THE FUTURE OF CYBERCRIME AND CYBERTERRORISM

This Article is written by Anju Malik of Department of law, Bhagat Phool Singh Mahila Vishwavidyalya Khanpur Kalan, an intern under legal vidhiya.

ABSTRACT

In this paper we will examine the concept of Cybercrime and cyberterrorism. Every area of human life makes use of computers and networks, and the internet provides equal opportunity for every aspect of human progress. There is an increase in digital crimes such as breaking online agreements, committing online torts and violations, and so forth as internet users become more diverse and the range of online commaunication expands. The advancement of computer technology has repeatedly shown how some individuals and groups within a nation are exploiting it to threaten other nations and their citizens abroad. The concept of Cybercrime and cyberterrorism is developing day by day due to high use of technology. Due to this cyber-Fraud are increasing whole over the world.

KEYWORDS

Cybercrime, Cyberterrorism, Cybersecurity, Cyberwar, Malware, Ransomware, Mens rea, Actus reus.

INTRODUCTION

We are now living in the information boom era as a global community. New telecommunications technologies, which are utilized in nearly every aspect of human activity, are closely correlated to modern civilization. As people’s lives and interactions have irrevocably changed as a result of the growth of information technologies, this development has also revealed a negative side by eroding society’s faith in the unalienable right to privacy protection. Our reliance on the accuracy, safety, and security of the information flowing across international computer networks is growing. In the 1970s, work on the Internet first started. It was available to 143 million users in 1998, and 700 million users were using it in 2001. In Russia, the Internet debuted in August 1990. Although it trails far behind other industrialized foreign nations, the country is enjoying a computer boom, and the Russian Internet already has about 6 million members. The growth of network and information technology has prompted the emergence of so-called cybercrime. The concept of cybercrime has become well-established in reality even though the term is not yet recognized by Russian legislation. Unauthorized access to computer data, the development, use, and dissemination of dangerous computer programs (including through the Internet), disruption, and other actions could fall under the category of cybercrime. The concept of Cybercrime and cyberterrorism is increasing day by day.

CYBERCRIME

Cybercrime is any unlawful activity carried out through a computer or other internet-connected electronic device. Cybercrime can be committed by lone individuals or small groups of persons with little technical expertise as well as by highly organized international criminal organizations with relatively capable developers and specialists.

Most cybercrimes are committed by hackers or cybercrime is a problem that affects both individuals and businesses. use networks or computers to deliver malware, pornographic content, viruses, and other illegal data. Cybercrime is a term that refers to any criminal conduct that takes place online. India had the most number of attacks in July 2020 with 4.5 million, underscoring the importance of spreading awareness about cybercrime. [1] In 1973, the first instance of cybercrime was recorded. A bank teller in New York stole more than two million dollars using a computer. In 1978, the first spam email was sent.

EXAMPLES OF CYBERCRIME

• Stolen Credit Card Information.

The most common form of cybercrime entails the theft of a person’s credit card details, which are then illegally used to purchase or pay for goods or services on the Internet. It has been noted that stolen data is sold on the dark web and used to make unauthorized purchases or withdrawals or to perpetrate identity theft. Credit card data theft can have serious financial repercussions, including lost credit and legal troubles.

• Hacking Into A Government Website.

Modifying confidential government data is a different kind of criminality. Unauthorized entry into a government computer system or network is referred to as hacking into a government website. Exploiting security flaws in the system to obtain access to sensitive data and influence the system for harmful purposes is seen as a very criminal and unethical behavior. Serious repercussions, including fines, jail, and harm to national security, may result from such behavior.

• Loss Of Control And Access To Content.

During the 2017 WannaCry assault, which was allegedly carried out by North Korea, ransomware that encrypted user content was disseminated. Globally, 300,000 computers were affected as the ransomware immediately proliferated. Data recovery from the victims cost hundreds of dollars.

HISTORY OF CYBERCRIME

When early computerized phones started to become a target in the 1970s, the harmful connection to hacking was first noted. Through a set of codes, tech-savvy individuals known as “phreakers” were able to avoid paying for long distance calls. They were the first hackers, discovering how to manipulate hardware and software to rob long distance phone time from the system. People were aware of the vulnerability of computer systems to cybercrime as a result, and that vulnerability increased with system complexity. Travel back in time to 1990, the year that Operation Sundevil, a significant project, was made public. 42 PCs and more than 20,000 floppy disks used by criminals for fraudulent phone and credit card use were seized by FBI officers. Only a few of the suspects were eventually located after two years of searching by more than 100 FBI agents. However, because it demonstrated to hackers that they will be observed and dealt with seriously, it was viewed as a fantastic public relations endeavor. In reaction to concerns to civil liberties that arise when law enforcement errs or engages in pointless actions when looking into a cybercrime, the Electronic Frontier Foundation was established. Their goal was to safeguard and defend customers from unjustified prosecution. Although beneficial, it also provided access to anonymous surfing and hacker flaws, where many criminals engage in their illicit activities. Even with the criminal justice system, crime and cybercrime have grown to be major issues in our society. Both on the open web and the dark web, cybercriminals are very skilled and elusive.

CLASSIFICATION OF CYBERCRIME

Cybercrime are broadly defined into three broad categories. These are:

• Individual
• Property
• Government

INDIVIDUAL

Cybercrime is the act of a single person disseminating unlawful or dangerous content online. Pornographic material distribution, human trafficking, and online stalking are a few examples.

PROPERTY

In the real estate industry, cybercrime includes phishing scams and other attempts to steal personal information, as well as accessing personal bank or credit card information to carry out illicit transactions.

GOVERNMENT

Similarly, hacking into government computer systems or official websites, although not frequent, is still regarded as a serious offense.

TYPES OF CYBERCRIME

Cybercrime comes in many different forms, and some notable examples include email fraud, social media fraud, banking fraud, ransomware assaults, cyber espionage, identity theft, clickjacking, and malware. Let’s look at the methods used to commit these crimes.

• PHISHING AND SCAM

Phishing is a kind of social engineering assault that targets users and connives with them by sending phony messages and emails to obtain sensitive information about the user or by attempting to download malicious software and exploit it on the target machine.

• IDENTITY THEFT

Identity theft happens when a cybercriminal unlawfully utilizes another person’s personal information, such as credit card details or personal photographs, to carry out a fraud or other illegal activity.

• RANSOMWARE ATTACK

Attacks using ransomware are a highly frequent form of online crime. It is a kind of virus that has the power to lock users out of all of their personal information stored on the system by encrypting it and then demanding a ransom to unlock it.

• HACKING/ MISUSING COMPUTER NETWORK

This phrase describes a crime that involves gaining unauthorized access to personal computers or networks and misusing them—either by shutting them down, interfering with the data they contain, or by other illegal methods.

• INTERNET FRAUD

Internet fraud is a sort of cybercrime that involves the use of the internet, and it may be viewed as a catch-all phrase for any crimes that take place online, including spam, banking frauds, service theft, etc.

• CYBER BULLYING

Bullying online or on the internet is another name for it. It comprises distasteful and embarrassing stuff about other people that is sent or shared, which creates shame and may be a trigger for psychological issues. Recently, it has become increasingly widespread, particularly among teenagers.

• CYBER STALKING

Cyberstalking is the practice of targeting other people online with unwelcome, persistent content with the intent to control and intimidate them, such as constant, obtrusive calls and texts.

• CYBER EXTORTION

Cyber extortion is the practice of cybercriminals demanding money in exchange for providing vital data they have stolen or stopping illegal operations like denial-of-service attacks.

• ONLINE DRUG TRAFFICKING

With the rapid development of bitcoin technology, it has become simple to conduct drug trades secretly and securely and transfer money between parties. As a result, there was an increase in online drug marketing. Drugs that are illegal such as cocaine, heroin, or marijuana are frequently trafficked and sold online, especially on the so-called “Dark Web.”

WHO ARE THE CYBER CRIMINAL

A cybercriminal is a person who commits cybercrimes by using his technological expertise for evil deeds and prohibited behavior. They could be single people or groups.

The so-called “Dark Web,” where cybercriminals mostly offer their unlawful services or goods, is very accessible. A “white hat hacker” Is someone who uses hacking to identify vulnerabilities to report and address them, therefore not all hackers are cybercriminals. Hacking is not a crime in terms of itself. However, when hacking is done with the intention of carrying out any damaging acts, it is regarded a cybercrime, and we refer to this person as a “black hat hacker” or a cybercriminal. Since not all cybercrimes include hacking, cybercriminals do not necessarily need to be skilled hackers. Cybercriminals include those who engage in unlawful online content, con artists, and even drug dealers. Here are some instances of online criminals:

• Online Stalkers
•  stalkers
• Online terrorism
• Fraudsters

It would be more accurate to refer to cybercriminals who carry out targeted attacks as Threat Actors.

DOCTRINE OF ACTUS REUS AND MENS REA IN CYBERCRIME

Mens Rea and Actus Reus are the two most crucial components of crime in terms of Traditional Crime. Actus Reus denotes “such result of human conduct as the law seeks to prevent”. For there to be a crime, there must be a commission or omission. In legal parlance, “A guilty state of mind” is referred to as mens rea. The mental component is the second crucial element in crime. The act itself doesn’t change, but the mental state renders it “reus,” making it unlawful. Nearly all crimes must be proven to have a mental component. It is extremely challenging to ascertain the mens rea in cybercrimes. One should examine the mental health of those who commit cybercrimes. It Is more challenging to prove that a hacker exceeded his bounds and was even aware that he was doing so when he already had limited authority, like in the Instance of an employee of a firm. Actus Given that many cybercrimes are performed in intangible environments, reusability has become a problem. Although it becomes a monumental challenge for the law enforcement apparatus to prove it in court because it must be in physical form or at least in a form where it is acceptable as evidence, the criminal may leave some footprints in the machine itself.

CYBERTERRORISM

Researchers Jordan Plotnek and Jill Slay describe cyber terrorism as an intentional attack or the threat of an attack by nonstate actors with the goal of inflicting physical, psychological, political, economic, ecological, or other harm through the use of cyberspace. Cybercriminals want to spread terror or force governmental or nongovernmental organizations to take actions that advance their own social, economical, or ideological goals.

Six components make up a taxonomy of cyber terrorism:

• An actor or players with the three distinct characteristics of covert, terrorist, and nonstate

a purpose, which could be political, ideological, societal, or economic.

• An intention to modify something, bring about a change, further objectives, or interfere with something.
• The technique for carrying out the act, which entails using a computer and network to enter cyberspace and cross international boundaries while committing cybercrimes such as cyberattacks and threats of attacks.
• An outcome, most frequently involving violence, service interruptions, bodily harm, emotional effects, economic harm, or data leaks

Information and communication technology (ICT), data sources, government entities, nongovernmental organizations, or physical infrastructure are popular targets.

EXAMPLE OF CYBERTERRORISM

• Virus introduction into open data networks.
• Servers have been hacked to stop connectivity and steal private data.
• Defacing websites and blocking public access, resulting in inconvenience and financial losses.
• Compromising communication systems to intercept or block communications and issue terror threats online.
• Terrorism-related attacks on financial institutions with the goal of transferring money.

HISTORY OF CYBERTERRORISM

According to Small Wars Journal, Barry C. Collin, a research fellow at the Institute for Security and Intelligence, first used the term “cyber terror” in the 1980s. Collin coined the phrase as “the convergence of cybernetics and terrorism”; the main objective of cyber-terrorist assaults has always been to sow fear and mass panic.

The Morris Worm, developed in 1988 by Cornell University student Robert Tappan Morris, was the first computer worm to be distributed via the internet, according to the tech website ARN. Although the worm wasn’t meant to be dangerous, a programming error turned it into a virus that quickly spread and eventually infected around 6,000 machines. Damage from the Morris Worm is thought to have reached $100 million. Soon after, terrorists started using harmful software, like worms, to advance their political, social, and economic objectives. These are some of the earliest instances of cyberterrorism known to exist:

• The FBI claims that the Melissa virus “began spreading like wildfire” on the internet in March 1999. Melissa used the Microsoft Outlook email client and Word processor to send messages to the top 50 contacts on the victim’s contact list. David Lee Smith invented the virus, which was meant to wreck havoc rather than bring in money. About 1 million email accounts were momentarily inaccessible due to Melissa’s damage to email infrastructure at hundreds of businesses around the world.
• In May 2007, after the government withdrew several Russian World War II artifacts from the city of Tallinn, commercial companies and government institutions in Estonia became the focus of extensive, protracted cyberattacks. The largest bank in Estonia shut down as a result of the distributed denial-of-service (DDOS) assaults, causing around $1 million in damage. Analysts believe the Russian Federation helped finance the attacks, though Russia disputes, although Russian deny.
• In August 2013, the Syrian Electronic Army, a hacker collective, infiltrated the Melbourne IT network, an Australian ISP that controls business domain names, and took control of the New York Times, Huffington Post, and Twitter websites. The Washington Post, CNN, and Time websites had previously been targeted by the gang. Retaliation for criticism of Syrian President Bashar al-Assad served as the driving force for the strike.
• In May 2017, Microsoft Windows systems were hit by the WannaCry ransomware assault, which demanded victims pay $300 in Bitcoin (later escalated to $600) in order to regain access to their computer files. Microsoft had released a fix for the vulnerability used by WannaCry months before to the attack, but many customers had not upgraded their systems to provide protection. Even after paying the ransom, victims were unable to retrieve their files due to a bug in the virus’s programming.

WORKING OF CYBERTERRORISM

The following are the methods used by cyberterrorism attacks:

• They use computer viruses, worms, spyware, and Trojans to target web servers and IT service stations. They want to attack military utilities, air force stations, power supply stations to disrupt all the services.
• [2] They use a Denial-of-Service attack where the original verified user cannot access the services for which he is authorized. This creates a sense of fear among the people for important essential services like medical emergencies.
• They attack web servers and IT service centers with computer worms, viruses, spyware, and Trojans. To stop all services, they seek to assault military infrastructure, air force bases, and power plants.
• The initial verified user is prevented from accessing the services for which he is permitted thanks to a Denial-of-Service attack. People start to fear using vital services like medical emergencies as a result of this.
• Through hacking and information theft, these attacks assist online criminals in gaining illegal access to the victim’s computer.
• By demanding a ransom payment from the victim and leaking the users’ private information if they don’t receive it, ransomware aids in keeping data and information secure.
• They mostly target users using phishing-based approaches to steal their information and reveal their identities to everyone by sending them infected spam emails.
• The APT (Advanced Persistent Threat) attack is the most common type of cyberterrorism. To breach massive computer networks, such as those in an organization, they employ sophisticated penetrating network models. They blend into the organization’s network to avoid detection before stealing data on weapons systems, national defense information, etc.

ATTACKS

The following are the typical methods used in cyberterrorism attacks:

• UNAUTHORISED ACCESS

Attackers want to disable and harm all access points to the service.  Instead, the hacker is able to access the vital resources without authorization.

• DISRUPTION

In order to spread anxiety throughout society about widespread fatalities and unrest, these attacks concentrate on interfering with essential infrastructure resources and public websites.

• CYBERSPOINAGE

To get an advantage over other nations in terms of military intelligence, the government typically conducts certain spyware operations on other governments of other countries related to military equipment.

• ECONOMIC FAILURE

Cybercriminals want all technical system failures to result in a significant economic collapse, such as shutting down the water or electricity for several days to produce a panic about these services in society.

PREVENTION AGAINST CYBERTERRORISM

Instances of cyberterrorism can be avoided in the following ways:

• All cybercriminal activity must be regulated by the government, and its violations must be subject to tougher laws. To combat cyber risks, they must devote greater resources.
• The general public needs to be better educated about these actions. This will contribute to the reduction of vulnerabilities used by thieves to target user data. It gives the populace the ability to defend themselves against these spyware and phishing attempts.
• We must utilize VPNs to enable us to use secure networks that are hard for hackers to break into.
• Use passwords that contain a strong mixture of alphabets, strings, and digits. Additionally, features like two-factor authentication are crucial in this situation.
• Avoid clicking on unfamiliar links, URLs, websites, or spam emails since they can include malicious files that could compromise the entire computer system.

BIGGEST CYBERATTACK IN HISTORY

We can always learn from the past, therefore let’s examine some of the most significant cyberattacks in history:

• THE MELLISA VIRUS

In 1999, programmer David Lee Smith created the Melissa Virus, one of the first and most dangerous cyber threats. He emailed recipients a file to open using Microsoft Word that was infected. After being opened, the virus started to work and severely damaged hundreds of businesses, including Microsoft. [3] The anticipated cost of fixing the damaged systems was $80 million.

• NASA CYBER ATTACK

James Jonathan, a 15-year-old hacker, took down NASA’s computers in 1999 for 21 days. During the attack, there were about 1.7 million software downloads, and the space giant had to spend $41,000 on fixes.

• THE 2007 ESTONIA CYBER ATTACK

[4] In April 2007, Estonia witnessed what is thought to be the first cyber attack on an entire county. Chiefly, it saw around 58 Estonian websites go offline, including government, bank and media websites.

• ADOBE CYBER ATTACK

At first, it was believed that the Adobe cyberattack had compromised the data of 2.9 million people. Additionally, it exposed the private information of as many as 38 million people! The remaining 35.1 million users lost their passwords and user IDs, notwithstanding Adobe’s claims that just the first 2.9 million users’ passwords and credit card details were stolen.

• 2014 CYBER ATTACK ON YAHOO

One of the greatest cyberattacks of 2014 targeted Yahoo, resulting in the breach of 500 million accounts. Basic information and passwords were taken during the hack, but bank information was not.

• UKRAINE POWER GRID

The first cyberattack on a power grid occurred in 2015 when the Ukrainian power infrastructure was attacked. In the Ivano-Frankivsk region of the Ukraine, approximately half of the residences experienced a brief power outage as a result of the attack.

• A CYBER ATTACK ON MARRIOTT HOTEL

For years, a cyberattack on the Marriott and Starwood hotel chain remained undiscovered; it was only discovered in 2018.  Thus, an estimated 339 million visitors’ data had already been compromised by the time they learned about the assault. As a result, the Marriott Hotels were penalized 18.4 million pounds by the UK’s data protection agency.

RECENT CASE LAW ON CYBER ATTACK

“THE BANK NSP CASE”

A management trainee at the bank was engaged to be married in one of the most prominent cybercrime instances, the Bank NSP case. Using the business computers, the pair sent and received numerous emails. Following their breakup, the girl created phony email accounts like “indianbarassociations” and started sending emails to the boy’s international clientele. She accomplished this using the bank’s computer. The boy’s business suffered a significant loss of clientele and sued the bank. The emails sent utilizing the bank’s technology were held accountable by the bank.

“ANDHRA PRADESH TAX CASE”

After department officers obtained computers used by the accused in one of the many cyber fraud cases in India, dubious techniques of a well-known businessman from Andhra Pradesh were made public. The proprietor of a plastics company was detained, and investigators from the Vigilance Department found Rs 22 crore in cash inside his home. Within ten days, they demanded an explanation from him regarding the unaccounted funds.

The accused assumed his offense would go unnoticed until he supplied 6,000 vouchers to demonstrate the authenticity of the deal. However, following careful examination of the vouchers and the information on his computers, it became clear that every single one of them was created after the raids were carried out. Later it emerged that the accused was in charge of five different companies, fabricated computerized vouchers to display sales records and avoid paying taxes.

“CYBER ATTACK ON COSMOS BANK”

A very innovative cyberattack in August 2018 resulted in the loss of Rs 94 crores at the Cosmos Bank branch in Pune. The thieves were able to move the money to a bank in Hong Kong by breaking into the primary server. Additionally, the hackers broke into the ATM server to obtain information on numerous VISA and Rupay debit cards. As a result of the attack on the switching system, which serves as the connection between the centralized system and the payment gateway, neither the bank nor the account holders were alerted to the movement of funds. [5] According to the global case study on cybercrime, 450 cards were used in 14,000 transactions that took place across 28 countries. 400 cards were used in 2,800 transactions around the country. This was the first malware attack of its sort to completely halt connection between the bank and the payment gateway.

CONCLUSION

The security of both persons and countries is seriously threatened by the threat of cyberterrorism, which has grown considerably in recent years on a global scale. Effective technological growth has increased people’s reliance on computer networks, making them more susceptible to cyberterrorism. In nutshell, cyberterrorism poses a major risk that might have a significant impact on specific people, groups, or even entire countries. It is crucial that people, businesses, and governments take preventative measures to defend against cyberattacks and are ready to respond in the case of one.

REFERENCES

[1]https://medium.com/@omkar.pawar19/cybercrimes-and-prevention-techniques-7815ebafd83e?source=rss——-1

[2]https://www.geeksforgeeks.org/what-is-cyber-terrorism/

[3]https://digitaldefynd.com/IQ/famous-cyber-attacks/

[4]https://clearinsurance.com.au/10-biggest-cyber-attacks-in-history/

[5] https://sanjinar3.wordpress.com/