- An operation coordinated by INTERPOL codenamed HAECHI-II saw police arrest more than 1,000 individuals and intercept a total of nearly USD 27 million of illicit funds, underlining the global threat of cyber-enabled financial crime.
- It took place over four months from June to September 2021.
- It targeted specific types of online fraud like romance scams, investment fraud and money laundering associated with illegal online gambling.
- India was one of the participating countries.
- The operation resulted in the arrest of 1,003 individuals and helped investigators close 1,660 cases.
- 2,350 bank accounts linked to the illicit proceeds of online financial crime were blocked.
- More than 50 Interpol notices were published based on information relating to Operation HAECHI-II and 10 new criminal modus operandi were identified.
- It is the second such operation in a three-year project launched to tackle cyber-enabled financial crime.
- Interpol officials also pilot-tested a new global stop-payment mechanism , the Anti-Money Laundering Rapid Response Protocol (ARRP), which proved critical to successfully intercepting illicit funds in several HAECHI-II cases.
Cyber-enabled financial crime:
- Includes Ransomware, sextortion scams, identity theft, money laundering, and other financial crimes.
- In it, an IP address is stolen and then fraud/extortion/ scam is commited.
Types of Cyber Attacks
- Malware,- a software designed to cause damage to a single computer, server, or computer network. Eg. Ransomware, Spy ware, Worms, viruses, and Trojans.
- Phishing - a method of trying to gather personal information using deceptive e-mails and websites.
- Denial of Service attacks - an attack meant to shut down a machine or network, making it inaccessible to its intended users. DoS attacks accomplish this by flooding the target with traffic, or sending it information that triggers a crash.
- Man-in-the-middle (MitM) attacks/ eavesdropping attacks- when attackers insert themselves into a two-party transaction. Once the attackers interrupt the traffic, they can filter and steal data.
- SQL Injection - It specifically targets such kind of servers, using malicious code to get the server to divulge information it normally wouldn’t.
- Cross-Site Scripting (XSS) - It also involves injecting malicious code into a website like SQL Injection, but in this case the website itself is not being attacked. Instead the malicious code the attacker has injected, only runs in the user's browser when they visit the attacked website, and it goes after the visitor directly, not the website.
- Social engineering- relies on human interaction to trick users into breaking security procedures in order to gain sensitive information that is typically protected.
Global Efforts to Prevent Cyber-enabled financial crime:
- International Telecommunication Union (ITU)- A specialised agency within the United Nations that plays a leading role in the standardization and development of telecommunications and cyber security issues.
- Budapest Convention on Cybercrime: An international treaty that seeks to address Internet and computer crime (cybercrime) by harmonizing national laws, improving investigative techniques, and increasing cooperation among nations. India is not a signatory to this convention.
- Internet Corporation for Assigned Names and Numbers (ICANN): A non-profit organization responsible for coordinating the maintenance and procedures of several databases related to the namespaces and numerical spaces of the Internet, ensuring the network's stable and secure operation. It has its headquarters in Los Angeles, U.S.A.
- Anti-Money Laundering Rapid Response Protocol (ARRP)- Effectively intercepts illegal payments in various HAECHI-II situations.
Laws related to Cyber Security in India
- Information Technology Act, 2000- Regulates the use of computers, computer systems, computer networks and also data and information in electronic format.
- National Cyber Policy, 2013- Creating mechanisms for security threats and responses to the same through national systems and processes.
- National Computer Emergency Response Team (CERT-in) - The nodal agency for coordination of all cyber security efforts, emergency responses, and crisis management.
- National Critical Information Infrastructure Protection Centre (NCIIPC)- to secure India’s critical information infrastructure.
- Cyber Surakshit Bharat Initiative - Aimed to spread awareness about cybercrime and building capacity for safety measures for Chief Information Security Officers (CISOs) and frontline IT staff across all government departments.
- National Cyber security Coordination Centre (NCCC)- Aimed to scan internet traffic and communication metadata (which are little snippets of information hidden inside each communication) coming into the country to detect real-time cyber threats.
- Cyber Swachhta Kendra- Was introduced for internet users to clean their computers and devices by wiping out viruses and malware.
- Information Security Education and Awareness Project (ISEA) – a project to raise awareness and to provide research, education and training in the field of Information Security.