COVER STORY! V1 4th ISSUE 

A Feast to Cyber Criminals in India

Advocate Arshiya, Ritesh Kumar 0 Comment

Information Technology solutions have paved a way to a new world of internet, business networking and e-banking, budding as a solution to reduce costs, change the sophisticated economic affairs to more easier, speedy, efficient, and time saving method of transactions. Internet has emerged as a blessing for the present pace of life but at the same time also resulted in various threats to the consumers and other institutions for which it’s proved to be most beneficial. Various criminals like hackers, crackers have been able to pave their way to interfere with the internet accounts through various techniques like hacking the Domain Name Server (DNS), Internet Provider’s (IP) address, spoofing, phishing, internet phishing etc. and have been successful in gaining “unauthorized access” to the user’s computer system and stolen useful data to gain huge profits from customer’s accounts.

Intentional use of information technology by cyber terrorists for producing destructive and harmful effects to tangible and intangible property of others is called “cyber crime”. Cyber crime is clearly an international problem with no national boundaries. Hacking attacks can be launched from any corner of the world without any fear of being traced or prosecuted easily. Cyber terrorist can collapse the economic structure of a country from a place where that country might not have any arrangements like “extradition treaty” to deal with that criminal. The only safeguard would be better technology to combat such technology already evolved and known to the Hackers. But that still has threat of being taken over by the intellect computer criminals.

What is Cyber Crime?

Cyber terrorists usually use the computer as a tool, target, or both for their unlawful act either to gain information which can result in heavy loss/damage to the owner of that intangible sensitive information. Internet is one of the means by which the offenders can gain such price sensitive information of companies, firms, individuals, banks, intellectual property crimes (such as stealing new product plans, its description, market program plans, list of customers etc.), selling illegal articles, pornography etc. This is done through many methods such as phishing, spoofing, pharming, internet phising, wire transfer etc. and use it to their own advantage without the consent of the individual.

 

Many banks, financial institutions, investment houses, brokering firms etc. are being victimized and threatened by the cyber terrorists to pay extortion money to keep their sensitive information intact to avoid huge damages. And it’s been reported that many institutions in US, Britain and Europe have secretly paid them to prevent huge meltdown or collapse of confidence among their consumers.

Types of Attacks by Hackers

Hacker is computer expert who uses his knowledge to gain unauthorized access to the computer network. He’s not any person who intends to break through the system but also includes one who has no intent to damage the system but intends to learn more by using one’s computer. There are various methods used by hackers to gain unauthorized access to the computers apart from use of viruses like Trojans and worms etc.

  1. Computer Viruses: Viruses are used by Hackers to infect the user’s computer and damage data saved on the computer by use of “payload” in viruses which carries damaging code. Person would be liable under I.T Act only when the consent of the owner is not taken before inserting virus in his system. The contradiction here is that though certain viruses causes temporary interruption by showing messages on the screen of the user but still it’s not punishable under Information Technology Act 2000 as it doesn’t cause tangible damage. But, it must be made punishable as it would fall under the ambit of ‘unauthorised access’ though doesn’t cause any damage. Harmless viruses would also fall under the expression used in the provision “to unsurp the normal operation of the computer, system or network”. This ambiguity needs reconsideration.
  2. Phishing: By using e-mail messages which completely resembles the original mail messages of customers, hackers can ask for verification of certain information, like account numbers or passwords etc. here customer might not have knowledge that the e-mail messages are deceiving and would fail to identify the originality of the messages, this results in huge financial loss when the hackers use that information for fraudulent acts like withdrawing money from customers account without him having knowledge of it.
  3. Spoofing: This is carried on by use of deceiving Websites or e-mails. These sources mimic the original websites so well by use of logos, names, graphics and even the code of real bank’s site.
  4. Phone Phishing: Is done by use of in-voice messages by the hackers where the customers are asked to reveal their account identification, and passwords to file a complaint for any problems regarding their accounts with banks etc.
  5. Internet Pharming: Hacker here aims at redirecting the website used by the customer to another bogus website by hijacking the victim’s DNS server (they are computers responsible for resolving internet names into real addresses – “signposts of internet), and changing his I.P address to fake website by manipulating DNS server. This redirects user’s original website to a false misleading website to gain unauthorized information.
  6. Risk Posed On Banks And Other Institutions: Wire transfer is the way of transferring money from one account another or transferring cash at cash office. This is most convenient way of transfer of cash by customers and money laundering by cyber terrorists. There are many guidelines issued by Reserve Bank of India (RBI) in this regard, one of which is KYC (Know Your Customer) norms of 2002. Main objective of which is to:

(i)         Ensure appropriate customer identification, and

(ii)        Monitor the transaction of suspicious nature and report it to appropriate authority every day bases.

  1. Investment Newsletter: We usually get newsletter providing us free information recommending that investment in which field would be profitable. These may sometimes be a fraud and may cause us huge loss if relied upon. False information can be spread by this method about any company and can cause huge inconvenience or loss through junk mails online.
Cyber Crimes in India

With increasing mobile and internet penetration in the country, cyber crimes have also increased proportionately.  Between 2011 and 2015, more than 32000 cyber crimes were reported across the country. More than 24000 of these cases are registered under the IT Act and the remaining under the various sections of IPC and other State Level Legislations (SLL). Cyber Crimes in India are registered under three broad heads, the IT Act, the Indian Penal Code (IPC) and other State Level Legislations (SLL).

The cases registered under the IT Act include:

  • Tampering computer source documents (Section 65 IT Act)
  • Loss /damage to computer resource/utility (Section 66 (1) IT Act)
  • Hacking (Section 66 (2) IT Act)
  • Obscene publication/transmission in electronic form (Section 67 IT Act)
  • Failure of compliance/orders of Certifying Authority (Section 68 I T Act)
  • Failure to assist in decrypting the information intercepted by Govt Agency (Section 69 IT Act)
  • Un-authorised access/attempt to access to protected computer system (Section 70 IT Act)
  • Obtaining licence or Digital Signature Certificate by misrepresentation/suppression of fact (Section 71 IT Act)
  • Publishing false Digital Signature Certificate (Section 73 IT Act)
  • Fraud Digital Signature Certificate (Section 74 IT Act)
  • Breach of confidentiality/privacy (Section 72 IT Act)

 

On the other hand, cases are also registered under the IPC and those include:

  • Offences by/against Public Servant (Section 167, 172, 173, 175 IPC)
  • False electronic evidence (Section 193 IPC)
  • Destruction of electronic evidence (Section 204, 477 IPC)
  • Forgery (Section 463, 465, 466, 468, 469, 471, 474, 476, 477A IPC)
  • Criminal Breach of Trust (Section 405, 406, 408, 409 IPC)
  • Counterfeiting Property Mark (Section 482, 183, 483, 484, 485 IPC)
  • Tampering (Section 489 IPC)
  • Counterfeiting Currency/Stamps (Section 489A to 489E IPC)
Cyber Crimes up by more than 3 times in 5 years

The numbers of cases registered under the IT Act and IPC have been growing continuously. The cases registered under the IT act grew by more than 350% from 2011 to 2015. There was almost a 70% increase in the number of cyber crimes under the IT act between 2013 and 2014. The cases registered under the IPC increased by more than 7 times during the period between 2011 and 2015. Similar trend is observed in the number of persons arrested. The government also acknowledges the increase in the number of such crimes and that the introduction of technologies, devices including smart phones and complex applications, and rise in usage of cyber space for businesses has resulted in such an increase.

Safety Measures
  1. Preventing credit/debit card fraud: By taking certain precautions, a user can prevent their credit or debit card from being misused both online and offline.
  • Do not provide photocopies of both the sides of the credit card to anyone. The card verification value (CVV) which is required for online transactions is printed on the reverse of the card. Anyone can use the card for online purchases if the information is available with them.
  • Do not click on links in email seeking details of your account; they could be phishing emails from fraudsters. Most reputed companies will ask you to visit their website directly.
  • While using a credit card for making payments online, check if the website is secure the CVV will also be required.
  • Notify your bank / credit card issuer if you do not receive the monthly credit card statement on time. If a credit card is misplaced or lost, get it cancelled immediately.

2. Online Safety

We all know that the Internet is a cool place to hang with friends and check out new things. But don’t forget about the Internet’s risks and dangers. If you’re going to use the Web, do it safely. Here are some suggestions on what you should and shouldn’t be doing online to help protect you against the bad stuff.

Never reveal personally–identifiable information online: Never reveal any personally-identifiable information online, whether it’s on your profile page or in a blog, chatroom, instant messenger chat or email.

  • Always use a screen name instead of your real name.
  • Never give out your address, telephone number, hangout spots or links to other websites or pages where this information is available.
  • Be careful about sending pictures to people you do not know very well.
  • Never tell people personal or private information about your friends or family.

Don’t share password to others: Your passwords to websites, email accounts and instant messenger services should not be shared with friends or strangers.

Never arrange meetings with strangers: Just because you’ve seen a person’s picture and read his or her profile, does not mean you know them. Many people online lie about who they are and what their intentions are.

Download files or software carefully: There are a lot of files on the Internet that are unsafe to download to a computer. Some files will bombard you with pop-up ads all day long. Some files will actually track everything you and your family does on your computer, including your logins, passwords and credit card information, which criminals then use to steal money from you and do other harm.

Don’t respond to inappropriate messages or emails: Some people send inappropriate messages just to see if you will respond. If you do, you are simply encouraging them to send more inappropriate material to you.

Beware of personal questions from strangers: People you don’t know who ask personal questions are often up to no good. Don’t continue communicating with strangers who ask you personal questions.

  1. Take a test before opening e-mail attachment
  • Is the email from someone that you know?
  • Have you received email from this sender before?
  • Were you expecting email with an attachment from this sender?
  • Does email from the sender with the contents as described in the Subject line and the name of the attachment(s) make sense?
  • Does this email contain a virus? To determine this, you need to install and use an anti-virus program.
  1. Use Strong Password
  • Do not write it to some place where it is visible to someone else.
  • The length of password should be as long as possible (More than 8 characters).
  • Use alphanumeric characters and special characters in your password.
  • Computer intruders use trial-and-error, or brute-force techniques, to discover passwords.
  • You shouldn’t write them down nor should you share them with anyone, even your best friends.
  • For each computer and service you use (e-mail, chatting, online purchasing, for example), you should have a password.
  • Protect Your Website
  • Stay informed and be in touch with security related news.
  • Watch traffic to your site. Put host-based intrusion detection devices on your web servers and monitor activity looking for any irregularities.
  • Put in firewall.
  • Configure your firewall correctly.
  • Develop your web content off line.
  • Make sure that the web servers running your public web site are physically separate and individually protected from your internal corporate network.
  • Protect your databases. If your web site serves up dynamic content from database, consider putting that database behind a second interface on your firewall, with tighter access rules than the interface to your web server.
  • Back up your web site after every update.
6. Protect Your Personal Computer
  • Use the latest version of a good anti-virus software package which allows updation from the Internet.
  • Use the latest version of the operating system, web browsers and e-mail programs.
  • Don’t open e-mail attachments unless you know the source. Attachments, especially executables (those having .exe extension) can be dangerous.
  • Confirm the site you are doing business with. Secure yourself against “Web-Spoofing”. Do not go to websites from email links.
  • Create passwords containing atleast 8 digits. They should not be dictionary words. They should combine upper and lower case characters.
  • Use different passwords for different websites.
  • Send credit card information only to secure sites.
  • Use a security program that gives you control over “Cookies” that send information back to websites. Letting all cookies in without monitoring them could be risky.
7. Protect Your Children
  • Do not give out identifying information such as name, home address, school name or telephone number in a chat room.
  • Do not send your photograph to any one on the Net without initially checking with the parent or guardian.
  • Do not respond to messages or bulletin board items that are obscene, belligerent or threatening.
  • Never arrange a face to face meeting without informing your parent or guardian.

 

Author :

  • Advocate Arshiya – arshiyasweet80@gmail.com
  • Ritesh Kumar – riteshkumar.2006@gmail.com

Leave a Reply

Your email address will not be published. Required fields are marked *