By Ishan Puri and Ishi Rohatgi
Cryptocurrency has garnered a lot of attention from citizens, investors, governments and is seen as the future of the financial world. In the midst of the growing digital revolution, cryptocurrency has set a new bar of self-governance. Introduced as a revolution against the existing financial system in the atmosphere of reducing trust in the governments, it has now been established as an opportunity for people to have control of their own money.
While cryptocurrency has been hailed as igniting a revolution, it has also provided a safe haven for criminals. In the midst of the same, crimes such as clickjacking and phishing have become more prominent than ever before. The anonymity of identity, discreet transactions and inability to track these transactions has made it harder for the authorities to catch criminals, especially because these communications can happen world-wide.
Thus, it becomes important to study the nature of such crimes, understand how they are committed and what one can do to prevent it. While on the surface, it appears that cryptocurrency has an added layer of privacy to the users, it can easily be circumvented by criminals making their money even more vulnerable to attacks. In India, the law concerning cryptocurrency is not articulate, thereby presenting a huge risk to the public. This paper analyses how digital currency has facilitated in the increasing crime rates undertakes a comparative analysis of how different countries have responded to this growing phenomenon while showcasing how such crimes, particularly clickjacking and phishing, are committed and how one can prevent them.
Cryptocurrency is a virtual currency which has been hailed as a revolution against the existing financial systems in the world government-backed institutions or big corporations who have a major control on the hard-earned money of the people. Even though it wasn’t until 2009 that cryptocurrency really caught world’s attention, the concept itself has been around for many years before that albeit it was marked by failed attempts and limited to a theoretical understanding. Introduced by an anonymous programmer under the alias Nakatomo, bitcoin claimed to be the first virtual currency using a decentralised system and a peer to peer network. It worked on the foundations of the Blockchain technology, making the ledger with all the transactions being available to everyone. Its arrival was placed strategically with the virtual collapse of the entire financial system in 2008, causing an international banking crisis and culminating in the Great Recession. With the reduced faith of the public in the government at large, people were willing to place their trust in a new form of currency, one which would enable them to have control on their own money.
Cryptocurrency is not backed by any physical asset and is driven completely on the basis of market demand. It is created, stored and maintained entirely on the Internet. Even though the ledgers are available publicly, they are stored locally in wallets which are password-protected encrypted folders. The transactions that take place are anonymous with no link to the identity of the people, added to this are the low transaction costs. Moreover, the transactions can take place globally without any hassle. However, the anonymity and the difficulty to track the transactions also made it a safe haven for criminals. Shortly after bitcoins came into use, it began to be associated with criminal activities and underground websites such as ‘Silk Road’ which facilitated all kinds of illegal activities. Apart from bitcoins being used to conduct illegal activities, it was itself prone to attacks such as theft, hacking. In 2014, Mt Gox, a Tokyo based bitcoin exchange, accounting for 70% of the bitcoin transactions at its peak was hacked and caused a $460 Million disaster.
Despite these concerns, groups such as Cypherpunks still claim bitcoin to be one of the major weapons in the revolution against the government and for protecting consumer privacy.
Majority of the transactions, however that take place in the virtual currency sphere have been related to criminal activities. Moreover, anyone with a computer and internet connection can start mining bitcoins. While this may seem inclusive on the surface, this also demonstrates the capability of a small number of people to compromise the entire system. There has been a growing interest and debate of whether cryptocurrency would make for a good investment. Apart from bitcoin, many competing cryptocurrencies have now emerged such as Ether, Ripple, Monero. Big corporations are turning their attention to this sphere, with Facebook developing its own cryptocurrency Libra. Start-ups have begun using the concept of Initial Coin Offering, similar to IPOs in order to raise funds. Since 2017, $7B have been raised using ICO for blockchain start-ups. In 2020, there has been a sudden rise in the usage of bitcoins with the pandemic creating panic about the status of the economy. The potential of cryptocurrency to change the entire financial system is immense. The loss of governments control on the money supply, along with the growing criminal tendencies on such platforms is worrisome, probing governments to come up with action plans to deal with this new phenomenon.
TYPES OF CYBER OFFENCES
- Phishing and Prevention
Phishing is a form of identity theft where the scammers develop fake websites or send emails, texts and mimic legitimate businesses, banks, agencies. They make use of the same logos, graphics and fonts to fool the user into believing that they are using a trusted and known service. The phisher tries to get the user to update their confidential information by using different tactics which scares the user about the urgency required. The Anti-Phishing Working Group (APWG) defines phishing using the analogy that the phishers try to ‘fish’ the confidential information from the ‘sea’ of internet users. With the rapid increase in these attacks, APWG has turned its focus to this sphere, with the introduction of a special unit, ‘The APWG Cryptocurrency Working Group’ to help users with all these issues. In India, the phishing was defined in Nasscom v Ajay Sood “as a misrepresentation in the course of trade leading to confusion as to the source and origin of the email, causing immense harm not only to the consumer but even the person whose name, identity or password is misused.”
Phishing users of cryptocurrency operates in a similar fashion as phishing other information. Since many citizens have started relying more and more on cryptocurrency rather than the traditional forms of money, what is at stake here is their entire wallet. The barriers that existed for punishing crimes of phishing are heightened in cases of cryptocurrency. The websites that the phishers use usually disappear before any action can be taken. Moreover, the anonymity of cryptocurrency which is usually considered a benefit may be detrimental for the users. Without interference from authorised channels, the users now have an increased responsibility to keep their money safe.
In 2017 and 2018, two Russian men were accused of stealing cryptocurrency worth $16.8 Million using phishing techniques. They attacked various currency exchanges such as Biance, Gemini and Poloniex. In 2019, a UN report stated that the North Korean Government has links with the Lazarus group who has been involved in stealing cryptocurrency worth $571 Million from various exchanges including those in India. In light of these incidents, users have been recommended to download softwares to protect themselves from malicious websites and remain aware of such attacks which have become frequent. The ease of which scammers can send emails and dupe even people well-acquainted with technology is what makes phishing lucrative.
Imagine, you see an ad that a product you have wanted for a long time is available now. When you click on the ad, some file downloads to your computer and you open the file and a malware downloads to your computer. This is in essence, clickjacking. Clickjacking is a trick employed by people who disguise web elements in the webpages wherein you click one element of the webpage under the guise of another element. Typically, this practice is undertaken by displaying an HTML element on the top of the webpage that users see. This ensures maximum interaction. There are, generally, two variations of click jacking:
- Likejacking: a procedure where the Facebook “Like” button is duplicated, making clients “like” a page they really didn’t mean to like.
- Cursor jacking: a UI reviewing procedure that changes the cursor for the position the client sees to another position.
In relation to cryptocurrency, it has happened many times that games on shopping sites are shown as background while banking sites are laid on top of the same the pages in a completely transparent form. The e-commerce/ game sites are drafted in a way that clickable items in those e-commerce/ game sites have your present items on the banking sites. So why you might be clicking on the screen different buttons on the game, you end up using the banking site to transfer funds and currency.
Most of mainstream clickjacking assaults include framing/outlining the focused on website page in an iframe at some stage, so all the principle anticipation strategies mean to deny outlining/framing. That said however, there are precautions and ways of preventing clickjacking attacks all of which help limit the problem of framing. They are:
- X-Frame Options: wherein the original webpage is blocked if the content is any different,
- Content Security Policy: It was a Mozilla initiate wherein developers could limit the way the content interacts with their sites.
- Frame Killing: They permits only certain specified sources to be embedded in the webpage.
There is a fluidity in the sense of how cryptocurrency is referred to as in the world. Some countries call it digital currency or payment token while others call it virtual currency or virtual commodity.
- Japan: Japan is one of the most progressive societies in the world and that is reflected on their cryptocurrencies laws. They have recognised cryptocurrencies as legal properties and have passed laws regarding the same. Also, in 2018, Japan approved a self-regulation for the cryptocurrency.
- China: On the other hand, it is one of the most regressive societies in the world which as of 2013 has banned bitcoin transactions and as of 2017, has banned crypto exchanges.
- EU: There haven’t been significant legislations that have been developed in the area but it has been a set precedent that the VAT/GST would not apply to the conversion rate. In October 2015, crypto was ruled to be used as legal tender and a means of payment. The European Parliament has sent a proposal to the European Commission to set up a task force to monitor currencies to combat terrorism and laundering.
- Canada: it allows the use of virtual currencies like bitcoin to purchase goods and services on Internet and even in stores that have the capabilities of excepting digital currency but it is important to note that cryptocurrencies are not considered legal tenders in Canada as only the Canadian dollar is the official currency. The tax laws are applicable to the same as well under the Income Tax Act. They have been referred to as barter transactions wherein two people have exchanges something of value without the use of official currency.
- United States: crypto currency loss in the United States vary by state and are so differently worded that it is also contentious to arrive on a common definition for what constitutes cryptocurrency. They are not considered legal tenders. As per the Internal Revenue Service, it is taxed as a property. In a recent case, the Supreme Court of the US has mentioned cryptocurrency within the changing definition of money. The Justice Department has been coordinating with the Securities and Exchange Commission and the Commodity Futures Trading Commission over future regulations that can be worked and implemented to ensure effective consumer protection and more streamlines regulatory oversight.
- Mexico: Bitcoin has been made legal in Mexico as of 2017 and is regulated as a virtual asset by the Fintech law.
INDIAN LAWS AND WHERE THEY LACK
From the onset of the cryptocurrency trend, Indian government has remained aware and cautious of the upcoming new technology. In a developing country like India, the advantages of using cryptocurrency can be huge, they can combat poverty and reduce the gap which exists between the poor and the rich. The increasing use of cryptocurrency to kick-start small and medium sized-enterprises, the development of which has remained one of the priorities of the government can also make a big difference. By 2018, there were more than 100 blockchain and cryptocurrency start-ups which had been established. Moreover, the government has acknowledged blockchain to be one of the priority areas, with Niti Ayog aiming to build India’s largest blockchain network to reduce frauds, increase transparency and enhance agricultural productivity. Some state governments have adopted the blockchain technology for land registration contracts, farm insurance and digital certificates. However, from the beginning of 2013, RBI has continued to caution users about the dangers of cryptocurrency, along with conducting raids and suspending operations of those exchanges in violating the law. In 2017, the Finance minister stated that the government does not consider cryptocurrency as the legal tender and measures will be taken to eliminate usage of such currency.
Adding to the growing uncertainty and inadequate laws to deal with it, the crime rate associated with cryptocurrency was also rising. In order to protect investors, and mitigate the risks of cryptocurrency, in 2018 RBI finally declared that all RBI regulated bodies were prohibited to engage with entities dealing with cryptocurrency. This notification was however challenged in the Supreme Court who held that cryptocurrency can be categorised as money and RBI has the power to prohibit, as well as regulate anything which poses a threat to the financial system of the country. The ban was struck down on the grounds that there was no harm caused to the RBI entities, and the ban was an extreme measure which could be substituted with regulatory measures. Hence, it was set aside and considered disproportionate. Post the Supreme court judgement, there have been talks of an upcoming draft bill which proposes to ban the use of all cryptocurrency in the country based on the risks associated with it- phishing, clickjacking, money laundering etc. Even though the bill has not yet been brought into effect, it showcases the Indian government’s strict stance on the issue. Moreover, banning cryptocurrency will also have an adverse impact on the blockchain start-ups that had started popping up and the financial aid it had started providing to the poor. A blanket ban on cryptocurrency would put a stop to all the legal activities taking place but it may not be effective in countering the illegal activities, which was the main aim of the bill. Since the Supreme Court struck down the ban on cryptocurrency, there has been a 450% surge in cryptocurrency trading. While the government continues to encourage blockchain technology, its stance on cryptocurrency is uncertain with the bill still pending to be introduced in the parliament in the first place.
Even though the Indian laws are not adequate for the regulation of cryptocurrency, this sphere is not entirely unregulated with some general laws applicable here. The Indian Penal Code, The Prize Chits Act and Consumer Protection act apply against fraudulent business activities such as cheating, money circulation schemes, unfair and deficient trade practices. Cyber-crimes such as hacking, data theft, violation to privacy are penalised in various provisions in the Information Technology Act. Phishing as an identity theft, is specifically criminalised under S.66C of the Information Technology Act. FEMA regulates the inflow and outflow of forex in the country. Cross-border transactions of virtual currency unless directed through authorised banking institutions may attract the provisions of FEMA. There is a lot of uncertainty around how tax laws will be applied on cryptocurrency, this will depend on how each transaction related to cryptocurrency is treated. If cryptocurrency is held as an investment, capital gains tax may be applicable to it, however, if it is considered as a commodity, it may be subject to GST. In 2017, the Income Tax Department raided a cryptocurrency exchange to gather more evidence to establish the identity of investors, traders, the transactions undertaken by them. Another important area which needs to be regulated is the ICOs. If these are classified as securities and are issued by incorporated Indian entities, the Companies Act and the Securities Contracts (Regulation) Act should be applicable. However, if they are categorised as a payment mechanism, they would require authorisation under the Payment and Settlement Systems Act. There have also been certain recommendations regarding KYC and AML norms to be bended for their application in this sphere to keep a greater check on accountability and increase the transparency of these transactions. The government needs to keep all of these factors in mind while developing regulations and taking action on this rapidly growing technology which is incomprehensible by most of the law enforcement agents.
The journey of cryptocurrency has been relatively short but if history is evidence to something, it is to the fact that the growth of cryptocurrency will not be slow. The dangers of cryptocurrency and the vulnerabilities of the same have been highlighted in our article. It is important to understand the limitations of the Indian law to gauge what are the potential misuses of cryptocurrencies. At the same time, it is pertinent that one looks at other jurisdictions to see how laws have developed to determine whether there is something that can be adopted in our country. Governments around the worlds have had to adjust to the impending rise of crypto whether by choice or necessity. Most governments around the world have had to issue warnings at first to their citizens warning them of the use and trading of crypto and then later, have had to frame guidelines for the same. This tells us that the rise of crypto is inevitable. India would benefit itself by acting pro-actively rather than reactively.
 Maria Bustillos, Bitcoin Boom, THE NEW YORKER (April 1, 2013), https://www.newyorker.com/tech/annals-of-technology/the-bitcoin-boom.
 Alan Brill & Lonnie Keene, Cryptocurrencies: The Next Generation of Terrorist Financing?, 6(1) DEFENCE AGAINST TERRORISM REVIEW 7, 11-13 (Jan 15, 2014), https://papers.ssrn.com/sol3/papers.cfm?abstract_id=2814914.
 Id at 13-15.
 William Magnuson, Blockchain and Democracy 70-72 (Cambridge University Press, 2020).
 Id at 99.
 Magnuson, Supra note 5, at 20-23.
 Nathan Rieff, The Top 10 Most Important Cryptocurrency other than Bitcoin, INVESTOPEDIA (Jan 8,2020), https://www.investopedia.com/tech/most-important-cryptocurrencies-other-than-bitcoin/.
 CINDX, ICOs v Traditional Venture and Equity Investments, MEDIUM (May 11, 2018), https://medium.com/cindx/icos-vs-traditional-venture-and-equity-investments-156a8e445354.
 Cryptocurrency Trading in India sees 400% Jump during Covid-19 Lockdown, MONEY CONTROL (July 13, 2020, 9:50AM), https://www.moneycontrol.com/news/business/cryptocurrency/cryptocurrency-trading-in-india-sees-400-jump-during-covid-19-lockdown-5539741.html.
 Peter Black, Phish to Fry: Responding to the Phishing Problem, 16 J.L. INF. & Sci. 73 (2005).
 119 (2005) DLT 596, 2005 (30) PTC 437 Del
 Two Russians Charged in $17M Cryptocurrency Phishing Spree, KREBS ON SECURITY (Sept 16, 2020), https://krebsonsecurity.com/2020/09/two-russians-charged-in-17m-cryptocurrency-phishing-spree/.
 Lazarus is using LinkedIn to send phishing emails and attack Crypto firms, BUSINESS INSIDER (Aug 26, 2020, 11:27AM), https://www.businessinsider.in/tech/news/lazarus-is-using-linkedin-to-send-phishing-emails-and-attack-crypto-firms/articleshow/77757297.cms.
 What is Clickjacking | Attack Example | X-Frame-Options Pros & Cons | Imperva, Learning Center (2020), https://www.imperva.com/learn/application-security/clickjacking/#:~:text=Clickjacking%20is%20an%20attack%20that,money%2C%20or%20purchase%20products%20online. (last visited Oct 20, 2020).
 Clickjacking Attacks: What They Are and How to Prevent Them – Security Boulevard, Security Boulevard (2020), https://securityboulevard.com/2019/08/clickjacking-attacks-what-they-are-and-how-to-prevent-them/ (last visited Oct 20, 2020).
 Ashley Viens, Mapped: Cryptocurrency Regulations Around the World Visual Capitalist (2020), https://www.visualcapitalist.com/mapped-cryptocurrency-regulations-around-the-world/ (last visited Oct 20, 2020).
 EU’s Top Court Rules That Bitcoin Exchange Is Tax-Free, Bloomberg.com (2020), https://www.bloomberg.com/news/articles/2015-10-22/bitcoin-virtual-currency-exchange-is-tax-free-eu-court-says-ig21wzcd (last visited Oct 20, 2020).
 MEPs call for virtual currency watchdog to combat money laundering and terrorism | News | European Parliament, Europarl.europa.eu (2020), http://www.europarl.europa.eu/news/en/press-room/20160524IPR28821/meps-call-for-virtual-currency-watchdog-to-combat-money-laundering-and-terrorism (last visited Oct 20, 2020).
 Financial Canada, Digital currency – Canada.ca Canada.ca (2020), https://www.canada.ca/en/financial-consumer-agency/services/payment/digital-currency.html (last visited Oct 20, 2020).
 IRS Virtual Currency Guidance | Internal Revenue Service, Irs.gov (2020), https://www.irs.gov/uac/newsroom/irs-virtual-currency-guidance (last visited Oct 20, 2020).
 Peter Farquhar, The US Supreme Court just spoke about a bitcoin future for the first time Business Insider Australia (2020), https://www.businessinsider.com.au/the-us-supreme-court-just-spoke-about-a-bitcoin-future-for-the-first-time-2018-6 (last visited Oct 20, 2020).
 Cryptocurrency Regulations Around the World, ComplyAdvantage (2020), https://complyadvantage.com/blog/cryptocurrency-regulations-around-world/ (last visited Oct 20, 2020).
 Regulación sobre bitcoin avanza con Ley Fintech, Elfinanciero.com.mx (2020), https://www.elfinanciero.com.mx/mercados/regulacion-sobre-bitcoin-avanza-con-ley-fintech.html (last visited Oct 20, 2020).
 Nir Kshetri, The Indian Blockchain Landscape: Regulations and Policy Measures, 9(2) ASIAN RESEARCH POLICY 56, 63-64 (2018)
 RBI, Prohibition on Dealing in Virtual Currencies, RBI/2017-18/154 (Notified on April 6, 2018)
 Internet and Mobile Association of India v. RBI, 2020 SCC Online SC 275.
 Anurag Vaishnav, Ban on Cryptocurrencies: Understanding the proposed legislation, PRS INDIA (Sept 5, 2019), https://www.prsindia.org/theprsblog/ban-cryptocurrencies-understanding-proposed-legislation
 Archana Chaudhary & Siddhartha Singh, Modi Govt plans to make a law to ban cryptocurrency trading, THE PRINT (Sept 15, 2020, 7:25 PM), https://theprint.in/economy/modi-govt-plans-to-make-a-law-to-ban-cryptocurrency-trading/503421/
 Vaibhav Parikh et al, India, in VIRTUAL CURRENCY REGULATION REVIEW 144,151-152 (Michael S Sackheim and Nathan A Howell, 2018).
 Id at 154-155.
 Samarth Chaudhary, Taxation as a Form of Regulating Cryptocurrencies In India, INDIACORPLAW (May 27, 2019), https://indiacorplaw.in/2019/05/taxation-form-regulating-cryptocurrencies-india.html.
 Meetu Jain, Income Tax Department conducts raids at nine Bitcoin Exchanges across India, INDIA TODAY (Dec 14, 2017), https://www.indiatoday.in/india/story/income-tax-department-conducts-raids-at-nine-bitcoin-exchanges-across-india-1106881-2017-12-14.
 Supra note 12 at 145-147.
 Emily Daniel, Identity Verification Overview: Crypto Exchanges to Curb Crimes through KYC/AML procedures, MEDIUM (July 11, 2020), https://medium.com/datadriveninvestor/identity-verification-overview-crypto-exchanges-to-curb-crimes-through-kyc-aml-procedures-1d6744e80bd3.
About the Author
Ishan Puri is a third year student at Jindal Global Law School, pursuing B.A. L.L.B (Hons.). He is also an in-house researcher with The Digital Future – Blockchain and Cryptocurrency Team.
Ishi Rohatgi is a third year student at Jindal Global Law School, pursuing B.A. L.L.B (Hons.). She is also an in-house researcher with The Digital Future – Blockchain and Cryptocurrency Team.