This article has been written by Shobhit Kapoor pursuing a Diploma in US Technology Law and Paralegal Studies: Structuring, Contracts, Compliance, Disputes and Policy Advocacy from LawSikho.
This article has been edited and published by Shashwat Kaushik.
Table of Contents
Introduction
The advent of social media has changed the ways we communicate with the world around us. The available platforms make us evolve not just our personal lives but also in our business development and growth. Earlier, while we were progressing in a “non-IT” way, we had some risks and threats – someone could issue us a cheque which may get dishonoured, someone could rob us of the cash we may be carrying to the bank, someone could do fraud with our accounts, failing our trust, etc. But now, with technology and social media forming the ever-growing backbone of our lives, we have additional demons to deal with. Online or cyber crime is the devil of today!
There is no denying the fact that social media forms a significant part of our lives. It is not unthinkable to say that an individual may most likely have at least one or more accounts on different social media platforms. Hoarse cries of identity theft, wrongful use of one’s personal information by cyber criminals, credit or debit card frauds and whatnot. The devil is getting mightier with each passing day and what is worse, he may impersonate you to defraud you.
The lurking danger
The interconnectivity of social media means it is a perfect hunting ground for illegal activity. There are many categories of cyber crimes on social media that we can talk about, but for the sake of simplicity, let’s look at the following ones:
- Broad-sweep scams, which mean luring users to click on something or visit pages that will push malware onto the user’s computer, are a traditional form of cybercrime.
- Digging out personal data that has been carelessly exposed by users.
- Fraudulently connect, exchange ideas and trade stolen information.
How social media contributes to the spread of cybercrimes
Social media has become a breeding ground for cybercrime due to its vast reach, interconnectedness, and the personal information shared by users. Let’s explore how social media contributes to the spread of cybercrime and the implications for individuals and society:
- Identity theft:
- Social media platforms often require users to provide personal information, including names, addresses, and contact details. This data can be easily harvested by cybercriminals through phishing attacks, malware, or data breaches.
- Once obtained, this information can be used for identity theft, where criminals impersonate victims to commit fraud, open credit cards, or access sensitive accounts.
- Phishing attacks:
- Social media is a common platform for phishing attacks, where criminals send malicious links or emails disguised as legitimate messages from trusted sources.
- These links can lead users to fake login pages or websites designed to steal passwords, credit card numbers, or other sensitive information.
- Victims may be tricked into providing their credentials or downloading malware that can compromise their devices.
- Malware and spyware distribution:
- Cybercriminals often use social media to distribute malware and spyware through malicious links, attachments, or infected apps.
- Once installed, these malicious programs can track users’ activities, steal sensitive data, or even take control of their devices.
- Infected devices can be used as part of botnets for DDoS attacks or to spread spam and malware further.
- Social engineering:
- Social media platforms provide a wealth of personal information about users, which cybercriminals can exploit through social engineering attacks.
- By analyzing users’ posts, photos, and connections, criminals can craft personalised messages that appear genuine and manipulate victims into revealing confidential information or taking actions that compromise their security.
- Financial scams:
- Social media is a prime platform for financial scams, such as pyramid schemes, Ponzi schemes, and investment fraud.
- Cybercriminals use social media to lure users with promises of quick and easy money and exploit their trust in friends and family who endorse the scams.
- Victims may lose significant amounts of money or become entangled in legal issues.
- Cyberbullying and harassment:
- Social media can facilitate cyberbullying and harassment, where individuals are targeted with hurtful or threatening messages, photos, or videos.
- Cyberbullying can have detrimental effects on victims’ mental health and well-being, leading to depression, anxiety, and even suicide.
- Cybercriminals may use cyberbullying as a tool to intimidate or manipulate victims into providing personal information or performing certain actions.
The spread of cybercrime through social media has far-reaching implications for individuals and society as a whole:
- Individuals: Cybercrime can result in financial losses, identity theft, reputational damage, and psychological distress. Victims may face difficulties in accessing financial services, obtaining employment, or maintaining relationships.
- Society: The rise of cybercrime undermines trust in online platforms and technologies. It can lead to increased fear and anxiety among users, making them hesitant to engage in digital activities. Cybercrime also has economic consequences, as businesses and governments incur costs associated with cyberattacks and security measures.
To mitigate the risks posed by cybercrime on social media, users need to practice good cybersecurity habits, such as using strong passwords, being wary of phishing attacks, and keeping software up to date. Social media platforms also have a responsibility to implement robust security measures, educate users about cyber threats, and work with law enforcement to combat cybercrime.
Broad-sweep scam
Users have an inherent “trust” in social media, and this trust has clouded their alertness in a big way. On a psychological level, this is known to the set of wrongdoers, i.e., cyber criminals and they know how to leverage the mental fabric of users. Among the layman users of social media, it is adequately known that one has to click or tap on something on the screen in order to risk being infected – thanks to a certain minimal awareness spread among the masses. However, cybercriminals are smart and are growing smarter by the day. They have now equipped themselves with something called “drive-by downloads” and infected advertisements, which can easily compromise the devices.
Usually, the initial installation of malware on a device opens the gates for cyber criminals to gain wrongful and unconsented access to the user’s device and all the data that is either present or can be captured. This compromised data is syphoned off, packaged and exchanged hands without the knowledge of the users to whom the data belongs or who generated this data through their navigational activities.
Let’s see how the data (sensitive personal data included) is captured. Once the malware has been installed, it creates a conduit for access, as stated above. Next,t using this malware and access, criminals install malicious software on the device, which hijacks the user’s online banking, usernames and passwords, medical records, etc., all of which are very personal and sensitive to the user.
Data is the new gold and has a monetary value – hence, the data is more or less up for sale by these criminals. And without you knowing about it !!
Personal data and hitting corporate IT infrastructure
Loads of data related to individuals are available publicly and hence to criminals. Such data pertains to which organisation or group the individual works for or is associated with, who are his colleagues and friends, who are associated with him in a professional or private capacity, his designation or role in the organisation, and so on and so forth. This data, collected on a large scale, opens doors to the IT infrastructure of corporate entities associated with the individual. Let’s see how.
The criminal can easily attack the individual with the help of the data he has shared publicly on social media and, at times, using broad-sweep methods. The next task would be to hit the machines (laptops or desktops) of those individuals. Once this is accomplished, the crook has already intruded into corporate IT. There are sufficient methodologies that can now aid in gaining access to multiple nodes within the corporate infrastructure. And what follows is a horror.
“Most organisations allow their users to connect to Facebook, to Instagram, to Twitter and other platforms and that’s where an attack – even if it was targeted at a home user – can have a significant impact on the workplace.” says Michael Sentonas, vice president of technology strategy at cybersecurity firm Crowdstrike.
Other forms of danger
Criminals are quick to set up a fake profile in order to evade detection and exposure. Social media never stops anyone from being there and doing what a person does, simply because human activity and the interconnection of people are the sole ideas that social media stands for. This means that one day, when you befriend an unknown person (or even a known person whose account has been hacked) on Facebook, you might be talking to the criminal himself. And if he is not talking, then you, as a Facebook friend, will make your activities and some of your data visible to him. It makes life a lot simpler for the rogue!
It is important to remember that all social media networks aim at connecting people; they have minimal ways of doing any due diligence on the man himself. A simple 2-factor authentication does not reveal an iota of man’s intent. While social networks do take a plethora of safety measures at the organisation as well as at the IT infrastructure level, there is always a constant conflict between the disclosure and security of user’s data. However, with more and more countries like ours enacting legislation like the Digital Personal Data Protection Act 2023, there is a general expectation of such networks to take additional measures because the Act lays hefty penalties for breaches of data and failures to obey the provisions of the law.
Trading for moolah
Social media is the source of compromised data for cybercriminals. Surprisingly, it is also a trading platform for such data. Criminals do this using their own real profiles built on the same social media, which feeds their intentions with compromised and carelessly exposed data about their prey.
The dark web is an underground online regime that cannot be visible or searchable on conventional search engines. It is hence associated with criminal activities, such as the sale of stolen data. Login credentials, credit card details and even digital identities exchange hands on the dark web.
Your personal data, such as name, address, ID, contact numbers, financial data, and access credentials, are sold like hot cakes. There are well oiled criteria for how buyers value the personal data that is on the block. Such factors include accuracy, freshness, demand, and quantity, amongst others.
Such data is exploited by hackers using system vulnerabilities. One can only imagine what the dark consequences of his/her data being floated on the dark web could be. The buyers are, of course, the ones with wrongful intent, though not always.
Important statistics
A 2021 global survey revealed that 21 percent of organisations worldwide were targets of one to ten social media attacks. Furthermore, 34 percent experienced 11 to 50 cyber attacks generated via social media.
India recorded 50,035 cases of cyber crime in 2020, with an 11.8 percent surge in such offences over the previous year, as 578 incidents of “fake news on social media” were also reported. Stepping back a year, we had 27248 cases in 2018, which gave way to 44735 cases in 2019.
578 cases of fake news on SM, 972 cases of cyber stalking, 149 cases of fake profile, and 98 cases of data theft. UP topped the list, followed by Karnataka, Maharashtra and others. Can we deduce that the lack of internet safety awareness in a relatively less tech-savvy state, such as UP, is a reason for this? The author pleads ignorance and does not make any inferences.
Cyber crime incidents (per lakh population) increased from 3.3% in 2019 to 3.7% in 2020 in our country, as per NCRB.
Talking of money, as we like to say, India lost 18 billion USD to cyber crimes in 2017. In our country, such numbers are underreported due to a lack of awareness.
Some definitions
Cyberstalking
Cyberstalking includes the use of the Internet, email, or other types of electronic communications to harass or threaten another person. This could be by sending annoying emails or text messages, posting on social media, or even hosting websites for the sole purpose of tormenting the victim.
Common cyberstalking offences are issuing threats, solicitation for sex, false accusations, defamation, slander, libel, etc. The offender – termed a “cyberstalker,” could be familiar with the victim or even a complete stranger.
Cyberbullying
Cyberbullying is typical bullying through digital technologies using social media, messaging platforms, gaming platforms and mobile phones. Often, it is a repeated behaviour of scaring, annoying or, in all circumstances, intentionally shaming the victims. Common cyberbullying techniques are: spreading false information or lies; posting embarrassing photos or videos; sending abusive and sometimes threatening messages, images or videos; and impersonating someone to send unwarranted and upsetting messages
How do you safeguard yourself on social media
There is no single remedy or, as they say, a magic bullet, against this menace. One needs to adopt a multi-layered approach for safeguards. Installing security packages and anti-virus is just one way and definitely not the end. To exemplify, we do have police and law enforcement agencies but we never stop being alert when there is a likely danger – we still lock our doors and install CCTV, don’t we? All this because it is a cat and mouse game all over—the good guys try to save themselves with every possible means, but the bad guys still catch up.
The anti-virus role
An anti-virus uses a signature based matching technique to identify a likely virus, malware, malicious code, etc. Industry experts are now demanding the use of AI-based security software that can stay abreast of the treacherous minds of cybercriminals. If not, stay ahead of the rogues; at least be at the same skill, albeit with the intent of annihilating their wrongful attempts.
The human angle
Nevertheless, security shall always need the human being, i.e. the user, to do his bit. No amount of automation can replace the alertness that a user can and should display. “We are not going to stop the end user from clicking on a video or following a particular link. But if we can protect them for 80-90% of what they do, then hopefully, with their education and common sense, we’ll get that to a 98-99% success rate,” says James, ECET.
Degrees of sharing
You must decide and ascertain what information about yourself to share on a social media platform. Most of such platforms provide the option to decide how much information you want to share with your friends and other people on that network. There is no harm, but rather much safety, in making your profile extremely private. By being a little or a lot less open to the world around you, you can be better safe than sorry.
Socialising
One must be vigilant to customise the security settings of one’s social media profile not just at the time of creating or registering the account but also periodically. It is best to avoid connecting with or sending friend requests to unknown people or joining any group. It might sound tough, but you must try to verify the identity of any individual before sending or accepting any friend request. Nonetheless, one has to be very careful not to provide too much personal information when joining any group.
Recourse to law
The readers must, to the least, note that we in India have a cyber crime portal hosted by the Ministry of Home Affairs. The URL: https://www.cybercrime.gov.in/ is accessible to all, and one can and should report even the most feeble cases of cybercrime that one has faced or been a victim of. The author himself is a regular at not just reporting such incidents on this portal but also lodging complaints on other’s behalf for the sake of spreading awareness.
Laws against cybercrime in India
Cybercrimes are a growing concern in India, as they are in many other countries around the world. In order to combat cybercrimes, the Indian government has enacted several laws, including:
The Information Technology Act, 2000 (ITA 2000)
The Information Technology Act, 2000 (ITA 2000) is landmark legislation in India that governs cybercrime and electronic commerce. It was enacted by the Indian Parliament in 2000 and has since been amended several times to keep pace with the rapidly evolving digital landscape.
The ITA 2000 defines various cybercrimes, including hacking, phishing, cyberbullying, and unauthorised access to computer systems. It also provides for the establishment of a Cyber Appellate Tribunal to adjudicate disputes arising from cybercrimes.
The ITA 2000 has played a significant role in combating cybercrime in India. It has helped to raise awareness about cyber threats and has provided law enforcement agencies with the tools they need to investigate and prosecute cybercriminals.
Here are some of the key provisions of the ITA 2000:
- Definition of cybercrimes: The ITA 2000 defines various cybercrimes, including hacking, phishing, cyberbullying, and unauthorised access to computer systems.
- Penalties for cybercrimes: The ITA 2000 provides for penalties for cybercrimes, including imprisonment and fines.
- Cyber Appellate Tribunal: The ITA 2000 establishes a Cyber Appellate Tribunal to adjudicate disputes arising from cybercrimes.
- Electronic signatures: The ITA 2000 provides for the use of electronic signatures in electronic transactions.
- Digital certificates: The ITA 2000 provides for the issuance of digital certificates by licenced certification authorities.
- Data protection: The ITA 2000 contains provisions for the protection of personal data and sensitive personal data.
The ITA 2000 has been amended several times since its enactment in 2000. The most recent amendment was made in 2018. The 2018 amendment introduced several new provisions, including:
- Expanded definition of cybercrimes: The 2018 amendment expanded the definition of cybercrimes to include offences such as ransomware attacks and online stalking.
- Increased penalties for cybercrimes: The 2018 amendment increased the penalties for cybercrimes, including imprisonment for up to 10 years.
- New offences: The 2018 amendment introduced new offences, such as the offence of online defamation.
The ITA 2000 is a comprehensive law that governs cybercrime and electronic commerce in India. It has played a significant role in combating cybercrimes and has helped raise awareness about cyber threats.
The Indian Penal Code (IPC)
The Indian Penal Code (IPC), enacted in 1860, serves as the primary criminal code of India. While it predates the advent of cybercrimes, several of its provisions have been found to be applicable in prosecuting such offences. Here’s how certain sections of the IPC can be used to address cybercrime:
- Section 420: Cheating and dishonestly inducing delivery of property: This section criminalises acts of deception or fraud aimed at inducing someone to deliver property or valuable security. It can be applied in cases where cybercriminals use phishing scams, fake websites, or other deceptive tactics to trick victims into parting with their personal information, financial details, or online accounts.
- Section 468: Forgery: Forgery involves the creation of a false document or alteration of an existing one with the intent to deceive or defraud. In the context of cybercrimes, this section can be invoked when individuals forge digital documents, manipulate electronic records, or create counterfeit websites to impersonate legitimate entities.
- Section 471: Using a forged document as genuine: Closely related to forgery, Section 471 criminalises the use of a forged document as genuine. This provision can be applied when cybercriminals use forged digital documents, such as fake passports or identity cards, to gain unauthorised access to systems, commit fraud, or impersonate others.
- Section 499: Defamation: Defamation involves harming someone’s reputation by making false and malicious statements. In the digital age, online defamation through social media, forums, or websites can have significant consequences. Section 499 can be used to prosecute cybercriminals who engage in cyberbullying, spread false information, or defame individuals or organisations through electronic means.
- Section 500: Punishment for defamation: Section 500 prescribes the punishment for defamation, which can include imprisonment for up to two years or a fine, or both. This provision serves as a deterrent against malicious online defamation and reinforces the protection of individuals’ reputations in the digital realm.
By leveraging these provisions of the IPC, law enforcement agencies in India can prosecute various forms of cybercrime. However, it’s important to note that the IPC was not specifically designed to address the unique challenges of cybercrime. As technology continues to evolve, there is a need for specialised cyber laws that comprehensively address the complexities and nuances of such offences.
The Copyright Act, 1957
The Copyright Act of 1957 is landmark legislation in India that provides legal protection to the creators of original works, such as literary, dramatic, musical, and artistic works, cinematograph films, and sound recordings. It aims to strike a balance between the rights of copyright holders and the public’s interest in accessing and using copyrighted material.
Key provisions of the Copyright Act, 1957:
- Copyright protection: The Act grants exclusive rights to copyright holders, including the right to reproduce, distribute, perform, communicate to the public, and adapt their works. This protection extends to both published and unpublished works.
- Copyright term: The duration of copyright protection varies depending on the type of work. For literary, dramatic, musical, and artistic works, the copyright term lasts for the lifetime of the author plus sixty years after their death. For cinematograph films and sound recordings, the copyright term is sixty years from the date of publication.
- Fair use: The Act recognises the concept of “fair use,” which allows limited use of copyrighted material without the permission of the copyright holder. Fair use includes activities such as criticism, comment, news reporting, teaching, scholarship, and research.
- Moral rights: The Act also protects the moral rights of authors, which include the right to claim authorship of their work and to object to any distortion or mutilation of their work that may be prejudicial to their honour or reputation.
- Registration of copyright: Copyright registration is not mandatory in India, but it provides several benefits, such as prima facie evidence of the validity of the copyright and facilitating legal remedies in case of infringement.
- Remedies for copyright infringement: The Act provides various remedies for copyright infringement, including injunctions, damages, and criminal penalties.
Significance of the Copyright Act, 1957
The Copyright Act, 1957, has played a pivotal role in safeguarding the rights of creators and facilitating the growth of the creative industries in India. It has helped to ensure that authors, artists, and other creators are fairly compensated for their work and have control over how it is used. The Act has also contributed to the preservation and dissemination of cultural heritage, promoting creativity and innovation.
However, the Copyright Act, 1957, has also faced criticism in recent years, particularly in light of the rapid advancements in technology and the rise of the digital age. Some argue that the Act is outdated and does not adequately address the challenges posed by the internet and digital piracy. There have been calls for amendments to the Act to bring it in line with international standards and to ensure that it remains effective in protecting copyright holders in the digital era.
Agencies to investigate and prosecute cybercrime
In addition to these laws, the Indian government has established several agencies to investigate and prosecute cybercrimes. These agencies play a crucial role in ensuring the safety and security of the country’s cyberspace.
The Cyber Crime Investigation Cell (CCIC) of the Central Bureau of Investigation (CBI) is the nodal agency for investigating cybercrimes in India. It was established in 2001 and is headed by a Director General of Police-rank officer. The CCIC has a dedicated team of cybercrime investigators who are equipped with the latest tools and techniques to investigate cybercrime. It has jurisdiction over all cybercrimes committed in India, irrespective of the location of the accused. The CCIC has also established a number of regional offices across the country to facilitate timely and effective investigations of cybercrimes.
The National Crime Records Bureau (NCRB) is another important agency that plays a role in the investigation and prosecution of cybercrimes. The NCRB is responsible for collecting and maintaining crime data, including data on cybercrimes. It also prepares and publishes the annual Crime in India report, which provides an overview of the crime situation in the country. The NCRB works closely with the CCIC and other law enforcement agencies to facilitate the investigation and prosecution of cybercrimes.
The Indian Computer Emergency Response Team (CERT-In) is the nodal agency for responding to cyber security incidents in India. It was established in 2004 and is part of the Ministry of Electronics and Information Technology. CERT-In is responsible for coordinating cyber security incident response activities in the country. It also provides technical assistance to organisations that have been affected by cyber security incidents. CERT-In works closely with the CCIC and other law enforcement agencies to ensure a coordinated response to cyber security incidents.
These agencies play a vital role in ensuring the safety and security of India’s cyberspace. They work diligently to investigate and prosecute cybercrimes and to provide technical assistance to organisations that have been affected by cyber security incidents.
Despite the efforts of the Indian government, cybercrimes continue to be a major problem in the country. This is due in part to the fact that cybercriminals are constantly finding new ways to exploit vulnerabilities in computer systems and networks. It is also due to the fact that many people are not aware of the risks of cybercrime and do not take adequate steps to protect themselves.
Here are some tips to help you protect yourself from cybercrime:
- Use strong passwords and change them regularly.
- Be careful about what you click on in emails and on websites.
- Keep your software up to date.
- Use a firewall and anti-virus software.
- Back up your data regularly.
- Be aware of the risks of public Wi-Fi networks.
By following these tips, you can help protect yourself from cybercrime.
Piece of advice
I strongly advise the more enthusiastic readers of this article who have the faintest of love for the good to register as a “cyber volunteer” on this cyber crime portal. Your contributions will help strengthen our country’s preparedness for unholy incidents happening on the internet or in the telecommunications media. You can use this portal to make recommendations to the government on cyber crimes and cyber safety. I urge you to bring your legal and technical prowess to contribute to the country’s initiative. You could also offer your help to the cyber cell of the police in your city. They need willing and knowledgeable people like you. You, too, will benefit from building your network and net worth by hobnobbing with law enforcement agencies.
Conclusion
Social media is, just like many other parts of our lives, a necessary evil that has claimed our attention. The good of this is to be nourished and enjoyed for the benefits it offers, such as bringing people closer, irrespective of the distance that separates them. However, there are criminals involved in the way that your messages and digital identities travel. Physically travelling out in the open means you are exposed to accidents, robbers and miscreants you may meet on the way. In a similar manner, the digital technologies that enable you to get your messages across in seconds also mean that there is a potential mistake that can happen along the way. Most importantly, a layman can be socially active on social media, but little does he know about the vulnerabilities that are not visible to him. Technologies will no doubt offer us solutions to lessen this risk of cyber crimes, but we, as active technology users, need to suit up too and be aware and vigilant about the safeguards.
References
- https://timesofindia.indiatimes.com/india/india-reported-11-8-rise-in-cyber-crime-in-2020-578-incidents-of-fake-news-on-social-media-data/articleshow/86230597.cms
- https://www.statista.com/statistics/309435/india-cyber-crime-it-act/
- https://www.bbc.com/news/business-36854285
- https://www.socialmediatoday.com/content/impact-cyber-crime-and-security-social-media