Not long ago the Central Bureau of Investigation had arrested an international fugitive wanted in America for allegedly stealing four crore debit and credit card account details by hacking into computer systems along with his accomplices. The cyber crime syndicate had employed the most complex methods for identity theft.
This being an extreme instance of the destructive potential of cyber crime, experts fear more such serious cyber attacks on ignorant and imprudent Internet users as the user base expands by the day. There are an estimated 12 crore Internet users and a whopping four crore 3G subscribers in India.
From credit card frauds to email and website hacking, data theft, fake social networking profiles, profile defacement, cyber stalking and hate mails to phishing for identify thefts, the Internet as a medium has thrown open multifarious opportunities for criminals to make illegal financial gains, cause massive financial losses to individuals and business houses, perpetrate terror, get even with rivals and even draw sadistic pleasure out of others’ miseries.
“The most disturbing trend is the emergence of organised e-syndicates, which are employing tools like botnet, through which malware such as trojans, viruses, worms and other malicious programmes can be distributed in the network either as an attachment with spam emails or other methods,” says a police officer.
The botnet programme acts as an agent to take control of multiple computers without the knowledge of individual users, by infecting the systems using malware or through unintended download of infected software by users. The infector then remotely controls the network of computers to generate spam emails; attack intended targets including individuals and websites to cause massive disruption; and steal sensitive data, use storage space of the user or consume Internet bandwidth. “They primarily cause denial of service or distributed denial of service to multiple users, not allowing them access to the service providers’ server,” says a Truth Labs expert.
Cyber experts say the botnet programme will in the future pose a major challenge as they are becoming more sophisticated and have now a larger network of computers as potential tools to accomplish nefarious goals, primarily illegal financial gains.
The malicious programmes may also be spread through cleverly camouflaged messages posted on social networking websites or instant messaging services through web hyper-links to infected sites or attachments. A simple click on these links can infect an unprotected computer. Worms not only infect a computer, but then replicate and infect other systems operating on the same network.
Highlighting security concerns regarding advanced mobile devices, the expert says: “They are well integrated with the Internet and therefore are potentially susceptible to similar threats affecting Internet-linked computers. Since mobile devices can contain vast amounts of sensitive and personal information, they are attractive targets providing opportunities to criminals.”
“Smart phones and personal digital assistants (PDAs) give users mobile access to email, the Internet, GPS navigation, and many other applications. However, smart phone security has not kept pace with traditional computer security. Security measures, such as firewalls, antivirus, and encryption, are uncommon on mobile phones, and mobile phone operating systems are also not updated as frequently as those on personal computers. Mobile social networking applications sometimes lack the detailed privacy controls of their PC counterparts,” says the expert, adding that owing to its user friendliness and wide application availability smart phones are used widely which is the potential target for the attacker. A multitude of threats exist for mobile devices, and the list will continue to grow as new vulnerabilities draw the attention of malicious actors.
This apart, trans-national cyber attacks have also been posing an immense threat to national security, with the government websites including that of the Central Bureau of Investigation having been targeted by hackers. Experts say with the gradual implementation of the Supervisory Control and Data Acquisition system, a platform for remote control of multiple services like electricity, water, gas and nuclear energy generation and distribution through computer networks, India’s vulnerability to such attacks would multiply manifold. “In such a scenario, the entire interlinked services may crash for want of adequate preventive measures,” says the member of the Truth Labs’ cyber forensic expert team which has handled a wide range of crimes received from courts, police, corporate houses, law firms and a large number of individuals in different parts of the country.