New Delhi: A ground breaking cybercrime investigation tool has been developed to trace cyberattacks targeting individuals, including fraudulent insurance claims and online matrimonial scams. Known as the TTPs (tactics, techniques, and procedures)-based cybercrime investigation framework, this tool plays a pivotal role in the identification and classification of cybercrimes, the establishment of a clear chain of evidence crucial for solving cases, and the systematic mapping of evidence to facilitate the prosecution of criminals.
Across several Indian states, cybercrime incidents are causing staggering daily losses of one crore rupees. These crimes disproportionately impact women, the elderly, and individuals with limited financial resources, resulting in the depletion of life savings. Despite the alarming rise in cybercrime reports, the number of investigations conducted remains significantly lower. Investigations often rely on the accounts provided in First Information Reports (FIRs) by victims who typically possess limited cyber literacy. Consequently, these narratives can frequently mislead or divert investigators, and victims may cease communication after reporting an incident, further complicating crime tracking efforts.
To address this critical gap in cybercrime investigation, a comprehensive framework was urgently needed. This framework should be capable of extracting essential details from victims’ FIRs, offering investigators comprehensive information on reported cybercrimes for systematic categorization, providing guidance based on established crime patterns, aligning evidence with investigative steps, and ultimately leading to the conviction of criminals. Until now, no such comprehensive framework existed for responding to cybercrime incidents.
To bridge this gap, the I-hub NTIHAC foundation (c3ihub) at IIT Kanpur, with support from the Department of Science and Technology (DST) under the National Mission on Interdisciplinary Cyber Physical Systems (NM-ICPS), developed a methodology and tool for deciphering the operational methods of cybercriminals throughout the entire crime execution process. This endeavor drew upon extensive literature research, case studies, framework development, integration of established crime patterns, the creation of an interactive framework navigator, and the alignment of real cases with the framework.
This innovative technology can generate an approximate crime execution path and suggest crime patterns based on user-defined keywords. Furthermore, it can compare the modus operandi used in various crimes, manage user roles, and monitor activities related to crime patterns.
The TTPs-based investigation framework proves highly effective by streamlining the investigation process, limiting the variety of methods used, and focusing on cybercriminals’ tactics, techniques, and procedures. This approach leads to more accurate and expedited convictions of cybercriminals.
With the implementation of this cybercrime investigation framework and tool, now poised for deployment with law enforcement agencies, cybercriminals can be more easily tracked and prosecuted, ultimately reducing cybercrime activities across the country.