(by Lalitha Sridhar)
Our understanding of the virtual world is woefully slim; and of cyber crimes, even less. But, as law enforcers are finding out, their effect on the real world is devastating; preventing and detecting cyber crimes is now being given a priority. Economic offences dog the $1.2 trillion electronic commerce industry worldwide. Even as law enforcers struggle to cope, other — and newer — violations loom large, the victims falling into an anonymous abyss. The Internet can, and often has, become the space for predators seeking women and children.
Studies have shown that about 60 per cent of all Websites are sexual in content. An estimated 1,00,000 pornographic Websites generate revenues in the region of $1 billion annually. The increasing popularity of chatrooms and the vulnerability of personal data to criminal access make women and children the easiest targets for a range of culpable crimes.
The European Union has set up a Commission on Illegal and Harmful Content on the Internet. The USA has a quasi-governmental organisation called the Internet Crimes Against Children Task Force. But computer sex offenders take advantage of the gullibility of their victims and the inept laws protecting them.
Children are victimised by paedophiles, who are no longer lonely and hunted individuals — they are untraceable instead. Young persons are exposed to pornography, hateful and violent literature, harassment, exploitation and spurious job rackets. Child molesters recruit, seduce and control the future of their victims on the Internet, capitalising on the natural curiosity of children.
Cyber stalking happens when a person is followed and pursued online, privacy invaded, and every move watched. Cyber stalking usually occurs with women, who are stalked by men; or children, who are stalked by paedophiles.
It is believed that over 75 per cent of the victims are female, in the form of harassment that can disrupt the life of the victims and leave them feeling afraid and threatened.
Says V. Lalitha, Assistant Vice-President, Polaris Software Laboratory, Chennai: "In one landmark case in the USA, when a woman rebuffed the advances of a security guard in her office building, he posted her name, address, e-mail ID and phone number in pornographic chatrooms, with sexually explicit invitations promising her ‘availability’. She was besieged by vulgar and offensive propositions, her home was stalked and work life affected by obscene callers. She took the case to court and the man was given a prison term of six years."
With 19.5 per cent of online stalking translating into offline offences, cyber crimes can spill over to the real world with very real consequences.
Lalitha cautions that a common area of cyber stalking is ‘edu’ site. In Mumbai, a 16-year-old-boy was kidnapped by a woman paedophile. Cyber crimes are easy to commit and require very few resources in relation to the damage that can be caused. Family members have to watch out for symptoms in victims, particularly children. Cyber victims could be using inappropriate language or displaying an excessive fear of some places or things.
India is one of the few countries that has adopted the Information Technology Act, 2000. It has been lauded as a good beginning — but it is also seen as a bumpy start. The IT Act defines, among other things, what constitutes tampering with a computer source, hacking of computer document systems and publishing of obscene information.
But in what is widely acknowledged as a glaring lapse, it does not cover cyber stalking or child abuse. Unlike in a real world crime, a cyber crime is generally not preceded by a motive, the time zones can be different and a crime cannot be pinpointed to a particular hour. The crime could originate in one continent and target victims in another part of the world.
Investigators find that data can be easily destroyed while clinching evidence is difficult to collect. Often, only strong circumstantial evidence is available.
Says Sundari Nanda, Deputy Inspector General of the Indian Central Bureau of Investigation’s pioneering Cyber Crime Cell, set up in 2000: "Cyber crime is simply a normal crime facilitated by information technology. Most cutting edge law enforcement functionaries are not tuned into this yet. The minute the e-word comes in, it is the Cyber Crimes CBI Cell that is approached. Our experience has shown clearly that this cannot be a separate category for registration and investigation."
Nanda emphasises the need to orient legal officers and court procedures. "E-mails and computers were extensively used in the terrorist attack on Indian Parliament. We come across cases of rape and murder with an IT component. Besides antiques and wildlife, women and children are victims of trafficking which originated in computers." The CBI reports a spate of complaints originating from dating services and chat rooms.
Problems beset law-enforcement efforts: The IT Act is ambiguous in many places; and multinational companies operating in India refuse to share information and insist they are governed by the US secrecy laws.
Says Nanda: "Meaningful linkages and cooperation between agencies is vital to cyber crime-solving. The Internet users have to be made aware that there is an authority to complain to."
Cyber crimes multiply, meanwhile, undetected and little understood. When the victim does not even understand what his/her rights are, when the law is unclear about what precisely constitutes a crime, and when old infrastructure judges constantly changing technologies, cyber criminals can remain virtually free of both punishment and repentance.
'Experienced programmers switching to virus writing'
Virus specialist Daniel Zatz is hoping love blossoms for an 18-year-old Dutch woman and that the economies of Eastern Europe pick up.
Zatz, a Sydney-based security consultant for Computer Associates, warns that more serious viruses are on the cards for 2003 following a lull this year.
About 250 viruses a month have appeared in 2002, compared with 400 last year, he says, but the latest ones have been more damaging, with the Klez virus, now in its eighth variant, proving the most prevalent of all.
Zatz says this is because rather than being produced by 18 to 25-year-olds, the "script kiddies", many viruses are being written by 26 or 27-year-olds, often software developers in Eastern Europe "honing their skills" while unemployed.
Zatz also remains hopeful that a Dutch woman who goes by the name Gigabyte who wrote the Sharpei virus and maintains a virus-writing website, remains busy with her boyfriend hacker. She hasn't produced any viruses for a while.
Viruses continue to evolve, says Zatz, partly by existing virus code being "cut and pasted" into new viruses. For example, Goner was the first to try to remove antivirus software; Klez, Bugbear and Braid did the same.
"The real impact of Klez was to drop a virus called Elkern.cav, an 18-month-old virus, as a side-effect. Braid dropped the old Funlove virus as part of its payload," says Zatz.
The consultant, who was in Auckland and Wellington last month for a series of CA seminars on security strategy, says almost all of these email viruses have file extensions such .exe and .bat, which can be filtered out at the email gateway, but many organisations don't bother.
Looking to next year, Zatz says viruses may be more prevalent and more damaging, with a "tall poppy syndrome" keeping Microsoft as the top target. The software giant is good at putting out patches, he says, but it is "hard for it to keep up".
"Many joke that to create a virus, writers look at the [Microsoft] website to get patch details," he says. Virus writers are aware that people don't patch their systems or run out-of-date systems.
Zatz, who has been in the industry 15 years, says another factor is that IT security is "colliding" with physical security, with organisations also needing to verify their staffers are where they should be and doing what they are supposed to be. A recently launched CA product called eTrust, he says, can analyse user behaviour so employers can see if there is a risk posed by a staffer doing something unusual like working at odd hours.
As for Gigabyte, her website talks about a five-member clan called the Contagious Rebels that is seeking more virus writers, hackers and phreakers. Gigabyte says she has finished school and has been busy working for a computer company, but she is already "making plans for my next virus".