Various research studies conducted by global players Price Waterhouse Coopers, Ernst & Young, etc. have shown that the world is battling with cyber crime. Cyber crime is a matter of grave concern for entire world because a criminal can executive crime without even entering the actually scene of the crime. The severity and complexity of the crime can be judged from the fact that millions of people can be targeted across the globe within few hours and these crime get untracked in initial stage unless its magnitude become big. To tackle cyber crime not only well equipped machinery is required but also well informed people are needed to tackle the check the issue in bud.
With Digitalization and spread of smart phones to every corner of the world cyber crime is becoming a rampant feature. Cyber Crime has become serious threat to the safety of society because with minimums effort cyber criminal can cause lethal damage to the individual targets. India has relatively less digital immaturity which is making India susceptible to a growing, and increasingly diverse barrage of cyber attacks. According to global professional services firm EY, India accounts for 3% of the total systems across the world that have been infiltrated and are controlled by criminals.
Regarding Cybercrime most of the world is ill-equipped to tackle. By its very nature, the proliferating phenomenon is unpredictable, often untraceable, and has unlimited reach in that a hacker in one corner of the globe can break into a system at the other end.
The modus operands of the criminals are very efficient. They all are well educated and intelligent people not like local goons. This aspect makes it more challenging for the authorities to deal with them because they are always one step ahead. Internet is become necessity as all over the world we are moving to live in virtual world where all day to day activities are closely connected with internet and online storage of data. As internet is becoming indispensable so is cyber crime is growing threat to our life. Cyber criminal can inflict unrepairable damage to financial status of organization and individual",
B) Objective of the Study:
1. To study methods adopted by cyber criminals.
2. To study investigation procedure in cracking cyber crime.
3. To suggest measures of precaution.
C) Method of Study
This research is based on the secondary data collected from new papers and statistics and reports published on National Crime Records Bureau (NCRB) web site
1) To study methods adopted by criminals:
a) Cloning of Card - Hackers managed to siphon off over Rs 94 crores through a malware attack on the server of Pune based Cosmos Bank and cloning thousands of the bank's debit cards over a period of two days. Malware attack was on the switch, which is operative for payment gateways of Visa and Rupay debit cards. While cloning the cards and using a "parallel" or proxy switch system, the hackers self-approved the transactions and withdrew over Rs 80.5 crores.
b) SIM Card Swap - In a SIM card swap fraud case, a city-based textile merchant lost at least Rs. 1.86 crores, which was illegally transferred from his account by unidentified persons, where he got access to unique SIM card and initiated the SIM Swap by cloning the SIM.
c) Misappropriating Fund using SWIFT - In raising funds and moving money out of Punjab National Bank, the two employees of the state-owned lender directly used SWIFTNSE the global financial messaging service used to move millions of dollars across borders every hour and bypassed the Core Banking System (CBS) which processes daily banking transactions and posts updates.
d) Fraud SMS - Through SMS spoofing malware fraudsters accessed their bank generated One Time Passwords (OTPs) and swindled lakhs of rupees. They sent MazarBOT, a malware as an SMS link to the victim to gain information.
e) SMS and IT Fraud – Under this type of fraud fraudsters sent messages telling the victims that their income tax refund has been approved followed by a wrong bank account number. Messages asked the person to check if the account number is correct and if not then visit the link in the message to rectify it. The account numbers were wrong in all the cases and therefore many victims end up click on the website link. Clicking on the link opened a website similar to the I-T department. They were then asked to enter login ID and password which can be created on the actual I-T department website. In the next step it asks the victims to enter their bank account details which can be easily accessed by these cyber criminals."Using the same details, fraudsters called up unsuspecting citizens posing as I-T officials and cheated them out of money by convincing them that there have been 'irregularities' in their I-T returns and they need to pay fines.
f) ATM System Hacked in Kolkata - In July 2018 fraudsters hacked into Canara Bank ATM servers and wiped off almost 20 crores rupees from different bank accounts. The number of victims were over 50 and it was believed that they were holding the account details of more than 300 ATM users across India. The hackers used skimming devices on ATMs to steal the information of debit card holders and made a minimum transaction of INR 10",000 and the maximum of INR 40",000 per account.
g) Websites Hacked - : Over 22",000 websites were hacked between the months of April 2017 and January 2018. As per the information presented by the Indian Computer Emergency Response Team, over 493 websites were affected by malware propagation including 114 websites run by the government. The attacks were intended to gather information about the services and details of the users in their network to commit financial crime.
2) To study them procedure used during investigation:
a) Finding the Internet Protocol (IP) Addresses is first step in the investigation. An IP address consists of numbers and letter, and that series is attached to any data moving through the internet.
b) ISPs are based on subscriptions to the companies. These companies have records of everything their subscriber’s do while on the internet. The timeframe that ISPs retain data from subscribers varies, therefore the investigation must move quickly.
c) Gathering information By checking web cameras, wire taps etc., sometimes the evidence is collected from the hacker’s computers also.
d) Tracking of email account from where is email was received by the victim which asked the personal information about the victim.
e) If possible, place the device in a faraday bag prior to turning on and examining the device. If a faraday bag is not accessible, turn the device into airplane mode, this will prevent any reception or remote communication.
f) A copy of the original data is needed prior to investigating its contents. Having a copy of the original data prevents the contamination of the evidence. Cell phone and other wireless devices should be examined in an isolated environment where it cannot connect to networks, internet, or other systems.
g) Immediately block all access to bank account and other details
3) Methods that can adopted as precaution:
a) Enhancement of the security features in ATM and ATM monitoring systems can prevent any misuse of data.
b) Another way to prevent the fraudulent activity is to minimize the risk of skimming by using lockbox services to receive and transfer money safely.
c) Using a more secure firewall for network and server which can block any unauthorized access from outside the network is perhaps the best idea.
d) Personal information of individuals is critical for users and cannot be allowed to be taped into by criminals. Thus, monitoring and introducing a proper network including a firewall and security system may help in minimizing the risk of getting hacked.
e) You should keep your computer current with the latest patches and updates. One of the best ways to keep attackers away from your computer is to apply patches and other software fixes when they become available. By regularly updating your computer, you block attackers from being able to take advantage of software flaws (vulnerabilities) that they could otherwise use to break into your system.
f) Not responding to any suspected massages.
g) Keep your Phone, Cards and other crucial detail in complete security.
h) One should use the different password and username combinations for different accounts and resist the temptation to write them down.
i) Be sure that you keep your social networking profiles (Facebook, Twitter, YouTube, etc.) private. Be sure to check your security settings. Be careful of what information you post online. Once it is on the Internet it is there forever.
j) Cyber cell should be there in all the comer of the country with trained staff and well equipped lab.
k) Strengthen frame work of law to incorporate all types of cyber crimes in detail.
Cyber Crime and Criminal in cyber space are taking advantage of loopholes in the system. They are also finding easy targets in people who are not careful with their sensitive information. Apart from that even educated people do not have a habit of cross checking any massage or mail before replying it. Cyber Crime is thriving not only on weak laws but also on sloppy people. When we are planning out strategies to fight with complex issues, we must keep in mind that first and most crucial step in this direction will be to make up to date people who would be cautious while handling their data and information. If we will learn that first step definitely we will win war against cyber criminal.