Cybercrime is the most disruptive threat for financial markets, but at the same
time is the most underrated by both regulators and businesses. Cyber-attacks
have already caused considerable damage to detail retail businesses, mainly
through credit card and payment scams. The infrastructures of the markets mostly
involve digital systems, thereby coming within the scope of cybercriminals. If
losses generated by cyber-fraud in the retail world are capped by the size and
the utilization of an account, the potential damage from a cyber-attack on
business infrastructures is limitless.
In addition, markets react to new
information from traditional (newspapers) and innovative media platforms (social
media), the quasi-totality being stored on the Internet. Thus, altering reality
and spreading rogue information is another way cybercrime can inflict damage on
markets. With the creation of centralized counterparties, a group of a small
number of institutions indirectly expose all of the business sector to
cyber-risk, with consequences which have not yet been well studied and
understood.
Introduction
Cybercrime is already a big problem all over the world, and it's growing fast.
The law enforcement world is scrambling to catch up; legislators are passing new
laws to address this new way of committing crime, and police agencies are
forming special computer crime units and pushing their officers to become more
technically savvy.
However, the cybercrime problem is too big and too widespread to leave to
politicians and police to solve. The former often don't have the technical
expertise to pass effective laws, and the latter lack sufficient training,
manpower, and time—not to mention an understanding of the confusing issue of
jurisdiction—to tackle any but the most egregious of Internet crimes.
Cybercrime, like crime in general, is a social problem as well as a legal one.
To successfully fight it, we must engage people in the IT community (many of
whom might be reluctant to participate) and those in the general population who
are affected, directly or indirectly, by the criminal activity that has found a
friendly haven in the virtual world.
We can use a number of tactics and techniques, including the legal system, peer
pressure, and existing and emerging technologies, to prevent cybercrime. Failing
that, we can develop formal and informal responses that will detect cybercrime
more immediately, minimizing the harm done and giving us more information about
the incident, maximizing the chances of identifying and successfully prosecuting
the cybercriminal.
Insight to Cyber Crime
By definition, cybercrime involves the use of technology (typically a computer,
network, or network-enabled devices) for a variety of criminal activities, such
as hacking, identity theft, cyberbullying, online fraud, online harassment,
phishing, and many more.
Cybercrime, is the use of a computer as an instrument to further illegal ends,
such as committing fraud, trafficking in child pornography and intellectual
property, stealing identities, or violating privacy. Cybercrime, especially
through the Internet, has grown in importance as the computer has become central
to commerce, entertainment, and government.
Because of the early and widespread adoption of computers and the Internet in
the United States, most of the earliest victims and villains of cybercrime were
Americans. By the 21st century, though, hardly a hamlet remained anywhere in the
world that had not been touched by cybercrime of one sort or another.
New technologies create new criminal opportunities but few new types of crime.
What distinguishes cybercrime from traditional criminal activity? Obviously, one
difference is the use of the digital computer, but technology alone is
insufficient for any distinction that might exist between different realms of
criminal activity. Criminals do not need a computer to commit fraud, traffic in
child pornography and intellectual property, steal an identity, or violate
someone's privacy. All those activities existed before the "cyber" prefix became
ubiquitous. Cybercrime, especially involving the Internet, represents an
extension of existing criminal behaviour alongside some novel illegal
activities.
Most cybercrime is an attack on information about individuals, corporations, or
governments. Although the attacks do not take place on a physical body, they do
take place on the personal or corporate virtual body, which is the set of
informational attributes that define people and institutions on the Internet. In
other words, in the digital age our virtual identities are essential elements of
everyday life: we are a bundle of numbers and identifiers in multiple computer
databases owned by governments and corporations. Cybercrime highlights the
centrality of networked computers in our lives, as well as the fragility of such
seemingly solid facts as individual identity.
Aspects of Cyber Crime
An important aspect of cybercrime is its nonlocal character: actions can occur
in jurisdictions separated by vast distances. This poses severe problems for law
enforcement since previously local or even national crimes now require
international cooperation. For example, if a person accesses child pornography
located on a computer in a country that does not ban child pornography, is that
individual committing a crime in a nation where such materials are illegal?
Where exactly does cybercrime take place? Cyberspace is simply a richer version
of the space where a telephone conversation takes place, somewhere between the
two people having the conversation. As a planet-spanning network, the Internet
offers criminals multiple hiding places in the real world as well as in the
network itself. However, just as individuals walking on the ground leave marks
that a skilled tracker can follow, cybercriminals leave clues as to their
identity and location, despite their best efforts to cover their tracks. In
order to follow such clues across national boundaries, though, international
cybercrime treaties must be ratified.
Aside from technology utilization, which is the defining trait, cybercrime has
several more defining characteristics, including:
- The global reach: Cybercrime can be committed by someone in one part of the world to target victims in any other corner of it.
- The potential for anonymity: Cybercriminals use a variety of tactics to conceal their identity and location.
- The use of malware: This type of software is commonly used to infect computer systems, steal information, or gain unauthorized access to networks.
- The theft of personal information: The majority of cybercrimes involve some form of personal information stealing, which can later be used for fraudulent purposes.
- The potential for financial gain: This is one of the most common motivators for this type of malicious activity, with the majority of cybercriminals looking to make money through fraud or theft.
- Specialized Knowledge: To commit a cybercrime, a person needs to have good knowledge about computers and the internet. Many times, cybercrimes are committed by highly educated individuals as they possess accurate knowledge about the same. At times, it becomes very hard to trace them.
- Collection of evidence: Collecting evidence in a cybercrime is very difficult as the crime is committed in the virtual world.
- Geographical Challenges: Cybercrimes can be committed globally without physical presence at the location. Distance does not matter in cybercrimes; for example, a person sitting in India can target a person in Australia.
It is important to note that this is not a comprehensive list, by any means.
Even so, these few traits are more than enough to highlight the complexity and
seriousness of the issue. For these reasons, it is imperative for individuals
and organizations alike to take measures to protect themselves, whether it is
through password strengthening, regular software updates, or other more
sophisticated security measures.
Fundamental elements of Cyber Crime
Actus Reus and Mens Rea are the two most important element of a crime that is
needed to be proved to prove someone guilty of a crime. Actus Reus of cybercrime
is very dynamic and varied. In cybercrime it is very difficult to prove Actus
Reus. It cannot be proved unless the absence of consent or permission is proven.
Whereas, in the case of cybercrime, Mens Rea consists of two main elements,
firstly, there must be an intend to get the data from a certain device;
secondly, the knowledge of actus reus should be there when committing the crime.
Cyber Crime has no definition in the Information Act, 2000 even after amendments
made in 2008.
But different definitions have been given to cybercrime:
- US Department of Justice (1989): "any violations of criminal law that
involve a knowledge of computer technology for their perpetration,
investigation or prosecution".
- Cambridge Dictionary: crime or illegal activity that is done using the
internet.
- The Council of Europe Convention on cybercrime (2001): A wide range of
malicious activities, including the illegal interception of data, system
interferences that comprise the network integrity and availability and
copyrights infringements is known as Cybercrime.
Types of Cyber Crime
Cybercrime ranges across a spectrum of activities. At one end are crimes that
involve fundamental breaches of personal or corporate privacy, such as assaults
on the integrity of information held in digital depositories and the use of
illegally obtained digital information to harass, harm, or blackmail a firm or
individual. These new cyber-capabilities have caused intense debate. Pegasus
spyware, for instance, according to its creator, the Israeli cyber-intelligence
firm NSO Group, is sold exclusively to government security and law enforcement
agencies and only for the purpose of aiding rescue operations and battling
criminals, such as money launderers, sex- and drug-traffickers, and terrorists.
Yet, the smartphone-attached spyware, which can steal private data without
leaving an obvious trace of its activities, has been widely used covertly by
governments to track politicians, government leaders, human rights activists,
dissidents, and journalists. It was even used to track Saudi journalist and U.S.
resident Jamal Khashoggi months before his murder and dismemberment by Saudi
agents in October 2018. Also at this end of the spectrum is the growing crime of
identity theft.
Midway along the spectrum lie transaction-based crimes such as fraud,
trafficking in child pornography, digital piracy, money laundering, and
counterfeiting. These are specific crimes with specific victims, but the
criminal hides in the relative anonymity provided by the Internet. Another part
of this type of crime involves individuals within corporations or government
bureaucracies deliberately altering data for either profit or political
objectives. At the other end of the spectrum are those crimes that involve
attempts to disrupt the actual workings of the Internet.
These range from spam,
hacking, and denial of service attacks against specific sites to acts of cyberterrorism—that is, the use of the Internet to cause public disturbances and
even death. Cyberterrorism focuses upon the use of the Internet by nonstate
actors to affect a nation's economic and technological infrastructure. Since the
USA September 11 attacks of 2001, public awareness of the threat of
cyberterrorism has grown dramatically.
Classification of Cybercrimes:
Crime against an Individual:
- Gaining access to any computer or network without the permission of the owner.
- Stalking someone, causing them threat, is also a cybercrime.
- Indecent representation of any picture, or pornography, which destroys the minds of youngsters.
- Harassing someone by sending constant texts and messages to an individual.
- Taking over the pass codes of another person without his/her knowledge. The person doing such an act has a guilty mind.
Crime against Individual Property:
- Cyber Vandalism is one of the most common crimes against individual property.
- Intellectual Property Rights violations also come under crimes against individual property. In some cases, the person becomes deprived of his own rights due to this.
- Hacking someone's site or data.
- Getting access to someone's ISP ID and password without the knowledge of the owner. This also comes under hacking.
Crimes against Government or Organizations:
- Password Sniffing: This is an attack stealing the username and password from the network.
- Terrorism attack, which may result in harm to a country.
- Shutting down any network or machine to restrict a person from accessing it.
- Damage or destruction in digital form.
- Possession of any kind of unauthorized information.
Crime against Society:
- Distribution of obsolete material.
- Online gambling.
- Selling of products without permission.
- Human trafficking, drug trafficking, or trafficking of weapons. All of this is illegal.
- Offences like money laundering, corruption, etc.
- Threatening posts against any community, death threats, or rape threats.
Causes of Cyber Crimes:
- The computers have a high capacity for storing data in a little space. This helps criminals store a large amount of data at once and get access to more information.
- Easy Access: Though most apps now use high-security passwords, sometimes a security flaw is missed, allowing hackers to take advantage.
- Negligence on the part of users gives cybercriminals an advantage to gain illegal access to systems.
- Collection of evidence is one of the most difficult tasks in cybercrime cases, allowing criminals to commit more crimes without leaving a trace.
- Cybercrime does not have demographical restrictions. Criminals feel more confident since tracking them internationally is difficult due to a lack of a recognized legal framework.
- Youths today lack proper knowledge about cyberspace and cybercrimes, leading them to commit acts without understanding their legal obligations.
How to Prevent Cyber Crime?
- Enable two-factor authentication to prevent unauthorized access.
- Keep data virus-protected at all times.
- Ensure that device software is always updated to prevent security breaches.
- Use different passwords for different apps and change them regularly.
- Keep personal information confidential to ensure security.
- Children should be educated about cyberspace and cybercrime to prevent unintentional violations.
International Convention on Cyber Crimes:
The Council of Europe's Cybercrime Convention was opened in 2001 and came into force in 2004. It is the only legal international multilateral treaty on Cybercrime. This convention is also known as the
Budapest Convention on Cybercrime.
Features of the Convention:
- It facilitates the detention, investigation, and prosecution of cybercrimes.
- Implemented by an additional protocol adopted in 2003, which made the online publication of racist propaganda a punishable offence.
- The convention works on three dimensions:
- Certain conducts are criminalized.
- States are provided with procedural tools to be followed.
- States are obligated to cooperate in mutual investigations.
Offences Criminalized under the Convention:
- Illegal Access - Article 2
- Illegal Interception - Article 3
- Data Interference - Article 4
- System Interference - Article 5
- Misuse of Devices - Article 6
- Computer-related Forgery - Article 7
- Computer-related Fraud - Article 8
- Offences related to Child Pornography - Article 9
- Offences related to Copyright Infringements - Article 10
- Attempt, Aiding, or Abetting - Article 11
India did not participate in the drafting of the treaty and was concerned about
the sharing of data with foreign law enforcement agencies as it is matter of
infringement of national sovereignty and the mutual legal assistance regime of
the convention is not effective. So, India is not a part of the treaty.
Case Laws:
- Sharat Babu Digumarti v. Government of NCT of Delhi
In this case there was a conflict between the provisions of IPC and IT Act. The
Supreme Court in this case upheld that if an electronic media is included in an
offence then in that case IT Act alone would apply, as that was the legislative
intent. It is a settled principal that special laws would prevail over the
general laws and latter laws will over rule the prior legislation.
- Gagan Harsh Sharma v. State of Maharashtra
Employees were accused of data theft by the employer and sections 408 and 420 of
the Indian Penal Code and also under Sections 43, 65 and 66 of the IT Act. The
Bombay High Court ruled that charges against the employees under IPC will be
dropped.
Conclusion
Data plays an integral role in the commission of many cybercrimes and
vulnerabilities to cybercrime. Even though data provides users of it
(individuals, private companies, organizations, and governments) with
innumerable opportunities, these benefits can be (and have been) exploited by
some for criminal purposes. Specifically, data collection, storage, analysis,
and sharing both enables many cybercrimes and the vast collection, storage, use,
and distribution of data without users' informed consent and choice and
necessary legal and security protections.
What is more, data aggregation,
analysis, and transfer occur at scales that governments and organizations are
unprepared for, creating a slew of cybersecurity risks. Privacy, data
protection, and security of systems, networks, and data are interdependent. In
view of that, to protect against cybercrime, security measures are needed that
are designed to protect data and user's privacy.
Key Recommendations
In order to ensure the best protection against fraud and cybercrime, special
attention should be paid to the following:
- Consistent use of data analytics, monitoring, interface and key system logging, and full control of data analysis within all the relevant divisions.
- Planning and implementation of scenario-based, interactive sessions in order to assess fraud risk in the context of the sector and company. Risks must be identified and quantified as specifically as possible, and management must be informed of the risks posed to the organization and trained in the appropriate countermeasures.
- Establishment of key controls in crucial business divisions with preventative and deductive measures in place, including continuous monitoring of effectiveness. Further, automated technical solutions should also be implemented for support: Automated evaluation tools are increasingly significant for prevention, detection, and reaction (particularly in light of climbing rates of computer and cyber criminality). This is the case not least because of their efficiency (big data), versatility, and potential to lower the costs of forensic or deductive analysis, which otherwise would have to be carried out manually and laboriously by specialists.
- Formation of coordinated and targeted strategies, systems, guidelines, procedures, and processes for active defense against fraud.
- General awareness of and concrete training programs on fraud at all levels.
Bibliography:
- www.sciencedirect.com
- www.toppr.com
- www.cybsafe.com
- www.yourdictionary.com
- Searchsecurity.techarget.com
- www.coe.int
- AIR 2017 SC 150
- AIR 2019 CriL J 1398
- https://cybertalents.com/blog/what-is-cyber-crime-types-examples-and-prevention
Comments