Work from home, a word of fantasy that arises in the mind of every employee in the morning when he goes to work by waking up from his laziness and moving out struggling through transports, traffic, and the noisy outdoors of the city. Who would have thought that one day this dream would come true due to the pandemic that has made work from home the new normal. In March 2020 when World Health Organization announced the COVID-19 epidemic, many have made changes to work from home; millions have lost their jobs. The future looks uncertain. The pandemic may have reduced the physical threats like home breaking, pickpocketing, and more but a large population can be affected due to cyber threats. The main cause of an increase in cybercrime is our dependency on them. Even for our basic things like shopping, grocery, ordering food, bank transaction everything and when the dependency is uncontrollable some people can take advantage of the situation.
Studies from Kaspersky researchers have found that the number of cyberattacks on Remote Desktop Protocols (RDP) has increased by 242% this year, compared to the last. Cruel attackers consist of an attacker who submits multiple passwords or passwords in the hope that he or she will eventually guess the combination correctly. The attacker systematically scans all passwords and passphrases until they are found to be correct. The report also revealed that there were nearly 330 crore attacks on Remote Desktop Protocols between January and November 2020, compared to 96.9 crore attacks recorded in 2019, worldwide. In India, the number of RDP attacks found has increased from 1.8 crores in 2019 to 3.6 crore by 2020, from January to November, almost double.
If we talk about the IBM X-Force Threat Intelligence Index, India has been a target of 7% cyberattacks in Asia in 2020. The reports tell that Finance and insurance are the most affected industries which are followed by the manufacturing and professional services. Microsoft in November revealed that it detected cyberattacks from nation-state actors targeting seven companies directly involved in researching vaccines and treatments for Covid-19, including in India. Dr. Reddy laboratories suffered a major ransomware attack this year.
RECENT INCIDENTS OF CYBERCRIME
The first case in India of cybercrime was Yahoo v. Akash Arora. The case took place in 1999. In the case, defendant Akash Arora was accused of using a trademark or domain name ‘yahooindia.com’ and seeking a permanent injunction. Another case is that of Vinod Kaushik and ors. v. Madhvika Joshi and ors. Where it was held that access to the husband and father’s e-mail accounts illegally without their consent is not authorized under section 43 of the IT Act, 2000. The case was decided in 2011. All of these cases are as real as cybercrime, which is rampant, especially in India.
One of the major cybercrime or hacking incident was the hacking of Twitter accounts of some top leading men of the world like Jeff Bezos, Gates, Elon Musk, Jeff Bezos (& Apple), Kanye West, and Mike Bloomberg. The attacks were a part of a major data breach and bitcoin scam. The fake tweets made from these blue tick accounts offered to send USD 2,000 for every USD 1,000 sent to a bitcoin address.
Many such incidents like the zoom app controversy, In April 2020, Zoom, a popular video conference app, was in the middle of a controversy. During the coronavirus, Work from home was started worldwide to prevent the spread of the disease, the use of video conferencing applications increased, and Zoom was among the most widely used. In April, there was an attack, Zoom bombing, where malicious people could join private meetings, read conversations, and share screenshots of anything they wanted, especially annoying ones, like adult videos or shocks. There have been many other security concerns in the Zoom app. The company later updated its iOS system to stop sending user data to Facebook. Zoom later improved the security of their Zoom sessions.
It was due to the lockdown that people were ordering everything online and then Big Basket (an Indian grocery company) leaked personal information for up to 20 million users such as full names, email IDs, password hashes (which may burn OTPs), pin, contact numbers (mobile and phone), full addresses, date of birth, location and IP addresses where users have previously been sold on the dark web for $ 40,000.
These Incidents have been alarming situations for authorities. India is the second-largest hit country of cybercrime. Not only the work from home but also in a general way it is a cause of concern in the world. There has been an influx of fake apps, domain names, and websites that use two realities, firstly, fear in the general public and their quest for information related to the pandemic, and second, companies around the world are turning to ‘work from home’ through the internet.
Phishing is also one of the newly developed cybercrimes. The latest was the one on Nidhi Razdan, a journalist who was offered a position of assistant professor at the Harvard University by a fraudulent mail. According to her, the attack was to get her bank account, personal data, emails, medical records, passport, and devices like computer and phone.
There have many more these types of cybercrime you should be aware of. Online harassment is often related to how you live in the community and if you choose to use a social network such as Facebook or Twitter. Cyberbullying may include threats sent via email, instant messaging or through a social media message/post.
Cyberstalking-Cyberstalks will do their best to monitor the victims’ online activity. This could include injecting a person’s computer with malware that could infect a computer. Cyberstalks is known for continuing to harass potential victims.
Identity theft scams-Cybercrooks who may have access to your credit card or bank account information may use that information to make purchases on your behalf. Theft of personal information has been a major problem even before the Internet was considered but as you may know, the physical world has made it much easier for criminals to use and steal your identity
Cybercriminals have changed their methods and now targeting people at their homes, which is their office as well. However, cybercriminals who try to obtain company information, customer information, and intellectual property are not the only ones that threaten businesses – employees can also be a weak link in IT security systems. While the ultimate goal of cyberattacks is to steal personal information or access the company’s network in the hope of making money, most begin with the crime of stealing sensitive information. These social engineering style methods are designed to get enough detail to allow bad characters to produce program credentials, or to contain harmful uploads – ransomware, viruses, and remote access trojans.
These malicious packages allow cyber makers to access, remotely, configure systems, and perform Remote Desktop Protocol actions. These are often tightly controlled, but the epidemic has seen a dramatic increase in RDP actions, as a significant increase in telecommunications has led to the rapid construction of additional IT infrastructure. This new infrastructure, designed to enable remote operation, often does not include the level of protection that would otherwise be lacking, including the absence of firearms or ultimate response solutions.
CYBERCRIME LAWS IN INDIA
Many laws are made in India to curb these mishappenings of cybercrime. The first one is
IT (information technology) ACT OF 2000- It is the primary law dealing with cyber crimes and electronic commerce. The Government of India enacted the Information Technology Act, 2000 for such purposes as: “to provide legal recognition for transactions carried out using electronic data interchange and other means of electronic communication, commonly referred to as “electronic commerce”.
An offence under this act are-
1.Tampering with Computer Source Documents as provided for under the IT Act, 2000 -Section 65 of the IT Act lays down that whoever knowingly or intentionally conceals, destroys, or alters any computer source code used for a computer, computer program, computer system or computer network, when the computer source code is required to be kept or maintained by law for the time being in force, shall be punishable with imprisonment up to three years, or with fine which may extend up to INR 200,000, or with both.
2.Computer-related offences-Earlier, the IT Act under Section 66 defined the term ‘hacking’ and provided a penalty for the same. However, the term ‘hacking’ has now been deleted by the introduction of the IT Amendment Act, 2008. The substituted Section 66 now reads as “If any person, dishonestly or fraudulently does any act referred to in Section 43, he shall be punishable with imprisonment for a term which may extend to three years or with fine which may extend to five lakh rupees or with both.
3. Punishment for violation of privacy– Section 66E says “Whoever, intentionally or knowingly captures, publishes or transmits the image of a private area of any person without his or her consent, under circumstances violating the privacy of that person, shall be punished with imprisonment which may extend to three years or with fine not exceeding two lakh rupees, or with both
4. Section 72 provides that – Keep as an alternative provision to this Act or any other law of the applicable time, any person, by any power conferred on him or her by this Act, rules or regulation under which he or she acts, information, document or other matter without the consent of the person disclosing the matter to any other person shall be liable to imprisonment for a term not exceeding two years, or a fine not exceeding one lakh rupees or both.
Even IPC covers a part of the damage due to cybercrime. Although these sections may not directly relate to this issue sections like 419 talking about ”cheating by personation’ and provides that any person who cheats by personation shall be punished with imprisonment of either description for a term which may extend to 3 (three) years or with a fine or with both as well as Sections 463, 465 and 468 of IPC dealing with fraud and “fraud with intent to cheat”, may also apply if the information is stolen. Section 468 of the IPC prescribes a forgery for cheating and provides for a penalty of imprisonment for any term of up to 7 (seven) years and a fine.
But the laws framed in India are not able to stop the rising crime. India’s Cyber Security score is 51.2 points on 100 and has been ranked 19th out of 21 in the National Privacy Test conducted recently by global VPN service provider Nord VPN. The Information Technology Act of 2000 outlines many amendments to repair and cover existing holes. But even after the amendment, the loopholes are still there and the growing number of cyber-criminal cases is proof of this. In the most famous case of Shreya Singhal v. Union of India, Mr. Tushar Mehta, who read the Solicitor General on behalf of the defendant, argued that any matter posted online or made available to network owners is certainly available worldwide or any other media, not limited to any particular limit, unlike other media. So it is clear that this requires a lot of rules. The rising crime rate makes it harder to deal with current legal systems. According to the current scenario, we can see that the proof is easily erased in these cases so the investing authorities should be given more time to investigate the matter, as well as the punishment in the matters, should be increased.
The rise and fall of new technologies have begun to star the use of many cyber cases in recent years. Cybercrime has become a major threat to humanity. The prevention of cybercrime is an important part of the social, cultural, and security sectors in the country. The Government of India enacted IT Act, 2000 to deal with cybercrime. The Act also reviews the IPC, 1860, IEA (Indian Evidence Act), 1872, Banker’s Books Evidence Act 1891, and the Reserve Bank of India Act, 1934. Any part of cybercrime in the world is possible, but it has begun to cross the country’s borders illegally the internet is creating both technical and legal difficulties in investigating and prosecuting these cases. International efforts and cooperation between nations need to take action on cybercrime. With the comfort of work from home comes cyber threat which we all should be aware of.
Author: Saumya Shukla
- The Information Technology Act, 2000 (Act 21 of 2000)
- “How big is the Big basket data breach?” ,The Indian Express, Nov. 12, 2020
- “India Hit By 375 Cyberattacks Daily In 2020, Says Pant” available at inc42.com
- “Verified accounts on Twitter hacked in massive breach. Netizens have the best memes” available at www.indiatoday.in
- Yahoo v. Akash Arora (1999) DLT 285
- http://www.cyberlawsindia.net/internet-crime.html last visited on 18-04-2021