India facing growing threat to its national security from adversaries resorting to a new kind of cyber warfare: PRAHAR Report

·       India’s rising global status is increasing its vulnerabilities and exposure to attacks.

·       Citizens’ growing appetite for digital entertainment and gaming pushes them to illegal offshore betting and gambling platforms, making them vulnerable to sophisticated cyber manipulation, and turning them into tools for attacks on the state.

·       A ‘Super Cyber force’ and “Surgical Strikes” are needed — cyberspace is the new battlefield, and India must go on the offensive. Other interventions include sophisticated tech infrastructure, skill improvement, whitelisting digital apps and platforms, and educating citizens.

·       Until India creates a holistic cyber policy and execution strategy, restricting identifiable legitimate platforms could push citizens into the hands of dark web operators.

New Delhi : India’s rise as a global power is being threatened by a steady, well-coordinated effort from adversaries aiming to destabilize its growth, both from within and outside its borders, according to a report by PRAHAR, a not-for-profit organization focused on issues in the public domain that if not addressed can cause helplessness among Indian citizens.

Globally, cyberattacks increased by 76% in Q1 2024, with India among the most affected countries. This surge highlights a growing need for stronger cybersecurity measures across industries, particularly in sectors increasingly targeted by cybercriminals.

In 2023, the country experienced over 79 million cyberattacks, ranking it third globally in terms of the number of such incidents. This marked a 15% increase from the previous year. The escalation continued into 2024. In the first quarter, reports indicated a sharp rise in cyberattacks, with over 500 million incidents blocked in just three months. Additionally, a recently published report highlighted a 46% increase in cyberattacks in India during the second quarter of 2024 compared to the same period in 2023.

In the first four months of 2024, Indians lost more than Rs 1,750 crore to cyber criminals, reported through over 740,000 complaints on the National Cybercrime Reporting Portal.

In this new threat narrative, cyberattacks or cyberwarfare are the most potent threat that has emerged against India. Critical infrastructure hacking and sophisticated manipulation of its citizens, similar to what is happening on illegal betting apps are core components of these new forms of vulnerabilities and attacks.

The report titled The Invisible Hand was released today in New Delhi by PRAHAR. To ensure the report is both insightful and with the right recommendations, PRAHAR gathered extensive consultations and input from leading experts across multiple fields, particularly those well-versed in the complexities of the cyberworld and cyber threats. Contributors included former high-ranking government officials, techno-legal experts, criminologists, and cybersecurity specialists, all of whom provided valuable perspectives to enhance the report’s recommendations.

This report endeavours to understand the emerging novel methods of intrusion that threaten national security and stability. Recent political upheavals in neighbouring countries like Bangladesh and Sri Lanka have raised doubts that there could be hidden, orchestrated strategies at play. There could be sophisticated, coordinated attempts to exploit vulnerable populations, particularly the financially unstable youth, through illegal online platforms. 

Bhargav Mitra, Retd. Joint Secretary, Government of India, “India’s growth story is accompanied by efforts, both at internal and external levels, to dent, damage, degrade, and dismantle the precincts of India’s core strengths. This trend has gathered momentum in the last several years. The targets are carefully selected, comprising India’s soft underbelly, such as economic, social, religious, and cultural ethos. The happenings in Bangladesh are a grim reminder of the challenges that a determined and conniving adversary can present for India’s national security. It seems that Bangladesh was probably the last link in the proverbial chain to encircle India and keep it tied down to the South Asian region.”

Expressing grave concerns on cyberattacks, Abhay Mishra, National Convenor & President of PRAHAR said, “There are two types of cyberattacks. The first involves traditional hackers who exploit vulnerabilities in systems for financial gain or disruption. The second, more insidious form targets citizens, recruiting them to engage in anti-national activities through manipulation, coercion, or threats. Such tactics are most likely to be used on illegal betting apps. This tactic also resembles approaches deployed in Bangladesh, where adversaries managed to turn ordinary citizens into instruments of destabilization, undermining government institutions from within. India’s security agencies must thoroughly investigate the prevalence of such possibilities.”

There has been a proliferation of illegal platforms in recent years. These foreign owned platforms, outside India’s regulations are specifically targeting and exploiting the youth for money and then rerouting the same money back into the country to foment trouble.

The scale of illegal online gambling is staggering. Estimates suggest that losses incurred by unsuspecting gamblers could exceed ₹1 lakh crore (approximately USD 12 billion). Transactions through illegal offshore betting applications are believed to reach up to ₹2 lakh crore (around USD 24 billion) annually. This vast financial ecosystem underscores the alarming extent to which individuals engage with unregulated platforms. Google search volumes for illegal gambling sites have consistently been 5 to 15 times higher month-on-month compared to legal domestic platforms. Over the past year, search volumes for betting platforms have exceeded those of legitimate platforms by 1100%!

Given the huge issue of illegal online gambling the report says that in today’s interconnected world, banning or restricting platforms, including gaming platforms, in the name of “national security” often leads to unintended consequences, such as the proliferation of black markets or underground networks.

Anuj Agarwal, a renowned techno-legal expert, Member Supreme Court Bar Association and Chairman of the Centre for Research on Cyber Crime and Cyber Law said, “Limiting legal domestic online platforms with outright bans or unwarranted restrictions only drives users deeper into the shadows, where they are more vulnerable to exploitation by the offshore platforms.”

Agarwal, instead, puts the onus of regulation at a moral, societal level, arguing that communities must be involved to bear upon the youth to deter them from falling prey to such illegal platforms. “We need to revive community governance to address many of these issues… Informed users are empowered users,” says Agarwal.

A ‘Risk minimisation’ approach instead of outright bans or over regulations has had greater success globally. This strategy incorporates responsible tools such as voluntary and mandatory user-defined limits, warning messages, self-exclusion, user monitoring etc. In the EU and UK, regulators have worked with operators and academics to develop evidence-based policy interventions. 

Muktesh Chander, Retd. Indian Police Service officer, specializing in cybercrime investigation and technology management and a Ph.D. in Cyber Security from IIT Delhi said, “Cyber is also a domain of warfare—the fifth domain. A situation has arisen where not only individual hackers or disgruntled people, but also state-sponsored actors and states themselves are engaging in activities that sabotage important parameters of the economy. We have seen this in Estonia, and in various conflicts between different countries. The latest example is the cyber warfare we’ve seen between Ukraine and Russia. We have been monitoring this for a long time,” Mr Chander maintains.

“One important aspect of this is offensive posture. It is now being recognized worldwide that since cyber is a domain of warfare, if a nation feels threatened in cyberspace, it has the right to self-defence measures, including attacks in cyberspace. NATO follows this principle.”

The report highlights that cybersecurity is a subset of national security and no effective national security can exist without securing cyberspace. There needs to be a well-planned five-year national cybersecurity strategy document, and all IT-related infrastructure should be consolidated under one organization or ministry for focused efforts. To ensure robust cyber defences, India must focus on creating a specialized workforce skilled in both cyber defence and offence. 

Snehil Dhall, a distinguished criminologist and founder of Crimophobia said, “While we discuss cyber laws and cybersecurity, we are not addressing the broader implications of technological advancements. Countries like China and Russia are developing space armies for satellite security. India, too, needs to focus on this with bodies like ISRO to be involved for space security initiatives. Just as national electric grids can be hacked, satellites are equally vulnerable. There is also a significant gap in training regarding these crimes. All stakeholders, including judges must be informed.”

“Today, the reactive part of cybersecurity measures is on display in India while the proactive part of cybersecurity measures is missing. Our strategy today is trying to diminish or neutralize a threat. But we need to go on the offensive. It is the era of surgical strikes, and it is time to prepare for a surgical strike on interests that are posing a threat to our nation,” added Snehil Dhall.

The report also provided a way forward to tackle this new cyberworld threat – to secure its position as a global cyber power, India must develop an agile, comprehensive cybersecurity framework that blends defensive measures with offensive capabilities. Involving communities, updating legal frameworks, and fostering a resilient cyber workforce are essential steps.

Additionally, it is crucial to deploy a balanced policy framework that respects the needs of youth for democratic digital participation and engagement with legitimate, state-approved platforms, rather than restrictive measures that push them underground. Enforcement or prohibition will never be a solution. Instead, through the right regulations, India can secure support from its citizens in effectively combating the looming cyber threats of the digital age, ensuring its rise on the world stage remains unchallenged by hidden cyber adversaries.