Safety on Social Media Platforms

Malaika Naidu

The most valuable resource today is not oil, water or fresh air – it’s data! An article in The Economist recently outlined just how valuable this resource is to organisations the world over. It’s alarming how data mining can influence people and hence dictate real events. Now answer this, where can one find unlimited, often unprotected, data?

Yes, Social Media.

What started off as platforms to engage with friends and peers has fast turned into a gateway for all sorts of transactions. Given that social media platforms are not strictly bound by age, almost everyone has an account on at least one such platform - Facebook, Twitter, Instagram, and LinkedIn being the Big Four.

Some still use it for mere entertainment, like a quick scroll through while you wait for your food at a café. But with the sheer reach of these platforms, many now use them as tools to increase or represent their businesses, thereby adding a whole new dimension to the user data now available through these websites/apps.

If you willingly share any valuable data about yourself or those in your life, then you have to be ready for those waiting to misuse it. Internet crime is seeing a marked shift from basic email-related crimes to social media crimes. These include identity theft, photo morphing, romance scams and of course, cyberbullying and cyber stalking! 

Cyberbullying and cyberstalking are becoming serious safety issues. The anonymity of the internet allows people to easily get away with saying or doing things that they probably won’t dare to do in real life. People go out of their way to create fake profiles solely for such purposes. This is why it’s important to connect and interact only with individuals you already know in real life or through trusted connections. However, your vulnerability on social media is not just in your hands.

Let’s assume you take all the required precautions to ensure that you don’t put any personal data on your Instagram account. You only upload photos of your photography. But then a friend of yours puts a photo of you and in the description mentions personal information about you – your birthday, your pet’s name or your parents’ names. Maybe even tags the location to your house. Now, all your effort to keep your personal data offline is slowly getting negated.

Some might ask, how bad can the damage from social media be? Do these crimes even require as much attention as say bank frauds?

Well, a recent report, called Social Media Platforms and the Cybercrime Economy, stated that cybercriminals are earning at least $3.25 billion per year from social media-enabled cybercrime, with the breakdown of earnings being close to:

  • Illegal pharmaceutical sales (i.e. prescription drugs) – $1.9 bn
  • Stolen data sales – $630 m
  • Financial fraud – $290 m
  • Crypto-mining malware – $250 m
  • Romance/dating fraud – $138 m

The crux of the issue is the ease with which cybercriminals can access data of millions of users, globally. We’ve said it often and we continue to stress on it – just as the internet has made our lives easier, faster and more convenient, so has it helped the criminals too! In fact, research states that one out of five large organisations is now potentially infected with malware distributed via social media. Nearly 40% of malware infections are linked to malvertising, add to that 30% that comes from malicious plug-ins and apps.

Yet, don’t worry. As always, you just need to do the basics and you will considerably reduce your vulnerability.

  • Keep your passwords long with mixed characters; change them regularly
  • Approach the internet with distrust – what you see online is rarely a representation of reality
  • If you can’t say it in front of your grandmother, don’t say it on social media
  • Always log out from others’ devices. Ideally, log out from your own phone/laptop too!
  • Regularly update your settings for privacy and content sharing
  • Just because you have connections, doesn’t mean you must accept the friend request
  • Use two-factor authentication!
  • Avoid sharing personal information that can be used against you

And please, if you do witness a cybercrime, report it! If someone you know is posting content that is against the platform’s policies, report! Internet safety is a community effort.

Do you have some safety practices that you would like to share?

Cyber Law: The Need for a Dedicated Field of Law

Malaika Naidu
WHAT IS CYBER LAW?

To be able to answer that question we must first understand the meaning of Law. Simply put, law encompasses the rules of conduct, that have been approved by the government, enforced over a certain territory, and must be obeyed by all persons within that territory. Violation of these rules will lead to government sanctions such as imprisonment or fine.

The term cyber or cyberspace signifies everything related to computers, the internet, data, networks, software, data storage devices (such as hard disks, USB disks etc) and even airplanes, ATM machines, baby monitors, biometric devices, bitcoin wallets, CCTV cameras, drones, gaming consoles, health trackers, medical devices, smart-watches, and more.

Thus, a simplified definition of cyber law is that it is the “law governing cyberspace”.

WHAT ABOUT CYBER CRIME?

An interesting definition of cyber-crime was provided in the “Computer Crime: Criminal Justice Resource Manual” published in 1989. According to this manual, cyber-crime covers the following:

  1. Computer Crime
    any violation of specific laws that relate to computer crime,
  2. Computer Related Crime
    violations of criminal law that involve knowledge of computer technology
  3. Computer Abuse
    intentional acts that may or may not be specifically prohibited by criminal statutes.

Any intentional act involving knowledge of computers or technology is computer abuse if any of the perpetrators gained and / or any of the victims suffered.

THE NEED FOR CYBER LAW

The first question that a student of cyber law will ask is whether there is a need for a separate field of law to cover cyberspace. Isn’t conventional law adequate to cover cyberspace?

Let us consider cases where so-called conventional crimes are carried out using computers or the Internet as a tool. Consider cases like spread of pornographic material, criminal threats delivered via email, websites that defame someone or spread racial hatred etc. In all these cases, the computer is merely incidental to the crime. Distributing pamphlets promoting racial enmity is in essence similar to putting up a website promoting such ill feelings.

Of course, it can be argued that when technology is used to commit such crimes, the effect and spread of the crime increases enormously. Printing and distributing pamphlets, even in one locality, are time consuming and expensive tasks while putting up a globally accessible website is very easy.

In such cases, it can be argued that conventional law can handle cyber cases. The Government can simply impose a stricter liability (by way of imprisonment and fines) if the crime is committed using certain specified technologies. A simplified example would be stating that spreading pornography by electronic means should be punished more severely than spreading pornography by conventional means.

Now here’s where it gets mind-numbing…

As long as we are dealing with such issues, conventional law would be adequate. The challenges emerge when we deal with more complex issues such as ‘theft’ of data. Under conventional law, theft relates to “movable property being taken out of the possession of someone”.

The General Clauses Act defines movable property as “property of every description, except immovable property”. The same law defines immovable property as “land, benefits to arise out of land, and things attached to the earth, or permanently fastened to anything attached to the earth”. Movement and possession are ideas in the real world, whereas data becomes fluid and intangible and is an element of the virtual world. However, with only these two definitions at hand, it can be concluded that the computer and by such extension data should be movable property.

Let us examine how such a law (Conventional Law) would apply to a scenario where ‘data is stolen’. Consider a personal computer on which some information is stored. Let us presume that some unauthorized person picks up the computer and takes it away without the permission of the owner. Has (s)he committed theft? Yes, in this case, it is theft.

Question is, theft of what? Theft of the computer? Of the data? Or theft of both?

A) COPYING DATA

Now consider that some unauthorized person simply copies the data from the computer onto his pen drive. Would this be theft? Presuming that the intangible data could be movable property, the concept of theft would still not apply as the possession of the data has not been taken away from the owner. The owner still has the ‘original’ data on the computer under their control. The ‘thief’ simply has a ‘copy’ of that data. In the digital world, the copy and the original are indistinguishable in almost every case.

B) TRUE POSSESSION OF DATA

Consider another illustration on the issue of ‘possession’ of data. Aria uses the email account aria@gmail.com for personal communication. Naturally, a lot of emails, images, documents, etc. are sent and received using this account. The first question is, who ‘possesses’ this email account? Is it Aria because she has the username and password needed to ‘login’ and view the emails? Or it is Google Inc because the emails are stored on their servers?

C) AUTHORISED ACCESS TO DATA

Another question would arise if some unauthorized person obtains Aria’s password. Can it be said that now that person is also in possession of the emails because he has the password to ‘login’ and view the emails?

D) MOBILITY AND JURISDICTION FOR DATA

Another legal challenge emerges because of the ‘mobility’ of data. Let us consider an example of international trade in the conventional world. Aryan purchases steel from a factory in China, uses the steel to manufacture nails in a factory in India, and then sells the nails to a trader in the USA. The various Governments can easily regulate and impose taxes at various stages of this business process.

Now consider that Aryan has shifted to an ‘online’ business. He sits in his house in Pune (India) and uses his computer to create pirated versions of expensive software. He then sells this pirated software through a website (hosted on a server located in Russia). People from all over the world can visit Aryan’s website and purchase the pirated software. Aryan collects the money using a PayPal account that is linked to his bank account in a tax haven country like the Cayman Islands.

It would be extremely difficult for any Government or Authority to trace Aryan’s activities.

It is abundantly clear that for such complexities, amongst many more, that conventional laws are inadequate and insufficient to say the very least.

What do you think? Share your views with us in the comments or DM us on our Social Platforms.

Math Money: A simple introduction to crypto-currencies

Math Money : A simple introduction to crypto-currencies

Crypto-currencies (bitcoin et al) have caught the attention of Governments, enforcement agencies, geeks and the general public.

This document provides a simple introduction to crypto-currencies and briefly introduces terms such as cryptography, hash functions, proof-of-work, digital signatures, mining, merkle root & tree, crypto-currency addresses and wallets.

This document is intended for the novice reader and may suffer from errors inherent when a complex topic is (over?) simplified.

Download the document (PDF: 164 KB) from:
https://asianlaws.org/docs/Math_Money.pdf

The ASCL ecosystem

When you enrol for a premium plus course with Asian School of Cyber Laws (CCI+, CFA+, IPCL+, CT+), you don't get just a course. You get the super-awesome ASCL experience:

1. Mentor
Each plus student is allotted a mentor for guidance through the course. Your mentor is available through email, google hangout and whatsapp. ASCL mentors are experts with 15+ years of solid real-world experience in the field of cyber crime control and cyber law.

2. ASCL official courseware
All ASCL official courseware is designed, built and updated by experts with 15+ years of solid real-world experience in the field of cyber crime control and cyber law. ASCL official courseware is provided to students in digital as well as paper form.

3. ASCL Case studies
Our case studies are simulations based on actual cases that ASCL experts have solved over the last 16 years.

4. Reference material
Our reference material is curated by our experts from the best and most credible sources. This consists of research papers, eBooks, reports and more.

5. Contact classes
We conduct contact classes for our plus courses at Mumbai, Pune, Goa & Bangalore. These classes facilitate face-to-face interaction and query resolution with our experts. Contact classes also help you connect and network with other students.

6. COIN
As an ASCL student (and alumni) you get exclusive access to the Collaborative Online Investigation Network (COIN). This is an interactive platform empowering the world's enforcement agencies to tackle cyber crime & other cases involving digital evidence. COIN contains 1000+ checkpoints, info-blocks and warnings for investigation & forensics (cyber and non-cyber), field guides, a collaboration platform, intelligence network, suspect tracker and tons more. Check it out at www.coin.org.in

7. Conference on Cyber Crime Control (c4)
From 2016 onwards, plus students will get special access to India's #1 cyber crime control conference. For details on this year's conference, please visit: http://www.cyber.edu.in

8. Special projects
Our best students get opportunities to intern with enforcement agencies on cutting edge projects. They also get to work with the ASCL Cyber Task Force which identifies remedial, legal, legislative and policy solutions to problem issues in cyberspace.

9. Student of the month
Get global recognition by winning the ASCL student of the month award.

10. Special visits
We are working hard to set up special visits to some of the best forensic labs and investigation centers.

11. ASCL Alumni network
The ASCL Alumni network helps you to re-connect with former friends and classmates, network with ASCL alumni and even earn points for referring students to do ASCL courses.

7 steps to building an awesome career in cyber crime control

2014 was the most active year as far as cyber criminals are concerned.

The victims were some of the world's largest banks, retailers, online businesses, entertainment companies, telecom giants, insurance companies, hospitals, oil companies & aerospace companies.

And governments, municipalities, tax departments, police departments and super-secret agencies.

And countless cars, CCTV cameras & bitcoin wallets.

And the list goes on...

The massive hacks and cyber-attacks of 2014 have led to a huge increase in awareness about the impact of cyber crime.

Companies, law enforcement and individuals have begun to realise the urgent need for expertise in cyber crime investigation, computer forensics, cyber law and cyber security.

In such an environment it's not too difficult to build a super-awesome career in cyber crime control if you follow these 7 steps:

1. Create awesome content

  • Write great articles and submit them to popular websites, blogs, magazines and journals.
  • Develop interesting case studies and pose these challenges on public forums.
  • Also work on cutting edge research papers concerning latest advancements in cyber crime control.
  • Answer questions and raise discussions on platforms such as Quora, LinkedIn, Twitter etc.

2. Network like a champ

Networking is about making connections and building enduring, mutually beneficial relationships. Ultimately, it's not just what you know, it's also who you know that matters.

  • Join relevant industry organizations.
  • Learn to use Linkedin like a pro.

3. Attend conferences

Conferences are a great platform for learning from the gurus, information sharing and networking.

It's even better if you get a chance to speak at good conferences.

4. Help the local police

Volunteer with the local police and make sure you do a great job helping them crack cases and spreading awareness.

They may not give you any money, but it will be great for your branding and also open up possible avenues to work full-time with law enforcement agencies all over the country.

5. Spread awareness in schools and colleges

Volunteer to give cyber crime and security awareness lectures in schools and colleges. It will do a world of good for your reputation as an expert in the field.

6. Go social

  • Build and maintain an awesome profile on popular social media platforms like Facebook and LinkedIn.
  • Maintain a blog and regularly post relevant news and articles.
  • Maintain and regularly update a personal website.

7. Spread the word about ASCL

You have worked really hard to get certified from Asian School of Cyber Laws. Your credibility will grow enormously when you assert yourself as part of an organization that is a global pioneer in the field of cyber law and cyber crime investigation. Ensure that the certification you receive from ASCL receives the appreciation it deserves.

Keep coming back to this post - we are going to regularly update it. Send in your comments and feedback to info@asianlaws.org