(By Shibaji Roychoudhury)
Almost half of India’s online population, as many as 11.3 crore have been affected by cybercrime in 2014. According to the latest Norton Cybersecurity Insights Report, each one of these online users, on an average, lost Rs 16,558 each. Despite this growing threat, India is hopelessly, hilariously outgunned when it comes to combating cybercrime.
Does this alarm you? If it does, then what comes next will scare the bejesus out of you. Cybercrime has escalated to a whole new level, wherein, not only your financial possessions or personal information are in danger, but even your life is vulnerable. Even those who do not use the internet are also at risk.
Terror groups are exploiting the online medium; cyber fishing is at an all time high, use of online currency is increasing by the day, online lottery scams have evolved from your computer now to your smartphone and while the internet has become integral to modern life, unfortunately it has also become a haven for harassment.
Here are 5 emerging trends in the world of cybercrime:
Terror groups exploiting cyberspace
Possibly the scariest threat of them all is that terror organisations like Islamic State (ISIS) have been misusing the online medium for their own interests. From rumours of using gaming consoles like Sony’s Playstation 4 for coordinating the recent Paris attacks to using social media for recruitment to setting up crowd funding websites to accumulate money for funding their attacks to bragging about their attacks with pictures and statements on social media websites like Twitter, terror organisations have taken cybercrime to a whole new level.
At the International Conference for Cybercrime held on November 19 in Delhi, Dan Shefet, a Paris-based cybercrime attorney said: “Time and again, terror groups have found new methods to attack civilised society. However, exploiting cyberspace has been their most effective one as yet. Firstly, the cyber laws are weak in most countries of the world. Then, social media companies are mostly based in the US, which rarely ever cooperate during investigations and surveillance. So, combating this threat becomes extremely difficult.”
Meanwhile, terrorists continue to abuse the cyber world, going unchecked. For instance, a 14-year-old Austrian teenager was apprehended last year, after he connected with the Islamic State of Iraq and the Levant (ISIL), using his Sony PS4 and downloaded instructions on how to build a bomb. According to a report in The Telegraph, the ISIL offered $25,000 to the teen to execute a series of bombings in Vienna.
Hacking your personal financial information
Hacking is an old story, isn’t it? We have seen many Hollywood movies wherein hackers have wiped out millions of people’s savings from their banks. But, that wasn’t something that we were worried about until now.
Online fraudsters are now using two methods in specific, to dupe Indians of their hard-earned money. “They deactivate the SIM card of your smartphone and make a duplicate SIM to get your banking one-time password and get access to all the money in your savings. In other cases, they install software onto your computer or phone by sending malware. It locks and encrypts your device with an RSA algorithm and you only get a message demanding ransom, and it threatens to permanently lock the system and delete all data stored in it,” Balwinder Singh, former Special Director at the Central Bureau of Investigation (CBI) said at the cybercrime conference.
Credit cards vulnerable
In order to make your credit card more secure, banks have replaced most of your old credit cards with new ones containing a magnetic chip in them. However, researchers at the École Normale Supérieure University and the Science and Technology Institute CEA have found cases in which, hackers modified a stolen credit card that was cancelled by the owner and inserted a second chip, which was capable of spoofing the PIN verification when sent to a Point of Sale (POS) terminal.
According to the research paper, the fraudsters took advantage of a long-known vulnerability in Chip-and-PIN systems to perform a "man-in-the-middle" (MITM) attack.
Modifying credit cards is a strenuous process; the easier thing to do is hack a service provider. For instance, Ola Cabs was hacked earlier this year and while the company denied data breach, the hackers who go by the name Team Unknown, who took responsibility of the hack through a Reddit post said they accessed sensitive date like the customer’s credit card information.
“There are many such online service providers that get hacked but you don’t hear about it since the company keeps it quiet. But the hackers get all your credit card information, transaction history and then put it out for sale to the highest bidder,” Singh said.
Once such case was identified in Vadodara in September this year when an engineering student, Bhavik Gajjar, was arrested by the crime branch after he “purchased” the data of credit cards that belonged to three US nationals from a hacking website. A report in The Indian Express revealed that Gajjar used the details to book airline tickets.
“It has become so easy for online hackers that even a young boy can buy sensitive financial data of someone’s credit card online, living halfway round the world,” Singh added.
Online harassment
It is true that social media websites like Facebook and Twitter have given people a platform to put forward their views, however, it has also left them vulnerable to slander, character assassination, intimidation, defamation and in some cases, even threats of rape and death.
Now, if someone in person threatens to kill you, one can go to the cops and report the matter. But the problem lies in lack of awareness among the cops. They cannot investigate a crime when they don’t understand the medium through which it happened. Cops are yet to get acquainted with crimes committed on social media platforms. It’s somewhat like, if someone tried to drown you, you don’t want the police saying “I get the murder attempt but what is this water thing you keep bringing up”. And in the absence of clear and specific cyber laws, the police are often handicapped while investigating.
Revenge porn
Women aren’t just threatened and harassed online, the internet has thrown up a whole new way to wreck their lives – it’s called revenge porn. In this scenario, nude pictures of people are posted online without their consent and it can be devastating.
Two separate cases were reported this year. In Nargol village of Valsad (Gujarat), a 21-year-old man was booked for posting photographs of his ex-girlfriend in compromising positions on social media websites. In the other case, a 24-year-old Mumbai-based bank executive’s naked photos along with a video were uploaded on a porn website by her former husband.
And while it is relatively easy to get social media sites to take down such illicit images, when it comes to porn sites, the process may take several months.
Things get worse when women go to the police to lodge a complaint. If you didn’t want such pictures to become public, then you shouldn’t have allowed them to be clicked. However, that is somewhat like saying; if you didn’t want to get burgled, you shouldn’t live in a house.
Truth is, this country needs new cyber laws and e-crime training for not only the police and investigating bodies, but also for the prosecutors and the judiciary, because a lot of times, even they don’t understand the criminal aspect of online crimes.