Indian Cyber Crime Coordination Centre
The Indian Cyber Crime Coordination Centre (I4C) scheme was authorised for two years (2018-2020) in October 2018 to deal with all kinds of cybercrimes in a systematic and organised manner.
It is consistent with the 2013 National Cyber Security Strategy aimed at promoting the development of a safe computing environment and encouraging adequate trust and confidence in electronic transactions, as well as directing cyberspace defence behaviour by stakeholders. This centre is located in New Delhi.
One of the components of the scheme is the National Cybercrime Reporting Portal (NCRP):
o Other components are: National Cybercrime Threat Analytics Unit, Joint Cybercrime Investigative Team Group, National Cybercrime Forensic Laboratory Ecosystem, National Cybercrime Training Centre, Management Unit of Cybercrime Ecosystem, National Cyber Research and Innovation Centre.
NCRP is a citizen-centered project that will allow people to report online cybercrimes through the internet with a special emphasis on crimes against women, children, in special child pornography, material on child sexual exploitation, online content on rapes and gang rapes, financial crime, etc.
The appropriate law enforcement agencies in the states and UTs will have access to all cybercrime-related complaints and take action as required by law.
Regional Coordination Centers for Cyber Crime will be formed at the state / UT level and currently 15 states and UTs have given their consent to set it up.
CYBER-CRIME
- Cybercrime is a broad term used to describe illegal activity in which computers or computer networks are a criminal activity weapon, target, or location, covering anything from electronic cracking to denial of service assaults.
- The typical crimes in which computers or networks are used to facilitate criminal activity are also protected.
- Cyber law is not a different legal structure in India. It is a mixture of laws on contracts, intellectual property, data security , and privacy.
- The Information Technology Act, 2000 discusses the spectrum of crimes of the digital century. The medium and the object of such crimes are computer technology, mobile devices, apps, and the internet.
- Traditional criminal activities are now part of cyberspace, such as stealing, fraud , forgery, slander, and mischief. These have already been discussed in the Indian Penal Code.
- 'Police' and 'Public Order' are subjects of the State as per the Indian Constitution. States / UTs are thus solely responsible, through their law enforcement machinery, for the prevention, identification, investigation and prosecution of crimes.
INTERPOL REPORT ON CYBER ATTACKS
> With over a million confirmed cases of SARS-CoV-2 virus across more than 200 nations and territories, coronavirus has spread its filthy feathers across the whole world.
> Globally, the total number of coronavirus cases neared 1.35 million while the death toll crossed 74,000.
> However, some people are out there who seek to gain advantage from crisis.
> According to an Interpol warning, cybercriminals are exploiting the coronavirus crisis and threatening to hold hospitals to ransom despite the lifesaving work they are carrying out.
> The International Criminal Police Organisation has issued a global alert to health care organizations about the ransomware attacks, often disguised as official advice from government agencies, which are designed to lock administrators out of the critical IT systems they need.
> Interpol’s Cybercrime Threat Response has detected a “significant increase” in the number of attempted ransomware attacks against key organizations around the world.
ANALYSIS:
Cyber Crimes:
> The bane of the internet, cybercrime refers to any and all illegal activities carried out using technology.
> Cybercriminals, who range from rogue individuals to organized crime groups to state-sponsored factions, use techniques like phishing, social engineering, and all kinds of malware to pursue their nefarious plans.
> Cybercrime is defined as a crime in which a computer is the object of the crime (hacking, phishing, spamming) or is used as a tool to commit an offense (child pornography, hate crimes).
Types of Cybercrimes:
> Cyberextortion:
A crime involving an attack or threat of an attack coupled with a demand for money to stop the attack.
> Ransomware: One form of cyberextortion is the ransomware attack, in which the attacker gains access to an organization’s systems and encrypts its documents and files - anything of potential value - making the data inaccessible until a ransom is paid.
> Ransomware: One form of cyberextortion is the ransomware attack, in which the attacker gains access to an organization’s systems and encrypts its documents and files - anything of potential value - making the data inaccessible until a ransom is paid.
> Cryptojacking: An attack that uses scripts to mine cryptocurrencies within browsers without the user’s consent. Cryptojacking attacks may involve loading cryptocurrency mining software to the victim’s system.
> Identity theft: An attack that occurs when an individual accesses a computer to glean a user’s personal information, which they then use to steal that person’s identity or access their valuable accounts, such as banking and credit cards.
> Cyberespionage: A crime involving a cybercriminal who hacks into systems or networks to gain access to confidential information held by a government or other organization. Cyberespionage activities can include every type of cyberattack to gather, modify or destroy data, as well as using network-connected devices, like webcams or closed-circuit TV (CCTV) cameras, to spy on a targeted individual or groups and monitoring communications, including emails, text messages and instant messages.
> Software piracy: An attack that involves the unlawful copying, distribution and use of software programs with the intention of commercial or personal use. Trademark violations, copyright infringements and patent violations are often associated with this type of cybercrime.
> Exit scam: The dark web, not surprisingly, has given rise to the digital version of an old crime known as the exit scam. In today’s form, dark web administrators divert virtual currency held in marketplace escrow accounts to their own accounts -- essentially, criminals stealing from other criminals.
> Dark web: The deep web refers to all parts of the internet (sites, e-shops, forums, etc.) that are not accessible by a regular search engine like Google or Bing.
About INTERPOL:
> Founded in 1923, Interpol is an international police organization made up of 194 member countries.
> The International Criminal Police Organization, or the Interpol is an international police agency that helps other law-enforcement agencies track criminals who operate across national borders.
> In each country, an INTERPOL National Central Bureau (NCB) provides the central point of contact for the General Secretariat and other NCBs.
> An NCB is run by national police officials and usually sits in the government ministry responsible for policing.
About INTERPOL Notices:
> INTERPOL Notices are international requests for cooperation or alerts allowing police in member countries to share critical crime-related information.
> Red Notice: To seek the location and arrest of wanted persons wanted for prosecution or to serve a sentence.
> Yellow Notice: To help locate missing persons, often minors, or to help identify persons who are unable to identify themselves.
> Yellow Notice: To help locate missing persons, often minors, or to help identify persons who are unable to identify themselves.
> Blue Notice: To collect additional information about a person’s identity, location or activities in relation to a crime.
> Black Notice: To seek information on unidentified bodies.
> Green Notice: To provide warning about a person’s criminal activities, where the person is considered to be a possible threat to public safety.
> Orange Notice: To warn of an event, a person, an object or a process representing a serious and imminent threat to public safety.
> Purple Notice: To seek or provide information on modus operandi, objects, devices and concealment methods used by criminals.
Cyber Laws and Legislation in India and Abroad:
At Global Level:
Budapest Convention on Cyber Security:
At Global Level:
Budapest Convention on Cyber Security:
> It is the first international treaty seeking to address Internet and computer crime by harmonizing national laws, improving investigative techniques, and increasing cooperation among nations.
> It’s objective is to pursue a common criminal policy aimed at the protection of society against cybercrime, especially by adopting appropriate legislation and fostering international cooperation.
International Governance Forum (IGF):
> Internet Governance Forum (IGF) is a multi-stakeholder forum for policy dialogue on issues of Internet governance which brings together all stakeholders in the Internet governance debate.
> It facilitates a common understanding of how to maximize Internet opportunities and address risks and challenges.
> It is convened under the auspices of the Secretary- General of the United Nations.
National Level:
National Technical Research Organization (NTRO):
> NTRO is a highly specialized technical intelligence gathering agency.
> It develops technology capabilities in aviation and remote sensing, data gathering and processing, cyber security, cryptology systems, strategic hardware and software development, and strategic monitoring.
National Critical Information Infrastructure Protection Centre (NCIIPC):
> National Critical Information Infrastructure Protection Centre is envisaged to act as a 24x7 center to battle cybersecurity threats in strategic areas such as air control, nuclear and space.
> It is placed under the National Technical Research Organization.
CERT-In:
> The Computer Emergency Response Team (CERTIn) has been designated to serve as the national agency to perform the following functions:
- To collect and analyses information on cyber incidents
- To forecast and give alerts of cybersecurity incidents
- To provide emergency measures for handling cybersecurity incidents
- To coordinate cyber incident response activities
- To issue guidelines, advisories, vulnerability notes and white papers relating to information security practices, procedures, prevention, response and reporting of cyber incidents National Cyber Coordination Centre (NCCC): > NCCC is a critical component of India’s cyber security against hackers and espionage as well as to track terrorist activity online.
> It will scan the country’s web traffic to detect real-time cybersecurity threats and alert various organizations as well as internet service providers for timely action. It also will coordinate between intelligence agencies, specifically during network intrusions and cyber-attacks.
Crime and Criminal Tracking Network System (CCTNS):
> CCTNS is a nationwide network infrastructure for evolution of IT-enabled state-of-the-art tracking system around “investigation of crime and detection of criminals”.
> It is initiated in 2009 which aims at to interconnect about 15000 Police Stations and additional 5000 offices of supervisory police officers across the country and digitize data related to FIR registration, investigation and charge sheets in all Police Stations.
Information Technology Act, 2000:
> It is the most significant piece of legislation addressing conduct in cyberspace in India.
> It provides legal recognition to e-commerce and e-governance and facilitates its development as an alternative to paper-based traditional methods.
> The Act seeks to protect the advancement in technology by defining crimes, prescribing punishments, laying down procedures for investigation and forming regulatory authorities.
National Cyber Security Policy, 2013:
> The policy provides for developing effective Public-Private Partnership and collaborative engagements through technical and operational cooperation and contribution for enhancing the security of cyberspace.
Suggestive measures:
> There are a number of steps hospitals and others can take to protect their systems from a ransomware attack: > Only open emails or download software/ applications from trusted sources
> Do not click on links or open attachments in emails which you were not expecting to receive, or come from an unknown sender
> Secure email systems to protect from spam which could be infected
> Backup all important files frequently, and store them independently from your system (e.g. in the cloud, on an external drive)
> Ensure you have the latest anti-virus software installed on all systems and mobile devices, and that it is constantly running
> Use strong, unique passwords for all systems, and update them regularly
CONCLUSION:
In the current situation, prevention and mitigation are key, with the malware mainly being spread by emails. The hospitals and healthcare companies need to ensure hardware and software are kept up to date, and that essential files are backed up. Moreover, the public needs to be encouraged to exercise caution when buying medical supplies online during the current health crisis, with criminals capitalizing on the situation to run a range of financial scams.