JAMMU AND KASHMIR: A STUDY ON CYBER CRIMES.
– BY MARIYAM CHOWDHARY
India is a well-connected country. All the news and happenings reach all the nooks and corners of the country in fractions of seconds through various platforms. Similarly, all forms of crimes are also reported from all the parts of the country including cyber-crimes. Jammu and Kashmir is also not an exception to this fact.
The newly formed Union Territory of Jammu and Kashmir has reported a sudden increase in the number of cyber-crimes in the past few years. In 2015, 38 cases were reported which were related to cyber-crimes. In 2016, the number of such cases dropped to 25 and J&K was ranked 28th on state-wise rank in cyber-crimes in the country. But in the year 2017, the cases related to cyber-crimes grew at a very high pace with 51 cases reported and 48 such cases were also under investigation.
To manage the growing cases of cyber-crimes, a proposal was passed for the establishment of a cyber-crime police station in J&K with all the required modern equipment and IT gadgets to keep surveillance on such activities. As of 2019, there are four police stations that will register cases and undertake investigations of cyber-crimes in J&K.
On June 05th, 2017, a major break-in was reported by the National Institute of Technology (NIT) Srinagar. Their website was hacked by a hacker group from Pakistan known as the Pak Cyber Skullz. This incident happened a day after Pakistan lost the ICC Championship Trophy against India. Various comments were posted against the Indian Government and their draconian policy towards Kashmir and the Kashmiris. It was believed that they hacked the website of NIT because of their frustration of losing the cricket match.
Another case was reported by the Cyber Branch of Jammu and Kashmir recently. Two cyber-criminals duped a Jammu and Kashmir resident lakhs of money. They used Facebook to trick him into this fraud by using a fake women account. They talked him into some sort of business and asked him to transfer money to the various accounts. Soon, a complaint was lodged by the victim and it was found that those criminals were part of a notorious cyber racket operating from Delhi.
CYBERCRIME BRANCH OF J&K POLICE mentions various forms of cyber-crimes and the motive behind such crimes, such as:
HACKING – Hacking in simple terms means an illegal intrusion into a computer system and /or network. There is an equivalent term to hacking i.e. cracking, but from the Indian Laws perspective, there is no difference between the term hacking and cracking. Every act committed to breaking into a computer and/or network is hacking.
CHILD PORNOGRAPHY. – The easy access to pornographic content readily and freely available over the internet lowers the inhibitions of the children. Pedophiles lure the children by distributing pornographic material, and then they try to meet them for sex or to take their nude photographs including their engagement in sexual positions.
CYBER STALKING. – Cyber Stalking can be defined as the repeated acts of harassment or threatening behavior of the cybercriminal towards the victim by using internet services. Stalking in General terms can be referred to as the repeated acts of harassment targeting the victim such as following the victim, making harassing phone calls, killing the victims’ pet, vandalizing victims’ property, leaving written messages or objects.
PHISHING – The act of sending an e-mail to a user, falsely claiming to be an established legitimate enterprise as an attempt to scam the user into surrendering private information that will be used for identity theft. The e-mail directs the user to visit a Website where they are asked to update personal information, such as passwords and credit card, social security, and bank account numbers, that the legitimate organization already has.
To IMPROVE the situation in the UT of J&K, prevention and precaution are of utmost importance. It is very necessary to educate people about such crimes. There is also a need for informing people to report such incidents.
Some of the prevention measures include the following:
Act don’t just react. Before you need it, establish a reliable system for assigning access to company data resources. Make sure the system can disable such access immediately should a major layoff occur.
Identify dormant IDs or orphaned accounts. Install or create a system for actively checking for and deleting out-of-date IDs/accounts and/or inactive users.
Automate the lines of communication between your IT and HR departments. The IT department will need to have real-time notice of pending layoffs or restructuring in order to determine which accounts need to be disabled or suspended.
Define the “need to know.” Determine-based on job function, seniority and/or other predetermined department roles-who needs to have access to which resources and why.
Don’t forget the sharing factor. What happens when employees who have relationships with outside vendors are punished/fired? These now-former employees may have provided password IDs to exclusive department data, and IT probably does not have an easy means of tracking these IDs.
Reset passwords regularly. Smart departments should have an automated system for resetting passwords on a regular basis.
Make non disclosure policies routine. Establish and enforce a non-disclosure contract signed on the date of employment. The contract should clearly explain to government/corporate employees the consequences of hacking and sharing departments’ resources and data.
Suspend terminated IDs. Make sure that the accounts belonging to laid-off employees are not simply deleted, which could result in the loss of critical information. Instead, make sure that you incorporate a suspend feature in your provisioning process that prevents outside access but enables the IT department to search for key data in the account.
Reconcile open IDs to reality. Make certain that your system can produce real-time reports that show all open IDs/accounts and reconcile them against your trusted identity source. You must be able to clean out your dormant and invalid accounts.
Operate out of opportunity rather than fear. Remember that open doors (to information, resources, etc.) are vital to business success, but you must be able to shut that door quickly when an insider becomes an outsider.
REFERENCES
CRIME BRANCH PORTAL OF J&K POLICE
A STUDY ON CYBERCRIME IN JAMMU AND KASHMIR- Abhishek Gupta, Dr. Jatinder Singh Manhas.
The point about suspending ids was something I wasn’t aware of.
Very informative article!!