Cyber Crime- Awareness and Security

Learn about Cyber Crime, its types, ways, and how to protect yourself. Understand the seriousness of cybercrime and the role of cybersecurity professionals.

The Cyber space is a huge community comprising of billions of users and websites. Users access the cyber space for a variety of reasons, official, business, shopping, study, seeking information, movies, video games, financial transactions, ecommerce etc. This gives reasons to the criminals for malicious practice in the cyber world and take undue advantage. The cyber crime rate is increasing day by day. Due to this, the Cyber Security has become very important. Several laws have been made related to cyber crime and Cyber Cells have also been established in police stations to handle the related issues. The Cyber crime is a great threat in today’s world, security of nation, to someone’s personal data and information, individual security, however, with some basic awareness and security measures, people can safeguard themselves from such crime. It is very important to know about the types of cyber crime, the security measures to be taken and over all be Cyber Aware.

A. INTRODUCTION

In today’s contemporary world, Information Technology is an emerging vocation, it provides a number of positive implications, in our routine life. Although what happens when some illicit individual decides to use the World Wide Web to conduct some misdemeanour? Internet can be subject various such violations, termed as ‘Cyber Crime’.  In this digital era, the rate of cyber-crime has increased manifolds, as such, it is very important that one should be aware of the cyber crime and the laws related thereto.

A report (sponsored by McAfee), published in 2014, estimated that the annual damage to the global economy was $445 billion. Approximately $1.5 billion was lost in 2012 to online credit and debit card fraud in the US. In 2018, a study by Center for Strategic and International Studies (CSIS), in partnership with McAfee, concludes that close to $600 billion, nearly one percent of global GDP, is lost to cybercrime each year.

Cyber-crime is a crime that involves a computer and a network. The computer may have been used in the commission of a crime, or it may be the target. Cyber-crime may threaten a person, company or a nation’s security and financial health.

The cyber-crime and the criminals are growing at a considerable speed. The key reasons for reckless growth of cyber-crime are-

a. No physical visit is required for the crime.

b. Can be committed from anywhere in the world to anywhere in the world.

c. The crime are mostly pre-programmed to execute at a pre decided time, place and target resources as planned.

d. Authorities are not very aware and prepared to handle the crime.

e. Can be executed on many victims at different location simultaneously.

f. Identification of the criminal can be hidden easily.

g. Ignorance of cyber laws

h. Poor practice of cyber safety measures

B. TYPES OF CYBER CRIME

The cyber crime can be classified as under-

1. According to usage of Computer

2. According to type of victim

3. According to the use of internet.

1. According to the usage of Computer-

As per this, the cyber-crime can be divided as under-

i. Computer used for any crime, such as making duplicate certificates, duplicate stamp papers, printing fake currency notes etc.

ii. Crimes targeting the computer/ computer resources viz. virus attack, e-mail bombing, e-mail spoofing, ransomware

iii. Using computer for unauthorised surveillance

2. According to type of victim-

i. Cybercrime against individuals, viz.

• • Cyber obscenity
  • Cyber defamation/ Libel
  • Cyber Harassment/intimidation
  • Cyber stalking
  • Email Bombing
  • Data Didding
  • E-mail spoofing

2. Cybercrime against property-

• Cyber extortion
• Virus attack
• Data theft
• IPR theft

3. According to usage of the internet-

This type includes a variety of crimes such as- data theft, phishing, dark net, IPR violation, website defacement, cyber terrorism, spamming, internet forgery, cyber extortion, online gambling, illegal articles trading, cyber pornography, data diddling, email frauds, financial crimes, social networking misuses etc.

C. CYBER CRIME WAYS-

It is important to have the basic knowledge of the ill practice and crime being carried by the cyber criminals. Some of them are-

1. Hacking or Cracking– Hacking is the most common cyber crime. Accessing any computer without the consent is called hacking. The criminals make an unauthorised access to the computer resources/ network by breaking security codes/ passwords. It can for intents such as data theft, greed, publicity, revenge, destruction. The offence is punishable under section 66 of the Information Technology Act, 2000.

2. Denial of Service Attack (DoS)– In DoS attack, the compute system is chocked by sending more inputs at a time than it can handle. If more information are sent at a time, a computer system stops responding and becomes unavailable. This is a publishable offence under section 43F/66 The Information Technology Act, 2000.

3. Cyber stalking– Cyber stalking is unauthorised surveillance by any person on any other person by use of e-mail, instant messaging (IM), messages posted on a website or a discussion group. A cyber stalker targets the victim with threatening/abusive messages and follows them/their activities in the real world. It is used as for harassment and is punishable under section 354D of the Indian Penal Code, 1860.

4. Salami Attacks- It is an economic cyber-crime. Here, the software is so changed that small attacks add up to one major attack or amounts are add up that can go undetected due to the nature of this type of cyber crime. It is also known as salami slicing. Salami Attack is punishable under section 65/66 of the IT Act, 2000.

5. Trojan and key Loggers- An illegal computer programme which gets loaded into the computer secretly and damages the computer data and program. This provide the information from typing/ screen to the cyber-criminal for data stealing. It is punishable under section 43(c )/66 of the IT Act, 2000.

6. Intellectual property Right (IPR) Crime- Intellectual properties viz. trade mark, know how, innovation, design, patents are valuable assets for a business. Software piracy, copyright infringement, trade mark infringement, piracy of source code are some of the examples of intellectual property related crimes. It is punishable under section 65/66 of the IT Act, 2000 and also under the IPR laws.

7. Web Defacement- here, the original web page is replaced with some other page. It is a punishable offence under section 43 and 66 of the IT Act, 2000.

8. Web Jacking- A website is hijacked by cracking its security code/ password. This is done with the motive of getting ransom money from the owner of the website in lieu of releasing the website. It is punishable under section 66 of the IT Act, 2000.

9. Virus/ worm attack- Virus or malware attacks are getting common. These are rogue software programs which spread from one computer to another computer and can damage the data stored. It is punishable under section 43(c )/66 of the IT Act, 2000.

10. Internet Time Theft- It is the unauthorised use of the paid internet or resources by unauthorised person. Punishable under section 43(h)/66 of the IT Act, 2000.

11. Online Gambling- Betting/ gambling is prohibited in many countries including many states of India. There are websites which provide for online gambling, betting irrespective of the prohibition under the local laws. It is punishable crime in India.

12. Ransomware- Ransomware is extremely notorious virus which encrypts data in the computers where it attacks and the data becomes un usable for the user. The criminal demands ransom in the form of crypto currency such as bitcoin to release the data. Some of the ransomware are- Wannacry, Petya, Locky etc.

13. SIM card swapping- The criminals get duplicate Mobile SIM card issued for an existing Mobile SIM by giving fake KYC documents to the operators, thereby receiving all the transaction passwords, OTP on their mobile. Huge financial loss is occurred to the original mobile owner. Offence is punishable under action 66 of the IT Act, 2000.

14. Debit or Credit card data skimming and cloning of ATM Card- Cyber criminals attach a skimming device plus pin hole camera in an ATM machine. The ATM/ debit card when used by the User in an ATM machine, the card information gets collected in the skimming device and the PIN number also gets captured in the pin hole camera. With this information, a clone ATM card is made and is used for withdrawing the money, with the PIN captured in the camera. The offence is punishable under section 66 of the IT Act, 2000.

15. Bot Networks- Bot network is remotely controlled computer network, which is used for remote attacks like DoS, spoofing, phishing etc. Bots are computer programme and work according to their remote controller through control and command centre. Whenever a victim opens a mail loaded with the programme (Torjan), the computer becomes infected and becomes part of the Bot network and the victim computer is controlled completely. This is punishable under section 66 of the IT Act, 2000.

16. Phishing Attack- In phishing, a deceptively similar website is prepared in look and features, and the host the website at a deceptively similar URL. Now emails are sent to the prospective victims with a link containing phishing website. when the customer clicks the link, the deceptive website opens and the customer fills his user name, passwords and other important data in the phishing website. As such the information is passed to the criminal through the phishing website. Phishing is punishable under section 66C/66D of the IT Act, 2000.

17. Spear Phishing– It is an email spoofing attack that targets a specific organisation or individual, the spear phishing is similar to phishing in all other aspects. It is punishable under section 66C/66D of the IT Act, 2000.

18. Local File Inclusion (LFI) Attack– In LFI, some unwanted filed are attached to the files that are already present on the server, through the exploiting of vulnerable inclusion procedures implemented in the application. This is punishable under section 65/ 66 of the IT Act.

19. Man-in-the- Middle (MITM) Attack- MITM is a type of spying where communication between two users is monitored and also modified by an unauthorised party. This offence is punishable under section 66/66C/66D of the IT Act, 2000.

20. Crypto-Currency- Cryptocurrency Exchanges are the platform to buy and sell digital assets like bitcoin. Cyber criminals try to steal the crypto-currencies by various methods. As the exchanges function as the trading platform, they are most vulnerable for cyberattacks for the cryptocurrencies.

D. CYBER FRAUDS AND AWARENESS

A number of cyber frauds are committed every day throughout the world. In most of the case, the victim is ignorant of the Cyber world and the frauds.

There are several kind of Cyber frauds. Its very important to be aware of the frauds. Some of the cyber frauds are-

1. Financial Fraud

2. Data theft

3. Job Fraud

4. Matrimonial Fraud

5. Social Media Platform Frauds

Financial Frauds– With the growth of the digitization, more and more people are using the internet for financial transactions, fund transfer, for payment of bills, Online purchase etc. People often get calls asking for OTP, PIN etc. which results in huge financial losses. Never disclose your OTP, passwords, CVV Number, ATM PIN to any one on phone or in any way. Bank or RBI or banks never ask for the passwords or PIN.

Data theft- In today’s world, the data is a very important commodity and is considered equivalent to gold, oil or any other valuable resource. Individuals’ privacy and their personal data are at risk. Hacking, , identity theft, financial fraud, malware, medical fraud, messages, images, and video and audio recordings are ways of the data theft. One needs to be much conscious about personal and professional data so that it never gets vulnerable to cybercriminals.

Job Frauds- Job websites are used by the job seekers. Sometimes, some very lucrative job offers appear on some website giving very good offer and on making some payment. You can be called for the interview, but later would find that no such company existed and you ended with losing the amount.  So, one should be very caution, should verify the vacancy before making any payment, use only verified websites and no company asks for any fee for appearing for the interview.

Matrimonial Frauds- There are number of good matrimonial websites which provides match for youth for life partners. The websites are used by the youth and also by their parents to find a suitable match. However, sometimes it may lead to frauds and a trap. So be caution and always use a trusted website for registration and a background search to be done of the prospective match, make proper enquiry, do not disclose your confidential information, do not share your sensitive photographs.

Social Media frauds- This is the widest spread and anyone using the social media should take some basic safety measures to avoid being trapped, facing frauds.

E. REPORTING OF CYBER CRIME-

The Government of India has established the Indian Cyber Crime Coordination Center (I4C) portal, to report Cyber Crime. The portal facilitate the reporting of all types of cybercrimes, with a special importance on those committed against women and children. The portal also provides an option of reporting an anonymous complaint for reporting online Child Pornography (CP) or sexually explicit content such as Rape/Gang Rape (RGR) content. The link for the portal is https://cybercrime.gov.in.

There are two options for reporting cybercrimes on the portal:

Report Crime related to Women/ Child – Under this section, you can report complaints pertaining to online Child Pornography (CP), Child Sexual Abuse Material (CSAM) or sexually explicit content such as Rape/Gang Rape (CP/RGR) content.

Report Other Cybercrimes – Under this option, you can report complaints pertaining to cybercrimes such as mobile crimes, online and social media crimes, online financial frauds, ransomware, hacking, cryptocurrency crimes and online cyber trafficking.

Information considered as evidence while filing complaint related to cybercrime-

As per the I4C FAQ, the following information can be the evidence while filing complaints-

• Credit card receipt
• Bank statement
• Envelope (if received a letter or item through mail or courier)
• Brochure/Pamphlet
• Online money transfer receipt
• Copy of email
• URL of webpage
• Chat transcripts
• Suspect mobile number screenshot
• Videos
• Images
• Any other kind of document

Once you report the complaints on the Portal, the complaints shall be handled by the concerned State/UT police authorities based on your selection of State/ UT while reporting the complaint. A complaint filed under REPORT WOMEN/ CHILD RELATED CRIME section cannot be withdrawn. Complaint filed under REPORT OTHER CYBER CRIME section can be withdrawn before it is converted into FIR.

Cyber Cells have been established in the Police stations to hand such crimes where  Online complaints can be lodged for the crimes such as – email related complaints, Social Media related complaints, Mobile app related complaints, Business email compromise complaints, Data theft complaints, ransomware complaints, Net Banking, ATM related complaints, fake calls frauds, Bitcoin related, cheating, online transactions related etc.

F. HOW TO PROTECT YOURSELF AGAINST CYBERCRIME

One can protect oneself from the dangers of the cyber-crime by taking some simple and basic measures.

• Installing Anti- Virus: An Anti- Virus software protects you from viruses, spyware, malware, rootkits, phishing attacks, spam attack, and other online cyber threats.
• Using a strong Password: A strong password consists of:

– At least 8 characters—the more characters, the better.

– A mixture of both uppercase and lowercase letters.

– A mixture of letters and numbers.

– Including at least one special character, e.g., *&?]

• Don’t open unreliable links anywhere: Be it your e-mail or any other dubious website, it is never a good idea to open links that feels unsafe or shady. This is also the oldest trick in the book for malware attacks!
• Keep a constant check on your bank statements: If there are any strange transactions made via your bank account which you are unaware of, it can be a fraudulent activity, hence you might be a victim of cybercrime. So, if such an incident occurs, be sure to call your bank and confirm the same.
• Cover your webcam– A web camera of our laptop, if hacked can be very dangerous and can be used to observe, watch and record day to day activities. It is a recommended to cover webcam when not in use. Do not do any private activities in front of the webcam.
• Secure your online presence. Chose right setting on social media platforms. Do not accept friends request from anyone or everyone. Remember to log out from the social media platform. Keep a check on your account. Report to the social media service provide for any fake, unwanted or fraudulent activities in your account. Be aware of your outfits on video call and video chats. No sensitive pics should be there on your smart phone.
• Your software should be updated: It is must to keep your software and Operating system up-to-date with latest security patches. Always choose updated version of the browser and install safe browsing tools
• Take care of your communication devices: Make sure that your devices is protected by password, PIN, Pattern or biometric information so that others cannot access easily.
• Precaution on sensitive Browsing: Remember that you should browse shopping or banking websites or apps only your devise. Avoid using friend’s phone, public computer, cyber cafe or free Wi-Fi for sensitive browsing as data can be stolen or copied.
• Be cyber aware- Make aware your children about potential online threats such as grooming, bullying, and stalking, keep track of their online activities. Also, you should be aware of the latest applications, securities devises and at the same time be aware the frauds, threats etc.

G. Cyber security and role of Professionals

Cybersecurity is protecting your organization’s data, computer system and  internet from cyber-attacks. Cyber Security in an organisation includes technologies, processes and practices in the organisation to protect networks, computers, programs, and data from unauthorized access or damage. The strategy is to ensure confidentiality, data integrity and safety. The Professionals can play a great role by taking responsibility of safeguarding the Organisation and the business from the threat of the cyber-crime. The following can be ensured by the professionals for cyber security-

• Implementation of a cybersecurity governance and risk management program depending on the size and the importance of the data.
• The Cybersecurity risk to be considered as a significant business risk and to be put at the same level of importance as compliance, operational, financial and reputational risks.
• Implementation of a proper and adequate policy for access to the sensitive information on need to know basis.
• Implementation of a policy for System Use ie how to use the IT Systems of the Organisation, use of passwords, no use of the external devices such as pen drive, no copying of Organisation data, rules to use the systems outside office, email use policy, internet use policy and remote access policy.
• Ensure safety from malware, ransomware attacks by installing antivirus, firewall, anti-spam software, anti-phishing software and several other good software available in the market. Make sure that they are renewed and updated regularly.
• Keep the list of backup technicians, document the configuration of hardware and software applications and keep this up to date so that at the time of emergency, the list is handy.
• Hardware should be maintained adequately and timely. Sign contracts with hardware maintenance service provider. Take adequate insurance policy for the systems.
• Implement the basic practice in the organisation for Cyber security such as identify the cybersecurity risk, protect and implement appropriate safeguards to ensure delivery of critical services, identify the occurrence of cyber threat, action chart for a detected cybersecurity incident, develop a recovery and restoration plan due to a cybersecurity incident.

H. SOME INSTANCES OF CYBER CRIME-

• India’s Aadhaar, which is national centralized government ID database, which stores the biometric data and identity data of 1.2 billion Indians, was subjected to a database breach in 2018.
• Capital One Financial Corporation, an American Bank, revealed a data breach affecting 100 million US customers and a further six million in Canada as Federal Bureau of Investigation (FBI) officers arrested a suspect (2019).
• Mailing and shipping services company Pitney Bowes, USA got an apparent ransomware attack (2019).
• In UK, The WannaCry virus infiltrated the National Health Service (NHS) computer system which made the system disabled for a week. The hospitals and medical practitioners operated entirely offline. (2017).
• Glasgow-born Gary McKinnon was accused of infiltrating 97 US military and NASA computers in order to find evidence suggesting free energy suppression and UFO cover-ups. This was termed as the ‘biggest military computer hack of all time’ (2002)
• The personal data (i.e., national identifier, name, gender, parents’ names, home address, date of birth, and city of birth) of over 49 million Turkish citizens was made available in 2016, through an online searchable database (Greenberg, 2016).
• Mobile Malware Smith had attacked and infected about 25 million devices, in India and other Asian countries, and also in UK and US (2019).
• A group of Russian hackers broke the access code and were able to get the secure information of more than 100 institutions in the world. They used malware to infect the bank computer systems and were able to steal about £650 million from global banks (2015).
• From Yahoo account, more than one billion user accounts were stolen, it included the names, phone numbers, passwords and email addresses of the users. It was one of the largest cases of data theft in history (2013).
• Kevin David Mitnick was an all-time popular cybercriminal. In 1995, at the time of his arrest, he was “the most wanted hacker in America.”

I. CONCLUSION

In conclusion, one can undoubtedly state the fact that cybercrime is a misdeed, and anyone using cyberspace can be its victim. We also now know all the major types of crimes that one may have to deal with, although in today’s world, offenders and hackers design new advance versions of violation each day, so one can never be too aware in the matter of self-security. Any individual’s precious personal data can be sold for as little as $0.20, up to $15.

Cyber Crime is a serious crime, it breaches someone’s privacy and confidential data and also exposes to financial losses. It involves infringement of human rights as well as of governmental laws. Therefore, one must consistently follow all the precautions discussed earlier, because ‘Prevention is better than cure’, as the well-known saying states.

It is also extremely crucial to spread awareness about cybercrime, as 21% of files aren’t protected (2018 Global Data Risk Report). Along with your computer, it is also important to protect your smart phones, as they contain almost all information.

Even after world class security, anyone can be a victim to an unethical hacker’s play. One such case is of the French President Emmanuel Macron, even after getting the utmost elite security, his emails were hacked.

So, it is not impossible to get victim of cyber crime even after following every measure, but the spread of education and awareness about the topic, can surely help many to be actually ready for the worst cases, and be prepared to fight the crime.

J. REFERENCES

• Indian Cyber Crime Coordination Center, https://cybercrime.gov.in
• https://en.wikipedia.org
• Cyber Crime, First Responder Guide, Anuj Agrawal
• Information available in the public domain.

*******

Disclaimer: This article has been prepared in good faith on the basis of information available on the date of publication without any independent verification. The Author does not guarantee or warrant the accuracy, reliability, completeness or currency of the information in this publication nor its usefulness in achieving any purpose. The Author will not be liable for any loss, damage, cost or expenses incurred or arising by reason of any person using or relying on information in this publication. Readers are requested to consult a professional before taking any action.

(Author – Sonika Bharati, FCS, LL.B. is a Company Secretary in Practice based at New Delhi and can be contacted at sonika.bharati@gmail.com)