Given the outbreak of COVID-19, dependency on cyberspace due to social distancing appears to be the new norm. While cyberspace provides a dependable platform with ever-widening vistas, it also provides an opportunity to cybercriminals for their malicious activities. Thus, leaving the unaware public vulnerable. While we are hopeful that we will recover from COVID-19, will we ever be immune to exploitation from cyber-attacks?
The Director-General of the World Health Organisation (WHO) has stated that we are not just fighting an epidemic but an ‘infodemic’ also. WHO defines infodemics as an excessive amount of information about a problem which results in the spread of misinformation and rumours. During a health emergency such as COVID-19, infodemics not only hamper effective public health response but also create a state of confusion and chaos amongst masses engulfed in a flood of information on social media.
As a result, apparently credible but false sources that exist in diverse forms such as fraudulent websites execute phishing campaigns which in turn are used to infect computers to extract personal information or lure curious users into fraudulent schemes. At times these scammers provide links assuring to the recipients to connect them to government funds. Such was the case, initially with the erstwhile Benazir Income Support Scheme and now the Ehsaas Programme. Recently, FIA and PTA have blocked eight sims that tried to deceive the public in the name of providing coronavirus relief funds. Moreover, predatory criminals target victims through faux websites, to either extract money for spurious medical facilities/information or trick them into purchasing low quality/fake medicines, supplements and medical goods such as masks and hand sanitisers. Thus, exploiting the increased market demand during a pandemic while further jeopardising the health of the people.
Also, cybercriminals have been hawking any opportunity that can be used in the current situation. As businesses and public-sector organisations are being forced to work from home and have social interactions which are confined to video calls or through other means using the internet, this makes them easy targets for cybercriminals to corrupt and infect their computer systems to steal market-sensitive/confidential information through malware and ransomware. These risks also extend to the general population, who are used to making purchases and financial transactions, such as payment of utility bills, through personal visits. Therefore, to now be required to use an unfamiliar platform and also protect themselves against cyber-attacks puts them in a more vulnerable position.
Adapting to the crisis, video teleconferencing has become another new normal. Unfortunately, cybercriminals have ingressed many such platforms to make threats, interpolate racism, hate speech or show pornographic images. A recent case of Zoom bombing occurred at a Massachusetts-based high school. A teacher was conducting an online class using software Zoom when an unidentified individual hacked the video and yelled a profanity and the teacher’s home address, which left all the attendees in utter fear. In coming times video conferencing platforms might be categorised as critical infrastructure for Pakistan and with such incidents aggregating, this might, in turn, give a new dimension to cyber terrorism.
In Pakistan, such cybercrimes are penalised under the Prevention of Electronic Crimes Act, 2016 and reported to the Cybercrime Wing of the Federal Investigation Agency (FIA). This notwithstanding, proper policies and safeguards must be introduced to protect the public. It must be urged to only rely on official government websites for authentic information and circulation of forge documents and notifications must be prohibited. Warnings concerning fake sites and products or established offenders must be displayed on social media networks to deter reoccurrence. Similarly, banks should introduce step by step tutorials for their clients for them to gain confidence and stay clear of any fraud. The public should also be encouraged to use cash on delivery services, where available, rather than electronic transactions. Detailed protocols must be established to curb the cybercrime pandemic.
It is equally important to introduce guidelines for people who fall victim to these crimes. There must be step by step explicit instructions on how to report a case for a common man who lacks understanding. Upon complaint, law enforcement agencies should take instant action against such scammers for it to be a lesson for the others who intend to do the same. This, however, would only be possible if we develop our cyber capabilities and invest in the upcoming generation full of young experts to focus on building a power division for cybersecurity. It is important to dedicate a team for the regulation of sites and content. This will not only help decrease the cybercrime rate but also have an impact on the employment sector.
To that end, successful approaches to systemically curtail cybercrime will require synchronisation of government and individual efforts, which would only be achievable if our public is well educated on the potential benefits and harms of cyberspace, a strong legal and cyber policy framework, implementation of SOPs and last but not the least, making the risk of prosecution real to offenders.
The writer is a freelance columnist.
During a health emergency such as COVID-19, infodemics not only hamper effective public health response but also create a state of confusion and chaos.