Evolution of cybercrime in current times and its impact.

Abstract

The Merriam-Webster dictionary defines “cyber” as something relating to or involving computers or computer networks such as the Internet. The 21st-century world is at a stage where everything is cyber, meaning the lives of individuals revolve around computers and their networks. This technological advancement is certainly a massive step towards human growth and development. This digital age, despite its benefits, has a dark side. The dependency, addiction and further development of technology have opened doors to criminals and malicious acts committed through computer is known as cybercrime. It severely impacts and is impacting various aspects of individuals, businesses and the country at large. However, strong legislation and framework perform as preventive measures.

Keywords

Cybercrime, Artificial Intelligence, Malicious activities, Internet, Computer, Private or Confidential data.

Introduction

A headline of Indian Express read, “Two men in black masks broke into a house, stole a large sum of cash and valuables.” You might’ve come across headings like the one a year back, isn’t it? Today, however, such acts are rarely committed. What we come across now is “An unknown server hacks into a company’s system and steals private data”. The reason is the rapid transformation due to the development of technology and the use of the internet. However, everything comes with its pros and cons. Global technological development has made life easier. An individual sitting in the comforts of his home can make transactions, conduct or attend meetings, crack deals across borders, book travel tickets, and many such activities can be conducted courtesy of the Internet. Nonetheless, we can’t let the bright light blind us from its dark side, which is malicious cyber activities like cybercrime, especially when it foresees to be a major concern. Certainly, the use of the internet has taken the world nonplussed, and the instant paper intends to discuss how.

Research Methodology

This paper follows the non-empirical method of research. This certainly implies that the primary source of information is secondary. These secondary sources of information include articles, research papers and books. The sources of information helped in deeply analysing  cybercrime and its impact.

Review of Literature

Impact of Cybercrime: issues and challenges is a paper authored by Sumanjit Das and Tapaswini Nayak. Here, the ways and types of cybercrime are discussed in detail. Further, a detailed account of the impact of cybercrime under various headings has been elucidated. The challenges and the ways to tackle them are enumerated.

Economic Impact of Cybercrime- No Slowing Down, authored by James Lewis, states statistics showcasing the rise in cybercrime over the years. Also, the estimated number of cybercrimes to be committed in the years to come. Further, the types of cybercrimes and their individual impact on the global economy, along with relevant examples, were elucidated.

Beyond the pretty penny: The Economic Impact of Cybercrime Carlos H. Gañán, Micheal Ciere and Michel van Eeten, the paper gives a detailed insight into the technicalities of economic impact and policy implications on a country.

The Psychological and Financial Impact of Cybercrime: A Novel Application of the Shattered Assumptions Theory, authored by Jildau Borwell, Jurjen Jansen and Wouter Stol. The paper showcases through its sampling method how cybercrime has dented the society financially and psychologically.

What is Cybercrime?

The Indian legal system doesn’t provide a concrete definition of cybercrime. However, in a general sense, cybercrime is a criminal activity committed using a computer or computer network as tools to access, transmit or manipulate data illegally.

Those committing this malicious act are called cyber criminals. These computer-based wrongdoers carry out the act by showcasing their technological skills individually or collectively, that is, a team. They are widely found on the dark web. Some examples of cyber criminals include scammers, cyber stalkers, cyber terrorists, and black hat hackers (hacking is a criminal activity only when it has the malicious purpose of conducting harmful activities[1]).

Further, cyber crime can be categorised into two types. First, targeting computers wherein the computer devices are harmed. Second, using computers, the computers used to commit cybercrime.

Some examples of cybercrime include data breaches, malware attacks, phishing, identity theft, hacking, cyberstalking and harassment, financial theft, intellectual property theft etc.

Incidents of Cybercrime

For clarity purposes, some cybercrime stories spanning over different timelines have been enumerated.

  • The 2022 Uber cyberattack, wherein the hacker attempted to enter the company’s system. However, due to MFA protection was unsuccessful. The hacker then contacted an employee at Uber via Whatsapp and badgered him to approve the MFA notifications. Upon approval, the hacker immediately had access to the company’s VPN[2], PAM[3] solution, and sensitive services. The company’s bug bounty was also hacked which contains details of security vulnerabilities. Fortunately, it didn’t come to an entire system shutdown as the hacker dropped the data and walked away. However, during the 2016 Uber cyber attack, the company paid a ransom of a hundred thousand dollars to the cybercriminals in exchange for the stolen data.
  • Anil Kumar Srivastava v. Addl Director, MHFW (2005), in the instant case, the signature of the AD was forged and false allegations were raised against the same. The petitioner was held guilty under Sections 465 and 471 of the IPC.
  • Kalandi Charan Lenka v. The State of Odisha (2017), in the instant case, obscene messages were sent from the petitioner’s phone. Additionally, a fake Facebook account was created, and morphed pictures were used.  The court held the accused guilty of cyberstalking and was charged under the IT Act and 354D of IPC.
  • In 2018, the Pune branch of Cosmos Bank experienced a cyberattack where Rupees ninety-four crore were transferred to a bank in Hong Kong. The hackers carried this task out by hacking into the bank’s main server. Additionally, the ATM server was hacked to get VISA and Rupay debit card details.
  • The Sony.Sambandh.com case, 2013[4], also known as the first cybercrime conviction in India. Here, the convict gained access to the credit card of an American national and misused it to purchase products from a website run by Sony India Private, Ltd.

Cybercrime and AI

The two terms cybercrime and AI are invariably intertwined. How? Before understanding that, let’s know what AI is. Artificial Intelligence, commonly known as AI, is the ability of a computer to perform a task which usually requires human intelligence. For instance, the virtual assistant “Siri”.

AI is impacting the commission and prevention of cybercrime. Firstly, the rapid development and the ever growing use of AI have made cybercrimes easier and more sophisticated. AI-powered tools help detect security loopholes and system vulnerabilities, which cybercriminals exploit to attack cyberspace.

For instance, analysing stolen data[5] is stolen by cybercriminals. However, not all stolen data is useful. Here, AI assists in picking valuable, sensitive data, which is later sold in dark web marketplaces. Another could be cracking passwords. It being a popular cybercrime, there already exist numerous malicious techniques to uncover a password. Regardless of how the presence of AI has made the task quicker. A House Security Heros[6] The report stated that the AI-powered cracking tool PassGAN can crack fifty-one percent of common passwords within a minute.

Some other examples of cybercrimes by use of AI could be crafting malicious emails that bypass spam filters, gathering information on the targets, and creating fake photos, videos, information etc. It can safely be stated that with AI, cybercrimes can skyrocket in the coming times. On the other hand, AI can be used as an effective method to curb cybercrime. For instance, monitoring cybersecurity[7], i.e. recognising risks in real-time or keeping track of network activities, spotting oddities and notifying security systems. Malware is a malicious program written to be used for cybercrime. AI, by examining codes and behaviour patterns, eliminates malware and stops them from infecting devices. Thus, AI holds the ability to protect cyberspace by identifying and responding to threats. Further, it can be used as a preventive measure to detect and stop cybercrimes at the initial stage.

Impact on economy

An economy loses 2.5 percent of its GDP to cybercrime. The FBI states that cybercrime is a global concern, and economic espionage is a major concern.[8] Cybercrime will cost the world 10,5 trillion dollars annually by 2025.[9]  In 2020, the global economy lost 945 billion dollars to cybercrime. [10] Many more such headlines make newspapers and articles on a daily basis in contemporary times. Why? The answer to this is implied, the large-scale use of the internet to carry out businesses and basic economic activities transforming the traditional economy into a digital one. Additionally, the pandemic has made the world all the more dependent on digitalisation. This sudden and rapid use of the internet certainly has its counter effects.

Activities such as the following are denting the economy.

  1. Financial cybercrime, as the name suggests, cybercriminals target the finances of the victim. Some examples would include financial institutions like banks suffering, credit card fraud, phishing, corrupting internet banking and others. This results in direct financial losses.
  2. Ransomware attacks are where valuable and sensitive data is stolen, and the criminals demand ransom to release it. Unfortunately, ransom payment doesn’t ensure data recovery; even if it does, the recovery costs are financially stressful.
  3. Intellectual property theft is when an idea, innovation or creative expression created by a human is stolen. The cost of intellectual property can be high, especially when it’s a big company, as it hampers goodwill when the stolen property is misused. For instance, in military technology, loss of intellectual property could cost the country’s national security. [11]
  4. Data Breach is when an unauthorised party gains valuable and sensitive information, which could include personal, corporate or governmental data. In 2018, Marriott Hotels suffered a data breach affecting more than five hundred million customers wherein their payment details, mailing addresses, passport information and phone numbers were compromised; this is an apt example of a data breach.

The abovementioned malicious acts and many such victimise individuals, financial institutions, big and small companies, medical enterprises and consequently, the economy.

So, in what ways is the economy hampered?

First, Business disruption due to the loss of sensitive data causes a lack of productivity and erodes consumer trust witnessing a drop in revenue. The ripple effect of this grossly manipulates the demand-supply chain. Further, businesses which heavily rely on technology face worse consequences. This leaves an irreparable dent in the economy.

Second, the loss of confidential information from government organisations exposes and weakens a nation’s stand internationally, consequently hindering economic growth and development.

Third, the soar in cybercrime holds back citizens from using digital means to conduct personal and business activities, creating an obstacle to digital economy initiatives and their subsequent benefits. Further, India intends to achieve a paperless economy, for instance, through digital governance, digital services, online payments and other computer-based day-to-day conveniences. Additionally, India’s aspirations to become a five trillion dollar economy, all of this is hurdled by the ever-rising cybercrimes.

Hence, the potential economic growth and development to be served by digital transformation is halted. It shall also be duly noted that it not only affects a country nationally but causes a serious impediment to the worldwide development and growth of humans.

Impact on society

As the common saying goes, “crimeless society is a myth”, and crime is omnipresent. It’s just that the definition of crime is changing in societies. We live in a place where friendships are built on social media platforms, information is shared online to reach the masses, people are hired via platforms like Linkedin etc. All in all, society is evolving into a digital one.

However, society has been impacted drastically. The hacking of infrastructural servers like air control puts society under foreign threat. Then, worming in medical institutions and exposing sensitive healthcare information violates the privacy rights of the patients. So, the patients lose trust and hesitate to share accurate details that would help them improve.

The excessive use of social media is hampering the creativity and intelligence of the youth. Because there are numerous instances where young minds are victims of cyberbullying, hacking and misusing their accounts for illegal activities like sharing obscene messages. Thus, hindering societal growth and development. The impact on infrastructure.

Further, deteriorating mental health is an alarming concern as it not only hampers growth but also becomes a cause of crimes in the country, leading to diminishing morality in society. 

Another malicious activity that falls under the ambit of cybercrime is generating and sharing false information, which causes hatred and chaos among people. Thus, compromising social harmony. In furtherance, a society functions on the ability to co-exist and trust each other, but the surge in cybercrime eludes this principle ideology.

Cybercrime and law

The Internet has revolutionised the conventional notion of crime. For instance, the offence of extortion earlier required the victim to be physically present, but now online extortion has replaced the traditional ways. For the sake of clarity, online extortion is where the cybercriminal holds electronic files or any confidential data hostage until payment demands are met. This simple example implies that laws need to be revolutionised parallelly.

There certainly have been legislations passed to tackle the issue of cybercrime, for instance, The Information Technology Act, 2000, and later, the amended 2008 act, Information Technology (Certifying authorities) Rule, 2000, Information Technology (Security Procedure) Rules, 2004, Information Technology (Certifying Authority) Regulation, 2001, the Cybersecurity framework (NCFS), the Indian Penal Code, 1860 which is currently underway to be repealed and replaced by a statute favourable to current times. The Digital Personal Data Protection Act of 2023 can certainly be noted as a positive step. Despite the efforts, cybercrime is on the rise and requires rigorous legislation and frameworks. Further, judicial precedents can be of great help. Following is a brief on the status of judgments passed concerning cybercrimes.

Internationally, cybercrime cases witness judicial complexities as its challenging to establish  jurisdiction to initiate legal proceedings. The dilemma arises when it comes to coordinating the laws of different nations because it gets complicated and delays sensitive matters. However, despite the international judicial complexities, the Indian judiciary has pronounced numerous judgments on how the law has evolved with cybercrime. Them being:

  • In the State of Tamil Nadu v. Suhas Katti[12] and later in the State of Karnataka v. Sri Raghavendra S. Navalgund, 2010, the courts held that the offence of hacking under Section 66 of the IT Act requires criminal intent that is mens rea and dishonesty.
  • In Sanjeev Mishra v. The State of Uttar Pradesh[13], the court held that defamation charged under Section 499 of the Indian Penal Code, 1860 also includes online defamation within its ambit.
  • In Sanjeev Mishra v. Bank of Baroda[14], the victim was exposed to sexual harassment from another employee of the bank, but the State differed. The court held the accused guilty and stated that with the changing times, despite the distance, it shall be treated as the same workplace on digital platforms. In furtherance, the court broadened the definition of “workplace harassment” by including online harassment.
  • The reason for committing a cybercrime varies from financial gains to defaming others to taking revenge. In the landmark judgement of cybercrime, Shreya Singhal v. Union of India[15], the question of when its defamation and not is answered by repealing Section 66A of the IT Act, 2000. The offence of sending offensive information using computers or electronic devices was punishable under the abovementioned repealed section. The Supreme Court repealed the section as it didn’t have a constitutional standing because it was in conflict with the fundamental right of Right to speech and expression. Therefore, the apex court established that no cybercrime legislation shall be in conflict with the fundamental rights of the citizens.

Suggestions

In order to reduce and effectively handle cybercrimes, here are some recommendations that can be taken into consideration. To begin with, create a secure digital world by educating internet consumers on how to set up strong passwords; the course of action when targeted by cybercriminals, businesses shall ensure strong cybersecurity, and the government shall actively work towards curbing cybercrimes nationally as well as internationally.

Next, laws are the step towards making meaningful changes. However, before framing laws, the Ministry of Law and Justice should have information sharing with the software industry and consult information technology experts, researchers and those practising in the field of law. Another input while framing legislation for cybercrime is to evolve a definition of cybercrime; this would prevent ambiguities and ease taking action against the accused. Additionally, litigation shall be promoted against cybercrime so that judicial interpretations enrich the virgin law provisions in this new and demanding field of law. For instance, the Supreme Court in Anvar P.V. v. P.K. Basheer, 2014[16]pronounced the need to formulate new laws and strengthen new ones to fight against the surge of cybercrime. The court also stated the need to educate citizens about the risk and ways to protect themselves. Thus, rightfully guiding the further course of action.

Moreover, as cybercrimes are borderless, an international legal regime is the need of the hour to overcome the diverse cultures and ideologies of countries. A solution along the lines of public international law as a unified legal framework to tackle cyber crimes through international consensus is something coming to mind. Therefore, ensuring unity in diversity, economically and socially.

Conclusion

The world is evolving at a fast pace with technological advancement and the use of the internet, which has taken the world nonplussed. However, individuals, organisations and governments are attempting to keep up with this fast-moving global phenomenon. For instance, legal provisions are enacted, everybody owns an electronic device availing internet access, and stronger programs are built to prevent new-age crimes. Unfortunately, these efforts are falling short in front of the expanding cybercrimes and severely impacting society and the economy. However, there are always two sides to a coin, and similarly, technological advancement is both a boon and a bane. Finally, cybercrime, the major drawback, can be prevented with effective and efficient measures.

Bhavika Mittal

DES Shri Navalmal Firodia Law College Pune, affiliated with Savitribai Phule Pune University.


[1] What is Cybercrime? Types, Examples, and Prevention. https://cybertalents.com/blog/. (last visited 11 August 2023)

[2] Virtual Private Network.

[3] Privileged Access Management.

[4] Important Cyber Law Case Studies, Cyber laws and information security advisors,  (last visited August 14 2023). https://www.cyberralegalservices.com/

[5] Katie Raees, 5 Ways AI Can Help Cybercriminals (last visited August 13 2023) https://www.makeuseof.com/

[6] https://www.homesecurityheroes.com/ai-password-cracking/.

[7] Divyansh, The Use of Artificial Intelligence to Curb Cyber Crimes in India. (last visited August 13 2023)                                            https://www.legalserviceindia.com/legal/article-11906.

[8] Kyle Chin, The impact of cybercrime on the economy, (last visited 12 August 2023) https://www.upguard.com/blog/

[9] Steve Morgan , Cybercrime to cost the world $10 dollars by 2025 (last visited 12 August 2023)https://cybersecurityventures.com/

[10] University of Portsmouth, What is the impact of cybercrime on society and the economy? (last visited August    12 2023) https://studyonline.port.ac.uk/blog/

[11] James Lewis, Economic Impact of Cybercrime- No Slowing Down, February 2018.

[12] 4680 of 2004

[13] 2021

[14] 2021

[15] 2015

[16] 2016