Cyber-Enabled Financial Crime

In News

• Recently, 1000 individuals were held in 20 countries as part of Interpol crackdown on cyber-enabled financial crime.

What are Cyber-Enabled Financial Crime?

• Cybercrime encompasses any crime committed online, including ransomware attacks, cyber-espionage, child pornography and cyber vandalism.
• Social engineering (e.g. phishing email) might be used to launch a cyber-enabled financial assault from the outside.
• It’s not about draining bank accounts or bitcoin wallets; it’s about stealing IP.

Operation HAECHI-II

• Project: 
  • It is the second such operation in a three-year project launched to tackle cyber-enabled financial crime, in participation with the Interpol member countries in every continent.
• Specialised units: 
  • Specialised police units from 20 countries, including Hong Kong and Macau, took part in the exercise to target specific types of online fraud, such as “romance” scams, investment fraud and money laundering linked to illegal online gambling.
• Anti-Money Laundering Rapid Response Protocol (ARRP):
  • The operation also saw Interpol officials pilot test a new global stop-payment mechanism – the Anti-Money Laundering Rapid Response Protocol (ARRP) – which proved critical to successfully intercepting illicit funds in several HAECHI-II cases.
• Purple Notices:
  • Based on the findings during the operation, the Interpol published multiple Purple Notices – police alerts that seek or provide information on modus operandi, objects, devices and concealment methods used by criminals. 
  • The notices are shared with the member countries to enable exchange of information on emerging criminal methods and establish links between cases.
  • One such notice, requested by Colombia, detailed a malware-laden mobile application using the name and brand of Netflix show ‘Squid Game’. 
  • The app was in fact a Trojan horse virus that, once downloaded, could hack into the user’s billing information and subscribe to paid “premium” services without the user’s explicit approval.

Significance

• INTERPOL in assisting member countries combat a crime which is borderless by nature.
• Pilot implementation of New and state of art global stop-payment mechanism, the Anti-Money Laundering Rapid Response Protocol (ARRP), which was designed to intercept illicit funds.
• A major help provided by flagging the apps which target countries by carrying trojans within them.  

Image Courtesy: InterPol

Cyber Crime in India

• Definition: 
  • In India, cyber crime can be defined as unauthorized access to some computer system without the permission of the rightful owner or place of criminal activity and include everything from online cracking to denial of service attacks. 
• Examples: 
  • Phishing, 
  • Spoofing, 
  • DoS (Denial of Service) attack, 
  • credit card fraud, 
  • online transaction fraud, 
  • cyber defamation, 
  • child pornography, etc.

Reasons of Cyber Crime

• Ease of Access:
  • Hackers can steal access codes, retina images, advanced voice recorders etc. that can easily fool biometric systems and bypass firewalls can be utilized to get past many security systems.
• Capacity to store data in comparatively small space:
  • This makes it a lot easier for people to steal data from any other storage device and use it for their own profit.
• Cracking the Codes:
  • The computers run on operating systems which are programmed with millions of codes. 
  • The cyber criminals can take advantage of any mistakes at any stage.
• Negligence:
  • Any negligence while protecting the computer system can provide a cyber-criminal the access and control over the computer system.

Need for Cyber Laws in India

• As per the recent reports by media, the Union Home Ministry informed the Parliament that cyber-attacks have risen exponentially, last year in the country, from 394,499 recorded in 2019, to 1,158,208, citing the data from Computer Emergency Response Team (CERT-In). 
• Lack of awareness for adequate cybersecurity.
• The high rise in online activities due to lockdown imposed to curb covid-19 pandemic situation. 

Government Initiatives To Tackle Cyber Crime in India 

• The Indian Computer Emergency Response Team (CERT-In):
  • It operates as the national agency for tackling the country’s cybersecurity, and has helped in lowering the rate of cyber attacks on government networks. 
• Indian Cyber Crime Coordination Centre (I4C)
  • To act as a nodal point in the fight against cybercrime
  • To prevent misuse of cyber space for furthering the cause of extremist and terrorist groups
• Cyber Surakshit Bharat 
  • Aiming at strengthening the cybersecurity ecosystem in India in line with the government’s vision for a ‘Digital India’.
  • Launched by the Ministry of Electronics and Information Technology (MeitY) in association with the National e-Governance Division (NeGD).
• National Critical Information Infrastructure Protection Centre (NCIIPC)
  • It is a central government establishment, formed to protect critical information of India, which has an enormous impact on national security, economic growth, or public healthcare. 
• Botnet Cleaning and Malware Analysis Centre 
  • The central government has also launched Cyber Swachhta Kendra, which is a cleaning bot used for malware analysis and detecting malicious programs. 
• Personal Data Protection Bill
  • In order to protect Indian users from global breaches, which focuses on data localisation. 
  • The bill implies the storage and processing of any critical information related to individuals only in India. 
• Appointment of Chief Information Security Officers (CSIO)
  • The government of India has also issued a written guideline for the CISOs of government organisations, highlighting the best practices for securing applications, infrastructure, and compliance. 
• Website Audit
  • Amid the increasing number of government website hacking, email phishing, data theft, and privacy breach cases, the Indian government has planned to conduct an audit on all the government websites and applications. 
• Crisis Management Plan
  • This initiative is aimed at establishing a strategic framework for employees and leaders to prepare for a breach incident. 
• Training & Mock Drills
  • The government organisations have also started organising and conducting cybersecurity mock drills to assess the cybersecurity posture of organisations. 

Way Ahead

• Global Cooperation:
  • Establish multi-dimensional public-private collaborations between law enforcement agencies, the information technology industry, information security organizations, internet companies, and financial institutions. 
  • Interpol’s financial crime unit is currently working with member countries to integrate the system into the existing communication channels.
• Governmental Measures:
  • Training Programmes for tackling cyber-attacks
  • Creating  full-fledged Army of Cyber Professionals
  • Setting up of Robust Governance with support from established centres like Defence Cyber Agency, Indian Cyber Crime Coordination Centre and Cyber Swachhta Kendra (Botnet Cleaning and Malware Analysis Centre) 
• Individual Level:
  • Using Strong Passwords 
  • Keeping social media accounts private
  • Securing mobile devices 
  • Protecting the computer with security software

Source: TH