Cybercrimes should be considered as phone frauds

India is becoming increasingly vulnerable to cybercrimes

To fight increasing cybercrimes, stakeholders call for stringent norms, self-regulation and discretion.

With rapid digitisation and proliferation of mobile data and without proper cybersecurity cells, India is becoming increasingly vulnerable to cybercrimes.

Inaugurating Federation of Indian Chambers of Commerce and Industry (FICCI) conference on Homeland Security-2018, based on the theme ‘Cybercrime Management’, in association with Vivekananda International Foundation, India’s Minister of State for Electronics and Information Technology, S S Ahluwalia cautioned people against indiscreet internet use and asked them to exercise self-regulation.

“They (cybercriminals) will send you a picture of Monalisa and out of curiosity you will download that picture, which has the virus embedded in it. Terrorists are using these pictures to send their messages,” Ahluwalia asserted.  He said that users should be given a basic training on what they should download or share on their devices. “While forwarding (images) also, we are knowingly or unknowingly helping people indulging in cybercrimes,” he added.

Ahluwalia also released the FICCI-EY report on ‘Confronting the new-age cybercriminal: Disrupting the web of crime’, that called for inclusion of cybercrimes as phone frauds.

Treat cybercrimes as phone frauds

The FICCI-EY report said, “An Inter-Ministerial Committee on Phone Frauds (IMCPF18) has been constituted in the Ministry of Home Affairs. This committee needs to be mandated to also include cybercrimes as part of its charter because the distinction between phones and computers has virtually disappeared, with the proliferation of smartphones.”  Constituted in the Ministry of Home Affairs, it is well represented by officials from the Home Ministry, Ministry of IT and Electronics, Department of Financial Services, Department of Telecommunication (DoT), Reserve Bank of India (RBI) and other law-enforcement agencies.

Robust framework needed

India’s National Cybersecurity coordinator Gulshan Rai cautioned how cyber attacks have become very complex and recent European law on data regulation will make it difficult to track the owners of IP (computer system) addresses. “Today hackings are very different. All the recent cybercrimes involve manipulation of several technologies. If you ask me, every case is a case of cyber warfare. As of today, 90 pc cases are cybercrimes, nine pc are targeted attacks and one pc is cyber-terrorism,” Rai said.

Pointing out how systems are required to test new-age technologies, artificial intelligence and machine learning to check if they are performing a function which they have been assigned, Rai asked industry professionals to put their heads together to design a framework and system to test whether the processes were resulting efficient outcomes. According to a data released by a leading security vendor in April 2018, India ranks third in the number of cybercrime incidents encountered, with the United States of America and China on the first and second positions, respectively. It said that technological advancements are making the task of cybercriminals easier.

Encryption and steganography are being leveraged by cybercriminals to thwart the efforts of law- enforcement agencies (LEAs), who are unable to decrypt the information in time to predict and prevent crimes. “Migration to VoIP, Volte and other Over the Top (OTT) services, such as WhatsApp, Viber, and so on, has made the task of intercepting voice calls extremely complex. These calls can only be intercepted with the active support of the respective service providers. Often, servers are located outside the country and make it virtually impossible to monitor voice calls of criminals in real time,” the report said.

Adopt mission approach

Former deputy national security advisor and director at the Vivekananda International Foundation, Arvind Gupta called for greater resources in cybersecurity, which he suggested should be seen as a separate segment from information technology. “Resources will be needed to promote cybersecurity education, certification, training and awareness. This will require government intervention. A time-bound mission approach is needed to address the shortage of cybersecurity professionals,” Gupta said.

Develop predictive policing

Rahul Rishi, partner, advisory services, EY, said that to confront the new-age cybercriminals, a well thought out and effective cybercrime management strategy needs to be devised. If the law-enforcement agencies have to win this battle, there is a need for a paradigm shift in the approach to policing. The focus needs to shift from conventional to contemporary methods, with the right blend of upskilling and upgrading of the three pillars— people, processes and technology. Predictive policing is needed to disrupt the expanding web of crime.