The proliferation of cyber crimes is accompanied by increased levels of sophistication. While hacking, generally means an unauthorized access to a website storing personal data, a new form of cyber crime has emerged on the scene that has been compared to a storm/catastrophe by a judge of the Bombay High Court. This storm is going to have a tremendous impact on companies in the form of corporate hijacking.
By merely obtaining the fraudulent digital signature of a person, corporate hijacking can be executed. This simplicity has generated new issues pertaining to digital security. This practice was first noted in Italy in 2012.
It would not be wrong to state that digitization has eased the methods of doing business and transactions and thus everything is computerized today. It is mandatory for companies to file their returns and records online.
In India, we have "Certifying Authorities" from whom digital signatures are to be obtained. Still, miscreants have been successful in obtaining fake digital signatures of the directors of companies and becoming the directors themselves.
Such a situation had arisen in Bombay, Maharashtra wherein the directors of a company by the name of Maneklal Mansukbhai Private Limited (MMPL), were ousted by such fraudsters who then obtained control over the company's assets. Previously, companies DDPL Global Infrastructure and Unicorn Infra Projects (both engaged in real estate) had become victims of this crime.
The scamsters who indulge in such acts do so, after figuring out the loopholes in the security system.
Issues and Challenges
The problem of corporate hijacking has raised concern over digitization and the need for security in the digital world. The RoC need to have additional layers of security. Although the importance of digitization is apparent, however, safeguards must be incorporated into the system and checks and balances against their endangerment must be ensured. Thus, a lot of responsibility has been bestowed on the Ministry of Corporate Affairs and that of Information Technology.
The process of executing such a hijacking involves obtaining a fake digital signature of the director (s) of the company. Every director has his own Director Identification Number (DIN) issued by the Government and each DIN is accompanied by a digital signature. The fraudsters in the above cases replaced the genuine digital signatures of the directors in the website of the Ministry of Corporate Affairs with their fake ones and put themselves in the post of directors of those companies. In some cases, they have even changed the address of the company.
The Information Technology Act, 2002 (IT Act), an Act to regulate e-commerce in India, legitimised the use of digital signatures in India. It provided for the certifying authorities to issue digital signatures under the supervision of the Controller of Certifying Authorities (CCA). India has six such certifying authorities that issue three classes of personal digital signature certificates. Class 1 has the lowest security standard and is often used to secure e-mail messages. Class 2 has a higher standard of verification, it requires identity and address proofs and Class 3 offers the highest security due to physical verification of the applicant.
The order of the Bombay High Court in the recent cases have given a call to the RoC and the Ministries to immediately issue an advisory to all corporates to check their uploaded data and confirm correctness by a specified date.
New guidelines have been issued in the year 2015 that state that for all digital signatures certificates, the PAN number, email address and mobile number provided on the application be verified and that attestation of documents be done by a Gazetted officer, Bank Manager or Post Master.
As per the IT Act, 2002, such a crime is punishable with up to two years of imprisonment and a fine of Rupees one lakh fine.
But the biggest challenge for the concerned Ministries is the finding of these fraudsters. Cyber Crimes are a recent form of crimes marked by high levels of sophistication and anonymity. Technological advancements happen at such an unbelievable rate that the law machinery fails to keep pace with these new developments. Corporate Hijacking is a very serious crime that has serious consequences. It changes the ownership of an entire company. Such a development has an impact on all the stakeholders of the concerned business entity.
Thus, the concerned authorities must initiate measures and take steps before this crime culminates into a catastrophe causing extreme trouble to business entities.