This article is written by Yash Jain, a third-year student of Institute of Law, Nirma University. The article expounds the concept of cyberspace and explicates the intricate issues related to the cyber world. Further, the article runs down to new challenges that the cyber industry faces in the modern era of cybersecurity.
Introduction
Fundamentally till World War II, the country was in 3 areas of warfare, that are land, sea and air. Today it is expanded to cyberspace and space. Some basic questions on which we need to ponder are, like who all use google, android, social media etc. The fact that the usage of internet has become a need today for many people. Crimes that result in a breach of cybersecurity has become highly prevalent today. There is a need to become aware of using technology, be it net banking or social media, etc.
Being connected in a global domain due to the Internet can be both beneficial and dangerous. One needs to understand its implications and be aware of the same.
There are two types of setups in a computer system- 1) hardware and 2) software. While the major developer of computer hardware is China, the software industry is held by the United States. The major 3A’s – Amazon, Alphabet and Apple constitute a vast share of the IT sector in the world, almost around 70%. This shows the control of data information of many people in the hands of few who then use the data to their advantage.
Advantages of the Internet
- Connectivity
- Accessibility to everything
- Improved communication
There are some disadvantages of the Internet also
- Privacy Infringement
- Misuse of Information
- Cyber crimes
In short, Everything connected as a result of the Global Network.
Difference between Cyber Security and Information Security
Cybersecurity: The ability to protect or defend the use of cyberspace from cyber-attacks is called cybersecurity.
Information Security: The protection of information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction in order to provide confidentiality, integrity, and availability.
What is Cyberspace?
For the first time in 1984, the word ‘cyberspace’ was used in the Novel ‘Neuromancer’ by Willam Gibson which is a science fiction and defined as an interaction between the human mind and computers.
Cyberspace refers to a virtual computer world having an electronic medium which forms a global computer network and facilitates online communication. Cyberspace is an illusory environment in which online communication happens. As a social experience, individuals can interact, exchange ideas, share information, provide social support, conduct business, direct actions, create artistic media, play games, engage in political discussion, and so on, using this global network. It has its own existence and is not synonymous to the internet which is only a medium and that cyberspace has its own independent existence.
The Indian Online market is the 2nd largest market behind China, accounting for 462 million internet users and 200 million active Social Media users. Out of this 71% are male users and 29% female users. The highest activities are recorded in the 6 pm to 10 pm time duration, with Mumbai and Delhi having the highest Internet traffic. India has the largest e-commerce sector in the world. Also, the Facebook App is currently being used by most of the Indians in the world. There are a lot more statistics which shows some great degree of usage of the Internet by Indians.
The above stats and figures only highlight what severe implications Indian users can have in the case of breach of cybersecurity. The information that is asked by various applications and websites may breach a person’s privacy and security like contact no., email id, detection of location, permission to use media, etc.
Features of Cyberspace
- Borderless territory.
- Interactive Virtual Environment.
- Unlimited accessibility.
- Ubiquitous in nature.
- Dissemination happens simultaneously.
- Duplication or copy is as original as the original work.
Data Regarding Indian Cyberspace
- 45.15% of the total population of India has access to the internet.
- India has the world’s largest number of Facebook users.
- India has the second largest online consumer base after China.
- Mumbai and Delhi account to higher internet traffic than other cities.
- Internet usage in India is primarily male-dominated.
Anatomy of Cyber World
- Surface web: (constitutes only 4% of cyberspace) Facebook, WhatsApp and other social media and online websites are a part of the surface web.
- Deep web: (constitutes only 90% of cyberspace) It is generally not directly accessible but accesses through Ids and passwords. Examples are medical records, legal documents, government files, organization-specific repositories, financial records and other virtual information.
- Dark web: (constitutes only 6% of cyberspace) All the illegal acts are performed in this space like pornography, illicit trade, illegal drug trade through the silk route.
Historical Data Breaches
- Ashley Madison Hack Case: Vast data comprising, contact no., addresses, names, etc. ended up upon the darknet for sale.
- Silk Road: An online darknet market for the sale of illegal drugs. It could be used by people anonymously.
- COSMOS Bank: Here, VISA and Rupay details were uploaded on the dark web, resulting in 94 crore theft from the bank.
- Yahoo: 3 billion accounts were hacked making it the biggest data breach in the history.
- eBay: Requested 145 million users to change their passwords after Yahoo.
- JP Morgan: 83 million household and business accounts breached.
- According to Kaspersky, there are 3,15,000 viruses created every day.
- According to Checkpoint, a market leader in security products, around 10 million devices, are using such malicious apps, with Hummingbird Virus.
- Infection largely depended on the Android version, KitKat (50%), Lollipop (7%), Jellybean (40%) Ice Cream Sandwich (2%) and Marshmallow(1%).
Cybersecurity: A New Challenge
Challenges that the technology space faces in cybersecurity are the following:
Ransomware Evolution
Ransomware attacks are one of the areas of cybercrime growing fastest in the economy. Ransomware is the bane of cybersecurity, IT, data professionals, and executives. Perhaps nothing is worse than a spreading virus that latches onto customer and business information that can only be removed if you meet the cybercriminal’s egregious demands.
Malware Attack
Malware is an all-encompassing term used for a variety of cyber attacks including Trojans, viruses and worms. Malware is simply defined as a code with malicious intent that typically steals data or destroys something on the computer. Viruses attach themselves to clean files and infect other clean files. They can spread uncontrollably, damaging a systems core functionality and deleting or corrupting files. They usually appear as an executable file that you may have downloaded from the internet. Trojans is a kind of malware disguises itself, it acts as legitimate software or is included in the legitimate software that can be tampered with. It creates backdoors in your security to let other malware in. Then, there are worms which are entire networks of devices either local or across the internet by using the network’s interfaces. It uses each consecutive infected machine to infect more.
Phishing
Phishing is like posing a request for data from a requested third party. Phishing attacks are sent via email and ask users to click on a link and enter their personal data. Phishing emails often falls into the category of spam but are way more harmful than just a simple ad.
Password Attacks
An attempt to obtain or decrypt a user’s password for illegal use is commonly known as a password attack. Hackers can use cracking programs, dictionary attacks and password sniffers for password attacks. Password cracking refers to various measures used to discover computer passwords. This is usually accomplished by recovering passwords from data stored in or transported from a computer system. Password cracking is done usually by repeatedly guessing the password through a computer algorithm in which the computer tries numerous combinations until the password is successfully discovered.
Password attacks can be done for several reasons but the most malicious reason is that in order to gain unauthorised access to a computer with the computer’s owners awareness not being in place. This results in cybercrime such as stealing passwords for the purpose of accessing bank information.
DDoS Attacks
It stands for distributed denial of service. It focuses on disrupting the service to a network. Attacks send a high volume of data traffic through the network until the network becomes overloaded and can no longer function. DDoS attacks involve the attacker using multiple computers to send the traffic or data that will overload the system. In many instances, a person may not realise that his or her computer has been hijacked and is contributing to the DOS attack.
Disrupting Services can have serious consequences relating to security and online access. Many instances of large scale dos attacks have been implemented as a single sign of protests towards governments or individuals and have led to major severe punishments including major jail time.
Man in the Middle Attacks
By impersonating the endpoints in an online information exchange the man-in-the-middle attack can obtain information from the end user and the entity he/she is communicating with. For example, if you are communicating online, the man in the middle would communicate with you. By impersonating your bank and communicate with the bank by impersonating you. The man in the middle would then receive all of the information transferred between both the parties which could include sensitive data such as bank accounts and personal information.
Malvertising
Malvertising is the name given in the security industry to those activities which are criminally controlled advertisements that intentionally infect people and businesses. These can be an ad on any site often ones which people use as a part of your everyday internet usage and it is a growing problem as is evident by a recent US Senate report and establishment of bodies like trust in ads.
These challenges can be under surveillance and methodical steps can be taken to avoid such malpractices. Large technology firms should collaborate and create solutions to increase security for their customers. Security controls need to move outward, beginning at the application level where such frauds can be caught easily. When there are no unified monitoring methods, firms become vulnerable.
However, when every network has monitoring that detects changes, data can be protected. With growing technology, the growth of cybercrime is evident but measure taken early and effectively can avoid cyber mishaps both big and small.
Categories of Cyber Crimes
- Cybercrime against persons (Examples are: Harassment, Spoofing, Carding, Stalking)
- Cybercrime against property (Examples are: IPR, Data theft, Trespass, Squatting)
- Cybercrime against infrastructure (Examples are: Attack on Critical Infrastructure)
- Cybercrime against society (Examples are: Pornography, Gambling, Cyber trafficking, Forgery etc.)
Types of Cyber Threats
- Email account hacking
- Credit card fraud
- Online share trading fraud
- Theft of confidential information
- Software piracy
- Music piracy
- Phishing
- Online scale of illegal articles
- Use of the internet by terrorists
- Virus, Worms and Trojans
Legal Infrastructure for Protection Against Cybercrime
Indian Legal Infrastructure for Cyberspace includes:
- Indian Penal Code, 1860.
- Immoral Traffic (Prevention) Act, 1956.
- Information Technology Act, 2000.
- Sexual Harassment at Workplace (Prevention and Prohibition) Act, 2013.
Online Reputation Management Tools
- Google Alerts
- Naymz
- Hootsuite
Best Safety Practices
- Web of Trust: Tells you which website should to Trust.
- Chat securely: gives encryption about the chat.
- Blur, Second thought, etc.
Concluding Remarks
The nebulous area of cyberspace introduces both the risks of becoming a victim and the precautions and laws to deal with a cyber offence. There is huge usage of the internet today but people do not know the degree of its vastness. Figures tell us the degree of risks people take while using the internet. There are various laws that deal with the area of cybersecurity. These laws are made to strengthen the deficiency that is there in the cyberspace world. There is a paramount need of having the data secured which will not be open to any site straightaway.
References
- https://niti.gov.in/writereaddata/files/document_publication/CyberSecurityConclaveAtVigyanBhavanDelhi_1.pdf.
- https://cyberblogindia.in/hummingbad-malware-heard-of-it/.
- https://www.itu.int/ITU-D/cyb/cybersecurity/docs/Cybercrime%20legislation%20EV6.pdf.
- https://www.globalsign.com/en-in/blog/cybersecurity-trends-and-challenges-2018/.
- http://www.convergenceindia.org/blog/cyber-security-challenges-solutions.aspx.
- https://www.dsci.in/content/cyber-security-challenges.
- https://www.financierworldwide.com/cyber-security-the-dos-the-donts-and-the-legal-issues-you-need-to-understand#.XQx48LwzbIU.
- https://iclg.com/practice-areas/cybersecurity-laws-and-regulations/india.
- https://ilr.law.uiowa.edu/print/volume-103-issue-3/defining-cybersecurity-law/.
- https://www.welivesecurity.com/2017/03/13/challenges-implications-cybersecurity-legislation/.
- https://www.geeksforgeeks.org/difference-between-cyber-security-and-information-security/.