During his address at the G-20 Conference on Crime and Security, in July 2023, Union Home Minister Amit Shah said, “Transformation of our security challenges from dynamite to metaverse, and, conversion of hawala to crypto currency is a matter of concern for the countries of the world, and, all of us together, have to devise a common strategy against it.” Dwelling on the challenge of harnessing the potential of emerging digital technologies like AI, ML and data analytics while ensuring a secure and prosperous digital future for all, Amit Shah noted that India wants to create a ‘Cyber Success World’ and not a ‘Cyber Failure World’. He talked about a number of initiatives that the government has taken to make cyberspace safe for the people of the country.
What are the police departments in the country doing to secure cyberspace? B. Shanker Jaiswal, Joint Commissioner, Delhi Police, in conversation with Anoop Verma, Editor (Desk), ETGovernment, sheds light on the technological and procedural initiatives that the Delhi Police has taken to control the menace of cybercrimes.
Edited excerpts:
There are reports which suggest that India ranks among the top 5 most targeted countries by cyber criminals. What steps is Delhi Police taking to reduce the number of cyber-attacks?
As more and more systems of governance, private companies and ordinary consumers go online, the cyber criminals have more targets to attack. The Delhi Police has developed a comprehensive cyber crisis management plan to fend off cyberterrorism and cyberattacks. Sometimes attacks happen because the users are careless in handling their digital systems–to make people aware of the dangers of cyber attacks, we publish security tips for users to secure their computers and smartphones. Our advice is that before being hosted, websites and applications should undergo a cyber security audit. Regular audits of the websites and applications must be carried out both during and after hosting. We are working to develop firm standards for important roles and duties related to digital infrastructure and applications. We regularly carry out cybersecurity dummy exercises to evaluate the resilience of cyber systems. We also conduct training and skill development sessions on cybersecurity for the employees of government departments and critical sector organisations.
What are the different forms of cybercrime that the law enforcement agencies in the world are grappling with today?
There are many types of cybercrimes. There is phishing, cyber stalking, vishing, hacking, child pornography, denial of service attack, virus dissemination, computer vandalism, cyber terrorism software piracy and ransomware. Sometimes hackers intrude into computer systems and manipulate data integrity, install sniffer software, steal passwords, install Trojans and viruses, and execute denial of services attacks. With advances in technology, the cybercriminals keep upgrading their line of attack. The police departments have developed new strategies and adopted new technologies to thwart the designs of the cybercriminals and apprehend them.
If a citizen becomes the victim of cyber attack, what steps should he or she follow to get redressal?
The first thing that the victim should do is report that crime. The Government of India has launched a good online initiative for reporting cyber crimes, including those pertaining to women and children–this is the National Cybercrime Reporting Portal (www.cybercrime.gov.in). This portal makes it very convenient for victims to quickly report a cyber crime. The more quickly the report is filed, the easier it is for the police departments to solve the cybercrime. If the filing of the report is delayed, then the cyber criminals have the time to cover their tracks.
What steps have been taken by Delhi Police to create infrastructure, such as cyber forensic labs, for investigating cybercrime incidents?
The Delhi Police’s Intelligence Fusion & Strategic Operations (IFSO) is a specialized unit that works on sensitive cybercrime cases, particularly those involving women and children as victims. It is housed under the IFSO, Special Cell. The Cyber Crime Unit is outfitted with a Cyber Lab that possesses cutting-edge cyber forensic capabilities, including the ability to retrieve erased data from hard drives and mobile phones and compute hash values. This lab has the capacity for imaging servers, carrying portable forensic instruments for on-site inspection, and extracting data from all sorts of mobile devices including popular ones like Android and iOS devices. There is the Centre for Malware Analysis and Botnet Cleaning which offers free tools to detect harmful programs and remove them.
Despite the best efforts of the police department, if there is a large-scale cyber attack, what are the set-procedures for action from the law and order machinery?
To deal with large-scale cases of cyber attacks and cyber terrorism, the Government of India has created a Cyber Crisis Management Plan (CCMP). This plan contains guidelines for establishing the strategic framework within which the law and order machinery will have to operate for responding to the event and ensuring quick recovery of the critical services that enable the smooth functioning of society. This plan pinpoints the responsibilities and accountabilities right down to individual level.
How are the cyber crimes that get reported investigated? Do you have a set of rules and processes that the investigating officers must follow while investigating cyber crime?
The investigation of a cyber crime usually starts with a complaint filed by the victim at a police station or through the online cyber crime reporting portal. The officer assesses the seriousness of the crime and determines if it qualifies as cybercrime as per the Information Technology Act (Amendment) Act, 2008. Officers with specialized training or a cybercrime unit usually handle the case. Following proper legal procedures, they will collect digital evidence from devices like computers, phones, and servers. This may involve seizing devices or obtaining copies. Strict protocols ensure the chain of custody is maintained to preserve evidence integrity for court.
The collected devices are sent to a cyber-forensic lab (potentially the National Cyber Forensic Lab or FSL Delhi in Delhi’s case) for in-depth analysis. Forensic experts use specialized tools and techniques to recover deleted data, identify traces of the attacker, and analyze the nature of the crime. While forensic analysis is ongoing, investigators may track online activities, analyze network logs, and contact internet service providers (ISPs) to identify the origin of the attack and trace the culprit. Open-source intelligence (OSINT) technique is a useful tool in cyber crime investigation.
Cyber crimes happen in the online space. Are there any special legal processes that have to be followed for the investigation of such crimes?
The legal processes are broadly the same. Throughout the investigation, officers follow legal guidelines for search warrants, data collection and suspect identification. For cybercrimes crossing state borders or involving international actors, collaboration with other law enforcement agencies and international partners becomes imperative. Based on the investigation findings, the police will file a chargesheet with the court. The collected evidence, including the forensic report, will be presented in court to prosecute the cybercriminal.
The proliferation of connected devices and the Internet of Things (IoT) has further amplified the cyber security challenges. With an estimated 20 billion IoT devices being in use in India, the attack surface for cybercriminals has expanded. What can users do to save themselves from becoming the victims of cyber crime?
There is a lot that the users can do to prevent cybercrimes. Our advice is that the users should use secure passwords, update their software, control their social media settings, fortify their home network and educate their children about the dangers of the internet. Cyberspace transcends national boundaries. A criminal in any place in the globe can succeed in committing the cybercrime such as identity theft or phishing. The IoT system of connected devices makes our life convenient but the convenience should not be at the cost of our security. We have to use the IoT devices in a responsible way. Everyone can take small precautions like installing good antivirus software and keeping the bluetooth hidden when the facility is not in use.
Digital technologies are evolving at a fast pace. Now we are in the age of emerging technologies like AI, ML and data analytics. Do you think that the emerging technologies have the potential to strengthen the law enforcement systems?
By spotting irregularities in network traffic, spotting malware, categorizing files according to their content, and recognizing objects and persons in photos and videos, AI and ML can support digital forensic research. The potential of AI and ML to improve investigative consistency and spot emerging criminal trends makes these technologies critical for digital forensics. AI and ML models can be trained on existing data sets to develop statistical learning for forecasting. This reduces the number of instances that need to be manually assessed and helps identify new cases and evidence to look into.
AI and ML algorithms are able to recognize patterns and anomalies that might not be immediately visible to the human eye. This is useful in situations where evidence is hidden or camouflaged and produces more accurate and trustworthy conclusions. By automating and simplifying a number of processes related to examining digital evidence, including pattern recognition, image and video processing, and data analysis, digital forensic investigators can quickly examine vast volumes of data, find relevant information, and make connections that might not be apparent when using traditional human techniques.
