Hacking & Digital Arrest Scams – Cyber Crimes Decoded

Hacking-and-Digital-Arrest-Scams-Cyber-Crimes-Decoded

Context:

  • The United Nations General Assembly adopted a landmark cybercrime convention on December24, paving the way for significant changes to how governments police the internet.
  • The Convention against Cybercrime was adopted without a vote and by consensus after a five-year negotiation.
  • According to cyber cell data, Indians lost Rs 1,777 crore to cyber fraud in just the first four months of 2024. Of this, Rs 120 crore was lost to digital arrest scams.
  • Digital arrest, among other scams, was highlighted by Prime Minister Narendra Modi during his monthly radio address 'Mann Ki Baat' on October 27, 2024.
un cybercrime convention
United Nations General Assembly

1.

What is cybercrime?

What is cybercrime
  • In general cybercrime may be defined as “Any unlawful act where a computer or communication device or computer network is used to commit or facilitate the commission of crime”.
  • These crimes involve the use of technology to commit fraud, identity theft, data breaches, computer viruses, scams, and expanded upon in other malicious acts.
  • Cybercrime is a serious issue in India, and the Information Technology Act (IT Act) of 2000 covers many types of cybercrimes.

2.

What is the history of cybercrime?

What is the history of cybercrime
  • The history of cybercrime can be traced back centuries, with the first recorded cyber attack in 1834 in France.
Incident Analysis
The telegraph system
  • In 1834, two thieves infiltrated the French telegraph system, gained access to financial markets, and stole data.
  • Many experts consider this event the first cybercrime, followed by other cybercrimes, each focusing on newly invented technologies.
The telephone system
  • The 19th and 20th centuries saw attacks focused on the telephone system.
  • In 1876, Alexander Graham Bell patented the phone, which allowed transmitting speech using telegraphy.
  • Two years after the commercialization of this invention, teenage boys broke into Bell‟s telephone company and misdirected calls.
  • In later years (1960s-1980s), phone hacking (phreaking) became popular.
Ethical hacking
  • In 1940, Rene Carmille, a French computer expert, hacked into the Nazi data registry.
  • Carmille, a punch card computer expert, used his expertise to reprogram Nazi punch card machines to prevent them from registering information correctly.
  • His work blocked the Nazis‟ attempts to register and track Jewish people.
Phishing scams and malware
  • In the 1980s, emails became a popular communication form, and by the 1990s, web browsers and computer viruses rose in popularity.
  • In these years, hackers started using email attachments to deliver malware and phishing scams and web browsers to spread computer viruses.
Social media scams
  • In the 2000s, social media networks gained worldwide popularity, and hackers started utilizing these platforms for data theft and other cybercrimes.
  • In the following years, cybercriminals improved malware infections and data theft techniques.
  • Today, these attacks are deployed in the thousands, constantly increasing with no signs of slowing down.
First conviction
  • Lan Murphy, better known as Captain Zap, was the first person to be convicted of cybercrime, which occurred in 1981.
  • He had managed to hack the American telephone company‟s internal clock to allow consumers to make free calls during busy hours.

3.

What is the UN cybercrime treaty?

What is the UN cybercrime treaty
  • The UN Convention against Cybercrime aims to prevent and combat cybercrime more efficiently and effectively, including by strengthening international cooperation and by providing technical assistance and capacity-building support, particularly for developing countries.
  • The adoption of this landmark convention is a major victory for multilateralism, marking the first binding international anti-crime treaty in 20 years.
  • The UN Office on Drugs and Crime (UNODC) served as secretariat to the negotiations.
  • The General Assembly adopted the resolution without a vote.
  • The Convention will open for signature at a formal ceremony to be hosted by VietNam in 2025 and will enter into force 90 days after being ratified by the 40th signatory.

4.

Enlist various types of cybercrimes?

Types of cybercrimes Analysis
Child Pornography/ Child sexually abusive material (CSAM)
  • Child sexually abusive material (CSAM) refers to material containing sexual images in any form, of a child who is abused or sexually exploited.
  • Section 67 (B) of IT Act states that “it is punishable for publishing or transmitting material depicting children in sexually explicit acts, etc. in electronic form.
Child sexually abusive material CSAM
Cyber Bullying
Cyber Bullying
  • Cyber Bullying is a form of harassment or bullying inflicted through the use of electronic or communication devices such as computers, mobile phones, laptops, etc.
Cyber stalking
  • Cyber stalking is the use of electronic communication by a person to follow a person, or attempts to contact a person to foster personal interaction repeatedly despite a clear indication of disinterest by such person or monitoring the internet, email or any other form of electronic communication commits the offence of stalking.
Cyber stalking
Online Job Fraud
  • Online Job Fraud is an attempt to defraud people who are in need of employment by giving them a false hope/ promise of better employment with higher wages.
Online Job Fraud
Online Sextortion
  • Online Sextortion occurs when someone threatens to distribute private and sensitive material using an electronic medium if he/ she doesn’t provide images of a sexual nature, sexual favours, or money.
Online Sextortion
SIM Swap Scam
  • SIM Swap Scam occurs when fraudsters manage to get a new SIM card issued against a registered mobile number fraudulently through the mobile service provider.
  • With the help of this new SIM card, they get One Time Password (OTP) and alerts, required for making financial transactions through the victim's bank account.
  • Getting a new SIM card against a registered mobile number fraudulently is known as SIM Swap.
SIM Swap Scam
Phishing
  • Phishing is a type of fraud that involves stealing personal information such as Customer ID, IPIN, Credit/Debit Card number, Card expiry date, CVV number, etc. through emails that appear to be from a legitimate source.
Phishing
Denial Of Services /Distributed DoS
  • Denial of Services (DoS) attack is an attack intended for denying access to computer resources without permission of the owner or any other person who is in-charge of a computer, computer system or computer network.
  • A Distributed Denial of Service (DDoS) attack is an attempt to make an online service unavailable by overwhelming it with traffic from multiple sources.
Denial Of Services
Spamming
  • Spamming occurs when someone receives unsolicited commercial messages sent via email, SMS, MMS and any other similar electronic messaging media.
  • They may try to persuade the recipient to buy a product or service, or visit a website where he can make purchases or they may attempt to trick him/ her into divulging bank account or credit card details.
spamming
Espionage
  • Espionage is the act or practice of obtaining data and information without the permission and knowledge of the owner.
types of espionage
Cryptojacking
  • Cryptojacking is the unauthorized use of computing resources to mine cryptocurrencies.
Cryptojacking

5.

Enlist a range of cybercrimes against the government?

Enlist a range of cybercrimes against  the government
Cybercrime Analysis
Cyber Terrorism
  • Cyber Terrorism is a major burning issue in the domestic as well as global concern.
  • The common form of these terrorist attacks on the internet is by distributed denial of service attacks, hate websites and hate emails, attacks on sensitive computer networks etc.
  • Cyber terrorism activities endanger the sovereignty and integrity of the nation.
Cyber Warfare
  • It refers to politically motivated hacking to conduct sabotage and espionage.
  • It is a form of information warfare sometimes seen as analogous to conventional warfare although this analogy is controversial for both its accuracy and its political motivation.
What were the recommendations of the Shri Ramnath Kovind panel on One Nation One Election
Distribution of pirated software
  • Distribution of pirated software means distributing pirated software from one computer to another intending to destroy the data and official records of the government.
Possession of Unauthorized Information
  • It is very easy to access any information by the terrorists with the aid of the internet and to possess that information for political, religious, social, ideological objectives.

6.

What is Hacking and enlist its types?

  • Hacking in cyber security refers to the misuse of devices like computers, smartphones, tablets, and networks to cause damage to or corrupt systems, gather information on users, steal data and documents, or disrupt data-related activity
  • Hacking first appeared as a term in the 1970s but became more popular through the next decade.
  • Hacking can be of following types:
types of hackers
Types of Hacking Description
Black hat hackers
  • Black hat hackers are the "bad guys" of the hacking scene. They go out of their way to discover vulnerabilities in computer systems and software to exploit them for financial gain or for more malicious purposes, such as to gain reputation, carry out corporate espionage, or as part of a nation-state hacking campaign.
Black hat hackers
White hat hackers
  • White hat hackers can be seen as the “good guys” who attempt to prevent the success of black hat hackers through proactive hacking.
  • They use their technical skills to break into systems to assess and test the level of network security, also known as ethical hacking.
  • This helps expose vulnerabilities in systems before black hat hackers can detect and exploit them.
  • The techniques white hat hackers use are similar to or even identical to those of black hat hackers, but these individuals are hired by organizations to test and discover potential holes in their security defenses.
White hat hackers
Grey hat hackers
  • Grey hat hackers sit somewhere between the good and the bad guys.
  • Unlike black hat hackers, they attempt to violate standards and principles but without intending to do harm or gain financially.
  • Their actions are typically carried out for the common good. For example, they may exploit a vulnerability to raise awareness that it exists, but unlike white hat hackers, they do so publicly.
  • This alerts malicious actors to the existence of the vulnerability.

7.

What is malware and mention its types?

What is malware and mention its types
  • Malware is malicious software that a cybercriminal/hacker creates to disrupt/damage computer/s or derive financial benefits.
  • It is often spread by way of an unsolicited email attachment or download link.
  • They can be of following types:
Types of Malware Analysis
Virus
  • It is a self-replicating program that attaches to a clean file and spreads in a computer system infecting other files.
Trojans
  • Trojans disguises as legitimate software and users are tricked into uploading Trojans onto their devices where they cause damage or collect data.
Spyware
  • Spyware is a program that secretly records what a user does, and then this information is misused.
Ransomware
  • Ransomware locks down a user‟s files/data, the user can not access them unless a ransom is paid. Example - Wannacry and Petya.
Adware
  • Adware is advertising software that can be used to spread malware.
Logic Bombs
  • A logic bomb is a malicious program that uses a trigger to activate the malicious code.
  • The logic bomb remains non-functioning until that trigger event happens.
  • Once triggered, a logic bomb implements a malicious code that causes harm to a computer.
  • Cybersecurity specialists recently discovered logic bombs that attack and destroy the hardware components in a workstation or server including the cooling fans, hard drives, and power supplies.
  • The logic bomb overdrives these devices until they overheat or fail.
Logic Bombs
Keyloggers
  • Keylogger records everything the user types on his/her computer system to obtain passwords and other sensitive information and send them to the source of the keylogging program.
Keyloggers
Backdoors
  • A backdoor bypasses the usual authentication used to access a system.
  • The purpose of the backdoor is to grant cyber criminals future access to the system even if the organization fixes the original vulnerability used to attack the system.

8.

Enlist data on global cyberattacks?

Enlist data on global cyberattacks
3 key cybersecurity statistics
who is behind cyber attacks
the most prevalent forms of cyber crime
distribution of detected cyberattacks worldwide in 2022
biggest cyber security threats identified by security leaders in APAC based Organizations
cyber security incidents by region 2022
cyber security threat actor motives and identity categories

9.

What is Digital Arrest?

  • Digital Arrest is a new and innovative tactic employed by cybercriminals to defraud gullible victims and extort money.
web of crime
In 2024, India faced significant losses from digital arrest scams, with ₹1,777 crore lost in the first four months alone.
digital arrest
how fraudsters trick victims and evade police
how fraudsters trick victims and evade police-2
what to do if someone contacts you and threatens you with arrest
how do you avoid getting trapped
steps to take if you are already a victim and have lost money

10.

What is the status of cybercrime in India?

  • India was placed on the 80th position in a report focusing on local threats in the year 2023.
  • The position is based on the malicious programmes found directly on users‟ computers or removable media connected to them (flash drives, camera memory cards, phones, external hard drives) or that initially made their way onto the computer in non-open form, including programmes in complex installers or encrypted files.
  • Additionally, nearly 34% of users in India were targeted by local threats, amounting to some 74,385,324 local incidents being blocked by Kasperksy products.
4400 cyber attacks on indian banks every day
several hacktivist groups target india during the G20 summit
What is the status of cybercrime in India
states which recorded the highest number of cyber crimes in 2021
cybercrime trends
cybersecurity incidents in india

11.

Enlist the findings of the India Cyber Threat Report 2023?

  • The India cyber threat report 2023 is released by the Data Security Council of India (DSCI) and Quick heal.
Enlist the findings of the India Cyber Threat Report 2023
top 10 states with highest malware detections 290mn detections
top 10 cities with highest malware detections
india malware landscape sectoral analysis
attacks by top hacktivists
cyber threat prediction for 2024

12.

What are the reasons for rising cyber crimes in India?

india's poor cyber awareness
  • The rise of cybercrime in India is a complex issue, with several key factors contributing to its growth and impact.
  • Here are the few important reasons for the rise of cybercrime in India.
Reasons Analysis
Increasing Internet Penetration
  • India has witnessed a remarkable surge in Internet penetration, driven by the availability of affordable smartphones and low-cost data plans.
  • While this digital revolution has brought numerous benefits, it has expanded the potential target pool for cybercriminals.
India 2nd largest after china
Rapid Digital Transformation
  • Various sectors in India, including banking, ecommerce, healthcare, and government services, have undergone rapid digital transformation.
  • Adopting online platforms and digital systems has created new opportunities for cybercriminals to exploit vulnerabilities and launch attacks.
online platforms and digital systems
Financial Incentives
  • Cybercrime is often driven by financial gain.
  • India‟s growing economy, increasing digital transactions, and adoption of digital payment systems have provided cybercriminals with lucrative opportunities for financial fraud, including phishing attacks, online scams, and credit card fraud.
Lack of Cybersecurity Awareness
  • Despite the increasing digital literacy, many individuals and organizations in India still lack sufficient awareness of cybersecurity best practices.
  • This lack of awareness leaves them vulnerable to social engineering techniques, malware attacks, and other cyber threats.
Data Privacy Concerns
  • With organizations‟ increasing collection and storage of personal data, data privacy concerns have risen.
  • The unauthorized access, theft, or misuse of personal information can lead to identity theft, financial fraud, and other forms of cybercrime.
Lack of cyber hygiene
  • Cyber hygiene refers to the set of practices and behaviors individuals and organizations adopt to maintain a secure and safe digital environment.
  • It encompasses a range of actions and precautions aimed at protecting digital assets, systems, and data from cyber threats and vulnerabilities.
what happens if you poor cyber hygiene
cyber crimes and their motives

13.

Mention about the epicenter of cybercrimes in India?

  • According to a 2023 report, „A Deep Dive into Cybercrime Trends Impacting India‟ by the Future Crime Research Foundation, an IIT Kanpur incubated start-up, among the top 10 cybercrime epicentres are Bharatpur – Rajasthan (18%), Mathura – Uttar Pradesh (12%), Nuh – Haryana (11%), Deoghar – Jharkhand (10%) and Jamtara – Jharkhand (9.6%).
  • The report said several common factors contribute to their vulnerability, including geographical proximity to major urban centers, limited cybersecurity infrastructure, socioeconomic challenges, and low digital literacy.
top 10 cybercrime epicentres
india's cybercrime hotspots
15 nabbed in december
phishing capital of india

14.

What are the impacts of cybercrime in India?

What are the impacts of cybercrime in India
Impacts Analysis
Financial Losses
  • Cybercrime has resulted in substantial financial losses for individuals, businesses, and the Indian economy as a whole.
  • Financial frauds, online scams, and identity thefts have become rampant, causing individuals to lose their hard-earned money and businesses to suffer significant financial setbacks.
  • According to the report of the Norton LifeLock survey, Rs. 1.24 trillion was lost in India in the past 12 months due to cybercrime.
  • In 2024, India faced significant losses from digital arrest scams, with ₹1,777 crore lost in the first four months alone.
  • Karnataka reported the highest number of cases, totalling 641 and ₹109 crore lost.
Data Breaches and Privacy Concerns
  • Data breaches have become a recurring nightmare for Indian organizations, leading to the compromise of sensitive personal and financial information of millions of individuals.
  • Such breaches erode public trust and raise concerns about privacy and data protection.
overview of data breaches
Disruption of Critical Infrastructure
  • Cyberattacks targeting critical infrastructure, such as power grids, transportation systems, and government networks, pose a severe threat to national security.
  • These attacks can disrupt essential services, cause economic instability, and even compromise public safety.
Social and Psychological Impact
  • Cybercrime not only affects individuals and organizations financially but also has a profound social and psychological impact.
  • Victims of cyberbullying, online harassment, and cyberstalking often suffer from emotional distress, anxiety, and depression.
  • The psychological toll of cybercrime can be long-lasting and devastating.

15.

Enlist global measures to tackle cybercrime?

Measure Analysis
Interpol Cybercrime Global Strategy 2022- 2025:
strategic framework 2022-2025
Potential UN Cybercrime Treaty
  • UN member states have been negotiating an international treaty on countering cybercrime.
  • If adopted by the UN General Assembly, it would be the first binding UN instrument on a cyber issue.
Budapest Convention
  • The Budapest Convention, also known as the Council of Europe Convention on Cybercrime, is an international treaty that aims to combat cybercrime.
  • The treaty focused on harmonizing laws and increasing cooperation across borders so that a range of cybercrime could be prosecuted in the multiple countries affected.
  • India decided not to participate in this convention.
Budapest Convention

16.

Enlist measures taken by the Government of India to combat cybercrime in India?

Enlist measures taken by the Government of India to combat cybercrime in India
Measure Analysis
Indian Cyber Crime Coordination Centre (I4C)
  • The Indian Cyber Crime Coordination Centre (I4C) is a government initiative to deal with cybercrime in India, in a coordinated and effective manner.
  • It is affiliated to the Ministry of Home Affairs, Government of India.
  • The scheme was approved in October 2018 with a proposed amount of ₹415.86 crore.
Indian Cyber Crime Coordination Centre- I4C
National Cyber Forensic Laboratory
  • A National Cyber Forensic Laboratory (NCFL) has been set up at the Central Forensic Science Laboratory, Hyderabad to investigate important cases of digital fraud / cyber forensics.
  • This laboratory acts as a Model Laboratory for other Central and State Forensic Science Laboratories in the country.
National Cyber Forensic Laboratory
CyTrain Porta
  • A Massive Open Online Courses (MOOC) platform for capacity building of police officers, judicial officers, and prosecutors through online courses on critical aspects of cyber-crime investigation, forensics, and prosecution.
CyTrain Portal
National Cyber Crime Reporting Portal
National Cyber Crime Reporting Portal
Information Technology (IT) Act, 2000
  • It is a comprehensive legislation that addresses various aspects of electronic governance, digital signatures, data protection, and penalties for cybercrimes.
Information Technology IT Act  2000
Citizen Financial Cyber Fraud Reporting and Management System
  • It is a system for immediate reporting of financial frauds and assistance in lodging online cyber complaints through a toll-free helpline.
Cybercrime Prevention against Women and Children (CCPWC) Scheme
  • The Government implements a scheme of Cyber Crime Prevention against Women and Children (CCPWC) under Nirbhaya Fund.
  • A National Cybercrime Reporting Portal (NCRP) www.cybercrime.gov.in has been launched under CCPWC to report all types of cybercrimes with special focus on cyber-crimes against women & children.
  • A toll-free Helpline No. 1930 is also operational in all States/ UTs.
  • NCRP has had more than 16.18 Crore visitors.
  • Around 1.94 lakh Child Pornography/ Rape or Gang Rape (CP/RGR) complaints have been reported as on 30.04.2024.
Cybercrime Prevention against Women and Children CCPWC
Central Assistance for Modernizatio n of Police
  • Providing financial support to States/UTs for acquiring modern weaponry, advanced communication/forensic equipment, and cyber policing equipment.
  • An overall outlay of Rs. 4846 crore under the scheme of “Assistance to States & UTs for Modernization of Police (ASUMP)” has been approved for five years during the period from 2021-22 to 2025-26.
cyber crime prevention against women and children

17.

How to protect oneself from cybercrimes?

beware of swindlers
15 ways to protect your business from a cyberattack
5 steps data security

What is the relevance of the topic for UPSC CSE?

For Prelims: Cyber Crime, Seventh Schedule of the Constitution, Internet of Things, Crypto-Currency, Massive Open Online Courses.

For Mains: Internal security,Cyber Crime, Related Challenges and Measures to Deal with it.

Some Previous Years Prelims Questions

Q1. In India, under cyber insurance for individuals, which of the following benefits are generally, in addition to payment for the loss of funds and other benefits? (2020)

1. Cost of restoration of the computer system in case of malware disrupting access to a computer.

2. The cost of a new computer if some miscreant wilfully damages it, if proved so.

3. Cost of hiring a specialized consultant to minimize the loss in case of cyber extortion.

4. Cost of defense in the court of law if any third party files a suit.

Select the correct answer using the code given below:

(a) 1, 2, and 4 only

(b) 1, 3 and 4 only

(c) 2 and 3 only

(d) 1, 2, 3 and 4

Ans: (b)

Some Previous Years Mains Questions

Q1. Social media and encrypting messaging services pose a serious security challenge. What measures have been adopted at various levels to address the security implications of social media? Also suggest any other remedies to address the problem.[2024]

Q2. What is the status of digitalization in the Indian economy? Examine the problems faced in this regard and suggest improvements.[2023]

Q3. What are the different elements of cyber security? Keeping in view the challenges in cyber security, examine the extent to which India has successfully developed a comprehensive National Cyber Security Strategy. [2022]

Q4. Keeping in view India’s internal security, analyse the impact of cross-border cyber attacks. Also, discuss defensive measures against these sophisticated attacks. [2021]

Some Questions from This Year and Previous Years Interview Transcripts

Board B B Swain Sir:

  • Does centralisation of web servers have risks?
  • What type of cyber risks does it possess?

Board R N Choubey Sir:

  • Cyber crimes are transnational, how to deal with them?
  • How to prevent them?

Board Satyawati mam:

  • Tell me something about cyber crimes
  • Tell me something about social crimes and cyber crimes linkages
  • How to prevent cyber crimes in India?

Board Preeti Sudan mam:

  • What are cyber crimes?
  • Mention a few examples of some cyber crimes?
  • What steps need to be taken to tackle those crimes?

Some Questions for QUIZ

Q1. The term “zero-day exploit” closely relates to which of the following.

(a) Cyber attack

(b) Vehicular pollution

(c) Invasive Alien Species

(d) Cancer Drug Delivery

Ans: (a)

Some Questions for POLL

Q1. Do you think that rising cybercrime can hamper the Digital India mission?

(a) YES

(b) NO

(c) Can’t say

Q2. Should India be part of the UN cybercrime treaty?

(a) YES

(b) NO

(c) Can’t say