Cybercrime in India: Types, Government Initiatives, and Prevention Measures
Description
Cybercrime in India: Types, Government Initiatives, and
Prevention Measures
Headline:
The Internet in India is growing rapidly. It has given rise to new opportunities in every field. But the Internet also has its own disadvantages. One of the major disadvantages is Cyber-crime – illegal activity committed on the internet
Some common cyber-crimes are:
Cyber-crimes can be basically divided into 3 Major Categories:
1. Cyber-crimes against Persons
• Cyber harassment is a distinct Cyber-crime. Various kinds of harassment can and do occur in cyberspace, or through the use of cyberspace. Harassment can be sexual, racial, religious, or other.
2. Cyber-crimes against Property
• These crimes include computer vandalism (destruction of others' property), transmission of harmful programs, unauthorized trespassing through cyber space, unauthorized possession of computer information.
3. Cyber-crimes against Government (Cyber Terrorism)
• The growth of internet has shown that the medium of Cyberspace is being used by individuals and groups to threaten the international governments as also to terrorize the citizens of a country
Examples of Cyber-crime
• Stalking:
Cyber stalking is one of the most common crimes which are commenced on internet the modern world. Cyber stalking is use of the Internet or other electronic means to stalk someone. This term is used interchangeably with online harassment and online abuse. Stalking generally involves harassing or threatening behaviour repeatedly such as following a person, appearing at a person's home or place of business, making harassing phone calls, leaving written messages or objects, or Vandalizing a person's property
Cyber stalkers use websites, chat rooms, discussion forums, open publishing websites (e.g. blogs and Indy media) and email to stalk victim.
• Hacking
"Hacking" is a crime, which entails cracking systems and gaining unauthorized access to the data stored in them. Hacking could be done easily by using Trojan horse virus. Cases of hacking reported in 2011 was 157 and reported in 2012 was435 thereby % variation in increase in cases over 2011 is 177.1%.
There are different classes of Hackers.
a) White Hat Hackers -
They believe that information sharing is good, and that it is their duty to share their expertise by facilitating access to information. However, there are some white hat hackers who are just “joy riding" on computer systems.
b) Black Hat Hackers -
They cause damage after intrusion. They may steal or modify data or insert viruses or worms which damage the system. They are also called ‘crackers’.
c) Grey Hat Hackers -
Typically, ethical but occasionally violates hacker ethics Hackers will hack into networks, stand-alone computers and software. Network hackers try to gain unauthorized access to private computer networks just for challenge, curiosity, and distribution of information. Crackers perform unauthorized intrusion with damage like stealing or changing of information or inserting malware (viruses or worms)
• Phishing
Phishing refers to the receipt of unsought emails by customers of financial institutions, asked them to enter their username, password or other personal information to access their account for some reason. Customers are directed to a Website which could be fraud copy of the original institution's website when they click on the links on the email to enter their information, and so they remain unaware that the fraud has occurred. The criminal then has access to the customer's online bank account and to the funds contained in that account number
• Vishing
The name comes from “voice,” and “phishing,” Vishing is the act of using the telephone in an attempt to scam the user which is, of course, the use of spoofed emails designed to trap targets into clicking malicious links that leads to a toll free number. Instead of email, vishing generally relies on automated phone calls, which instruct targets to provide account numbers for the purpose of financial reward.
Criminals set up an automated dialing system to text or call people in a particular region or area code (or sometimes they use stolen customer phone numbers from banks or credit unions). The victims receive messages like: “There’s a problem with your account,” or “Your ATM card needs to be reactivated,” and are directed to a phone number or website asking for personal information. Sometimes criminal quote some information about your account before asking you to enter information, so you could believe it’s an authenticated source. Sometimes, if a victim logs onto one of the phony websites with a Smartphone, they could also end up downloading malicious software that could give criminals access to anything on the phone.
• Squatting
Cyber-squatting is the act of registering a famous domain name and then selling it for a fortune.
• Bot networks
A cyber-crime called 'Bot Networks', where spamsters and other perpetrators of cyber-crimes remotely take control of computers without the users realizing the fact that their system is being in use by some fake user.
• Spamming
Spamming is sending of unsolicited bulk and commercial messages over the internet. Although irritating to most email users, it is not illegal unless it causes damage such as overloading network and disrupting service to subscribers or creates negative impact on consumer attitudes towards Internet Service Provider.
• Software Piracy
It is an illegal reproduction and distribution of software for business or personal use. This is considered to be a type of infringement of copy right and a violation of a license agreement. Since the unauthorized user is not a party to the license agreement it is difficult to find out remedies.
• Cyber pornography
This would include pornographic websites; pornographic magazines produced using computers (to publish and print the material) and the Internet (to download and transmit pornographic pictures, photos, writings etc.
• Sale of illegal articles
This would include sale of narcotics, weapons and wildlife etc., by posting information on websites, auction websites, and bulletin boards or 167 simply by using email communication. E.g. many of the auction sites even in India are believed to be selling cocaine in the name of 'honey'.
• Online gambling
There are millions of websites; all hosted on servers abroad, that offer online gambling. In fact, it is believed that many of these websites are actually fronts for money laundering.
• Intellectual Property crimes
These include software piracy, copyright infringement, trademarks violations, theft of computer source code etc.
• Wardriving
War driving is the process of traveling around using a Wi-Fi enabled computer looking for wireless access point signals that can be used to get network access. The most common use of wardriving is to steal somebody else’s Internet access.
• Cyberterrorism
Cyberterrorism is the adaptation of terrorism to computer resources, whose purpose is to cause fear in its victims by attacking electronic resources. Cyberterrorism is generally understood to mean unlawful attacks and threats of attack against computers, networks, and the information stored therein when done to intimidate or coerce a government or its people in furtherance of political or social objectives. Further, to qualify as cyberterrorism, an attack should result in violence against persons or property, or at least cause enough harm to generate fear.
• Forgery
Counterfeit currency notes, postage and revenue stamps, mark sheets etc can be forged using sophisticated computers, printers and scanners. Outside many colleges across India, one finds touts soliciting the sale of fake mark sheets or even certificates. These are made using computers, and high quality scanners and printers. In fact, this has becoming a booming business involving thousands of Rupees being given to student gangs in exchange for these bogus but authentic looking certificates.
• Cyber Defamation
This occurs when defamation takes place with the help of computers and / or the Internet. E.g. someone publishes defamatory matter about someone on a website or sends e-mails containing defamatory information to all of that person's friends.
Implications of rising cyber-crime in India
There is an increase in the development of information technology but it is always worthwhile to remember that technology itself is neutral. However, its use can be described as negative or positive. This is especially true in cryptography, used for securing transactions and data interchange as well as to secure communications covering illegal activities and the establishment of evidence. History shows that new technologies, rarely regulated and not fully complete, are both used for good and bad.
According to the report ‘The Cost of Cybercrime’ the following are the major areas that can affect a government organization’s cost structure:
• Costs in anticipation of cybercrime: Security measures, such as antiviral software installation, cost of insurance and IT security standards maintenance.
• Costs as a consequence of cyber-crime: Monetary losses to organizations, such as gaps in business continuity and losses due to IP theft.
• Costs in response to cyber-crime: Paying regulatory fines and compensations to victims of identity theft, and cost associated with investigation of the crime.
• Indirect costs associated with cyber-crime: Costs resulting from reputational damage to organizations and loss of confidence in cyber transactions.
Cybercrime prevention
Crime prevention comprises strategies and measures that seek to reduce the risk of crimes occurring and mitigate potential harmful effects on individuals and society.
Few basic prominent measures used to curb cyber-crimes are as follows:
• Encryption: This is considered as an important tool for protecting data in transit. Plain text (readable) can be converted to cipher text (coded language) by this method and the recipient of the data can decrypt it by converting it into plain text again by using a private key. This way except for the recipient whose possessor of private key to decrypt the data, no one can gain access to the sensitive information.
Not only the information in transit but also the information stored on a computer can be protected by using the Conventional cryptography method. Public key encryptograpy was one solution to this where the public key could be known to the whole world but the private key was only known to the receiver, it’s very difficult to derive the private key from public key.
• Syncronised Passwords: These passwords are schemes used to change the password at the user’s and host token. The password on a synchronized card changes every 30-60 seconds which only makes it valid for one-time log-on session. Other useful methods introduced are signature, voice, fingerprint identification or retinal and biometric recognition etc. to impute passwords and pass phrases.
• Firewalls: It creates wall between the system and possible intruders to protect the classified documents from being leaked or accessed. It would only let the data to flow in computer which is recognised and verified by one’s system. It only permits access to the system to ones already registered with the computer.
• Digital Signature: Are created by using means of cryptography by applying algorithms. This has its prominent use in the business of banking where customer’s signature is identified by using this method before banks enter into huge transactions.
Steps taken by the Government
‘Police’ and ‘Public Order’ are State subjects as per the Constitution of India. States/UTs are primarily responsible for the prevention, detection, investigation and prosecution of crimes through their law enforcement machinery. The Law Enforcement Agencies take legal action as per provisions of law against the cyber-crime offenders.
Further, Government has taken several steps to prevent and mitigate cyber security incidents. These include:
• Establishment of National Critical Information Infrastructure Protection Centre (NCIIPC) for the protection of critical information infrastructure in the country.
• All organizations providing digital services have been mandated to report cyber security incidents to CERT-In expeditiously.
• Cyber Swachhta Kendra (Botnet Cleaning and Malware Analysis Centre) has been launched to provide detection of malicious programmes and free tools to remove such programmes.
• Issue of alerts and advisories regarding cyber threats and counter-measures by CERT-In.
• Issue of guidelines for Chief Information Security Officers (CISOs) regarding their key roles and responsibilities for securing applications/infrastructure and compliance.
• Provision for audit of the government websites and applications prior to their hosting, and thereafter at regular intervals.
• Empanelment of security auditing organizations to support and audit implementation of Information Security Best Practices.
• Formulation of a Crisis Management Plan for countering cyber attacks and cyber terrorism.
• Conducting cyber security mock drills and exercises regularly to enable assessment of cyber security posture and preparedness of organizations in Government and critical sectors.
• Conducting regular training programmes for network/system administrators and Chief Information Security Officers (CISOs) of Government and critical sector organizations regarding securing the IT infrastructure and mitigating cyber attacks.
