WORLD OF CYBERSPACE AND ASPECTS OF INDIAN CYBER SECURITY AND CYBER CRIMES

By Anushtha Anupriya [0]

Abstract

Since the civilization has begun, mankind has always been ambitious and driven to make progress and evolve the existing technologies leading to colossal development and progress for further technological developments. Out of all the vital advances made, the development of cyberspace is perhaps the most significant of them all.

 Cyberspace is known as the virtual computer world, specifically, it is an electronic means used to manifest a global network to facilitate online communication to share information, act as a source of abundant information and resources, conduct business etc. It was all possible because of the advance development of the internet which is one of the most crucial progresses made by mankind. Although it has a lot of positive aspects to it, but it has also given rise to cybercrime and is even used for terrorist activities. 

Nowadays, a drastic increase is cybercrimes has been seen specially when almost the whole world was under lockdown due to COVID-19. In India also Cybercrime has surged amidst the country’s unprecedented COVID-19 lockdown. Attacks in India have increased by 37% in the 1st quarter of 2020, according to a recent report. Cyber-crime is emerging as a very serious threat to our society, he existing laws were not capable of governing the cyber space thus Information Technology laws were made to maintain harmony and co-existence in Cyber Space.

This paper is an effort to educate the people and expose them to a clear idea that it’s not safe to navigate in cyber world without knowing the threats and understanding the legal aspects of cyber security and its need for a safer experience. This report also compares the information technology law framework of India with that of the U. K to see the similarities and differences in cyber security policies in both the countries.

The purpose behind this paper is to provide better Understanding of cyber security and some of the impacts of the cybercrime. Cyber security is to provide prevention against the cybercrime, while cybercrime is a crime that involves a computer or a network which may have been used as a tool or could be a target to commit these offences like- phishing, fraud and identity theft, hacking, child pornography, invasion of privacy and many more. It reviews the current solutions to deal with the alarming rise in these criminal activities This paper includes need of cyber security, its challenges, types of cybercrime and legal responses and a brief comparative study of cyber-crimes and cyber laws of India with other countries .A few case laws have been discussed and innovative suggestions for future cyber security is proposed.

Keywords: Cyber Security, Cyber Law, Cybercrime, Hacking, Fishing.

INTRODUCTION

With the rapid technological developments, our life is becoming more digitalized. Everything is on the cyber space weather it is business, education, shopping or banking transactions. But as it is said every coin has two side, it is the same case with the internet.  With pros comes the cons of the cyber space and one of the major cons is cybercrime. Cyber Crimes are offences that occur in cyberspace or which involves a computer network. Today cyber world is the fastest growing space. Asian countries are amongst the highest users of internet in the world and India holds the 2nd rank amongst them, making it the 2nd top internet users in the world according to a survey done in 2019.

Cyber Crimes such as online fraud, trafficking in child pornography and intellectual property, identity theft, or violating a person’s right to privacy etc., harms an individual or a group by causing them mental harm or even financial loss[1]. This makes cyber security very important in today’s world. If we look at the states of cybercrimes in India state wise, we can see that Maharashtra and Uttar Pradesh has the highest no. of cases but the arrest ratio to it is very low. The lowest cybercrime cases registered was in Madhya Pradesh i.e. 1162 and lowest person’s arrested were in west Bengal.

Fig.2: Cyber Crimes in different states in India

Taking India against the world in terms of cyber-crimes it comes in the top 20 countries.  The chart below shows that the United States has been ranked number one (highest) cybercrime country in 2016 with a percentage of 23. Whereas India stands on the 11th position.

Fig.3: The higher cybercrime countries in 2016

If we talk about now when the whole world is going through this COVID19 pandemic, these cyber-attacks have increased exponentially. In India only the cyber-attacks have soared 86% in the four weeks roughly between March and April, according to recent Reuters reports. Cyber-crimes  are  increasing  in  frequency  and  causing  extensive  damage  to  governments, companies, society, and individual[2] .To protect our cyber space, cyber security is necessary.

 The purpose of this study is to have an overall understanding concerning cybercrimes, types of cyber-crimes, cyberlaws and cyber security their scenario in India and a comparative study with other countries. This paper is divided in to Four folds. Firstly, what is cyber security, current scenario of cybersecurity and cyber laws in India, and how can it be used against cyber-crimes. Secondly, a detailed study on cyber-crimes and its types. Thirdly, a comparative study of cyber-laws of India and the UK. Lastly, discussing cybercrimes in various countries. 

1.CYBER SECURITY

Cybersecurity is very important as it prevent cybercrimes and protects the cyber environment, and assets and data of the users by collection of policies, security safeguards, guidelines, risk management approaches etc. The assets of Organization and users comprises the computing devices connected through the internet, applications, services, telecommunications systems, and the information that is transmitted or stored through these telecoms in the cyber environment which are protected by cyber securities measures[3]. Cyber security attempts to safeguard the attainment and maintenance of the organization and user’s assets against germane security menaces in the cyber environment. Various countries, around the globe, have dedicated a separate field when it comes to cybersecurity measures and among these, hear are few of the top utmost devoted countries like United States, Malaysia, Mauritius, Australia, France Canada etc.[4] 

INDIAN CYBER LAWS AND IT’S IMPORTANCE 

Cyber-attacks now have grown rapidly, and their attacks are even more sophisticated now than ever, especially those companies and organisations that are responsible for safeguarding information regarding national security, health, or financial records, need to take preventing steps to protect their sensitive business and personnel information. Cybercrime laws in India are important because of the main reason that it covers and give protection from all the offences which occur on the internet – like transactions, social media and other activities which concern in the cyberspace. Cyber security is also crucial because military, financial, corporate and medical organizations store large amount of data on technological devices specifically computers. Organizations like these store sensitive and confidential data across networks and to other devices in the course and routine of the business which is crucial for the business. 

The nation’s top intelligence officials in March 2013 cautioned and announced that cyber-attacks and digital spying are the top threat to national security, eclipsing even terrorism which results as a threat to the entire nation. Thus, The National Cyber Security Policy 2013 was made to protect against the cyber-attacks which poses as a threat to national security. A vision and mission statement of this policy aimed at building a secure and resilience cyberspace for citizens, businesses and Government. The National Cyber Security Policy document outlines a roadmap and gives a blueprint to create a framework for comprehensive, collaborative and collective response to deal with the issue of cyber security at all levels within the country. The policy recognizes and addresses the need and demands for objectives and strategies that have to be adopted both at the national level as well as international front[5].

In India the Indian Penal Code has also gone through certain amendments in recent times to include crimes like fraud, forgery, theft, etc. which are offences done over the internet or electronic devices. Although, this is not enough to cope with the increasing cyber-attacks and thus, When the emphasis was on the need for cyber law or cybersecurity laws, then, the government of India brought in to force the Information Technology Act, 2ooo. 

The Information Technology Act, 2000[6], or also known as the Indian Cyber Act or the Internet Law came to force in India. In order to curb the menace caused by the cybercriminals, this Act was made. The prime objective is to prevent computer crime and to create an enabling environment for effective use of the internet along with reporting the cybercrime in India Cyber laws. The Cyber Laws in India not only authenticates digital signatures but also the documents on which it is done. When it comes to dealing with technology with respect to e-governance, e-commerce, and e-banking the IT Act is a complete law for that. 

The IT Act also states punishment for cyber-crime in India. It differs to case to case, depending upon which cybercrime has been committed and the severity and damage caused by the crime. Recently, on June 29, 2020, the government of India banned 59 applications from China based companies under section 69A of IT Act, to counter the threat posed by these apps to country’s “sovereignty and integrity of India, defence of India, security of state and public order.” Thus, through cyber laws helps in preventing cyber-attacks.

Although there are certain loopholes in Indian cyber laws which motivates criminals to do these cyberattacks.

LOOPHOLES IN IT ACT

India’s cyber security laws are flawed. The IT Act, 2000, is not a dedicated cyber security law, due to which, cyber security breaches are unreported and the rights, duties, and responsibilities of stakeholders in this regard are not elaborated properly.

  • A majority of cybercrimes are bailable offenses, which basically translates into inadequate deterrence to the offenders who violate the provisions of the law. 
  • The threat of data in the Cloud being lost: The Information Technology Act, 2000, have some provisions to deal with such cases of breaches of data on the Cloud, but they are only by way of compensation.
  • Cyber criminals (foreign criminals) there’s no conventional legal route to book these hackers who hack email accounts, websites and impose bogus profiles of celebrities across the web stealing data of others. 
  • There are no distinct dedicated cybercrime courts whose only job would be to deal with cybercrime matters for expeditious disposal of cases.

2. CYBERCRIMES 

The new government policy’s primary aim is to make the Internet safer by protecting Internet users and the have started to develop new services to achieve this too. Preventing cybercrime is an essential element of a national cyber security and critical information organization protection policy. Cyber-crime can be well-defined as “an illegal act adopted or expediated by a computer, the computer can be an entity of a crime, or used as a tool used to commit a crime or a source of indication connected to a crime.”[7]. The victim of a cybercrime can be an individual or a group; it could be against government and private organizations. The purpose behind a cyber-attack may be to damage someone’s reputation, or cause physical, or even mental harm. With the advancement of technology, recent cases of cybercrime in India has also increased. Cyber criminals are generally known as “Hackers”. In 2010, a computer worm Stuxnet attacked a lot of countries out of which India was the third worst-affected country by it.

In India, cybercrime can be defined as a crime or an unlawful act where the computer is used either as a tool, a target or both. Cybercrimes in India can be defined as when someone gain access to others computer of network system unauthorized and without the permission of the owner or place and performs any criminal activity is known as cybercrime.

Types of Cyber Crime in India

In India cybercrimes can be categorised depending upon who is the victim. There are mainly 4 categories which includes: –

  1. Cybercrime against a person
  2. Cyber Crime against property
  3. Cybercrime against Government
  4. Cybercrime against society

Now we will go through few of the cybercrimes committed under there categories.

1. Cybercrime against a person

  • Cyber stalking:  Cyber stalking is when a person is chased or followed online.  A Stalker can harass his targets by using the internet, emails, SMS, webcams, phones calls, websites etc.
  • Hacking: In simple words, hacking is an act committed by an intruder by accessing your computer system or network without your permission. The hackers can monitor every online activity of a person like logging in, credentials added, banking transactions made, etc. Among the all types of cybercrime it is the most dangerous and serous thread to the internet and e-commerce
  • Child pornography: It is the unscrupulous and illegal circulation of sexually implied material especially relating children.  Circulation of any material that has a tendency to deprave the mind of the minor children is also a cybercrime.
  • Defamation:  Cyber defamation takes place in cyberspace through the internet to libel and damage the reputation of the victim. Sometimes leaving a comment on social media like Twitter, Facebook, Instagram can also be liable.
  • Phishing: phishing simply refers to steal information like passwords, credit card details, usernames etc. over the internet. Email spoofing and instant messaging are used to target the victim in phishing. In this, the hackers make a direct link which directs to the fake page /website which looks and feel like identical to the legitimate one.
  • Identity theft: It involves stealing money or getting other benefits by pretending to be someone else. According to Information Technology (Amendment)Act, 2008, Section 66-C, it is stated that stealing someone’s identity is a punishable crime 

2. Cyber Crime against property:

  • Intellectual Property Crimes: Crimes such as online piracy, software piracy, infringement of patents, designs, trademark copyright, theft of source code, etc. comes under IPR thefts. It is one of the most common cybercrimes in India.
  • Cyber Vandalism: When during the period the network service is under attack and it causes damage to any data or electronic medium it is known as cyber vandalism.
  • Transmitting virus: A virus is a malware that contaminates files, disk drives, and computer programmes on the other hand worms are programmes that multiply like viruses and spread from computer to computer. Worms, computer vires, Timebomb, slang codes and Bacterium are some samples of malicious software that contaminate the computer.

3. Cybercrime against Government:

  • Cyber Warfare: It is an attacks on information systems takes place which is due to an Internet-based conflict involving political motives. Cyber warfare attacks can affect official websites and networks, cause mishap and disable essential services, steal classified data etc.
  • Cyber Terrorism: when government’s security system or intimidates government are hacked or when big organization invades the security system through computer networks to advance his political or social objectives, it is known as cyber-terrorism. It is an act of generating terror in the mind of people by using the web as a middle. Cyber Terrorism is dealt by Section 66-F of the Information Technology Act, 2002

4. Cybercrime against society: 

  • Online Gambling: Online gambling is illegal all over India, except in Sikkim, Gambling in general is an illegal activity according to the Public Gambling Act 1867. 
  • Cyber Trafficking: It can be trafficking in weapons, drugs, human beings, which affect the large numbers of persons.

CAUSES OF CYBER CRIMES

The vulnerability of the computer system creates a need of such laws are that protect and safeguard them against cyber criminals. The reasons for the vulnerability of computers are stated bellow:

Easy to access – Violating the technology by stealing access codes, recorders, pins, retina imagers etc. is the problem which comes while protecting a computer system for access that is unauthorised as it is easily possible. This can be used to fool biometric systems and bypass firewalls to get past many a security system.

Cyber Hoaxes: Just to cause threats or damage one’s reputation also Cyber Crimes can be committed. This is one of the most dangerous causes of them all. All they believe is in fighting their cause and want their goal to be achieved at all costs[8].

Negligence: It is one of the characteristics of human conduct. There are possibilities of not paying attention in protecting the system. This negligence gives the criminals control to damage the computer.

Poor law Enforcing Bodies and Loss of Evidence: Due to lack in cyber laws of many countries, many criminals get away without being punished. The data related to the crime can be easily destroyed thus motivating these criminals.

Cyber Crimes committed for publicity or recognition: Generally, where people just want to be noticed, the put-up thing to grab attention of others[9].

 FEW CYBER ATTACKS CASES IN INDIA 

  • UNION BANK OF INDIA HEIST (July 2016)- Through a phishing email sent to an employee, hackers accessed the credentials to execute a fund transfer, swindling Union Bank of India of $171 million, the bank was able to recover almost the entire money by prompt action.
  • WANNACRY RANSOMWARE (May 2017)- The global ransomware attack took its toll in India with several thousand computers getting locked down by ransom-seeking hackers. Amongst the systems affected were also the system belonging to the Andhra Pradesh police and state utilities of West Bengal.
  • DATA THEFT AT ZOMATO (May 2017)- The food tech company discovered that data, including names, email IDs and hashed passwords, of 17 million users was stolen by an ‘ethical’ hacker and then put up for sale on the Dark Web. 
  • PETYA RANSOMWARE (June 2017)- A container handling functions at a terminal operated by the Danish firm AP Moller-Maersk at Mumbai’s Jawaharlal Nehru Port Trust got affected by the ransomware attack. It made its impact felt across the world, including India.
  • PHISHING CASE: A Doctor from Gujarat had registered a complaint in with he said that some person has perpetrated an act through misleading emails apparently stemming from ICICI Bank’s email ID. The intention behind this act was to defraud the Customers.  
  • ONLINE CREDIT CHEATING AND FORGERY SCAM: A very prominent cases of 2003, a 21yr old engineering student Amit Tiwari had many names, bank accounts and clients with an clever strategy to defraud a Mumbai based credit card processing company.

DEFENDING AGAINST CYBER CRIMES

As noted from the above three cases, predefined safety from cybercrimes to safeguard the network of agencies are important. Below are few of the precautions for preventing yourself for becoming a victim of cybercrimes:

  • Use Strong Passwords: Selecting a password that cannot be easily guessed. If we use a combination of letters, numbers and symbols (e.g., # $ %!?) and have eight characters or more then it is considered as a strong password. Try to select especially strong, unique passwords for protecting activities like online banking, nothing related to your name or number. Keep your passwords somewhere safe and keep changing it time to time.
  • Protect your computer with security software: Basically, firewall and antivirus programs are considered as security software. The computer’s first line of defense I usually a firewall. Then comes the antivirus software, which and protects the computer from viruses and worms by monitoring all online activities such as email messages and Web browsing etc. 
  • Guard your email address:  Millions of messages to email addresses are sent by Spammers and phishers sometimes that may or may not exist in hopes of finding a potential victim. It’s better not responding to such mails.
  • Review bank and credit card statements regularly: If user can catch it shortly after their data is stolen then the impact of identity theft and online crimes can be greatly reduced. This can be done by regularly checking bank and credit card’s statements.
  • Secure your Mobile Devices: Many people are not aware that their mobile devices are also vulnerable to malicious software, such as computer viruses and hackers. Download applications only from trusted sources only. Anyone can track your movement through your GPS by installing malicious software. 
  • By updating the computers: keep your computer current with the latest patches and updates.one of the best ways to keep attackers away from your computer is to apply patches and other software fixes when they become available.

3.COMPARISON of IT law framework between India and the U.K.

  • Both India and the UK has important industry and civil society stakeholders. However, in terms of organizations focusing on cyber security, the UK has a much more robust cyber security society than in India. with industry and civil society being very important stakeholders in evolving the policy as well. This establishes a framework that could possibly be the reason for the UK taking up a light-touch regulation towards industry standards and reporting requirements. Further, both jurisdictions have programs and structures aimed at skill development, although the UK places a greater emphasis upon cyber security awareness.
  • Both jurisdictions specifically account for critical infrastructure protection (NCSC in the UK and the CIIPC in India) and emergency response (CERT-UK and CERT-In). The UK does not have a specific cyber security legislation under which these authorities have been set up, in contrast to the IT Act in India, which governs their functioning.
  • There is an absence of a central coordinating organization in India, which is a function fulfilled by the UK National Cyber Security Centre. However, the proposed National Cyber Coordination Centre is expected to fulfil this role in India.

4.Cybercrimes in Various Countries

 This section explains and clarifies the spread of e-crimes and the applicable laws in various countries: 

United Kingdom: According to a study carried out by cyber security experts at the University of Kent in 2011, more than 9 million adults in Britain were victims of hacked, and 8% of the population say they have lost money in the last year due to e-crimes. UK is interested in information technology, copyright in databases, regulations and the code of advertising.

United States of America: In 1986, a law was passed to the Electronic Communications Privacy (ECPA), which provides for identification judgments to protect the privacy of electronic communications and access third-party project for computers. (Neff, 1994).

Many other laws were also passed in US to tackle cyber-attacks such as Economic Espionage Act (EEA) passed in 1996, Controlling the Assault of Non-Solicited Pornography And Marketing (CAN-SPAM) passed in 2003 etc.

Malaysia: The Royal Malaysian Police reported that the 

top three types of e-crimes are: 

  • e-commerce fraud-online purchase.
  • Parcel scam.
  • Voice-over-Internet Protocol (VOIP) scam across border syndicates. (Majid,2012)

Malaysia amended the copyright Act in 1990, passed communication and multimedia act IN 1998

CONCLUSION

It has been deducted from this present study that with increasing rate of cybercrimes more detection techniques along with educating the users on being safe online needs to be established by educating them about the advantages and disadvantages of the web before using it. People should also know about the cyber laws against cybercrimes and take actions to fight against crime. These cyber crims and hackings are increasing and most of these crimes are committed by qualified people. Only time will tell. There will always be new and unforeseen encounters with cybercrimes, but the only way we can win is through partnership and association of both citizens and the government. India has taken a lot of steps to prevent and deal cybercrime, but the cyber law cannot be static, it must change from time to time and update with the upcoming challenges.

 Cyber security can never be completely achieved but maximum control and prevention can be implemented to detect and prevent the threats occurring. One can protect themselves for cybercrimes by ensuring certain protective measures such as- Network security, Malware protection, protecting you online passwords etc. 

References

[0]Student of KLE Society’s Law College

[1] Dacey, Raymond & Gallant, Kenneth S. (1997) “Crime control and harassment of the innocent, ” Journal of Criminal Justice, Elsevier, vol. 25(4), pages 325- 334.

[2] Broadhurst R. & Grabosky P., 2005

[3] Rayne  Reid,  Johan  Van  Niekerk.  From information  security  to  cyber  security cultures.  Information  Security  for  South Africa (ISSA). 2014. IEEE, 2014

[4] Global Cybersecurity Index 2017 (2017)

[5] http://nciipc.gov.in/documents/National_Cyber_Security_Policy-2013.pdf

[6] Information Technology ACT, 2002 – It is the law that deals with cybercrime and electronic commerce in India.

[7] by Royal Canadian Mounted Police in 2000, as quoted in Sameer Hinduj: Computer Crime Investigations in the United States: Leveraging knowledge from the past to address the Future, International Journal of Cyber Criminology, Vol.I, Issue 1, January 2007.

[8] Michael Massourakis & Farahmand Rezvani & Tadashi Yamada (1984) “Occupation, Race, Unemployment and Crime In a Dynamic System, ” NBER Working Papers 1256, National Bureau of Economic Research, Inc.

[9]  Panu Poutvaara & Mikael Priks (2005) “Violent Groups and Police Tactics: Should Tear Gas Make Crime Preventers Cry?, ” CESifo Working Paper Series 1639, CESifo Group Munich.