Internal Security Archives - Page 3 of 3

Linkages of Organized Crime with Terrorism

by admin

Linkages of Organized Crime with Terrorism

This article deals with ‘Linkages of Organized Crime with Terrorism.’ This is part of our series on ‘Internal Security’, an important pillar of the GS-3 syllabus. For more articles, you can click here.

Introduction

Like terrorism, there is no single uniformly accepted definition of organized crime. Even UN Convention against Transnational Organized Crime does not define organized crime.

According to Interpol, an Organized Crime Group can be defined as ‘any group having a corporate structure & whose primary objective is to obtain money through illegal activities, often surviving on fear and corruption.’

Characteristics of Organized Crime Groups

1. Continuity

These groups are structured to survive leadership changes. Due to their structured nature, they operate beyond an individual’s lifetime.

2. Structure

These groups are highly structured with a properly defined hierarchy. The ranks are based on power and authority.

3. Membership

Their membership is restricted and based on common traits like ethnicity, background, common interest or proximity with the leader. Scrutiny and probation are crucial parts of member recruitment.

4. Criminality

Such groups rely on criminal activities to generate income. Therefore, these groups are engaged in criminal activities like smuggling, murder, intimidation, drug trafficking, human trafficking etc.

5. Violence

These groups use violence against opposition groups to protect their commercial interests.

6. Intimidation

To get their job done, criminal gangs indulge in intimidation against people or public officials.

7. Corruption

Crime thrives in a corrupt atmosphere. Organized Crime Groups buy off law enforcement officers to carry out their illegal activities without resistance.

8. Power & Profit Motives

All the actions of the Organized Crime Group aim to maximize the group’s power and profits. For this, the group bribes the officials and leaders and even indulge in intimidation and violence.

9. Protectors

These groups have protectors in the form of public officials, attorneys and businessmen who collectively protect the criminal group.

10. Specialist support

These groups are assisted by specialists on an ad-hoc basis, including chemists (in the drug business), shooters (for murder), pilots (in smuggling) etc., who are nonetheless considered part of the group.

The degree of these characteristics may vary from group to group. However, the quintessential element of organized crime is continuing illegal activities to generate illegal proceeds.

Famous Organized Crime Groups of the World

Country	Organized Group	Important Points
Japan	Yakuza	– Transnational Crime Syndicate with more than 28,000 members and a turnover of around $50 billion. It further has three more clans, i.e. Yamaguchi Gumi, Sumiyoshi-kai and Inagawa-kai.
Italy	Ndrangheta group	– It has an annual turnover of €53 billion. – It is engaged in wide-ranging activities like murder, extortion, drug trafficking and money laundering. They control the supply of cocaine in the whole of Europe. – Membership relies on blood ties in the Calabria region of South Italy.
USA	CRIPS	African-American Organized Criminal Group in USA with a turnover of $8 billion
India	D Company	– D Company is named after its leader Dawood Ibrahim. – It is the most powerful gang in Mumbai with abroad networks. – It is involved in extortion, narcotics, drugs, smuggling and contract killing.
Russian	Mafia
Hong Kong	Triads

Linkages of Organized Crime with Terrorism

Main activities carried by Organized Crime

1. Drug Trade

It is the biggest revenue source for most organized crime groups.
It is quite widespread in India due to India’s geographical location between the golden triangle and golden crescent, the world’s leading producers of narcotics.
Apart from that, opium is legally cultivated in India under medicinal licensing. Organized Criminal Groups siphon off this opium to be sold in the illicit market.

Side Topic: Narco-Terrorism

According to the US Drug Enforcement Administration (DEA), narco-terrorism is “a subset of terrorism,” where groups or individuals participate directly or indirectly in the cultivation, manufacture, transportation or distribution of controlled substances and the money derived from these activities”.

2. Smuggling

Goods are smuggled in and out of the country by Organized Crime Groups without paying the required taxes and dodging customs.
The nature of smuggled goods depends on the fiscal policies adopted by the government. E.g., Textile items and electronic items were smuggled in the 1970s. Presently, gold is the primary item that is smuggled into India.

3. Cyber Crimes

With increased dependence on computers, cyber crimes have emerged as the main activity of Organized Crime Groups. They indulge in hacking, copyright piracy, software piracy, credit card fraud etc.

4. Environmental Crime

There is a large-scale poaching of animals due to organized crime. 50% of world species are facing the fastest man-made mass extinction because of animal poaching.
Timber poaching is also a multi-billion dollar avenue and organized crime groups.

5. Trafficking cultural property

Trafficking of cultural property is a crucial avenue for money laundering. Ancient Artefacts are stolen, and organized crime groups destroy sites to erase the trails of theft.

6. Piracy

Piracy is widespread across the Horn of Africa, Malacca and Sundarbans.
Organized crime groups indulge in attacking merchant ships to take the crew hostage and demand money to release the hostages. They earn millions of dollars through this route.

7. Prostitution

Trading in sex and girl-running is a very profitable business. Underworld is closely connected to brothels and call girl rackets. According to the WHO, Bombay & Kolkata has 1 million, and Pune & Delhi have 40,000 prostitutes.
It has to be noted that prostitution per se is not an offence in India. However, running brothels, inducing girls for the sake of prostitution, detaining girls in brothels, or running brothels in the vicinity of public places is a criminal offence.

8. Contract Killing

Organized Crime Groups like D-Company and Yamaguchi Gumi are also involved in contract killing. They are ready to kill anybody in return for specific fees. It is also the preferred mode of killing, as the conviction rate in contract killing is negligible.
Under the contract, the part amount is paid in advance, called ‘supari’. The rest of the payment is made after the commission of the crime.

9. Money Laundering

Money laundering means the conversion of illegal and ill-gotten money into legal money. Organized Crime Groups provide services via placement, layering and integration of black money in return for fees.

10. Kidnapping

It is a highly organized crime. Crime groups kidnap children or adults and demand huge sums in return for releasing them.
This activity is mainly carried out in urban areas.

11. Organ trafficking

An organ transplant can save a life, but there is a heavy demand-supply mismatch. Due to the desperate situation of the recipient, they are ready to pay a hefty amount. Organized Crime groups exploit this situation by indulging in organ trafficking.
Unlike other crimes, professionals like doctors, nurses etc., are also involved in this.

12. Light Arms Proliferation

Light arms proliferation is a global phenomenon. It has taken a heavy toll on entire regions’ lives and socio-economic development.
Organized Crime Groups are the main suppliers of illegal light arms like pistols, guns etc.

13. Intellectual Property Crime

Intellectual Property Crime (IPC) includes the manufacturing, storage and sale of counterfeit or pirated goods where the consent of the rights holder has not been obtained.
Some scholars argue that it constitutes the largest black-market economy, surpassing the global narcotics trade.

Organized Crime and Terrorism

The intersection between terrorism and organized crime can be divided into three categories

1. Co-existence

It refers to the situation when both (Organized Crime Gangs & Terrorist Organisations) operate in the same theatre but remain separate entities.

Co-existence in Organized Crime and Terror

2. Cooperation

Generally, Organized Crime Groups and Terrorist organizations don’t cooperate as their motives differ. While Terrorists want a change in the political status quo, Organized Crime Groups want a change in the status quo only when it threatens them.
But when the benefit outweighs the risk, they cooperate, including specific operational supports which can be acquired cost-effectively from each other. E.g.:
1. In Columbia, Medellin Drug Cartel hired ELN to implant car bombs because they didn’t have the expertise in bombs.
2. Islamic Movement of Uzbekistan allied with the Afghan drug mafia so that movement of drugs could occur safely to the Soviet Union.
3. Terrorist Organizations frequently use Organized Crime Groups’ help to create fake passports, smuggling terrorists into countries. Terrorist groups / Insurgents active in the North-Eastern States take the services of crime syndicates active in Cox Bazaar for such activities.

Cooperation in Organized Crime and Terror

3. Confluence

When a single entity does both activities

Organized Crime	When Organized Crime Group uses terror tactics to safeguard their business interest. E.g., D-Company’s terrorist activities.
Terrorist Group	When Terrorist Group uses organized crime to gather funds, E.g., Al Qaeda uses drug trafficking, and ISIS uses women trafficking to fund their activities.

Confluence in Organized Crime and Terror

It is also known as ‘Black Hole Syndrome‘, where terrorist groups and transnational organized crime groups converge entirely into each other. The black hole syndrome is thus described as the natural progression of these two criminal groups gaining economic and political control over the territory (Tamara Makarenko, 2005, p.129)

Indian examples of Black Hole Syndrome

In the Northeast, extortion, drug trafficking and gun running are the fundamental basis for funding terrorism.
D Company of Mumbai (as discussed above).

Similarities between Terrorism and Organized Crime

There is a similarity in personality traits of members belonging to terrorist organizations and Organized Crime Groups. Members of both organizations are
- From the marginal social groups exposed to and burdened by social or political frustrations
- They are the persons attracted by excitement and thrill.
- They have risk-taking ability.
Terrorist Organizations and Organized Crime Groups have similarities in their modus operandi, which involves
- Secrecy and confidentiality.
- Use of violence to accomplish certain goals or interests.
- Detailed planning and preparation
- Respect for strict discipline.
- Intimidating the surroundings.
Activities carried out by both, i.e. Terrorists and Organized Crime Groups are punishable by law.

Differences between Terrorism and Organized Crime

Terrorist Organisations	Organized Crime Groups
They want to overthrow the existing government by changing the present order.	They don’t want to overthrow the state => Only want to form a parallel government.
They use violent means.	These groups generally remain non-violent. Violence is used as a last resort.
Terrorists are driven by political objectives.	Organized Crime Groups are driven by economic objectives, devoid of any political dimension.
Terrorist organizations claim responsibility for terrorist attacks.	Organized Crime Groups never claim responsibility for their criminal acts.
They try to seek media attention.	They don’t seek media attention and remain low profile.
They attack government and law enforcement agencies.	They generally don’t indulge in such activities.
They want to influence public opinion.	They aren’t concerned with public opinion.

UN Convention Against Transnational Organized Crime

It was adopted in 2000 and came to force in 2003.
The Convention is supplemented by three supplementary protocols i.e.
1. Protocol to Prevent, Suppress and Punish Trafficking in Persons, especially Women and Children
2. Protocol Against the Smuggling of Migrants by Land, Sea and Air
3. Protocol against the Illicit Manufacturing of and Trafficking in Firearms and Ammunition
As a signatory, the country is committed for
1. Creation of domestic criminal offences for participation in an organized criminal group.
2. Adoption of frameworks for extradition, mutual legal assistance and law-enforcement cooperation.
3. Promotion of training and technical assistance for building or upgrading the necessary capacity of national authorities.

Legal position in India on organized crime

There is no national law explicitly dealing with Organized Crime in India. Various provisions of IPC deal with it. But the Government of India is planning to make the Organized Crime Control Act.
Various states have enacted special legislation to tackle Organized Crime, like Maharashtra (first to pass in 1999), Delhi, UP, Gujarat, Karnataka & Haryana (2019).

1 . Provisions of IPC

Criminal Conspiracy

It is defined by Section 120A of IPC.
Criminal Conspiracy is – when two or more persons agree to do or cause to be done an illegal act or an act which is not illegal by illegal means.

Dacoity

Section 391 of IPC deals with it.
If 5 or more persons commit a robbery, it is termed as dacoity.
It is a punishable offence with imprisonment for life or rigorous imprisonment of up to 10 years.

2. Provisions to tackle Human Trafficking (by Organized Crime Groups)

Anti-Trafficking Nodal Cell has been set up by the Ministry of Home Affairs to act as a focal point for tackling Human Trafficking in the country.
The government of India has also signed agreements with Bangladesh, Nepal, Bahrain etc., to curb Human Trafficking.

3. Provisions to tackle Drug Trafficking (by Organized Crime Groups)

Acts: India has enacted the Narcotics Drugs and Psychotropic Substances Act, 1985 (NDPS Act) and the Prevention of Illicit Trafficking of Narcotics Drug and Psychotropic Substances Act, 1988.
International Conventions: India is a signatory to all three UN Conventions, namely
1. Convention on Narcotics Drugs, 1962
2. UN Convention on Psychotropic Substances, 1971
3. UN Convention against Illicit Trafficking of Narcotics Drug and Psychotropic Substances Act, 1988

4. State Acts

Various states have passed State laws to control organized crime, notorious gangsters and crime syndicates in the state. Most notable among them is the Maharashtra Control of Organized Crime Act (MCOCA), 1999.

5. Suggestions of the Supreme Court

Supreme Court has recently directed the Centre to set up Organized Crime Investigating Agency (OCIA). It can be a positive step in combating organized crime.

Problems in controlling Organized Crime in India

Inadequate Legal Structure: India needs a special law to control/suppress organized crime. The existing law is insufficient as it targets individuals and not criminal groups or criminal enterprises.

Difficulties in Obtaining Proof: Organized Criminal groups are structured hierarchically, and the higher echelons of leadership are insulated as there is hardly any documentary evidence against them.

Dual Criminality: Certain crimes, particularly drug trafficking, are planned in one part of the world and executed in another. Different nations have different legal structures, and the extradition of criminals from one country to other is very difficult.

Criminal, Political & Bureaucratic Nexus: Due to this, the investigating and prosecuting agencies find it difficult to deal effectively with them.

Lack of Resources & Training: Police come under the State’s subject. Most States face a resource crunch, and there are hardly any training facilities for investigating organized crime.

The police force in India is not trained to deal with organized crime. Their training involves dealing with conventional crime, and organized crime is neglected.

The technological sophistication of organized crimes due to new technologies like cryptocurrencies has opened up many possibilities for criminals to carry out traditional crimes without leaving a trail.

Weakness of the financial system due to the prevalence of the cash economy, parallel transactions through hawala, money laundering etc., makes it harder for law enforcement agencies to control them.

Role of external state and non-state actors in creating challenges to internal security

by admin

Role of external state and non-state actors in creating challenges to internal security

This article deals with ‘Security challenges and their management in border areas.’ This is part of our series on ‘Internal Security’, which is an important pillar of the GS-2 syllabus. For more articles, you can click here.

Definition: State Actors vs Non-State Actors

State Actors (SA)

State Actors are based on the premise of sovereignty, recognition of statehood and control of territory & population.
E.g., India, the US, and Micronesia (irrespective of size).

Non-State Actors (NSA)

In the Post-Cold War Era and with the advent of Globalisation, the concept of the Nation-State has experienced erosion, and Non-State Actors have become the force to reckon with.
Non-State Actors are not always sympathetic to national interests, but their loyalty lies with group, corporation or community interests.
The traditional hierarchy, which used to exist earlier with the military dominating economic & social interests, doesn’t exist anymore because of the rise of Non-State Actors.
Examples of NSAs include

International Government Organisation	NATO, UNO etc.
NGO	Amnesty International, Greenpeace etc.
Multi-national Corporations	Operating in multiple sovereign states eg Shell(oil)
International Media	BBC, Al-Jazira, CNN etc.
Violent Non-State Actors	Al-Qaeda , Drug Cartels
Religious Groups	Roman Catholic Church
Transnational Diasporic Communities	Indian Diaspora affects policies back home

Challenges to India’s Internal Security from NSAs

1 . Terrorism

Non-State Actors, mainly terrorist groups, are involved in the execution of terror attacks. Notably, in the case of India, these terrorist groups are either secessionists or Islamic fundamentalists.
These Terrorist Organizations have been banned under the Unlawful Activities (Prevention) Act of 1967.
Examples of Terrorist Non-State Actors include

Lashkar e Taiba	Jaish e Mohammad
Harkat ul Mujahideen	Hizb ul Mujahideen
United Libration Front Of Assam	National Demo Front of Bodoland
LTTE	CPI (Maoist)
Babbar Khalsa International	Khalistan Commando Force

2. Naxalism

Naxalism was started as a movement for land reforms. Later, it took a violent & dangerous turn aiming at overpowering the democratic structure of India via violent armed struggle.
Naxalists get financial, ideological and technological support from external Non-State Actors (especially foreign leftist organizations from the Philippines, Turkey and China.).

3. Insurgency

Many insurgent groups are active in North-East with demands ranging from separate states to regional autonomy to complete independence.
It is difficult to handle these insurgents because of the rugged terrain, porous border & external support of adjoining states.
There is massive unemployment in the North-East region. Hence, unemployed youth provide an easy target for recruiters.
Interlinkages between outfits ensure a smooth transfer of military hardware & technology. Even the weakest outfit has access to sophisticated technology ranging from satellite communication to automatic guns.
State and Non-State Actors help the insurgents in various ways. The examples mentioned below will help in understanding this.

3.1 Naga Insurgents

Naga insurgents receive patronage from the Chinese regime.
They enjoy safe havens in Bhutan, Bangladesh & Myanmar.
Naga outfits like NSCN (IM) have close links with NDFB, Naxalists etc. They even have links with Burmese groups like United Wa Army and Kaichin Independence Army (KIA).

3.2 ULFA

ULFA waged an international struggle by attending meetings of the Unrepresented Nations Peoples Organisation.

4. Cyber Attacks

Cyber attacks are carried out by cyber criminals, cyber terrorists and other foreign states.
While cybercriminals indulge in such activities for monetary gains, cyber terrorists want to further their political objectives.
India’s exponential growth in the IT sector and various e-governance measures make it extra vulnerable to such attacks. E.g., the 2010 Commonwealth Games hosted by India witnessed Cyber attacks from Pakistan & China to damage information systems.
It has been noticed that most cyber attacks on India originate from the US, China, Russia, East Europe & Iran.

5. Counterfeit Currency / Economic

It is tough to distinguish between fake & real currency nowadays because the fake currency is printed with state-of-the-art technology using security paper supplied by state actors.
It is a sub-conventional warfare strategy pursued by Pakistan against India.
Fake currency is mainly brought to India through the porous borders of Nepal & Bangladesh.
Terrorist organizations like Hizb ul Mujahideen use the fake currency to fund their programs.
To tackle this, the government has taken various measures like
1. Demonetisation of Indian currency notes.
1. New notes have more security features. Hence, they are difficult to counterfeit.
2. A special cell under NIA has been formed to counter terror funding and fake currency.

6. Communalism

Various reports highlight that domestic extremist organizations get financial & ideological support from external religious organizations (Non-State Actors) and Foreign States (Pakistan, China etc.).
E.g.:
- Pakistan (state actor) funds Kashmiri Terrorists.
- Islamic terrorists are getting ideological support from ISIS.
- Saudi Arabia is promoting and funding radical Wahhabism in the world.
- Zakir Naik’s Islamic Research Foundation and Peace TV are radicalizing Muslim Youth in India and Bangladesh.

7. Drug Trafficking

Due to its location, India has become a transit hub & destination for drugs originating from GOLDEN TRIANGLE (Myanmar, Thailand and Laos) & GOLDEN CRESCENT (Afghanistan, Pakistan and Iran).
There is nexus between drug traffickers, organized criminal networks & terrorists, which is powerful enough to destabilize even the whole nation. Money generated by this trade is also used to fund insurgents & terrorists.

8. Human Trafficking

Human trafficking, in major part, involves the abduction, buying and selling of women and children for prostitution, forced marriages and bonded labour.
India has been both the source and destination of human trafficking.
1. Women and children are trafficked from Nepal and Bangladesh to be sold inside the country for prostitution.
2. Women are trafficked from India to the Middle East and other European countries, where they are employed as low-skilled labourers, domestic workers and sexual exploitation.

9. Piracy

Piracy is a serious threat to India because the Indian economy heavily depends on the export and import of goods. Securing the Sea Lane of Commerce is vital for India.
In the Indian Ocean, Somalian pirates are active around the Horn of Africa, which poses a great threat to India’s energy security as oil tankers also pass through this region. To tackle this, the Indian government has taken various measures, including escort vessels in the Gulf of Aden.

10. Security threats posed by Indian Diaspora

Indian (Muslim) diaspora in Gulf nations is indoctrinated during their stay and used for carrying out terrorist activities and propaganda on their return to India.
A large number of Sri Lankan Tamils were forced to take refuge in Tamil Nadu during the Civil War in Sri Lanka between Sri Lankan Army and LTTE. They, along with the people of Tamil Nadu, exert pressure on Tamil Nadu and the Indian government to take a stand against Sri Lankan government, causing strain in Indo-Lanka relations.
Indian (Sikh) diaspora in countries like the UK, Canada, USA, Australia etc., support the Khalistan issue.

11. Threats posed by Multi-National Corporations (MNCs)

In today’s globalized world, MNCs are influencing the global economy, and some MNCs (like Facebook, Coke etc.) have become more powerful than nation-states.
Actions of powerful mining MNCs like Vedanta and POSCO and subsequent encroachment of the lands of Adivasis resulted in the emergence of Naxal / Maoist movements in these areas.
Powerful seed companies like Monsanto and Bayer can pose a great threat to the nation’s food security by patenting the technology used to manufacture GM and HYV seeds.
MNCs shatter the faith of the common public in the government. Government loses legitimacy, and people tend to believe that it is working for these MNCs and big corporates.

12. Threats posed by NGOs

NGOs have a soft glove and apologist attitude towards Naxalites, Insurgents & Terrorists.
NGOs like Amnesty International force governments to repeal acts like AFSPA, which can prove dangerous in some situations.
Intelligence Bureau (2014) also brought to the forefront the obstructionist role played by Foreign Funded NGOs and the loss of GDP to the tune of 2% happening due to their protests.

To counter this, Parliament passed Foreign Contributions Regulation Act (FCRA) in 2010 to regulate the flow of foreign funds to NGOs.

Part 2: Role of External State Actors in creating threats to Internal Security of India

2.1 Internal Security threats posed by China

India and China have a long-standing border dispute which leads to frequent Chinese intrusions into Indian territories. Recently, China has been following an assertive policy, as evident from the Galwan clashes (2020).

China is supporting the insurgents in the North-East States, corroborated by the fact that counter-insurgency operations in the North East have resulted in the recovery of dozens of made-in-China rifles, pistols, grenades and other ammunition. NIA has found evidence that the National Socialist Council of Nagaland (NSCN-IM) and the National Democratic Front of Bodoland (NDFB) are buying weapons from Norinco (a state-owned weapon manufacturer in China).

China also provides shelter to North Eastern ethnic separatist militants (Eg, NSCN, ULFA etc.).

Since the beginning, the Maoist/ Naxalism movement has received philosophical, moral, financial, and intellectual support from China.

China-Pakistan Economic Corridor (CPEC), which connects Xinxiang with Gwadar port, passes through Pakistani Occupied Kashmir and undermines Indian sovereignty over the region.

China is building a large number of naval bases in the Indian Ocean to encircle India through its String of Pearl strategy.

Cheap Chinese mobiles sold in the Indian market manufactured by companies like Xiaomi pose a threat of surveillance and data leakage by the Chinese state. The Indian military has barred its employees from using Chinese mobiles.

2.2 Internal Security threats posed by Pakistan

Terrorism in the UT of Jammu and Kashmir is the direct manifestation of Pakistan’s policy of bleeding India through a thousand cuts.
ISI of Pakistan also supports Naxal groups to foment disturbance and law and order problems in India.
In the North-East, Pakistan’s ISI has trained and financially supported insurgent groups such as ULFA.
Pakistan is encouraging non-state actors like the Lashkar-e-Taiba (LeT) with active funding and logistical and military support to foment unrest in India.
Pakistan is trying to flood India with fake currency so as it impact the Indian economy and weaken the trust of the public in the Indian currency.
Pakistan is flooding the border states with drugs to destroy India’s youth and produce unrest in the country.
Pakistan indulges in complex cyber attacks on Indian companies, government websites and databases.

2.3 Internal Security threats posed by Bangladesh

Terrorism
Cattle Smuggling
Iluman Trafficking
Illegal Migration
civilspedia.com

Bangladesh acts as a safehouse for terrorists. During Khalida Zia’s regime, DGFI (Bangladesh’s intelligence agency) also used to support insurgent groups in the North-East.

Illegal migration from Bangladesh to North-Eastern states has been the source of communal and ethnic tension in India, resulting in large-scale demographic changes in the North-East region.

Due to the porous nature of the border, there is a rampant drug, human and cattle trafficking. While there is no evidence of direct state involvement in this case, it is its inactivity to resolve the issue that is concerning.

Basics of Cyber Security

by admin

Basics of Cyber Security

This article deals with the ‘Basics of Cyber Security .’ This is part of our series on ‘Internal Security’, an important pillar of the GS-3 syllabus. For more articles, you can click here.

Introduction

Information Technology Act of 2000 defines Cyber Security as “protecting information, equipment, devices, computer resource, communication device and information stored therein from unauthorized access, use, disclosure, disruption, modification or destruction.”

The internet is prone to attacks as its architecture was designed to promote connectivity and not security.

With the growing importance of the internet, cyberspace has been recognized as 5th dimension of warfare (after land, sea, air and space)

The importance of the internet in India can be gauged from the following data.

Evolution of Cyber Security

otnets (late 2000s
to Current) DLP.
plication-aware
Firewal
civilspedia.com
Viruses (1990s)
nti-Virus, Firewal
APT, Insiders
(Current) Networ
Flow Analysis
worms (2000s)
ntrusion Detectio
& Prevention

Cyber Security Threats

('4 ber Crime
Cyber Warfare
Cyber Attacks
Cy ber Espoinage
Cyber Terrorism
Cry pto Jacking

1. Cyber Crime

There is no fixed definition of cybercrime. It refers to all the criminal activities done using the computer, the internet and cyberspace. Even the Indian IT Act doesn’t define cybercrime.
Cybercrime is an intellectual and white-collar crime.
Generally speaking, it can be divided into two categories i.e.
1. Crimes that target computers and devices directly. E.g., Hacking, computer viruses, data theft, Denial of Service (DoS) attacks etc.
2. Crimes facilitated by computer networks. E.g., Phishing, Spam, Offensive Content, Cyber Stalking etc.

The most prominent form of cybercrime is identity theft, in which criminals use the internet to steal personal information from other users. Two of the most common ways this is done are phishing and pharming.
Cyber Crime is a broader term which includes Cyber Attacks, Cyber Terrorism and Cyber Warfare.

2. Cyber Attack

Cyber-attack is “any type of offensive manoeuvre employed by individuals or organizations targeting computer information systems, infrastructures, and computer networks with a goal to alter, disrupt, deny, degrade, or destroy the data held on the targeted system or network.”
It is mostly done using malicious code.
International examples of Cyber Attacks include
1. SolarWinds cyberattack (2020) in which hackers exploited the loophole in SolarWinds Orion software, which is used by thousands of companies, including several US government agencies.
1. Ransomware attack on ‘Colonial Pipeline Company’ for which it paid millions of dollars in Bitcoins
2. In 2012, Saudi oil major Aramco was hit by the ‘Shamoon virus‘, which wiped the memory of 30,000 computers. The attack was likely carried out by Iranians.
Some notable examples of cyber attacks on India include
1. Pakistani Hackers, “Pakistani Cheetahs“, frequently try to hack the government of India websites.
2. In 2020, the Chinese hacker group Stone Panda attacked the Serum Institute of India (SII) and Bharat Biotech’s IT systems to access data related to the Covid-19 vaccine developed by these companies.
3. 32 lakh debit cards of the consumers of Indian banks were compromised in 2016.

3. Cyber Terrorism

The acts of terrorism related to cyberspace or executed using cyber technologies are popularly known as ‘cyber terrorism’. It is the convergence of terrorism and cyberspace.
The basic qualifier to be recognized as cyber terrorism is that attack should result in violence or generate fear.
In 1998, Sri Lankan embassies were swamped with e-mail bombs by ethnic Tamil militants. It is believed to be the first cyber terror attack in the world.

4. Cyber Warfare

Cyberwarfare is the use of computer technology in politically motivated attacks against a state or organization. It includes targeted attacks on information systems for tactical or strategic reasons.
Cyber warfare attacks can disable official websites and networks, disrupt or disable essential services, steal or alter classified data, and cripple financial systems among many other possibilities.
Any country can wage Cyberwar on any other country, irrespective of resources, because most military forces are network-centric and connected to the internet, which is not secure. For the same reason, Non-Governmental Groups and individuals could launch cyber warfare attacks.

International Examples

Stuxnet attack in 2010 in which Israel attacked Iranian Nuclear Plants.
In 1998, the United States hacked into Serbia’s Air Defence System to compromise air traffic control and facilitate the bombing of Serbian targets.
In 2012, large-scale cyber attacks targeted at the Iranian government were uncovered. In return, Iran is believed to have launched massive attacks aimed at US banks and Saudi oil companies.

Indian Examples

2020: During the Galwan Valley incident with China, the Chinese hacker group Red Echo conducted a “ShadowPad” malware attack against India, resulting in a massive power outage in Mumbai.
When violence broke out in 2012 between residents of Assam and Bangladeshi migrants, nationwide hate messages were spread by Pakistan.

5. Cyber Espionage

Cyber Espionage is the act or practice of obtaining secrets without the permission of the holder of the information, from individuals, competitors, rivals, groups, governments and enemies for personal, economic, political or military advantage using methods on the internet, networks or individual computers through malicious software including Trojan Horses and Spywares.
These acts are between state nations, but they may include non-state actors too.
Examples include
- In 2020, Indian Express Investigation found that Zhenhua Data Information Technology Co. was monitoring over 10,000 Indian individuals and organizations, including bureaucrats in key positions, judges, scientists and academicians, journalists, actors, sportspersons, religious figures and activists.
- NSA Surveillance Program as revealed by Edward Snowden in the USA.
- Cyber-espionage group called Danti penetrated Indian government systems.

6. Phishing

Phishing websites or web pages are created by fraudsters, which leads you to believe you are entering your personal details on a secure website, but the details go directly to the fraudster.
Using these details, the fraudsters can log in from your account and change the password, locking you out of your own account or using the credit or debit card details and password to withdraw money.

7. Pharming

Pharming is a type of scam wherein malicious malware is loaded on a server to trick people into visiting fraudulent websites without their knowledge or consent.

8. Crypto Jacking

Crypto-Jacking is a process in which unauthorized crypto-coin miners siphon the resources of personal computers to mine cryptocurrencies like Bitcoin without the owner’s knowledge.
According to the latest Symantec Report, this is the latest major threat in cyber security.

Crypto-jacking = Latest Cyber Security Threat

9. Cognitive Hacking

Cognitive Hacking involves exploiting psychological vulnerabilities, perpetuating biases, and compromising logical and critical thinking to change the target audience’s thoughts and actions, galvanize societies and disrupt harmony using disinformation.
Cognitive Hacking tries to manipulate the way people perceive reality.
Examples
1. A group named QAnon spread false information arguing that the US 2020 presidential election was fraudulent.
1. Conspiracy theorists in countries like UK and Netherlands burnt down 5G towers believing that it caused the novel coronavirus pandemic.

Malware

Malware is a term used to describe harmful software that is capable of monitoring users’ online activity without their consent.

1. Computer Virus

A computer virus is a computer program developed by a programmer to infect other programs.
It affects the computer system in the following ways
1. Destructs file allocation table (FAT)
2. Erases specific programs and data on discs
3. Alters content of files
4. Suppresses execution of RAM
5. Destroys part of data held on disc via the creation of bad sectors
6. Formats discs or tracks on discs in a different way.

2. Trojan Horses

A Trojan horse is a malware program, which seems to be doing one thing, but in reality, it does another thing and is used to set up a rear door into the system, thereby enabling the intruder to access the user’s personal information.

3. Spyware

It is a computer program that gathers personal information secretly and sends it via the internet from the computer without the user’s knowledge.
E.g., Spyware called Pegasus (made by an Israeli firm, NSO) is used by various government agencies to compromise the phones of multiple activists, journalists and lawyers.

4. Ransomware

Ransomware, as the name suggests, locks computers, encrypts the data on them and prevents users from accessing their devices and data until a certain ransom is paid to its creator.

Examples

1 . WannaCry (2017)

WannaCry ransomware attack infected more than 1 lakh companies and services, including the National Health Services (NHS) of Britain, where doctors were blocked from patient files. Hackers demanded $300 in Bitcoins to decrypt files.

2. Petya (2017)

Petya was even more advanced ransomware than WannaCry. Its chief targets were Ukraine and Russia.

3. Colonial Pipeline Company Attack (2021)

Ransomware attack on ‘Colonial Pipeline Company’ for which it paid millions of dollars in Bitcoins

5. Spam

Spam in the security context is primarily used to describe e-mail spam—unwanted messages in your e-mail inbox. Spam, or electronic junk mail, is a nuisance as it can clutter your mailbox and potentially take up space on your mail server.

Associated Terms

1. Hacker

A “clever programmer” or “someone who tries to break into computer systems to steal personal data without the owner’s permission or knowledge” is known as a Hacker.

2. Firewalls

A device that guards the entrance to a private network and keeps out unauthorized or unwanted traffic is termed as Firewall.
Firewalls distinguish “good” traffic from “bad” traffic.

3. Encryption and Decryption

Encryption is the process of translating the plain text into random and mangled data (called cipher-text).
Decryption is the reverse process of converting the cipher-text back to plain text.
Encryption and decryption are done by cryptography.
Encryption is used to protect data in a communication system, for example, data being transferred via networks (e.g. the internet, e-commerce etc.), mobile telephones, wireless microphones, wireless intercom systems, bluetooth devices and bank automatic teller machines.
WhatsApp uses end-to-end encryption that ensures only you and the person or group you are communicating with can read and see what is sent, and nobody in between — not even WhatsApp have access to messages. Investigators argue they’re creating warrant-proof spaces for criminals. When no such absolute privacy exists in the physical world, how can such exist in the virtual world?
Strong encryption protocols increase consumer confidence in the digital economy, but the Indian government fears a scenario where criminals or terrorists can easily “go dark” behind secure channels.

Benefits of Cyber Attack over Conventional Attack

Cheaper to execute.
Less risky as no physical harm can be done to the attacker.
Anonymity, as technology, permits the attacker to conceal its origin, making it more lucrative for the state and non-state actors.
These attacks are unconstrained by distance.
Several people can use the same program.
Traditional security concepts like deterrence and retaliation are challenging to apply.
Difficult to locate the attacker, who can even mislead the target into believing that the attack has come from somewhere else.

India’s vulnerability in Cyber Space

India remains vulnerable to digital intrusions such as cyber-espionage, cybercrime, digital disruption and Distributed Denial of Service. India is the 3rd most vulnerable country in the world in terms of cybersecurity breaches, followed by US & China (according to a 2018 Report by Symantec).

Indian IT Act of 2000 is weak with the presence of large lacunae (explained below).
Cyber Security audits do not occur periodically, nor do corporations adhere to international standards.
There is a lack of best practices and statutory backing for the same in India. E.g., norms for disclosure of cyber attacks were only put in place in 2019.
There is no data protection law in India.
Data Colonization of Indian data is happening at a great pace as Indian data is exported abroad and stored outside in the absence of data localization law.
The multiplicity of agencies (more than a dozen), including MHA, CERT-IN, NCIIPC, State police etc., deal with cybercrime. The lack of coordination hinders smooth functioning.
Computer Emergency Response Team (CERT-In) is woefully understaffed.
Chinese are increasing their military capacity for the cyber attack, which is a cause of concern for India.
Most mobile devices are made in China, which heightens the risk of Cyber Espionage.
At the individual level, there is attitudinal apathy of users towards issues of cybersecurity. Indians don’t use paid original versions of operating systems and software. As a result, they don’t get frequent updates from the system, making them vulnerable to cyber-attacks.

Why does India need Cyber Security?

India is betting big on the digital sector. Cyberspace has become a key component in the formulation and execution of public policies such as Digital India & Smart Cities. Hence, an ultra-secure cyber network is required in India.
The number of internet users in India is increasing at an unprecedented pace. In 2020, India had nearly 730 million Internet users, which will grow to over 974 million users by 2025.
The government’s digital push, especially promoting programs such as Aadhar, Digilocker, e-Market etc., makes cyber security very important. In these schemes, the government is processing and storing sensitive data, which, if compromised, can have a devastating impact.
The number of cyber crimes is also rising at a fast pace, as corroborated by the fact that National Crime Records Bureau (NCRB) in 2019 registered a 63.5% jump in cybercrime cases over 2018. Additionally, the frequency of highly sophisticated cyber attacks like Wannacry and Petya is rising.
To protect our Critical Infrastructure.
To protect the private sector, especially the IT sector, which is an important job creator and source of foreign exchange.
To protect the citizens of the nation from hacking & fraud attacks.
Most countries are going for the militarization of cyber space, which can alter the outcomes of the battle.

Side Topic: Stand of various nations on the militarization of cyberspace

Stand of various nations on the militarisation of cyberspace

India’s Cyber Security Architecture

1. IT Act,2000

Information Technology Act of 2000 regulates the use of computer systems and computer networks and their data. The act gives statutory recognition to electronic contracts and deals with electronic authentication, digital signatures, cybercrimes, the liability of network service providers etc.

Act declares the following things as cyber crimes

Section 66A	Sending offensive messages through a communications provider, including attachments.
Section 66B	Dishonestly receiving stolen communication devices or computer resources.
Section 66C	Identity theft
Section 66D	Cheating by personating
Section 66E	Violation of privacy
Section 66F	Defines Cyber Terrorism: As the act of causing a denial of service, gaining unauthorized access, or introducing a virus in any critical information infrastructure of the nation as defined by Section 70 with the purpose of endangering India’s unity, integrity, security, or sovereignty, terrorizing the general public, or gaining unauthorized access to data or databases that are restricted for the sake of the state’s security or friendly relations with foreign states.
Section 67A	The electronic publication or transmission of material having explicit sexual content.
Section 67B	Publishing or distributing content that shows children in sexually explicit acts.

Along with that, the IT Act of 2000 has provisions for the creation of NCIIPC and CERT-In.

Section 70A: Creates NCIIPC (National Critical Information Infrastructure Protection Centre) to protect Critical Information Infrastructure (CII) (12 sectors like banking, defence, aviation etc.)
Section 70B: Creates ‘Computer Emergency Response Team India’ (CERT-IN) modelled on a similar force in the USA to deal with cyber security threats like Hacking and phishing and strengthen defence.

However, the act is weak in the following issues.

The maximum damage, by way of compensation, stipulated by the cyber law amendments is Rs.5 crores. It is a small amount to act as a deterrent for corporates.
The issue of spam has not been dealt with comprehensively. The word ‘spam’ is not even mentioned anywhere in the IT Act. It is pertinent to note that countries like the USA, Australia and New Zealand have demonstrated their intentions to fight against spam by making laws specifically dealing with spam.
Indian information technology (IT) laws are not stringent enough to deal with hacking instances. In case someone gets hacked by any university or institute network, the maximum punishment is three years and Rs. 5 lakhs under Section 66.
Hacking is a bailable offence in India, unlike the US.
In the US, when the Sony PlayStation network was hacked, users filed lawsuits against the company. In India, users who lost their data could do nothing against the company. A low-level police inspector investigates cyber crimes like data hacking in India. The efficacy of such an approach is hardly likely to withstand the test of time, given the current non-exposure and lack of training of Inspector level police officers to cyber crimes.
The act does not protect privacy. Hence, it does not prevent companies from selling or sharing consumer data.
The bill also does not comprehensively define cyberterrorism.

The government has tried to update the bill to deal with the challenges of cyberspace. The dynamic nature of the sector means that the government is always playing catch up.

2. National Cyber Security Policy, 2013

It was brought against the backdrop of revelations by Edward Snowden of the massive NSA surveillance program.

Salient features of Policy

Set up a 24×7 NCIIPC to protect the critical infrastructure of the country.
Create a taskforce of 5 lakh cyber security professionals in 5 years.
Provide fiscal advantages to businesses for the adoption of standard cyber security practices.
Designate CERT-In as in charge of cybersecurity-related matters and have the local (state) CERT bodies coordinate at the respective levels.
Develop a dynamic legal framework to deal with Cyber Security.
Set up testing labs to regularly check the safety of equipment

It has to be noticed that National Cyber Security Policy 2013 mainly covers defensive and response measures and makes no mention of the need to develop offensive capacity.

3. CERT-In

CERT-In (Cyber Emergency Response Team – India) was constituted under IT Amendment Act, 2008.
It works under the aegis of the Ministry of Electronics and Information Technology (MEITY).
Its main functions include
1. Act as the national agency in charge of cyber security.
2. Identify cyber threats and issue warnings.
3. Respond to cyber security incidents as and when they occur.
4. Coordination of cybersecurity threat response.
5. Issuance of guidelines, advisories, vulnerability notes and white papers relating to Cyber Security.

It has to be noted that CERT-Fin has also been established to tackle threats related to the financial sector.

4. NCIIPC

National Critical Information Infrastructure Protection Centre (NCIIPC)is the nodal agency to protect the country’s critical infrastructure like banking, defence etc.

5. I-4C

It works under the Ministry of Home Affairs.
It helps to tackle internet crimes such as cyber threats, child pornography and online stalking.

6. CyCord Centre

It was formed in 2018.
It is a platform for Law Enforcement Agencies to collaborate and coordinate their efforts to resolve cyber crimes.

7. Cyber Swachhchta Kendra (CSK)

It is a part of the Digital India Initiative.
At CSK, computer systems are scanned by CERT-In for free.
It also enhances the awareness among citizens regarding botnet and malware infection.
CSK provides various tools to prevent cyberattacks, like-
1. M-Kavach: Antivirus for smartphones.
2. USB Pratirodh: USB protector
3. Browser JSGuard: Block malicious JavaScript and HTML files.
4. Free Bot Removal Tool (made in collaboration with QuickHeal).
5. AppSamvid: Whitelisting tool for the desktop.

8. State Specific Steps

Various states are also taking steps wrt Cyber Security

Telangana	– Telangana is the first state to come up with a policy on cybersecurity. – It has also established a Cybersecurity Center of Excellence (CCoE).
Kerala	Cyberdome is a Center of Excellence for Kerala Police to bridge the gap between the latest changes and innovations in cyberspace and the skill set development of Kerala Police.
Maharashtra	Maharashtra has become the first state in the country to have a cyber-police station in each district

9. Other Steps

I4C has launched Cyber Crime Volunteer Program to allow citizens to register themselves as ‘unlawful content flaggers’ to report online content for removal and help law enforcement agencies.
India is working with the UK, USA, China, Malaysia, Singapore, Japan and many other countries on diverse issues such as joint training of cybersecurity professionals, information exchange, law enforcement and technical capacity building to combat cybercriminal activities jointly.
52 countries (including India) and international bodies have signed the Christchurch Call to Action to eliminate terrorist and violent extremist content online.

Budapest Convention

Came into force	1 July 2004
Against	1. Crimes committed via the Internet 2. Infringement of copyrights 3. Computer-related fraud 4. Child pornography 5. Violation of network security
Objective	– Pursue common criminal policy aimed at the protection of society against cybercrime by adopting legislation – Declare any publication of racist or xenophobic propaganda via computer network an offence

Developing countries, including India, have not signed it, stating that the developed countries led by the US-drafted it without consulting them.

Steps India should take

Individual Level: Individuals should be educated to create backups & also understand the need for them. They must be educated not to reveal their sensitive personal information indiscreetly.
Amendment of IT Act 2008, which should include provisions like
1. Data Localisation
2. Security certification’ for important network equipment and software companies.
Using Cloud Computing: Since small firms, startups and government departments can’t buy expensive firewall systems individually, the government can go for Cloud Computing (IaaS) Mechanism to provide high-end and secure firewalls. It will reduce the price and increase affordability.
Cyber Offensive Policy: India should have its own Cyber Offensive policy to give a clear idea to the world of how India would respond if any nation-sponsored Cyber Attack hits it.
India can raise a cyber command of the Indian Military to combat cyber warfare.
Sign Budapest Convention – Budapest Convention is the first & only international treaty that addresses Internet and computer crime.
Air gapping: Air gapping isolates a computer or network and prevents it from establishing an external connection.
Using Quantum Cryptography: Cryptography is the process of encoding and decoding information so that it is sent securely over the communication network. Present Systems of Cryptography use Mathematical Algorithms which can be cracked. Quantum cryptography uses the spin of photons as the key. Hence, there is little chance it can be cracked.