Bots and Cyber Security: Legal Perspective

Introduction:

The 21^st century has seen many tremendous progresses in industrial area. It is said that fourth industrial revolution is based on information technology and data exchange. Various industries are now based upon internet and cyber space. Digital evolution has brought world literally on our finger tips. Now a days most of all business have basis of internet and information technology.

Each data information makes their specific position in cyber space. With progress comes malicious intents round the corner. Though cyber space is great opportunity to explore and expand businesses and activities it is very important to secure your data from mischief and cybercrime world. Botnets are one of the species in cyber worlds crime ecosystem. This article provides information about botnets security against them and legal provisions about this threat.

Concept of Botnets

Botnet are actually one of the perils that are threatening the internet world. Though botnets were initially used to make flow of internet easier and quick it can entirely use to treat security of one’s data and information. Botnet is short form for Robot Network. Botnets are usually performing work which are repetitive in nature for example internet chat process. There are botnets which are perfectly legal and are used by various big companies like Google search engine.

Google lawfully uses botnets for their internet accessibility. As these are some of the hopeful scenarios of botnet has become perfect tool for cyber criminals. Botnet is malware on huge internet web where infected computer or device becomes huge disaster for data stored in it. Millions of botnets can be functioned simultaneously and criminal activities are carried out.

Threat of Botnet

In world of cybercrime botnets play key role hijacking and many banking-based frauds. Many financial based crimes are easily carried out through botnets. Botnets are easier way of cybercrimes as it doesn’t require much technical expertise to carry out work. Simply borrowing or buying botnet servicing and using it with different computer devises can serve purpose of these cyber criminals. Botnets include comprised computers which are infused with malicious ware and can be controlled by remote from any other place via internet. They target specific computers and disturb internet traffic for their cause. Botnet harvest information or uses spam mails and what not with simply few basic coding and computer-based commands.

Cybercriminal always searches for new innovative ideas and crafting methods for cyber-attacks and leakage of data information. Botnets are command and control system types of malware. Botnets are automatically hacking malware in which is ‘spider’ hacks computer system and who is hacking it cannot be find as access to botnets are granted by some computers. In computer binary codes botnets are stealthily introduced binary codes of their own. Slowly these binary codes overtake the original codes of system and computer is said to be under cyber attacked or simply hacked.  Botnets are extremely difficult to identify as they appear normal software at first glance.

Botnets are multifaceted and creative in nature. It is called “Swiss Army knives in underground economy.[1]” Botnet designers are usually called as bot-herders or botmasters. These botmasters are categorised as criminals as creating malware codes and software are criminal in nature. Crimes in which botnet actions are widely deployed are, Email spam, Financial breach, DDoS[2] attacks, and targeting data information of many MNCs. It is observed that one type of botnet called ‘Cutwail’ 74 billion messages per day. Botnets has become strong headache for all government websites, industries and companies.

Working of Botnet

According to designs and coding there are roughly three types of botnet settings and systems, namely centralised, decentralised, and hybrid.

• Centralised: In these botnets are specified in nature and command codes are given from botmasters computer only. As the name suggest it, they work with C&C from single agent Client- server communication is their main target. E.g. AgotBot Rbot Zeus etc,
• Decentralised: They are highly complex in nature. This botnet works in P2P system. These botnets divide computer networking into many parts and decentralises network access. E.g. Conficker, Storm.
• Hybrid: Hybrid uses both centralised and decentralised system and operates best of the advantages of the both.

Botnet and Cyber Attacks

Botnet has become ace in cyber-attacks. There are many instances where botnets are primary culprit of cybercrimes. Many hardcore criminals nowadays deal in cybercrimes. Word has witnessed many cyber attacks on various capable countries who has succumbed to their use of botnets in their attacks. Like a stack of cards many financial systems of industries has been collapsed due to botnet malware. In COVID-19 infected world main working of various IT companies and industries was from home. This problem is two decades old now the botnet attack used to either create internet traffic or to steal information data or confidential plans of company or any other enterprises.

                Recently a botnet threat has been knocking doors of countries worldwide including India. The HNS cyber attack was informed beforehand by Indian cyber security cell to all over India. The US-based Cyber firm was reported the attack details as a new malware infected roughly 13,500 Internet of things (IoT) in approximately 84 countries mainly in Asian countries. IoT included many mobile networks, Android devices like smart phones computers and Smart Televisions also. Many countries were on target of these cyber criminals.

What is HNS Botnet Attack?

HNS stands for Hide and Seek botnet is highly evolving peril is rumoured to be find in China. In this technological world for world domination cyber attacks are purposefully done by countries against each other. This botnet attack is also part of such malicious intentions from enemy countries. This botnet was discovered in early January[3]. It was data collecting warm like mechanism and then targets victim computers or any smart devises which comes into internet web. HNS interestingly was not seen using DdoS functioning system at all. Varity of simple coding has formed HNS botnet.

How to Protect from HNS?

The protection remedy was instantly searched by cyber security firms from worldwide. It was not much Herculean task though was not easier also. There are few solutions fortunately which works in fight with this HNS botnet. One of them is

• changing one’s default password regularly.
• Updating your device on frequent basis
• Using 15-character password

HNS versus India

Zakir Hussain, Director, BD soft, Country Partner of Bitdefender, is the man who has honour of reviewing and handling situation of HNS botnet attack in Indian cyber world. India was beforehand informed about this botnet attack and chose to prepare extensively for it. As it was observed by researchers that like other IoTs HNS cannot keep persistence in their infection simple reboot system was establish in many Governmental devices and private sector was also advised to do so.

Legal Provisions of Cyber Security

Many countries including India has created Cyber security laws as well as legal provisions against cyber crimes along with their penal codes. World is evolving rapidly so now roughly designed laws are not much applicable. Specially crafted Acts and legal provisions specially in cyber crimes is need of todays generation. There are legal provisions all over the world as well as International Law Enforcement Commission has also lend their helping hand for the cause. There are so many examples where two or three countries came together to fight botnet attacks jointly. On 24^th Feb 2015 European Cyber security Cell along with International Law commission fought a battle of cyber war against botnet named Ramnit. Ramnit had infected around 3.2 billion of computers all around the world.[4]Up till now World has faced total nine biggest botnet attacks from year 2000[5]. They are

• EarthLink Spammer 2000
• Cutwail 2007
• Storm 2007
• Grum 2008
• Kraken 2008
• Mariposa 2008
• MethBot 2016
• Mirai 2016
• 3ve 2016

Cyber Swachta Kendra Against Botnet

Indian Penal code has become aware of their shortcoming after vast development in digital area of India. To help the matters a new legislation was introduced under name Information Technology Act 2000 It was amended in year 2008 now known as cyber laws in India. As per IT Act 2008 various offences are mentioned to be handled among them hacking is grievous one in IoT devices.  There are numerous provisions in the Act that defines cyber crimes and punishment to them along with IPC.

Section 43(a) read with section 66 of the Act is applicable and Section 379 & 406 of Indian Penal Code, 1860 are provisions which determines hacking and punishment for hacking.

In recent development Indian legislative system has been successful to determine Email spoofing and crimes against virus or worms spreading. Sec 43(c) and 43(e) declares as virus spreading is cognizable and bailable crime.

Case Study

In year 2013 on 23^rd day of July a virus Bee bone from malware family Trojan had infected many computer systems in India. This virus was found in Indian cyber space for quite time. This virus included botnet attacks in privileged network and used faked user IDs and weakened computer systems quite effectively.[6]

Recent Development in India

India has recently introduced the concept of Digital India for the progress of Indian activities on international digital platforms. Cyber Swachhta Kendra ” (Botnet Cleaning and Malware Analysis Centre)[7] is part of the programme. Ministry of Electronics and communication department has developed this idea and cyber space is created to identify such malware botnet infections. These cyber cells also prevent the devices from further damage and secures computers. To secure cyber eco system this provision comes under cyber security policies 2020 of Indian Government. The centre, which is run by Computer Emergency Response Team (CERT-In)[8] is helping to secure computers. The daily botnet threats are to be reported and informed to users. There is 51% decrease in use of malwares due to this programme initialisation. Indian Government with the help of Quick Heal has developed Bot Removal Tool which has become most downloaded from 2017.

Conclusion

Cyber terrorism is new technic deployed by various countries without shedding a drop of blood. Botnet attacks, hacking has become threat to not only Governmental institutions but also progress of private sector also. As long as Internet is connecting to devices the breach in security or mischief by botmasters continues. Law provisions are trying hard to make laws as water tight as possible to prevent these cyber crime criminals and punished harshly for their offence.

---

References:

[1] https://fas.org/sgp/crs/terror/RL32114.pdf

[2] Distributed Denial -of- service

[3] https://www.trendmicro.com/vinfo/in/security/news/internet-of-things/-hide-n-seek-botnet-uses-peer-to-peer-infrastructure-to-compromise-iot-devices

[4] https://www.europol.europa.eu/newsroom/news/botnet-taken-down-through-international-law-enforcement-cooperation

[5] https://blog.eccouncil.org/9-of-the-biggest-botnet-attacks-of-the-21st-century/

[6] https://www.mondaq.com/india/terrorism-homeland-security-defence/369712/cyber-war

[7] https://www.cyberswachhtakendra.gov.in/

[8] https://economictimes.indiatimes.com/tech/software/sarkari-bot-tool-takes-global-malware-to-the-cleaners/articleshow/62716203.cms