LINK: https://www.thehindu.com/opinion/editorial/cyber-crackdown-on-the-investigation-into-cyber-crime/article70358575.ece

Why in the News

• Recently, a Supreme Court direction was issued to the CBI (Central Bureau of Investigation) to conduct a pan-India investigation into cyber-crimes, specifically prioritizing the “digital arrest” scam.
• This directive is viewed as extraordinary, as such investigations typically require State government consent, but it signifies the Court’s acknowledgment of the severity of the menace that transcends State jurisdictions and boundaries.

Nature and Scale of Cyber Frauds

Targeted ‘Digital Arrest’ Scam

• Modus Operandi: Fraudsters impersonate police or government officials using a video call, then falsely accuse victims (often senior citizens) of crimes, and subsequently pressure them to transfer money to avoid a fraudulent arrest.
• Economic Loss: This specific scam has been estimated by the government to have resulted in losses exceeding ₹3,000 crore, fully justifying its prioritization by the Court.
• Broader Scope: The CBI has been subsequently asked to investigate other cyber-crimes, including investment schemes and part-time job scams.
• Overall Trend: Data from the National Crime Records Bureau indicates that the severity of cyber frauds has risen significantly.

Transnational Dimension and Human Trafficking

• Transnational Nature: The problem has a transnational dimension, meaning domestic policing alone can only address symptoms within India.
• Scam Centres: The growth of “scam centres” is noted in conflict-ridden zones of Southeast Asia.
• Modern Slavery: These centres are compounds where trafficked workers are forced to run online fraud operations, unable to escape due to violence, confiscated documents, or debt bondage, effectively operating as modern-day slavery sweatshops.
• Myanmar as a Hotbed: Myanmar remains a hotbed for these operations, primarily because the illegally ruling junta benefits from taxing the proceeds of such crimes.

Judicial Directives and Domestic Crackdown

Strengthening Financial Investigation and Intermediary Accountability

• Targeting Financial Facilitators: The CBI has been asked to target not only the scammers but also banking officials who facilitate the creation of “mule” accounts.
• Malleable Financial Architecture: This necessity arises because these scams depend on a malleable financial architecture.
• Role of RBI and Technology: The RBI has been instructed to intervene by employing Artificial Intelligence and Machine Learning to trace the “layering” of proceeds through multiple accounts.
• Online Intermediary Cooperation: Online intermediaries have been asked to cooperate with the CBI, with the Court invoking the IT Rules 2021 to enforce this.

Way Forward

Global Action for Systemic Disruption

• International Diplomacy: Tackling this issue necessitates robust international diplomacy, moving beyond reliance on bilateral requests.
• Cohesion and Sanctions: New Delhi must act in cohesion with ASEAN and the UN to sanction the illegal regime in Myanmar and cut off the financial lifelines of these slavery sweatshops.
• Global Precedent: The U.S. has established a Scam Center Strike Force to tackle this issue, setting an example for global action.

Enhancing Domestic Capacity and Awareness

• Digital Literacy Deficit: The domestic battle must also be fought on the grounds of digital literacy and capacity, addressing the glaring deficit in cyber awareness among the population as daily life becomes increasingly digitized.
• Widespread Campaigns: States, local administrations, and the RBI must launch widespread awareness campaigns.
• Police Modernization: Simultaneously, there is an urgent need to upgrade the digital capabilities of State police.

Conclusion

• The Supreme Court’s decisive pan-India direction for the investigation of digital arrest scams validates the severe and transnational nature of the cyber-crime menace.
• Effectively addressing this requires a comprehensive strategy: domestically, by strengthening the investigative architecture through agencies like the CBI and RBI (leveraging AI/ML to disrupt mule accounts), and internationally, by pursuing robust international diplomacy and sanctions against regimes that profit from scam centres in conflict zones.
• Crucially, the long-term solution depends on improving digital literacy and upgrading the capacity of State police to combat cyber threats at the grassroots level.

Evolving Landscape of Cybercrime

Cybercrime refers to any criminal activity that involves a computer, computer network, or networked device. As the world becomes increasingly digitally integrated, cybercrime has evolved from simple hacking to a sophisticated, global, and highly profitable industry. Its pervasive nature poses an existential threat to national security, economic stability, and individual privacy.

Concept and Evolution of Cybercrime

• Concept: Cybercrime fundamentally involves the use of information technology as either the target of the crime (e.g., hacking, DoS attacks, data breaches) or the instrument of the crime (e.g., phishing, online fraud, cyber-trafficking). It leverages the accessibility and interconnectedness of the internet for criminal gain.
• Early Evolution (1980s-1990s): This era was characterized by individual hackers creating computer viruses and worms (like Melissa or ILOVEYOU) and early forms of rudimentary internet fraud. The motives were often focused on notoriety, intellectual challenge, and low-level financial gain.
• Modern Evolution (2000s-Present): This period is marked by the professionalization and industrialization of cybercrime. Threats moved to sophisticated Organized Cybercrime Groups and state-sponsored attacks (cyber espionage and warfare). The landscape now includes advanced persistent threats (APTs), highly customized Ransomware-as-a-Service (RaaS) models, and attacks leveraging emerging technologies like AI-generated deepfakes, 5G vulnerabilities, and poorly secured IoT devices.
• Contemporary Shifts: The shift to Cloud Computing and remote work environments has expanded the attack surface, making supply chain attacks and cloud misconfigurations key vectors.

Key Data Reports and Present Status

The current status reflects an alarming surge in the sophistication, financial impact, and frequency of attacks:

• Global Financial Impact: Global losses from cybercrime are conservatively estimated to reach over $10.5 trillion annually by 2025, making it one of the largest economic drains worldwide.
• Attack Volume: High-volume attacks like phishing, Business Email Compromise (BEC), and online financial fraud continue to dominate, accounting for a significant percentage of reported incidents and financial losses.
• Target Diversity: Targets range from individuals and Small and Medium-sized Enterprises (SMEs) to large corporations and Critical Information Infrastructure (CII)—including banking, telecommunications, energy, and healthcare sectors. The targeting of CII makes national resilience a primary concern.
• Data Breach Costs: The average cost of a data breach continues to climb, driven by increased regulatory fines (like GDPR), post-incident remediation costs, and lost business revenue.

Significance of Combating Cybercrime

Combating cybercrime is not merely a matter of technical defense; it is a fundamental imperative for safeguarding the stability, security, and prosperity of modern, digitally-driven societies. The significance is multifaceted, touching upon economic vitality, national security, critical infrastructure, and individual rights.

Protecting Global and National Economic Stability

Cybercrime acts as a massive, unregulated tax on the global economy, directly threatening financial stability and business competitiveness.

• Massive Financial Cost: Cybercrime is estimated to inflict damages totaling over $10.5 trillion annually by 2025. If measured as a country, this “cyber-economy” would be the world’s third-largest economy after the US and China. Combating it is essential to prevent this immense wealth transfer to criminal entities.
• Loss of Intellectual Property (IP): The theft of intellectual property, trade secrets, R&D data, and proprietary business information by both nation-state actors (cyber espionage) and organized criminal groups is arguably the most expensive form of cybercrime. This loss undercuts a nation’s competitive advantage and hampers innovation by reducing the return on investment for inventors and businesses.
• Business Disruption and Recovery Costs: Attacks like Ransomware and Distributed Denial of Service (DDoS) lead to severe operational downtime, loss of productivity, and high recovery expenses (including forensic investigation, system restoration, and mandatory regulatory fines). Combating these threats ensures business continuity and market efficiency.
• Systemic Financial Risk: Financial institutions are primary targets. Successful attacks on major banks or stock exchanges pose a systemic risk to the entire global financial ecosystem. Defense is critical to maintaining consumer and investor confidence in online banking and trading platforms.

Securing Critical Information Infrastructure (CII)

The modern world is dependent on interconnected systems for essential services. Cyberattacks on these systems can lead to physical, real-world devastation.

• Disruption of Essential Services:Critical Information Infrastructure (CII)—including the energy grid, water supply systems, telecommunications, healthcare networks, and transportation systems—are increasingly managed by Industrial Control Systems (ICS) and SCADA systems that are connected to the internet.
  • Example: A successful attack on the power grid could cause widespread blackouts, leading to massive public disorder and economic paralysis.
  • Example: Attacks on hospital networks (e.g., using ransomware) can disrupt patient care, delay surgeries, and even endanger lives.
• National Security Threat: Attacks on CII, especially when sponsored by hostile nation-states, are viewed as acts of cyber warfare. Robust defense of these assets is now a core component of national security strategy, as critical vulnerabilities can be exploited to achieve strategic military or geopolitical aims.

Preserving National Sovereignty and Public Safety

Cybercrime extends beyond financial loss to threaten the democratic process and the safety of citizens.

• Cyber Espionage and Foreign Influence: Combating cybercrime includes detecting and neutralizing sophisticated state-sponsored groups (APTs) that engage in espionage, steal government data, conduct disinformation campaigns to influence elections, and undermine democratic institutions.
• Law Enforcement and Counter-Terrorism: Cyberspace is used by criminal organizations and terrorist groups for recruitment, planning, communication, and financing (e.g., through dark web markets and cryptocurrency). Combating cybercrime is essential for effective counter-terrorism and dismantling transnational criminal networks.
• Protecting Vulnerable Populations: Combating online child exploitation, cyber-trafficking, and severe financial fraud (like “digital arrest” scams in India) is a moral and legal duty. Active intervention protects the most vulnerable members of society from psychological and financial harm.

Upholding Individual Rights and Trust

At the individual level, cybercrime erodes the fundamental expectations of privacy and safety in the digital domain.

• Protecting Personal Data and Privacy: Cyberattacks frequently result in the mass theft of Personally Identifiable Information (PII) and sensitive data. Robust cyber defenses and laws (like the DPDP Act in India) are crucial to protect citizens from identity theft, financial fraud, and potential misuse of their data by malicious entities or foreign intelligence agencies.
• Maintaining Public Trust: Frequent, high-profile breaches and scams lead to an erosion of public trust in digital systems, e-governance initiatives, and online commerce. Effective crime fighting restores and maintains the confidence necessary for the continued growth of the Digital Economy.
• Ensuring Digital Freedom and Safety: Combating cyber-harassment, cyber-stalking, and the creation of deepfake media protects individuals’ freedom, safety, and reputation online, ensuring the internet remains a safe space for expression and interaction.

Challenges in Combating Cybercrime

Combating cybercrime is fraught with significant challenges that stem from the borderless nature of the internet, the rapid evolution of technology, and persistent gaps in both human expertise and global cooperation. These challenges create a constant state of asymmetry between defenders and attackers.

• Trans-Border Jurisdiction and Delayed International Cooperation: Most sophisticated cybercrimes originate from or are routed through foreign countries (Nigeria, Cambodia, Myanmar, Russia, North Korea). The Mutual Legal Assistance Treaty (MLAT) process still takes 10–18 months on average.
  • Example: In the ₹1,203 crore digital arrest scam traced to Cambodia-based call centres in 2025, Indian agencies could not obtain server logs or arrest suspects for over 14 months despite repeated requests.
• Anonymity and Anti-Forensic Tools Used by Criminals: Offenders routinely use Tor, I2P, bulletproof hosting, privacy coins (Monero), and burner devices to remain untraceable.
  • Example: The LockBit 3.0 ransomware gang continues to operate in 2025 despite multiple global takedown attempts because they use triple-layered encryption and anonymous infrastructure.
• Extreme Speed and Automation of Attacks: AI-driven tools now launch millions of phishing emails or brute-force attempts per hour, making real-time blocking almost impossible without false positives.
  • Example: In August 2025, a single AI-generated UPI phishing campaign sent 4.7 crore fraudulent messages in just 48 hours across India.
• Acute Shortage of Skilled Cyber Investigators and Digital Forensics Experts: India has only ~8,500 trained cyber police personnel against a requirement of over 1 lakh (MHA estimate 2025). Most states still depend on 1–2 officers per district.
  • Example: In Uttar Pradesh, a single cyber cell handled 1.42 lakh complaints in 2024 with just 43 personnel.
• Massive Under-Reporting of Incidents: Only 10–15 % of victims report cyber financial fraud in India (RBI & I4C joint survey 2025). Reasons: fear of social stigma, lack of faith in police, and belief that money cannot be recovered.
  • Example: Sextortion and “digital arrest” victims rarely report due to embarrassment, allowing criminals to target hundreds more.
• Rapid Evolution of Attack Techniques Using Generative AI and Deepfakes: Criminals now create hyper-realistic deepfake videos of police officers and real-time voice cloning in regional languages, bypassing traditional detection.
  • Example: In 2025, a Gurugram businessman transferred approx. ₹252 crore after a 9-hour video call where fraudsters used an AI-cloned voice and deepfake video of a “CBI officer”.
• Over-Reliance on Third-Party and Supply-Chain Ecosystems: A single weak vendor can compromise thousands of organizations.
  • Example: The 2024–25 MOVEit supply-chain attack (still active) affected over 2,700 Indian organizations, including banks and government departments, because of one unpatched vulnerability.
• Cryptocurrency and Mule Account Networks: Stolen money is instantly laundered through thousands of mule accounts, crypto mixers, and overseas exchanges within minutes.
  • Example: In 2025, Indian agencies blocked approx 4.4 lakh mule bank accounts, yet new ones are created daily using synthetic KYC and deepfake Aadhaar videos.
• Low Conviction Rates and Lenient Punishment: Conviction rate under IT Act cases remains below 4 % (NCRB 2024). Many accused get bail immediately because of weak evidence collection and lengthy trials.
  • Example: Major “digital arrest” masterminds arrested in 2024–25 are still out on bail and continue to operate from jail using smuggled phones.
• Lack of Mandatory Cyber Incident Reporting for Private Sector: Unlike the USA (CISA 72-hour rule) or EU (NIS2), India still has no mandatory timeline for private companies to report breaches, delaying threat intelligence sharing.
  • Example: A major Indian stock brokerage platform suffered a breach affecting 64 lakh customers in March 2025 but informed authorities only after 41 days.
• Public Apathy and Low Digital Literacy: Despite repeated campaigns, millions still click suspicious links, share OTPs, or join video calls with unknown “officers”.
  • Example: In October–November 2025 alone, approx. 1.1 lakh fresh digital arrest victims lost money even after nationwide alerts on television and social media.
• Social Engineering Exploitation: Attacks that exploit human psychology—such as fear, greed, or negligence—are highly effective and cannot be stopped by firewalls or antivirus software.
  • Example (Phishing/Vishing): An employee in a targeted company is the one who ultimately clicks the malicious link in a spear-phishing email or provides confidential credentials during a vishing (voice phishing) call, making the user the weakest defense layer.

‘Digital Arrest’ Scam: Psychological Warfare and Extortion

The ‘Digital Arrest’ scam is a highly sophisticated form of cyber-enabled extortion that has become one of the most significant cybercrime threats in India, resulting in losses crossing ₹3,000 crore nationally. This crime leverages advanced social engineering tactics to exert intense psychological pressure on victims, leading to significant financial losses and, in some tragic cases, severe trauma or suicide.

Aspect	Precise Description	Key Significance
I. Concept	Cybercriminals impersonate high-authority Law Enforcement Agencies (LEAs) (e.g., CBI, ED, RBI) to fabricate charges (money laundering, drug trafficking) against a victim.	Exploits the victim’s fear of authority and legal process; core method is psychological coercion and isolation.
II. Modus Operandi
The Hook	Initial call (often spoofed) claiming the victim’s parcel/ID was involved in illegal activity.	Establishes immediate panic and urgency.
Confinement	Victim is coerced into joining a continuous, uninterrupted video call (Skype/WhatsApp), simulating “digital custody” in a virtual “police station.”	The primary technique for isolation and shutting down the victim’s ability to seek help or think rationally.
Evidence & Threat	Scammers send forged legal documents (fake FIRs, arrest warrants) and aggressively threaten immediate public arrest or bank account freezing.	Creates extreme psychological pressure to comply with the subsequent extortion demand.
Extortion	Demand for a large sum of money to be transferred to a “safe government account” or “security deposit” for “verification” or “bail.”	Money is immediately siphoned into mule accounts and rapidly transferred offshore, making fund recovery extremely difficult.
III. Response & Advisory
National Response	Supreme Court of India intervention directed a pan-India CBI probe to tackle organized syndicates, and mandated RBI/DoT coordination to freeze mule accounts.	Recognition of the scam as a severe, organized national security threat.
Safety Advisory	Real LEAs/RBI will NEVER: ask for money or private financial details over a call, or conduct arrests/trials via video chat. Verify identity in person.	The most effective defense is awareness and immediate reporting via Helpline 1930 / cybercrime.gov.in.

Best Practices and Regulatory Frameworks

Effective cyber resilience requires a layered, collaborative, and continually evolving strategy across technology, process, and people.

Global Best Practices

• Zero Trust Architecture (ZTA): Moving away from perimeter security, ZTA adopts the principle of “never trust, always verify.” It requires strict verification for every person, device, and application attempting to access network resources, regardless of whether they are internal or external to the network.
• Cyber Hygiene and Patch Management: Implementing fundamental practices like mandatory Multi-Factor Authentication (MFA), strict access controls (Least Privilege), regular and prompt software updates/patching, and continuous employee training.
• Threat Intelligence Sharing: Fostering global public-private cooperation and establishing frameworks for real-time sharing of threat intelligence, indicators of compromise (IoCs), and vulnerability information (e.g., through national CSIRTs and ISACs).
• Resilience Planning: Developing and regularly testing robust incident response (IR) plans and Disaster Recovery (DR) procedures to ensure rapid containment, forensic analysis, remediation, and swift operational recovery after a breach.

Indian Regulatory and Strategic Frameworks

• Information Technology (IT) Act, 2000 (and Amendments): The foundational legal framework that provides legal recognition to electronic transactions, addresses various cybercrimes (e.g., hacking, data theft, publishing obscene material), and prescribes penalties. It established the appellate tribunal for digital disputes.
• National Cyber Security Strategy (NCSS): A high-level document aiming to create a secure and resilient cyber ecosystem by establishing regulatory standards, enhancing domestic capabilities, promoting research, and, crucially, prioritizing the Protection of Critical Information Infrastructure (CII).
• Cert-In (Indian Computer Emergency Response Team): The national nodal agency responsible for coordinating responses to cyber security incidents, issuing alerts and advisories, and publishing guidelines for system hardening.
• Digital Personal Data Protection (DPDP) Act, 2023: A landmark law that strengthens data handling requirements, imposes significant penalties for data breaches, and establishes new rights for data principals (citizens), making organizations more accountable for data security.

Way Forward: A Proactive and Resilience-Focused Strategy

The way forward in combating cybercrime requires a fundamental shift from a reactive security posture to a proactive, resilience-focused, and collaborative strategy. This involves concurrent efforts across policy, technology, capacity building, and international cooperation.

Strategic Policy and Governance Shifts

• Cyber Resilience Mandate: National policies must move beyond mere “cyber security” (prevention) to prioritize “cyber resilience” (the ability to rapidly detect, respond, and recover).
  • This means adopting comprehensive frameworks like the NIST Cybersecurity Framework (CSF) 2.0 functions: Govern, Identify, Protect, Detect, Respond, and Recover.
• Strengthening Critical Information Infrastructure (CII) Protection: Enforce mandatory, rigorous, and auditable security standards for all designated CII entities (Energy, Finance, Health, Telecom).
  • Establish real-time threat sharing requirements between CII operators and the national nodal agency (e.g., Cert-In in India).
• Dynamic Legal Frameworks: Review and update foundational laws (like India’s IT Act, 2000) to address emerging threats like Deepfakes, AI-driven fraud, and the legal complexities surrounding crypto-asset tracing.
  • Legal frameworks must be flexible enough to handle evidence from cloud environments and cross-border crimes.
• Third-Party Risk Management (TPRM): Implement strict contractual security clauses and continuous monitoring requirements for all third-party vendors and supply chain partners. A successful attack often exploits the weakest link in the supply chain.

Technological and AI Integration

• Adoption of Zero Trust Architecture (ZTA): Mandate the transition from perimeter-based security to a Zero Trust model, where no user, device, or application is trusted by default, regardless of its location (inside or outside the network).
• Leveraging AI/ML for Defense: Utilize AI/ML for Security Orchestration, Automation, and Response (SOAR) to accelerate incident containment.
  • Deploy AI-driven analytics for real-time anomaly detection and behavioral monitoring, which are essential for identifying stealthy, fileless, and polymorphic attacks that evade traditional signature-based tools.
• Counter-AI Strategy: Actively invest in research and development to build indigenous counter-AI defense mechanisms capable of detecting and neutralizing attacks generated by malicious AI tools (e.g., deepfakes used in Business Email Compromise (BEC) or voice fraud).
• Secure Digital Public Infrastructure (DPI): Prioritize the security, privacy, and ethical design of national DPI systems (like Aadhaar, UPI, etc.), ensuring security-by-design and privacy-by-design are baked in from conception.

Capacity Building and Public Awareness

• Closing the Skill Gap: Launch national-level certification and specialized training programs for students and professionals in niche areas like cloud security, OT/ICS security, and digital forensics.
  • Encourage public-private academic partnerships to nurture a large, skilled cybersecurity workforce.
• Specialized Law Enforcement Cells: Establish dedicated, well-funded cybercrime investigation wings within police forces, trained specifically in handling digital evidence, tracing crypto-transactions, and prosecuting cases under complex cyber laws.
  • The Indian Cyber Crime Coordination Centre (I4C) must be further strengthened with state-of-the-art tools and collaboration mandates.
• Mass Public Awareness Campaigns: Conduct intensive, multi-lingual, and targeted awareness campaigns focused on social engineering tactics, such as phishing, deepfake voice scams, and the “digital arrest” fraud. This should focus heavily on vulnerable groups like senior citizens and first-time digital users.
  • Example: Promoting the use of the 1930 helpline for immediate reporting of financial fraud in India.
• Cyber Hygiene Mandates: Promote and enforce basic cyber hygiene for all users, emphasizing the mandatory use of Multi-Factor Authentication (MFA) and strong, unique passwords across all personal and official accounts.

International Cooperation and Diplomacy

• Harmonization of Laws: Advocate for and participate actively in global forums (like the G20, UN, and Interpol) to develop harmonized global standards and legal frameworks for cybercrime, particularly concerning data sharing and cross-border investigations.
• Streamlined MLAT Processes: Push for reforms to significantly accelerate the Mutual Legal Assistance Treaty (MLAT) process to enable the timely seizure of volatile digital evidence and funds before criminals can dissipate them.
• Threat Intelligence Fusion: Establish formal, real-time threat intelligence sharing agreements with key international partners and law enforcement agencies (e.g., FBI, Interpol, Europol). This ensures that countries are aware of global attack campaigns (like new RaaS variants) immediately.
• Digital Diplomacy: Use platforms like the G20 (as India has done) to lead discussions on ethical AI governance and the security of the digital economy, positioning India as a global leader in responsible cyber space development.

Conclusion

• Cybercrime is the defining security and economic challenge of the digital age. It demands a sustained, multi-stakeholder approach that integrates advanced technological solutions, robust legal and regulatory frameworks (like India’s DPDP Act and IT Act), and continuous, widespread public education and awareness.
• Only through such coordinated, proactive strategies—where security is designed into systems rather than added on later—can the vast potential of the digital future be secured against an ever-evolving adversary.

UPSC MAINS PYQs

1. What are the different elements of cyber security? Keeping in view the challenges in cyber security, examine the extent to which India has successfully developed a comprehensive National Cyber Security Strategy. (2022)
2. Keeping in view India’s internal security, analyse the impact of cross-border cyber attacks. Also, discuss defensive measures against these sophisticated attacks. (2021)
3. Discuss different types of cybercrimes and measures required to be taken to fight the menace. (2020)
4. What is the Cyber Dome Project? Explain how it can be useful in controlling internet crimes in India. (2018)
5. Data security has assumed significant importance in the digitalized world due to rising cyber crimes. The justice B. N. Srikrishna Committee Report addresses issues related to data security. What, in your view, are the strengths and weakness of the report relating to protection of personal data in cyber space? (2017)
6. Discuss the potential threats of Cyber attack and the security framework to prevent it. (2016)