In this article, Aditya Singh discusses the possible cyber threats while using facebook or similar social media handles.
- When Facebook was introduced in 2004, no one had ever imagined that there will be almost 2300 million users in which almost 1500 million are the daily user.
- Today social networking sites like Facebook, WhatsApp, Instagram, Twitter has become one of the most important parts of our life. Millions of people daily visit these websites to keep linking to their friends, shares their thoughts, photos, videos and even discuss their personal life.
- Today these are not merely medium of communication but has also emerged as a platform to voice an opinion and mobilize people for global revolutions. These social networking sites have had both positives and negative impacts. Commonly users make many risks and mistakes while using these social networking sites like using unauthorized programmes, unauthorized network access, misuse of passwords and transfer of sensitive information from their personal accounts.
- However, the excessive trust over social networking sites can be used to perpetrate a variety of cyber attacks and data leakages. Due to the daily increase in the number of social media users, there is also a significant increase in the number of cyber attacks on them.
- According to the data provided by the National Crime Record Bureau, there is around 70 percent increase in cybercrime annually from the year 2013-2016.
- According to the report provided by one of the security provider company, India ranks among the 2nd country in the world that has most suffered cyber crimes. Today cybercrime is manifested in many forms like a breach of privacy, misrepresentation of identity, cyber terrorism etc.
Cyber crimes in Social Networking sites
What is Cyber Crime?
Cybercrime is a crime that involves a computer and a network. Cybercrimes may be defined an offense that is committed against individuals or group of individuals with a criminal motive to cause physical or mental harm or any loss to the victim indirectly using modern technological methods like the internet. Any illegal act which requires a computer or computer system or computer network is a cybercrime. Also, any offense taking place over a computer can be called as a cyber offense.
There is also one problem attached to the cybercrime as it is borderless, so no court can attach its jurisdiction over it. The Indian IT Act, 2000 also defines cyber contraventions and cyber offenses. Cyber contravention is basically a violation of law or rules of procedure which may or may not attract a liability or penalty as the offender faces civil prosecution however cyber offense is an act which is prohibited and are basically punishable with fine or imprisonment or both as the offender faces criminal liabilities.
Form of Cyber Crimes
Primarily cyber crimes can be formed in three forms.
- Firstly, the offender attacks the electronic identity. With the use of sophisticated malware and viruses, they try to steal the personal details, details about the online transactions and other details which may cause harm to the person either physically, mentally or financially.
- Secondly, attacks on women and minors. Child pornography is one of the major crimes whose growth is almost dependent upon the cyber world. Generally, women and children are the more frequent victim compared to men by hacking their obscene pictures and then sharing into the world harming their reputation. Youngsters are generally deceived by messages done through the fake accounts and they become an easy prey to the offenders.
- The third attack is on infrastructures. These are easy targets for cyber offenders. There are many recent cases which have occurred like Adhar Card data leak or Facebook data leak which can directly harm the whole infrastructure of the country. These attacks on the vital nation may paralyze a whole nation as all the data is present online and leakages of these data may cause a severe financial harm to the country.
Cyber Crimes that are commonly prevalent in social networking sites are cyber defamation, cyber obscenity pornography, cyberstalking, hacking, privacy infringement, online frauds, unauthorized disruption of the computer system through viruses or malware or using any personal copyrights.
Impact on Breach of Privacy
According to the article 21 of the Indian Constitution, Right to Privacy is the fundamental right of every citizen and state must take appropriate steps to protect the privacy of the person which can be recognized through various judicial pronouncements. Privacy involves the right to controls one’s personal information and also the ability to determine how that information may be obtained and used. It is one of the most informant rights of any citizen and a large number of cases has emerged which involves the breach of privacy of a person through social networking sites.
Social Media Accounts that are generally targeted
Even if your account is at the highest security level, there is a greater chance of having your identity stolen. The same has been seen in many cases like in the previous year almost 300 million personal information was leaked from Facebook which claims to be one of the safest sites to provide cybersecurity about its content.
In the year 2016, SecureWorks revealed about the tactical details about the threat of Russian Threat Group-4127 attacks on the Hillary Clinton’s presidential campaign emails. Then in September, Bill Gertz of the Washington Times reported on another cyber attack on Hillary Clinton’s emails, presumed to be the work of the attackers from Russia or China. This clearly tells us that even the election are tried to be influenced by hacking the personal data of the candidates. In the same time, it was seen that millions of Facebook accounts were hacked in the US to manipulate the election result.
Orkut once used be the leading social networking site before the launch of Facebook. Many people have not deleted their personal information which was given to Orkut and was available to the hackers for exploitation of personal information. The public search option is available in almost all the social networking sites and it enables the personal information of the users to be exposed to anyone who tries to search about the same like email id, date of birth, pictures, videos etc. which has been shared by the user. Further, use of applications and games available in the social networking sites runs a grave risk to the identity of a person. These applications seek access to all personal information and these are not secure at all to protect the information.
Most of all the cyber attacks have generally done by the people of foreign countries just to manipulate the things according to their need. But it is not true at all that only foreign cyber attackers can be blamed. Recently, Pierluigi Paganini @securityaffairs reported about the police arrest of two North Carolina men who were alleged to be the member of the notorious cyber group called ‘Crackas with Attitude’ who were responsible for leaking personal information of about 31k US agents and their family.
In India, data protection is generally governed by the Sec 43A, 72A, 69 and 69B of the IT Act, 2000. Section 43 widens the scope of data protection by providing the definition of the ‘personal sensitive data and also talks about the protection of these data by the data handler in a careful manner. In case of infringements, data handlers and offenders can be both held liable for extavent penalty exceeding 5 crores. Section 72A also specifies liability for intermediary if he discloses any personal information which he accessed while providing services under a contract and such disclosures were made with an intention to cause any type of loss to the person. Section 69 and 69B empowers the state to issue directions for the interception, monitoring and even collection of traffic data or information through any computer resources for cybersecurity.
Today the cyber threats are increasing day by day and it more likely looks like a combination of all these:
- Data manipulation
- Advanced Persistent Threat
- Phishing or Trojans
- Distributed Denial of Service (DDoS)
- Wiper attacks
- Intellectual property thefts
- Data destruction
- Theft of money
- Rogue software
- Unpatched software
Common social media security risks
- Unattended social media accounts: It is very important to handle all those social media accounts we don’t use it or we have stopped using it. Idle social accounts are generally targeted by the hackers who try to send fraudulent messages under your name. Knowing the account unmonitored, once they are able to get control, they could send anything from false information to virus linked attachments which can cause a serious harm to the account holder as well as their followers.
- Cyber defamation: It refers to the publication of false information in the electric form. In order to determine this court has taken several consideration like time of occurrence, modes of publication and jurisdiction of the court. Being borderless, it becomes very difficult to determine the jurisdiction. Cyber defamation is punishable under Section 499 of Indian Penal Code and section 4 of IT Act, 2000. Before it was also punishable to post offensive statements but it was struck down by the courts as the court observed that this restriction violates the Right to the expression of a person which is a fundamental right provided by the Indian Constitution.
- Cyber pornography: It includes online porn videos or magazines or anything else which provides an online medium for the stimulation of sexual behaviors. Obscenity without a social purpose or profit cannot claim protection under the ambit of free speech or expression. The court in Ajay Goswami v. Union of India discussed that the test of judging a work should be that of an ordinary man of common sense and prudence and not an out of ordinary or hypersensitive man.
Internet Corporation for Assigned Names and Numbers have given formal recognition of cyber pornography in the name of ‘xxx.com’ domain. However, it is not true at all for the child pornography as it is condemned all over the world and it is also made punishable in India through section 69B of IT Act. Section 66E also protects the bodily privacy by imposing punishments to all those offenders who try to capture a picture of the private body parts without permission. Publication of sexually explicit content is also punishable under section 67 of IT Act.
- Cyberstalking: It includes the online stalking of any person to cause any type of harm to that person. Generally, these are done to keep an illegal watch on a person so that they can manipulate them according to their benefit. It is also an offense under the 354D of Criminal Law (Amendment) Act, 2013.
Fraudulent Transaction and Manipulation
Today social media account are solely made to the purpose of hacking the personal banking or transactional details to cause financial harm to the person. In recent years, there is a severe increase in the number of these types of cyber attacks and generally, people are not able to protect from these attacks due to the insufficient or incapable of watchdog bodies.
It is generally done by sending messages linked with some virus which includes a link which is asked to be open and the opening of these links injects viruses in the system. These viruses can destroy the whole system or can steal all the personal data present in the system. Section 43C of the IT Act imposes liability to the offender to pay compensation who has sent these type of viruses to the people. Recently, the world has seen a very powerful virus attacks Ransomware which affected almost millions of computer across the world and due to the borderless crime, the offender has not got any punishment.
Hacking simply means trespass in the virtual world. The attackers do a research about the targeted person and through this, they try to hack their social media accounts for their own gain. In the recent year, there have been many cases in which hacker has hacked the social media accounts of many celebrities and tries to send offensive and fraudulent messages to their followers. Section 43 of the IT Act imposes strict punishment to the people who try to have an unauthorized access to anyone’s social media accounts.
In today’s advanced world, a terrorist organization is also using social networking sites to spread terrorism. There are many cases where cross-border terrorism has been spread through social media. Almost all the terrorist organization uses the social media platform to influence people toward terrorism by sending offensive posts, videos or article which justifies their terrorism. There is a great need to stop this because the much terrorist organization like ISIS greatly manipulates youth from across the world towards terrorism through social media. It has also been revealed from many cases that terrorist organization uses social media platform for providing direction to their sleeper-cells. The Paris attack in 2015 was fully planned and operated through social media accounts. Being borderless and not an easy task to keep watch on these type of activities in social media platform, these platforms are becoming one of the safest places for the terrorist organization to give direction and operate their activities.
Social media security tips
Create a Social Media Policy
Government or the private business organization should be made the certain policy of using social media accounts which must include brand guidelines which must tell about how to communicate or use social media accounts. There should be some rules or guidelines about the confidentiality and sharing of personal data on social media. There should be a department responsible for all social media accounts and guidelines to create a strong password and also to change passwords at regular interval. Also how to avoid spams and malware and to keep the updated software. Also how to respond when something has happened.
Also, all the social media users must be trained how to use and handle their accounts in the best possible way. Training should be given at regular intervals about all these and also there should be a regular protection guideline which must be given for the better protection of the accounts. There should be guidelines for limited social media use and to use in the most effective manner and not to share all the personal information. There should be also a system for the approvals of social media posts and to keep away from all those posts which may cause cyber attacks on the user.
Other preventive measures
- Always avoid sending any photographs or media to an unknown person on social media as they can use those things for cyber crimes.
- We should always update our software and antiviruses for better protection.
- Payments made in purchasing applications or games in social media accounts must be made in secure mode so that hacker may not be able to hack those payment modes.
- New users or kids must be given awareness programmes of how to use social media in an effective and secure way.
- Website owners and intermediates must monitor website traffic and also take appropriate steps on the abnormal activity.
Cyber Threat Intelligence is Necessary for Enterprise
Advanced threat actors such as nation-states, organized cyber criminals and cyber espionage actors represent the greatest information security threats to the enterprises. Many organizations are not able to detect these threats due to the low or slow approach to protection, incompetent resources etc. Enterprises should then monitor mission-critical IP addresses, domain names and IP address ranges (e.g., CIDR blocks). This can grant advanced warning while adversaries are in the planning stages. With this enhanced visibility, you can gain improved insight into ongoing exploits, identification of cyber threats and the actors behind them. This allows you to take proactive steps to defend against these threats with an appropriate response.
Cybercrimes have been menacing the social media platform from the very beginning. This has manifested in many forms like hacking, sending spams or injecting viruses. The world has seen many cases of cyber attacks which have caused due to the social media platform. There has not been any concurrent law or any competent court to have jurisdiction over these matters as the cyber crimes are borderless. There is a need for an effective policy for the use of social media platforms. There must be some concurrent measures to find cyber evidence. Since this is a borderless crime, all the country should come forward to make a concurrent and strict law to protect the online source as it can harm to any person, organization or whole country as all data is present online and leakages of these data can have a devastating effect.