What would be your choice, robbing a shop for Rs 10000 and get caught by the police by the end of the day or steal Rs 7 Crore all by sitting in the basement of your house without worrying about any investigator ever suspecting that it was you? Also, you can commit the same crime the very next day only with a different target and still walk free at the end of the day. Doesn’t it seem way too much of a blessing by the God of Crimes if there was any? But why on earth am I mentioning a fictional situation which is never possible at least in such a “well-tested” judiciary system?
If you are still pondering about the last question then dear, you’ve no idea of what is possible today. I’m taking about cyber-crime and online frauds and why do those criminals get away almost every time. There used to be a time when anyone after committing a crime, used to be in fear of getting caught and in panic, they used to do something stupid which would lead the police to gather proofs against them and bring them to justice.
How is it any different?
Let’s take a simple example, if someone gets hold of your credit card details then it is almost of no use in India as the buyer would need an OTP to complete the transaction. But if they try to make a purchase from some American merchant, then all they need is to fill in the credit card details and its done!! Your only line of defense here is the fact that how would someone from USA get to use your Indian card details. Fraudsters and hackers have the solution to this problem already figured. The criminals who harvested your card details just sell it on the dark web marketplace where from anyone can buy it by paying through bitcoin. The whole process is kept anonymous by the internet itself and hence there is no way of tracking the transaction; and that’s how you end up being a victim of online fraud for the first time in your life.
Let’s take an example, if someone got hold of your credit card details them it is almost of no use in India as the buyer would need an OTP to complete the transaction. But if they try to make a purchase from some American merchant, then all they need is to fill in the credit card details and its done!! Your only line of defense here is the fact that how would someone from USA get to use your Indian card details. Fraudsters and hackers have the solution to this problem already figured. The criminals who harvested your card details just sell it on the dark web marketplace where from anyone can buy it by paying through bitcoin. The whole process is kept anonymous by the internet itself and hence there is no way of tracking the transaction; and that’s how you end up being a victim of online fraud for the first time in your life.
If you are reading this article then you must have spent several years on the internet and I can bet, everyone of you would surely have listened from at least on of your friends that their Facebook/Instagram/Gmail/Hotmail account got hacked and someone is using it to send fake messages and posting rubbish in your name. You must have felt the pain in your friend’s voice while they were sharing that news with you. But how did that happen in the first place. Well, to carry out such attacks, hackers employ multiple methodologies. The most common among them is “Social Engineering Attacks via Phishing”. in this, you are sent fake information and offers via emails, web push, in-app advertisements etc., and provoked to feed in your account details into a specially designed web-page which transfers all your credentials to the attacker. Such web-pages have almost indistinguishable look than its authentic version.
Another method for hackers to get your account login data is quite indirect. It is very frequent that your login to small website services using your email or Facebook instead of signing up on them for saving time. These websites sometimes store your credentials in their own databases which is not as secure as Facebook or Gmail’s. Attackers might breach into database of those websites in order to extract your login credentials as these indirect sources of login credentials are not as secure as the Facebook databases. And if you are wondering that how often such data breaches occur, so you’d be surprised to know that India is a paradise for hackers with around 20+ annual data breaches. So, a clever hacker can get access to your social media and email credentials in order to cause you problems.
But still, our initial question didn’t get answered. how do they always get away? In India, the situation is quite weird. People do suspect that their online presence is being compromised but still can’t do much about it. There is perfect explanation for this. Just imagine you’ve lost Rs 20000 because of a fraud and you file a complaint in the cyber cell department. But your case didn’t receive any investigatory attention after a week or even a month. The flaw here is not with the authorities but with the internet itself. The investigation of any cyber based crime is much more complex than you can imagine and collecting an evidence that can be proved in a court is even more difficult. It is exactly opposite to what you see in the movies. Investigation requires a lot of background technical work in order to track down the origin of crime. Since the path that hackers use is encrypted so there is a requirement of a lot of decryption, cyber forensics, password cracking in order to pin point the exact place from where the crime initiated and henceforth figure out the exact person who committed it. But this requires a lot of engineering effort, police will have to hire very expensive computer experts who can do this type of tracking. So just imagine, if your fraud is worth Rs 20,000, then the cost of investigation will fall about Rs 10,00,000 and that also can’t guarantee that you will gather enough evidence. Even in case you are able to gather evidence then because of its digital nature, the defending attorney will have more than enough points to say against authenticity and integrity of the data present in your evidence.
So, is there even a possible solution?
But why is it that even solid proofs against a cyber crime can be denied in the court? The problem lies in the differences in the cyber laws in different nation. Some illegal cyber activities in one nation might be legal in other but one nation can’t cross its area of jurisdiction in order to solve crime until it has permission from the other nation. Only solution to this issue is if multiple nations join their forces in times of any massive cyber-attacks to facilitate investigation. The cyber laws need to be refined a lot because we’ve still not identified the different premise of such crimes as it is a very new area of crime whereas our judicial system has been formulated out of physical crimes which are taking place since a thousand years.
Another problem lies in the quality of investigation. The criminals who commit cyber crimes are much more able in their field than the investigators’ cyber forensic team. In order to balance it out, police should use past cyber laws offenders kept in custody to help the investigators as those guys have first hand idea of the technologies used and mentality of the cyber criminals who commit such crimes. But this option comes with some inherent risks because of the fact that we’re taking help from criminals and “Once a criminal, always a criminal”, right?
But these are just proposed ideas which might never be adopted by the government. So does it mean that there is no way out of this web?The only practical method available to use in order to protect ourselves from frauds and online crimes is to be vigilant and careful with our online activities. Being careful about strength of our passwords in different online accounts, not using a password twice are some basic tips. But when you’re dealing with credit cards, if once your details are out on the dark web the only solution is to get that card blocked immediately.
Now the question is: How would you know that whether your details are floating on the dark web? You can take help of Dark web monitoring tools which can provide you notification about whether your passport, credit/debit card details, PAN card details are being circulated on the dark web.
ID Fence is a brand-new product, currently one of its kind in India which can help you achieve the aforementioned cause. You can also check for the compromise history of all your documents and social media accounts that might have happened in the past 7 years and be prepared for your battle against Identity Theft.
ID Fence — Protect your Financial and Social Identity Online
