This article has been written by Mayuri Shukla, pursuing the Diploma in Cyber Law, FinTech Regulations and Technology Contracts from LawSikho. The article has been edited by Zigishu Singh (Associate, LawSikho) and Smriti Katiyar (Associate, LawSikho).
Man has become increasingly dependent on the internet for all of his needs as technology improves. The internet has given man instant access to everything from a single location. Social networking, online shopping, data storage, gaming, online education, and online jobs are just a few of the things that may be done using the internet. The internet is used in almost every facet of daily life. Post the advent of the Covid-19 pandemic, the work from home culture emerged, entrapping man further into the web of tech-based tools to fulfil work, education, entertainment and communication needs. When the Internet was first conceived, the founders of the Internet had no idea that it would grow into an all-encompassing revolution that might be used for criminal purposes and would demand control. There are a lot of disturbing things going on online these days. Because of the anonymous nature of the Internet, anyone with knowledge of the internet can participate in a range of illicit acts with impunity, and these individuals have been abusing this feature of the Internet to further illegal activities in cyberspace. This is the reason cyber laws are required in India. The concept of cybercrime rose in popularity as the internet and its attendant benefits expanded in popularity. Hence, there are various sorts of cybercrime.
Cybercrime is defined as any illicit activity that involves the use of a computer as a tool, a target, or both. Cybercrime is a rapidly evolving field of crime that is growing at an exponential rate. There are various Cyberlaw issues involved at every point in time, from registering your domain name, setting up your website, marketing your website, sending and receiving emails, to the moment you perform electronic commerce transactions on the aforementioned site. Criminals have realised the convenience of committing crimes in the online world thus the enactment of proper laws and infrastructure to regulate cybercrime has become a serious concern. The primary victims of the violation are women and children. Basically, cybercrime is on the rise because it is seen as the simplest method of committing a crime, and people with a lot of computer knowledge but no job or financial resources resort to this source and begin abusing the internet. Cybercriminals can easily acquire access to data from this location and exploit it to withdraw money, blackmail, or commit other crimes.
In layman’s terms, “Cyber Crime” refers to offences or crimes committed via electronic communications or information technologies. These are generally illicit activities that involve a computer and a network. Because there is no longer a need for the criminal to be physically present when committing a crime, the volume of cybercrime activities is expanding as a result of the internet’s development. One unique feature of cybercrime is that the victim and the perpetrator may never meet face to face. To limit the possibilities of detection and prosecution, cybercriminals frequently operate from nations where there is little to no cybercrime legislation. Cybercriminals are on the rise because they don’t see much of a threat and believe they are safe because they are so well-versed in the networking infrastructure. They are also the ones who create fake accounts and then use them to perform crimes. Cyberlaw is significant because it encompasses nearly all elements of transactions and activities on and with the Internet. At first glance, Cyberlaw may appear to be a highly technical field with little relevance to ordinary Cyberspace operations. In reality, nothing could be further from the truth. Every action and reaction in Cyberspace has certain legal and Cyber legal implications, whether we recognize them or not.
Types of cybercrime across the globe
These are used to take down a network and make an online service inaccessible by flooding the site with traffic from a number of sources. Botnets are large networks of compromised devices formed by installing malware on users’ PCs. Once the network is down, the hacker enters the system.
Botnets are networks made up of infected machines that are managed from afar by hackers. These botnets are then used by remote hackers to transmit spam or attack other computers. Botnets may also be used to execute destructive functions and serve as malware.
When a criminal acquires access to a user’s personal information, they can use it to steal money, access secret information, or commit tax or health insurance fraud. They can also use your name to create a phone/internet account, organise criminal action, and claim government benefits in your name. They might do so by breaking into users’ passwords, stealing personal information from social media, or sending out phishing emails.
This type of cybercrime entails online harassment, in which the person is bombarded with messages and emails. Cyber stalkers typically utilise social media, websites, and search engines to frighten and terrify users. The cyber stalker usually knows their target and makes them feel threatened or worried about their safety.
Criminals use social engineering to make direct contact with you, generally via phone or email. They frequently masquerade as a customer service person in order to earn your trust and obtain the information they want. This is usually a password, your employer’s name, or your bank account number. Cybercriminals will gather as much information about you as possible on the internet before attempting to add you as a buddy on social media platforms. They can sell your information or open accounts in your name after they acquire access to an account.
Potentially Unwanted Programs
PUPS, or Potentially Unwanted Programs, are a sort of malware that is less dangerous than other cyberattacks. They remove essential applications from your computer, such as search engines and pre-installed programmes. Because they may include malware or adware, it’s a good idea to install antivirus software to protect yourself against dangerous downloads.
Hackers send malicious email attachments or URLs to users in order to obtain access to their accounts or computers in this form of attack. Many of these emails are not detected as spam because cybercriminals are getting more organized. Users are duped into clicking on links in emails that imply they need to change their password or update their payment information, allowing hackers to access their accounts.
Criminals engage in this cybercrime by exchanging and disseminating unsuitable material that can be unpleasant and offensive. Sexual activities between adults, recordings with excessive violence, and movies depicting criminal action are examples of offensive content. Materials inciting terrorism and child exploitation are examples of illegal content. This sort of information may be found on both the public internet and the dark web, which is an anonymous network.
These are frequently in the form of advertisements or spam emails that contain promises of prizes or money offers that are too good to be true. Scams on the internet include alluring offers that are “too good to be true,” and when clicked on, can result in malware interfering with and compromising information.
To acquire control of a user’s computer, exploit kits require a vulnerability (a flaw in software code). They are ready-to-use tools that thieves may purchase online and employ against anyone who has access to a computer. Exploit kits, like conventional software, are updated on a regular basis and are available on dark web hacker forums.
SQL(Structured Query Language) injection is a hacking method that allows hackers to take advantage of security flaws in the software that runs a website. It may be used to attack any SQL database that isn’t adequately secured or isn’t protected at all. This procedure entails putting SQL code – most typically usernames and passwords – into a web form entry field to grant the hacker more access to the site’s backend or to a specific user’s account. In most cases, when you enter login information into sign-in forms, it is transformed to a SQL command. This command compares the data you’ve entered to the database’s relevant table. If your input data matches the data in the table, you’re permitted access; if it doesn’t, you’ll notice an error similar to what you’d see if you typed in the wrong password. An SQL injection is a command that, when placed into a web form, attempts to update the database’s content to represent a successful login. It may also be used to obtain information from unsecured websites, such as credit card numbers or passwords.
Salami Slicing Attack
The most popular use of the salami-slicing technique is money laundering, but it is not limited to that. The salami approach may also be used to collect little bits of data over time to create a comprehensive picture of an organisation. This act of disseminating information might be used against a person or a company. Data can be gathered from websites, adverts, recycle bin documents, and other sources, gradually accumulating a database of factual intelligence about the target.
Cases that involve cyber crime
UIDAI Aadhaar software hacked
A billion Indian Aadhaar card details were leaked in India and this is one of the most massive data breaches that happened in 2018. UIDAI released the official notification about this data breach and mentioned that around 210 Indian Government websites were hacked. This data breach included Aadhar, PAN, bank account IFSC codes, and other personal information of the users and anonymous sellers were selling Aadhaar information for Rs. 500 over Whatsapp. Also, one could get an Aadhaar card printout for just Rs.300.
Mobikwik data breach
The recent data breach at the payment from Mobikwik in India is alarming. According to reports, the data breach affected 3.5 million customers, revealing know-your-customer records including addresses, phone numbers, Aadhaar cards, and PAN cards, among other things. Until recently, the corporation has claimed that no such data breach occurred. Only until the regulator, the Reserve Bank of India (RBI), instructed Mobikwik to immediately perform a forensic audit by a CERT-IN empanelled auditor and submit the findings did the business begin engaging with the appropriate authorities.
ATM system hacked
Around mid-2018 a cyber-attack was launched against Canara bank ATM servers in India. Several bank accounts were emptied of about 20 lakh rupees. According to reports, cybercriminals had access to ATM data for more than 300 individuals, resulting in a total of 50 victims. Skimming devices were used by hackers to collect information from debit cardholders. The value of transactions conducted using stolen information ranged from Rs. 10,000 to Rs. 40,000.
In December 2004, the CEO of Baazee.com was arrested after a CD containing inappropriate information was sold on the website. The CD was also available in Delhi’s marketplaces. Later, the CEO was released on bail bond. This raised the question of how we should distinguish between Internet Service Providers and Content Providers. The accused bears the burden of proving that he was the Service Provider rather than the Content Provider. It also creates a lot of questions about how police should handle cyber-crime cases, and it necessitates a lot of education.
List of Blackbaud breach victims tops 120
The National Trust in the United Kingdom has joined a growing list of education and charitable organisations whose alumni or contributors’ data has been compromised as a result of a two-month-old ransomware attack at US cloud software provider Blackbaud. The Trust, which manages hundreds of vital and historical sites throughout the UK, including natural landscapes and landmarks, parks, gardens, and stately homes, told BBC that the data of its volunteers and fundraisers had been compromised, but the data on its 5.6 million members was safe. The organisation is investigating and alerting anyone who could be affected. It has also reported the incident to the Information Commissioner’s Office, which is currently dealing with a significant number of reports, including Blackbaud’s, in accordance with UK data protection laws.
Phishing scam targets Lloyds Bank customers
A phishing scam is presently infecting the inboxes of Lloyds Bank customers via email and text messages. Griffin Law, a law firm, has warned individuals about the fraud after learning of around 100 people who have received the texts. Customers’ bank accounts have been hacked, according to the email, which seems to be official Lloyds Bank correspondence. “Your Account Banking has been blocked, owing to recent actions on your account, we have temporarily suspended your account until you authenticate your account,” it says.
Cyber gangsters hit UK medical firm poised for work on coronavirus with Maze ransomware attack
The computer systems of a medical research business on standby to conduct trials of a potential future vaccine for the Covid-19 coronavirus were assaulted by cybercriminals. After Hammersmith Medicines Research refused to pay a ransom, the Maze ransomware organisation hacked the company’s computer systems, exposing the personal information of thousands of former patients. Early clinical trials of medications and vaccines are conducted by the business, which conducted studies to create the Ebola vaccine and treatments to treat Alzheimer’s illness.
Carnival cruise lines hit by ransomware, customer data stolen
Carnival Corporation has revealed that it has been the target of an unidentified ransomware assault that has accessed and encrypted a piece of one of its brands’ IT systems, putting the personal information of both customers and employees at risk. Carnival, like the rest of the travel sector, has been hit by the Covid-19 epidemic – it also owns Princess Cruises, which owns the ill-fated Diamond Princess, which was at the centre of the original outbreak – it has filed a report with the US Securities and Exchange Commission. The company said cyber thieves who gained access to its systems also grabbed a number of its data files, implying that it may be vulnerable to a double extortion attempt similar to those carried out by the Maze and ReVIL/Sodinokibi gangs.
Cosmetics company Avon offline after cyber attack
After an alleged ransomware attack on its IT systems, parts of the UK website of Brazilian-owned cosmetics and beauty company Avon remained offline more than a week after the attack. The assault is thought to have harmed the back-end systems used by the company’s well-known sales reps in nations other than the United Kingdom, including Poland and Romania, which are currently operational. People have been unable to place orders with the firm as a result of this. On June 9, 2020, Avon notified the US Securities and Exchange Commission of the breach, stating that the company had had a “cyber event” in its IT infrastructure that had disrupted systems and impacted operations.
As people’s reliance on technology grows, cyber laws in India and around the world must be updated and refined on a regular basis. The pandemic has also driven a large portion of the workforce into a remote working mode, highlighting the importance of app security. Legislators must go above and beyond to stay ahead of the impostors in order to stop them in their tracks. Cybercrime can be managed, but it will require the cooperation of legislators, Internet or network providers, intermediaries such as banks and shopping sites, and, most crucially, consumers. Online safety and resilience can be achieved by the judicious actions of various stakeholders, assuring their adherence to the law of the cyberland. In a nutshell, cybercrime refers to any crime done via electronic methods, such as net extortion, cyberbullying, child pornography, and internet fraud. The internet is a significant breeding ground for pornography, which has frequently been subjected to obscenity-based regulation. However, what is considered obscene in India may not be so in other countries. Pornography is rampant online due to the fact that each country’s legal position on the subject is varied. Pornography, on the other hand, falls under the category of obscenity and is criminal under Indian law, according to the Indian Constitution. Child pornography is a severe crime that can result in the toughest penalties allowed by law. Pedophiles prey on minors in chat rooms. Because the photographs, once posted, spread like wildfire and may never be taken down completely, the internet enables for long-term exploitation of such children. Internet crimes against minors are a serious concern that is being addressed by authorities, but there is no simple solution to this problem.
To summarize, while a crime-free society is a utopian concept and only exists in dreams, there should be a continued effort to keep crimes to a minimum. . Electronic crime is expected to increase, especially in a society that is becoming increasingly reliant on technology, and lawmakers will have to go the extra mile to keep fraudsters at bay. Technology has always been a double-edged sword that may be used for both good and evil purposes. They fall under the category of cybercrime and become punishable offences when they fall into the wrong hands with a criminal intent to profit from or misuse software. As a result, rulers and legislators should make constant efforts to ensure that technology develops in a healthy manner and is employed for legal and ethical economic growth rather than criminal activity thus minimizing the increasing rate of cyber-crimes that aim to target people instead of money.
Students of Lawsikho courses regularly produce writing assignments and work on practical exercises as a part of their coursework and develop themselves in real-life practical skills.
LawSikho has created a telegram group for exchanging legal knowledge, referrals, and various opportunities. You can click on this link and join: