Menu
business, technology, city

Evading Cyber Ecosystem: Understand the vicious cycle of CyberCrime & CyberSecurity and related Rules and Policies

Publications, Research paper

Abstract

Cyberspace is the world of Digital Technology that transcends borders and connects the world through the internet. Cybercriminal exploits weaknesses in the cyber ecosystem to get unauthorized access and steal sensitive information that may cause financial and reputational damages.

Being the first man-made environment, that cannot be controlled, is required to prioritize the security of Digitally shared information or data, to create a trustworthy cyber ecosystem. It would not be wrong to say that fear often influences the creation & enforcement of laws and so, in the technical world, cyber threats pose a significant challenge to lawmakers and society.

This Research Paper will explain CyberSecurity- CyberCrime’s nexus and focus on the regulations and rules against cybercrimes to secure digitally stored data and information.

Keywords: Digital technology, Technology, Data, Cyber, Law, Security, Crime, Attack, cyberspace, Ecosystem

Introduction:

Computer Technology has given us new avenues of success but it also cannot be neglected that along with the technical development crimes related to technology also increased its pace, it not only increases the threat to personal data or the information of an individual but also hamper the security and confidentiality of an entire nation.

Imagine that there are bad guys on the internet who try to steal data or information from computers and to do so in previous times was simple and straightforward. But now, they have become cleverer and use many different advanced methods to attack.

Traditionally, it was believed that the term cybercrime would qualify if any criminal activities were done on personal computers or the internet. However, as technology advances it become an integral part of the various aspects of our life, and the scope of cybercrime has broadened significantly. Now, this became a vast phenomenon that clarifies that any criminal activities done with criminal intention either by using the internet or targeting the internet or any communication devices connected to computers and internet parse is called Cybercrime.

Research Methodology

This research paper is a combination of both primary and secondary research methodologies. The primary research includes the analysis of case law of the high court and supreme court Judgements involving the utilization of reliable legislation books to gather provision and statutory information.

Review of literature:

A cyber ecosystem with various components is directly interconnected with cybersecurity and cyber-crimes, that together are called cyberspace. The internet has eliminated geographical boundaries and introduced anonymity, which has facilitated the rise of cyber criminals. Despite efforts to establish anonymity monitoring and blocking, cybercriminals continue to evolve and develop new tools and strategies to target specific networks.

Information Technology Act 2000 is one of the most important legislative initiatives to provide a comprehensive legal framework for governing cyber-related issues. Amendments have been made over the years to address evolving cyber threats and adapt to the digital age.

The government and the ministries are continuously proving support to state and union territories in fighting against cybercrimes and also taking numerous steps to raise awareness and facilitate reporting of cybercrimes

The vicious cycle in the cyber ecosystem evolves cybercriminals continuously develop new methods to exploit vulnerabilities in the cyber ecosystem, while governments and organizations strive to implement robust cybersecurity measures and enact laws and policies to deter and punish cybercrimes. The evolving nature of technology and cyber threats requires a constant effort to stay updated and adapt to new challenges in the digital landscape

Cyber Ecosystem: Interplay of Cybercrime, Cybersecurity

A complex, dynamic, and newly emerging discipline constantly evolving due to technological advancement, threats, and changing societal needs. It implied both positive aspects and challenges associated with cybersecurity, privacy, and governance.

In this direct interconnectedness, the main components of the cyber ecosystem include:[1]

  • Infrastructure i.e., Networks, servers, cloud platforms, and communication channels.
  • Devices i.e., Computers, mobiles, Internet of Things devices, and other connected devices.
  • Software and applications include Operating systems, web browsers, social media platforms, online services, and productivity tools.
  • The network includes LAN, WAN, and INTERNET
  • Users include individuals or Organizations who utilized this cyber ecosystem 
  • Policies and Regulations encompass the legalities and the interference of the lawmakers to establish guidelines for cybersecurity, privacy, data protection, and intellectual property rights.
  • The threat landscape includes malware that indulges in hacking, data breaches, and cyber-attacks.
  • Collaboration & Cooperation between governments, private sector entities, academia, international organizations, and individuals to address challenges and promote cyber security best practices.

All these are Digitals and network-based components. When this component faced cyber threats by cybercriminals, the government interference, to secure it from such threats is referred to as cyber security. 

Cyberspace:

Terms cybersecurity, cybercrimes, and cyber breaches are ultimately related to cyberspace which was come for the first time in 1982 by William Gibson, in his novel Neuromancer[2]. In his Novel, he described cyberspace as an environment that has been created virtually in which network activity takes place. Later date William Gibson came to know that a few years down the line cyberspace will become a reality and the internet brought along a variety of novel features:

  • The internet makes geography history. Primarily no artificial boundaries of the nation-states were there.
  • The Internet brought the long vast entire issue of anonymity – where people somehow got a feeling that they can log on to this network in an anonymous manner and therefore they can just act and do anything that they like and which they actually can’t in the physical world. Due to this anonymity, we began to start seeing cybercriminals increasingly doing cybercrime activity. However, over a period of time, we have to come to know, that there is actually no anonymity and that your identity can be known, and that has not really prevented cyber criminals from moving forward and now coming up with new tools and technological strategies so as to go on and keeping targeting a specific network of their target perse.

Therefore, in this context, when we talk about cyber security we have to quickly realize in its boundary and in its medium anonymity monitoring description and blocking. It became a very tall order to ensure that you are able to protect and preserve cybersecurity from all angles. No wonder cybersecurity is a very relative subject, so we have to examine how cybersecurity as a paradigm is being sought to be regulated by legal frameworks in different nations across the world.

Cybercrimes:

The entire umbrella of cybercrime is growing, and with each passing time, we begin to see new ingenuity in the minds of cyber criminals who are increasingly using cyberspace and its various resources for planning and implementing cyber-criminal design activities.

Broader categories of cybercrime:

  1. Virus Attacks: A virus attack refers to the intentional spreading of malicious software to infect the computer system with the intention to disrupt and destroy data, steal personal information, or provide unauthorized access to a computer or network.
  2. Cyber Defamation[3]:

This a new concept but traditionally the term has been defined as false statements about someone with the intention to harm their reputation are considered defamation (Section 499). The offense of using electronic means to criminally intimidate and damage someone’s reputation (section 503). In SMC Pneumatic (India) Pvt. Ltd. Case, the Delhi high court prohibited the defendant from publishing or transmitting any defamatory information in both real and cyberspace.

Child Pornography, Hacking, Denial of Service Attack, Virus Proliferation, Computer Fraud, Card Fraud, Phishing, Spoofing, Cyber ​​Stalking, Threatening, Salute Attack, Email Bombing, Data Dadding, Virus Attack, Logic Bomb, Trojan Attack, Internet time theft, cyber espionage, cyber defamation, keystroke logging, data-driven attacks, DNS spoofing, dumpster diving are the examples of the cybercrimes. All these activities significantly threaten the overall security of an individual, organization, and the cyber ecosystem.[4]

Cybersecurity breaches: Over the past few years, cybercriminals have launched many highly integrated digital attacks, and many advanced technologies were, involved. [5] With the increasing importance of cybersecurity breaches the USA has already declared the arena of a National Emergency visibly of cyber threats. NATO has Described cyberspace as the next domain for war. According to another study, cybercrime will be tripling the no. of unfolding cybersecurity jobs, which is expected to Paget 4 million jobs by 2021.

The cybersecurity venture estimated the global cost of cybercrime is expected to increase and reach up to $10.5 trillion USD by 2025, up from $ 3 trillion USD in 2015. It was the biggest scam in history that discourages many from investing in innovations.[6] These cyber-attacks are increasing day by day; some attackers are working for the countries and some are working for the enemies of the country, Due to this the severity of cyber-attacks may increase tremendously by 2025.

“Ransomware” is one of those advanced cyber-attack methods, when these bad guys lock up important files on computers and demand money in exchange for unlocking them. They target big or small businesses.

“Cryptomining” is also another type of attack where the attackers use other’s computers or digital devices to make money for themselves by secretly using the digital resources for mining cryptocurrencies and giving them an easy way to get into company networks.

In the past few years, there was a lot of incidents where a large amount of data was leaked or stolen such as in January the personal information of Covid 19 patients was leaked, then In Feb 2021 the information of 500000 Indian Police officers was leaked and sold. In ay Air India’s (2021) compromise of 4.5 million passengers’ personal data, in the same month, the information of 190000 CAT applicant data was leaked on the dark web. By ‘Dragonforce Malaysia’ a hacktivist group hacked 70 Indian Government and Private Websites to display a religious extremist message.[7]

Cybersecurity Law and Cyberlaw:

Cybersecurity Law looks at the legal policy or regulatory issues concerning Digital devices, technology, and the internet for its protection, preservation, maintenance, and continues updating. As we are more prone to using technologies the risk of cybercrimes also increases and it’s obvious that cyber breachers are very interested in our data. That means we are constantly living in threats that our data or information could be breached at any time.

Therefore, we need to be more careful about the nuisance of cyber security breaches and so we must be aware of such newly emerged discipline and also legal consequences that are going to come to visit us because this cyber security is not only going to affect our presence but also our digital future.

Cyber law is the newly emerging discipline, which refers to the legal framework that governs activities in the digital realm. It covers Data Protection, Privacy Laws, Intellectual Property Rights, Online Transactions, E-commerce, Cybercrime, Freedom of Speech & Expression, Jurisdiction, Enforcement, Cyber security, and Defence.

The state of Utah in the USA became the first state that came up with dedicated cyber law since then rapid development started taking place, in January 1997 UN general assembly passed the UN’s model law on Electronic commerce that set some resolutions in UNGA, which called upon on minerals on GA to come up with national laws on the basis of a set model law on E-commerce so that they can help for further growth and development of E-commerce.

Legislative Measures to Prevent Cybercrimes:

Information Technology Act 2000:

IT Act 2000 provides comprehensive legislative aspects related to electronic devices, data, transactions, crimes, and so on. This act is considered the primary source of law to govern cyber-related issues in India.

  • Main objectives of enacting the Information Technology Act[8]:
  • This Act Recognised and validate electronic records and digital signatures, making them equivalent to physical documents and signatures.
  • It aims to protect, preserve and maintain electronically saved data & personal information, and also its confidentiality. It also introduced the provisions related to handling and processing of sensitive personal data by entities operating in India.
  • Act recognizes electronic transactions through electronic data interchange (EDI) and E-commerce with the aim of replacing the old methods of information storage.
  • Act takes measures to protect the cyber ecosystem from cyber threats and provided fines and penalties for these crimes.
  • The Act established a mechanism for resolving disputes and appeals relating to cybercrimes and setup the specialized bodies like cyber appellate tribunals now known as cyber appellate authority to handle such cyber-related cases
  • Important provisions under the Information Technology Act:
  • Section 43(a)[9]: This provision of the IT Act deals with the unauthorized or illegal access of the devices.

In 2005, the employees at the call center of Citibank in Pune[10] committed fraud by transferring the money of the customers to a fake account the court ruled it as cybercrime and the employees were charged under IT Act and Indian Penal Code for cheating and fraudulent activities.

  • Section 66 and its sub-sections:

Section 66A[11] of the IT Act states that anyone who sends false or harmful information using a computer or phone can be punished with imprisonment and a fine.

Section 66B states that a person can also be punished if he knowingly possesses or uses a stolen computer or phone.

Section 66C deals with using someone else’s information online without permission, which is not permitted.

Section 66D is about pretending to be someone else online and cheating others.[12]

In the Shreya Singhal case[13], two women were arrested for posting inflammatory comments about the Mumbai Bandh on Facebook. They challenged Section 66A of the IT Act, which punishes defamatory and disturbing online content. The Supreme Court state that people have the right to express their thoughts even if they are not popular. Section 66A prohibits all forms of communication without distinguishing between harmless speech and incitement to violence. The court said, Section 66A does not protect people from defamation but focuses on offensive statements that are disturbing. The court found that section 66A was not contradictory to Indian Constitution and so didn’t address the procedural issue of irrationality.

  • Section 65:  It deals with the modification or alteration of computer source code without authorization will be punishable.

In the landmark judgment of Syed Asifuddin[14], the court held that a mobile phone is also considered a computer, and changing its information is not allowed under section 2(1)(i) of the IT Act.

  • Section 67:  This provision deals with the broadcasting of cyber pornography as a punishable offense.

In Suhas Katti (Tamil Nadu) case[15], a Person harassed a woman by creating a fake email account of her name and posting defamatory and obscene information about her. The court sentenced him to 2 years of imprisonment with 500 rupees fine under section 469[16] and 1 year of imprisonment with 500 rupees fine under section 509[17] and 2-year rigorous imprisonment and a fine under section 67 of the IT Act.

  • Section 79[18]: This section proved the immunity of the intermediaries such as internet providers and social media platforms from liability of third-party content posted. This provision is also known as “Safe Harbor”

The Christian Loubouti SAS[19] a luxury shoe manufacturer sued an e-commerce website called darveys.com for selling fake goods that violates their trademark. The court held that the website was not just the intermediary but also had control over the products sold on the website. Since the website actively participated in promoting and selling the products could not be protected as an intermediary under IT Act.

The Information Technology (Amendment) Act, of 2008 has brought changes in several laws and added new laws for cybercrimes in the Indian Penal Code, allowing electronic records as evidence in court under the Indian Evidence Act, Addressed Copyright Infringement in the digital world and introduced cybercrimes in the Penal code. Investigation procedures were modified, and personal information was protected. Right to Information Act changes have been made to adapt to the Digital age and deal with the issues related to technology and online crime.

In 2018 the government under Information Technology Intermediary Guidelines (Amendment) Rules, 2018 made some rules for online platforms the motive of these rules was to stop sharing fake news or harmful content. The online platforms must have rules and privacy policies to stop all nuisance and remove all unlawful content within 24 hours. The critics criticized this rule stating that the government is invading the privacy but supreme court supported to need to control harmful messages on social media/

Government Initiatives to control cybercrimes:

The use of the internet has made our lives easier & better, but this invention has also created avenues for crimes. The government is taking various measures to prevent it. In India, each state is responsible for preventing and solving this crime related to cyberspace.

  • Law Enforcement agencies: Under the 7th schedule of the constitution, it is the state’s responsibility to deal with any kind of illegal activities related to cyberspace through Law Enforcement agencies with the help of the Central Government to strengthen their efforts in fighting cybercrimes.[20]
  • Government Established the Indian Cybercrime coordination centre (I4C) to provide help to the police team to combat cybercrimes and coordinate with different regions to deal with cybercrimes.
  • Ministry of Home Affairs helping the states and UTs to fight cybercrimes against women and children under Cybercrime Prevention against Women & Children (CPWC) by providing financial help, training, and hiring experts.
  • The government has created a National Cyber Crime Reporting Portal where the public can report any kind of cybercrimes related to women and children with a toll-free number 1930 to get help in reporting online crimes and a system to report financial fraud quickly to prevent money from being stolen.
  • Cyber Jagrukta Divas: An initiative by the Ministry of Home Affairs brought under the umbrella of the I4C scheme, to create awareness among schools, universities, public sector undertakings, Panchayati raj institutions, etc., have to spend one hour every first Wednesday of the month to spread awareness about the cybersecurity.[21]
  • Cyber Surakhsit Bharat: it’s a government initiative aimed to create a safer digital environment by promoting cybersecurity awareness, and building cybersecurity infrastructure with the aim to protect individuals, businesses, and the overall digital ecosystem in India from cyber-attacks and ensure a secure and resilient cyberspace.
  • Cyber Suraksha Kendra: it’s a special center that helps to prevent and mitigate cyber-attacks they employ skilled professionals and advanced technologies which help in creating a safe and secured cyber ecosystem.

International Actions to Safeguard the Cyber Ecosystem:

Currently, there is no single international convention specifically dedicated to cyber law. The first successful treaty Budapest Convention on Cybercrime[22] signed and ratified in 2001 by almost 50 countries was the Budapest Convention on Cybercrime, also known as the Council of the European Convention on Cybercrime. This is the binding treaty that aims to harmonize national laws, improve investigative techniques, and enhance international in combating cooperation in combating cybercrime.

  • This convention is a set of rules to fight against cybercrime But, major countries such as the US, China, Russia, and Brazil have not ratified it and this limited participation affected the convention’s effectiveness.
  • The countries came across the boundaryless medium where they came up with national artificial boundaries of their own cyber laws and the absence of uniform cyber law in place became a unique challenge to cyber security.
  • Some countries are worried about the privacies of their personal data or the nation’s secret information as this convention allows the government to access and share electronic information.
  • Countries believed that this convention may not adequately address the rapidly evolving new types of viruses-like I LOVE YOU (2000) or STUXNET VIRUS [23](2010). which were extensively dangerous viruses that caused economic and financial losses.
  • Indeed, this virus brought a new challenge in the cyber ecosystem that made cyber law more complex with time.

Now, different countries are focusing on comping up their own dedicated cyber security laws, such as the “No Hack Agreement[24]where the two countries agreed that they will not hack each other’s digital devices or infrastructure.

Suggestion:

Today’s ever-evolving technology makes it difficult to deal with threats, and ensuring effective enforcement of cyber laws to prevent them is becoming one of the biggest challenges for the government and legal system worldwide.

To control cybercrime in India and globally required to strengthen the law and regulations, establish specialized cybercrime investigation units, have to promote international cooperation, enhance cybersecurity education and awareness, foster public-private partnerships, compulsory collaborate with technical companies, must invest in Research and development, empower individuals and businesses with security measure. All these are important measures that aim to combat cyber threats and create a safer digital landscape for everyone involved more importantly whatever laws, rule, or regulations are created by the lawmakers and organizations taking steps to combat the cyber threat is required to adhere to those terms not only the nation or the law-making authority but the single individual’s cooperation is essential.

Conclusion

Well, in this entire ecosystem, it is clear that the world has to move toward a global consensus on cyberspace legal and political issues. As society becomes largely dependent on technology cybercriminals manage to find loopholes to get their goals. Cybercrimes pose a significant hurdle to the development of a country and negatively impacted individuals and the nation’s economy. The information technology Act plays a crucial role in combating cybercrimes. But it is important to recognize that regional or national laws are solely not sufficient, global cooperation is very much required to effectively address cyber attackers and combat cyber threats. By working together, countries can strengthen their defences and collectively fight against cyber viruses.

Authored By, SHAMIM ANWAR, B.A.LLB.

[1] Dr. Sudhir Kumar Sharma, Cyber Security: A Legal Perspective, International Journal of Computer and Internet Security. ISSN 0974-2247 Volume 9, Number 1 (2017), pp. 1-11 © International Research Publication House,2017

[2] Kane Dane, Neuromancer PDF Free Download by William Gibson, March 17, 2021

[3]Anishka Gubrele, Defamation in the Internet Age: Laws and Issues in India, ipleader, June, 2019

[4]Anurag SriRML ,An Overview Of Cybercrimes and Cyber Laws In India, article-9498, 2023

[5] Cybersecurity Threat Trends Report, Cisco Umbrella, 2023

[6] – Steve Morgan, Cybercrime Magazine, Cybercrime to Cost the World $10.5 Trillion Annually By 2025, Special Report: Cyberwarfare In The C-Suite.  Sausalito, Calif. – Nov. 13, 2020

[7] Cybersecurity Threat Trends Report, Cisco Umbrella,2023

[8] IT ACT 2000

[9] BareAct IT ACT 2000

[10] Molshree Totla, Pune CITIbank Mphasis Call Center fraud, 17/7/2020.

[11] SECTION 66 (A,B,C,D,) BARE ACT of IT ACT 2000

[12], Anurag sri RML, An Overview of Cybercrimes and Cyber Laws in India, article-9498, 2022

[13] Shreya Singhal vs. Union of India AIR 2015 SC 1523.2015

[14] AIR 1960 SC 866: (1960 Cri LJ 1239).

[15] C.C.NO.4680/2004

[16] Indian Penal Code 1860

[17] Indian penal code 1860

[18] Information technology act 2000

[19] CS(COMM) No. 890/2018

[20]Shri Rajeev Chandrasekhar, Prevention of Cyber Crimes, G-20, Azadi ka Amrit Mahotsav, Ministry of Electronics & IT, Jul 2022

[21]Kumar Shantanu, Kratikal Blogs Jagrukta Divas: A Ministry of Home Affairs Initiative, June 16, 2022

[22] Alexander Seger, The Budapest Convention on Cybercrime: a framework for capacity building, Global Forum on Cyber Expertise, 2016.

[23] Marilyn Wolf & Joseph marks, Cyber-physical system, High Performance embedded computing, 2014

[24] Ellen Nakashima, Russia, U.S and other countries reach new Agreement against cyber hacking, even as attack continue, 2021