Delhi highest in per capita cybercrime complaints in 2023
The Indian government has taken various measures to combat cybercrime, including blocking IMEI numbers and websites
With 755 cases registered per 100,000 people in 2023, Delhi had the highest number of cybercrime complaints in the country for any state or Union territory, according to the Indian Cyber Crime Coordination Centre (I4C) data shared by CEO Rajesh Kumar on Wednesday. Chandigarh has the second-highest rate at 432, followed by Haryana and Telangana at 381 and 261, respectively.
The national cybercrime rate is 129 per hundred thousand citizens.
More than 263 banks, e-commerce companies and others have been integrated with the helpline number 1930. Between 2021 and 2023, ₹1,127 crore belonging to 430,000 victims was recovered. “This system was able to block this money within the financial channels so that increased the chances of recovery,” Kumar said. Both the percentage and absolute amount of money recovered have steadily increased.
Also read: Govt blocked over 1.32L mobile phones for financial fraud, cybercrime: Vaishnaw
In 2021, 6.73% of defrauded money, or ₹36.38 crore, was recovered. In 2022, this increased to 7.35% or ₹169.04 crore, while in 2023, 12.32% or ₹921.59 crore were recovered.
Since the National Cybercrime Reporting Portal was launched in August 2019, more than 3.26 million complaints have been reported on it which resulted in 66,000 FIRs.
Almost half the complaints, 1.56 million, were registered in 2023. Since 2019, more than 66,000 FIRs have been filed across states and Union territories based on this complaints. “Complaints were made to the NCRP. From the NCRP, it was connected to the CCTNS [Crime and Criminal tracking Network and Systems] and FIRs were issued on the basis of that,” Kumar said.
“To prevent duplication, we are integrating [NCRP] with the CCTNS,” he said.
“99.9% police stations, that is 16,597 stations, across the country are covered by CCTNS. In these stations, 100% FIRs are digitised. When we talk about machine learning, data analytics and AI, this data is very important to us,” Kumar said. At least 289 million police records have been digitised onto CCTNS, he said.
10,580,266 records have been integrated on the National Automated Fingerprint Identification System to help with the interstate linkage of cyber criminals. “NAFIS will help in identification of cyber criminals across the country,” he said.
To combat cybercrime, law enforcement agencies and the department of telecommunications (DoT) started blocking IMEI numbers in 2023 to prevent cyber criminals from accessing the telecom network using their existing devices, Kumar said, adding that 46,229 IMEI numbers, or International Mobile Equipment Identity numbers, were blocked in 2023.
This is in addition to the 295,461 SIMs that the I4C got blocked between July and December 2023. Of this, 129,000 SIM cards belonged to one TSP, and at least 89,000 belonged to another, and over 72,000 belonged to a third. Kumar did not identify the TSPs by name.
Three states identified as hotspots where such SIMs were sold: Odisha, West Bengal and Assam.
Under Section 69A of the Information Technology Act, the I4C has also got 2,810 websites, mainly phishing websites, and 595 mobile apps, “which were against economic and national interests”, blocked.
“One of our strategies to prevent crime is to prevent their communications and financial channels used by cyber fraudsters. They use telephone and internet to communicate and banking channels to siphon money out of the system,” Kumar said. “To that end, the Department of Telecommunications, Ministry of Electronics and Information and Technology, the RBI, and banks have been extensively cooperating with us,” he said.
In a conversation with HT after the press conference, Kumar lauded the provision in the new Telecommunications Act that requires all telecommunication service providers to identify their consumers through a “verifiable biometric based identification” system. “It is a very positive move because to carry out a lot of scams, people buy SIM cards using fake credentials. It will strengthen the system,” he said.
The DoT’s new rules around the ban on bulk sale of SIM cards, and stricter KYC norms for subscribers came into effect on December 1. “We are too close to the date of implementation to gauge the impact. We will have to analyse how many SIM cards issued after December 1 were used in cyber crimes,” Kumar told HT.
“Certain banks are being used more than others [to run mule accounts],” Kumar said without naming the banks. However, he mentioned that IndusInd had blocked more than 40,000 bank accounts in the last one month; Punjab National Bank and IDFC First blocked 5,000 and 16,000 accounts, respectively, in December; and HDFC blocked 90,000 accounts in eight months.
Different regions of the country also specialise in specific types of online frauds. Three states --- Jharkhand, Bihar and West Bengal --- accounted for 35% of all cyber frauds related to false customer care numbers, fake refunds, KYC expiry, etc. The region accounted for 11% of all AePS related frauds that involve biometric cloning. Haryana’s Nuh, Bharatpur, Alwar and other areas accounted for 24% of all online sextortion scams. This region also accounted 22% of all online booking, fake franchisee, QR code-based frauds. OLX and e-commerce frauds are also common here. Tamil Nadu specialises in frauds related to call centres and SIM boxes.
This region based classification of cyber crimes has been evolved only over the last few months, Kumar told HT. This classification is done in two ways --- field officer classifies the complaint while lodging it after getting a call on 1930, and the complainant classifies it in the drop-down menu on the online portal. “About 80-85% complaints are registered through calls while 15-20% are lodged through the portal,” Kumar said. “There are some inaccuracies in the classification system and we are working on rectifying them. We are evolving a classification system that is in line with global standards. You should see the change in the next few months,” he said.
“A lot of online frauds also originate outside India in nations like Myanmar, Cambodia, Dubai and China,” Kumar said. In certain cases, victims are also lured outside India. “The MEA was involved in bringing back some people from Myanmar,” Kumar said.
The I4C is also plotting the live locations of cyber criminals, drawn from their SIM cards, on maps in a portal called Pratibimb. The I4C had developed the Pratibimb portal along with the Jharkhand police and launched it in November 2023. This allows the law enforcement to track physical movements of criminals, including across state boundaries. This portal was used to nab 454 criminals in Jharkhand during the pilot stage in December, Kumar said.
DDoS attack during G20
During the press conference, Kumar mentioned that a distributed denial of service (DDoS) attack was launched against the official G20 website which led to the website being pinged 1.6 million times in two minutes. “The Telecom SOC, MHA and NIC were able to successfully defend the website,” he said. He refused to attribute the attack or specify if this DDoS attempt was part of one cyber campaign or multiple cyber campaigns. In his conversation with HT, he refused to identify the country(ies) of origin citing diplomatic reasons.
During G20, multiple government and law enforcement websites were attacked by different cyber groups. The Delhi Police’s website became inaccessible multiple times during the summit, the Indian Express had reported. The Mumbai Police’s website was defaced during the summit, reportedly by an Indonesian group of hackers.
