Time Lost Cost in Cyber Crime – IGI Airport case

The world cyber crime report that was released by the Anti-Virus major NORTON – listed two types of costs (that is the illegal money involved in cyber crime the world over) involved in cyber crime. One it referred to “Cash Cost” and the other as “Time Lost Cost”.   The first one is easy to understand. It means the cash that the cyber criminals are actually stealing from the innocent citizens by means of a variety of cyber crimes. According to the NORTON report the total illegal money involved in Cyber Crime the world over is US$ 388 Billion. This is indeed an astronomical figure and is nearly 27 Lakh Crores in Indian Rupees. In this the total Cash Cost is US$ 114 Billion. The remaining US$ 274 Billion is the Time Lost Cost and this is what needs a detailed explanation and understanding.   Simply stated, Time Lost Cost refers to the money lost as a result of the time lost when a computer system is down as a result of a virus or any other form of cyber attack. This is because time is money and if time is wasted when the system goes down, money generation is effectively stopped and so money is lost. There are numerous examples which can illustrate this phenomenon better to the reader, but none better than the one which is quoted below.   Indira Gandhi International Airport is the airport of our capital New Delhi. Thus it is an extremely busy hub of air travel, with almost 100,000 passengers transiting daily and more than 900 flights to and from this airport from all over the world. No better show case of Indian progress and vibrancy than this airport and it was this very airport that was the target of a cyber virus attack in the year 2011.   An employee of the airport who happened to be the Head of the IT department was removed from service. Normally, in large organizations if an employee quits or is removed from service – the passwords assigned to such an employee get automatically reset. This is built into the system. But in this case, the password did not get automatically reset. A small error, oversight, carelessness or plain inefficiency – but the password was not reset and it was for this error that the IGI airport had to pay dearly.   This employee was a resident of Bangalore and he was anyway disgruntled because of his termination. He visited an internet café which was located in front of his house and carried out the virus attack on the computer system of IGI airport. However this later proved to be his undoing – if he had visited a café in another city or any other café in some other part of the city of Bangalore and used some fake ID etc – he may never have been caught. What did he actually do in this internet café – he accessed his account and as the password was not changed he managed to log in. He then proceeded to introduce a virus in the system. Slowly the different components of the airport began to shut down – the passenger check in, baggage handling, passenger information system, security check etc. Within minutes the entire airport came to a standstill. Paying customers were put to severe hardships.   The airport authorities tried in vain to issue hand written boarding passes et al, but all was in vain and the system collapsed totally and chaos prevailed throughout T3 of IGI airport. They then hired the cyber forensic experts of KPMG – who managed to isolate the virus and take it out of the system. Then the various components of the system were brought online one by one and the airports normal functions resumed. The total duration of the attack and the subsequent shutdown of the airport was of 24 hours. The total cost to company that runs the IGI Airport was estimated to be 200 Crores. This is Time Lost Cost.   Off course the disgruntled employee ultimately was caught by the process of reverse engineering. When the security agencies reached the internet café, where the digital footprints led them, the manager easily told them that on the given date and time when the attack originated, the disgruntled employee was using the target computer – and he lived across the street. A firm case of an offender leaving his traces on the scene of crime. This is one crime solution principle that always works!