Many years ago, the then chief minister of Jharkhand asked me to work on a development plan for the state and I happened to visit Jamtara, not far from Dumka. At that time, the city or the district possessed nothing special to warrant all-India fame. No longer. Partly because of an OTT series, everyone recognises Jamtara as the country’s phishing capital. Films, TV serials and OTT series, fictionalised or documentary-type, reflect the reality. There are several on cybercrime, not only the one set in Jamtara.
Cybercrime assumes many forms—phishing is only one variant. Cybercrime can target individuals, businesses or governments. (The National Cyber Coordination Centre is especially relevant for the last variety.) The ones we hear about, and that friends and acquaintances fall prey to, are targeted at individuals. I know of friends who succumbed many years ago to the Nigerian letter scam, though they should have known better. The more common cybercrimes targeting individuals are phishing, identity theft (SIM swap), hacking, cyber bullying, stalking and extortion, fake job offers, deliveries and lotteries. There can be no prophylactic against human rapacity.
The National Cybercrime Reporting Portal, the Reserve Bank and many others have information on what should be done—before and after the fact. One of the best I have read was brought out in 2021 by the office of the RBI ombudsman. Titled ‘Raju and the Forty Thieves’, it contained “forty stories providing glimpses of fraudulent events being reported to us and simple tips about DOs and DON’Ts. Raju is a typical gullible citizen, and, in these stories, he appears in different characters, sometimes as a senior citizen, sometimes as a farmer, sometimes as a happy-go-lucky guy”. Those forty stories are about forty standard banking and financial scams.
Technology has empowered us; it has also made us more vulnerable and empowered the criminal. We are probably more careful in a physical public space than we are in a virtual public space through mobiles, tablets and laptops. Some victims have themselves and their greed to blame—job offers, lottery scams, perhaps even sextortion.
Today’s generation will identify Trojan horse as a malware. An earlier generation would have identified it with the wooden horse used in the Trojan war. In Virgil’s version, the Trojan priest declared, “I fear Greeks, even those bearing gifts.” This is a paraphrased translation of the Latin, not an exact one, though this paraphrased version is generally quoted. The crux, in the Latin, is the word ‘Danaos’. A better translation is, “I fear the Danaos, even those bearing gifts.” While Latin writers did use the word to mean Greeks, Danaos also means those who are treacherous. A priori, one should assume that those who bear gifts have treachery in mind.
But everyone who suffers doesn’t succumb to greed. There is laxity, too. Humans are naturally risk-averse. But that risk aversion or caution is cast aside when one deals with the insentient. Witness the alacrity with which one uses public wi-fi, knowing fully well it isn’t secure. The Future Crime Research Foundation is a start-up incubated at IIT Kanpur. They have recently produced a white paper on cybercrime trends in India, which is rich in data. It says the top districts that are cybercrime hotspots are Bharatpur, Mathura, Nuh, Deoghar, Jamtara, Gurgaon, Alwar, Bokaro, Karmatand and Giridih. Jamtara has company, often within the state. “The analysis of the top 10 cybercrime-prone districts in India reveals several common factors contributing to their vulnerability. These include geographical proximity to major urban centres, limited cybersecurity infrastructure, socioeconomic challenges, and low digital literacy.” In addition, there are emerging cybercrime hotspots in several states that are too numerous to mention.
Let me add to the earlier quote. “Low skills required: decreasing technical barriers to entry allow individuals with limited expertise to engage in cybercriminal activities using readily available hacking tools and malware. Poor KYC and verification: inadequate know-your-customer and verification processes on online platforms enable criminals to create fake identities, making it challenging for law enforcement to trace them. Availability of fake resources: easy access to fake accounts and rented SIM cards on the black market allows cybercriminals to operate anonymously, complicating efforts to track and prosecute them. Affordable AI tools: the affordability of AI-driven cyberattack tools empowers criminals to automate and scale their attacks, increasing their efficiency. Accessible VPNs: virtual private networks provide anonymity for cybercriminals, making it difficult for authorities to trace their online presence and location. Recruitment and training: unemployed or underemployed individuals are recruited and trained by cybercrime syndicates, creating a growing pool of potential criminals.”
There was a news item about the detection of 6.4 million fake phone connections using the department of telecom’s artificial intelligence and facial recognition software. With a single Aadhaar number, I can have a maximum of nine SIM cards. In this instance of fraud detection, thousands of SIM cards were acquired through a single Aadhaar number. The lack of enforcement of SIM rules doesn’t necessarily have a clear geographical angle. What explains the emergence of specific nodes or clusters as hotspots? In a positive sense, why were there so many plumbers from Kendrapara much before the official Institute of Plumbing Technology was set up there? The answer lies in skill formation and training, albeit informal. What has probably happened is that these districts and cybercrime hotspots have become training centres, albeit illegal.
The Jamtara OTT series conveyed the impression of cybercrime being informal and unorganised. As elsewhere in the economy, formalisation is a work in progress. But skill formation for cybercrime is increasingly becoming formal and organised. Therefore, it is no longer only about Jamtara, which is identified as being less developed. It is also about Delhi, Haryana and Gujarat. Cybercrime has become high-value and more attractive. The probability of gain is high and the risk of getting caught is low, which explains the economics of it. The Pandora’s box of woes isn’t pretty—the stakes are higher than those of the forty thieves.