Cyber crime is a crime which is committed using a computer, an internet connection or any computer technology. As everyone is using the facilities of cheap internet service today, the presence of cyber crime has multiplied manifold. It has started affecting various levels of our society right from the lowest strata to the governments themselves. It is a new age crime being used by white collar criminals, terrorists and well as by national governments. In terms of smaller crimes, cyber crime has taken forms like identity theft, spamming, phishing, ransom ware, social engineering, malvertising, remotely installing potentially unwanted programmes (PUPs), remotely administrating a device, and so on. In terms of serious crimes, cyber crime has taken form of cyber terrorism, cyber espionage, denial of service (DoS) attack and cyber warfare.
The advantage cyberspace provides to criminals is that of anonymity. The need for privacy and freedom of speech without being targeted calls for ability to express without being identified. There are a set of anonymising technologies2 which hide identity online and protect information of data stored and websites surfed. It includes entering the Dark Web using tools like The Onion Router (TOR) and encryption on messages sent and received. On one hand, these technologies prevent online surveillance but on the other hand, they provide a free hand to criminals to remain scot free even after doing heinous crimes online. The contemporary theory called Space Transition Theory explains the same that the behaviour of an individual varies with regard to conforming and non-conforming behaviour in the physical space (physical word) and cyberspace (digital space). The Space Transition Theory reveals clearly that the movement of persons from one space to another makes them behave differently.
Forms of Cyber Crimes
Cyber space is increasingly being used by criminals to cause following types of cyber crimes:
- Identity theft: Identity theft is done in cyber space when a person purports to be some other person, with a view to creating a fraud for financial gains. The most common source to steal identity information of others is from government and institution’s websites that contain important information like credit card information, address, email ID’s, etc.
- Spam: Spams are basically unwanted emails and messages sent using ‘spambots’ (a machine sending automatic spams to many people). These spam messages direct the user to an unwanted website which may contain lethal viruses also.
- Phishing: Phishing is a method where cyber criminals offer a bait so that the user take it and give out the information they want. The bait can be in form of a business proposal, announcement of a lottery to which the user had never subscribed, and anything that promises money for nothing or a small favour. If one falls to such traps, he is bound to suffer mentally and financially. The different variants of phishing are:
a. Tab nabbing: In this form of phishing, a genuine page changes to a fraudulent page, once a user visits another page. For example, a genuine Gmail page changes to a fraudulent page, once a user moves to another tab and comes back. The fraudulent page asks for the account details and thus steals the login credentials of the user.
b. Vishing: It is a combination of voice and phishing. Vishing attacks are usually initiated via a telephone, where the caller, claiming to be from some legitimate organisation or institution, calls to verify some personal information about us and then deceitfully extracts sensitive information from us.
c. Smishing: It is a combination of SMS and phishing. In this attack, a message is received via SMS or Whatsapp asking to visit any link by deceit. Once a user visits that link, it leads to downloading of a Trojan or any other virus.
- Ransomware: Ransomware enters the computer of a user and encrypts the data using a public-key encryption. Attacked user is then asked for huge sum to get this key.
- Distributed Denial of Service (DOS) Attack: These attacksare used to make an online service unavailable and bring it down, by bombarding or overwhelming it with traffic from multiple locations and sources. Large networks of infected computers, called Botnets are developed by planting malware on the victim’s computer. The idea is normally to draw attention to the DDOS attack, and allow the hacker to hack into a system.
- Botnets: They are networks of compromised computers, controlled by remote attackers in order to perform such illicit tasks as sending spam or attacking other computers.
- Social engineering: Social Engineering is a technique in which a cyber criminal makes a direct contact with a person either by email or by phone. Then the criminal tries to win the confidence of the person and tries to extract sensitive information from him. This can lead to Identity Theft.
- Malvertising: It is a method by which a user downloads a malicious code by clicking on a malicious advertisement on any website that is infected. Generally, these malicious advertisements are also present on genuine websites.
- Potentially Unwanted Programs (PUPs): PUPs install unwanted software like search agents and toolbars on the system of a user. They include:
a. Spyware: It is PUP that obtains covert information about another computer’s activities.
b. Adware: It is a PUP that downloads or displays unwanted ads when a user is online, collects marketing data and other information without the user’s knowledge.
c. Bitcoin miner: This PUP is used to maliciously download bitcoin miner malware in the system of a user. It forces the system to generate bitcoin for the cybercriminals use and also makes the functioning of the system very slow.
- Drive-By-Downloads: It comes close to malvertising wherein visit to a website triggers a download of a malicious code to the computer.
- Remote administration tools: It is used to carry out illegal activities in a computer like controlling a computer using shell commands, stealing of data and sending the location of the computer to a remote controlling device and more.
- Exploit kits: These are ready to use tools (exploit kits,) such as worms and trojans, available in the Internet market. They can be bought by anyone and be used to gain control of another computer. For example, ZueS is an information stealing malware sold on the Internet.
Difficulties in Dealing with Cyber Crimes
Although the presence of cyber crime is widespread, there are plenty of reasons because of which it is extremely difficult to deal with its spread in the society. Firstly, in case of cyber crimes, there is a considerable attrition in the number of crimes actually committed and the number reported to the police. This happens because of reasons like unawareness of victims, fear of bad publicity and reluctance of reporting. The numbers of cyber crimes registered in India are increasing at a fast pace every year. In 2020, 50,035 cases of cyber crimes were registered in the country, which was an increase of 12% over the previous year. However, it is said by experts that the number of cases reported are only the tip of an iceberg and majority of the cases go unreported.
Secondly, it is observed that the investigation agencies face tremendous challenges in identifying, locating and arresting the real accused (detecting the crime) of a cyber crime. This happens because there are numerous ways of disguising one’s identity online such as encryption, steganography, use of prepaid anonymous services, tunneling softwares, and so on. Although the data of detection in cyber crimes is not widely available, but according to a report, only 18% of cyber crimes were detected in Mumbai in 2020.
Thirdly, it is difficult and expensive to obtain electronic evidence during investigation of cyber crimes. Many cyber crimes are cross-border in nature and the procedures for obtaining mutual legal assistance are time consuming. As gigabytes of data is required to be retrieved while obtaining small evidence, there is high cost involved. Agencies also face problems when data is encrypted. During the time elapsed in collecting evidence, the criminals get sufficient time space to destroy critical evidence.
Fourthly, the chances of a cyber trial ending into conviction are very less. The cases actually ending in conviction in 2020 were only 68% of the cases in which chargesheets were filed and trial was completed. This happens because the quality of evidence is not good because of difficulty in collecting them. Moreover, the prosecution does not possess adequate technical and legal knowledge to explain the evidence collected to the trial court. Furthermore, an accused with superior technical and legal knowledge may confuse the trial court by subjecting prosecution witness to excessive cross-examination on technical points, presenting irrelevant technical defence evidence which is difficult to breakdown and making excessive applications pointing out faults in investigation. Further, the trial of complex cyber crimes involving cross-border conduct takes considerable time to finish, thus, defeating the very purpose of justice.
Fifthly, various advanced tools are used by cyber criminals to encrypt data transmitted over the internet. These softwares mask information through steganography or the encryption and password protection of files using applications like WinZip.
Due to the reasons mentioned above, cyber crime is spreading like a wild fire in our society and the criminal justice system is struggling to address it. However, it needs to be noted that there are examples of excellent investigation into cases of cyber crimes in which accused have received maximum possible punishment from the courts.
However, people need to understand that cyber crime is an evolving subject and various techniques for committing cyber crimes come up regularly. Therefore, we need to focus more on prevention of cyber crimes. Local public is required to understand that they need to be alert against cyber crimes in this age of data. It is imperative to spread awareness against the various forms of cyber crimes and means to prevent from them.