The Protector

Author: admin

  • PM Modi Cautions Against Digital Arrest Scams

    PM Modi Cautions Against Digital Arrest Scams

    In his latest Mann Ki Baat address, Prime Minister Narendra Modi cautioned the nation about the alarming rise of the ‘digital arrest’ scam. This scam involves fraudsters posing as law enforcement officials to extort money from unsuspecting victims. PM Modi revealed that in the first quarter of 2024 alone, Indians lost a staggering Rs 120.3 Crore to these scams. During his address, he detailed the modus operandi of these fraudsters who often impersonate officials from the police, CBI, narcotics departments, or even the Reserve Bank of India. They create an atmosphere of fear by presenting themselves in agency uniforms and quoting legal provisions, ultimately threatening to arrest the victims unless they pay a specific sum of money.

    The digital arrest scam is a rising threat in India, with scammers using fear tactics to exploit victims. According to the NCR Police, 600 cases of digital arrest were reported within three months.

    A large number of complaints are reported on the National Cyber Crime Reporting Portal (NCRP) regarding intimidation, blackmail, extortion, and digital arrests by cybercriminals posing as police authorities or officials from the Central Bureau of Investigation (CBI), Narcotics Department, Reserve Bank of India (RBI), Enforcement Directorate, and other law enforcement agencies.

    These fraudsters typically call a potential victim and inform them that the victim has sent or is the intended recipient of a parcel, which contains illegal goods, drugs, fake passports, or any other contraband item. Sometimes, they also inform the victim that a near or dear one is involved in a crime or an accident and is in their custody. A demand for money is made to compromise the ‘case’. In certain instances, unsuspecting victims are made to undergo ‘digital arrest’ and remain visually available over Skype or other video conferencing platforms to the fraudsters till their demands are met. The fraudsters are known to use studios modelled on police stations and government offices and wear uniforms to appear genuine.

    Across the country, several victims have lost large amounts of money to such criminals. This is an organised online economic crime and is learnt to be operated by cross-border crime syndicates.

    In short, fraudsters pretending to be police and customs officials call people, claiming they are under digital arrest for an illegal act. The callers mostly pretend to be either police personnel or officials from the customs department. After switching to video, victims are shown a police station-like setup to make them believe the call is from law enforcement. The target is accused of illegal activity, and scammers present fake documents showing the digital arrest. Thousands of people have fallen victim to such scams, though digital arrest has no basis in law.

    Reports of these scams are increasing across India:

    • An elderly man in Ahmedabad was tricked into transferring Rs 1.26 Crore in a digital arrest scam, with scammers impersonating high-ranking officials, including the Chief Justice of India.

    • In August 2024, Bengaluru Police arrested several men after a victim was allegedly scammed out of more than Rs 2 Crore. Fraudsters said a parcel addressed to the victim contained the drug MDMA and had been seized by police. Over a WhatsApp call, they threatened him with legal action if he did not pay to settle his alleged legal issues.

    • Actor Maala Parvathi, mainly in Malayalam-language movies, reported being targeted by such a scam. Media reports stated that scammers showed her fake ID cards, pretending to be officers from Mumbai Police, and accused her of smuggling drugs to Taiwan. She realised it was a fraud before any exchange of money took place.

    • A senior official in the National Buildings Construction Corporation (NBCC) was duped of Rs 55 Lakh in another digital arrest case. The accused video-called the victim on WhatsApp, claiming she was under digital arrest until the CBI could arrive. On September 9, the 35-year-old woman received a call claiming to be from a customs official at Mumbai International Airport. They stated that customs had intercepted a parcel on September 6 containing 16 fake passports, 58 ATM cards, and 40 grams of MDMA, with her details listed as the sender. The caller claimed that Mumbai Police had issued an arrest warrant against her and that she must surrender. He then suggested she transfer Rs 55 Lakh to verify her account to avoid money laundering charges, after which the scammers vanished.

    It is not only vulnerable groups who fall prey to these scams. Even wealthy individuals have been targeted. Textile industry doyen

    S P Oswal was reportedly tricked into transferring Rs 7 Crore. Oswal, the Chairman-cum-Managing Director of Vardhman Group, the largest textile manufacturing group in the country, was held under digital surveillance for two days over Skype by fraudsters posing as CBI officers. The scammers staged a fake Supreme Court hearing on Skype, with one impersonating Chief Justice of India D Y Chandrachud and issuing a fraudulent order.

    A large number of complaints have been made on the National Cyber Crime Reporting Portal (NCRP) about intimidation, blackmail, extortion, and digital arrests by cybercriminals posing as police officers, the Central Bureau of Investigation (CBI), Narcotics Department, Reserve Bank of India (RBI), and Enforcement Directorate (ED), among others. Victims across the country have reported losing significant amounts to these criminals.

    In his warning, Modi advised victims to follow three steps to stay safe:

    1. “Stay calm and do not panic. Record or take a screen recording if possible.”

    2. “Remember that no government agency will threaten you online.”

    3. “Take action by calling the national cyber helpline and informing the police.”

    In reality, digital arrest is not legally recognised, and people need not panic. “There is nothing like digital arrest in our law. This is just fraud, deceit, and lies by a gang of criminals who are enemies of society,” said Prime Minister Modi. The scale of the scam is evident from NCRP data: Indians have lost up to Rs 120 Crore in digital arrest cases in the first quarter of 2024. PM Modi addressed this topic to raise awareness and encourage caution.

    How to Protect Yourself

    • Verify information: Never share personal or financial details over the phone or online unless you are certain of the requester’s identity.

    • Be wary of unfamiliar numbers: Avoid answering calls from unknown numbers, especially those with foreign area codes.

    • Cross-check information: Verify suspicious calls or messages with a trusted source, such as a government website or law enforcement agency.

    • Stay calm: Scammers rely on fear and intimidation to manipulate victims. Stay calm and avoid impulsive decisions.

    • Report the scam: If targeted by a digital arrest scam, report it to local police or cybercrime authorities.

    Actions by the Centre

    Indian intelligence agencies have identified the scams as part of a coordinated online economic crime network operated by cross-border syndicates. In response, the Indian Cyber Crime Coordination Centre (I4C), under the Ministry of Home Affairs (MHA), has blocked more than 1,000 Skype IDs associated with these activities, with technical support from Microsoft.

    The I4C is also working to block SIM cards, mobile devices, and mule accounts used by cybercriminals. In a security advisory, HDFC Bank warned about “money mules” — unsuspecting individuals tricked into laundering stolen or illicit money through their bank accounts, often becoming the target of police investigations once the crime is reported.

    The MHA, alongside other government ministries, the Reserve Bank of India (RBI), and various organizations, is actively combating these cybercrimes. The I4C provides support to State and union territory police forces by supplying intelligence and technical assistance to help identify and investigate cybercrime cases.

    Additionally, the I4C raises public awareness through its social media platform, Cyberdost, sharing infographics and videos on X (formerly Twitter), Facebook, Instagram, and other platforms. Citizens are encouraged to remain vigilant, report any suspicious calls, and share information on cybercrime prevention.                     

    To report scams, individuals can contact the national cybercrime helpline at 1930 or visit

    www.cybercrime.gov.in.

  • Cybersecurity in the Age of AI, 5G, and Quantum Computing: Global and Indian Perspectives

    Cybersecurity in the Age of AI, 5G, and Quantum Computing: Global and Indian Perspectives

    Padma Jaiswal, a 2003-batch IAS officer from the AGMUT cadre, holds an MBA from Panjab University and a degree in Company Secretaryship. She has held significant roles in the Union and State governments, public-sector companies, and regulatory institutions like RBI, SEBI, and the Election Commission. Currently serving as Secretary to the Government for Union Territories and States, her responsibilities include policy formulation, implementation, and key decision-making within her jurisdiction in coordination with relevant ministers or the Council of Ministers.

    As the world increasingly adopts AI, 5G, and Quantum Computing, these technologies provide new opportunities across various industries while exposing nations to more sophisticated cyber threats. Sectors such as finance, healthcare, critical infrastructure, and smart cities face unique risks associated with these advancements. Different countries, including India, are addressing these challenges in various ways. To effectively mitigate these risks, a combination of regulatory frameworks, public-private collaboration, and innovative cybersecurity solutions is essential. In the following sections, we will explore the implications of these technologies with use cases from India and around the world, highlighting both shared challenges and distinct responses.

    AI: Enhancing Defences and Enabling Attacks

    AI has a dual nature: it can strengthen cybersecurity while empowering cybercriminals. Governments and businesses globally are using AI-based tools to detect threats and predict cyber incidents. For instance, CERT-In in India utilises AI to monitor government networks, and AI-driven fraud detection tools help protect banking operations from phishing and identity theft.

    On the other hand, cybercriminals also exploit AI to carry out targeted phishing attacks and create deepfake frauds. In India, hackers used AI to replicate bank communications, tricking customers into disclosing their account credentials. Similarly, in the UK, cybercriminals employed deepfake audio technology to impersonate a CEO, resulting in a fraudulent transfer of over $243,000. These incidents highlight that while AI strengthens cyber defences, attackers use it to devise more complex and personalised threats, making cybersecurity a continuous challenge.

    Globally, the response includes AI regulation and collaborative defence frameworks. India’s push for robust AI governance aligns with efforts in Europe where the EU’s AI Act seeks to ensure the ethical and secure use of AI in high-risk applications.

    5G Networks: Expanding Connectivity and Increasing Vulnerabilities

    The rollout of 5G networks introduces new risks due to the rapid increase in Internet of Things (IoT) devices connected to critical infrastructure. In India, cities like Pune and Bengaluru utilise 5G-powered IoT systems to manage traffic, utilities, and healthcare services. However, if IoT devices are compromised, it could disrupt essential services. For example, in Delhi, an IoT-enabled ventilator in a hospital was targeted by attackers, putting patients at serious risk.

    Similar vulnerabilities have arisen globally. In Finland, a distributed denial-of-service (DDoS) attack on IoT-connected security cameras compromised the surveillance system of a major hotel, demonstrating how cyber-attacks on smart systems can affect safety and operations. In the United States, telecom operators continue to experience persistent DDoS attacks on their 5G infrastructure, causing disruptions across multiple States.

    To mitigate these risks, India must implement IoT security standards and adopt zero-trust frameworks. Other countries are taking similar measures: Japan has put strict IoT security policies in place ahead of the 2020 Olympics, while South Korea has mandated zero-trust protocols for its 5G networks to prevent unauthorised access and insider threats.

    Quantum Computing: Threats to Encryption and Development of New Defenses

    Quantum computing poses a significant threat to traditional encryption methods, raising concerns about the security of financial data, defence communications, and personal information. India’s financial systems, which rely on encryption to secure Aadhaar-linked accounts, are particularly vulnerable to attacks enabled by quantum computing. Hackers could steal encrypted data today and decrypt it in the future, jeopardising national security and financial stability.

    Similar challenges are being addressed globally. In the United States, the National Institute of Standards and Technology (NIST) is leading efforts to develop post-quantum cryptography standards to protect critical infrastructure from future threats. Meanwhile, China is making substantial investments in quantum technologies, heightening concerns about an encryption arms race among global powers.

    India has already begun preparing for a quantum future. In 2022, the Indian Space Research Organisation (ISRO) successfully conducted a Quantum Key Distribution (QKD) test between two cities, demonstrating progress toward creating secure, unhackable communication channels. Additionally, the Reserve Bank of India (RBI) has initiated research into quantum-safe cryptography for banking systems to safeguard transactions against future quantum threats.

    Cascading Failures and Global Risks

    The convergence of AI, 5G, and the Internet of Things (IoT) poses systemic risks, where failures in one system can lead to disruptions across interconnected sectors. This phenomenon is already being observed both in India and internationally. For instance, in Mumbai, a suspected cyber attack in 2021 disrupted the power grid, leaving parts of the city without electricity. Similar incidents have occurred in Ukraine, where cyber attacks on the power grid resulted in nationwide blackouts, underscoring the risks associated with attacks on critical infrastructure.

    The combination of AI-powered malware and 5G networks introduces further dangers. In South Korea, hackers utilised AI-driven malware to compromise an autonomous vehicle system, which could have led to serious accidents if not detected in time. The potential for cascading failures highlights the urgent need for nations to implement real-time monitoring tools and promote public-private collaborations to secure critical infrastructure.

    India’s National Critical Information Infrastructure Protection Centre (NCIIPC) is collaborating with private companies to safeguard telecom, energy, and transport networks against such cascading failures. Similarly, global efforts are underway, with the United States and the European Union launching cross-border collaborations to protect supply chains and critical infrastructure from AI-enhanced attacks.

    Mitigating Cyber Risks: Strategies for a Secure Digital Future

    As cyber threats are evolving, nations must adopt proactive strategies to secure their digital infrastructure. India has made significant progress with AI-powered incident response tools, such as those used by the Maharashtra Cyber Cell, which successfully averted a large-scale ransomware attack on Mumbai’s municipal corporation in 2023.

    Globally, countries are enhancing their cyber resilience through collaborative frameworks. For instance, Israel’s Cyber Defence Authority has formed public-private partnerships to combat ransomware attacks while Singapore has launched cyber hygiene campaigns to raise public awareness about phishing and social engineering threats.

    Additionally, the Reserve Bank of India is focusing on adopting post-quantum cryptography to safeguard financial transactions against future quantum threats. This mirrors the efforts of organisations like NIST and Germany, which are developing new encryption standards. Furthermore, zero-trust security models are gaining traction worldwide. The U.S. federal government has mandated the implementation of zero-trust architectures across all agencies by 2024, establishing a global benchmark that India’s 5G telecom operators are beginning to follow.

    Securing the Future Through Global

    Collaboration and Innovation

    The rapid adoption of AI, 5G, and Quantum Computing presents transformative potential but also introduces unprecedented cybersecurity risks. India’s experiences with AI-driven fraud, IoT vulnerabilities, and power grid attacks exemplify broader global challenges. As these technologies converge, countries must implement AI-based threat detection, quantum-safe encryption, and zero-trust frameworks to enhance cyber resilience.

    India’s efforts to secure its critical infrastructure align with global initiatives. Collaborative frameworks, such as those between the National Critical Information Infrastructure Protection Centre (NCIIPC) and private sector companies in India, reflect similar efforts in countries like the US, Japan, and South Korea, where public-private partnerships are vital for managing cyber risks. As cyber threats become increasingly sophisticated, global cooperation, regulation, and innovation will be essential for ensuring a secure digital future.

    By proactively addressing evolving threats and embracing post-quantum cryptography, AI-driven security solutions, and robust 5G frameworks, India and other nations can safeguard their digital ecosystems. In an interconnected world, the ability to adapt proactively will determine the security and sustainability of the digital economy for years to come.

    Recommendations for India

    As India accelerates its digital transformation with AI, 5G, and quantum technologies, it must implement robust cybersecurity measures to mitigate evolving risks. AI-powered platforms can provide real-time threat detection and prevention; however, attackers leverage AI to launch increasingly sophisticated cyber threats. To stay ahead, India needs to develop AI-based cyber intelligence platforms across critical sectors such as government, healthcare, and banking. Maharashtra’s success in employing AI to prevent ransomware attacks in Mumbai’s municipal network demonstrates the potential for scaling such initiatives nationwide. Furthermore, India can collaborate internationally with the EU, which promotes similar AI-based cyber defence through its Horizon 2020 programme.

    The rapid deployment of 5G and IoT networks in India is transforming sectors such as healthcare and smart cities, but it also expands the attack surface. Implementing strong IoT security protocols, secure-by-design frameworks, and zero-trust models will be essential for safeguarding these interconnected networks. India has experienced incidents involving attacks on IoT medical devices, such as the ventilator incident at a Delhi hospital, highlighting the urgent need for stronger controls. Globally, Japan’s IoT security guidelines, effectively applied during the Tokyo Olympics, provide a valuable model that India can adopt to mitigate risks.

    Quantum computing poses another significant challenge, as it has the potential to compromise existing encryption methods, putting sensitive data at risk. India must accelerate efforts to adopt post-quantum cryptography and develop quantum-safe communication systems, particularly in the defence and financial sectors. India’s recent success in Quantum Key Distribution (QKD) experiments conducted by ISRO offers a promising foundation for secure communication. By learning from global initiatives such as NIST’s development of post-quantum encryption standards, India can align its research and regulatory efforts to protect its critical infrastructure against future threats.

    Public-private partnerships are essential for ensuring cyber resilience in India. Strengthening collaboration between the National Critical Information Infrastructure Protection Centre (NCIIPC) and private sectors—such as telecommunications and energy providers—can significantly enhance the country’s ability to prepare for cyber attacks. Establishing information-sharing networks across different industries will help create a cooperative defence ecosystem. A noteworthy example for India to consider is the successful defence model of Israel’s Cyber Defense Authority, which utilises public-private collaboration to combat ransomware attacks.

    In addition, increasing cyber awareness and capacity-building programmes is crucial. Implementing public campaigns to educate citizens about phishing and social engineering attacks, along with integrating cybersecurity training into educational institutions, will cultivate a skilled workforce capable of mitigating risks. Similar initiatives in Singapore, where ongoing public education has led to a reduction in cybercrime, could serve to inspire India’s national strategy. Indian banks have already made some progress in decreasing phishing incidents through customer education, emphasising the importance of raising public awareness.

    India also needs to establish regulatory frameworks for emerging technologies. Developing governance policies for the ethical deployment of artificial intelligence (AI) and establishing quantum research hubs will help ensure that innovation is balanced with security. This aligns with international initiatives such as the EU’s AI Act and the OECD’s AI principles, which aim to create global standards for the responsible use of AI.

    To secure critical infrastructure, adopting zero-trust models is vital for preventing cascading failures across interconnected systems like power grids, transportation, and financial networks. The 2021 Mumbai power grid incident highlighted the risks associated with such attacks. By implementing zero-trust architectures in public infrastructure, along with prompt incident response protocols, India can better contain potential disruptions. The U.S. federal government serves as a model, as it has mandated zero-trust frameworks for all agencies, ensuring tighter control over sensitive systems.

    Global cooperation will be crucial to India’s cybersecurity initiatives. Strengthening India’s participation in international alliances, such as the Global Forum on Cyber Expertise (GFCE), will enhance collaboration on artificial intelligence (AI) and quantum standards. As leading nations like the United States, European Union, and Japan work together on 5G and post-quantum security initiatives, India must position itself as a proactive partner in these global discussions. In conclusion, India’s ambition to become a global leader in AI, 5G, and quantum technologies requires a forward-thinking cybersecurity strategy. By implementing AI-driven threat detection, post-quantum encryption, zero-trust frameworks, and fostering public-private partnerships, the nation can safeguard its critical infrastructure and digital economy from emerging threats. Global collaboration, ongoing innovation, and comprehensive capacity-building programmes will further strengthen India’s resilience against new cyber challenges. By taking proactive measures and aligning with global best practices, India can build a secure and sustainable digital future.             

  • Cybercrime Rok Foundation

    Cybercrime Rok Foundation

    An Initiative to Educate Citizens on Cybercrimes

    Cybercrime Rok Foundation is a registered Trust under the Mumbai Public Trust Act. We received our registration certificate in August 2024. Previously known as “Cybercrime Rok,” the Foundation was established in 2012 by Shailesh Jaria and Vinith Jain with the mission of raising awareness among millions of mobile and internet users on how to stay safe online and protect themselves from various cybercrimes.

    Our aim is to educate the public about the dangers of cybercrimes such as email hacking, phishing, smishing, vishing, online frauds, credit/debit card frauds, shopping frauds, fake online lotteries, identity theft, cyberstalking, harassment, cyberterrorism, and more. We focus on helping individuals understand how cybercriminals exploit the lack of awareness and use advanced technology to target victims.

    Since our launch, Cybercrime Rok Foundation has conducted over 1,000 free seminars across India, including in Maharashtra, Gujarat, Rajasthan, Uttar Pradesh, Goa, Delhi, Punjab, and more. These seminars have been held in schools, colleges, universities, NGOs, government institutions, and corporate offices. Our efforts have earned us recognition from World Record India for our outreach and commitment to raising awareness about cyber threats.

    Our Seminars

    We offer customised seminars based on the audience’s age group, ranging from 2 to 6 hours in length. During these sessions, we focus on educating attendees about the most common cybercrimes affecting their demographic, including scams, hacking, frauds, and identity theft. In addition, we discuss the psychological effects of excessive internet use, such as depression, emotional distress, online addiction, and the negative impact of fake publicity and social comparison.

    Over the past 12 years, the CYBERCRINE ROK Foundation has conducted over 1,000 free seminars
    and training programmes on Cybercrime Awareness in more than 10 States across India

    Our seminars aim to empower individuals with practical knowledge to recognise, avoid, and

    report cybercrimes. Topics covered include:

    • How to identify and protect yourself from cybercrimes
    • Steps to report cybercrimes effectively
    • How to stay safe online
    • Cybercrime-related laws and how to ensure data privacy

    We also offer tailored workshops for specific issues like cyberbullying, sextortion, and scams targeting senior citizens.

    Common Cybercrimes and Safety Measures

    Email Hacking

    Email hacking occurs when a cybercriminal gains unauthorised access to your email account using methods like keyloggers, phishing, or smishing. Once compromised, all your personal information— including emails, contacts, photos, and social media accounts—can be exposed.

    Safety Measures

    • Enable two-factor authentication for your email account.
    • Be cautious of unsolicited emails or requests to update passwords.
    • Over the past 12 years, the CYBERCRINE ROK Foundation has conducted over 1,000 free seminars and training programmes on Cybercrime Awareness in more than 10 States across India
    • Use strong, unique passwords and avoid reusing passwords across accounts.
    • Regularly review your email activity and avoid using password managers that store sensitive data.

    Phishing

    Phishing is an attack where cybercriminals trick you into disclosing sensitive information (like passwords or credit card details) by pretending to be legitimate organisations. Phishing can also lead to malware installation or data theft.

    Safety Measures

    • Always verify the sender of emails or messages before clicking on links or providing any personal information.
    • Use anti-phishing tools and software to protect against malicious attacks.
    • Be cautious when receiving unsolicited messages that offer deals or create a sense of urgency.

    Smishing and Vishing

    • Smishing: Phishing via SMS, often with fraudulent offers or urgent messages asking you to update your account or personal details.
    • Vishing: Voice-based phishing, where attackers call to impersonate legitimate organisations and steal your personal or financial information. Safety Measures
    • Avoid responding to unsolicited messages or calls.
    • Never share personal details or financial information over the phone or through text messages.
    • Verify the authenticity of any offers or updates by directly contacting the company or institution.

    Electricity Bill Payment Scams

    In this scam, criminals send fraudulent SMS messages claiming that your electricity bill is unpaid and demanding immediate payment to avoid power disconnection.

    Safety Measures

    • Ignore any unsolicited messages from unknown numbers claiming to be from the power company.
    • Always pay your electricity bill through official channels and verify any overdue notices directly with the utility provider.
    • Remember that power companies will never ask for payment through text messages or phone calls.

    Credit/Debit Card Fraud

    This type of fraud occurs when unauthorised individuals gain access to your credit or debit card information and use it for fraudulent purchases. Common methods include card cloning, skimming, and phishing.

    Safety Measures

    • Always monitor your bank statements and card notifications.
    • Use mobile apps to lock your card and set spending limits for additional security.
    • Avoid using public Wi-Fi to make online transactions.
    • If you suspect fraud, immediately report it to your bank and block your card.

    Sextortion

    Sextortion is a form of blackmail where criminals coerce victims into sharing explicit photos or videos under threat of exposing them online.

    Safety Measures

    • Never share explicit images or videos, even with people you trust online.
    • Be cautious of strangers who ask for private or personal content during video calls.
    • Report any incidents of sextortion to the authorities and avoid paying any money to settle the matter.

    Important Resources and Websites

    • Cybercrime Helpline: Call 1930 for immediate assistance with cybercrime complaints.
    • File a Complaint: Submit complaints online at cybercrime. gov.in.
    • StopNCII.org: A free resource to support victims of non-consensual intimate images.
    • TAFCOP: Use TAFCOP to check the number of mobile connections issued in your name.
    • Have I Been Pwned: Check if your email has been compromised at haveibeenpwned.com.
    • DND Service: Activate the Do Not Disturb (DND) service by sending an SMS to 1900 by typing “START0”
    • Virus Total: Scan and check files for viruses at virustotal.com.

    Cybercrime Rok Foundation is committed to educating individuals and organisations about the risks of cybercrime and providing tools and knowledge to protect against them. We believe that by empowering people with the right information, we can create a safer online environment for all.

  • Navi Mumbai Cyber Yodha: By the People, For the People

    Navi Mumbai Cyber Yodha: By the People, For the People

    Signing of MOU with CP Shri Milind Bharambe IPS, Jt CP Shri Yenpure IPS, Addl CP (Crime) Shri Deepak Sakore IPS, and Navi Mumbai Cyber Yodha team members

    During the pandemic in 2020-21, when we were all forced to go online, digital transactions surged significantly, including the transition to remote work. We are now experiencing what can be termed a “SCAMDEMIC,” negatively impacting all segments of society.

    Citizens are being defrauded due to greed, fear, and a lack of awareness about cybersecurity. Regular education on cyber hygiene, explained in simple terms, is crucial at this time.

    To implement effective preventive measures, a group of industry professionals dedicated to raising cybersecurity awareness among the citizens of Navi Mumbai came together in September 2021. They informally established the Navi Mumbai Cyber Yodha (NMCY) to promote cybersecurity awareness, especially for the elderly, educational institutions, and to assist the Navi Mumbai Police with various technical challenges and training, all on a pro bono basis.

    The group currently consists of 15 Information Technology and Cyber Security experts who permanently reside in Navi Mumbai.

    The NMCY gained further strength when Sh. Ahmad Javed, IPS (Retd), former Commissioner of Police for Navi Mumbai and Mumbai, and former Ambassador of India to Saudi Arabia, agreed to join us as the Chief Mentor.

    In February 2024, several NMCY members met with the Navi Mumbai Commissioner of Police, Shri Milind Bharambe, IPS, who is known to be tech-savvy. After an extensive discussion, it was decided that both groups would collaborate in a structured manner with a defined scope of work. A Memorandum of Association (MoA) was signed between NMCY and the Navi Mumbai Police Commissionerate to ensure continued collaboration despite potential transfers of senior police officers.

    Navi Mumbai Cyber Youth (NMCY) was officially launched in June 2024 through an internal Memorandum of Understanding (MoU). On August 14, 2024, a formal MoU was signed with the Navi Mumbai Police Commissionerate.

    Since then, NMCY has closely collaborated with Shri Milind Bharambe, IPS, the Commissioner of Police, and his team, including Senior Inspector Shri Gajanan Kadam, head of the Navi Mumbai Cyber Crime Police Station. Their efforts began in March and focus on several key areas:

    1. Cybersecurity Advisory and Consultancy: Providing guidance to the Navi Mumbai Police Department regarding cybersecurity issues.
    2. Training: Offering workshops, seminars, and training sessions aimed at enhancing the skills of police officers.
    3. Awareness Campaigns: Educating residents of Navi Mumbai—especially citizens, students, and senior citizens—about the importance of cybersecurity and best practices for protecting against cyber threats.
    4. Collaboration: Building a network of cybersecurity professionals to share knowledge, collaborate on security initiatives, and address cybersecurity challenges.
    5. Cyber Hygiene: Encouraging good cyber habits to prevent common security breaches and attacks.

    In collaboration with CDAC Kharghar and Pune, a two-day training session on drones, antidrones, and awareness of DGCA rules was organised for the Navi Mumbai Police.

    To promote cyber awareness, a WhatsApp channel was launched on August 14, 2024, by the Navi Mumbai Police. NMCY is contributing to content creation alongside CDAC and other digital marketing organisations, ensuring that cybersecurity information is available in regional languages for citizens.

    Cyber awareness sessions are being planned for Cooperative Housing Societies throughout Navi Mumbai. NMCY, in partnership with the Cyber Crime Police Station, has also started hosting sessions via the Navi Mumbai Police Facebook Live Utility on weekends—either Friday or Saturday evenings at 8 PM. Recordings of these sessions will be made available for future viewing.

    NMCY is currently accepting a limited number of interns from colleges in Navi Mumbai.

    Future Plans (To assist in):

    Introducing blockchain or another mechanism as additional security for the Evidence Management System.

    Implementing a Drone Training and Research & Development Centre in Navi Mumbai.

    Establishing a basic standalone Cyber Forensic Lab for the Commissionerate.

  • The Dark Web: A Whole New World! -Ivor Vaz

    The Dark Web: A Whole New World! -Ivor Vaz

    The dark web is a small, less accessible part of the deep web, and makes up a tiny portion of the World Wide Web. To access the dark web, users need to install a private browser like Tor, use a Virtual Private Network (VPN), and use search engines designed to find hidden sites. And since users cannot be tracked or monitored, the dark web is often used for illegal purposes.

    “There’s a compounding and unravelling chaos that is perpetually in motion in the dark web’s toxic underbelly,” says James Scott, Senior Fellow, Institute for Critical Infrastructure Technology.

    The dark web refers to a hidden part of the internet not indexed by regular search engines and requires specialised browsers like Tor to access. It hosts both legal and illegal activities, offering anonymity but also posing risks like scams and illicit content.

    The Internet is vast, comprising millions of web pages, databases, and servers that operate 24 hours a day. However, the portion known as the ‘visible’ Internet—also referred to as the surface web or open web— consists of sites that can be accessed through search engines like Google and Yahoo. This represents only the tip of the iceberg.

    There are several terms surrounding the non-visible Web, but it is worth knowing how they differ if you are planning to browse off the beaten path.

    The Surface Web or Open Web

    The open web, or surface web, is the visible surface layer. If we continue to visualise the entire web like an iceberg, the open web would be the top portion above the water. From a statistical standpoint, this collective of websites and data make up under 5% of the total internet.

    All commonly public-facing websites accessed via traditional browsers like Google Chrome, Internet Explorer, and Firefox are contained here. Websites are usually labelled with registry operators like ‘.com’ and ‘.org’ and can be easily located with popular search engines.

    Locating surface web websites is possible because search engines can index the web via visible links (a process called ‘crawling’ due to the search engine travelling the web like a spider).

    The Deep Web

    The deep web lies beneath the surface web and makes up approximately 90% of all websites. It can be compared to an iceberg, with the bulk hidden below the water’s surface and much larger than what is visible above. This hidden web is so vast that it’s impossible to determine exactly how many pages or websites are active at any given moment.

    Carrying on with the analogy, big search engines could be considered

    like fishing boats that can only ‘catch’ websites close to the surface. Everything else, from academic journals to private databases and more illicit content, is out of reach. This deep web also includes the portion that we know as the dark web.

    While many news outlets use ‘deep web’ and ‘dark web’ interchangeably, much of the deep portion is perfectly legal and safe. Some of the largest parts of the deep web include:

    • Databases: Public and privately protected file collections that are not connected to other areas of the web, only to be searched within the database itself.
    • Intranets: Internal networks for enterprises, governments, and educational facilities used to communicate and control aspects privately within their organisations.

    If you are wondering how to access the deep web, chances are you already use it daily. The term ‘deep web’ refers to all web pages that are unidentifiable by search engines. Deep websites may be concealed behind passwords or other security walls, while others tell search engines not to ‘crawl’ them. Without visible links, these pages are hidden for various reasons.

    On the larger deep web, its hidden content is generally cleaner and safer. Everything from blog posts in-review and pending web page redesigns, to the pages you access when you bank online, are part of the deep web. Furthermore, these pose no threat to your computer or safety at large. Most of these pages are kept hidden from the open web to protect user information and privacy, such as:

    • Financial accounts like banking and retirement
    • E-mail and social messaging accounts
    • Private enterprise databases
    • HIPPA sensitive information like medical documentation
    • Legal files

    Exploring the deep web can present significant dangers. However, for some users, certain areas of the deep web provide a means to bypass local restrictions and access television or movie services that may not be available in their region. Others go somewhat deeper to download pirated music or steal movies that are not yet in theatres.

    At the dark end of the web, you will find the more hazardous content and activity. Tor websites are located at this far end of the deep web, which are deemed the ‘dark web’ and are only accessible by an anonymous browser.

    Deep web safety is more relevant to the average internet user than dark web safety, as you could end up in dangerous areas by accident: many portions of the deep web can still be accessed in normal internet browsers. This is how users can travel through enough tangential pathways and end up on a piracy site, a politically radical forum, or viewing disturbingly violent content.

    The Dark Web

    The dark web refers to sites that are not indexed and only accessible via specialised web browsers. Significantly smaller than the tiny surface web, the dark web is considered a part of the deep web. Using our ocean and iceberg visual, the dark web would be the bottom tip of the submerged iceberg.

    The dark web, however, is a very concealed portion of the deep web that few will ever interact with or even see. In other words, the deep web covers everything under the surface that is still accessible with the right software, including the dark web.

    Breaking down the construction of the dark web reveals a few key layers that make it an anonymous haven:

    • No webpage indexing by surface web search engines. Google and other popular search tools cannot discover or display results for pages within the dark web.
    • Virtual traffic tunnels via a randomised network infrastructure.
    • Inaccessible by traditional browsers due to its unique registry operator. Also, it is further hidden by various network security measures like firewalls and encryption.

    The reputation of the dark web has often been linked to criminal intent or illegal content, and ‘trading’ sites where users can purchase illicit goods or services. However, legal parties have made use of this framework as well.

    When it comes to dark web safety, deep web dangers are very different from dark web dangers. Illegal cyber activity cannot necessarily be stumbled upon easily but tends to be much more extreme and threatening if you do seek it out. Before we unpack the dark web’s threats, let us explore how and why users access these sites.

    How to Access the Dark Web

    The dark web was once the province of hackers, law enforcement officers, and cybercriminals. However, new technology like encryption and the anonymisation browser software, Tor, now makes it possible for anyone to dive dark if they are interested.

    Tor (The Onion Routing) network browser allows users to access websites with the ‘Onion’ domain. This browser is a service originally developed in the latter part of the 1990s by the United States Naval Research Laboratory.

    Understanding that the nature of the internet meant a lack of privacy, an early version of Tor was created to hide spy communications. Eventually, the framework was repurposed and has since been made public in the form of the browser we know today. Anyone can download it free of charge.

    Think of Tor as a web browser like Google Chrome or Firefox. Notably, instead of taking the most direct route between your computer and the deep parts of the web, the Tor browser uses a random path of encrypted servers known as nodes. This allows users to connect to the deep web without fear of their actions being tracked or their browser history being exposed.

    Sites on the deep web also use Tor (or similar software such as I2P, the ‘Invisible Internet Project’) to remain anonymous, meaning you will not be able to find out who is running them or where they’re being hosted.

    Is it illegal to go on the dark web?

    In simple terms, it is not illegal to access the dark web. Some uses are perfectly legal and support the value of the dark web. On the dark web, users can seek out three clear benefits from its use:

    • User anonymity
    • Virtually untraceable services and sites
    • Ability to take illegal actions for both users and providers

    As such, the dark web has attracted many parties who would otherwise be endangered by revealing their identities online. Abuse and persecution victims, whistleblowers, and political dissidents have been frequent users of these hidden sites. But of course, these benefits can be easily extended to those who want to act outside the constraints of laws in other explicitly illegal ways.

    When viewed through this lens, the dark web’s legality is based on how you as a user engage with it. You might fall to the wayside of legal lines for many reasons that are important for the protection of freedom. Others may act in ways that are illegal for the protection and safety of others. Let us unpack these concepts of the ‘dark web browser’ and the websites themselves.

    Is ‘Tor’ Illegal to Use?

    On the software end, Tor and other anonymised browsers are not strictly illegal. These supposedly dark web browsers are not tethered exclusively to this portion of the internet. Many users now leverage Tor to browse the public Internet and the deeper parts of the web privately.

    The privacy offered by the Tor browser is important in the current digital age. Corporations and governing bodies alike currently participate in unauthorised surveillance of online activity. Some do not want government agencies or Internet Service Providers (ISPs) to know what they are looking at online, while others have little choice. Users in countries with strict access and user laws are often prevented from accessing even public sites unless they use Tor clients and virtual private networks (VPNs).

    However, you can still take illegal actions within Tor that could incriminate you regardless of the browser’s legality. You could easily use Tor in an attempt to pirate copyrighted content from the deep web, share illegal pornography, or engage in cyber terrorism. Using a legal browser will not make your actions fall to the right side of the law.

    Are Sites on the Dark Web Illegal to Use and Visit?

    On the network end, the dark web is a bit more of a grey area. The use of the dark web usually means that you are attempting to engage in an activity that you could not otherwise carry out in the public eye.

    Government critics and outspoken advocates fear backlash if their real identities are discovered. Those who have endured harm at the hands of others may not want their attackers to discover their conversations about the event. If an activity is deemed illegal by the governing bodies you fall under, it would be unlawful.

    While anonymity has its benefits, it also has a darker side. Criminals and malicious hackers often prefer to operate in secrecy. For instance, cyberattacks and trafficking are activities that those involved know are illegal and could lead to severe consequences. Consequently, they turn to the dark web to conceal their actions.

    Browsing the dark web is not illegal, but it can pose certain risks. While not illegal, there are many areas on the dark web where unsavoury activities take place, which can expose inexperienced users to unnecessary dangers. It is important to exercise caution or have the knowledge and skills necessary to navigate its threats. So, what are the primary uses of the dark web when it comes to illegal activities?

    Types of Threats on the Dark Web

    If you are considering using the dark web for basic privacy purposes, you might still question: Is the dark web dangerous to use?

    Unfortunately, it can be a dangerous place to be. Below are some common threats you may face during your browsing experiences:

    Malicious Software

    Malicious software — i.e. malware — is fully alive all across the dark web. It is often offered in some portals to give threat actors the tools for cyber attacks. However, it also lingers all across the dark web to infect unsuspecting users just like it does on the rest of the web.

    The dark web does not carry as many social contracts that website providers follow to protect users on the rest of the web. As such, users can find themselves regularly exposed to some types of malware like:

    • Keyloggers
    • Botnet malware
    • Ransomware
    • Phishing malware

    If you choose to pursue exploring any sites on the dark web, you put yourself at risk of being singled out and targeted for hacks and more. Most malware infections can be caught by your endpoint security programmes.

    The threats of online browsing can extend into the unplugged world if your computer or network connection can be exploited. Anonymity is powerful with Tor and the framework of the dark web, but it is not infallible. Any online activity can carry breadcrumbs to your identity if someone digs far enough.

    Government Monitoring

    With many Tor-based sites being overtaken by police authorities across the globe, there is a clear danger of becoming a government target for simply visiting a dark website.

    Illegal drug marketplaces like the Silk Road have been hijacked for police surveillance in the past. Utilising custom software to infiltrate and analyse activity has allowed law officials to discover the user identities of patrons and bystanders alike. Even if you never make a purchase, you could be watched and incriminate yourself for other activities later in life.

    Infiltrations can put you at risk of monitoring for other types of activity as well. Evading government restrictions to explore new political ideologies can be an imprisonable offence in some countries. China uses what is known as the ‘Great Firewall’ to limit access to popular sites for this exact reason. The risk of being a visitor to this content could lead to being placed on a watchlist or immediate targeting for a jail sentence.

    Scams

    Some alleged services like professional hitmen may be scams designed to profit from willing customers. Reports have suggested the dark web offers many illegal services – from paid assassinations to trafficking for sex and weapons.

    Some of these are well-known, established threats that circulate in this nook of the web. However, others may take advantage of the dark web’s reputation to trick users out of large sums of money. Also, some users on the dark web may attempt phishing scams to steal your identity or personal information for extortion.

    End-user Protection Against Exploitation by the Dark Web

    Regardless of being a business, parent, or any other web user, you ought to take precautions to keep your information and private life off the dark web.

    Identity theft monitoring is critical to keep your private information from being misused. All types of personal data can be distributed online for a profit. Passwords, physical addresses, bank account numbers, and social security numbers circulate on the dark web. You may already be aware that malicious actors can use these to harm your credit, engage in financial theft, and breach your other online accounts. Leaks of personal data can also damage your reputation via social fraud.

    Antimalware and antivirus protections are equally crucial to prevent malicious actors from exploiting you. The dark web is filled with information theft from malware-infected users. Attackers can use tools like keyloggers to gather your data, and they can infiltrate your system on any part of the web. Endpoint security programmes like Kaspersky Security Cloud are comprehensive to cover both identity monitoring and antivirus defences.

    How to Access the Dark Web Safely

    If you have a legitimate or viable need to access the dark web, you will want to ensure you stay safe if you decide to use it.

    Seven Tips for Safe Access to the Dark Web

    1. Trust your intuition. To avoid being scammed, you will want to protect yourself with smart behaviour on the web. Not everyone is who they seem. Staying safe requires being careful who you talk to and where you visit. You should always take action to remove yourself from a situation if something does not feel right.
    2. Detach your online persona from real life. Your username, email address, real name, password, and credit card should never be used anywhere else in your life. Create brand-new throwaway accounts and identifiers for yourself if necessary. Acquire prepaid, unidentifiable debit cards before making any purchases. Do not use anything that could be used to identify you — whether online or in real life.
    3. Employ active monitoring of identity and financial theft. Many online security services now offer identity protection for your safety. Be sure to use these tools if they are available.
    4. Explicitly avoid dark web file downloads. Fear of malware infection is significantly higher in the lawless territory of the dark web. Real-time file scanning from an antivirus programme can help you check incoming files in case you download them.
    5. Disable ActiveX and Java in any available network settings. These frameworks are notorious for being probed and exploited by malicious parties. Since you are travelling through a network filled with said threats, you will want to avoid this risk.
    6. Use a secondary non-admin local user account for all daily activities. The native account on most computers will have full administrative permissions by default. Most malware must take advantage of this to execute its functions. As such, you can slow or halt exploitation by limiting the account to strict privileges.
    7. Always restrict access to your Tor-enabled device. Protect your children or other family members so they are not at risk of stumbling across something no one should see. Visit the deep web if you are interested, but do not let kids anywhere near it.
  • An In-Depth Guide About The Dark Web

    An In-Depth Guide About The Dark Web

    The dark web includes websites not indexed by search engines, allowing for potential anonymity. The dark web is not the same thing as the deep web. Frankly, the dark web is only a tiny fraction of the deep web, which contains mostly benign sites, such as password-protected E-mail accounts, certain parts of paid subscription services like Netflix, and sites accessible only through online forms. Both are highly effective sources of mass media.

    The identities of dark web site visitors are hidden by anonymising software on their computers, which dark web networks require for access. Each dark web site URL ends with a domain-name extension associated with the software necessary for its use (e.g., ‘.onion’ for The Onion Router ‘Tor’ network). While all software used to enter the dark web operates differently, the common principle is that encrypted data is rerouted through the computers of other users running the same programme, thereby disguising the data’s origin and destination.

    The earliest form of the modern dark web arose in March 2000 when Irish student Ian Clarke developed and released Freenet, which offers anonymous online communication via a decentralised network of Freenet’s users. However, the software that popularised the dark web is The Onion Router (Tor), which launched on September 20, 2002. The Naval Research Laboratory of the U.S. government created Tor for members of the intelligence community to use the Internet without the risk of being identified. To prevent this anonymising software from being restricted to a single intelligence agency, the U.S. government made Tor open source in 2004. Since then, it has funded the software’s maintenance through a nonprofit organisation known as the Tor Project.

    As anticipated, the Tor anonymous network gained popularity among computer enthusiasts, privacy advocates, journalists, dissidents from repressive governments, and others seeking strict secrecy. At the same time, Tor became an effective shield for the illicit sale of heavily controlled goods, such as guns and drugs. The Tor network also gave hackers, terrorists, and distributors of illegal pornography a secure method of communication. The term dark web first appeared in print in a 2009 newspaper article describing these criminal applications.

    The rise of cryptocurrency, particularly Bitcoin, significantly increased the dark web’s use in illegal trade. Users could exchange funds online without sharing credit card numbers or other identifying information. In February 2011, Ross Ulbricht founded what is believed to be the dark web’s first black market, Silk Road. The U.S. Federal Bureau of Investigation (FBI) arrested Ulbricht in October 2013, but many larger imitators continue to emerge.

    In addition to traditionally forbidden trade, the dark web became a hub for the sale of stolen information. Credit card and social security numbers are routinely purchased, as are passwords for E-mail accounts—sometimes en masse. In March 2012, Russian hacker Yevgeniy Nikulin and three accomplices stole passwords for 117 million E-mail addresses from the social media company LinkedIn and then offered the data for sale on the dark web. In July 2016, passwords for roughly 200 million Yahoo! accounts appeared for sale.

    Not all mass data thefts facilitated by the dark web have been motivated by money. In 2013, US National Security Agency (NSA) contractor Edward Snowden, who was concerned about the extent of government surveillance, used Tor to coordinate with journalists on leaking 1.5 million classified government documents. The publicising of Snowden’s actions led to a global spike of interest in Tor, resulting in rapid expansion of the network’s user base.

  • Cyber Crimes Offences and Penalties in India – N Chandra Shekar

    Cyber Crimes Offences and Penalties in India – N Chandra Shekar

    Cybercrime Offences and Penalties in India

    Each year, the number of reported cybercrimes across the country continues to rise significantly. One of the biggest challenges in combating cybercrime in India has been the lack of awareness regarding cybersecurity practices. Even when crimes are reported to the authorities, the existing infrastructure and processes for addressing such cases are often inefficient. India has only recently begun to establish a comprehensive cybersecurity framework to protect its large internet user base, which is the second largest in the world.

    In 2018, the Ministry of Home Affairs in India established the Indian Cyber Crime Coordination Centre (I4C) as a framework to combat cybercrime. Subsequently, in 2019, the government launched the National Cybercrime Reporting Portal (NCRP) under the I4C initiative.

    Cybercrime is defined as any illegal activity that involves a computer, network, or electronic device. With the increasing digitisation of the world, cybercrimes have become very common. Most of these crimes aim to cause financial, reputational, or active harm through illicit electronic means. While strict laws and penalties exist to punish cybercriminals and protect internet users, it is equally important for internet users to be more vigilant in order to prevent many cybercrimes.

    Some common types of cybercrimes include:

    Hacking: Unauthorised access to a computer or network with the intent to cause harm. Hackers may steal data, install malware, or disrupt systems.

    Data Theft:

    Stealing sensitive information such as usernames, passwords, financial details, and trade secrets from computers or networks.

    Identity Theft:

    Misusing a person’s private information, including name, date of birth, address, and credit card details, to commit fraudulent activities.

    Cyberstalking:

    Using electronic devices or the internet to stalk or harass someone, which can include intimidating emails, text messages, or posts. Phishing and Fraud: Deceiving people into divulging sensitive information, such as bank details or passwords, through emails, texts, or fraudulent websites.

    Spreading Malware:

    Intentionally distributing viruses, worms, and Trojan horses to damage computers, networks, or steal data. Denial of Service Attacks: Overloading servers or networks to disrupt online services for legitimate users.

    Posting Illegal Content:

    Uploading or sharing obscene, defamatory, or hateful material online, which is prohibited under Indian laws.

    Cyber Terrorism:

    Using cyber means to threaten national security, incite public unrest, or spread terror.

    Cybercrime is on the rise in India as more individuals and businesses move online. To combat this issue, the Government has implemented strict laws and penalties for cybercriminals. The key piece of legislation is the Information Technology Act of 2000, which defines various cybercrimes and establishes penalties.

    In India, the legal framework for addressing cybercrimes is primarily outlined in several important laws and regulations.

    Overview of the Main Legal Provisions

    Information Technology Act, 2000 (IT Act) Section 66:

    Addresses computer related offences, including hacking, identity theft, and data theft. It provides penalties for unauthorised access to and destruction of data.

    Section 66A:

    Previously addressed cyber offences related to sending offensive messages through communication services, among others. However, it was struck down by the Supreme Court in 2015 for being unconstitutional. The IT Act still covers various cybercrimes under other sections.

    Section 67:

    Deals with the publication or transmission of obscene material in electronic form, imposing penalties for the dissemination of pornographic content.

    Section 69:

    Grants the government the authority to intercept, monitor, or decrypt information under certain circumstances.

    Section 72:

    Addresses breaches of confidentiality and privacy, making it an offence to disclose information acquired during employment without consent. Indian Penal Code, 1860 (IPC)

    Section 384:

    Covers extortion, including online extortion and threats made through digital platforms.

    Section 420:

    Addresses cheating and fraud, encompassing online scams and fraudulent activities.

    Section 469:

    Pertains to forgery and falsification of electronic documents.

    Section 471:

    Involves the use of forged documents, including electronic ones.

    Criminal Procedure Code, 1973 (CrPC):

    This code outlines the procedures for the investigation, arrest, and prosecution of cybercrimes. It includes provisions for obtaining digital evidence and conducting searches.

    National Digital Crime Resource and Training Centre (NDCRTC):

    This is a government initiative aimed at training law enforcement and other agencies in effectively managing cybercrimes and handling digital evidence.

    Cyber Crime Investigation Cells:

    Many States have established dedicated cybercrime units within their police forces to focus on investigations and enforcement related to cybercrimes.

    Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021:

    These rules regulate intermediaries, such as social media platforms, requiring them to remove harmful content, implement grievance redressal mechanisms, and assist law enforcement agencies.

    Data Protection Laws:

    The Personal Data Protection Bill, 2023 (PDP Bill), although not yet enacted, is anticipated to provide a comprehensive framework for data protection, privacy, and the management of personal data, specifically addressing issues around data breaches and cybercrimes involving personal data.

    Cybersecurity Policies:

    Various policies and frameworks, such as the National Cyber Security Policy of 2013, aim to enhance cybersecurity infrastructure and response mechanisms.

    These provisions collectively address different aspects of cybercrime, including unauthorised access, data breaches, online fraud, and digital harassment. They establish a legal framework for investigating, prosecuting, and adjudicating offences related to cyber activities.

    Relevant Provisions under the Information Technology Act, 2000

    Objective and Application of the Act:

    The Information Technology Act, 2000 (IT Act) is a crucial piece of legislation in India that addresses various aspects of the digital domain, including cybercrimes. It was enacted to provide legal recognition to electronic transactions and to facilitate E-governance while considering concerns related to cybercrimes and data security.

    Objectives of the Act

    The primary aim of the Information Technology Act, 2000, is to establish a legal framework for electronic transactions and communications, ensuring their validity and security. Its objectives include:

    1. Facilitating E-commerce: The Act promotes ecommerce and electronic transactions by providing them with legal recognition.
    2. Data Protection: It addresses issues pertaining to data protection, privacy, and security within the digital space.
    3. Cybercrimes: The Act defines and penalises various cybercrimes, creating a legal basis for prosecution.
    4. Electronic Governance: It supports E-governance initiatives and provides a framework for the electronic maintenance of records.

    Application of the Act

    The Information Technology (IT) Act applies throughout India and to any offence or contravention committed outside India by any person. It encompasses:

    Persons: The Act applies to individuals, government entities, and businesses involved in electronic transactions.

    Electronic Records: It covers electronic records, digital signatures, and other forms of electronic data.

    Digital Signatures: The Act recognises digital signatures and affirms their legal validity.

    Salient Features of the Act The Information Technology Act of 2000 is a comprehensive piece of legislation in India that addresses various aspects of electronic transactions, data protection, and cybercrimes.

    Key Features of the Act Extraterritorial Jurisdiction: The Act extends its jurisdiction beyond national boundaries, allowing the regulation of activities that may occur outside India.

    Definition of Terms: Important terms such as cyber cafes, digital signatures, and electronic records are clearly defined under Section 2(1) for legal clarity and understanding.

    Validation of Electronic Contracts: Contracts made through electronic means are declared legally valid and protected under Section 10A.

    Legal Recognition of Electronic Transactions: The Act gives legal recognition to electronic records and digital signatures, making them equivalent to physical documents and handwritten signatures in most cases.

    Recognition of Digital Signatures: The Act acknowledges digital signatures and establishes methods for their authentication.

    Appointment of Controller and Powers: It includes provisions for appointing a Controller and specifies their powers.

    Recognition of Foreign Certifying Authorities: Foreign certifying authorities are acknowledged under Section 19 of the Act.

    Penalties for System Damage: The Act outlines penalties for damages inflicted on computer systems by individuals other than the system’s owner.

    Establishment of Appellate Tribunal: It provides for the creation of an Appellate Tribunal to address appeals from decisions made by the Controller or adjudicating officer Appeals can further be escalated to the High Court.

    Offences and Penalties: The Act defines various offences related to data and specifies the corresponding punishments for those offences.

    Intermediaries’ Liability Exemption: It outlines circumstances under which intermediaries are not held liable, even in cases of data privacy breaches.

    Cyber Regulation Advisory Committee: The Act establishes a committee to advise the Central Government on issues related to ecommerce and digital signatures.

    Procedure of Investigation and Trial (Chapter XI) under the Information Technology Act, 2000

    Investigation Procedure

    1. Search and Seizure: Authorised police officers, not below the rank of Inspector, can conduct searches and seize computers, devices, or data that are believed to be associated with cyber offences.
    2. Power to Issue Directives for Interception, Monitoring, or Decryption of Information: Government authorities are empowered to issue directives for monitoring, intercepting, or decrypting information through computers if it is deemed essential for national sovereignty or security.
    3. Appointment of Adjudicating Officer: The Central Government appoints Adjudicating Officers who are responsible for hearing and deciding on penalties for violations of the rules or regulations established under the Act.
    4. Forensic Laboratory: The Government is required to establish forensic laboratories to analyse and process digital evidence critical for investigations.
    5. Request for Information: Law enforcement officials or authorised officers have the authority to request any person to provide information or assist during investigations related to cyber offences.

    Trial Procedure

    Applicability of the Code of Criminal Procedure, 1973 (CrPC) (Section 78): The Code of Criminal Procedure, 1973, applies to all offences under the Information Technology Act unless otherwise specified.

    Court Jurisdiction: Cases under this Act fall within the jurisdiction of courts that are at least at the rank of a Metropolitan Magistrate or a Judicial Magistrate of the First Class.

    Procedure for Trials: Trials for offences committed under this Act are conducted in a manner similar to a summary trial, which helps expedite the legal process.

    Appellate Tribunal: Appeals from the orders issued by the Adjudicating Officer can be taken to the Cyber Appellate Tribunal, which has been established under this Act. This ensures there is a channel for higher level review and resolution.

    Burden of Proof: The burden of proof, whether to establish innocence or guilt, lies with the accused or the individual challenging the order issued by the Adjudicating Officer.

    Exemption from Liability of Intermediaries in Certain Cases (Section 79)

    Under this Section, intermediaries are not held liable for third party information, data, or communication links that they host or make available, regardless of other existing laws.

    Conditions for Exemption

    The exemption applies if:

    1. The intermediary’s role is solely to provide access to a communication system where third-party information is transmitted or temporarily stored.
    2. The intermediary does not initiate the transmission, choose the recipient, or modify the transmitted information.
    3. The intermediary performs its duties diligently and complies with the guidelines established by the Central Government.

    Exceptions to Exemption

    The exemption does not apply if:

    1. The intermediary has actively conspired, aided, abetted, or induced an unlawful act.
    2. After receiving notice from the appropriate government or its agency about the use of their resources for unlawful activities, the intermediary fails to promptly remove or disable access to such materials without tampering with evidence.

    Explanation: In this context, “third-party information” refers to any information handled by an intermediary in their role as an intermediary.

    The Information Technology Act in India serves to protect citizens against white-collar crimes and terrorist attacks. India enforces strict penalties for cybercrimes under this Act to punish offenders, deter potential criminals, and protect internet users

    In summary, the Information Technology Act outlines various cybercrimes and prescribes strict penalties—including imprisonment and fines—to address these issues. The goal is to mitigate the escalating problem of cybercrime in India.

  • The Changing Geolocation of Cybercrime Hotspots in India

    The Changing Geolocation of Cybercrime Hotspots in India

    According to a recent study by a start-up incubated at IIT Kanpur, Rajasthan’s Bharatpur and Uttar Pradesh’s Mathura have now overtaken Jharkhand’s Jamtara and Haryana’s Nuh as the notorious hotspots for cybercrime in India. The study revealed that the top 10 districts account for a staggering 80% of cybercrime across the country.

    What links Mathura in Uttar Pradesh, Bharatpur in Rajasthan, and Mewat in Haryana? These three districts create a triangle that is quickly becoming the new “Jamtara,” the Jharkhand city infamously known as India’s “phishing capital.” Certain areas in Nuh, particularly those bordering Bharatpur and Mathura, have emerged as significant centres for cybercrime. This region has gained infamy as the ‘new Jamtara,’ especially following extensive police raids that targeted 300 locations across 14 villages in Nuh. This operation, the largest against cybercrime in the area, involved 102 police teams and over 5,000 officers. The UP Police’s Cyber Cell also conducted investigations into approximately 400 cyber fraud cases in recent months, highlighting the prevalence of deepfake-based blackmail schemes in this ‘triangle.’

    The Future Crime Research Foundation (FCRF), another start-up incubated at IIT Kanpur, conducted a thorough analysis of cybercrime trends in India from January 2020 to June 2023. According to their findings, ten districts are responsible for 80% of reported cybercrime incidents in the country.

    Bharatpur district in Rajasthan is identified as the most cybercrimeprone region, accounting for 18% of reported incidents. Following closely is Mathura in Uttar Pradesh, responsible for 12%. Nuh in Haryana ranks third, contributing 11% to the nation’s cybercrime statistics. Notably, Jamtara district in Jharkhand, the backdrop for the Indian Netflix original series “Jamtara – Sabka Number Ayega,” which explores a phishing racket, now ranks fifth on this list.

    The FCRF study highlighted that while established cybercrime hubs remain significant threats, emerging hotspots require immediate attention and proactive measures from individuals and authorities. These new areas are experiencing a rise in various forms of digital criminal activity, often catching law enforcement agencies and the public off guard.

    Different regions exhibit unique patterns of online mischief. For instance, in Rajasthan, cyber tricksters use social engineering tactics for sextortion, while fraudsters crowd online marketplaces or pose as customer support on Google to execute their scams. Jharkhand sees a variety of scams, including one-time password deception, fake KYC processes, manipulation of utility bills, and misleading online quizzes. In Delhi, issues include loan app harassment, gift card traps, matrimonial fraud, and fake employment and investment schemes, while Bihar faces challenges related to phishing and unauthorised credit card transactions.

    The findings identify Bharatpur as the leading hotspot, accounting for 18% of cybercrimes. This prevalence is attributed to its proximity to major cities like Delhi and Jaipur, and limited job opportunities leading individuals to cybercrime as a side hustle. Mathura, a popular tourist destination with numerous financial transactions, also stands out, comprising 12% of cybercrime cases. Nuh follows closely with 11% of such cases. Its proximity to the national capital attracts both cybercriminals and potential victims. Deoghar accounts for 10%, largely due to the absence of adequate law enforcement resources. Jamtara, though now fifth with 9.6%, remains notorious for online fraud and phishing activities. Gurgaon, known as a corporate IT hub, represents 8.1% of cybercrime activity, drawing criminals in search of valuable data and money. Alwar, at 5.1%, serves as a transit point for scammers due to its convenient location between Delhi and Rajasthan. Bokaro and Karma Tand, both at 2.4%, face cyber threats due to limited resources and lack of digital education, while Giridih, at 2.3%, is an attractive spot for web crimes due to its remote location and minimal law enforcement presence.

    This analysis reveals several common factors that contribute to the vulnerability of these districts. Key elements include geographical proximity to major urban centres, limited cybersecurity infrastructure, socioeconomic challenges, and low digital literacy. These conditions increase residents’ susceptibility to cybercrimes such as online fraud and phishing.

    In the case of Bharatpur, the high cybercrime rate can be attributed to its proximity to major urban centres like Delhi and Jaipur, making it an attractive hub for cybercriminal activities. Additionally, a lack of awareness and digital literacy among the population further contributes to its vulnerability.

    Mathura, a prominent tourist destination, experiences a significant rate of cybercrime due to the financial transactions related to tourism, which makes it an appealing target for cybercriminals. The limited cybersecurity infrastructure and awareness among businesses and individuals exacerbate this issue.

    Nuh’s elevated cybercrime rate may be influenced by its closeness to the National Capital Region (NCR), which attracts both cybercriminals and potential victims. Socioeconomic challenges in the region may also drive individuals toward cybercrime as an illicit source of income.

    Deoghar, despite its relatively small size, struggles with cybercrime due to insufficient law enforcement resources and a lack of specialised cybercrime units. Moreover, limited digital literacy and awareness among the local population make them more susceptible to online scams.

    Jamtara is notorious as a hub for cybercriminal activities, particularly related to online fraud and phishing. The area has developed a culture of cybercrime with well-organised criminal networks operating within it.

    Gurgaon’s high cybercrime rate is influenced by its status as a major corporate and IT hub, attracting cybercriminals seeking valuable data or financial gains. Despite its economic affluence, disparities in digital literacy and cybersecurity awareness persist among Gurgaon’s diverse population.

    Alwar, located between Delhi and Rajasthan, serves as a potential transit point for cybercriminals due to its location. Limited cybersecurity infrastructure and awareness in smaller towns within the district contribute to their vulnerability.

    Bokaro’s cybercrime rate is linked to the absence of specialised cybercrime units and resources for law enforcement agencies, while economic challenges in the region may drive individuals toward cybercrime as an alternative source of income.

    Karma Tand’s cybercrime rate is influenced by its proximity to districts with higher cybercrime rates, facilitating the spread of such activities. Limited access to digital education and cybersecurity resources leaves the population susceptible to online fraud.

    Giridih, being relatively remote with a limited law enforcement presence, is an attractive location for cybercriminal operations. The lack of digital literacy and awareness further contributes to the local population’s vulnerability.

    Online financial fraud, including phishing and online scams, accounted for a staggering 77.41% of the total reported cybercrimes in India from January 2020 to June 2023, according to the FCRF report.

    The increase in such cases can be attributed to a complex interplay of factors such as low technical barriers that allow individuals with limited expertise to engage in cybercriminal activities using readily available hacking tools and malware.

    Inadequate Know Your Customer (KYC) and verification processes on online platforms enable criminals to create fake identities, making it challenging for law enforcement to trace them. Additionally, easy access to fake accounts and rented SIM cards on the black market allows criminals to operate anonymously, complicating tracking and prosecution efforts.

    Furthermore, the affordability of AIdriven cyberattack tools empowers criminals to automate and scale their attacks, increasing their efficiency. Virtual private networks (VPNs) also provide anonymity for cybercriminals, making it difficult for authorities to trace their online presence and location. The FCRF report also noted that unemployed or underemployed individuals are often recruited and trained by cybercrime syndicates, creating a growing pool of potential criminals.

    Financial frauds top the list of cybercrimes, accounting for 77.41% of all reported incidents. These fraudulent activities predominantly involve Internet Banking Fraud, including tactics such as debit/ credit card fraud, depository fraud, and vishing (impersonating reputable companies over calls to seek bank details and credit card numbers). Particularly alarming is the sharp increase in UPI fraud, which constitutes an astonishing 47.25% of all online financial crimes. Online and social mediarelated frauds are second on the list, making up 12% of incidents. These include acts like impersonation, cyberbullying, sexual harassment, and phishing.

    Cybercriminals in the country are targeting everyone, from ordinary citizens to the daughter of a prominent political leader. Particularly concerning is their use of technology—designed to simplify online payments, social media interactions, and shopping— to deceive and scam individuals. These criminals employ various tactics, such as creating fake online shopping portals, offering jobs instead of cash, and sending phishing links to extract money from unsuspecting victims.

    One prevalent form of cyber fraud involves online transactions on E-commerce sites and marketplaces. Fraudsters often monitor platforms like OLX, where people sell their products. They create fake accounts, sometimes posing as army personnel, and approach sellers with offers. In one recent incident, a woman named Harshita was trying to sell a second-hand sofa on OLX. She was contacted by a scammer who posed as a buyer. To establish legitimacy, the scammer initially transferred a small amount to her account. He then sent a QR code for her to scan, claiming it would authorise the full payment. Unfortunately, after she scanned the code, Rs 34,000 was debited from her account.

    Scammers from regions such as Mathura and Bharatpur often target individuals advertising the sale of second-hand motorcycles, cars, gadgets, and various everyday items. For instance, a retired bank manager was recently scammed out of Rs 5 Lakh after posting a month-old double-door refrigerator for sale for Rs 50,000. The fraudster, pretending to be an army man, initially deposited Rs 100 into the victim’s account to appear genuine. He then claimed he could not transfer the full payment due to being stationed near the border and asked the seller to scan the QR code he provided to complete the transaction. The exbanker ultimately lost Rs 5 Lakh after following the scammer’s instructions.

    Several gangs with similar tactics have been busted in these regions before. This tri-junction has become the new Jamtara, but it is even more notorious, expanding its operations beyond phone scams to exploit banking, social media profiles, and online marketplaces.

    Cyber experts report that cybercriminals are using fake SIM cards from distant states for their scams. In Mewat, scammers use SIM cards from Assam and Telangana, while in Jamtara, SIM cards come from West Bengal. During one investigation, over 14,000 fake numbers connected to Mewat were identified.

    New forms of scams and blackmail have emerged. In sextortion cases, scammers lure victims through links or video calls. A scammer may initiate a video call, record it, edit it with explicit content, and use it to blackmail the victim. Within seconds, the trap is set — the scammer displays ‘obscene’ images and accuses the victim of consuming pornography. First, they demand money directly. If the victim blocks them, the scammer switches to another number to continue harassing them. In the final stage, they impersonate law enforcement: pretending to be from the Delhi Police Cyber Crime Unit, they accuse the victim of distributing pornography and demand money to ‘resolve the case.’

    The police reported receiving over 100 cybercrime complaints in just two months. Scammers have also started superimposing their male targets’ faces onto explicit videos, then blackmailing them for sums ranging from Rs 5,000 to Rs 50,000. Some scammers speak fluent English to target affluent individuals in cities like Mumbai and Kolkata. Recently, a Lucknow businessman became a victim to a sextortion attempt. After accepting a woman’s friend request on social media, he received a brief WhatsApp video call from her, which she used to manipulate him. Minutes later, he was contacted and threatened to pay Rs 30 Lakh or have the recording released publicly.

    Scammers are also using SMS messages to trick people. Through offers like cashback, luxury hotel stays, and other rewards, victims are lured to a scratch card portal and defrauded. On social media platforms like Facebook, fraudsters use fake profiles and distress messages to solicit help, deceiving people and leading them into financial loss.

    As the magnitude of the problem continues to escalate, it has captured the attention of decisionmakers in Delhi. In a recent meeting, the Ministry of Home Affairs (MHA) urged States to take decisive action against these criminals. The Cybercrime Cell of the Home Ministry has also called upon citizens and cyber experts to volunteer in identifying, flagging, and reporting illegal and unlawful content, including child pornography, rape, terrorism, radicalisation, and anti-national activities.

    The white paper has highlighted the importance of understanding the key factors contributing to cybercrime in specific districts to design effective prevention and mitigation strategies. An analysis of the top 10 cybercrime hubs in India reveals several common factors that enhance their vulnerability. These include their geographical proximity to major urban centres, limited cybersecurity infrastructure, economic challenges, and low digital literacy levels.

    To reduce cybercrime rates in these districts and improve the overall cybersecurity landscape in India, it is crucial to address these factors through targeted awareness campaigns, enhanced law enforcement resources, and educational initiatives.

  • All Eyes On Accra As AfCFTA Gets Ready To Roll

    All Eyes On Accra As AfCFTA Gets Ready To Roll

    Ghana has fulfilled all its obligations towards the establishment and the setting up of the AfCFTA Secretariat in Accra, following its selection by the AU Assembly. A flagship project of the African Union’s Agenda 2063, the AfCFTAcreates a market of 1.2 billion people with a combined GDP of USD 3 trillion.

    GHANA PRESIDENT Nana AddoDankwaAkufo-Addo officially commissioned and handed over the Secretariat building of the African Continental Free Trade Area (AfCFTA) to the African Union Commission in Accra late last year.

    At a symbolic ceremony at the African Trade House, the President handed the keys to the Secretariat to MoussaFaki, Chairperson of the AU.He also handed a scroll, the symbol of authority, to the Secretary-General of the AfCFTA, WamkeleKeabetweMene, kickstarting Africa’s push to create the world’s largest integrated market that would boost the continent’s growth and bring prosperity for its 1.27 billion people.

    The Secretariat will house the offices of the AfCFTA Secretary- General and staff who would provide administrative support for the implementation of the AfCFTA Agreement brokered by the AU that requires member states that have signed unto the agreement to remove tariffs from 90% of goods to allow for free access to commodities, goods, and services across the continent.

    Akufo-Addo, in his remarks, pointed out that the coming into being of the AfCFTA was one of the most important decisions taken by the AU considering the low intra-regional trade between African nations.He noted that increased intra-regional trade would contribute to the continent’s quest to end endemic poverty and ensure the desired economic growth for Africa and its people. “The last part of the growth and prosperity that we seek will come from us trading more amongst ourselves…We in Ghana believable increasing trade is the surest way to deepen Regional integration,” he stressed. Akufo-Addo was optimistic that Africa’s new sense of urgency for

    GHANA PRESIDENT Nana AddoDankwaAkufo-Addo officially commissioned and handed over the Secretariat building of the African Continental Free Trade Area (AfCFTA) to the African Union Commission in Accra late last year. At a symbolic ceremony at the African Trade House, the President handed the keys to the Secretariat to MoussaFaki, Chairperson of the AU.He also handed a scroll, the symbol of authority, to the Secretary-General of the AfCFTA, WamkeleKeabetweMene, kickstarting Africa’s push to create the world’s largest integrated market that would boost the continent’s growth and bring prosperity for its 1.27 billion people. The Secretariat will house the offices of the AfCFTA Secretary- General and staff who would provide administrative support for the implementation of the AfCFTA Agreement brokered by the AU that requires member states that have signed unto the agreement to remove tariffs from 90% of goods to allow for free access to commodities, goods, and services across the continent. Akufo-Addo, in his remarks, pointed out that the coming into being of the AfCFTA was one of the most important decisions taken by the AU considering the low intra-regional trade between African nations.He noted that increased intra-regional trade would contribute to the continent’s quest to end endemic poverty and ensure the desired economic growth for Africa and its people.

    “The last part of the growth and prosperity that we seek will come from us trading more amongst ourselves…We in Ghana believable increasing trade is the surest way to deepen Regional integration,” he stressed.

    Akufo-Addo was optimistic that Africa’s new sense of urgency for economic integration would lay the foundation for an ‘Africa Beyond Aid’, and make the continent truly self-reliant.And with it, will come a rapid increase in the exchange of agricultural, industrial, financial, scientific and technological products, which he said, “will significantly enhance our economic fortunes as a continent create profit and provided opportunities for employment for the broad masses of Africans, particularly the youth.”

    “It will provide the vehicle for us to trade among ourselves in a more modern and sophisticated manner; it will offer a huge opportunity to exploit the abundant wealth and resources of our great continent for the benefit of all our people; and it will give us protection in how to deal with other trading blocks,” he added.

    The President also indicated that the coronavirus pandemic and the attendant disruption in the global supply chain had heightened the importance of the AfCFTA and reinforced the necessity for closer integration amongst countries “so that we can boost our mutual self-sufficiency, strengthen our economies, and reduce our dependence on external sources.”

    He appealed to member states who were yet to ratify the AfCFTA Agreement to do so before the AU’s next extraordinary Summit scheduled for December 2020 to pave way for the smooth commencement of trading from 2021 onwards.

    “We are now the world’s largest free trade area since the formation of the World Trade Organisation, and we must make it count,” he stressed.

    54 member states have signed unto the Agreement. But only 30 have so far approved its ratification.

    Akufo-Addo urged the AfCFTA Secretary-General to work towards building a strong, efficient and effective Secretariat, with the capacity to implement the various trade rules, in line with the text of the Agreement, to help build credibility, and reduce trade policy uncertainty in the continent.

    “The world is watching to see whether the Secretariat will, indeed, provide the springboard for Africa’s economic integration and rapid growth, and I am confident that, under your tenure, it will.Mr. Secretary-General, be rest assured of the firm support of the Government of Ghana for your work and activities,” he added.

    Akufo-Addo also commended the Nigeriene leader, MahamadouIssoufou, who is also the current Chair of ECOWAS, for the work he has done in championing the African Continental Free Trade initiative.

    He congratulated the South African President, Cyril Ramaphosa, current Chair of the Authority of the Assembly of the AU, for the benign, progressive guidance and supervision he has offered to make the handing over ceremony possible.

    A statement on behalf of South Africa President Cyril Ramaphosa, who is the Chairperson of the AU, was delivered on the occasion of the handover ceremony of the AfCFTA Secretariat. “On behalf of the African Union and the entire Continent, I express our profound gratitude to the Government and people of Ghana for generously offering the building and residences, which house the AfCFTA. This day is indeed a milestone and a strong affirmation of the vision of an integrated Africa, which was envisioned by the founding fathers of the OAU, including Kwame Nkrumah, 57 years ago. It is a fitting tribute that the AfCFTA Headquarters are being housed in Ghana.”

    “When successfully implemented, the AfCFTA will be a huge milestone towards the realisation of Agenda 2063, the Africa we want.As AU Chair, I also wish to assure you of the AU’s commitment to the successful implementation of the AfCFTA, as a practical contribution to economic development of Africa,” he added.

    AfCFTA Secretary-General WamkeleKeabetweMeme noted that Africa continued to be trapped in a colonial economic model, which required the aggressive implementation of the AfCFTA as a tool for effecting a fundamental structural transformation of Africa’s economy.

    “The AfCFTA is therefore a critical response to Africa’s developmental challenges. It has the potential to enable Africa to significantly boost intra Africa trade and to improve economies of scale through an integrated market.It has the potential to be a catalyst for industrial development, placing Africa on a path to exporting value-added products and improving Africa’s competitiveness both in its own markets and globally.It also sends a strong signal to the international investor community that Africa is open for business, based on a single rule-book for trade and investment,” he said.

    He thanked the government and the people of Ghana, for hosting the Secretariat and for providing world class facilities that will enable Africa to progress on the historic vision of achieving an integrated Africa.

  • African Continental Free Trade Area (AfCFTA)

    African Continental Free Trade Area (AfCFTA)

    The AfCFTA aims to boost intra-African trade by providing a comprehensive and mutually beneficial trade agreement among the member states, covering trade in goods, services, investment, intellectual property rights and competition policy.

    The African Continental Free Trade Area (AfCFTA) is a flagship project of Agenda 2063 of the African Union, Africa’s own development vision. It was approved by the 18th Ordinary Session of Assembly of Heads of State and Government, held in Addis Ababa, Ethiopia in January 2012, which adopted the decision to establish a Continental Free Trade Area. This is an initiative whose immediate implementation would provide quick wins, create impact on socio-economic development, and enhance confidence and the commitment of Africans as the owners and drivers of Agenda 2063. The AfCFTA aims at accelerating intra-African trade and boosting Africa’s trading position in the global market by strengthening Africa’s common voice and policy space in global trade negotiations.At the time of writing, 36 countries have ratified the AfCFTA agreement.

    The African Continental Free Trade Area (AfCFTA) will cover a market of 1.2 billion people and a gross domestic product (GDP) of USD 2.5 trillion, across all 55 member States of the African Union. In terms of numbers of participating countries, AfCFTA will be the world’s largest free trade area since the formation of the World Trade Organisation.It is also a highly dynamic market. The population of Africa is projected to reach 2.5 billion by 2050, at which point it will comprise 26% of what is projected to be the world’s working age population, with an economy that is estimated to grow twice as rapidly as that of the developed world.With average tariffs of 6.1%, businesses currently face higher tariffs when they export within Africa than when they export outside it. AfCFTA will progressively eliminate tariffs on intra-African trade, making it easier for African businesses to trade within the continent and cater to and benefit from the growing African market.Consolidating this continent into one trade area provides great opportunities for trading enterprises, businesses and consumers across Africa and the chance to support sustainable development in the world’s least developed region. ECA estimates that AfCFTA has the potential both to boost intra-African trade by 52.3% by eliminating import duties, and to double this trade if non-tariff barriers are also reduced. Located in Accra, Ghana, the African Continental Free Trade Area Secretariat is the administrative organ to coordinate the implementation of the AfCFTA. The Secretariat is responsible for convening meetings, monitoring and evaluating the implementation process and other duties assigned to it by the Committee of Senior Officials, Council of Ministers, and the Assembly of the African Union (AU).

    The Assembly of the AfCFTA is the highest decision-making organ of the AU, consisting of all AU Heads of State and Government. It has exclusive authority to adopt interpretations of this Agreement on the recommendation of the Council of Ministers, andprovides oversight and guidance on the AfCFTA. The Council of Ministers comprises Ministers for Trade of the State Parties. It will take decisions on all matters under the AfCFTA Agreement, and reports to the Assembly through the Executive Council of the AU. The AfCFTA Council of Minister is separate from the AU Ministers of Trade (AMOT). The Committee of Senior Trade Officials comprises Permanent Secretaries or other officials designated by State Parties. It is responsible for the development of programmes and action plans for the implementation of the AfCFTA Agreement.

    The Protocols of the AfCFTA Agreement establish various technical committees to assist with the implementation of the Agreement. They include the Trade in Goods Committee and Trade in Services Committee.