Cyber-crime: India
(→Mr.Surinder S Rathi's report to the Delhi High Court) |
(→PART II) |
||
| Line 87: | Line 87: | ||
| − | |||
=YEAR-WISE STATSITICS of CYBER-CRIMES = | =YEAR-WISE STATSITICS of CYBER-CRIMES = | ||
= 2001-13= | = 2001-13= | ||
Revision as of 21:21, 31 March 2018
This is a collection of articles archived for the excellence of their content. the Facebook community, Indpaedia.com. All information used will be acknowledged in your name. |
Contents |
PART I
Cost of Cybercrimes to the nation
2013: Surinder S Rathi's report to the Delhi High Court
Cybercrimes alone cost India Rs 24,630 crore in 2013: Report
PTI | Jul 6, 2014
It said that in Delhi alone, a total of 86,800 criminal complaints were received at its 175 odd police stations.
NEW DELHI: Cyber crimes have cost India a whopping about Rs 24,630 crore ($4 billion) in 2013 alone as criminals used sophisticated means, says a Delhi High Court-commissioned report.
"Internet frauds alone have cost India a whopping $4 billion (about Rs 24,630 crore) in 2013 as cyber criminals are using more sophisticated means like ransomware and spear-phishing," the report said.
The facts figure in a report submitted by Surinder S Rathi, additional district judge and OSD to Delhi Legal Service Authority (DLSA), before the court in pursuance of a direction that a comprehensive study be conducted on various issues including the cost incurred in running the criminal justice system.
The bench of justices Gita Mittal and J R Midha, which is yet to pronounce the quantum of sentence to three convicts including Vikas Yadav in the 2002 Nitish Katara murder case, had also asked DLSA to compute the cost incurred in the trial of this case, besides determining the compensation paying capacity of the convicts.
However, the reports gives no further details of cybercrime stalking the country.
Dealing with other crimes in the chapter, of 'Cost of Criminal Justice System', the report, quoting from the National Crime Records Bureau data, said that in 2013, as many as 66.40 lakh criminal complaints were received by the police stations across the nation.
It said that in Delhi alone, a total of 86,800 criminal complaints were received at its 175 odd police stations apart from around 89 lakh distress calls received by it last year.
"Although better part of the world has awaken to the exorbitant financial cost of running the criminal justice system, but our country is yet to take its first step in the right direction. Owing to mindless and unscientific planning all the wings of criminal justice system are highly chaotic in their functioning and are immensely overburdened," it said.
The report said that despite India having 12,700 odd police stations and 15.70 lakh policemen manning them, incidents of crime are spiralling uncontrollably.
"A lot is being done in this regard by all the stakeholders but unfortunately owing to lack of scientific methodology and concerted efforts of all concern not much headway could be achieved," the report said.
The report also said police, the first ring of criminal justice system, is in an almost pitiable state nationwide.
"Neither it (police) has the requisite manpower to deliver nor the technical expertise nor the infrastructure to contain crimes. To make things worse malice of corruption is eating into its vitals," the report said.
It said the judiciary, the second ring of criminal justice system, is also not "far behind in fulfilling its constitutional obligations and meeting the expectations of its citizen of delivery of timely justice".
"Courts are inundated with lakhs of case pending trial. Such is the snail pace of trials that influx of cases at any point of time is out doing the disposal. All this is resulting in piling up of cases in courts," the report said.
The report also added that the ancillary support system like jails, juvenile, justice boards, child welfare committees and forensic labs all need to be brought out of slumber and urgently to save this system from crumbling.
On the cost of criminal justice system, the report said that measuring the cost of criminal justice is not easy yet it is essential to the proper appraisal of any criminal justice system policy.
"There is an urgent need to develop a comprehensive methodology for calculating the cost incurred by society on account of various criminal offences," it said.
The report added that as on today, in India no empirical study has been conducted as to how much does a criminal case cost to the exchequer at the tax payers right from registration of the FIR to its logical conclusion post the trial in sentencing.
Data-breaches
2016, 2017: Major data breaches
From The Times of India Friday, 01 December 2017
See graphic, ' Major data breaches in India, 2016 and 2017, the number of persons affected '
Hacking of websites
Government websites/ 2013- 16
Over 700 govt websites hacked from 2013 to 2016, Feb 8, 2017: The Times of India
More than 700 websites of central ministriesdepartments and of state governments were hacked between 2013 and 2016, Lok Sabha was told.
As per information reported to and tracked by the Computer Emergency Response Team (CERT-IN), which works under the IT ministry , as many as 199 websites of central ministriesdepartments and state governments were hacked in 2016, compared to 164 in 2015, 155 in 2014 and 189 in 2013. This information was shared with Lok Sabha by minister of state for home Hansraj Gangaram Ahir in a written reply.
Of the 8,348 persons arrested under different provisions of law relating to cyber crime, only 315 were con victed during 2014-15, the government said.
In a recent cyber attack, the website of National Security Guard (NSG), a paramilitary force comprising anti-terror crack commandos, was partially defaced and abusive messages posted on the home page by unknown hackers on January 1.The website was blocked immediately .
Similar cyber attacks were also reported on websites of ordnance factories as well as railways. Ahir said the government had initiated several policy, legal and technical measures such as audit of the systems and networks, increasing awareness in area of cyber security , sharing threat-related information with stakeholders, issuing advisories on such threats through CERT-IN and National Critical Information Infrastructure Protection Centre (NCIIPC), and capacity development to address the issue of cyber hacking.
CYBER-ATTACKS
2013-14
Feb 17 2015
Cyber mobbing
Indian Computer Emergency Response Team (CERT-In) is the national incident response centre for major computer security incidents. It works under the department of electronics and information technology and its primary role is to raise security awareness as well as provide technical assistance for recovering from cyber attacks. CERT-In's monthly incident data suggests that between November 2013 and Oct 2014, on an average there were about 12,000 cyber attacks. The highest number involved email spam identical messages sent to numerous recipients by email that may include malware as scripts executable file attachments or hyperlinks. It was followed by website defacements and open proxy servers--servers that operate by concealing IP address and are used to circulate pornography.Malicious websites that redirect users to sites that download malicious code to their computers were also identified as a threat.
YEAR-WISE STATSITICS of CYBER-CRIMES
2001-13
The Times of India Sep 01 2014
The Information Technology Act, 2000, identifies certain practices like hacking, publication and transmission of obscene material, breach of privacy and so on as criminal. Forgery, criminal breach of trust etc. done with the help of information technology are also officially recorded as cyber crime.In 2001, the country's first cyber crime police station was opened in Bangalore and in the 12 years to 2013, just 18 more special purpose police stations were added. Meanwhile, there has been a multi-fold increase in such crimes accompanying a massive increase in internet subscribers.
2006-15: Cyber crime, an increase
The Times of India, Sep 01 2016
Vishwa Mohan
With the internet and social media becoming a way of life, cybercrime numbers have steadily climbed over the years. Such crimes went up 20% in 2015 compared to 2014, logging a 2,400% increase over the decade 2005-15.
The National Crime Records Bureau (NCRB) report shows that cybercrime cases rose from 9,622 in 2014 to 11,592 in 2015, nearly onethird of the crimes committed for financial gain.
The number of people arrested in cybercrime cases rose by over 41% during the same period -from 5,752 in 2014 to 8,121 in 2015.
Besides crimes for financial gain, the motives also included cheating, insulting women, sexual exploitation and personal revenge or settling scores.
The report cited `political motives', which could be related to tarnishing the image of opponents through morphed pictures or fudged data. The report said 44 cybercrimes cases for `political motives' were reported in 2015.
Data theft, breach of an individual's internet banking or other service platforms through hacking, cyber stalking, digital forgery such as fabrication or destruction of electronic records were some methods used by criminals in the internet space.
An analysis of past NCRB reports revealed that the number of cybercrimes was quite low 10 years ago, with only 453 such cases reported in the country in 2006. Barring 2008 when the number of cases fell compared to 2007, the numbers have consistently risen.
Though the NCRB did not give any reason for the rising figures, they could be attributed to increasing internet penetration in the past few years. Use of internet for various services has led many to use the web for multiple purposes -be it personal and official communication, banking, teaching, e-marketing, digital lockers or social networking.
The latest NCRB report said Uttar Pradesh, Maharashtra, Karnataka, Rajasthan and Telangana reported the highest number of cybercrimes last year. All five states are home to several companies dealing with information technology and related services.
In terms of arrests, Bihar, Andhra Pradesh and Assam made it to the list of top five.Experts said this could be attributed to multiple people's involvement in one case.
Uttar Pradesh recorded the largest number of cybercrime cases largely because of its spread and resultant internet penetration in major cities and in the hinterland as well. The state's figures could also be high due to the IT destination of Noida which has emerged as a hub of cyberattacks in the country .
2012
The NCR, Bangalore. Vishakhapatnam
Cyber crime cases up by 46%
Dwaipayan Ghosh TNN
New Delhi: Delhi is far from being the IT capital of the country. But over the last few years, there has been a concentration of IT companies in the NCR [National Capital Region]. And there has been a sharp rise in cases of cyber crime. Data released by NCRB [National Crime Records Bureau] say it all—there has been a 46% rise in the number of cases under the IT Act in Delhi, while in Faridabad and Ghaziabad the increase has been 67%.
Delhi Police registered 73 cases under the IT Act in 2012 and arrested 17 people, including a foreign national. This was significantly higher than the figures for 2011 when 50 such cases were registered under the said Act. However, the total number of cases registered came down to 80 from 99 in 2011, as cases registered under common IPC sections dropped to just seven in 2012 from 49 in 2011.
However, the NCR figures are far less as compared to Bangalore (342 cases) and Vishakhapatnam (153).
Those involved in such crimes in Delhi were found to be between 18 and 45 years of age. Most of the criminals were stalkers but some also did it for extortion or out of business rivalry.
Earlier this year, Delhi Police's cyber crime cell had launched an awareness campaign aimed at curbing rampantincreasein cyber crimes, especially among minors. As part of it, police asked children to refrain from entering adult and hate sites and educated them and their teachers about the cyber laws of the country.
Police said that 245 cases involving creation of fake profiles and 51 defamation lawsuits were filed last year. Most of the victims were minors. Police have been considering to appoint ‘internet safety officers’ in Delhi schools by training designated teachers. S D Mishra, additional deputy commissioner of police in the Economic Offences Wing, said that parents will also be brought on board for proper guidance.
Mumbai
Mumbai sees 218% spike in cyber crime
V Narayan & Sumitra Deb Roy | TNN 2013/06/15
Mumbai: The city saw a 218% rise in cyber crime cases in 2012, with 33 cases registered under the Information Technology (IT) Act and 72 under the Indian Penal Code (IPC), according to the National Crime Records Bureau. The total of 105 cases was way over the 33 total cases registered in 2011. In fact, the 2011 figure was a 32.7% drop from the previous year’s 49 cases. Nationwide, Mumbai saw the third highest number of cases registered under the IT Act in 2012, with Bangalore and Pune topping the list.
State-wise, Maharashtra recorded more cyber crime than any other state, with 471 different offences registered under the IT Act and 90 under the IPC in 2012. The total of 561 cases was a 42.7% increase from the 393 cases registered the previous year. Andhra Pradesh was second with 454 cases and Karnataka third with 437 cases registered under both categories in 2012.
2013
Bangalore
Cybercrime: 509 cases in Bangalore, no conviction yetbb
The Times of India Rajiv Kalkod,TNN | Jun 29, 2014
Cybercrime: 509 cases in Bangalore, no conviction yet
Thirteen years, 509 cases and 144 charge sheets. But not a single conviction. That's the track record of the cybercrime cell of the state's criminal investigation department (CID).
BANGALORE: Thirteen years, 509 cases and 144 charge sheets. But not a single conviction. That's the track record of the cybercrime cell of the state's criminal investigation department (CID).
With the CID filing a chargesheet in against ADGP P Ravindranath for allegedly taking objectionable photos of a woman at a coffee joint, the pertinent question that arises is: Will Ravindranath break the record of the cybercrime cell and be convicted?
Documents with STOI reveal that since its inception in 2001, the cybercrime cell has investigated 509 cases and filed chargesheets in 144 of them - none of them ending in conviction. Of the 509, 181 cases were closed under 'C reported' (No evidence found) category while 85 have been B reported (Faulty complaint).
Reacting on the zero conviction, a senior police officer told STOI that the charge sheet weakens when court asks for the accused's presence at the time of offence. "In many hacking and phishing cases, we establish the source; that is the accused's computer. But whether the accused was there at the time of offence, is a little hard to establish and this helps the accused in walking out free," he said.
Delhi
72% rise in cyber crimes, cops run into tech hurdles
Raj Shekhar New Delhi:
TNN
The Times of India Jul 02 2014
Cyber crimes registered under IT Act in 2013 shot up by 72.4%--131--compared to 2012, when only 76 cases were reported. The offences under IPC (forgery/ cheating) have increased by 137.5%--19 cases were filed in 2013 in contrast to eight in 2012, according to the data released by National Crime Records Bureau. NCRB ranks Delhi 12th in the country.
The maximum cases-99--are related to hacking, which has been divided into two sections. Under the first section--loss and damage to computer resource and utility--60 cases have been filed. The remaining 39 cases come under “hacking for other purposes“.
The offence categorized as obscene publication/transmission in electronic form has 20 cases under it.
Two cases of fake digital signatures were registered for the first time in 2013, while 10 cases involved breach of privacy. Most cyber offences had harassment, teasing and fraud as the motive. There were nine cases where the intention was to cause disrepute, while two cyber crimes were categorized as a prank. NCRB hasn't elaborated on the motive behind 90 cases, which have been put under the “others“ section.
A majority of the suspects are neighbours and students.
Of 150 suspects, 23 were students and 20 were neighbours.
Disgruntled employees and employers were suspects in seven cases, while six were business competitors. Surprisingly, only two foreigners were suspects, according to the NCRB data. The category of 92 suspects hasn't been mentioned.
Police, however, could arrest only 38 people in cases under IT Act, pointing to a poverty of infrastructure and investigation skills. Twenty of the offenders were in the age group of 18-30, while 15 were between 30 and 45. Only three people in the age-group of 4560 were arrested under the act, which broadly includes offences committed through electronic means. Only seven people were arrested for cyber offences registered under IPC.
Cops says inadequate infrastructure and correspondence with the World Wide Web authorities slow them down.
“Most of the investigation revolves around tracing IP addresses and the servers used to commit the crime. It takes a lot of time to get these details,“ says a cyber cell officer.
Delhi Police has been trying to stay up to speed. Its cyber crime cell had also launched an awareness and safety campaign to curb the menace.
Asking children to refrain from entering adult and hate sites, informing them of cyber laws, creating awareness among school administration and teachers were highlights of the programme.
The unit had also planned to procure a cyber forensic van to pick up electronic evidence from the scene of crime so that it can be analysed instantly .
Mumbai: 168% increase
Cybercrime rises 168% in just one year
The Times of India V Narayan | May 14, 2014
Cybercrime has seen an alarming 168% rise in just a year. From 63 in 2012, the number of cases went up to 169 in 2013, as per Mumbai Police.
This year, the number of cases was 54 in just the first quarter; by the year-end, it is expected to cross the 200 mark—almost half of the 421 cybercrime cases recorded in Mumbai from 2010. Also, experts say, more money will be lost to cybercrime this year than in the last three years put together.
Sending obscene emails, SMSes and MMSes tops the chart, with 84 cases registered in the city from 2010, followed by credit card fraud (78 cases).
The police say card fraud is the most worrisome trend. From 2012 to 2013, it rose by 300% (8 to 32 cases). This year, seven cases were registered till March 31, almost equal to the number of cases in all of 2013. The incidence of sending obscene emails, etc, rose by over 191%—from 12 in 2012 to 35 in 2013.
As for hacking, 32 cases have been registered since 2010, with its incidence going up from two in 2012 to eight in 2013. Also, eight cases have been registered in the first quarter of this year—a sign of things to come.
=Worldwide: in 2013
Jan 12 2015
Diwakar
2013 saw 62% rise in no. of data breaches compared to 2012
The recent cyber attack on Sony Pictures by North Korean hackers has again put the spotlight on the dangers stalking a world digitally connected like never before. Till now mainly restricted to personal computers and laptops, the threat will only get bigger with smartphones and tablets becoming devices of daily use.
The mysterious attack on the Baku-Tblisi-Ceyhan pipeline, which was built with US encouragement and despite Russia’s reservations, is seen as marking the beginning of a new era of cyber war. It has been blamed on Russian cyber spies who were suspects also in the attack on JP Morgan Chase.
The Russian groups have become so emboldened that they targeted several German government websites on Wednesday, including the official page of Chancellor Angela Merkel.
The US security establishment itself now boasts of 6,000 cyber warriors — the crack troops who are suspected to be behind the crippling of North Korean internet networks following the Sony attack — and is prepared for a digital Peral Harbour.
Globally, security analysts called 2013 the year of the mega breach, with a 62% increase in the number of data breaches compared to 2012. The year also saw a 91% increase in targeted attacks. Both sophistication and brazenness of cybercrime syndicates or, for that matter, “hactivists” has increased.
‘Spearfishing’, which involves intelligent emails targeted at individuals, catching targets off guard by making “emotional connection” where criminals back up enticing emails with phone calls to win the victims’ trust, focusing on “watering holes” which are frequented by targets and throwing baits like “free” broadband connections show the expanded arsenal of cyber criminals.
Growing incidence of the use of ‘Cryptolocker’ virus and ‘ransom ware’ to force victims to buy decryption software or pay up to secure the release of his device and files signals the audacity of the gangs prowling cyber space, whose attacks on leading names in business like Target, Ebay, JP Morgan Chase, Adobe and Home Depot led to huge plunder of credit card and debit card details of their customers. Companies also suffered hugely on account of erosion of trust. Recently, Symantec, a software security major, uncovered a new piece of malware — Regin — which bears the hallmarks of a state-sponsored operation and is believed to have been in use since at least 2008.
It, just like ‘Dragonfly’, another malware which appears to be a state-sponsored effort, is persistent in seeking access to targets and stealing information and is far more complex than Stuxnet, which was used to target Iran’s nuclear plants. Experts at Symantec believe many components of Regin remain undiscovered and it may have more versions and can perform more functions for cyber espionage and sabotage.
Michael Counsel, chief technology officer and vicepresident consulting, products & services, Asia Pacific and Japan, said Symantec’s cyber threat intelligence had helped the firm identify some significant threats including Regin and other highly adept attack groups like the Dragonfly that was behind several sophisticated attacks on industrial control systems in the energy sector in the US and Europe.
Talking about the need to successfully defend against targeted attacks, Counsel said businesses needed to expand their focus from prevention to detection and response. While the threat of attack on individual targets by immobilizing their cars and medical devices doesn't seem distant anymore, cyber criminals can inflict immense harm on companies by reaching them through their vendors, a soft underbelly according to Symantec, to steal data and intellectual property .There is a gang, ATP Group, which specifically targets hotel guests, while also attacking “smart meters' to disrupt power supply in cities.
`Distributed denial of service' attacks in which servers are flooded with traffic until they collapse -have become a tougher challenge. Symantec, which was engaged by FBI and EuroPol Scotland Yard and other government agencies to take down `Blackshades', a powerful and popular Trojan, Zeus Botnet and Major Cryptolocker, concedes cyber crime networks have become more resilient and taking down new Botnet attacks will be difficult.
2014-16
ii) cyber-crime cases registered by police-agencies, 2013-16
From: Neeraj Chauhan, January 18, 2018:The Times of India
See graphic:
i) Cyber security incidents, 2014-16;
ii) cyber-crime cases registered by police-agencies, 2013-16
2014-June 2017
Chethan Kumar|One cyber crime in India every 10 mins|Jul 22 2017 : The Times of India (Delhi)
From the global ransomware attacks that hit hundreds of systems to phishing and scanning rackets, at least one cyber crime was reported every 10 minutes in India in the first six months of 2017. That's higher than a crime every 12 minutes in 2016.
According to the Indian Computer Emergency Response Team (CERT-In), 27,482 cases of cyber crime were reported from January to June.These include phishing, scanning or probing, site intrusions, defacements, virus or malicious code, ransomware and denial-of-service attacks. With more Indians going online, cyber experts said putting in place critical infrastructure to predict and prevent cyber crimes was crucial. India has seen a total of 1.71 lakh cyber crimes in the past three-and-a-half years and the number of crimes so far this year (27,482) indicate that the total number is likely to cross 50,000 by December, just as in 2016.
“It is not just enough to make efforts at the government level, which is, in some sense happening, but cyber crime affects hundreds of individual systems and firms, all of whom need to be ready with specialised teams,“ cyber crime expert Mirza Faizan Asad said.
While India has been dealing with crimes such as phishing and defacement, ransomware attacks have come as a surprise. Analysis of data from 2013 to 2016 shows that network scanning and probing -seen as the first step to detect vulnerabilities in systems so that sensitive data can be stolen -formed 6.7% of all cases while virus or malware accounted for 17.2%.
Experts pointed out that these were indications of increasing cyber crime-asa-service (CAAS), besides attempts at ransomware.“There has to be a concerted effort to treat cyber security seriously ... The vast majority of organisations are looking at cyber security as a compliance task and thus do the minimum possible to achieve that,“ Asad said.
Increasing ransomware threat and the demand for ransom in bitcoins -a crypto-currency which attackers feel is the safest way to get paid -saw the SC direct the RBI to take cognisance of the matter. The RBI has also been issuing regular warnings on bitcoins.
2015: Rise in complexities of hacking
Rajshekhar Jha, The Times of India, Dec 27, 2016
Most Investigators Have Little Knowledge About Complexities Of Hacking
When high-profile websites are hacked into, they make news. But there are hundreds of such acts that escape public attention, leaving in their wake financial and social ruin. But Delhi Police, while registering cases for computer-related offences and for online posting of sexually offensive content, often finds itself hard-pressed to prove these crimes in court.
In 2015, Delhi Police registered 77 FIRs under the Information Technology Act, but could make arrests and file charge sheets in only half the cases. Of the 16 cases filed for publishing of sexually offensive content, charge sheets were filed in just four cases and three arrests were made.In 2014, the record was poorer.That year, the police could not file a single charge sheet in the cases on posting of sexually offensive content.
In the meantime, cybercrime is on the rise. In December last year, a south Delhi firm lost several crores of rupees when hackers routed the money from one of its London clients to accounts in Turkey .Hackers had used the firm's email ID to request the client to change the beneficiary account s. A few months later in February , crooks -later tracked to a north-east India state -hacked the account of a city businessman and made off with Rs 13.5 lakh in two transactions. Then in September this year, the CEO of an asset management company had his ID hacked and several lakhs transferred from the company's account into the hacker’s.
If your bank account has been targeted by cyber crooks, chances are bleak that you'll get your money back, Delhi Police's record in handling such cases indicates.Sources say recovery of “stolen money“ in cyber-crime cases is rare even if the accused is nabbed. The time taken to solve such cases is a major contributing factor in the loss of the money .
“Mostly , the money is spent in the initial days itself whereas we are able to get IP logs after a week, even in highpriority cases. The money is transferred to multiple accounts and withdrawn from ATMs as well,“ said an officer.
The poor record of Delhi Police on online crime is perhaps due to the cyber cells being manned by cops who have little knowledge about the complexities of hacking. A sub-inspector in one of these cells, on being promised ano nymity , told TOI that he barely knew how to use a laptop.“Hum toh raid pey jaate hain, dhar-pakad karte hain. Computer wala kaam to oopar se hota hai, private log karte hain (We only conduct raids and make arrests. Private individuals deal with technical issues),“ he admitted.
The “private individuals“ he referred to are apparently ethical hackers. “They help us in tracking internet protocol addresses and on other technical issues,“ explained a senior officer. Obtaining the IP addresses of the offenders quickly is one of the toughest hurdles for the cops, said a senior officer of a cyber cell, because they use multiple addresses or operate via dark webs . “By the time the details arrive, it's too late,“ he said.“In cases where money has been siphoned off, delays render the case almost unsolvable.“ The outsiders also help police deal with techniques like IP masking that hackers resort to in order to hide their identity .
