See discussions, stats, and author profiles for this publication at: https://www.researchgate.

net/publication/308728597

Pakistan and cyber crimes: Problems and preventions

Conference Paper · November 2015

DOI: 10.1109/Anti-Cybercrime.2015.7351951

CITATIONS READS
4 6,413

5 authors, including:

Hamid Asmat
University of Haripur
3 PUBLICATIONS   8 CITATIONS   

SEE PROFILE

Some of the authors of this publication are also working on these related projects:

can we integrate any learning technique into bio inspired routing protocols for WSN. If yes, which will be most suitable for use View project

Caching in information centric networks View project

All content following this page was uploaded by Hamid Asmat on 13 February 2019.

The user has requested enhancement of the downloaded file.

 Pakistan and Cyber Crimes: Problems and
Preventions
Sultan Ullah, Muhammad Amir, Mudasser Khan
Department of Information Technology
The University of Haripur
Haripur, Pakistan
{sultan,aamir,[email protected]}
Abstract—The growth of internet in Pakistan is exceptional; it
reached to the heights of popularity for an ever changing
medium of information and communication in a major
conservative society. This brings freedom of expression,
communication and information across the country which
struggled to provide free speech and information access to its
people. The internet penetration is increasing very rapidly; it is
very important to observe the impact of it on the society;
especially when the government is constantly trying to formulate
the regulation for controlling the cyber space. A well regulated
cyber space leads to the expansion of information technology
services speedily. This paper focuses on the prevailing
development of governance policies for cyber space and defies
among the agencies and information technology venders.
Moreover, the case study of national bank of Pakistan and other
cyber crime survey shows that a lot of law making is needed in
order to reduce the chances of cyber crime.
Keywords—Cybercrimes, Policies, Trends, Challenges,
Preventions
I. INTRODUCTION
The growth of information and communication
technologies (ICT) is unprecedented and overwhelming during
the past decade. The expansion growth for internet users
increased at a rate of 5, 5001.2 percent during 2000 – 2005.
The adoption is slow as compared to early rise but still it is
increasing at a rate of 4.62 percent, and still it needs to be
standardized according to internal standards [1].
This insurrection in information technologies have changed
the social order primarily and will possibly go on with it in the
near future. Earlier only a few groups of the economic sector
had changed its operational procedures due to the advent of
ICT, but merely any group of the economic or social society is
unaffected with this technology at the moment. It has intensely
changed the social structure of today’s world [2] [3].
The social and economical changes due these technologies
are unparalleled on one hand but as every picture has two
sides, the technologies also have a darker side on the other
hand as well. It leads to the appearance of new categories of
crimes in addition to commit the conventional crimes using
emerging technologies. Furthermore, the effects of immoral
behavior can be broader as compared to earlier due to
978-1-4799-7620-1/15/$31.00 ©2015 IEEE
Hamid Asmat, Kamran Habib
Department of Information Technology
The University of Haripur
Haripur, Pakistan
{hamid.asmat,[email protected] }
development of ICT which eliminated the concept of
geographical boundaries [4].
The governments are encouraging its people to use ICT
since its inception, but they are constantly working to
counteract the dark side of the technology as well and doing it
simultaneously. Legal and technical measures are taken to
protect and prevent ICT from catastrophes along with
discouraging criminal behavior [4].
Pakistan is also facing the problem of cyber security and is
not free from this dilemma. In Pakistan the extraordinary
growth, accessibility of computer equipments and growth in
internet service providers leads to learn and communicate. On
the other hand, a few folks do utilize this powerful technology
for unlawful purposes too. In this paper it is tried to explore the
problems that are faced and some of the laws that are already
available to counter these issues and suggestion which are
needed to strengthen these laws.
II. LITERATURE REVIEW
The emerging technologies of mobile and cloud computing,
electronic commerce and social applications are primarily
changing the world’s perspective of business. The business
organizations are developing strategies to gain the unfold
benefits of this latest technology in information sharing and
conducting commerce on the internet [4, 5]. The total volume
of business transaction perform online is approximately eighty
percent of the total transactions. Therefore, the requirement for
high level security is augmented to reduce the chances of
transaction failure and customer dissatisfaction. Cyber Security
is not limited to securing the local information technology
infrastructure of the organization; rather it is extended to much
more border network and information technology
infrastructure[6]. The role of cyber security cannot be ignored
in the current development and deployments of critical
computing and communication infrastructure [7]. National
security and economical development are the key players for
the improvements in cyber security and protection of vital
digital infrastructures. It is essential to make the internet more
secure and protect the user of internet from cyber attacks in
order to strengthen the services and government policies as
well [8].
It is essential to include deterring of cyber crimes as a part
of national strategy for protection of computer and
communication infrastructure and cyber security. A
comprehensive approach is thus needed for the development
and implementation of strategies on national scale for cyber
security [9]. For instance, the strategies for cyber security
including technical protection system implementation or
educating the users to protect them against victimization of
cyber crime help in the reduction of cyber crimes [10]. These
national or individual strategies are essential player in the
struggle against the cybercrime. A comprehensive approach is
needed to stand against cybercrimes; providing technical
solution only, are not enough to avert any crime. The law
enforcement agencies should be allowed to effectively and
efficiently probe and arraign cybercrime [2, 5, 11].
Cyberspace is the juncture for the criminal groups in the era
of organized crime and terrorism; the groups of these kinds are
the Russian Mob, Internet Tamil Black Tigers, and Mafia
Internet Securities. Cyber terrorism is considered and
recognized as cyber crimes. The first terrorist attack of its kind
as reported by the intelligence authorities is against computer
systems in Sri Lanka. The ethnic guerrillas flooded Sri Lankan
embassies emails with over 800 emails in a single day for two
week period. The email messages contain the text, “We are the
Internet Black Tigers and we are doing this to disrupt your
communications”. It was a great cause of fear for the diplomats
as the rebel group was known for killing people[12].
Anti Cybercrime laws as developed by the international
community divided the cybercrimes into nine broad categories.
These categories include; privacy protection, harming
intellectual property, criminal / procedural laws, internet
economic crime, forgery, internet fraud, adolescent
pornography, illegal access, illegal / harmful contents.
Despite laws making, a few countries e.g. China and Saudi
Arabia have implemented technical procedures of internet
filtering. Kingdom of Saudi Arabia established internet service
unit (ISU), 2010. ISU is responsible for filtering the web traffic
allowing the user to access only the legitimate (the website
which are not on the “Black List”) web sites [13].
III. EMERGING TRENDS AND CHALLENGES
The main focus of organizations these days is on
developing mechanism for protecting the identity of the user
and theft of sensitive data. The world is moving towards digital
economy and most of the information is in digital form. Social
applications of the ICT’s in the form of websites for interacting
with friends and family where the users feel safe but in reality
this is more open to cyber criminals to gain access and steal
personal data of the users especially home users. Although
most of the users don’t care much about what they are sharing
on social networks and the privacy of their post, it can be quite
troublesome for them. On top of all benefits of online social
networks, there are many disadvantages. Identity theft is one of
the biggest concerns of online social networks [14]. There are
millions of fake profiles, which maliciously manipulate or
harm other people and the reason for this matter is that it is
very simple and quite fast to create and form a fake profile by
using other’s information or picture and use social engineering
techniques to steal information.
The devices which work on android operating system will
face more attacks, but not on major scale. As it is a known fact
that tablets running the same system like smart phones and will
also be beleaguered soon by the same kind of malware. Mac
would face less malware attacks as compared to window based
personal computers. The new window operating system i.e
Windows8 facilitates the application developer to virtually
develop any application for any devices running Windows8.
The possibility of developing malevolent applications is
increased as compared to android applications [15, 16]. The
above mentioned technologies brought with it; great
opportunities and at the same time challenges as well.
The broad distribution of On-line Social Networks, the
privacy and confidentiality of the users involved in such
services is going to be a key distress. Numerous researchers
proposed solutions to lessen the threats on confidentiality and
privacy for those group obtaining profiles in online social
networks previously (as an instance, count up more than 800
million for Facebook, one of the mainly well-liked online
social network). As a case in point of such solutions for
privacy-threat mitigation, the concept of Virtual Private Social
Network (VPSN) was planned. VPSN fundamentally is a sign
of the concept of Virtual Private Network contained by online
social networks: only friends surrounded by the VPSN are
capable to observe the valid and actual information of an
individual [3, 13, 15].
A lot of new apps and devices are developing, which
brought with them new security threats. The organization are
moving towards paper less economy where everything will be
digital. They want to safe guard the sensitive information
rather than the physical security of the system only. The
companies are trying to get advantages from the cutting edge
technology of cloud rather mobile cloud computing but still
hesitant to migrate to it because of the security issues relating
the privacy and availability [15, 17].
IV. ANTI – CYBERCRIME POLICIES OF THE GOVERNMENT
The cyber security policies of the government should cover
the requirements of all citizens (corporate and domestic
citizens) not just the government only. To address cybercrimes
a legal framework is present in Pakistan. In 2002 Pakistan
government has passed the Electronic Transaction Ordinance
(ETO). The main objective of this ordinance is to identify and
assist documents, reports, information, and communications,
electronic transaction and to provide for accreditation of
certification service providers. This legal framework provides
legal support for electronic transactions (Information sharing
and communication), as a written and singed document.
Pakistan is among those countries that have legal framework of
this kind which provide essential structure and an impetus for
expansion of e – commerce in the country. The ETO is the
indispensable prerequisite for electronic commerce expansion
and as termed as “a Landmark decision for Information
Technology development in the country”. The main aim of this
document was to achieve the unprecedented economic impact,
promotion of e – commerce while projecting Pakistani
products in the global markets, increasing online transaction to
greatly reduce the cost of transaction for SME’s, and to protect
the buyer and seller interest in e – transactions [18].
The government of Pakistan notified through official
gazette, implantation of rules and purpose of the ordinance.
The main clauses laid down in the ordinance for offenses
related to e – transactions include; provision of false
information, false certificate issuance, and damaging
information system. In addition to ETO 2002, the ministry of
information technology in consultation with the ministry of
interiors prepared the Electronic Transaction Act 2004. The
ETA (2004) addresses cybercrimes i.e Criminal access,
Criminal data access, Data damage, System damage, Electronic
fraud, Electronic forgery, Misuse of devices, Misuse of
encryption, Malicious code, Cyber stalking, Spamming,
Spoofing, Unauthorized interception and Cyber Terrorism [19].
The other steps initiated by Government of Pakistan are the
formation of National Response Center and Accreditation
Council. The National Response Center is responsible for
stopping internet misuse and tracing any involvement in
cybercrimes. The accreditation council was formed for
Certificate Authorities keeping in view the national policies on
information technology ETO 2002. The purpose of licensing
program is to promote integrity, honesty, trustworthiness for
the licensed certificate authorities [1, 20]. But on the broader
picture, these policies are still not mature to counter all the
terrorist attack on the cyberspace of the country.
V. DATA COLLECTION
The common methods of data collection used in this
research were case studies, questionnaire, emails, phone based
and face to face interviews. After collecting the data it was then
analyzed using SPSS. The objective of this research was to
explore if any or being the victim of cybercrimes and whether
they have reported any such incident.
A. On Spot Questionnaires and Emails
The questionnaire was distributed among 3000 users
through emails and on spot distribution in different parts of the
country i.e majorly in the cities of Peshawar, Lahore, Karachi,
Islamabad, Faisalabad, Abbottabad etc. The questions were
related to the incidents of abuse / privacy, scams, malware,
defacements, hate/ threat mails, unauthorized access, DoS
Attacks, Fake Accounts, and Intellectual Property Violations.
Out of 3000 users, 1895 have responded and the data were
analyzed. The contributors of this study were teachers, college
and university students, public servant including police and
federal investigation agency officials, researchers and
businessmen.
B. Face to Face Interviews
In order to know more about the actual situation of
cybercrime records; interview with the official of police
department and federal investigation agency (cybercrime wing)
were conducted. These interviews are not structured and the
purpose of these interviews was to validate the data collected
during the survey. The officials pointed out that very less
number of the cyber crimes are reported.
VI. RESULT ANALYSIS AND CASE STUDY
It is confirmed through this study that some people using
internet in Pakistan are the direct or indirect victims of
cybercrimes but most of the cases are not reported to the
police. Another case is the case study of National Bank of
Pakistan which is a victim of cybercrime itself.
A) Specific Case of Cybercrime
National Bank of Pakistan (NBP) was established in 1949
as the major financial institution of country. The objective of
its establishment was to provide all kind of banking services to
public and private organization of the country. This bank also
serves to cater the treasury transaction on behalf of the govt. as
an agent of state bank of Pakistan.
The NBP independently suspended its One-Link service
with 14 other banks when it find out that a cyber gang had
breached the hardware security modules and PIN codes of the
ATM machines in 2008. The NBP called the FIA for legal help
and investigation to find out that how the gang is misusing
some “zero balance” accounts of the employees among whom,
one is already retired.
The official of police arrested Amir Abbas employee of the
other bank in Lahore and suspected culprit. This one of the 14
other banks which share the same ATM service. Again in
Multan and Lahore the officials of NBP had discovered a
“cyber theft” exceeding rupees three (3) millions from its
ATMs. This was surprisingly the same incidence as the
previous and the NBP management found that similar cases
were seen in branches which were operating in the industrial
belt of Punjab. During the process of investigation the bank’s
management found that another theft of more than rupees eight
(8) millions were detected. This case study shoows that Pakistan
is facing the great issue of cybercrimes.
B) Results from the Survey
After collected the data it was reported thhat more that 80
percent of the respondent faced one the cybercrime incident.
Most of the victims are complaining about thee abuse on social
media, fake accounts, virus attacks, defacem ments and hate /
threat emails. All of the internet crimes are noot reported as due
to non – awareness to the people about the ccyber laws in the
country. The people are not aware about suchh kinds of issues
and its consequences. The details that were eemerged from the
user were as follows:
1) The respondent of the survey in responnse to the use of
internet responded that 100 percent of th them use it for
communication purposes. Another 28 percent of the user’s uses
internet in Pakistan use the internet for researrch. 16 percent of
the users use internet for business purposes. T Thus it is evident
that the leading activity on the internet is e-m
mail and research.
The detail of most users’ activities on the intternet is given in
the figure 1.
User Response to Use of Inteernet
2500
2000
1500
1000
500
0
Fig.1. User Response to Use of Intternet
2) Majority of the respondent responded that they fall the
victim of atleast one cybercrime. The mostt common cyber
crimes investigated in this study are SPAM, defacement, fake
accounts, virus attacks, hate / threat emailss being the most
reported cybercrimes. 58 percent of the victim
ms responded that
they never shared it with anybody, 28 perceent of respondent
reported these to system administrators and onnly 14 percent of
the victims reported it to the law enforcement authorities. Most
of the victims would prefer to not tell anyonne due to lack of
knowledge about the physical evidence and laws relating to
these crimes. 35 percent of the responded cclaimed that they
faced hate / threat emails while 23 perceent reported the
violation of privacy. Defacement and unauthoorized access are
reported to be 10 percent of the total. Fake facebook and
emails are reported to be 5 percent.. These results are depicted
in the figure 2.
Victim's Response Regading Cyber
Threatt
800
700
600
500
400
300
200
100
0
Fig.2. User Response to Cyber Threat
3) In response to the study only 63 percent of the
respondent claimed that they are not aware to check any
incidence of cybercrimes and mostt of them don’t check their
systems for regularity.
The above statistics reveal thaat the user of internet in
Pakistan in one way or the otheer facing this dilemma of
cybercrimes. Even though, publiic is not reporting these
incidence to the concerned authorities due to unawareness
about the prevailing cyber laws.
ND SUGGESTIONS
VII. RECOMMENDATIONS AN
After analyzing the results it is believed that prevention is
better than cure i.e restricting the number of cyber security
violations. Although, it is practicaally impossible to prevent
these incidents completely unless, experience and knowledge
in forensic and cyber laws for prottecting the victim rights in
case of infringements. In this sectioon a few recommendations
are presented for the policy makers
A) Sensitization of the Phenomen
non of Cybercrimes
This issue should be sensitizedd. The government should
established public awareness prrogram regarding anti –
cybercrimes activities. The people need to be trained on the
knowledge of internet and computeer crimes. The trained user
should be able to detect, prevent, minimize and report these
incidences. The government should establish; possibly develop
facility for the reporting of cybercrimes preferably on the
internet. The official of police department
d should also be
trained on investigation process annd unified record keeping.
Eforensic is a relatively new field and proper training should
be conducted for all the concerned [14, 21].
B) Internet Traffic Filtering
Some countries like China and Saudi Arabia has
implemented internet filtering for the clients at the ISPs and
government level. The government should prevent illegal
access to block website. The websites promoting or having
keywords like terrorism, bomb making recipes and
pornography should be blocked. Proper legislation is needed
for filtering the incoming internet traffic prior to its access by
the internet user. The government should block the website
which posed to be an eminent threat to the country. The ISPs
should be directed to install preventive measures against
DDoS, and spamming [13].
beyond the border so it is hard to bring the cyber criminal
under justice system. The laws needed to be modified and
cooperation with international community in this regard should
be established. It is also hard to obtain facts from internet or
computer crime that are needed to prove someone a culprit in a
court of justice. Computer forensic is still a new area and
mostly the countries are lacking the expertise and literature. It
is an eminent threat and the countries like Pakistan should
adopt the proper laws and procedures of anti – cybercrimes
effectively.
ACKNOWLEDGMENT
We are thankful for the support we got from the official of
the police department and federal investigation agency. We are
also thankful to all the respondents who took part in the survey.

C) Enforcement of Cyber Security Laws

Pakistan is among those countries that have passed cyber
laws for protecting and promoting of the electronic transaction. [1]
The people committing cybercrimes should be dealt with iron
hands and the laws should be amended accordingly. This will
not only prevent the fast rate of cybercrime but will also
[2]
motivate the victims to report more about the cybercrimes.
It seems that the laws that are meant to protect the cyber [3]
community from intended crimes; are not sufficient to
safeguard the non – commercials problems especially the use [4]
of internet for spreading of extremist ideologies in Pakistan.
The extremists performed unlawful activities on the social
[5]
media worldwide and Pakistan in particular. These activities
not only disturb the autonomy and trustworthiness of
individuals but institutions as well. It requires exhaustive [6]
policies to cope with cyber terrorism and cyber extremism.
These laws could be synchronized with global community in
combating terrorism rather cyber terrorism. [7]
[8]
Some other recommendations are to extend the
development of specialist police and forensic computing
resources. Support the international Computer Emergency [9]
Response Team (CERT) community, including through
funding, as the most likely means by which a large-scale [10]
Internet problem can be averted or mitigated. Fund research
into such areas as: Strengthened Internet protocols, Risk [11]
Analysis, Contingency Planning and Disaster Propagation
Analysis, Human Factors in the use of computer systems, [12]
Security Economics [10, 22].
[13]
VIII. CONCLUSION
[14]
It is shown that in one way or the other, cybercrimes are
silently present and pose a threat to the developed and [15]
developing countries. The instances of cybercrimes are not
reported rather discussed socially; on the other hand the [16]
perpetrators are invisible under the cyber world. This is a crime
REFERENCES
[1] A. N. Ghulam Muhammad Kundi, Robina Akhtar, "Digital
Revolution, Cyber-Crimes And Cyber Legislation: A Challenge To
Governments In Developing Countries," Journal of Information
Engineering and Applications, vol. 4, pp. 61-70, 2014.
W. Chung, H. Chen, W. Chang, and S. Chou, "Fighting cybercrime: a
review and the Taiwan experience," Decision Support Systems, vol. 41,
pp. 669-682, 2006.
B. W. Lampson, "Computer security in the real world," Computer, vol.
37, pp. 37-46, 2004.
Y. Rezgui and A. Marks, "Information security awareness in higher
education: An exploratory study," Computers & Security, vol. 27, pp.
241-253, 2008.
R. Broadhurst and L. Y. Chang, "Cybercrime in Asia: Trends and
Challenges," in Handbook of Asian Criminology, ed: Springer, 2013, pp.
49-63.
D. Gartenstein-Ross and K. Dabruzzi, "The convergence of crime and
terror: Law enforcement opportunities and perils," Center for Policing
Terrorism, p. 8, 2007.
J. Hecht, "When web browsers turn bad," New Scientist, vol. 194, pp.
28-29, 2007.
K. Dashora, "Cyber crime in the society: Problems and preventions,"
Journal of Alternative Perspectives in the Social Sciences, vol. 3, pp.
240-259, 2011.
N. Kshetri, "The simple economics of cybercrimes," Security & Privacy,
IEEE, vol. 4, pp. 33-39, 2006.
M. Gercke, "Understanding Cybercrime. A Guide for Developing
Countries," International Telecommunication Union (Draft), vol. 89, p.
93, 2011.
R. G. Smith, N. Wolanin, and G. Worthington, E-crime solutions and
crime displacement: Australian Institute of Criminology;, 2003.
V. B. Florence Tushabe, "Cyber Crime in Uganda: Myth or Reality?,"
World Academy of Science, Engineering and Technology, vol. 8, pp.
66-70, 2005.
B. Liang and H. Lu, "Internet development, censorship, and cyber
crimes in China," Journal of Contemporary Criminal Justice, vol. 26, pp.
103-120, 2010.
M. Siponen, "Five dimensions of information security awareness,"
Computers and Society, vol. 31, pp. 24-29, 2001.
N. Leavitt, "Mobile phones: the next frontier for hackers?," Computer,
vol. 38, pp. 20-23, 2005.
R. Feldman, "Intellectual Property Wrongs," Stan. JL Bus. & Fin., vol.
18, pp. 250-319, 2013.
[17] P. K. Chan, W. Fan, A. L. Prodromidis, and S. J. Stolfo, "Distributed
data mining in credit card fraud detection," Intelligent Systems and their
Applications, IEEE, vol. 14, pp. 67-74, 1999.
[18] S. Qutab, "OPEN ACCESS MOVEMENT IN PAKISTAN," Trends in
Information Management (TRIM), vol. 4, 2012.
[19] I. Gahauri. (2014, November, 05). Ghauri, I. (2014). Electronic Crimes
Act: Cybercrime to be made non-cognisable offence, [Online] available
at: http://tribune.com.pk/story/672721/electronic-crimes-act-cybercrime-
to-be-made-non-cognisable-offence/ (Accessed on 12/11/2014)
[20] Y. H. Mujahid, "Digital opportunity initiative for Pakistan," The
Electronic Journal of Information Systems in Developing Countries, vol.
8, 2002.
[21] N. Provos, M. A. Rajab, and P. Mavrommatis, "Cybercrime 2.0: when
the cloud turns dark," Communications of the ACM, vol. 52, pp. 42-47,
2009.
[22] R. D. Clifford, "Cybercrime: The investigation, prosecution and defense
of a computer-related crime," 2001.

View publication stats