‘Cybercrime threatens everything from smartphones to nuclear reactors and even national security’

Mumbai: The new age cybercrime has surpassed $6 trillion in revenue and damages, catapulting it as the numero-uno organised crime syndicate globally surpassing narco-trafficking and counterfeiting. Incidentally, our Prime Minister had envisioned making India a $5 trillion economy by 2025, a figure pale in comparison to the cybercrime space, which is likely to expand to $10 trillion by then.

In a world where every day is a technological miracle, the internet of things (IoT) is a welcome convenience. While driverless cars, clone armies of superhuman robots, money transfers at the click of the mouse, smart homes and social media obsession have brought about a revolution and transformed the planet into an unrecognisable place in the last five years, cybercrime has emerged as an organised well-funded enterprise. It is appropriately called the ‘arms race of the 21st century’ where there is a mad rush for unearthing Zero-day (unreported) vulnerabilities and exploiting them with the anonymity afforded by Darknet or Onion routers-ToR.

Internet was born in the late 1960s as ARPANET, a small network of government computers. It has metamorphosed into a ubiquitous and all-pervasive phenomenon. The world of cybercrime too has massively spread its tentacles, best illustrated by the following scenarios inspired by real cases from cyber police files.

A woman journalist dwelling in a typical Mumbai studio apartment and inured to online chatting, fell victim to a spear–phishing attack, where a malicious code called video keylogger was installed in her laptop. Consequently, whatever she typed – all keystrokes were recorded on her laptop’s hard disk and transferred via email to the cyber-criminal. Even her webcam was unwittingly switched on and all images similarly transferred. All videos and data were meticulously collated and used to blackmail the gullible victim. The girl attempted suicide and was later counselled.

A couple of teenage Chinese hackers, perhaps having nothing better to do in their vacations, hacked into and even attempted to change the course of 2 NASA satellites. The hacks were detected and thwarted with the veritable threat of converting satellites into weapons of mass destruction.

Cybercrime is proliferating and metamorphosing into extremely innovative forms at an alarming pace. Cyber crimes like virtual kidnapping, pig-sharking, online instant loan frauds and eSIM frauds are on the rise and lack of awareness further exacerbates the issue resulting in large-scale financial and reputational damages

A malware Pegasus, developed by Israel company NSO group, gained notoriety by playing havoc with the privacy of hundreds of smartphones. The distinguishing feature of the spyware was its ‘zero click’ feature, where it got installed on the victim’s phone without the victim being required to click even once on a malicious link and subsequently took over all admin controls, enabling it to eavesdrop on all communications, text, chats and even switching on camera and microphone to see and hear ambient scenes and sounds.

In October 2020, a large-scale power outage in Mumbai region which brought the whole city including its lifeline the local trains to a grinding halt was attributed to an act of cyber-sabotage. Investigation and reports by New York Times revealed that 14 Trojan horses or malevolent programs from hostile countries had infected the electricity servers.

The Pune Cosmos Bank Cyber-heist in 2018, wherein hackers stole ₹94 crore in just two days through multiple ATM swipes in 28 countries across the world and the Nanded Cooperative Bank cyber-heist In 2021, where ₹14 crore was siphoned off by hacking core banking solution system, are glaring illustrations of the magnitude of dacoity not through bullets and bombs but through bits and bytes.

Hypothetically, if such massive bank dacoities were carried out in the physical world through automatic weapons, it would have unseated governments and heads would have rolled in plenty.

Another spine-chilling scenario of cybercrime is when it transforms into cyber-terrorism. Hacked Railway signalling systems can lead to the collision of trains, hacked water purification plants can lead to poisoning, and hacked nuclear missile control systems can lead to rogue nuclear attacks and catastrophe. The primary reason why Iran is still a non-nuclear weapon nation is the iconic cyber-attack christened ‘Stuxnet’ on its Netanz Uranium enrichment centrifuges, where they spun at supersonic speed and self-destructed. Cyber terrorism is very much real – a Frankenstein monster, which needs to be tamed.

Cybercrime has redefined the landscape. It is no longer perpetrated by a lone computer savant camouflaged in a hoodie. It is business, a parallel economy worth trillions of dollars. It is preferred because of low entry costs, technological advances are so quick that law enforcement agencies are not able to keep pace. The risk of getting caught is minimised by techniques of proxy bouncing and the use of virtual private networks (VPNs), which make the attack appear to originate from a country like Iran or North Korea, which are shrouded in secrecy.

Cybercrime remodels with blitzkrieg pace into darknet crimes where one can hire a contract killer or buy and sell narcotics with anonymity, ransomware where the data of an agency is surreptitiously encrypted and ransom demanded in cryptocurrency to decrypt it, man-in-the-middle attacks, sextortion, social online grooming of children, child pornography, Jamtara-styled online financial frauds, spoofing, scamming, skimming attacks, phishing and vishing attacks, hacks on critical infrastructure by state actors or even deep fake and deep nude attacks.

It is imperative that law enforcement agencies get their act together and fight cybercrime in a sincere and concerted manner, with international cooperation and upgradation of resources, tools and skilled manpower.

The author is an IPS officer and is presently posted as Special IGP Maharashtra Cyber Department, which is the nodal agency for cybercrime and related matters for the state of Maharashtra.