Although some cybercriminals may steal from other cybercriminals, they do not fight each other for control and supremacy. In contrast, they help each other improve their skills and find new opportunities. That’s why the usual methods of fighting traditional crimes cannot fight cybercrimes.
Accordingly, legislative bodies enact legislation to protect users from harm while using the internet. This legislation is called cyberlaw, also known as cybercrime law. Involving individuals, groups, organisations, and the public, it investigates online criminal activities and prosecutes cybercriminals.
Cyberlaw focuses on crimes that target computers, such as viruses, trojans, and DoS attacks. It also focuses on crimes that use computers, like cyberextortion, cybertheft, and embezzlement. Further, it focuses on the acceptable behaviour of using technology, including the internet, network, hardware, and software. Cyberlaw differs from one country to another, ranging between fines and imprisonment. Let’s explore cyberlaw in the UK, the US, and India in the following lines.
What is Cybercrime Investigation?
First, let us know what cybercrime investigation means. Cybercrime is any virtual crime that uses or targets the internet, computer, or networked devices. To solve this crime, cybercrime investigation helps investigate, analyse, and recover critical forensic digital data from the networks and computers involved in the cyberattack. On top of that, it helps identify and track the author of a specific cybercrime. After the investigation, the investigators write reports to testify in court hearings and use in court proceedings.
Cybercrime Investigation Techniques and Tools
There are different investigation techniques for each type of cybercrime. Additionally, each investigator has his own technique for handling a cybercrime investigation, like background checks, information gathering, evidence gathering, honeypots, digital forensics, and cybercriminal tracking.
Examining the mechanism of each cybercrime is the most important factor in cybercrime investigation. They use specialist tools to run digital forensics and analyse data only when they have evidence in hand. Several tools exist for each type of cybercrime investigation, including The Sleuth Kit, FTK Imager, and ExifTool.
Key Challenges of Investigating A Cybercrime
There are several challenges and obstacles to cybercrime investigations. Encryption or the use of cryptocurrencies and other modern technology, i.e. cloud storage, may lead to loss of data and location. Internet anonymity is also a major challenge to cybercrime investigations since it hides cybercriminals’ identities and makes it difficult for investigators to identify or track them.
The national legal framework may also be an obstacle that hinders the investigation, as each country has its legal framework that differs from other countries. The General Data Protection Regulation (GDPR) and other legislative changes may limit the data law enforcement should access in order to investigate cybercrime.
Duration of Cybercrime Investigations
There is no specific duration for a cybercrime investigation. An investigation may exceed six months in one country and might be solved in one day in another. It also depends on the cybercrime type and the used tools and techniques.
Who Investigates Cybercrime
Investigating a cybercrime scene is a challenging job. It requires an expert in computer science who fully understands each software program, operating system, and file system. Since an IT expert knows how networks and hardware work, s/he is the best person to investigate cybercrimes, as s/he can determine how the interactions between these components occur and why and when this incident happened.
Cybercrime and Cyberlaw in the UK
Computing has recently become normal in the United Kingdom, leading to a rise in cybersecurity awareness among businesses and individuals. It also leads to the enactment of cybercrime legislation that reduces cybercrime-associated issues. Let’s explore cybercrime and cyberlaw in the UK and how to report such crimes in the country.
Cybercrime Statistics in the UK
• There were more than 440,000 cybercrime reports in 2021. Over 380,000 reports came from individual users and over 60,000 reports from businesses.
• Individuals and businesses reported losses to cybercrime and cyberfraud of £1.3 billion in 2021 between the first of January and the end of July. The losses exceeded £2.4 billion throughout the whole year.
• People between 20 to 39 years old are the main target of cyberattacks and cybercrimes.
• There were over 13,500 reports of social media and email hacking in 2021. This resulted in losses of £7.8 million.
• More than 85% of the UK’s organisations experienced successful cyberattacks in 2020/2021.
• 71% of the organisations experienced ransomware attacks.
• During the pandemic of COVID-19, around 2300 COVID-19-related malicious files have been detected.
Cyberlaw in the UK
There are several cybercrime-related acts in the UK. Here are some of them:
Computer Misuse Act 1990
The Computer Misuse Act (CMA) 1990 is the UK’s primary cybercrime legislation. It handles a lot of offences and malicious attacks, such as hacking and ransomware, on computers and other technological devices.
Defining them as illegal, the CMA Act prosecutes the intentional harm or crime that involves the use of computer systems, along with unauthorised or malicious access to material stored on a digital device. On top of that, it prosecutes the unauthorised modification, blocking, or removal of stored data and the supplying or obtaining of information that can be used in computer misuse and offences.
Data Protection Act 2018
The Data Protection Act 2018 (DPA) is another legislation in the UK that deals with cybercrime issues. Developing the previous Data Protection Act 1998 legislation, the DPA 2018 Act implements the GDPR to protect users and businesses. In addition, it controls how businesses, organisations, and governments use and store personal information lawfully, transparently, and accurately with data minimisation and purpose limitation.
Cybercrime Penalties in the UK
The penalties for cybercriminals in the UK vary in severity, from fines to imprisonment, according to the crime and its severity. The fine starts from £5,000 and goes to an unlimited fine. The prison sentence varies from six months to life imprisonment.
• If the cybercrime is unauthorised access to a computer, the cybercriminal will be charged a fine of £5,000 and sentenced to up to two years in prison.
• However, if the cybercriminal gains access to a computer to steal data or commit fraud, s/he will be charged an unlimited fine and sentenced to up to 10 years in prison.
• If the criminal distributes malware to change, modify, or destroy the content of a computer, s/he will receive a fine of unlimited amounts and a sentence of up to 10 years in prison.
• If a cybercrime causes harm to human welfare, the cybercriminal will be sentenced to life imprisonment.
NCSC Cyber Essentials
The National Cybersecurity Centre (NCSC) is a government-supported centre that leads the UK’s cybersecurity mission. It provides NCSC Cyber Essentials certification. This foundation-level certification is a basic cybersecurity framework that each startup should have in order to protect its organisation, whatever its size, against cyberattacks.
GCHQ Cybersecurity
NCSC is part of GCHQ, which stands for Government Communications Headquarters. It is one of the world-leading intelligence and security agencies. GCHQ’s mission is to keep society safe by improving internet security in the country. It helps protect the UK and its citizens from cyberattacks that threaten national security, such as cyberterrorism.
During the COVID-19 pandemic, NCSC’s top priority was to protect the National Health Service (NHS) and the whole healthcare sector. It worked hard to ensure all healthcare organisations can prevent cyberattacks and keep patients’ data safe online.
UK’s Active Cyber Defence
The UK’s Active Cyber Defence (ACD) program is a major aspect of work in NCSC. It provides tools and services to mitigate the harm of cyberattacks.
NCA Cybercrime
The National Crime Agency in the UK is another agency that helps stop serious and organised cybercrimes. It works with NCSC and its Cyber Aware, “the UK’s government advice on how to stay safe online.” It also works with other partners to protect individuals and businesses online.
How to Report Cybercrime in the UK
If you fall victim to cybercrime or fraud in the UK, do not overlook it. Here is how to report cybercrime in the UK:
1. Action Fraud: Report the cybercrime to the UK’s national fraud and cybercrime reporting centre, Action Fraud. It is only a reporting and analysis centre, so they will give you a crime reference number and pass on your case to the National Fraud Intelligence Bureau (NFIB), which is run by the City of London’s police service. They may share information with other bodies, including local police forces and regulatory bodies. You can contact them on their website through their live chat function. The website is available 24/7; however, it requires registration.
2. National Cybersecurity Centre (NCSC): Businesses can also report cybercrimes to the NCSC, as they can provide technical support, technical advice, and guidance on incident response and recovery.
3. NCSC’s Suspicious Email Reporting Service (SERS): As an individual or business, you can also report phishing emails, websites, and calls to NCSC’s SERS. By forwarding suspicious emails to them, they will investigate them at once.
4. Local Police: If your organisation wants to report an insider cybercrime, you should likely call the local police on 101. Suppose there is a data breach in the insider cybercrime or other cybercrimes that involve data subject to the GDPR, PECR, eIDAS Regulation, or the NIS Directive. In that case, you can report it to the ICO (Information Commissioner’s Office).
Cybercrime and Cyberlaw in the US
Moving from the UK to the US, the US leads the world in many cyber power categories. However, many cybercrimes occur there, including malware, debit or credit card fraud, data breaches, and unauthorised access to email. That is why it has several bodies that can investigate cyberattacks, including The Federal Bureau of Investigation (FBI) and the US Secret Service.
US Cybersecurity
The US has a federal agency called The Cybersecurity and Infrastructure Security Agency (CISA). It helps enhance the security, reliability, and resiliency of the Nation’s cybersecurity and communications infrastructure. It also leads the effort to manage and reduce the risk to the national cyber and physical infrastructure.
Cybercrime Response Agency (CCRA)
The Cybercrime Response Agency (CCRA) is another US agency that provides an in-depth investigation of reported cybercrimes. It also educates the public about internet safety and awareness and assists them with understanding online crimes and criminals.
FBI Cybercrime Department
The FBI has a department that deals with cybercrime called the FBI Cyber Division. It works through the National Cyber Investigative Joint Task Force (NCIJTF). Their main job is investigating and prosecuting cyber or internet-based crimes, including cyberespionage, cyberterrorism, intellectual property rights, and child sexual exploitation. They focus on cyberintrusion, cyberfraud, and identity theft and use the information gathered during investigations to record current trends in cybercrime.
FBI Cyber Task Force
Each Cyber Task Force in the FBI synchronises domestic investigations in the local community through intelligence actions, joint enforcement, information sharing, and incident response. Along with international partners, federal, state, and local authorities synchronise efforts to counter cybercrimes.
FBI Cyberbullying
Cyberbullying is growing in the US nowadays due to the increase in the use of the internet and technology. What was done on the ground years ago might be done online with the use of technology today! Sharing or sending negative or harmful content about someone is hurtful and has damaging consequences. It can violate federal law, and the FBI would investigate.
Through their community outreach program, the FBI raises awareness of how parents and children could reduce the chances of falling victim to such a cybercrime. They also suggest practising netiquette, or internet etiquette, while you are online.
FBI Cyber Alerts
• In 2021, the US cybersecurity authorities observed a global increase in ransomware threats against critical infrastructure organisations.
• BlackByte ransomware compromised several US and foreign businesses.
• New Sandworm malware, called Cyclops Blink, replaces the VPNFilter malware 2018 that exploited network devices, especially routers and network-attached storage (NAS).
US Cyberlaw
Now, let’s explore US cyberlaw and the role of the FBI in investigating any type of cybercrime.
Computer Fraud and Abuse Act (CFAA)
The CFAA (Computer Fraud and Abuse Act), 18 U.S.C. § 1030, is the primary statutory mechanism that prosecutes cybercrime. It protects federal, banks, and internet-connected computers and addresses computer-related offences and cyberfraud.
The CFFA has recently laid out eight types of cybercrime. The first type is unauthorised access to a computer to obtain national security information. Another type is unauthorised access to a protected computer with the intent to defraud. Other types include trafficking in passwords and damaging a computer intentionally or recklessly.
Electronic Communications Privacy Act (ECPA)
Another cybercrime-related law in the US is the EPCA (Electronic Communications Privacy Act) under Title 18 of the US Code. It protects both stored communications and communications in transit and has three titles.
• Title I of the ECPA, referred to as the Wiretap Act, prohibits the intentional interception, disclosure, use, or procurement of any wire, oral, or electronic communications.
• Title II of the ECPA prohibits intentionally unauthorised access to any facility providing an electronic communications service (ECS). It also protects the privacy of the files and records stored or held by service providers.
• Title III of the ECPA requires a court order and government entities to address a pen register and/or trap and trace devices. To address a pen register, they use a device to capture the dialled numbers and other outgoing calls and communications-related information. A trapping and tracking device requires the use of a specialist device to capture incoming calls and communications-related information.
US Cybercrime Sentences
Violating these laws exposes cybercriminals to criminal and civil penalties, ranging from 10 years up to 20 years in prison. If anyone violates the ECPA, s/he might be sentenced to up to 10 years in prison.
Regarding the CFAA, if someone accesses a computer without authorisation, s/he will receive a sentence of 10 years in prison. The unauthorised access to a protected computer with the intent to defraud, the intentional or reckless damage of a computer and cyberextortion lead to a sentence of up to five years in prison.
A sentence of up to one year in prison is applied to unauthorised access to an interstate or foreign commerce-related computer in order to obtain information. The same sentence is applied to unauthorised access to a non-public government-used computer.
Trafficking in passwords and transmitting threats of extortion in order to damage a protected computer, obtain information, or compromise the confidentiality of the information also lead to up to one year in prison.
Where Do You Report Cybercrime in the US?
If you fall victim to cybercrime in the US, report it to the appropriate authorities to make the internet safer and secure.
1. US-CERT: You can report computer and network vulnerabilities to the US-CERT by contacting them through their website. To report phishing emails or websites, just forward them to [email protected].
2. Social Security Administration (SSA): You can also contact the SSA on their fraud hotline if you suspect that there is someone using your social security number.
3. Internet Crime Complaint Centre (IC3): You can file a complaint on the IC3 website, which partners with the National White Collar Crime Centre (NW3C) and the FBI. The NW3C helps prevent, investigate, and prosecute high-tech crimes while the FBI investigates the allegations related to federal civil rights violations.
Cybercrime and Cyberlaw in India
India also has many cybersecurity threats and cybercrimes against individuals, properties, and the government. Its popular cybercrimes include email spoofing, cyberstalking, hacking, social engineering, identity theft, and phishing. There are also cybertheft, cyberfraud, defamation, and mischief. In the following lines, we will explore common cybercrimes, cybersecurity, and cyberlaw in India.
Is Stealing Wi-Fi a Crime in India?
In India, hacking or stealing Wi-Fi, whether public or private, is a punishable crime. Under Section 66 of the IT Act, the hacker receives a sentence of up to three years in prison, a fine of up to INR five lakh (INR 500,000), or both.
Cybercrime Laws and Penalties in India
The Indian government enacted legislation to regulate illegal cyber activities. The most important one is the Information Technology Act 2000 (IT Act 2000). It has several sections that attempt to keep cyberspace safe. Here are the most important sections:
IT Act 2000, Section 65
Section 65 deals with tampering with computer source documents. A person can be found guilty if s/he intentionally conceals, alters, or destroys computer source codes, such as computer commands, programs, or electronic serial numbers. S/he will receive a sentence of up to three years in prison, a fine of INR two lakh (INR 200,000 or approximately £1894), or both.
IT Act 2000, Section 66C
Another section of the act is Section 66C, which deals with identity theft. It is about using another person’s password, digital signature, biometric thumb impression, or other unique identifying features for fraudulent purposes. This cybercriminal will face imprisonment of up to three years, a fine of up to INR one lakh (INR 100,000), or both.
IT Act, Section 66E
Section 66E deals with privacy violations. It occurs when a person captures photos without the consent or knowledge of the owner. Then, s/he transmits and publishes them without the owner’s knowledge or consent. According to the IT Act, Section 66E, this cybercriminal will receive a sentence of up to three years in prison and/or a fine of up to INR two lakh.
IT Act, Section 66F
Section 66F of the same act deals with cyberterrorism. A person is found guilty when s/he denies an authorised person access to a computer resource or tries to access or penetrate a computer resource without authorisation. His/her aim is to threaten the nation’s security, unity, and integrity. This offence is non-bailable; however, the criminal will be sentenced to life imprisonment.
Who Investigates Cybercrime in India
Several investigation agencies in India can investigate cybercrime, the primary of which is the Central Bureau of Investigation (CBI). Its crime investigation teams have established special cyber cells and units, including the Cybercrime Investigation Cell, the Cyber Forensics Laboratory, and the Cybercrimes Research and Development Unit.
Who to Report A Cybercrime to in India
Most Indian cities have a cybercrime cell. If you fall victim to a cybercrime, register an online or offline complaint to the crime investigation department or the cyberpolice.
1. Report a Cybercrime Offline in India: To report a cybercrime offline, file a written complaint to any cybercrime cell. In the complaint, address the head of your city’s cybercrime cell. Next, mention your name, contact details, and address. Then, provide a brief of the events and details of the cybercriminal, if available.
2. Report a Cybercrime Online In India: To report a cybercrime online, visit the National Cyber Crime Reporting Portal. You can choose to file your complaint anonymously or file and track your complaint.
Which Countries Have No Cyberlaw?
While Europe has the highest rate of cybercrime legislation enactment, Africa has the lowest rate, as the UNCTAD (United Nations Conference on Trade and Development) reported in December 2021. Suriname, Bolivia, and Guyana have no cybercrime legislation in South America. Belarus and Belgium in Europe do not also have cyberlaw. The countries that did not enact cybercrime legislation in Africa include Libya, Somalia, Namibia, Chad, Eritrea, and Congo. In Asia, Syria does not have cybercrime Law, either.
Now, we have taken you through cyberlaw in the UK, the US, and India. We explored the most popular cybercrime and discussed the most common cybercrime laws in each country. We also examined how you could report a cybercrime if you fall victim in one of these countries. Since the use of technology and the internet is evolving, you must watch out for the different types of cybercrime and know how to protect yourself and your family.