Cybercrime In Sri Lanka ‒ What We Know

When President Maithripala Sirisena’s official website was recently hacked by two people, including a seventeen-year-old, the issues of web security and cyber crimes were on many of our minds, for a short while, at least.

While the incident itself was not to the tune of infamous hackers like fsociety or Anonymous, it did create quite a buzz, because let’s face it, who expected the President’s own site to fall victim to a hacker, and a young one at that?

More importantly, this was perfectly illustrative of how bad our knowledge on internet security is, and our lack of awareness on cybercrime.

It is in fact quite alarming how we leave ourselves vulnerable to various malicious incidents: be it a virus getting downloaded onto your PC or your identity being stolen via an email, we are for the most part clueless as to what crimes we could fall victim to any day.

Roar spoke to Roshan Chandraguptha, Principal Information Security Engineer of Sri Lanka’s Computer Emergency Readiness Team (CERT), to understand the basics regarding cybercrime and its related components.

What Constitutes Cybercrime?

Identity theft – one known example of cybercrime. Image courtesy

“According to the Computer Crimes Act of 2007 a cybercrime is defined as an unauthorised access to a computer. This also covers unauthorised access to websites, social media accounts, emails, or even mobile phones,” Chandraguptha explained.

The Act is very specific; merely the powering up of a computer without authorisation is also a crime which falls under the provisions of the Act. This is due to the intention of getting access ‒ if the intention is to access information on the computer without proper authorisation, then it becomes a crime.

In another example, if a person allows his computer to be used to browse the internet and the user makes copies of several documents in the computer to their email or to a portable device, this is also considered unauthorised access.

CERT is a government-run institute established by the Information and Communication Technology Agency (ICTA), and its subscribers are the ICTA and the Secretary to the President. ICTA played an integral part in establishing the Computer Crimes Act of 2007.

Borderless Crimes

At the 10th anniversary of the Budapest Convention. Image courtesy

Computer crimes are borderless ‒ in that geographical boundaries pose little or no roadblocks.  There have been cases where an individual from overseas hacked into a person’s bank account in Sri Lanka, and transferred the money to another foreign account, from which it would be withdrawn by a third party. Therefore, it is imperative that authorities in all countries are aware of such activities, in order to successfully tackle cybercrime. This is where the Budapest Convention comes into play.

The Convention is the first international treaty on crimes committed via the internet and other computer networks, dealing particularly with copyright infringements, computer-related fraud, child pornography, and violations of network security. It also contains a series of powers and procedures such as the search of computer networks and interception.

Its main objective, set out in the preamble, is to pursue a common criminal policy aimed at the protection of society against cybercrime, especially by adopting appropriate legislation and fostering international cooperation.

Sri Lanka ratified the Convention and signed its entry in 2015.

Cybercrime In Sri Lanka ‒ The Numbers

Data courtesy CERT

Commenting on the issue of public awareness with regard to cybercrime, CERT affirmed that while the numbers show an increase in cybercrime over the years, the increase in the number of complaints/incidents is proportional to the increasing public awareness regarding cyber crimes and internet security. CERT occasionally conducts workshops for the public as well as for government institutions to increase awareness.

Regardless, none can deny that we have become unwitting members of a complex system which is continuously changing day by day. In order to protect ourselves, our information, and our privacy, we need to be aware, informed, and ready. The hack of the President’s website is a lesson for us all, in that way.  

Cover image credit:

Related Articles