By Jacob Punnoose IPS, Director General of
Police, Kerala
Many years ago, in my childhood, there used to be people in my locality who were unable to read letters addressed to them. They would often
Jacob Punnose IPS, DGP Kerala
come to my father for assistance in reading the contents. Such people used to be called illiterates. These days, however, such people are very rare. On the other hand, you will find even educated people who are not capable of writing, reading or sending e-mails. Today, these are the people who would be called “illiterates.” Thus, owing to the progress of technology, even educated people have become illiterates! In this sense, I, too, was an “illiterate” till the age of 42 years. But, for over a decade now, I have been a regular user of computers. Today, all the reports that I have prepared during my career thus far are available on my laptop at the click of a mouse. Absolutely no need to browse through dusty and moth-eaten piles of files!
These days, when computers have become such an integral part of our lives, instances of computer-based crimes, usually referred to as “cyber-crime” have also begun to crop up. Hence it would be useful to take a look at what comprises such crimes, and what modern Police forces need to do to tackle such crimes.
At the outset, it is important to realize that all crimes that use computers as a tool are not necessarily cyber-crimes. For instance, if one receives a threat by e-mail, it is just a threat delivered by means of a computer, and will be treated as is normally done in the case of such acts of crime. In this case, the computer is used merely as a means of conveying the “threat” to the intended target and does not play a major part in the crime. It is only when the target itself is a computer and/or computer network that such a crime may be considered as a “cyber crime.” The aim of such cyber crime may either be to disable the ‘targeted’ computer systems/networks or else to access the data in them unauthorisedly or even to maliciously tamper with the contents of the targeted systems/networks.
In India, such crimes are not very common. For this to happen, there needs to be a “cyber community” where acts of such crime may occur. However, it may not be long before such a community does actually evolve, wherein more and more financial transactions and other day-to-day business takes place with the aid of computers. This is especially true in the context of Keralawhere it is not uncommon to find grandfathers learning to send e-mail to their grandchildren, and where Internet cafes exist even in the forest areas at the foothills of the famed Sabarimala temple!
Generally, cyber crimes may be classified as: 1) E-mail Bombing; 2) Salami Attack; 3) Logic Bomb; 4) Data Diddling; 5) Internet Time Theft; 6) Virus Attack; 7) Trojan Attack; 8 ) E-mail Spoofing. Such crimes have begun to occur increasingly in developed societies. Among these, “Salami Attack,” a form of financial crime, is considered as the most serious. Such crime figures predominantly in the banking and financial circles. Smart programmers target the computer systems of such financial institutions and insert computer programmes that divert small amounts from various accounts into certain pre-determined and purposefully created accounts. Usually, the amounts thus diverted are negligible, such as fractions of large amounts, rounded off figures from financial transactions, and so on. Though each such individual figure is negligible, given the large volume of transactions that take place daily in a modern financial institution, within a very short time, the amounts thus diverted to these “fictitious” accounts soon become huge. Such “salami attacks” may take place in other large corporate houses also. Usually, one or more employees of the said companies are accessories to the deed, and play a critical role in its successful implementation. Recently, an instance of a millionaire created by such “Salami Attacks” came to light. This person, who claimed to be the owner of an account worth millions of dollars, was unknown to the concerned Bank Manager, nor were there any records of deposits into the said account. But, the account continued to grow….
Though such an occurrence has not been reported from anywhere in India till date, it will happen without much delay. Another common example of cyber crime is the “Trojan Attack.” In this, a hidden programme is embedded in one of the programmes on the target computer, and once this programme is activated the hidden programme begins to leak/divert data from this computer to other unauthorized users/computers. “Logic Bomb” is another example of a cyber crime. In this, certain pre-specified keywords or programmes trigger off malicious and destructive actions within the targeted computer system(s), leading to considerable date loss and waste of computer resources. The virus responsible for this is usually passively stored in the said computer system till a certain pre-determined event takes place, when the attack occurs. “E-mail Bombing” refers to the repeated sending of large e-mails to targeted e-mail addresses of individuals or websites, leading to system crashes and other malfunctions. Unauthorised use of credit cards takes place after theft of credit card details such as Name and Password by clever cyber criminals. “Data Diddling” refers to acts whereby misleading or incorrect data is provided by e-mail to procure services, such as traveling using a false name after on-line ticketing. “Internet Time Theft” is usually experienced by Internet users and institutions that need/use the Internet 24 hours a day, whereby their user accounts are accessed and made use of by unauthorized Internet users.
It is important to distinguish between the ordinary criminal and those that indulge in cyber crime. The former may be persons who have strayed into the world of crime due to personal grievances against society, influenced by special circumstances or other causes. These criminals may at best steal computers; they cannot use them to commit other crimes! On the other hand, cyber criminals are persons that are well-educated, possess a good understanding of the latest developments in computer technology and travel freely and at will on the streets of “cyber communities,” wreaking havoc and indulging in acts of crime.
Increasingly these days, financial transactions are being made on a cash-less basis, with a move away from credit cards and towards ‘cyber-cash.’ This may be considered as the next step in mankind’s long journey through the ages, from barter trading in commodities in ancient times, through monetary transactions involving gold, silver and copper coins, and then on to paper currency. Interestingly, in India, the transition from coins to paper currency took place during the time of Tughlaq, the Mughal King, who was then derided as a madman. Today, the day is not far off when all financial transactions will take place by means of ‘cyber currency!’ It is in such a community that Cyber Crime will take root and grow!
In a well-known story from the Arabian Nights, Aladdin had a Genie attending to his every desire residing in his Magic Lamp. Today, the Internet stands before us as a modern Genie, capable of bringing to us the wonders of the world, at the click of a mouse. As soon as I log on, the Internet asks me what information I require. Whether about Elephants or about the planet Mars; it delivers to me all the available information and makes it accessible on my computer screen. But, there may arise occasions when the Internet may become deadlier than a Gun! Today, we fear the loss of our wealth, property and even our life, due to crime; but tomorrow, we may need to fear the loss of our ‘identity’ itself! For instance, my laptop computer requires my fingerprint as a security measure before I can access its contents. But, how can we be sure that this is 100% secure? Actually, the computer only checks to verify if my fingerprint matches with the data in its memory, as a security check. If someone is able to gain access to this data in my computer memory, he will easily be able to break into my computer. Thus my very identity may get stolen!
Today, the only major road not patrolled by Police is probably the Cyber Highway. There is some confusion regarding how the modern Police can and should function on this Cyber Highway. This is because Police are duty-bound to respect the boundaries of different nations, but the Internet cuts across such artificial and man-made boundaries. Suppose that a person residing in the United States is the beneficiary of a cyber crime committed in India by a person located in Moscow via computers situated in China. The question arises as to which Police should investigate this crime. As of today, such tricky issues have not yet been addressed properly.
These days, it is comparatively easy for Police to detect crimes committed in the world of technology. It is only necessary for the Police to have training and knowledge about the same. In a recent report submitted to the Government of Kerala, I have mentioned explicitly: “The Police should continuously update with technology.” That is, Police should not distance themselves from technology, especially in a state such as Kerala.
Today there is no need for a policeman on the lines of the well-known figure of fiction, James Bond. We are also not in need of policemen with physical power as in Aldous Huxley’s “Brave New World.” Rather, today’s policeman needs presence of mind. For this, policemen need to understand technology well. In future, all crime investigation will be cyber crime…Beware!