Social Media and Cyber Crime in South Asia: A comparative study of

Indian and Pakistani Cases

Submitted by: Submitted to:

Sugam Agrawal Ms. Nipun Gupta Jain
7M
40717703518
 Cyber Crime: Meaning
 The term cyber is a prefix which denotes a relationship with IT (information and
technology), in other words, anything related to computers such as internets, cloud
storage, etc. falls under the category of cyber.

 Whereas the term crime refers to an illegal act which causes harm either to person
physically, mentally or in any other way; or it harms the reputation of an individual.

 When these two terms cyber and crime meets and forms a single term “cybercrime”
it is deadliest combination. Now-a-days cybercrime is the most reported crime in
the country and people of all age groups are present and connected on social media.
 Relevant Legal Provisions

Cyber terrorism: 
Section 66F of the IT Act prescribes punishment for cyber terrorism. Whoever, with

intent to threaten the unity, integrity, security or sovereignty of India or to strike terror in

the people or any section of the people, denies or causes the denial of access to any person

authorized to access a computer resource, or attempts to penetrate or access a computer

resource without authorisation or exceeding authorised access, or introduces or causes the

introduction of any computer contaminant, and by means of such conduct causes or is

likely to cause death or injuries to persons or damage to or destruction of property or

disrupts or knowing that it is likely to cause damage or disruption of supplies or services

essential to the life of the community or adversely affect critical information infrastructure,

is guilty of 'cyber terrorism’ punishable up to imprisonment of life.

 Hacking and Data Theft:
  Sections 43 and 66 of the IT Act penalise a number of activities ranging

from hacking into a computer network, data theft, introducing and

spreading viruses through computer networks, damaging computers or

computer networks or computer programmes, disrupting any computer or

computer system or computer network, denying an authorised person

access to a computer or computer network, damaging or destroying

information residing in a computer etc. The maximum punishment for the

above offences is imprisonment of up to 3 (three) years or a fine or Rs.

5,00,000 (Rupees five lac) or both.

 Section 65 of the IT Act:
  Section 65 of the IT Act prescribes punishment for tampering with computer source
documents and provides that any person who knowingly or intentionally conceals,
destroys or alters or intentionally or knowingly causes another to conceal, destroy, or
alter any computer source code (i.e. a listing of programmes, computer commands,
design and layout and programme analysis of computer resource in any form) used
for a computer, computer programme, computer system or computer network, when
the computer source code is required to be kept or maintained by law for the time
being in force, shall be punishable with imprisonment for up to 3 (three) years or
with a fine which may extend to Rs. 3,00,000 (Rupees lac) or with both
 Section 424 of the IPC states that "whoever dishonestly or fraudulently conceals or
removes any property of himself or any other person, or dishonestly or fraudulently
assists in the concealment or removal thereof, or dishonestly releases any demand
or claim to which he is entitled, shall be punished with imprisonment of either
description1 for a term which may extend to 2 (two) years, or with fine, or with
both.

 Section 378 of the IPC relating to "theft" of movable property will apply to the
theft of any data, online or otherwise
 Identity theft and cheating by personation: Section 66C of the IT Act prescribes
punishment for identity theft and provides that anyone who fraudulently or
dishonestly makes use of the electronic signature, password or any other unique
identification feature of any other person shall be punished with imprisonment of
either description for a term which may extend to 3 (three) years and shall also be
liable to fine which may extend to Rs. 1,00,000 (Rupees one lac).

 Amendment: New sub-section (3) was inserted in section 4 of the IPC (relating to
the extension of the IPC to extra territorial offences) that states that the provisions
of the IPC shall be applicable to any person in any place "without and beyond
India", committing an offence targeting a computer resource located in India.
Comparative study of Indian
and Pakistani Cases:
 INTRODUCTION
 India and Pakistan have been regional rivals since their independence
in 1947

 While cyberspace and the internet facilitated communication between

India and Pakistan, it also served to increase tensions between the
states and their populations.

 In addition to the hacktivists and patriotic hackers’ cyber-activities,

Indian and Pakistani actors also conducted cyberespionage against
one another, which added pressure to the already tenuous situation.
 BACKGROUND
 The relationship between India and Pakistan is famously tense, and both
sides have attempted to win strategic advantage over the years.

 New technologies, for example, are quickly integrated into standard

diplomatic and military doctrine.

 Pakistan quickly followed India’s acquisition of nuclear weapons and

increased the stakes of an escalation. Therefore, both saw the opportunity to
use cyberspace to harass the Adversary With little risk of retaliation

 Cyberattacks are typically low intensity, unsophisticated and cause little

damage.
 Instances of Hacking
 05.1998 Pakistani hackers hack the Indian Bhabha Atomic Research
Center’s website (Garsein, 2012).

 23.10.2001 Pakistani patriotic hackers deface two Indian News Websites

(Majumder, 2001).

 27.11.2008 As retaliation for the Mumbai terrorist attacks,Indian Hackers

deface several Pakistani websites.

 10.04.2017 Indian hackers retaliate with the defacement of hundreds of

Pakistani websites to protest against their compatriot’s death penalty
sentence(Trivedi, 2016).
 Actors in cybercrime
2 Types:

1. Hactivists and Patriotic Hackers:

who supporters of their state , acting on their own initiative and

targeting the enemies of their coutry or the contries conflicting with
theirs.

2. Advance Persisitent Threats:

Cyberattack executed by criminals or nation-state with intent to

steal data or surveil systems over an extended time period.
 Indian Hactivists and Patriotic Hackers
 Indian hacktivists and patriotic hackers were largely identified as acting in defense of
Indian interests in cyberspace. They most typically perpetrated website defacement on
Pakistani government websites. Some hacktivists and patriotic hackers also claimed
ransomware attacks on Pakistani airports and government websites (Shukla, 2017;
Trivedi, 2016).

 They may have participated in these campaigns for the thrill or to test their
knowledge.
 Pakistani Hactivists and Patriotic Hackers
 Similar to Indian hacktivists and patriotic hackers, Pakistani hackers
mostly targeted Indian government websites using defacement techniques.

 Particularly active in retaliation for Indian hacking events, or after

specific physical events in Kashmir and Jammu (Trivedi, 2016).

 The work of the Pakistan Cyber Army (PCA) was first observed in
November 2008 in the defacement of the Indian Oil and Natural Gas
Company.

 Unclear whether the group has ties to the Pakistani government or if it

acts as an independent entity.
 Indian APTs
 APT typically used malware available for free.

 Indian APT sometimes reused its command and control (C&C)

infrastructures and decoy documents in spear phishing emails.

 The malware it develops itself was often an amalgamation made by

directly copying lines of codes from hacker forums or online public
coding projects.

 Based on various cybersecurity reports on the Indian APT, it seems very

many APTs have support from the Indian authorities or is part of the
Indian state.
 Pakistani APTs
 The Pakistani APT has been active since at least 2012.

 The APT created counterfeit news websites and sent the link via email to
get their victims to click on malicious links to download infected
documents.

 According to Cyber security experts from Trend Micro, the Pakistani

APT used known vulnerabilities to deliver malware and its C&C
infrastructure was easy to map.

 Though the Pakistani APT’s targets were also suspiciously in line with
the interests of the Pakistani government, neither Proof point nor Trend
Micro were able to link the Pakistani APT to the Government of Pakistan
 TARGETS
 Hacktivists and patriotic hackers from both states tended to target
government institutions and media websites, and their website
defacements were largely opportunistic.

 The Pakistani APT targeted primarily Indian military and

diplomatic personnel for the purposes of national security espionage,
but also targeted other political and military entities in South Asia

 India’s APT conducted mostly cyberespionage against Pakistani

private firms and government agencies, but also against international
industries.
 TOOLS AND TECHNIQUES
1. Website defacement:
Website defacement involves the change of the physical appearance of a
website or the redirection of users to another website.

2. Spear Phishing:
Spear phishing consists of sending an email that appears to come from a
trusted contact or organization. As soon as the attachment is downloaded, the
system gets infected.

3. Malware:
Malware are generally designed to take screenshots, steal documents, record
keystrokes, and self-update.
 Effects
1. Social Effect:
The inconvenience created by website defacement affected the users of the defaced
websites, especially because hacktivists and patriotic hackers often targeted
government agencies’ websites. It creates the environment of distress and
annoyance amoug people specially if it effects their daily work and lifestyle.

2. Economic Effects:
Defacements result in lost customers due to the unavailability of the webpages and
damages to the businesses’ reputation. It also results to lack of trust in case of
government website being hacked and people shift to private websites which
result in loss of government revenue .
 ...contd

3. Technological Effects:

Cyber security experts that studied APT groups from India and Pakistan found that it

was easy to conduct significant cyber espionage campaigns using relatively

unsophisticated and readily available cyber tools.

4. International Effects:

The international consequences of India and Pakistan’s rivalry in cyberspace are

minimal as it is considered to be their personal matter but still it taints the already

pathetic relation of both states as both are now nuclear powers.

 Conclusion
Cyber crime is a persistent problem and need to be fixed. It is, therefore, necessary
to raise awareness among users about such dangers. Sensitization campaigns could
help users to more easily recognize spear phishing emails and watering hole
attacks. Institutions could also implement standardized procedures in case an
employee opens a malicious attachment or clicks on a malicious link.
Technological tactics may be used to prevent website defacement and
Implementing an email authentication system like the Sender Policy Framework
(SPF), could provide a technological solution to problems of phishing.

In addition, website defacement monitoring and detection tools could help website
owners react faster in the event of a defacement.
THANK YOU