For the past two decades, an era of internet network-based devices has emerged as the necessity for humankind which has led to the invention of the devices like telephone, the computer and remote access-based networks like VPN and Wi-Fi. These inventions essentially facilitate users in their business and make communication quick while saving a lot of data. While these inventions make our lives easier, they also have the potential to increase the crime. Undoubtedly, these inventions have become an integral part of our lives or rather they have become indispensable but they have also given birth to new kind of crimes called “cybercrimes”.
Merriam Webster’s dictionary defines cybercrime as “criminal activity (such as fraud, theft, or distribution of child pornography) committed using a computer especially to illegally access, transmit, or manipulate data”. In essence, cybercrime can be committed by a device which has a professor and a network. The same device can be used by the criminal or it can be targeted by a criminal. Purpose of this criminal activity is not limited to just earning ransom, but sometimes it is used to specifically target individual or organization to acquire data. There are some skilled criminals who every time use organized innovative methods and also provide training to prospective hackers. These so-called hackers usually target people with spam mail or send viruses in the devices of the victim to damage their device be it computer/laptop/tablet or anything like that.
Offences relating to the unauthorized use of a computer (s. 342.1) and possession of the device to obtain unauthorized use of computer system or to commit mischief (s. 342.2) are found in Part IX of the Criminal Code, R.S.,1985, c. 27. These Sections in essence not just prohibit fraudulently obtaining any computer service or intercepting any function of a computer system but also prohibits the use of a computer system with the intent to commit such an offence.
Types of cybercrimes
Following are various types of known cybercrimes, though the list is not exhaustive.
- The cybercrime which is based on sending Email in the computer system.
- Internet fraud which through a network intercepts another device
- Identity fraud used to steal the identity of government official or individuals to access the data through stolen identity, blackmail and espionage by an enemy.
Escalation of Cybercrime in COVID-19
When pandemic of COVID-19 has increased anxiety of both, an individual and an organization world over, people have increasingly started to rely more and more on the processor system, handset devices, VPN system for the conference and for work from home and shopping of grocery for purpose maintaining social distance in an effort to mitigate the contagious effect of COVID-19. It has been increasingly reported that nasty elements of society are taking advantage of vulnerabilities of people to (a) target computers to extract computers essential by using malware distribution and phishing mail through websites or by providing document information, (b) defraud people by a fraudulent scheme where people are deceived into purchasing goods such as masks, hand sanitizer, fake medicine claiming to prevent and cure SARS-CoV-2, (c) attack the organization like World Health Organization (WHO) who are playing a pivotal role in this pandemic, (d) spread fake news filled with misinformation and troll people by using fake media accounts to create panic, social uncertainty and disharmony and distrust the government and measures taken by health authorities and (e) target mobile phone users by using fraudulent applications claiming to provide genuine information on COVID-19 in the guise of extracting money.
As if it were less, the scenario has emerged where the whole financial market is in chaos and people are panicking to purchase stock and shares. It is not surprising that the cybercriminals are using this situation to capitalize on their activity. They are relying on one’s susceptibility to scam their mailbox spiteful of emails and news. Targeting through websites makes one fall in their prey easily and increases larceny of data creating further apprehension in the community. They have not spared any sector, be it private or public to easily earn ransom by providing fake information to capitalize on people’s anxiety. They basically do it by creating forged news websites which make eye-catching headlines. When people in their anxiety look for information related to COVID-19, they click on these links which apparently give an indication of providing something related to COVID-19, but in effect, it is a tool to inject the virus in the electronic device and transfer data stored in that device to that of criminals’ device. These websites also run a whole racket of selling counterfeit hand-washes, antiseptics, lotions and the fake pill claiming to cure the infection at the early stage itself, thereby extorting a large sum of money.
A phishing e-mail is something which operates through another form of communication. Through this phishing mail, misleading mail is sent to the person which in essence not only undermines that person’s security but also that of the organization they work for. Phishing is something which attaches with the file or any link. Sometimes criminals also ask the receiver to respond with confidential information. A famous example of a phishing scam took place in 2018 during the Foot World Cup. It basically involved sending spam emails to the football fans to entice them with fake news for a free trip to Moscow, where the World Cup was being hosted. People in their lurch were opening it and clicking on the links contained in emails, unmindful of their private data being stolen.
A malware attack is a type of virus that attacks the device by the virus or malware. A device conceded by malware is used by cybercriminals for the purposes of hacking that device which can include theft of private data or damage to data. During COVID-19, work from the desk of office has shifted to laptop at home. Sometimes employees themselves chose to work from home obviously those who can afford to so which, sometimes its employer who keeping in my health factor askes their employees to work from home. This has substantially increased the number of people relying on these cybercrime prone devices to do justice to their work. While working at home, employees keep a large amount of data, sometimes sensitive in their personal laptop for official purpose. Sometimes they keep transferring it from one device to another. When their devices are infected with malware attack, it becomes easier for attackers to steal the data.
Distributed Denial-of-Service Attack (DDoS) is a type of cybercrime which attacks the cloud and router-based network device. This cloud target is used to hack the data which is usually saved by the user in the hard drive or cloud data centre. A DDoS attack overcomes a data clouds centre by using its one of the systems to put spam in another device with the connection request. This attack type is most often used by the cybercrime organization to hack or destroy the data of the government department with malicious intent or because of enmity between an individual and the government. In a COVID-19 type pandemic, this software is especially used to steal the government plan and project to in such a way to misrepresent it before the people to mislead them with a potential to create chaos.
One of the largest categories of attack is through spam mail. Spam mail is basically a tool to deceive people. Spam link is put into the mail send to other people and when these people click on the spam link, it will open infect the computer thereby making it prone to be hacked by criminals.
Identity theft and identity fraud are another type of cybercrimes, where the link is provided to the users on the device or on the system through any means and when a person clicks on the same, the link gets open and the details of the users are automatically sent to the criminal’s computers. This type of fraud by cybercriminals is used to steal the identity of the person which can be later used by criminals to extort money or exploit them. Identity fraud is basically a fraud committed on the digital platform. Data stolen through identity theft are sold to other people or organization by these criminals. One of the purposes of doing this can be to degrade the former company or organization by its previous employee.
How Cybercrime can be resolved during COVID-19?
It is beyond doubt that COVID-19 has become boon for cybercriminals and fraudsters all around the world and Canada is no exception to it. The only way to resolve it is through strong collaboration between the public and private sectors.
Cybercrimes don’t only affect an individual or organization but it has the potential to threaten global prosperity. It should not surprise anybody if one is lured by impersonating regional health authority for fake vaccination information, purchase and delivery of personal equipment (PPE), medical and pharmaceutical supplies or by spoof emails from human resource personals for false job promises. When everybody is confined to their homes and most of the things have come to stand still, cybercriminals have got free hand as the risk of getting caught is less and on the contrary returns are very high for them. There is a cascading effect of the attacks. Once they earn a substantial amount of money from these attacks, it allows them to improvise their capacities and build new tactics to intensify their activities to target a larger audience.
An effective response to cybercrimes requires exploring many possible courses of action and taking the interest of both the public and private sector into account. Further, an optimal plan of action should leverage the expertise of both the public and private sectors. Designing and implementing such a response requires creativity in the conceptualization and implementation of collaborative action. We need to quickly disrupt cybercriminal infrastructures and services in ways that will raise the cost for criminal actors. Besides that, wherever possible we need to attribute and prosecute cybercrime to raise the risk to criminal players and offer justice to victims. This will ultimately make the whole situation adversarial to them. Unlike other criminal areas, in the field of cybercrimes, the private sector has superior access to technical information and the capacity to identify, track and analyse cybercriminal infrastructures and potential threats. This capability gives the private sector the ability to not only uncover criminal activities but also to undertake targeted and disruptive actions by dismantling the criminals’ infrastructure. However, these capabilities have limits and only governments have the legal authority to prosecute cybercriminals and impose penalties. Thus, as of today neither the private nor the public sectors has sufficient capabilities to reduce the global impact of cybercrime on their own.
The critical situation in pandemic which has intensified the global cybercrime problem has led to chaos among the people. Cybercrime emerged as a serious threat on which the government has to take preventive measures to protect society. The cognizance of such crime strictly has to be taken by the provincial government and federal government together. They have to make effective legislation to circumvent the threat of cybercrime. The procedure laid down in legislation has to be debauched that can resolve prospective threats effortlessly. Software and other devices manufactures are required to provide security to protect viruses and malware since the beginning. The government should also be vigilant towards securing its sensitive data and projects so that it can become cybercrime prone. In case financial constraints allow, the Government should take steps to make another department of intelligence to monitor the whole cyber world. One thing is clear, cybercrimes are here to stay. Our awareness can also lessen its effect.