On 3 July, 2012, there were reports that those involved in an ATM fraud that was busted by the Mohali crime branch along with the Kerala Police, had duped four banks of over Rs 2 crore. Mind you, these are preliminary investigations. Numerous reports like these over the past couple of years suggest that it’s a no-brainer to presume that cyber crime is on the rise, and you do get a sense of that with what is perhaps the only official figures that this country has--the latest (for 2011) available figures from the National Crime Records Bureau (NCRB).
So going by the 2011 NCRB figures, there were 1,791 cases registered under IT Act during the year 2011 as compared to 966 cases during the previous year (2010) thereby reporting an increase of 85.4% in 2011 over 2010.
Of this, 19.5% cases (349 out of 1,791 cases) were reported from Andhra Pradesh followed by Maharashtra (306), Kerala (227), Karnataka (151) and Rajasthan (122). And 46.1% (826 cases) of the total 1,791 cases registered under IT Act 2000 were related to loss/damage to computer resource/utility reported under hacking with computer systems.
The statistics on cyber crimes are collected under the following heads--Offences registered under the Information Technology Act 2000, and those under the Indian Penal Code or IPC (involving the use of computers).
But dissect the figure closely and you realise that while cybercrime is a big threat to India’s online population, which loses billions to Internet fraud every year, very few seem to come forward when it comes to reporting such cases, if government records are anything to go by.
According to NCRB, the police have recorded less than 5,000—only 4,829 cases and made fewer arrests (3,187) between 2007 and 2011, under both the Information Technology (IT) Act as well as the Indian Penal Code (IPC).
And convictions remain in single digits, according to lawyers. Only 487 persons were arrested for committing such offences during the year 2011. There were 496 cases of obscene publications/transmission in electronic form during the year 2011 wherein 443 persons were arrested.
Out of total 157 cases relating to hacking under Sec. 66(2), most of the cases (23 cases) were reported from Karnataka followed by Kerala (22 ) and Andhra Pradesh (20 cases). And 20.4% of the 1184 persons arrested in cases relating to IT Act, 2000 were from Andhra Pradesh (242) followed by Maharashtra (226).
The age-wise profile of persons arrested in cyber crime cases under the IT Act, 2000 showed that 58.6% of the offenders were in the age group 18–30 years (695 out of 1184) and 31.7% of the offenders were in the age group 30-45 years (376 out of 1184). Madhya Pradesh (10), Maharashtra (4), Kerala (3) and Delhi (2) reported offenders whose age was below 18 years.
Meanwhile, a total of 422 cases were registered under the Indian Penal Code or IPC Sections during the year 2011 as compared to 356 such cases during 2010 thereby reporting an increase of 18.5%. Maharashtra reported maximum number of such cases (87 out of 422 cases i.e. 20.6%) followed by Chhattisgarh 18.0% (76 cases) and Delhi 11.6% (49 Cases).
Majority of the crimes out of total 422 cases registered under IPC fall under 2 categories--forgery (259) and Criminal Breach of Trust or fraud (118). Although such offences fall under the traditional IPC crimes, these cases had the cyber overtones wherein computer, Internet or its enabled services were present in the crime and hence they were categorised as Cyber Crimes under IPC.
Crime head-wise and age-wise profile of the offenders arrested under Cyber Crimes (IPC) for the year 2011 reveals that offenders involved in forgery cases were more in the age-group of 18-30 (46.5%) (129 out of 277). 50.4% of the persons arrested under Criminal Breach of Trust/Cyber Fraud offences were in the age group 30-45 years (65 out of 129).
Meanwhile 9 out of 88 mega cities did not report any case of cyber crime i.e., neither under the IT Act nor under IPC Sections during the year 2011.
And 53 mega cities have reported 858 cases under IT Act and 200 cases under various sections of IPC. There was an increase of 147.3% (from 347 cases in 2009 to 858 cases in 2011) in cases under IT Act as compared to previous year (2010), and an increase of 33.3% (from 150 cases in 2010 to 200 cases in 2011) of cases registered under various sections of IPC.
Bangalore (117), Vishakhapatnam (107), Pune (83), Jaipur (76), Hyderabad (67) and Delhi (City) (50) have reported high incidence of cases (500 out of 858 cases) registered under IT Act, accounting for more than half of the cases (58.3%) reported under the IT Act. Delhi City has reported the highest incidence (49 out of 200) of cases reported under IPC sections accounting for 24.5% followed by Mumbai (25 or 12.5%).
These numbers can give us a false sense of security, according to cyber crime experts.
The official cybercrime numbers also do not match the findings of security reports. For instance, the Norton Cybercrime Report 2011, released in September by research firm Symantec Corp., estimated that nearly 30 million people were victims of cybercrime in 2010, suffering $4 billion in direct financial losses and an additional $3.6 billion in time spent resolving the crime.
In India, four in five online adults have been a victim of cybercrime, according to the report.
RSA, the security division of EMC Corp., estimated that Indian corporations lost $27.8 million in the first half of 2011. Phishing refers to attempts made to acquire information such as user names, passwords and credit card details by pretending to be a trustworthy entity. The RSA report also ranked India as the third-most targeted country for phishing attacks after the US and the UK.
The NCRB statistics not only fly in the face of numbers from security vendors, but also from those retrieved from the Cert-In (Indian Computer Emergency Response Team) 2010 annual report. Under the IT (Amendment) Act, 2008, Cert-In is designated to serve as the national agency in the area of cyber security.
Statistics retrieved from Cert-In reveal that it tracked around 6.9 million bot-infected systems and 14,348 website defacements in India in 2010. It reported that around 6,850 .in and 4,150 .com domains were defaced during January-September 2011.
But experts also admit they have no way of corroborating how groups such as Norton publish the statistics as India has no “reliable published data on cybercrime.
Symantec researchers maintain that credit cards and bank account credentials continue to be the top two advertised items on the black market. In the underground economy, bidding for credit card information starts at Rs 13 and that for bank account information at Rs 450, according to Symantec. And the average cost to resolve a data breach in 2010 was $7.2 million, according to Symantec researchers.
The threat is set to increase. Research firm KPMG’s e-Crime Report 2011 cautions that the “the future of targeted malware delivery is also inextricably linked to social networking. Yet, just one company, Tata AIG General Insurance Co. Ltd, offers cybercrime insurance in India. It has been doing so for more than a year and has a portfolio of at least Rs 10 crore. HDFC ERGO General Insurance Co. Ltd is hopeful of getting its product approved in a few months.
The claims, too, have been “far and few. If one needs further proof that cyber crime is on the rise, one only needs to look at the market for security products.
According to an RNCOS security market report, demand for IT security products and services have been witnessing exponential growth for past few years. Moreover, rapidly increasing cyber attacks on the websites of the government and enterprises has made it necessary for them to have an updated and strong IT security infrastructure in order to secure their vital information from malicious cyber attackers.
According to its recent research report “Global IT Security Market Forecast to 2013”, the global IT security market was worth nearly $60 billion in 2009, and is projected to grow at a CAGR of around 12% during 2010-2013.
On the regional front, our report indicates that the Asia-Pacific and the Middle East regions will experience significant growth in their IT security market in coming years. This growth will be driven by the rapidly growing Internet adoption and surging demand for IT-enabled business solutions in countries like India, China and the GCC region.