:: News Plus

Virtual crimes

S. Raghotham

Bengaluru

Blackmail used to be difficult in the age of analog cameras. The blackmailer had to find the target in a compromising position, manage to take pictures while hidden from the target, develop the film, then take it to the target and tell him/her to pay up, or else…

In the age of digital cameras and pictures stored on computers and in email accounts, however, it doesn’t take so much toil — as musician and celebrity Anoushka Shankar recently found out. The criminally-minded can do it all from the comfort of his/her own home.

So, is the digital, Internet world, into which we are increasingly shifting every bit of our lives — from email and personal photos to banking, shopping — safe at all? As money moves online, so do criminals. Make no mistake, cybercrime is here to stay.

Hacking into an email, as reportedly happened in Ms Shankar’s case, is just one kind of cyber attack. There are others. It is estimated that a trillion dollars are lost to cybercrimes perpetrated worldwide each year through spam, viruses, worms, trojans, phishing, botnets, DDoS and others.

Cybercrime is the ultimate business plan for organised gangs. There is plenty of money to be made simply by sending a piece of malicious code into hundreds or even thousands of computers with the click of a button and drawing in sensitive information from their users. It’s less risky than committing armed robbery in the real world, less expensive to start off and cybercriminals can attack computers throughout the world.

In 2000, an Army officer went to a Delhi police station and asked the police to register a case for "theft of time". He had bought 100 hours of Internet time for his son from VSNL, but somebody managed to hack into his son’s account and used up a good number of Internet hours. The police, however, would not register the case. "We have heard of jewels, money and other materials being stolen. How can anyone steal time. You are talking absurd", the colonel recalls having been told.

A case was finally registered after he did the rounds to several senior police officers. In fact, the Delhi police even set up a separate cyber cell some time later, as have several state police forces, such as in Bengaluru, Mumbai and Chennai.

Still, cyber-criminals always seem to be a step ahead of police forces, not only in India but around the world.

In its latest report, Symantec, the Internet security software company, says, "In tune with global trends, India too saw a substantial increase in its proportion of malicious activity in almost every category. India had the fifth-highest number of broadband subscribers in the Asia Pacific-Japan (APJ) region in 2008 and the third-highest volume of malicious activity, with 10 per cent of the regional total".

According to the report, India had an average of 836 bots per day during 2008 and there were 103,812 distinct bot-infected computers in the country during the period. While the number of affected computers had gone up 31 per cent globally that year, in India, it had gone up by 250 per cent! Mumbai accounted for 37 per cent of bot-infected computers in India, followed by Chennai (24%) and Delhi (7%). These were illegally commandeered by some 70 bot-net server computers.

India’s cyber threatscape is also filled with worms and viruses. In fact, in the APJ region, India ranked first on worms and virus attacks prevalence chart. Nine of the top 10 malcodes consisted of worms (55%) and viruses (15%) that disabled security-related processes, downloaded additional threats and stole confidential information, the latest such attack being by the Downadup/Conficker worm, which hit thousands of computers in India.

Unfortunately, though, there’s not much police forces in India can do. Symantec reports that the attacks on computers in India were perpetrated predominantly using computers located in the US (84%) and China (5%).  

Big, sophisticated attacks can only be investigated by the cybercrime divisions of Central investigation agencies such as the Federal Bureau of Investigation and India’s Central Bureau of Investigation. State police forces do deal with cases of online fraud, theft of credit card information, Phishing attacks and the like, and they have even been able to solve many of them. Still, these are just a small fraction of the crimes that are taking place online, a police officer formerly with the cyber cell of Bengaluru police said.

One legal expert in Delhi said, part of the problem is also that while the investigating authority is the police, the ones with the know-how to track down cyber-criminals are IT professionals, and the two can scarcely work together. It’s a gap that needs to be plugged quickly. In the meantime, check your computer regularly for malware and be careful what email attachments and links you click on.

With inputs from Prashant Pandey