The induction of computers in the late 70’s has enabled humans to achieve great degrees of success but has also raised security concerns regarding them and hence resulted in the coining of a new term ‘Cyber Crime’ which has expanded across physical and virtual borders.
What is Cybercrime?
According to Merriam webster cybercrime is “criminal activity (such as fraud, theft, or distribution of child pornography) committed using a computer especially to illegally access, transmit, or manipulate data“. The list of cyber offences includes (but not limited to) digital piracy, privacy breaches, stalking, cyberbullying & harassment, etc. These crimes are commissioned with the help of various means which including phishing & pharming(where a webpage/website originally intended to steal information or plant malware appears to be genuine to the user), malicious links, adware, Distributed Denial of service attacks(DDoS), a brute force attack which prevents online services from working properly; ransomware(a malware which encrypts user data and demands ransoms in return to decrypt the same), cryptojacking(which involves using other people devices to mine cryptocurrency like illegally using a country’s mint to print physical currency), zero-day exploits(software vulnerabilities which can be used to break into the system).
Cybersecurity Ventures predicts cybercrime will cost the world in excess of $6 trillion annually by 2021, up from $3 trillion in 2015. Currently, cybercrime not only possesses a risk to the financial stability of individuals and governments but also to their security and privacy.
Primarily, financial losses stem from Ransomware attacks, digital piracy and sale of stolen data(such as credit card numbers and personal data). Some of the large and recent attacks include Wannacry Ransomware in May 2017(an attack which affected nearly 200000 computers around the world including NHS, Renault, Nissan, FedEx and locally Andhra Pradesh Police and state governments of Kerala, Gujarat, West Bengal, Maharashtra), NotPetya in June 2017(widely believed to be launched by the Russian government against Ukraine) pegged losses at $10 billion by some experts, Yahoo! Data breaches from 2014 to 2017 (impacted all 3 billion user accounts on the service), Github attack in February 2018(biggest DDoS attack ever), a similar attack was initiated on Dyn, DNS provider which impacted major sites such as Amazon, Netflix, Twitter, New York Times, etc as they were down for several hours; and Zynga in September 2018 reported a breach(impacted 218 million accounts). These are to name a few but the list is inexhaustible which include the likes of Adobe, Linkedin, Marriott International, etc.
They not only target businesses and enterprises but their victims include national governments too and can sometimes indeed impact the elections. The infamous Facebook-Cambridge Analytica(now-defunct British political consulting firm)scandal which uncovered how the firm collected and harvested personal user data on Facebook without their consent, in addition to data of their Facebook friends. It did so by persuading Facebook users to take a personality quiz which in turn made a psychological profile of users. Cambridge Analytica then sold the data to interesting political campaigns. The two Republican nominees Donald Trump and Ted Cruz used the harvested data to gain support from the traditional voter base along with targeting swing voters. In India too the firm analytics were used by Indian National Congress in various state elections and then again in the 2019 general elections. The firm was even employed in the Brexit leave/remain campaign in 2016. It was further used in Mexican, Australian, Brazilian and Kenyan elections to name a few. A release of documents by a Whistleblower Brittany Kaiser revealed that the firm has worked in 68 countries. Other notable cyber mischief’s which targeted national governments include hacking Hillary Clinton’s(Democrat Nominee) and Emmanuel Macron(French president) of posting them online.
Most of the recently published studies by cyber watchdogs focus on economic impacts and privacy breaches as this is the most sought after category by governments and enterprises which certainly undercuts the impact it has on individual mental health when they are bullied online. The Internet has provided many people including women to use the platform of social media to speak up and stand up against the sexual abuse faced by them through hashtags such as ‘#MeToo’ which brought some of the biggest names in every industry such as Harvey Weinstein, R. Kelly, Travis Kalanick, etc but on the flip side, it has also provided a platform for widespread harassment and bullying. It has enabled anti-social elements to do so without any fear of being caught. Intimidating journalists, rape threats, sharing of sexually explicit content, racist remarks, cyberstalking and cyberbullying has become a ‘new normal’ on the internet. A study by Amnesty International in the US & UK found that 1 out of every 14 tweets received by female journalists was either abusive, hurtful or hostile. While another study in 2017 by Norton by Symantec found that every 8 out of 10 Indians have been the victims of some kind of online harassment.
Laws in India
When it comes to protection against cyber offences in India one important piece of legislation is often referred to i.e. Information Technology Act 2000. But what’s interesting to note here is that legislation does not provide a formal definition of cybercrime. In the existing circumstances, it can be defined as a combination of crime and computer. Interestingly, even offences like trespassing, pick-pocket, assault, etc can be regarded as a cybercrime if aided by computers.
The I.T. act defines various terminology involving computers such as computer network, data, information, etc along with validating online transactions. The act at very basic aims to provide a regulation validating e-commerce and transaction at a time when E-commerce companies started to enter the Indian market along with an aim to regulate digital transactions. The act also lists some of the cyber offences and penalties for the same. The 2013 National Cyber Security Policy framework document further reiterated the need for infrastructure and more stringent laws in digital space to protect the interests of consumers. As of now the provisions of act seem outdated as it is now almost 20 years old now, during which technology has evolved drastically. But According to a statement by IT Minister Ravi Shankar Prasad on 26th February 2020, the government is working on new legislation to factor in cybercrime, data breaches and various other aspects.
One important bill that has been introduced in recent time regarding data privacy was the Personal Data Protection Bill 2019 on 11 December 2019 which aims to protect and safeguard user data and any breach or misuse or sharing of data without consent would attract heavy fines. The bill mandates all financial and critical data to be stored in India and the government will have the power to obtain non-personal user data from companies. The critics of the bill argue that the latter provision will give blanket power to the government to access user data. The bill seemed to belong due and the government also felt pressure to introduce a regulation after the EU did so by passing General Data Protection Regulation (GDPR) in may 2018 which was appreciated by many activists and ultimately became a model for various similar legislations around the world.
What government and individuals can do
Cybercrime is rising at an exponential pace around the world and India is now no stranger to it with reports suggesting loss of more than $18 billion in 2019 alone, apart from that according to Subex(A Bengaluru-based firm) India fared among top 5 of countries facing most cyber attacks.
With the second-largest internet user base(560 million) in the world, India is more vulnerable to cybercrimes than ever before. With the introduction of Jio in September 2016, which in turn, led to cheapest 4G data prices anywhere in the world, the internet suddenly became much more accessible, and a sudden surge in user base for which existing infrastructure wasn’t ready. The Jio revolution brought millions of people online but it also made them vulnerable as there was no time for governments and other regulatory bodies to enhance digital literacy and digital sanitization. But this only forms the chunk of the problem.
There’s a need for new and stringent legislation to even accomplish the basics of a Digital India. A new law with a definition of cybercrime and regulation on relatively newer technology such as cloud computing, cryptocurrency, social media, etc. Along with this prioritising digital literacy among citizens by means of introducing into the curriculum and organising nation-wide quizzes and competitions on the same. Further, mandating companies and government agencies to use data backup servers along with updated software to fight most of the Ransomware attacks(like one displayed by ‘Weather Channel’ where the company was able to recover from a similar attack because they had backed up their data on alternative servers) and Zero-day exploits. These are the most fundamental areas that need to urgently be addressed by the government.
Although the Budapest convention on cybercrime already exists it’s largely old and ineffective and more importantly non-inclusive due notable exclusions such as India, China, Brazil and Russia. So at present, there is a need for countries on an international level to come together and form a consensus something like Paris Accord in 2016 along with the formation of a dedicated International task force with sweeping powers to investigate cybercrime along with providing cyber intelligence and possible remedies to cybercrime.
Also, there is a need to act state-sponsored cyber attacks like ones originating in Russia and North Korea along with disclosure of vulnerabilities if discovered by any intelligence agency(unlike the National Security Agency(NSA) in the USA which discovered a vulnerability in Windows but kept it a secret until it was stolen and used to initiate WannaCry attacks). Also at this moment, cybercrime remains low risk – high payoff crime! so there’s a need for governments and enterprises to increase award money in Bug bounty programs(schemes in which hackers are promoted explore Zero-day exploits and it, in turn, awards huge sums of money but relatively less if they use the same information to break into systems).
But there are also many preventive actions we can take on an individual level because still, a large proportion of attacks take place due to low digital awareness. Like never leave your front camera on laptops uncovered as it could be remotely used by hackers to monitor and record your activities. Very basic tips always use antivirus but along with that also ensure you update it and also keep updating your phone and laptop software constantly. Never access any social media or bank accounts on a public Wi-Fi or public computers as your passwords can be stolen; always try to use a Virtual Private Network(VPN) service while using internet public networks and that too good and trusted VPN services because free VPN services have often been caught snooping data from devices.
Use incognito mode or private browsing on public computers to prevent from leaving any cookies(Pro tip: also use it to book airline tickets you will get cheaper deals). Never give non trusted apps access to your social media accounts and refrain from the habit of setting easy to guess passwords. Also, try to maintain social distancing from Whatsapp messages and websites claiming to give you millions of dollars for just downloading an app or sharing a link!