Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Cyber Laws. Show all posts

Can Legal Measures Slow Down Cybercrimes?

 


Cybercrime has transpired as a serious threat in India, prompting calls for comprehensive reforms and collaborative efforts from various stakeholders. Experts and officials emphasise the pressing need to address the evolving nature of cyber threats and strengthen the country's legal and regulatory framework to combat this menace effectively.

Former IPS officer and cybersecurity expert Prof Triveni Singh identified the necessity for fundamental changes in India's legal infrastructure to align with the pervasive nature of cybercrime. He advocates for the establishment of a national-level cybercrime investigation bureau, augmented training for law enforcement personnel, and the integration of cyber forensic facilities at police stations across the country.

A critical challenge in combating cybercrime lies in the outdated procedures for reporting and investigating such offences. Currently, victims often encounter obstacles when filing complaints, particularly if they reside outside India. Moreover, the decentralised nature of law enforcement across states complicates multi-jurisdictional investigations, leading to inefficiencies and resource depletion.

To streamline the process, experts propose the implementation of an independent online court system to expedite judicial proceedings for cybercrime cases, thereby eliminating the need for physical hearings. Additionally, fostering enhanced cooperation between police forces of different states and countries is deemed essential to effectively tackle cross-border cybercrimes.

Acknowledging the imperative for centralised coordination, proposals for the establishment of a national cybercrime investigation agency have been put forward. Such an agency would serve as a central hub, providing support to state police forces and facilitating collaboration in complex cybercrime cases involving multiple jurisdictions.

Regulatory bodies, notably the Reserve Bank of India (RBI), also play a crucial role in combatting financial cybercrimes. Experts urge the RBI to strengthen oversight of banks and enhance Know Your Customer (KYC) norms to prevent the misuse of accounts by cyber criminals. They should aim to utilise technologies like Artificial Intelligence (AI) to detect anomalous transaction patterns and consolidate efforts to identify and thwart cybercrime activities.

There is a growing consensus on the necessity for a comprehensive national cybersecurity strategy and legislation in India. Such initiatives would furnish a robust framework for addressing the omnipresent nature of this threat and safeguarding the country's cyber sovereignty.

The bottom line is putting a stop to cybercrime demands a concerted effort involving lawmakers, regulators, law enforcement agencies, financial institutions, and internet service providers. By enacting comprehensive reforms and fostering greater cooperation, India can intensify its cyber resilience and ensure a safer online environment for all.



GTA 6 Hacker: Life in Secure Hospital for Cybercrime Intent

The teenage hacker who leaked details about Grand Theft Auto 6 (GTA 6) is now facing a life sentence in a guarded institution, which is a surprise development. The person, identified as Lapsus, was placed under an indefinite hospital order because of worries that he would quickly return to his cybercrime operations.

The 18-year-old hacker gained notoriety for infiltrating Rockstar Games' highly anticipated GTA 6, leaking sensitive information and gameplay details to the public. His actions sparked a global uproar among gaming enthusiasts and raised questions about the vulnerability of major gaming studios to cyber threats.

Lapsus's fate took a unique twist as the court deemed him a significant cybersecurity threat, deciding to confine him to a secure hospital for an indefinite period. The severity of this sentence underscores the gravity of cybercrimes and the potential harm they can inflict on individuals and industries.

The court's decision was fueled by Lapsus's explicit intent to resume cybercriminal activities as soon as possible, as revealed during the trial. This alarming revelation highlights the challenges authorities face in deterring individuals with advanced hacking skills from engaging in illegal activities, especially when they show a clear determination to persist.

Many well-known media outlets reported on the case, highlighting the gravity of the hacker's misdeeds and providing details about the court procedures. For example, it was pointed out that the hacker's declared intention to immediately return to cybercrime is closely correlated with the decision to house him in a secure facility for the rest of his life. nevertheless, emphasized the temporary nature of the hospital order and the serious danger that Lapsus posed.

The case's implications stretch beyond the gaming community and serve as a sobering reminder of the continuous fight against cybercrime on a worldwide scale. highlighted the incident's worldwide ramifications in particular, drawing attention to the British juvenile hacker's acts and the eventual imposition of a life sentence in a guarded institution.

As The Verge pointed out, Lapsus's sentencing blurs the line between traditional imprisonment and confinement in a secure hospital, reflecting the unique challenges posed by hackers with the potential to cause significant digital harm. Security Affairs further delved into the case's specifics, providing insights into the legal aspects and the implications for future cybercrime prosecutions.

The GTA 6 hacker's sentence serves as an urgent alert regarding the evolving nature of cyber threats and the steps law enforcement must take to protect the public from those seeking to take advantage of technological weaknesses. The life sentence in a secure facility emphasizes how dangerous people who possess sophisticated hacking abilities and a strong desire to commit cybercrime again pose.


 Cybersecurity Teams At Their Saturation Point

As ransomware attacks rise in frequency and expose people and organizations to new dangers, cybersecurity experts are near breaking point. One-third of cybersecurity experts are considering quitting their position in the next two years, according to a Mimecast poll of 1,100 workers worldwide.

According to the report, cybersecurity teams are under a lot of pressure as a result of rising cybercrime rates and increased media coverage of cyberattacks. Numerous cybersecurity team members are worried that a cyberattack will cost them one`s jobs, and others are having trouble keeping up with the pressure.

In order to keep businesses secure, Mimecast claimed that cybersecurity teams are under a pressure cooker of constant attacks, disruption, and burnout, which makes it even harder to recruit and maintain the necessary cybersecurity specialists. According to Dreyer, "the need for cyber skills is greater than ever, and a lack of workers with the necessary competence has generated a constantly growing skills deficit only within industry."

Nearly two-thirds (64%) of cybercrime leaders polled by Mimecast reported having encountered at least one ransomware assault in the previous year, and 77% reported that since 2021, the frequency of cyberattacks on their company has either increased or remained stable.

According to research by Mimecast, these attacks have personal implications for the health of cybersecurity experts. More than half of respondents (54%) claimed that ransomware attacks had a bad effect on their mental health, and 56% said that their job grew more stressful every time.

Mimecast estimates that 56% of assaults cost firms a total of more than $100,000. Given that 50% of decision-makers spend less than $550,000 a year on cybersecurity, one attack may consume 20% of the budget.
 
IT security managers, according to Mimecast, feel less accountable when an assault is successful, with 57% stating a ransomware attack would make them feel highly responsible, up from 71% last year. Another obstacle to better cybersecurity awareness could be liability. 



 Australia Imposes Corporate Fines on Cybercriminals 

 

Following two significant cybersecurity breaches that exposed millions of people to illegal activity, Australia on Saturday recommended stiffer sanctions for businesses that don't protect customer data. 

The maximum punishment for recurrent offenses will be raised from the current $1.4 million to $32 million under amendments that will be presented to the Australian Parliament, according to a report from Reuters. In addition, if a company's revenue for a given period surpassed AU$50 million ($32 million), it might be fined the equivalent of 30% of that turnover.

Big firms might be liable for penalties of up to hundreds of millions of dollars, as per Attorney General Mark Dreyfus. It's designed to elicit thought in businesses. It's intended to act as a deterrent to urge businesses to safeguard Australians' data.

Tuesday marks the first day of parliament since the mid-September recess. Unknown hackers have stolen the personal information of 9.8 million users of Optus, Australia's second-largest wireless telecommunications provider since Parliament last met. Data theft has increased the danger of identity theft and fraud for more than one-third of Australia's population.

Unknown cybercriminals claimed to have stolen 200 terabytes of customer data, including medical diagnosis and treatments and demanded ransom from Medibank, Australia's largest health insurer, this week. There are 3.7 million clients of Medibank. According to the business, the hackers have established that they possess at least 100 people's personal information.

The government worries that businesses are holding on to excessive amounts of customer data for far too long in the hopes of making money out of it in addition to failing to safeguard personal information.

In the final 4 weeks that Parliament shall meet this year, Dreyfus expects that the suggested revisions will pass into law. Any new fines won't apply retroactively and won't have an impact on Optus or Medibank.





Major Security Breach Hits the Mexican Government

 


According to the president of Mexico, a group of hackers stole a sizable chunk of emails from the Mexican Defense Department as well as those from police and military organizations in other Latin American nations.

Lopez Obrador, often known as AMLO, has dismissed worries about the growing militarization of public security, claiming that in order to avoid corruption, the guard must now be under military direction. Speaking at a  press conference, the president verified allegations about his own health issues and confirmed that the information from the Defense Ministry hack that had been reported in local media overnight was accurate.

Media reports claim that the hacker gained access to six terabytes of material from the Defense Ministry, including transcripts of communications, details about criminal characters, and surveillance of Ken Salazar, the American ambassador to Mexico.

The hack was minimized by López Obrador, who claimed that "nothing is uncertain." He claimed that the attack appeared to have happened during a system change at the Defense Department.

However, Chile was so concerned about the intrusion into its own systems that last week, while being in the United States with President Gabriel Boric for the UN General Assembly, it called the defense minister back.

Emails from the militaries of El Salvador, Peru, Colombia, and the National Police of El Salvador are also included in the 10 gigabytes of data that the organization has taken. The majority of the data seemed to come from Mexico.

Anonymous social justice activists going by the name Guacamaya claim to employ hacking to expose wrongdoing and corruption on behalf of Indigenous people. The emails of a mining corporation long suspected of violating human rights and the environment in Guatemala were previously breached and made public by hackers with the same identity.

The group lamented the colonists' pillage of Latin America, which it refers to as Abya Yala, in a statement that accompanied the most recent action, as well as the 'Global North's ' ongoing extractivist objectives.

Data theft method

In a statement, the hacking group said that governments in Latin American nations utilize their militaries and police forces to 'hold their inhabitant's prisoners,' frequently after receiving intensive training from the United States. Although the group promised to make the records available to journalists, so far only a small portion has been publicized, possibly due to the overwhelming amount of material.

The hackers claimed in an email exchange that their analysis of the Mexico emails up to that point revealed that a lot of the information had been widely known and that they didn't believe there were any destructive emails, potentially because more private exchanges were better secured. However, they claimed there was proof the military was paying close attention to political and social movements.

In addition to the Zapatista rebel movement, which managed an uprising in southern Mexico in 1994, and groups contrary to López Obrador's current effort to build a tourist train around the Yucatan Peninsula, they claimed that those included relatives of 43 students who were kidnapped by local police and allegedly given over to be killed by a drug gang in 2014.

Guacamaya appears to be more of a 'hacktivist' hack-and-leak operation with social justice objectives rather than a cyberattack targeting government information systems for financial gain or extortion.

The details of the leak were first revealed by Mexican journalist and well-known government critic Carlos Loret, who claimed that the data collected from the ministry demonstrated the extent of the military's power under Lopez Obrador, who has given the military responsibility for everything from infrastructure development to customs supervision.

In spite of criticism of alleged military abuses and worries that the government is militarizing public security, lawmakers adopted legislation this month expanding the role of the armed forces in combating crime.




CRTC Inquiry Targets Dark Web Marketplace Sellers and Administrator

 

Four Canadians have been fined a total of $300,000 by the CRTC's Chief Compliance and Enforcement Officer for their engagement in the Dark Web marketplace Canadian HeadQuarters (also known as CanadianHQ). Following the execution of warrants by CRTC employees, the marketplace was taken offline. 

CanadianHQ was one of the largest Dark Web marketplaces in the world before it was closed down, and it played a pivotal role in damaging cyber operations in Canada. It specializes in the selling of spamming services, phishing kits, stolen passwords, and accessibility to infected systems, which were utilized by buyers to carry out a variety of malicious activities. 

The CRTC's inquiry centered on four people who reportedly sent emails that looked like they came from well-known companies in order to gain personal information like credit card numbers and banking information. 

The following people have been fined for violating Canada's anti-spam legislation (CASL) by sending commercial electronic messages without consent: 

• $150,000 Chris Tyrone Dracos (a.k.a. Poseidon) 
• $50,000 Marc Anthony Younes (a.k.a. CASHOUT00 and Masteratm) 
• $50,000 - Souial Amarak (a.k.a. Wealtyman and Supreme) 
• $50,000 Moustapha Sabir (a.k.a. La3sa) 

Mr. Dracos faces a harsher sentence as the marketplace's inventor and administrator for allegedly assisting in the execution of multiple CASL violations by the platform's suppliers and customers. Several other suppliers have been uncovered as part of this investigation, and enforcement measures will be taken against them in the near future, as per the sources. The Spam Reporting Centre encourages Canadians to report spam, phishing, and other suspicious practices. 

Steven Harroun, Chief Compliance and Enforcement Officer, CRTC stated, “Some Canadians are being drawn into malicious cyber activity, lured by the potential for easy money and social recognition among their peers. This case shows that anonymity is not absolute online and there are real-world consequences when engaging in these activities. 

“Canadian Headquarters was one of the most complex cases our team has tackled since CASL came into force. I would like to thank the cyber-security firm Flare Systems, the Sûreté du Québec and the RCMP’s National Division for their invaluable assistance. Our team is committed to investigating CASL non-compliance on all fronts.”