Cybercrimes’ Catch-22

Syed Kaleem Imam

Recently, employees of a reputable company in Karachi were shocked to learn that their emails and important financial records had been mysteriously deleted from their computers. As the company’s IT department was struggling to figure out what had happened, an anonymous email stunned the top management with its demand of billions of dollars for the safe return of their stolen data. The hackers asked the company – which had invested millions of dollars in Pakistan – to deposit the amount in an offshore account. Luckily for the company, the hard work of its IT specialists bore results and the complete record was retrieved. But the episode demonstrates how sensitive data remains within the reach of hackers.

Yes, internet crime has surged over the last two decades, emerging as the biggest threat to mankind. Cybersex trafficking, cyber-radicalization and terrorism, online fraud and bogus advertisement are not just complicating the people’s lives, but fleecing millions of dollars from them every month.

Several ‘innocent’ internet users are incarcerated for their ‘happy hours’ of online activities.

When I was in the police service, I was approached almost every single day by someone asking for help in some net-related criminality, including fraud and harassment, highlighting the intensity of the issue.

Cybercrime has added a new dimension to our already crime-infested world where theft, robberies, murder, fraud, and human trafficking etc. already remain rampant. The difference between cyber and traditional criminals is that the perpetrators of cybercrime are educated people. And it is not just individuals, but often states are also involved in cybercrime, explaining why this new challenge is growing so rapidly around the world.

There is something disturbing about this felonious conduct involving electronic equipment connected to the internet or a computer. There has been a move from warfare to disruption and deception in the new generation conflicts in which agents, groups, and think tanks act as its vanguard. The booming computer and chip industry is causing harm to human, economic, national security, and financial health. As opposed to the practice of eavesdropping globally — a favorite pastime of humans — cyberwarfare now consists of governments and non-state actors interfering, divulging, and engaging in cross-border crimes, including espionage and financial fraud.

The first cybercrime offense by ‘phreakers’ was documented in the 1970s, when hardware and software were modified to steal long distance phone time. The 2014 McAfee report estimated that online credit and debit card fraud cost the global economy $445 billion over the last four decades. Cybercrime costs the global economy close to $600 billion every year. With several scientifically organised cybercrime syndicates collaborating to commit online crimes, the chances of recovery are only one percent.

There are 4.95 billion internet users worldwide, including 61.34 million in Pakistan, of whom 46 million are active users of social media, which were increased by 11 million or 21 percent during the Covid crisis. In 2021, 30,000 websites were hacked every day with a company falling victim to cybercrime every 39 seconds. The cost of cybercrime is likely to reach $10.5 trillion globally by 2025, with 75 percent of targeted attacks starting with an email.

Cyberwar was used by our archenemy in the 1990s over the Kashmir dispute, which was unfortunate but least unexpected. As many as 36 government database websites were hacked by their hackers named “Indian Cyber Army” in 2010, and the same hackers attacked the Election Commission of Pakistan in 2013 to recover sensitive database information.

Many are still unaware of the fact that cybercriminals send viruses, malware, pornographic material, and other illegal data on digital systems or networks to steal or alter sensitive company or personal data for profit or other malicious purposes. Cyber-risks come from thinking they do not exist. Taking care of all potential risks, fixing the basics, and resolving threats appropriately is another attitude. The methodology to counter this menace is still at an embryonic stage as technology opens new possibilities and avenues for criminal activity, including internet betting, identity theft, virtual sex felonies, electronic public interacting, and pedophilia.

In Pakistan, the Cyber Crime Wing-FIA (Helpline 1991) is the only specialised unit having a legal framework namely the Electronic Transaction Ordinance 2002 (ETO), which checks unauthorised access and damage to data. Interesting to note is that another Prevention of Electronic Crimes Ordinance (PECO) 2007 to overcome ETO 2002 was enacted but it lasted until 2009. Subsequently things reverted to ETO 2002.

Nevertheless, the Prevention of Electronic Crimes Act (PECA) 2016 and “Prevention of Electronic Crimes Investigation Rules, 2018” brought some relief. Approximately 98,600 cases were received by the agency last year, of which around 1,100 got registered. However, the figure of the reported cases may not give the full picture as many others were either underreporting or not reported at all. In most cases, the offences involved financial crimes, online harassment, and ad fraud.

Optimal countering mechanisms are hampered by four primary challenges in our case. Firstly, as a non-signatory to many international conventions, in particular Budapest Convention — a treaty designed to combat crimes committed over the Internet and other computer networks — Pakistan is unable to prosecute wrongdoing committed on Twitter, Facebook, WhatsApp, etc. The current standard of sharing data is only limited to child pornography and terrorism.

Secondly, illegal SIM cards are still a sore point. The crooks still manage to fool innocent locals through ads and gift schemes to obtain thumb’s impressions. Live finger detection (LFD) biometrics has been emphasized through live thumb detectors to have actual prints. Due to flaws in cooperation with related stakeholders, the actual culprit remains untraced.

Thirdly, components of the Criminal Justice System are not well versed in the intricacies of cybercrime, evidence collection, and admissibility of exhibits. An enigma is the lack of funds to purchase the latest software-cyber tools, and efforts not only to build the capacity of staff, in particular no attempt to create investigation units at the community level.

Fourthly, the Internet Protocol Data Record of telecom companies needs to modernise software to provide exact mobile numbers in the system for effective detection. Present scheme of providing thousands of numbers hampers narrowing of criminal identity.

Through public awareness campaigns, Artificial Intelligence can enable humans to focus on roles that add value to counter the latest cyber threats, which could be part of all future conflicts. Technology has made us an analog creature, not a moral being, only innovative justice mechanisms shall overcome this pale war. Secure cyberspace and being responsible as we accommodate new technologies are key to enhancing interconnectivity.

We need to ask ourselves a question: Are we ready for cash over cyberspace communications protocol, the ‘bitcoin’, which is gaining strength behind an encoded barrier? And isn’t it being possible for cyber-attack victims to surpass even terrorist threats, if law enforcement does not treat them sensitively.

There is no question that internet online services offer tremendous advantages, including video conferencing, display sharing, reservations, programmes, and business opportunities. But its negative side has brought significant abnormality into everyday lives due to its dependence and diversions from viewing pornographic and aggressive images. As a first line of protection for Cyber Security measures in the public and private sector, educating employees is now the best way to avoid human errors, meet compliance requirements, sustain customer confidence, and remain well-informed about any new threats that may arise.

All should be aware that when on the internet, your moments are no longer private. The “Big Brother” is always watching you 24/7 (George Orwell ‘1984’).