Flipside of Digital India

Hydra-Headed Cyber Crimes

Bibekananda Ray

Even a decade ago, 'cyber crimes' were Greek to most people in India; they are now household words, meaning a novel kind of crimes. Not everybody may be a victim but sensational reports on cyber frauds and crimes abound in the media, claiming new victims. In July this year, a retired government officer was defrauded of one lakh rupees by a cyber gang, posing as the editor of an English weekly to which he contributed and whom he treated with love and respect. While working on his computer on a July night, he got an e-mail from the gang, posing as the editor that he was in Nepal and that a cousin needed an urgent life-saving operation for leukaemia, to whom he was unable to send money. In several mails thereafter, the gang requested for transfer of a loan of one lakh rupees online to a branch of a nationalised bank, which he would repay as soon as returned to Kolkata within 3-4 days. The officer agreed to lend 50,000 rupees and next day, transferred the amount to a bank account in a north-eastern State. The same night, thanking him, the gang requested him for a further loan for the operation to begin. The officer became suspicious and tried to contact the editor but as his office was closed and he had lost his mobile phone number, he demanded some proof of identity; in a jiffy, came the editor's (cooked up) passport data which looked genuine. Being thus assured, next day, he transferred 50 thousand rupees more to a branch of an international bank near Mumbai. The gang thanked him profusely and gave the name and the location of a US bank which would repay the loan. As the banker's statements were contradictory, the officer mailed the editor's assistant to ascertain his whereabouts; he instantly replied that the editor had not gone out anywhere and that the weekly's e-mail id had been hacked. Though shaken, the officer swung into action. He filed a FIR in local police station, informed his two banks about the frauds, wrote to the remote bank branches, police heads, the RBI Ombudsman, the Director of the IB of Government of India and finally to the Union Home Minister. No action has been reported to him except from the police of the Maharashtra town that the transferee's account has been sealed.

His is not a solitary case; cyber frauds abound in countries where computers are in use. In metropolitan cities in India, bank ATM users often get phone-calls from cyber gangs, posing as bank officials, alarming them of some problems in their accounts or ATM cards and requesting them to part with account and ATM card numbers and PINs etc. for fixing them. Naïve users walk into the traps, trusting the phone-callers to be genuine, share their secret data and are immediately defrauded of their bank balances. An elderly professor returning home from Bangalore was offered free tea in a morning local train with few passengers, which put him to asleep; the rogues, meanwhile, stole his purse, ATM card (with PIN in an attached slip); he awoke in a distant station, returned home but found to his dismay, the next day, his depleted bank balance. Some time back, such ATM frauds were reported from a nationalised bank in Gariahat in south Kolkata, committed by some Romanians, using a tiny machine (skimmer) fixed on ATM keyboards that records users' data; the hacker of the English weekly's e-mail id is said to be a Nigerian Muslim, having a/c in a nationalised bank. Many frauds are not reported by victims to the media or the police, fearing reprisal by hackers, or like the defrauded officer, just to conceal it from dear ones who could fall ill, hearing of them. Some years ago, Pentagon admitted sensational theft of their top secret US defence data by hackers, to dismay of Washington. In India, the ubiquitous social media, Facebook CEO admitted theft of data of some 87 million account-holders, given in posts by them by Cambridge Analytica who may use them for unethical purposes. It is a British political consulting firm, noted for data mining, data brokerage and data analysis with strategic communication during polls. It has offices in London, New York City, and Washington, DC and in 2016 is said to have worked for Donald Trump's presidential campaign. The first commercial scientific computer, the '701', was marketed by the IBM in 1953; the first computer virus was 'Creeper', detected on ARPANET, the forerunner of today's Internet, in the early 1970s. In nearly 50 years since, computer viruses have proliferated like the Greek mythical water-monster, Hydra; the more its heads were cut, the more they grew.

Historically, invention and spread of computer virus was the first cyber crime. It is a malicious software that modifies and infects other computer programmes. Virus writers know security weaknesses and inject a variety of software to infect new hosts, to seek ransom, send a political message, for amusement, sabotage, or simply to discover cyber security issues, artificial life and evolutionary algorithms, causing enormous financial losses, system failures, waste of computer resources, corruption of data and pushing up maintenance costs etc. As these viruses have been somewhat neutralised by various anti-virus software, cyber crimes have taken new forms. The latest in the series are the deadly online and video horror game like the 'Momo' that goads players, step by step, to even commit suicide in their climaxes.

 Computer fraud is one of the many it becomes a fertile ground for cyber frauds. When in November-December 2016, demonetisation made cash withdrawal from banks tardy and difficult, Prime Minister Modi preached the virtues of cashless economy, of using credit & debit cards for financial transactions. It is then that potential cyber gangs came to know bank users and the vulnerabilities of naïve ATM card users—their account numbers, card numbers, PINs etc. and their difficulties of visiting banks, post offices and ATM kiosks. Clandestine cyber gangs are these days active in every big city and in last 10 months struck in eight cities—Hyderabad and Pune in December 2017, Mumbai in February, Jaipur in March, Delhi in May, Kolkata and Goa, in July again Kolkata and Chandigarh in August- all this year.

The mushrooming types of cyber frauds have panicked common bank and ATM users. Apart from duping by skimmer keyboards and card-readers, defrauding by outdated computer operating systems (like Windows XP), phising, session hijack, Trojan Horse-type virus attack, 'waterhole' attack, bogus WAP, eavesdropping, denial of service (DOS), exploitation of Aadhaar numbers, Android mobile phones etc.

One cannot go back in a time machine, howsoever one may dislike the relentless advance of technology, it will sweep the society much more. Cyber frauds are committed through banks and their ATMs; one can't imagine a bankless milieu. As digitisation engulfs the economy and every shop and utility services accepts card payments and every payment is made through cyber platforms like the Paytm, people will cease to transact through cheques and drafts and be more vulnerable to cyber frauds.

Digitisation is sweeping India under corporate and State encouragement and incentives but on its flipside are the proliferating cyber crimes and frauds. Computerisation, delayed by the Left parties in West Bengal for some years, got a boost in Rajiv Gandhi's regime and advanced in its own global momentum; willy-nilly, it will go further in years to come. India's youngsters are savvy with it and careers are opening to its learners. Computer and Information Technology studies are such a craze, these days, making the study of the humanities passé. Cyber crimes need no geographical location and can be committed in any country from any other country. Therefore, they cannot be fought, far less stemmed, by a single country; an intelligent united global onslaught is needed. The world community seems yet unaware of its menacing dimensions; no bilateral or multilateral that India took part in has discussed it and took steps to curb it. Cyber wings have been created in Kolkata and State police but their success is negligible. The UN in its next General Assembly session should include it in its agenda and enable member countries discuss and rein in its spread.

Vol. 51, No.18, Nov 4 - 10, 2018