Date post: | 03-Apr-2018 |
Category: |
Documents |
Upload: | rajesh-das |
View: | 235 times |
Download: | 0 times |
of 28
7/28/2019 Cybercrime Booklet
1/28
GOVERNMENT AND PUBLIC SECTOR
Cybercrimes
A Financial Sector View
7/28/2019 Cybercrime Booklet
2/28
In a digital age, where online communication has become the
norm, internet users and governments ace increased risks
o becoming the targets o cyber attacks. As cyber criminals
continue to develop and advance their techniques, ocusing on
thet o nancial inormation, business espionage and accessing
government inormation is o prime requirement. To ght ast-
spreading cyber crime, governments must collaborate globally
and with various stakeholders to develop an eective model that
will control the threat.
India has had its share o incidences in Cybercrimes and more
oten in the Financial Sector this has oten signicantly impacted
investor condence. It is time that cybercrimes is not just
thought o as a security issue or a technology issue. It is at the
very heart o how a business or Government builds trust with
customers as well as how it builds and protects its Brand value.
In view o the above scenario, Directorate o Inormation and
Technology, Government o Maharashtra has planned this
conerence on Cybercrimes: A Financial Sector view. The aim
is to share with the government authorities and nancial and
legal sector experts the current scenario o cybercrimes in the
nancial domain and the challenges aced by the legal ecosystem
in keeping pace with the current leap o cybercrimes.
I wish warm regards to the success o the conerence and hope
it will be knowledgeable and useul to the participants.
Shri. Prithviraj Chavan
Honble Chie Minister o Maharashtra
7/28/2019 Cybercrime Booklet
3/28
Recent reports on Cybercrimes launched against large companies
specically in the nancial Sector demonstrate that protecting and
securing data is more important now than ever beore. Cyber attacks
cause an impact on not only the brand value and revenue or the
companies but more severely impact the trust o the customers
involved in the system. In view o the given challenges, identiying how
data compromise occurs and understanding the legal and operational
challenges and identiying the dierent mechanisms o dealing with
these challenges aced would arm the system better to ght this
menace.
The conerence takes a peek on the current scenario o cybercrimes
at the National level with a ocus on Mumbai, the targeted victims,
types o cybercrimes and steps to be taken or securing critical nancial
inrastructure. It also ocuses on the current legal ramework available
and some o the major challenges aced by the Government Authorities,
nancial sectors and the judiciary itsel. We also look orward to a
complete session on the Challenges o dealing with the menace o Cyber
Crimes in terms o the Human Capacity, Technology, Jurisdiction and
legal issues.
The group o panelists is highly qualied proessionals rom the Financial
sector and the legal raternity who bring in extensive knowledge and
case study learnings in the eld o Cybercrimes. This conerence aims
at understanding the menace well and analyzing various challenges and
ways o curbing its eect and work towards a more sae and secureTechnology based nancial transaction environment.
Shri. Rajesh AggarwalIAS, Secretary Inormation and Technology,
Government o Maharashtra
7/28/2019 Cybercrime Booklet
4/28
A nations cyberspace is part o the global cyberspace; it cannot be isolated to dene its
boundaries since cyberspace is borderless. This is what makes cyberspace unique. Unlike thephysical world that is limited by geographical boundaries in spaceland, sea, river waters, andaircyberspace can and is continuing to expand. Increased Internet penetration is leading togrowth o cyberspace, since its size is proportional to the activities that are carried through it.
Cyber security is part o national security. Cyberspace merges seamlessly with the physical world.So do cyber crimes. Cyber attackers can disrupt critical inrastructures such as nancial and airtrac control systems, producing eects that are similar to terrorist attacks in the physical spaceThey can also carry out identity thet and nancial raud; steal corporate inormation such asintellectual property; conduct espionage to steal state and military secrets; and recruit criminalsand others to carry out physical terrorist activities.
Anyone can exploit vulnerabilities in any system connected to the Internet and attack it romanywhere in the world without being identied. As the Internet and new technologies grow,so do their vulnerabilities. Knowledge about these vulnerabilities and how to exploit themare widely available on the Internet. During the development o the global digital Internet andcommunications technology (ICT) inrastructure, the key considerations were interoperability andeciency, not security. The explosion o mobile devices continues to be based on these insecuresystems o Internet protocols.
It is increasingly cheap to launch cyber attacks, but security systems are getting more andmore expensive. This growing asymmetry is a game changer. It has another dimension, too
individuals, terrorists, criminal gangs, or smaller nations can take on much bigger powersin cyberspace, and through it, in the physical world, as well. The eects o attacks on criticalinrastructure such as electricity and water supplies are similar to those that would be caused byweapons o mass destruction, without the need or any physical attacks.
Cyber security is a global problem that has to be addressed globally by all governments jointly.No government can ght cybercrime or secure its cyberspace in isolation. The consequenceso a cyber attack are more likely to be indirect and more uncertain than most scenarios currentlyenvision; we may not always recognize the damage inficted by cyber attackers.
Cyber security is not a technology problem that can be solved; it is a risk to be managed by a
combination o deensive technology, astute analysis and inormation warare, and traditionaldiplomacy. Cyber attacks constitute an instrument o national policy at the nexus o technology,policy, law, ethics, and national security. Such attacks should spur debate and discussion, withoutany secrecy, both inside and outside governments at national and international levels.
Dr. Kamlesh Bajaj
CEO, Data Security Council o India
7/28/2019 Cybercrime Booklet
5/28
The increasing use o technology, particularly by businesses to drive its operations andto deliver world class services has led to the evolution o a new threat. The growth ocomplexity and access to technology has made us more susceptible to hi-tech crime whichis also a new orm o business threat that requires a undamental shit in risk managementarena o businesses, particularly in the nancial domain where the risk is very high.
Seriousness could be ascertained rom the report published by the World Economic Forum:Global Risks 2012 in which Cyber threat is rated as serious threat to the world based onlikelihood o impact. Cyber threats are real and its impact could be elt across borders,businesses and communities.
KPMG in India is proud to be associated as the knowledge partner o this conerenceon Cyber crimes: A nancial sector view and thus continue our association with thisprestigious event or the Government o Maharashtra. We would like to think o this eventas a confuence o thought leadership, where business and technology streams meet todiscuss, share, evaluate, strategise and provide insights or the evolution o secure businesspractices.
This conerence in association with the Government o Maharashtra and Nasscom ocusseson issues and trends o cyber crimes in the nancial domain, and how the industry is dealingwith this new type o crime. Considering the dependency o banking businesses on the
internet and the mediums vast reach, cyber crime could pose a threat to the nancial sectorand partnerships need to be ormed to ght this crime.
These threats can be suitably addressed by sharing insights, experiences, ideas and key skillsets and working through these issues with subject matter specialists. This would also helpcreate secure and robust business practices against existent threats to gain competitivebusiness advantages through business continuity. We at KPMG would like to acilitatethis entire process o collaborating thoughts on cyber security and try to present variousscenarios related to cyber security in the nancial domain which could impact the industry inuture.
As we know, technology is no longer an enabler, but seen as a business driver. We hope youwill appreciate the insights and concerns presented beore you and are able to benet romthe thoughts presented at this event.
Navin Agrawal
Partner, IT Advisory, KPMG in India
7/28/2019 Cybercrime Booklet
6/28
7/28/2019 Cybercrime Booklet
7/28
Contents
Financial Service Sector Overview 02
Technological Risk 03
Time and money spent 04
Threat 04
Types o crimes in Financial sector 04
Statistics - Global & India & ocus Mumbai 08
Legal Framework Support 09
Key Challenges/concernswhich needs to be addressed 11
Challenges aced by governments 13
Way orward 15
7/28/2019 Cybercrime Booklet
8/28
Currently, there are nearly 2 billion internet users and over 5 billionmobile phone connections worldwide.
Everyday, 294 billion emails and 5 billion phone messages are
exchanged.
50,000 Victims every hour
820 Victims every minute
14 Victims every second1
Most people around the world now depend on consistent access and
accuracy o these communication channels. Among all cybercrime victims
surveyed 80 percent were rom emerging markets, compared to 64
percent in developed markets.
The US Government estimates American businesses suered losses
o intellectual property totaling more than USD 1 trillion rom cyber
attacks.
With over ve billion mobile phones coupled with internet
connectivity and cloud-based applications, daily lie is more
vulnerable to cyber threats and digital disruptions. The related
constellation o global risks in this case highlights that incentives
are misaligned with respect to managing this global challenge.
Online security is now considered a public good, implying an
urgent need to encourage greater private sector engagement
to reduce the vulnerability o key inormation technology
systems. A healthy digital space is needed to ensure
stability in the world economy and balance o power.2
1 Symantec Cyber Crime Report 2011
2 World Economic Forum Report Global Report 2012
1 | Cybercrimes: A Financial Sector View
7/28/2019 Cybercrime Booklet
9/28
Financial Services sector
Overview
These are challenging times or the banking industry globally,
thought provoking and extremely rewarding at the same
time. Due to volatile geopolitical and global macroeconomic
conditions, many nancial institutions have been orced to
evaluate their current operating practices and think about
where they would like to be in uture and more importantly,
how to manage growth as well as risk management in line
with stakeholder expectations. The Indian banking industry
provides strategic opportunities or innovation-led growth,a moot point to meet challenges thrown by the current
environment. Technology is likely to play a signicant role in
guiding this new approach to growth and risk management.3
In nancial domain, technology is no longer an enabler, but
a business driver. In last decade phenomenal growth o IT,
mobile penetration and communication network has acilitated
growth in extending nancial services to masses. Technology
has acilitated delivery o banking services to masses andchanged the way o unctioning o nancial institutions.
Technology made banking services aordable and accessible
by optimizing the way these institutions operate today.
Regulatory bodies, banks and other institutions/agencies have
taken paradigm shit in areas o respective operations, service
delivery and consumer satisaction. Financial institutions
gained eciency, outreach, spread through technology in last
two decades.
The benets o technology such as scale, speed and low error
rate are also refecting in the perormance, productivity and
protability o banks, which have improved tremendously in
the past decade. Technology initiatives are taken by banks in
the areas o nancial inclusion, mobile banking, electronic
payments, IT implementation and management, managing
IT risk, internal eectiveness, CRM initiatives and business
innovation.
3 KPMG in India: IT in Banking Managing the present by looking to the
uture, August 2008,
Cybercrimes: A Financial Sector View | 2
7/28/2019 Cybercrime Booklet
10/28
Technological Risk
In a digital age, where online communication has becomethe norm, internet users, governments and organizations
ace increased risks o becoming the targets o cyber
attacks. As cyber criminals continue to develop and advance
their techniques, they are also shiting their targets
ocusing less on thet o nancial inormation and more on
business espionage and accessing business inormation.
To ght ast-spreading cyber crime, sector must collaborate
globally to develop an eective model that will control the
threat.
The issue o primary importance is that, no national
government operates an eective compilation service to
identiy trends in cyber-crime with the exception o the
Internet Crime Complaint Center (IC3). Most cyber-crime is
on such a small scale that law enorcement organizations
are not interested in dealing with individual cases, and, in
many cases, individuals may not care enough about the
amounts involved to take action. Thereore it tends to gounreported.4
Various risks managed
by fnancial bodies are as
ollows:5
Financial Risks
Inrastructure Risks
Technology Risks
Data Risks
Human Risks.
4 Cyber Crime A Growing Challenge or Governments July 2011,
Volume Eight kpmg.com
5 Evolving Security Architecture in
Banks: IBM 2009
Source: World Economic Forum Report: Global Risks 2012 Seventh-edition
3 | Cybercrimes: A Financial Sector View
7/28/2019 Cybercrime Booklet
11/28
Time and MoneySpent
Global Scenario
USD 114 Billion is total loss o cash in 12 months
USD 274 Billion is the total loss o time or
victims o cyber crime
On an average, 10 days were spent by victims to
satisactorily resolve hassles o cyber crime).
Indian Scenario USD 4 billion is the total loss o cash in 12
months
USD 3.6 billion is the total loss o time or
victims o cyber crime
On an average 15 days were spent by victims to
satisactorily resolve hassles o cyber crime.6
Threat
Among all cybercrime victims surveyed
80 percent were rom emerging markets,compared to 64 percent in developed markets.
Only 21percent o victims reported cybercrimeto the police
59 percent o victims whod suered bothonline and ofine crime elt there were ewer
ways to get help ater the cybercrime
In India, 59 percent o mobile phone ownersaccess internet via mobile device out o which
17 percent experienced mobile related cybercrime.6
6 Symantec Cyber Crime Report 2011 7 KPMG in India: IT in Banking Managing the
present by looking to the uture, August 2008.
Types o Crimes in Financial
Sector7
Control over the physical world is
generally localized, low-tech andunderpinned by many well established
practices and procedures. The challenge
to this seemingly well-oiled machinery is
oered by a new paradigm o organized
crime-cybercrime.
The increasing use o the internet
by all acets o society has led to the
evolution o new eld o criminal activitythat is dened by its dependence on
the internet. While certain aspects o
cyber crime are held common with
previously existing orms o criminality
it is nevertheless true that cyber crime
orms a distinct category o its own,
one that requires dierent mechanisms
to deal with it. Most o the cyber crime
involves multiple, undetectable, smallcrimes or micro-crimes.
Although the headline events are those
where gangs o organized criminals
use technical mean to electronically
steal millions rom banks; successul
operations at beginning o decade used
simple raud technique to steal small
value denominations rom multipleindividuals without alerting the victims
or the law enorcement agencies.
Avenues or these operations could
range rom gaining illegal access to
personal bank accounts to selling
access to compromised computers.
Cybercrimes: A Financial Sector View | 4
7/28/2019 Cybercrime Booklet
12/28
Vendors o online security products have
an interest in talking up the threats o
cybercrime, while victims o cybercrime
oten have an interest in remaining silent.
It is thereore very dicult or rms and
organizations to get a clear picture othe true levels o the risk and needs or
investment. Correcting such inormation
asymmetries should be at the centre o
policies to improve global cyber security
and to ensure an ecient market. Firms
have an incentive to invest in cyber security
measures that protect their own interests,
rather than in those measures that
contribute to the health o the overarching
critical inormation inrastructure. Innovative
multi stakeholder collaboration will be
required to tip the balance towards
investment in creating systemic resilience.
There are no proven secure systems,
only systems whose aults have not yet
been discovered, so trying to overcomehackability may be as hopeless as
denying gravity. Instead, the goal should be
nding ways or well-intentioned individuals
to identiy those aults and deploy remedies
to end-users beore would-be cyber
criminals can discover and exploit them.
Experts believe that the levels o resource
devoted to this eort are nowhere near
adequate, but there are signs that someindustries are taking cyber threats more
seriously. In November 2011, 87 banks
in England participated in a mock cyber
attack stress test in preparation or an
anticipated increase in attacks during the
2012 Summer Olympic Games.9
9 World Economic Forum Report: Global Risks 2012
Global dimensions and borderless limits
have given rise to new and innovative
responses required to the issue o cyber
crime or electronic crime. The growth in
the o-take o the inormation highway
and telecommunications presents as greata challenge or policing. A hi-tech crime
presents a new orm o business threat
that requires a undamental shit in policing
methodology.8
Financial-services organization provides
specialized, private banking products and
services to its customers. Its services cover
property, investments, capital markets
and asset management. Their customer
base is its biggest asset, and oering
strong protection to these customers is o
paramount importance both to retain and
grow business, and to protect its reputation
or high-quality service.
Companies in nancial domain have
experienced increase in instances o
cybercrime in past ew years. Various levels
o cyber crime threats are at each level o
IT systems. The emergence o such threats
at dierent levels is due to an explosion o
online banking and shopping, coupled with
the increasing willingness o consumers
to disclose personal inormation over the
internet. Hackers are now enabling a largermarket o script-junkies whose decient
skills would otherwise shut them out o the
cyber criminal enterprise.
8 KPMG in India: IT in Banking Managing the
present by looking to the uture, August 2008
5 | Cybercrimes: A Financial Sector View
7/28/2019 Cybercrime Booklet
13/28
Type o Attacks Details
Viruses and worms
Viruses and worms are computer programs that aect the storage devices o acomputer or network, which then replicate inormation without the knowledgeo the user.
Spam emails
Spam emails are unsolicited emails or junk newsgroup postings. Spam emailsare sent without the consent o the receiver potentially creating a widerange o problems i they are not ltered appropriately.
Trojan
A Trojan is a program that appears legitimate. However, once run, it moves onto locate password inormation or makes the system more vulnerable to utureentry. Or a Trojan may simply destroy programs or data on the hard disk
Denial-o-service
(DoS)
DoS occurs when criminals attempt to bring down or cripple individualwebsites, computers or networks, oten by fooding them with messages.
Malware
Malware is a sotware that takes control o any individuals computer to spreada bug to other peoples devices or social networking proles. Such sotwarecan also be used to create a botnet a network o computers controlledremotely by hackers, known as herders, to spread spam or viruses.
Scareware
Using ear tactics, some cyber criminals compel users to download certainsotware. While such sotware is usually presented as antivirus sotware, atersome time these programs start attacking the users system. The user then hasto pay the criminals to remove such viruses
Phishing
Phishing attacks are designed to steal a persons login and password. Forinstance, the phisher can access the victims bank accounts or assume controlo their social network.
Fiscal raudBy targeting ocial online payment channels, cyber attackers can hamperprocesses such as tax collection or make raudulent claims or benets
State cyber attacks
Experts believe that some government agencies may also be using cyberattacks as a new means o warare. One such attack occurred in 2010, whena computer virus called Stuxnet was used to carry out an invisible attack onIrans secret nuclear program. The virus was aimed at disabling Irans uraniumenrichment centriuges.
CardersStealing bank or credit card details is another major cyber crime. Duplicatecards are then used to withdraw cash at ATMs or in shops
Cybercrimes: A Financial Sector View | 6
7/28/2019 Cybercrime Booklet
14/28
Cyber-crime has spawned many
entrepreneurs, though o dubious repute.
They have given rise to new criminal hacking
enterprises aimed not at committing raud
but at providing services to help others
commit raud. This operation enables peopleto commit crime vicariously, i.e. without any
direct perpetration.
Another model is to create a subscription
based identity thet service rather than
stealing personal credentials themselves
cyber criminals have hacked into PCs and
then charged clients or a limited period o
unettered access. As is the case with most
business services, customers willing to pay
extra can obtain premium services such as
a complete clean-up o the stolen data,
i.e. getting rid o low-value inormation and
assistance with indexation and tagging o
data, etc.10
New skills, technologies and investigative
techniques, applied in a global context, are
required to detect, prevent and respond
to cyber-crime. This is not just about the
10 KPMG in India: IT in Banking Managing the present by looking to the uture, August 2008
Source: World Economic Forum Report-Global Risks 2012 Seventh-edition
Framework or Cyber threats and responses
realignment o existing eort. This new
business will be characterized by new orms
o crime, a ar broader scope and scale o
oence and victimization, the need to respond
in a much more timely way, and challenging
technical and legal complexities. Innovativeresponses such as the creation o cyber-
cops ,cyber-courts and cyber-judges may
eventually be required to overcome the
signicant jurisdictional issues that law and
order agencies are currently acing.
Law enorcement with regard to investigating
crimes and handling evidence, dealing
with oenders, and assisting victims,
poses complex new challenges. There is
an unprecedented need or international
commitment, coordination and cooperation
since cyber-crime is truly a global
phenomenon. It is also important to have
a better understanding about the nature
o the problem and to address the issue o
signicant under-reporting o this dangerousphenomenon. Prevention and partnerships
will be essential to ght cyber crime.10
7 | Cybercrimes: A Financial Sector View
7/28/2019 Cybercrime Booklet
15/28
Top 5 global risk in terms o likelihood
Statistics - Global & India and special ocus on Mumbai
Cyber security is on top priority list o various nancial organizations, regulators and
governments. Cyber attacks ranked ourth in top global risks in terms o likelihood in World
Economic Forum Report: Global Risks 2012.
Source: World Economic Forum Report-Global Risks 2012 Seventh-edition
Cybercrimes: A Financial Sector View | 8
7/28/2019 Cybercrime Booklet
16/28
Legal Framework Support
The Data Security Council o India (DSCI) and the Department oInormation Technology (DIT), India are the prime bodies looking
towards the cyber security in India. To cater to the needs o cybersecurity issues, India has implemented IT Act 2000 and revised IT(Amendment) Act 2008.
Emergence o Inormation
Technology Act, 2000
The Inormation Technology Act 2000 wasenacted ater the United Nation General
Assembly Resolution A/RES/51/162, on 30th
January, 1997 by adopting the Model Law
on Electronic Commerce adopted by the
United Nations Commission on International
Trade Law. This was the rst step towards the
Law relating to e-commerce at international
level to regulate an alternative orm o
commerce and to give legal status in the area
o e-commerce. It was enacted taking into
consideration United Nations Commission on
International Trade Law UNICITRAL model o
Law on e- commerce 1996.
The Act was aimed to provide the legal
inrastructure or e-commerce in India, The
Inormation Technology Act, 2000 also aimed
to provide or the legal ramework so that
legal sanctity is accorded to all electronic
records and other activities carried out by
electronic means. The Act states that unless
otherwise agreed, an acceptance o contract
may be expressed by electronic means ocommunication and the same shall have legal
validity and enorceability.
Dierent types o cyber crimes have been
described as oences under Chapter IX.
Several crimes like hacking, phishing,
data thet, identity thet, denial o service,
spreading o virus, source code thet, sending
lewd SMS/MMS/Email, pornography, childpornography and disclosure o inormation by
organizations have been looked in detail.
The IT Act, 2000 provides or the constitution
o the Cyber Regulations Advisory Committee
which has been advising the government as
regards to any rules or or any other purpose
connected with the act. The Act also has Five
Schedules, the last one being the glossaryand others which amend the Indian Penal
Code, 1860, the Indian Evidence Act, 1872,
The Bankers Books Evidence Act, 1891, The
Reserve Bank o India Act, 1934 to make them
in tune with the provisions o the Act.11
11 The Gazette o India, Extraordinary part -2
http://eprocure.gov.in/cppp/sites/deault/les/eproc/itact2000.pd
9 | Cybercrimes: A Financial Sector View
7/28/2019 Cybercrime Booklet
17/28
Currently, the IT Act, 2000 has been amended by the Inormation Technology
(Amendment) Act, 2008. This law provides the legal inrastructure or
Inormation Technology in India. The said Act along with its 90 sections is to be
conceived with 23 rules called the IT rules, 2011s
Section Cyber Crime Type Penalty
Sec-43 Damage to Computer system etc. Compensation or Rupees 1crore
Sec-66 Hacking (with intent or knowledge)Fine o 2 lakh rupees, and imprisonment or 3
years
Sec-67Publication o obscene material in
e-orm
Fine o 1 lakh rupees, and imprisonment o
5years, and double conviction on second oence
Sec-68 Not complying with directions ocontroller
Fine upto 2 lakh and imprisonment o 3 years
Sec-70Attempting or securing access to
computerImprisonment upto 10 years
Sec-72For breaking condentiality o the
inormation o computerFine upto 1 lakh and imprisonment upto 2 years
Sec-73Publishing alse digital signatures,
alse in certain particulars
Fine o 1 lakh, or imprisonment o 2 years or
both.
Sec-74Publication o Digital Signatures or
raudulent purpose
Imprisonment or the term o 2 years and ne or
1 lakh rupees
Noteworthy provisions under the IT Act, 2000
IT Act 2000. http://www.mit.gov.in/content/it-act-2000-dpl-cyber-laws
Cybercrimes: A Financial Sector View | 10
7/28/2019 Cybercrime Booklet
18/28
Key challenges/concernswhich needs to be addressed
Cyber Security Legal Issues
The major concern is primarily attacks on
networks and the need or coming up with
appropriate legislative rameworks or
enhancing, preserving and promoting cyber
security. Lawmakers needs to come up with
appropriate enabling legal regimes that not
only protect and preserve cyber security, butalso urther instill a culture o cyber security
amongst the netizen Large number o existing
cyber legislations across the world, do not
yet address important issues pertaining
to cyber security. A more renewed ocus
and emphasis on coming up with eective
mandatory provisions is required which would
help protect, preserve and promote cyber
security in the context o use o computers,computer systems, computer networks,
computer resources as also communication
devices.
Mobile law challenges
As the mobile users in India are increasing
considerably, the use o mobile devices
and content generated there rom are likely
to bring orth signicant new challenges
or cyber legal jurisprudence. There are no
dened jurisdictions dedicated to laws dealing
with the use o communication devices and
mobile platorms. As increasingly people use
mobile devices or output and input activities,
there will be increased emphasis on meeting
up with the legal challenges emerging with
the use o mobility devices, more so inthe context o mobile crimes, mobile data
protection and mobile privacy.
Spam galore
As more and more users get added to the
Internet and mobile bandwagon, email and
mobile spammers will nd increasingly
innovative methodologies and procedures to
target at digital users. Law makers are likely to
be under pressure to come with up eective
legislative provisions to deal with the menaceo spam.
Cloud computing legal issues
As India is moving towards the adoption o
cloud computing, various important legal
challenges pertaining to cloud computing
will continue to seek attention o Cyberlaw
makers. Cloud computing brings with it,
various distinctive new challenges including
that o data security, data privacy, jurisdiction
and a variety o other legal issues.
Social media legal issues
In the recent times there have been
increasingly signicant legal issues and
challenges raised by social media. As social
media websites continues to become theertile ground or targeting by all relevant
lawyers, law enorcement agencies and
intelligence agencies, social media continues
to become the preerred repository o all data.
As such, social media crimes are increasing
dramatically. Inappropriate use o social
media is urther increasing, thereby leading
to various legal consequences or the users.
The concept o privacy in the context o social
11 | Cybercrimes: A Financial Sector View
7/28/2019 Cybercrime Booklet
19/28
media is greatly undermined, despite eorts
to the contrary made by some stakeholders.
Cyberlaw makers across the world have to
ace the unique challenge o how to eectively
Way Forward
The Inormation technology Act, 200 and its
amendment in 2008, though provides certain
kind o protection, but does not cover all the
spheres o the IT where protection must
be provided. The Copyright and Trademark
violations do occur on the net, but the
Copyright Act, 1976 or the Trademark Act,
1994, are silent on that which specically
deals with the issue. There is no enorcement
machinery to ensure the protection o domain
names on net. Transmission o e-cash and
transactions online are not given protection
under Negotiable Instrument Act, 1881.
Online privacy is not protected; only Section
43 (penalty or damage to computer or
computer system) and Section 72 (Breach
o condentiality or privacy) talks about it insome extent but doesnt hinder the violations
caused in the cyberspace.
Even the Internet Service Providers (ISP)
who transmit some third party inormation
some third party inormation without human
intervention is not made liable under the
Inormation Technology Act, 2000. Its hard to
prove the commission o oence as the termsdue diligence and lack o knowledge
have not been dened anywhere in the Act.
Even, the Act doesnt mention how the extra
territoriality would be enorced. This aspect
is completely ignored by the Act, where it
had come into existence to look into cyber
crime which is on the ace o it an international
problem with no territorial boundaries.
The Act has its own slated advantages as it
gave legal recognition to electronic records,
transactions, authentication and certication
o digital signatures, prevention o computer
crimes etc. but at the same time is inficted
with various drawbacks also like it doesnt
reer to the protection o Intellectual Property
rights, domain name, cyber squatting etc.
This inhibits the corporate bodies to invest
in the Inormation technology inrastructure.
Cryptography is a new phenomenon to secure
sensitive inormation. There are very ew
companies in present date which have this
technology. Other millions o them are still
posed to the risk o cyber crimes.
India needs to update the Law whether by
amendments or by adopting sui generic
system. Though Judiciary continues to
comprehend the nature o computer relatedcrimes there is a strong need to have better
law enorcement mechanism to make the
system workable.
regulate the misuse o social media by vested
interests and urther how to provide eective
remedy to the victims o various criminal
activities on social media.
Cybercrimes: A Financial Sector View | 12
7/28/2019 Cybercrime Booklet
20/28
Challengesaced by governmentsAlthough governments are actively ocused
on ghting and preventing cyber criminals
rom damaging inrastructure, the very
nature o cyberspace poses a number o
challenges to the implementation o cyber
regulations in any country. Within cyberspace
it is oten dicult to determine political
borders and culprits. Furthermore, the cyber
criminal community and their techniques
are continously evolving, making it morechallenging or governments and companies
to keep up with ever-changing techniques.
Tracking the origin o crime
According to Rob Wainwright, Director o
Europol, criminal investigations o cyber
crimes are complex, as the criminal activity
itsel is borderless by nature. Tracing cyber
criminals poses a challenge.12While many
experts speculate that the cyber attacks
on Estonia and Georgia, or instance, were
directed by the Russian cyber agencies,
some o the attacks have been traced to the
computers originating in Western countries.
Growth o the underground cyber crime
economy
A major threat that may hamper the ght
against cyber crime is the growth o an
underground economy, which or many
cyber criminals can be a lucrative venture.
The underground economy attracts many
digital experts and talented individuals with
a specialty around cyber initiative. In the
cyber underworld, the hackers and organized
crime rings operate by selling condentialstolen intelligence. Research shows that
criminals are trading bank account inormation
or US$10125, credit card data or up to
US$30 per card, and email account data
or up to US$12.13 Oten, the acquired data
is used in illegal online purchases and in
exchange or other monetary transactions.
The untraceability o the origin o these
transactions poses a major challenge to
government agencies in their eorts to ght
crimes o this nature.
Shortage o skilled cyber crime fghters
Implementing cyber security measures
requires skilled manpower. However, most
countries ace a shortage o skilled people
to counter such cyber attacks. According to
Ronald Noble, Head o Interpol, An eective
cyber attack does not require an army; it
takes just one individual. However, there is a
severe shortage o skills and expertise to ght
this type o crime; not only at Interpol, but in
law enorcement everywhere. Moreover,
most trained or skilled people are recruited
by the private sector, as it oers higher
nancial rewards. In the UK, the PCeU has
experienced this shortage rst hand, with
only 40 core team members.88 Similarly,
in Australia, the majority o the cyber crime
incidents, particularly minor incidents, remain
unsolved or are not investigated due to the
lack o eForensic skills and expertise.
Widespread use o pirated sotware
One o the major challenges to preventing
cyber crime is the prevalence o sotware
piracy, as pirated sotware is more proneto attacks by viruses, malware and
12 E-Crime Survey 2009, KPMG International 13 War in the th domain, Economist, July 1, 2010
14 Will the U.S. get an Internet kill switch?, Technology
Review, March 4, 2011
13 | Cybercrimes: A Financial Sector View
7/28/2019 Cybercrime Booklet
21/28
trojans. Experts believe that rapid growth
o Consumer PC markets in emerging
countries - such as India, Brazil and China -
has contributed largely to the rising piracy
rates. The pirated sotware can include not
only games, movies, oce applications and
operating systems, but also security sotware.
Oten, users preer to obtain a pirated
security sotware, rather than purchase and
upgrade legal version, thereore increasing
the vulnerability o their systems to cyber
attacks. For instance, one o the reasonsor the spread o the Concker virus in 2008
was the lack o automatic security updates
or unlicensed sotware. The issue becomes
more signicant or those countries where
pirated sotware is a common occurrence.
China, which is one o the largest such
markets, reported that nearly US$19 billion
was spent on pirated sotware in 2009. In
India, the unlicensed sotware market value
stands at nearly US$2 billion. Ensuring cyber
security is also a major challenge or Gul
Cooperation Council (GCC) countries, where
50 percent o sotware is pirated.15
15 KPMG international, Issues Monitor: Cyber Crime A Growing Challenge
or Governments (July 2011, Volume Eight)
Cybercrimes: A Financial Sector View | 14
7/28/2019 Cybercrime Booklet
22/28
Experts believe that to ght the borderless and continuously evolving cybercrime, global leaders must collaborate in joint initiatives. Nigel Inkster, an
expert on cyber threats at the International Institute or Strategic Studies,
stated, Thus ar, the discussion on how to set international standards on
cyber has been very low prole and largely conned to the margins o the UN
General Assembly. However, to overcome signicant diplomatic hurdles, a
concerted eort on the part o governments must be in place. In April 2010,
the UN rejected a treaty on global cyber crime, due to disagreements over the
national sovereignty issues and concerns or human rights. Many countries
have expressed a concern over the new cyber laws. Russia, as one o theexamples, has reused to endorse the Budapest Convention on Cybercrime,
which allows police and other legal entities to cross national boundaries
without the consent o local authorities, in order to access computer servers.
However, country ocials in most developed nations do agree on the
establishment o policies to protect cyberspace against criminals. Experts
believe that developed countries such as the US should encourage other
countries to introduce policies against cyber attacks, in the similar ashion
they do or nuclear weapons, missile deense and space. The US has to
rame a much clearer strategy with regard to cyber (warare), said Greg
Austin, Vice President o Program Development and Rapid Response at the
EastWest Institute. The US supports an International Telecommunication Union
plan, which obligates the country o origin o Cyber crime acts to conduct
investigation. The US also supports a Russian initiative that has called or a
UN panel to work on cyber-arm limitations. However, experts believe that the
implementation o such a coordinated initiative might take a ew more years.
Apart rom bilateral and multi-lateral initiatives between governments, much
can be achieved by cooperating with the private companies that own and
control the majority o the cyberspace network. Network owners or internet-
service providers can take more responsibility to help identiy cyber attacks
and attackers on user computers, and take the necessary steps to counter
such attacks. Experts believe that while such preventive measures may not
completely eliminate cyber espionage, it can certainly make cyberspace a
much saer place.13
Way orward
13 KPMG international, Issues Monitor: Cyber Crime A Growing Challenge
or Governments (July 2011, Volume Eight)
15 | Cybercrimes: A Financial Sector View
7/28/2019 Cybercrime Booklet
23/28
Cybercrimes: A Financial Sector View | 16
7/28/2019 Cybercrime Booklet
24/28
Notes
7/28/2019 Cybercrime Booklet
25/28
Notes
7/28/2019 Cybercrime Booklet
26/28
Notes
7/28/2019 Cybercrime Booklet
27/28
Notes
7/28/2019 Cybercrime Booklet
28/28
KPMG Contacts
Navin Agrawal
Partner and Head
Management Consulting
T: +91 22 3090 1720
M: +91 99670 16367
Mahesh Gharat
ManagerManagement Consulting
T: +91 22 3091 3352
M: +91 98337 32033
kpmg.com/in
NASSCOM Contacts
Chetan Samant
Manager
M: +91 98203 04982
DIT Contacts
Suryakanth Jadhav
Director - IT
M: +91 98209 22647
The inormation contained herein is o a general nature and is not intended to address the
circumstances o any particular individual or entity. Although we endeavour to provide accurate and
timely inormation, there can be no guarantee that such inormation is accurate as o the date it is
received or that it will continue to be accurate in the uture. No one should act on such inormation
without appropriate proessional advice ater a thorough examination o the particular situation.
2012 KPMG, an Indian Registered Partnership and a member rm o the KPMG network o
independent member rms aliated with KPMG International Cooperative (KPMG International),a Swiss entity. All rights reserved.
The KPMG name logo and cutting through complexity are registered trademarks or trademarks o