merger between the Aastrom and its rival Geron Corporation leading to a sharp spurt in prices until it was denied.
The news is another warning about the imperfection of an otherwise magnificently powerful medium. And it has implications for Indian investors too.
The hacking of the Aastrom website is not a case of fake information or rumours posted on bulletin boards to lure the gullible. The posting on the website is assumed to be genuine and could also spark of suits from investors who traded on the basis of the information. Coming as it does on the heels of the attack on major websites such as Yahoo and America Online in February, the incident has led to more discussion on web security and the use of the Internet as a medium for dissemination of official corporate news.
Like in the case of pornography on the Net, the consensus seems to be that the benefits of the World Wide Web far outweigh potential trouble from hackers.
But let's look a little more hypothetically at its implications for India. The Times of India on Monday reported the hacking and archiving of over 500 India-related websites by what it calls "web-terrorists". Though details of their motivations are not yet available, there is a good possibility that the hackers are of India origin.
While Indians have been basking in pride at the global demand for technically skilled Indian engineers, we are as capable of supplying the world with the best web-terrorists. Think of the possibilities. They could hack and deface sites, distort information on government, and team up with scamsters to post fake corporate information on important websites. In case of e-commerce sites, the havoc they could cause is unimaginable. Not only will it destroy business, it will point the needle of suspicion at company officials in charge of technology and finally open the company to recovery suits from irate customers, which could tie up the organisation in endless litigation.
Imagine the sort of hell that would break lose if someone hacked into the Central Vigilance Commission's site and posted a set of names of corrupt bureaucrats and politicians on it. Or imagine what would happen if speculators hacked into corporate portals. All they need to do is post the information when trading begins. Before the day is out and the fraud is detected, they could make a killing on the stock market. Fortunately, investors do not as yet depend on corporate sites for their information. It is still the print media and some webzines that are the preferred media. What investors have to worry about is whether we, as a country, are equipped to detect such fraud and act on it immediately.
Given the Securities and Exchange Board of India's (SEBI) slow and ponderous investigation machinery and its reluctance to mete out harsh punishments, it will be years before the culprits are even identified, much less punished. Remember that BPL, Videocon and Sterlite have still not been punished for their dalliance with confirmed scamster Harshad Mehta.
The new IT bill empowers the police to haul up people on the suspicion of computer fraud. But they need not be officers trained and skilled at detecting computer fraud. There is no major drive to train the police in the use of computers and detection of fraud.
Even more dangerous is the fact that the IT bill puts tremendous powers in the hands of the police and the State, but makes no reciprocal promises regarding completion of investigation, comprehension of the crime, follow-up action to plug fraud and initiate harsh disciplinary action which acts as a deterrent to computer crime.
Strangely, the euphoria around the Net-business and IT enabled business opportunities have largely ignored the crucial issue of crime, detection and punishment.
Even if we restrict the discussion to stock market related fraud, a quick comparison between the US and India is enlightening. After all one cannot talk about globalisation only in terms of access to the US markets and not their regulatory standards.
The Securities and Exchange Commission (SEC) site indicates that SEC chairman Arthur Levitt and his team are totally focused on understanding the gamut of Net-related trading fraud, including fake information, selective sharing of news or online trading problems.
The SEC's enforcement department has a "cyberforce" composed of about 240 SEC staff members who surf the Internet part-time looking for potential fraud. In the last two years of focusing on Internet fraud, its enforcement department conducted three sweeps involving fraudulent offerings online and touting. It brought 115 Internet fraud cases so far, confirming that "there are some shady characters exploiting this medium to line their pockets", said SEC Commissioner Laura S.Unger earlier this month.
She also says that though there are some novel scenarios, most of it "involved yesterday's garden variety fraud using today's technology". She says while the Internet may make it easier and cheaper for fraudsters to carry out their schemes, the Internet also makes it easier for us to find them. Not unlike caller ID, the Internet tracks the identity of those who think they are anonymously committing fraud online. Clearly, detection is easy, but one has to have trained manpower to handle it.
This is equally true of India, but there is as yet no attempt to set up a detection machinery in SEBI. In fact, the SEBI site does not even have a separate section on enforcement and actions taken. All these are simply bundled under sketchy press releases which listed date-wise are far too difficult to access for specific information.
On the other hand, the SEC's crack team has already caught a variety of scams including plantation and fish farming, Ponzi schemes and other pyramid gimmicks aimed at luring gullible investors.
As everyone says, India is definitely poised to grab a large chunk of the internet-related action and to play a path-breaking role in the evolution of the IT industry. Speaking at the Madhu Valluri Memorial Lecture on Sunday, Nandan Nilekani of Infosys Technologies painted a hugely encouraging picture of India grabbing large chunks of the IT business and a substantial chunk of global venture funding. This rosy picture will stick together if the IT industry and government pay an equal amount of attention to cyber crime and its detection and punishment. Otherwise, hackers and web-terrorists could well end the Indian IT dream.