The Cyber Virus Pandemic
Since the beginning of the century, the internet and its access have evolved from being a luxury to a necessity. Even how the internet can be used, has grown exponentially. Internet connectivity has become an integral part of our daily lives perhaps, even more so during the coronavirus lockdown. As governments worldwide impose a mandatory lockdown, in a bid to curb the spread of the virus, human social life is the one which has come to an abrupt halt. With people being confined to their houses, the only means of sustaining that social life is through social media and internet connectivity. As the lockdown continues, so does our reliance on the internet for activities like working from home, paying bills, or even casually browsing social media. However, as the human populace spends more and more time on the internet, wary of the virus outside, it disregards another virus, one which is capable of much more devastation and whose “symptoms” are far more clandestine than the coronavirus itself. A virus is much more digital in nature; the cyber virus.
While instances of cybercrimes were reported even before the coronavirus pandemic, the frequency of these attacks has increased immensely since the lockdown, with the United Nations reporting a 600% increase in cybercrimes and malicious emails[i], targeting mostly healthcare and medical sectors. Even India fell victim to cybercrime with the Home Ministry reporting an 86% increase in cybercrime during the months of March and April[ii]. In the month of June, the National Highway Authority of India (NHAI) suffered a cyberattack on one of its email servers due to which, as a precautionary measure, the server had to be shut down[iii]. Similar attacks were also reportedly targeting the government’s websites and banking systems, fake emails asking to contribute to the “PM Cares Fund” and offering discounted services to online streaming platforms. In one incident an individual even tried to sell the Statue of Unity. All these instances culminate towards the fact that India’s digital privacy is at severe risk and as the lockdown continues, the vulnerability will only increase.
Since the internet is a virtually limitless and intangible entity, always on the verge of expansion, it becomes extremely difficult to establish one particular definition of cybercrime, hence the term cybercrime is not defined in any act or statute. According to the Cambridge dictionary, the word “cyber” means anything relates to computers, internet, or virtual reality[iv], therefore cybercrime can be defined as offenses relating to the computers, internet, or virtual reality. However, due to the constantly expanding cyberspace, this definition is neither exhaustive nor complete. While cybercrime can range anywhere from hacking emails, breach of data privacy, to cyberstalking and cyber terrorism, the ones that have become increasingly prevalent amidst the lockdown can be divided into two categories.[v]
Cybercrime on Individual or Group
Phishing: It is an act of sending emails to various people, fraudulently claiming an offer to scam them intending to obtain their personal information such as credit card details and passwords. Phishing is usually targeted to large groups pf people among whom some fall victim to the scams.
Unauthorized access or Hacking: The unlawful intrusion into any person’s computer system or network without his permission, to obtain his data is known as hacking. These acts usually involve recording audios, breach of privacy, and confidentiality by stealing images, videos, or other personal data of the victim.
Cyberstalking: It involves repeated acts of harassment or threatening behavior targeted towards the victim with the use of internet services. Cyberstalkers obtain the personal information of the victim and disseminate them over the sex-services website which leads to them getting harassing calls or emails.
Sextortion and Child Pornography: Probably one of the more disgusting ways of cybercrime, sextortion involves threats of releasing intimate information or sexually exploitative content of the victim unless they deposit a certain sum of money to the perpetrator. Child pornography is a severe violation of human rights which involves the distribution of images showing exploitation or sexual abuse of a child. Sextortion has seen the largest surge among cyber crime being committed during the lockdown, with the National Commission for women reporting a 45% increase.[vi]
Cybercrime on Corporations
Denial of Service Attacks: Denial of service or DDoS attacks flood the user's network or email with spam email to cause traffic in the user's server, thereby crashing it and rendering the user unable to access or provide services. These types of attacks are fairly common on government websites.
Cyberterrorism: As the name suggests cyberterrorism involves activities designed to strike fear and spread terror. Cyber-terrorists attack military installations, police sectors, banks, air traffic controls, etc. all while being anonymous and away from the action. The pandemic has seen a surge in cyberterrorism attacks on the health and welfare sectors.
CYBER PROTECTION IN INDIA
Data protection and cyber law in India are primarily governed by the Information Technology Act, 2000 (IT Act), with some crimes being punishable under the Indian Penal Code (IPC) as well. The IT Act mainly deals with data protection and punishments on breach of data privacy. Moreover, the landmark judgment of Justice K.S.Puttaswamy vs. Union of India[vii] a nine-judge bench concluded that the right to privacy is a fundamental right, with the current Chief Justice Bobde stating that consent is essential for the distribution of personal data.
Cybercrime under the IT Act is dealt from Section 43 to 47 and section 65 to 77B, which describes the penalties, compensations, and power of adjudication for monitoring and tracking cybercrimes. Although the IT Act penalized a lot of cybercrime, it wasn’t until the 2008 amendment that it designated provisions for specific cybercrimes, some of which are[viii] –
Section 65 – It states that any person who intentionally hides, destroys or alters any computer itself, or a computer program, network or system shall be punished with imprisonment up to three years, or with fine up to two lakh rupees, or with both.
Section 66 – This section is divided into six parts which designate punishment on matters related to hacking computer systems and data alteration including punishments for sending offensive messages, identity theft, violation of privacy, etc.
Section 66F – It defines cyber terrorism as any activity which threatens the Unity, integrity, security or sovereignty of India or tries to strike terror in the hearts of the people. The punishment for this is imprisonment for life.
Section 67 – This section deals with the punishment for publishing or circulating obscene materials or pornographic content, digitally. Section 67B deals with punishment for publishing or circulating child pornography and may attract imprisonment of either description for a term which may extend to seven years and also with fine which may extend to ten lakh rupees.
Section 72 [ix] – It defines Breach of Confidentiality and Privacy, according to which any person who has access to any electronic record, books, document or the like disseminates it, without the consent of the person concerned shall be punished with imprisonment of up to two years or a fine of one lakh rupees or both.
As the lockdown continues, cybercriminals become bolder and behind a digital curtain, in the comfort of their homes, wreak havoc upon the society. With advancements in cyberspace happening every day, it is up to us to maintain the same level of cyber hygiene that we maintain with the coronavirus. It includes setting up firewalls, installing reputable anti-viruses and malware protections, regular software updates, stronger passwords, and setting up of special cyber courts to deal with cybercrimes. Even the Information Technology Act needs to be updated regularly to hold up to viruses and malware in the current day and age.
Moreover, all the offenses made bail-able under the 2008 amendment should also be reverted to a non-bailable status. With people having shifted towards the internet to go about their daily lives amidst the lockdown, their increasing digital presence has become a playground for cybercriminals to exploit it and the lockdown has only seen a surge in these instances of cyber crimes which have manifested themselves in various forms ranging from attacking individuals to targeting huge corporations and just like the coronavirus lockdown, cybercriminals show no signs of slowing down either.
[i] Edith M. Lederer, Top UN official warns malicious emails on rise in pandemic, The Associated press, (13 June 2020, 11:17 AM), https://apnews.com/c7e7fc7e582351f8f55293d0bf21d7fb.
[ii] Abhirup Roy, Nupur Anand, Scammers try selling world's tallest statue as pandemic boosts India's cybercrime, Reuters, (13 June 2020, 12:05 PM), https://www.reuters.com/article/us-health-coronavirus-india-fraud/scammers-try-selling-worlds-tallest-statue-as-pandemic-boosts-indias-cyber-crime-idUSKBN21P0KH
[iii] Pradeep Thakur & Dipak K Dash, NHAI was hit by ransomware attack, suffered loss of data, TNN, (13 June 2020, 1:21 PM), https://timesofindia.indiatimes.com/india/nhai-was-hit-by-ransomware-attack-suffered-loss-of-data/articleshow/76760994.cms.
[iv] Cyber, Cambridge dictionary, https://dictionary.cambridge.org/dictionary/english/cyber.
[v] Learn about Cybercrime, Ministry of Home Affairs, https://cybercrime.gov.in/Webform/CrimeCatDes.aspx.
[vi] Nature-Wise Report of the Complaints Received by NCW in the Year: 2020, National commission for Women, http://ncwapps.nic.in/frmReportNature.aspx?Year=2020.
[vii] (2019) 1 SCC 1.
[viii] Information Technology Act, Act No. 21 of 2000, §§ 65-67, (2000).
[ix] Information Technology Act, Act No. 21 of 2000, §§ 72, (2000).
ABOUT THE AUTHOR
This blog has been authored by Varnik Kundaliya who is a 3rd Year B.B.A., LL.B. (Hons.) student at Chanakya National Law University, Patna.
[PUBLICATION NO. TLG_BLOG_20_4504]