India And Cyber Crimes
The information technology (IT) is a double edge sword, which can be used for destructive as well as constructive work. It has now created for the mankind a fifth dimension to land, sea, air and space, though unlike the other four dimensions it is completely man-made and man-controlled. We all know how because of the constructive use of the IT, India’s profile and wealth have gone up enormously in the world. But at the same time, and this is the destructive aspect, India ranks fifth in the world for cyber crime, according to a report last year by the U.S.-based Internet Crime Complaint Center, a partnership between the Federal Bureau of Investigation and the National White Collar Crime Center.
In fact, the report said that as India became home to the fourth highest number of Internet users in the world, cyber crime has been rising at more than 50 per cent per year. A striking example of such crime was the attack on computers in the Indian Prime Minister’s office by Chinese hackers last December.
Investigators are still coming to terms with the extent of damage caused by that attack, as the hackers had targeted the cream of India’s national security setup: National Security Advisor MK Narayanan, Cabinet Secretary KM Chandrasekhar, the Prime Minister’s special envoy Shyam Saran and deputy National Security Advisor Shekhar Dutt. In addition, 26 others were also squarely in the crosshairs of the hacking attempt.
The timing of the espionage attempt led investigators to suspect the Chinese hackers of desperately trying to access any available data on India’s position at the Copenhagen Climate Summit being held at the time. It may be noted that until Indian Prime Minister Manmohan Singh arrived in Copenhagen on December 17, Environment Minister Jairam Ramesh and Saran were singing different tunes.
But what has disturbed investigators most is that the Chinese hackers possibly had inside help. The possibility of a mole within the Indian establishment helping a foreign adversary is staring investigators in the face.
In March 2009, a China-based cyber spy network hacked into government and private systems in 103 countries, including many Indian embassies and the headquarters of the Dalai Lama. In May 2008, hackers from China attacked the website of India’s Ministry of External Affairs. Despite official denials, at least one website reported that hackers had stolen the identities and passwords of several Indian diplomats.
In the past three years, over 9,000 Indian websites have been at the mercy of an anti-India community. Hackers based beyond India’s borders have become a threat for the government.
Cyber attacks from across the border are not new to India. This happened for the first time when India was conducting nuclear tests at Pokhran in 1998 and hackers based in Pakistan attacked the websites of Zee News and India Today. GForce Pakistan and Pakistani Hackerz Club took responsibility for the intrusions and left behind threatening messages demanding that the nuclear tests be stopped. After the terror attacks on the Indian Parliament in December 2001 and a massive troop standoff between India and Pakistan several hacking incidents were reported.
Pakistani hackers also targeted the Indian website www.armyinkashmir.com, which was providing factual information about daily events in the Kashmir Valley in 1999. Hackers posted photographs showing Indian security forces allegedly killing Kashmiri people and blamed the Indian government for “atrocities” there. Obviously, this had the intended impact in the valley.
In December 2008, the Indian Eastern Railways portal was hacked by Whackerz-Pakistan. The official website www.easternrailway.gov.in bore a strange look. When opened, the top scroll on the site, which normally consists of official announcements, had unusual notes. The first note read: “Cyber war has been declared on Indian cyberspace by Whackerz-Pakistan (24 Dec-2008).”
The scene became grimmer after the terror attacks on Mumbai on November 26, 2008. The Pakistan Cyber Army hacked into the websites of the Indian Institute of Remote Sensing, the Center for Transportation Research and Management, the Kendriya Vidyalaya of Ratlam a chain of schools run by the Indian Army and the Oil and Natural Gas Corporation of India. The damage took a long time to repair.
Hostile neighbours, or for that matter external enemies can always create havoc by indulging in what is called cyber war. For instance, it is now an open secret Russia launched an unprecedented cyber war against Estonia in May 2007, soon after Estonian authorities began removing a bronze statute depicting a World War II-era Soviet soldier in Tallinn (Capital of Estonia. Though officially Russia denied, the fact was that its cyber attack virtually crippled Estonia’s digital infrastructure by clogging the websites of the President, the Prime Minister, and parliament as well as staggering the country’s biggest bank and the sites of several daily newspapers. In fact, the attack totally destroyed Estonia’s financial system for few weeks.
Fortunately, no hostile neighbour has caused that harm to India as yet, but its companies and financial institutions are really scared of cyber attacks. In 2006, IBM conducted a global survey of more than 3,000 Chief Information Officers or other individuals qualified to answer questions about their company’s IT practices. It included 150 respondents from India. The survey showed that Indian businesses perceived cyber crime (44 per cent) as a greater threat than physical crime (31 per cent) to their business. They believe that one could always damage through cyber attacks telecommunications or rail links, disrupt power supplies and harm other important parts of India’s infrastructure.
Even at the individual level cyber attacks are on the rise in India. According to the Delhi Police, in 2009 email hacking and cheating cases went up by 150 per cent. It is said that Nigerian gangs are very active in India, particularly during festive seasons when massive purchases are transacted online, thanks to the system of credit cards and online bank accounts.
In India cyber crime comes under both the traditional Indian penal code and the Information Technology Act, 2000, which was amended in 2008. And here lies the confusion. Since policing is a matter of the state, and complaints have to be lodged with the local police, it all depends under which law the police register a case; it so happens that for the most part they prefer the age-old penal code.
Local police are not conversant with the intricacies of the nationally legislated IT Act. But once a case is filed under the penal code, the method of investigation must follow certain guidelines that make it extremely difficult to prove most cyber crimes, experts say.
Even under the IT Act, investigations in India are not easy. This is mainly due to the lack of what is called “cyber forensics”. We know that forensic evidence is important in normal criminal investigations. But the collection and presentation of electronic evidence to prove cyber crimes have posed a challenge to investigation and prosecution agencies and the judiciary.
Cyber-related techno-legal acumen and knowledge are not well developed in India. These require a sound working and practical knowledge of information technology as well as relevant legal knowledge. Cyber laws, international telecommunications laws, cyber forensics, digital evidencing and cyber security pose difficult and sometimes hard to understand legal challenges to the courts. This explains why there are almost no convictions of cyber criminals in India. Judges in India must fill in this legal gap.
To sum up, India needs a good combination of laws and technology, in harmony with the laws of other countries and keeping in mind common security standards. In the era of e-governance and e-commerce, the lack of common security standards can create havoc for global trade as well as military matters.
By Prakash Nanda