October 7, 2022

Lukmaan IAS

A Blog for IAS Examination

TOPIC : INGENIOUS CYBERCRIMES – LAW ENFORCEMENT AGENCIES ILL-EQUIPPED TO DEAL WITH MENACE

image_pdfPDFimage_printPrint

THE CONTEXT: New-age crimes in the cyber world are leaving the cops huffing and puffing as thieves seem to run miles ahead of them with smarter and ingenious methods of breaching and misusing digital data to loot more and more vulnerable victims. As reliance on technology, remote work and automation picks pace and billions of people become digitally savvy, the scope for online trickery and scams has grown exponentially. This article presents various aspects of cybercrimes and how law enforcement agencies can keep a check on them.

CYBERCRIME

Cybercrime is defined as crimes committed on the internet using the computer as a tool to target the victim for the execution of the desired crime. Though it is difficult to determine where the particular cyber crime took place because it can harm its victim even sitting at a far distance. Cyber crimes are quite different from traditional crimes as they are often harder to detect, investigate and prosecute and because of that cyber crimes cause greater damage to society than traditional crimes. Cyber crimes are broadly classified into different groups:

CRIME AGAINST THE INDIVIDUALS

  • Harassment, cyber-stalking, deformation, indecent exposure, cheating, email spoofing, fraud, etc.

CRIME AGAINST PROPERTY

  • Transmitting viruses, net trespass, unauthorized control over computer systems, internet thefts, infringement of intellectual property,etc.

CRIME AGAINST ORGANIZATION

  • Cyber terrorism within a government organization, possession of unauthorized information, distribution of pirate software, etc.

CRIME AGAINST SOCIETY

  • Child pornography, financial crimes, sale of unlawful articles, trafficking, forgery of records, gambling, etc.

DATA AND RECENT INCIDENTS:

  1. Cybercrimes in the country have increased four times or 306 per cent in the past four years. In 2016, 12,317 cases of cybercrime were registered and in 2020 this number increased to 50,035. This means that India registered 136 cybercrime cases every day in 2020, according to the National Crime Records Bureau.
  2. India witnessed over 18 million cyber-attacks and threats, with an average of nearly 200,000 threats every day, in the first three months of 2022, according to US-based cyber security firm, Norton. The company states in its Cyber Safety Pulse Report that the quarter spotted nearly 60,000 phishing attempts through this quarter, as well as over 30,000 tech support scams in this time.
  3. Another aspect is the increasing trend of cyber criminals gaining access to corporate email addresses. In the year 2015, an oil and gas company was hacked whereby the cyber criminals duplicated the email ids of the senior officials in order to ploy one of the clients to transfer the amount to the hacker’s account leading to losses to the tune of a few hundred crores. E.g. The Cosmos Bank was destructively hit by a cyber-attack in the year 2018, where the hackers hacked into the ATM server of the bank and stole details of many visa and Rupay debit card owners.
  4. Recent incidents like Pegasus WhatsApp snooping, a cyber attack on India’s nuclear power plant etc. have shown India’s vulnerability.

ISSUES IN INDIA’S CYBER SECURITY

  1. Service Providers: Rush towards digitization in almost every sector has led to increased collaborations with application service providers. This is done to provide customers with the best apps and services in the shortest possible time. Hardware and software being of foreign origin or the terabytes of data that is parked on servers outside India serves as a potential threat to National Cyberspace.
  2. Wide Coverage: India has now more than 700 million internet users which makes it a large pool of digitally vulnerable targets. Considering our nation’s size and scale, it serves as a challenge to monitor and suspect digital threats. Computer Emergency Response Team (CERT-In) is heavily understaffed. Although Gov. has set up National Critical Information Infrastructure Protection Centre (NCIIPC) but it is yet to identify and implement measures to protect critical information infrastructure
  3. The continued perception has been that cyber security is optional. This led to an increase in threats of cyber-attacks.
  4. The international threat of a cyber war from neighbouring countries has increased in recent times. Lots of equipment in India are imported. It is unknown whether these devices are tampered with or programmed for control processes
  5. Cyber-attacks have grown in terms of sophistication and reach in recent times. The countries are witnessing growing cybercrime ranging from fraud calls to malware that brings banking systems to a standstill. Attacks are often anonymous and difficult to attribute to specific actors, state or non-state. Advanced Precision Threats (APTs) carried out by anonymous hackers are often silent and go unnoticed for long periods.

WHAT HAS INCREASED INDIA’S CYBER SECURITY THREAT?

DIGITAL INDIA VISION

  • India is one of the fastest-growing markets for digital technologies fuelling the government’s push toward actualising its Digital India mission.
  • Whether creating broadband highways or rolling out services such as DigiLocker and e-governance schemes like the Jan Dhan Yojana, the government has pushed for as much digital adoption as possible.
  • Under Pradhan Mantri Jan Dhan Yojana 45 crore new accounts have been opened and 32 crore RuPay Debit Cards have been distributed in the last 8 years.
  • BharatNet is also developing very fast, 5.75 lakh km of fibre cable has been laid and work has been done to connect 1.80 lakh villages in the last 8 years which was less than 10000, 8 years ago.

INCREASING FOOTPRINT OF DIGITAL ACTIVITIES

  • India now has over 1.15 billion phones and more than 700 million internet users which makes it a large pool of digitally vulnerable targets.
  • In January 2020, India had the second-largest Internet user base with over 550 million Internet users.
  • In 2021, 40% of the total global digital payments took place in India.
  • Digital Inclusion increases the potential of digital threats leading to cyber-attacks and crimes.

TECHNOLOGY SHOCKS

  • Technologies like the internet, social media, and smart phones allow individuals and groups to commit crimes across international borders. The digital illiteracy and fear psychosis that was evident in Indian masses after the demonetization in 2016 made them more susceptible to cyber frauds.
  • The Jamtara cyber con artists made news in 2017, for phishing attacks and duping people of large amounts.
  • Silly mistakes by gullible people make them an easy prey to hackers, tele-phishers and other cheats using devices to steal debit and credit card details.
  • This has forced one to think that whether the technology upgrades are faster than the general awareness of the people and law making process to handle such crimes.

 LAWS RELATED TO CYBER SECURITY IN INDIA

INFORMATION TECHNOLOGY ACT, 2000

  • The act regulates the use of computers, computer systems, computer networks and also data and information in electronic format. The act lists down among other things, the following as offences:

ü  Tampering with computer source documents.

ü  Hacking with computer system

ü  Act of cyber terrorism i.e. accessing a protected system with the intention of threatening the unity, integrity, sovereignty or security of the country.

ü  Cheating using computer resources etc.

STRATEGIES UNDER NATIONAL CYBER POLICY, 2013

  • Creating a secure cyber ecosystem.
  • Creating mechanisms for security threats and responses to the same through national systems and processes.
  • National Computer Emergency Response Team (CERT-in) functions as the nodal agency for coordination of all cyber security efforts, emergency responses, and crisis management.
  • Securing e-governance by implementing global best practices, and wider use of Public Key Infrastructure.
  • Protection and resilience of critical information infrastructure with the National Critical Information Infrastructure Protection Centre (NCIIPC) operating as the nodal agency.
  • NCIIPC has been created under the Information Technology Act, of 2000 to secure India’s critical information infrastructure. It is based in New Delhi.
  • Promoting cutting-edge research and development of cyber security technology.
  • Human Resource Development through education and training programs to build capacity.

 GOVERNMENT INITIATIVES TO TACKLE CYBER CRIMES

CYBER SURAKSHIT BHARAT INITIATIVE

  • It was launched in 2018 with an aim to spread awareness about cybercrime and build capacity for safety measures for Chief Information Security Officers (CISOs) and frontline IT staff across all government departments.

NATIONAL CYBER SECURITY COORDINATION CENTRE (NCCC)

  • In 2017, the NCCC was developed. Its mandate is to scan internet traffic and communication metadata (which are little snippets of information hidden inside each communication) coming into the country to detect real-time cyber threats.

CYBER SWACHHTA KENDRA

  • In 2017, this platform was introduced for internet users to clean their computers and devices by wiping out viruses and malware.

INFORMATION SECURITY EDUCATION AND AWARENESS PROJECT (ISEA)

  • Training of 1.14 Lakh persons through 52 institutions under the Information Security Education and Awareness Project (ISEA) – a project to raise awareness and provide research, education and training in the field of Information Security.

INTERNATIONAL COOPERATION

  • Looking forward to becoming a secure cyber ecosystem, India has joined hands with several developed countries like the United States, Singapore, Japan, etc. These agreements will help India to challenge even more sophisticated cyber threats.

CYBERCRIME PORTAL

  • It aims to enable citizens to report online content pertaining to Child Pornography/ Child Sexual Abuse Material or sexually explicit content

NATIONAL CONFERENCE ON CYBER SAFETY

  • In June 2022 the National Conference on Cyber Safety and National Security was held in New Delhi. The conference is part of the efforts to create mass awareness for the prevention of cybercrimes in the country.

INTERNATIONAL MECHANISMS

  • The International Telecommunication Union (ITU) is a specialized agency within the United Nations which plays a leading role in the standardization and development of telecommunications and cyber security issues.
  • Budapest Convention on Cybercrime: It is an international treaty that seeks to address Internet and computer crime (cybercrime) by harmonizing national laws, improving investigative techniques, and increasing cooperation among nations. It came into force on 1 July 2004. India is not a signatory to this convention.
  • Internet Governance Forum (IGF): It brings together all stakeholders i.e. government, private sector and civil society on the Internet governance debate. It was first convened in October–November 2006.
  • Internet Corporation for Assigned Names and Numbers (ICANN): It is a non-profit organization responsible for coordinating the maintenance and procedures of several databases related to the namespaces and numerical spaces of the Internet, ensuring the network’s stable and secure operation. It has its headquarters in Los Angeles, U.S.A.

BUDAPEST CONVENTION

  • The Council of Europe’s (CoE) Cybercrime Convention, also known as the Budapest Convention is the sole legally binding international multilateral treaty on cybercrime. It coordinates cybercrime investigations between nation-states and criminalizes certain cybercrime conduct.
  • It was open for signature in 2001 and came into force in 2004.
  • The Budapest Convention is supplemented by a Protocol on Xenophobia and Racism committed through computer systems.
  • India is not a party to it. India recently voted in favour of a Russian-led UN resolution to set up a separate convention.
  • The resolution seeks to set up new cyber norms considered as a counter alternative to the US-backed Budapest Accord.

NEED FOR INTERNATIONAL LAW TO DEAL WITH CROSS-BORDER CYBERCRIMES

  • Technology develops much more quickly than the domestic and international laws that apply to its use across borders. Some countries argue for greater control over citizens’ data, with localization requirements for storing data inside national borders.
  • As new technologies like the internet of things continue to evolve, the ability of international law to combat their negative uses becomes increasingly important to protecting critical infrastructure like power plants and dams.
  • But one of the most persistent hurdles remains:International law is designed for sovereign nations to work through legal mechanisms to address grievances with other sovereign nations. Some technology companies have now become key international players, but as non-state actors and they are still governed by national laws and regulations. Until international law catches up with this reality, accountability to international human rights norms also remains elusive.
  • Technology empowers governments and non-state actors alike to reach far beyond their own national borders. Combatting transnational issues such as cyber attacks, terrorism, and propaganda requires developing new rules to address the negative consequences of technology.
  • The phenomenon of increase in cyber espionage by corporate, by hostile governments to steal trade secrets and information to gain economic advantage or military advantage (most recently seen in Russia – Ukraine war) also demands for a comprehensive law governing all nations on the issue of

THE ANALYSIS OF THE ISSUE

  • The media is full of horrifying stories of the common and even highly-placed people being duped of their money through a wide array of online scams. Even as criminals are inventing newer tools to defraud companies and individuals of their assets, the old and common ways like phishing, malware, ransomware etc via scam emails, mobile phone calls and messaging continue to trap thousands of unsuspecting prey.
  • At present, in the context of cross-border cyber security threats India needs to review its cyber-defence policies and the country also needs to give equal attention to building a deterrent cyber-offensive capability. The government is taking far too long in finalising a National Cyber Security Strategy.
  • There are two limitations to India’s present approach toward cyber security. The country’s policy is defensive and has a narrow focus. It aims to harden vulnerabilities only in civil government and military assets. However, a substantial amount of critical infrastructure in India is built and managed by the private sector.
  • Private corporations also hold troves of sensitive personal data. Therefore, any new strategy must ensure the private sector has the necessary cyber-security cover. The new strategy must also acknowledge that the capacity to counter-attack is often the best defence in a cyber war.

THE WAY FORWARD:

  • The law enforcement agencies’ cyber security arena is inadequately equipped with expert manpower and resources needed to counter this specialised menace and the very real and growing risk of online fraud and thefts. India should update and upgrade its computing environment and IoT with current tools, patches, updates and best-known methods of the day in a timely manner.
  • The instances of cyber financial fraud also call for increased budget allocations in the field of cybersecurity in every district to improve the detection and prevention of the crime.
  • The government should also develop core skills in cyber security, data integrity and data security fields while also setting stringent cyber security standards to protect banks and financial institutions.
  • Effective use of the knowledge gained from actual attacks that have already taken place in the past for building an effective and pragmatic defence.
  • Emphasizing digital literacy is the first requirement for increasing awareness about cyber threats.A public awareness campaign can also prove to be effective to curb cybercrime.
  • The university and school curriculum must also emphasize cyber security as a high-decibel awareness
  • Pressure also needs to be put on officials in the public domain to carry out regular vulnerability assessments and create necessary awareness of the growing cyber threat.
  • A dedicated industry forum for cyber security should be set up to develop trusted indigenous solutions to check cyber-attacks.
  • While international cooperation among different countries is necessary to tackle cyber crimes, it is difficult to have universally accepted law on cyber security because there are different approaches, cultures, history on how we think about freedom of speech; the right to privacy and freedom & security. While no country wants to be deprived of benefits of technological advancements we need to build on and improve international cooperation until a comprehensive and pan global law is in place.

THE CONCLUSION:

Emerging trends in cybersecurity indicate that nearly all future global conflicts will have a cyber component. Whether it is for spying on governments, targeting defence forces, hitting power and communication grids, crippling transport networks, subverting financial systems or sabotaging flights, the next war will begin in cyberspace. It may even be waged largely there, yet it will wreak havoc in the everyday lives of common people unless a robust defence is put up. To achieve the goal of a cyber-secure nation, India will require a robust cyber security strategy that safeguards government systems, citizens, and the business ecosystem. This will not only help protect citizens from cyber threats but also boost investor confidence in the economy.

Mains Practice Question:

  1. India is witnessing ingenious cyber crimes every day. What should be the approach of the government and law enforcement agencies to deal with such menace?
  2. Discuss different types of cybercrimes and measures required to be taken to fight the menace. (GS-3 Mains 2020)
  3. Digital India’s dream requires a strong focus on digital security. Comment.
Spread the Word