Alarming increase in SL Cyber Crime | Sunday Observer

Alarming increase in SL Cyber Crime

Although Sri Lanka is still at a tender age with the advancement in technology in many spheres, digital technologies have long evolved into fundamental social infrastructure in Sri Lanka.

The social media craze has swooped over the entire nation, with digitization of workplaces taking place at a fast rate. The local law enforcement and the cyber security watch dogs, tied down by the challenges in this transitional age, are currently neck deep in a battle to rein in this booming sector. Their aim is to ensure the Government apparatus is fully armed to effectively counter emerging threats.

Sri Lanka is ranked 72, out of 193 countries, in the Global Cyber Security Index 2016. Sri Lanka’s overall performance to ensure secured cyber space is rated as ‘maturing’ with countries like the US, Australia, EU and Canada leading with their tough regulatory systems to keep the malefactors at bay.

According to Sri Lanka Computer Emergency Readiness Team / Coordination Centre (SL CERT/CC) the number of reported social media related incidents had increased ‘exponentially’ from 80 in 2010 to 3685 incidents in 2017, and continue to grow at a rate in the country. The reported cyber security related incidents have grown from 71 incidents in 2010 to 222 in 2017. Although that is negligible compared to the global figures, the cyber security experts have warned of the necessity to arrest the trend early given the fact that Sri Lanka is poised to launch its ambitious programme to become a regional economic hub. The total annual cost of all data breaches in the world by 2019 is expected to reach $ 2.1 trillion, which is four times than that of the costs in 2015, Juniper Research UK says.

In this backdrop, the SL CERT has prepared a draft Information and Cyber Security Strategy for Sri Lanka to be submitted to the Cabinet of Ministers this month.

The five year strategy which aspires to keep the nation safe from cyber threats, if adopted, will be effective through five years from 2018 to 2023. “Our strategy aims to create a resilient and trusted cyber security ecosystem in the country to enable the citizens to reap benefits of digital technology and facilitate growth,” Rohan Palliyaguru of SL CERT said.

The effort will see the establishment of a governance framework to implement the strategy, enactment and formulation of legislation, policies and standards to create a regulatory environment, develop a skilled cyber security workforce, collaboration with the public sector, raising awareness and empowering citizens against threats and finally to develop partnerships to create a cyber security ecosystem. IT Literacy and digital literacy among Sri Lankans are 28.3% and 38.7% respectively while mobile phone subscription for a 100 inhabitants stands at 103. With regard to the devices used to connect to the internet, mobile phones top the list with a 57% while 38% use desktops. A senior DIG of Police who is not authorised to speak to media said “cyber security has become a very vulnerable issue in Sri Lanka mainly because of the lack of awareness and knowledge among people in surfing the net safely.” Referring to a recent case that was reported to the Cyber Crime Investigation Division of the CID he said, a female doctor who was a mother of three children nearly fell prey to a cyber criminal who befriended her on facebook.

According to the doctor’s complaint, a man who posed as a foreigner living in the UK had sent her a friend request. She had made the grave mistake of accepting the stranger’s request. After sometime, he had said he was going out shopping and wanted to buy her a gift. He had later posted pictures of an i-phone, i-pad and a necklace claiming that they would be delivered to her through a courier. How ever, he claimed that she might have to pay a small customs duty to get the goods released. Later, a third party had asked her to pay Rs.50,000 as customs duty for a parcel that has come in her name. The facebook scammer had been so shrewd that the doctor did not suspect that she was so close to being a victim of a facebook scam. Luckily, the lady doctor happened to have a friend whose husband was a customs officer. Unsuspecting, she had sought her help to get the Rs.50,000 duty waived. When the Customs officer searched for the parcel, the real story had emerged.

The doctor had made an unofficial complaint at the CID, requesting anonymity.

Such social media related complaints have exceeded 3600 in 2017.

While cyber space is a haven for organised crime and white collar crime, the most problematic area for the police is the facebook related crimes, and cyber crimes against individuals. Of these, most prominent are credit card fraud, revenge porn, intellectual property theft, processing unauthorised and sensitive data as well as hacking into government websites (Cyber Terrorism). SL CERT has received 2018 complaints of fake facebook accounts, 829 incidents of hacking social media accounts, 416 cases of photo abuse, 57 incidents of threatening and cyber bullying, 54 cases of misuse of phone numbers , 17 incidents of pornographic videos, 7 copyright violations and 287 other complaints.

The Computer Crimes Act No 24 of 2007 and several other legislation covering intellectual property rights, electronic transactions and payment devices frauds provide some legal backing for the police to nab the offenders. But there is no specific law to address sophisticated modern day cyber crimes in Sri Lanka despite it ratifying the Budapest Convention on Cyber Crime in 2015 and becoming the first South Asian Country to join the Convention.

The strategy that is in the offing provides for introduction of a Data Protection Act and a Cyber Security Act. There will be new policies on data sharing, critical infrastructure protection and a security policy for organisations.

The collection, use and disclosure of citizens personal data by government and private sector organisations will be strictly regulated under the Data Protection Act making the violators liable for penal action. The Cyber Security Act is expected to propose provisions to protect the country from sophisticated cyber security threats.

The CID’s Digital Forensic Unit which operates the Cyber Security Investigation Division, opened a branch in Kandy two weeks ago and they have planned to decentralise this Unit to all nine provinces shortly.

“We will open the next branch in Matara within the coming month and the third one in Jaffna later,” Director CID SSP Shani Abeysekera told Sunday Observer adding that after Colombo the highest number of social media andcyber security related cases are reported from Kandy.

Comments