Abstract

Human security for thousands of years has been external. The enemy or the threat was an alien entity in the form of animals, tribes, kingdoms and countries. Since the last few decades, our society has been facing a new type of security threat. And this time most people have no idea the danger that is lurking behind them. There is a parallel universe of crime that operates within the world of computers. Most people do not even understand the gadgets, apps and websites they use on a daily basis and how those facilities can be used against them on a personal as well as global level. Individuals, communities, enterprises and nations, all these entities have been victims of cyber crime. With the global use of social media, people’s dependencies on payment apps and the new forms of online currencies, this threat would become more lethal. This paper tries to understand the background and future of cyber security.

Introduction

In the last thirty years, the use of the internet has become the most common and most important practice of human life. The first step of almost every work, especially in the twenty-first century is the use of the internet. The Internet changes everything. It upset our notions of how things should be, how countries should be governed, how companies should be run, how teachers teach and children learn, and even how housewives make new recipes. The evolution of Information Technology (IT) has brought about successful communication through the internet, thriving businesses, and global interaction through social media platforms. Along with the phenomenal growth of the Internet has come the growth of cybercrime opportunities. As a result of rapid adoption of the Internet globally, computer crimes include not only hacking and cracking, but now also include extortion, child pornography, money laundering, fraud, software pirating, and corporate espionage, to name a few. The cyber crime victims range from a common individual to corporate companies, financial institutions to an entire community or nation state. Criminals use different types of tactics in the form of viruses, malware, bogus links and websites to get into private systems and use the personal data of individuals and organizations and use them for blackmail, forgery and ransom. The internet domain commonly known as the dark web has become the underworld of cyber crime. Many organized cyber crime networks are run through a carefully planned system under the dark web. There are various challenges that the modern nation states and law enforcement agencies face in order to control this surge of growing criminal enterprise within the digital world.

BACKGROUND OF CYBER CRIME

Cybercrime presented a thrill and challenges for the hackers as they tried to break into computer system. This thrill increased with every level of security system they breached. Some did it simply for fun but others sought to gain access to the more sensitive information and classified material, specially those which presented an opportunity for financial gains. Computer viruses are forms of code or malware programs that can copy themselves and damage or destroy data and slowly the entire systems. When computer viruses are used on a large scale, linked with banks, government, hospitals or companies networks, these actions may be categorized as cyber terrorism. Computer hackers are also engaged in phishing scams, like asking for bank account numbers, and monetary theft.

THE PERPETUATORS — HACKERS AND CRACKERS

Hackers

A hacker in its most basic definition is someone who looks into or operates someone else’s computer without permission. A hacker uses various tactics to access others’ systems. This particular person of interest can be a single person operating at a small level like a student hacking their mates to get personal information. And it can also be an organization with a solid financial funding and backing working in large groups with a more malevolent intent to harm a person, organization or sometimes even a nation. The severity of hacking goes from personal damage like cyberbullying to global threat like cyber terrorism. According to IT Act 2000 section 66, “a person knowing that he or she is likely to cause wrongful loss or damage to the public or any person destroys or deletes or alters any information residing in a computer system or diminishes or damages its value or utility by any means is a hacker.”

Crackers

A “cracker” is a hacker with a clear criminal intent because their actions almost always cause damage. Although it’s an outdated term used for anyone who broke into computer systems, bypassed passwords and licenses. Computer crackers are mostly motivated with intent to earn financial profits. The consumers of cracked material are very high on the internet as most people do not want to pay for the expensive softwares. Adobe softwares and gaming companies such as Tencent have been among the biggest targets of crackers among thousands of other companies.

EVOLUTION OF CYBER CRIME

The first cyber crime was reported as early as in the 1820s, though not completely related to computers but machines were sabotaged for personal gains. During the late 80s, email proliferation became the first big surge of cyber crimes. Various scams were reported during that era. During the 90s new IT advancements and multinational corporations related to software and hardware development took the world by storm. And so did the new innovations in cyber crime. With advancements in web browsers and internet systems, new bugs and viruses were sent through dubious websites. The new users of this miraculous technology were vulnerable to the malicious intent of hackers and many of them became victims of these viruses distributed through internet connections. In the new millennium, the new world of social media opened up, the portal for this world became the new gadgets such as cellphones, tablets, laptops and pads that were mobile and easy to use. During this time cyber crime took off. As people became commodities itself, their personal information became valuable, a lot of people lost their privacy and private information voluntarily and involuntarily. Last two decades has witnessed a rise in ID fraud, generated by the influx of people throwing all the information they could into a profile folder. Thieves used this information to enter bank accounts, set up credit cards, or other financial frauds in different unique ways. The dark web and various virtual portal network(VPN) are used for accessing prohibited contents such as child pornography and illegal substances ranging from drugs to guns. The most recent threat of security in the cyber world is related to mass banking scams and financial crimes mostly related to ransomware. Hackers have made over a billion dollar since 2017 from these financial crimes. Many companies and banks have fallen prey to these large hacking groups. With the increasing dependence on stock market and online currencies which presently has got the world excited about their potential also hides a greater danger within itself.

CLASSIFICATION OF CYBER CRIMES

The tricky part of cyber crime is that it’s very difficult for individuals and governments to fully understand the threat and hence its classification is also a tricky part. The victim of cyber crimes can be direct or indirect as a defamation of a particular individual can affect an entire community, similarly attack on a corporation can affect an entire nation. And as the world is interconnected, the threat to one country can affect many others. We can loosely classify cyber crimes according to the affected party. Mainly three types of cyber crimes are committed.

1. Against Individuals 2. Against Organization 3. Against Society

1. AGAINST INDIVIDUALS

   
   
   
   

   

   
   

● Email spoofing — This is one of the oldest tricks that hackers have under their sleeves. Emails scams have been prevalent for the last three decades. It is a technique used in spam and phishing attacks to trick users into thinking a message came from a person or entity they either know or can trust. In spoofing attacks, the sender forges email headers so that client software displays the fraudulent sender address, which most users take at face value. Unless they inspect the header more closely, users see the forged sender in a message. If it’s a name they recognize, they’re more likely to trust it. So they will click malicious links, open malware attachments, send sensitive data and even wire corporate funds. Email spoofing is possible due to the way email systems are designed. Outgoing messages are assigned a sender address by the client application; outgoing email servers have no way to tell whether the sender address is legitimate or spoofed.

● Cyber bullying — Cyber bullying is another individualist experience that is mostly done through social media websites. Any individual can be a potential victim to this crime. According to the U.S legal definitions, Cyber-bullying could be limited to posting rumors or gossip about a person in the internet bringing about hatred in another’s mind; or it may go to the extent of personally identifying victims and publishing materials severely defaming and humiliating them. It is strictly prohibited and is punishable by law. In the last decade cyber bullying has affected personal lives of young users, many of these cases resulted in depression, social anxiety and sometimes suicides by the victim.

● Cyber stalking — Stalking on the internet is becoming more and more common these days. People spend hours scrolling through other people’s lives. It has led to many cases of stalking in real life. In a recent report by The Times Of India, teenage girls have been the biggest victim of stalkers, who are mostly much older men. Cyber stalking usually occurs with women, who are stalked by men, or children who are stalked by adult predators or pedophiles. A cyber talker does not have to leave his home to find, or harass his targets, and has no fear of cyberspace. The stalker may be on the other side of the globe, a neighbor, a man or a woman.

● Phishing — Phishing is the act of sending bogus email to a user and trying to extract their personal data by redirecting them usually to a false website. Sometimes these websites are a replica of a legitimate website or a company or a financial institution. Personal financial details like aadhar number, pan number, bank details or card numbers are the primary details that these websites aim to fish out. On a larger level phishing is also used against a corporation for the purpose of ransom or more commonly known as ransomware.

● Cyber defamation — Cyber defamation is also a part of cyber bullying. A lot of individuals and famous individuals are targeted. On a personal level to tarnish the image of the victim. Media houses sometimes use their power to spread false information about a particular individual. ● Cyber morphing — Nowadays users are getting very skilled in editing softwares. Sometimes these skills are used for malicious intent. Cyber morphing is the use of fine editing and Photoshop to blend one image into another. This is done to make YouTube thumbnails as a click bait in the most common usage. In the extreme end, faces of women and men are plastered into pornographic images. These morphed images can be used as a blackmail tool against the victim.

2. AGAINST ORGANIZATION

● DOS attack — These types of attacks are done on a larger level against an organization by sending large amounts of malware into a network’s traffic making it inaccessible to normal users. The purpose of these attacks are to prevent the services of the particular organization and denying users the access to that network, website or application. Some of the biggest companies have been the victim of some of the biggest ddos attacks. Amazon, Spamhaus, The CloudFare and Occupy Central to name a few. Some hacking groups do it for financial gain while some of the more dangerous ones do it for the thrill of it and to assert their power by taking on some of the biggest organizations in the world.

● Salami attack — This is one of the most interesting phenomena in the universe of cyber crime. Salami attack or salami slicing is when the attacker gets access to the financial information of the victim and uses it carefully by deducing very small amounts from a large number of victims that an unsophisticated system can not trace the attacker.

● Ransomware — According to the U.S Federal Bureau Of Investigation, “Ransomware is a type of malicious software, or malware, that prevents you from accessing your computer files, systems, or networks and demands you to pay a ransom for their return. Ransomware attacks can cause costly disruptions to operations and the loss of critical information and data.” The threat intelligence team at ABnormal identified nearly 4,200 companies, organizations, and government institutions around the world that have been the victims of ransomware attacks starting in January 2020. The ransomware extorting blog on the dark web is monitored to get these data about ransomware. The first half of 2020 was relatively quiet; however, in August and September 2020, we observed a significant increase in ransomware victims. This surge corresponds to the arrival of two of the most prolific ransomware groups in recent years: Contri and REvil. After this initial spike the number of ransomware victims remained relatively consistent month-to-month until October and November 2021, when a second significant surge in ransomware victims was noticed. This second increase can be attributed to a noticeable escalation in activity from a handful of top ransomware groups, including Conti, LocBit, and Pysa.

● Piracy — Piracy is perhaps the most known cyber crime in the universe of cyber security. Piracy has the biggest market and largest number of supporting customers. The Internet has a plethora of piracy websites. Everything can be bought without actually paying on the internet with these piracy sites. Movies, music, video games are the most demanded materials. Other than that various softwares in their crack versions are also available on the internet through piracy. Many organizations, employees and artists have lost fortunes due to this commonly prevalent and widely accepted crime. Piracy is so prevalent that almost everyone takes part using pirated materials.

3 AGAINST SOCIETY

Although the entire spectrum of cyber crime is the crime against society, we will still put a few web crimes in this category that affect the society more directly than the rest of the others.

● Forgery — Making meaning fraud in documentation. False documents in the form of stamps, signatures and currencies can be detrimental for any society. Making false currency and inducing it into money supply is a tactic that many terrorist organization and rival governments use against the victim. This causes economical problems such as inflation and can lead to collapse of the entire system. This is a form of a wider spectrum called cyber terrorism.

● Cyber Terrorism- According to Section 66F of IT Act 2000 Cyber Terrorism is defined as: A. “Whoever intentionally threatened the integrity, unity, sovereignty or security or strike terror among the people or among any group of people by — I. Deny to any people access to the computer’s resources. II. Attempting to break in or access a computer resource without any authorization or to exceed authorized access. III. Introducing any computer’s contaminant, and through such conducts causes or is probable to cause any death or injury to any individual or damage or any destruction of properties or disrupt or it is known that by such conduct it is probable to cause damage or disruptions of supply or services that are essential to the life of people or unfavorably affect the critical information’s infrastructure specified under the section 70 of the IT Act. B. By intention or by knowingly tries to go through or tries to gain access to computer’s resources without the authorization or exceeding authorized access, and by such conducts obtains access to the data, information or computer’s database which is limited or restricted for certain reason because of the security of the state or foreign relations, or any restricted database, data or any information with the reason to believe that those data or information or the computer’s database obtained may use to cause or probably use to cause injury to the interest of the independence and integrity of our country India. Cyber terrorism is the biggest growing concern, even among the nation that have enough hard and soft power because this time the enemy is anonymous and the effect of their strike can me devastating. Cyber terrorist try to hack into government organisations, financial institutions, stock markets, welfare systems. The hackers might be motivated with factors that they consider righteous and good for their own community. This can be religious emotions, patriotism, robinhood syndrome etc.

● Sale of illegal items — Another detrimental to the society aspect of cyber crime is the sale of illegal materials. As piracy is the illegal sale of legal items, this act is the illegal sale of illegal items. These items can be a few ounces of weed, a few packs of cocaine or a few boxes of automatic rifles. In the world of the internet, everything is bought online, under the nose of the police and governments. I personally checked the dark web for this research and found that one can buy a glock 9 gun at just rupees 5,000-/ on the dark web. In a more fascinating case, a teenager created a million dollar business of online drug sale in Germany. People can hire hitman and order murder using online currency in the third decade of the millennium. Child pornography, sexual crimes against kidnapped men, women and children are recorder and sold on the dark web.

● Hactivism — Hactivism is a term used for self righteous hacking or the use of hacking as a form of activism. There is a wide variety of criminal activities that are done in the name of activism. There are hackers who break into systems to point out security flaws, and there are those who want to bring attention to a cause. The latter, however, typically come in the form of virtual political activists who have adapted their methods of dissent into digital platforms.[4] The biggest name in the world of hacktivism is probably a group called Anonymous, they have massive public support. Apart from many notable acctacks by Anonymous, LulzSec’s attack against Fox.com, the Sonly PlayStation Network, and the CIA where the group leaked several passwords, stole private user data, and took networks offline. In 2012, political whistleblower site WikiLeaks reached its tipping point when the government condemned the site as it was used as means to declassify and leak confidential information between the U.S. state department and various representatives overseas. Subsequently, payment services like Amazon, PayPal, Visa, and Mastercard were pressured by the government to halt services in order to prevent supporters from financially donating to the organization. In response, Anonymous launched a series of DDoS attacks that immediately shut down the said services, causing massive company losses.

THE DARK WEB

In the Digital Universe, not everything is directly visible. The digital world is divided into the open web and the deep web. This deep web has a part that is called The Dark Web due to the ever going criminal activities. The dark web is the underworld, the main sale of illegal items is done by accessing the dark web. The dark web is the hidden collective of internet sites only accessible by a specialized web browser. It is used for keeping internet activity anonymous and private, which can be helpful in both legal and illegal applications. One of the widely used web browsers is DuckDuckGo. The dark web was once the province of hackers, law enforcement officers, and cybercriminals. However, new technology like encryption and the anonymization browser software, Tor, now makes it possible for anyone to dive dark if they’re interested. Tor (“The Onion Routing” project) network browser provides users access to visit websites with the “. onion” registry operator. This browser is a service originally developed in the latter part of the 1990s by the United States Naval Research Laboratory. Understanding that the nature of the internet meant a lack of privacy, an early version of Tor was created to hide spy communications. Eventually, the framework was repurposed and has since been made public in the form of the browser we know today. Anyone can download it free of charge. Think of Tor as a web browser like Google Chrome or Firefox. Notably, instead of taking the most direct route between your computer and the deep parts of the web, the Tor browser uses a random path of encrypted servers known as “nodes.” This allows users to connect to the deep web without fear of their actions being tracked or their browser history being exposed. Sites on the deep web also use Tor (or similar software such as I2P, the “Invisible Internet Project”) to remain anonymous, meaning you won’t be able to find out who’s running them or where they’re being hosted. Although its not illegal to use the dark web, it has been increasingly used for criminal activities. As mentioned earlier child pornography, morphing, torture porn, even murders are recorder and sold on the dark web. Unfortunately the government has been unable to fully monitor the activities on the dark web as it was made to protect the privacy of its users.

CHALLENGES FOR THE GOVERNMENTS

● With approximately 688 million active users, India is the second largest internet market in the world.7 Sites like Facebook, YouTube, Twitter, Instagram, WhatsApp and Snapchat are the most liked in India. While internet population has been increasing there still is a gender divide. According to a report published by IAMAI (Internet and Mobile Association of India) on internet usage in India, about 67% of the users are male compared to which only 33% arefemale.8 This disparity between the male and female users is the major reason for the growth of cybercrime incidents against women. One of the challenges of the government would be to end this gender based digital divide.

● Next challenge would be to make people aware of this threat. Most people who use these gadgets and surf on the internet have no idea how this can be used against them. The town of Jamtara became infamous lately as a hub of cyber crime in India. Upon investigation it was found that it was very easy for the skilled crooks to gain trust of the innocent and naive users of the internet and cell phones.

● Another problem for the government is finding evidence against the attackers in the vast ocean of the web. Attackers are anonymous and use every trick available to remain untraceable. Secondly, the jurisdiction of any government is limited whereas the area of cyber crime is global. For example, it would be quite difficult for Indian law enforcement to punish a hacker that is situated in the USA.

● Shortly, the vast majority of data and communications will be encrypted. Encryption can hinder law enforcement investigations and increase costs because of the problems associated with cracking the encryption. The National Cyber Crime Reporting Portal is the government of India’s official domain that people can access in order to learn comprehensibly about cyber crime and it can also be used to file a complaint about a known crime. Apart from that the local governments also have their own portals in states and cities in order to spread knowledge and lodge complaints. The complaint can also be filed by visiting the police station directly. Law enforcement agencies have their individual cyber cells for these types of crimes. Apart from that there are various private NGOs and helplines for the victims of cyberbullying and stalking.

CONCLUSION

The Internet is everywhere, as stated in the beginning, there is another parallel universe around us, that universe is the cyber world. Like the physical world, the cyber world is full of amazing things, millions of places to explore and multitude of opportunities. Social media has enhanced the user experience and almost everyone is a frequent consumer of online facilities. People’s lives are on display on instagram, daily activities are shared on snapchat, everyone is accessible through cell phones and whatsapp. Naturally if the digital world has presented humans with these facilities so there is a level of precaution that the users must exercise. It is clear with the comprehensive study of cyber security that the Internet dependency is only going to grow in the future, and it is important that people themselves gain knowledge about the new world they live in and the new dangers they are surrounded with. The Indian government has already opened up a cybercrime division and there are cyber crime cells within law enforcement for almost all the major cities. The national cyber crime reporting portal is a government domain that people can access to get a better understanding of this issue or file a complaint. Young people must be encouraged to use their devices carefully and cautiously while the government and law enforcement work towards tackling the malevolent forces in the cyber world.