Cloned: The rising cases of cyber crimes in India

Twenty years ago, when a team of researchers announced the birth of “Dolly the sheep”, the first biologically cloned mammal, cloning was a word found only in the dictionary.

Dolly had a short life — six years, from 1997-2003. She is currently housed in the National Museum of Edinburgh as a testament to Scotland’s scientific achievements.

But what lingered on was cloning, which has since crossed its biological boundaries to step into the virtual world under a new name — cyber theft.

The World Wide Web has come a long way since it was opened up to the public 25 years ago. However, somewhere, it is still in its infancy. With the introduction of new technologies, innovation has outpaced security.

Facebook, Twitter and other social media and chat applications are the biggest phishing grounds. In most cases, your profile picture and publicly available information is stolen, and used later to hack financial data, morph pictures to distribute pornographic content, and to carry out terrorism activities.

Delhi-based homemaker Tavishi Trivedi is one such victim of a Facebook scam. Her profile pictures were copied and used to create a cloned account to befriend people. “I do not know who did this and for what purpose, but I warned all my friends about the cloned account,” says Trivedi.

For Sangita Sen, a private tutor in Ranchi, a fake Facebook account of a dear friend based in the UK cost her ₹7,00,000. The fake profile chatted with Sen for over a month, before sending her a box of valuables, for which Sen had to pay taxes and courier fees. Soon enough, Sen started getting calls from a fake RBI official in Hyderabad. She transferred the money to him.

In 2012, the world’s largest social networking company, Facebook, revealed around 83 million fake profiles. Eventually, it put in place the real-name policy, which doesn’t allow anyone to create a profile without revealing real names and identities.

But still, the cloned profiles are growing, making India one of the top destinations for cyber attacks, according to the National Investigation Agency (NIA). “Every sixth social media user in India is a victim of online fraud, and 16% of online frauds are social media scams,” says Alok Mittal, inspector general at NIA.

According to data from the Reserve Bank of India (RBI), 11,997 cases related to ATM, credit and debit cards as well as Net banking frauds were reported by banks in 2015-16. If one takes into account the number of unreported cases as well, the actual numbers will be quite higher.

Cyber crimes, including phishing, scanning and malicious code, rose 20% last year, compared to 2014, and a 2,400% increase over the last decade, the recent report from the National Crime Records Bureau (NCRB) show.

New social media users are more prone to scams.

Palak Kaur, a college student from Chandigarh, started accepting friend requests on Facebook because she thought she was popular, but was soon alarmed to see unwarranted posts on her timeline. “I was taken aback… I tried resetting my password, but it didn’t help,” says Kaur, who finally shut down the account.

According to NIA’s Mittal, most people ignore such incidents since these cloned accounts look ordinary and harmless. “These accounts can be used by perpetrators for nefarious activities. Social media is the most potent weapon in the hands of terrorists.”

Facebook, however, remains defensive on fake profiles. “Our authentic name policy is designed to create a safe space for people... That makes it difficult for terrorist organisations to hide behind fake profiles, or for anyone else to use an anonymous name to bully, scam or engage in criminal behaviour,” says a Facebook spokesperson.

And it’s not only in India.

In January, the Obama administration sent top US officials, including White House chief of staff Denis McDonough and secretary of homeland security Jeh Johnson, to a summit to woo top Silicon Valley companies, such as Apple, Google, Facebook and Twitter, to join the fight against terrorism.

In another instance, cyber thieves recently who pulled off one of the biggest robberies in history when they raided the Bangladesh central bank in February. The hackers sent 35 fake orders from Bangladesh Bank via Swift, the financial transaction system that has about 11,000 banks worldwide as its customers, to the central bank’s account at the Federal Reserve in New York. The transfers totalled $951 million, but the thieves managed to get away with $81 million by sending money in four tranches to different accounts in the Philippines.

In February, Twitter said that it had shut down 125,000 Salafi jihadist militant group ISIS-related accounts. ISIS later developed an app called Alrawi for its communication, after being kicked out of platforms, including WhatsApp, Telegram and Twitter.

“It is a cat and mouse game – the pressure to introduce new products by technology companies are so high that bugs come in,” says Sanchit Vir Gogia, chief analyst and chief executive of Greyhound Research. “It’s easier to take a Facebook profile picture and morph over a nude picture… It is more prevalent on the mobile.”

Meanwhile, Facebook has built automated systems over the years, which use machine learning and other scientific techniques to address scams, spam, phishing and malicious accounts, including profiles that might be impersonating someone else.

When a fake account is reported, Facebook runs its automated system against the reported account. It also asks the person to confirm her identity as the true account owner within a specified time period through one of the several methods, including registering and confirming the mobile phone number. “If the person can’t do this or doesn’t respond, the account is disabled,” the company spokesperson said.

Meanwhile, down south, Christow Saji, administrator and lead of Kerala Cyber Warrios is helping netizens deal with social media and internet scams. Recently, he helped three social media scam victims, between 18 and 25 — Dheeraj Chandramohan, Atul Chandran and Jit Thomas — to recover their accounts. “They were troubled deeply when their social media profiles were compromised,” says Saji.

The cost of cyber crime globally will top $6 tn annually by 2021, from $3 tn in 2015, according to a report by research firm Cybersecurity Ventures