The Central Bureau of Investigation (CBI) probed a series of complex cyber crimes in 2023, with significant implications for national security. These incidents included a ransomware attack on a crucial defence unit, a massive data breach involving the Indian Council of Medical Research (ICMR), a malware attack within a government ministry, and a large-scale DDOS (Distributed Denial-of-Service) attack targeting critical infrastructure and airports across India.
The ransomware attack on the defence unit, referenced in the 2023-24 annual report from the Department of Personnel and Training (DoPT), resulted in a block on access to the unit’s computer systems until a ransom was paid. The report, however, did not specify the location of the affected defence unit. Notably, India hosted the G-20 conference in 2023, highlighting the significance of securing national assets during such major events.
The report highlighted that the CBI's investigation extended beyond national borders. International collaboration with agencies like the FBI, Royal Canadian Mounted Police (RCMP), and Singapore Police led to the dismantling of large-scale call centre fraud networks. One investigation, driven by FBI intelligence, uncovered a $2 million scam linked to a fake tech support call centre defrauding U.S. citizens. Similarly, despite strained diplomatic relations with Canada, the CBI worked with RCMP to identify a Delhi-based call centre defrauding Canadian citizens, recovering significant amounts of cash and evidence in the process. Additionally, the CBI traced bitcoins from an Australian tax fraud case, revealing the global reach of crypto fraud.
One of the most alarming cyber crimes in 2023 was the ICMR data breach, which compromised the personal information, including Aadhaar and passport details, of over 81 crore Indians. The breach, which was reported by U.S.-based cybersecurity firm Resecurity in October 2023, also exposed the names, phone numbers, and addresses of millions of Indian citizens. This breach underscored the severe vulnerabilities in the country's digital infrastructure, especially in sensitive sectors like healthcare.
According to the Indian Computer Emergency Response Team (CERT-In) 2023 report, India saw a dramatic rise in cybersecurity incidents, with over 15.9 million incidents reported in 2023—up significantly from the 53,117 incidents in 2017. These incidents included a wide range of cyber threats such as website intrusions, malware propagation, phishing attacks, DDOS attacks, data breaches, and ransomware attacks. CERT-In's report noted that remedial measures to combat these threats were being implemented in coordination with relevant stakeholders.
The CBI also focused on investment and loan app frauds that were targeting Indian citizens, often with perpetrators based in neighbouring countries. In one notable case, at the request of the Reserve Bank of India (RBI), the CBI investigated an IMPS (Immediate Payment Service) fraud at UCO Bank, which involved reversed transactions across multiple banks, amounting to ₹820 crore.
Furthermore, the CBI uncovered a large-scale crypto mining scam that defrauded Indian citizens of ₹100 crore. The report also mentioned the rise of fraudulent activities involving cryptocurrencies, particularly with the use of call centres to deceive victims.
In light of the increasing complexity and scale of cyber threats, the Indian government restructured its approach to cyber security. On September 29, 2023, the Cabinet Secretariat amended the Allocation of Business Rules, designating the National Security Council Secretariat (NSCS), under the National Security Adviser, as the coordinating body for strategic direction in cybersecurity. The Ministry of Electronics and Information Technology (MeitY) was tasked with overseeing the security of telecom networks, while the Ministry of Home Affairs became responsible for managing cyber crimes.
The year 2023 saw a sharp rise in cyber crimes with national security implications, highlighting the urgent need for enhanced cybersecurity measures across both government and private sectors. With the CBI-leading investigations and international cooperation growing, the fight against cyber threats is expected to intensify in the years to come.
