NUR-SULTAN. KAZINFORM - With the rapid development of technologies, crimes in the online space have surged. Cybercrimes are rising in Kazakhstan too. More about what defines cybercrime and how can one prevent them is in the latest analytical article of Kazinform.
On one hand, technologies eased and made our lives more comfortable, but on the other, it gave rise to multiple challenges. Freedom of expression online, protection of users' personal data, security of information transmission, and digital privacy are just to name a few.
According to the United Nations Office on Drugs and Crime, while there is no universally applied definition to cybercrime, it defines cybercrime as an act that violates the law, which is perpetrated using information and communication technology (ICT) to either target networks, systems, data, websites and/or technology or facilitates a crime.
The difference between cybercrime and traditional crime is that cybercrime has no physical or geographic boundaries. Along with that, committing cybercrimes requires less effort and less time.
Cybercrimes can target individuals, businesses, organizations, and nations, and every time they exploit human or security vulnerabilities to steal either passwords, data, or money. Crimes can range from hacking, phishing, which is the attempt to steal sensitive data like credit card and login information, via emails, websites, and text messages that look legitimate, and malicious software to distributed denial of service, a malicious attempt of multiple connected devices to attack one target and disrupt its activity, often demanding extortion.
According to Yelzhan Kabyshev, a lawyer at Digital Rights Center Qazaqstan, the problem of cybercrime is growing year by year given the rapid digitization of Kazakhstan's economy driven by the Digital Kazakhstan state program.
«We have a separate article in the Criminal Code in the sphere of information and communication. There are nine criminal articles related just to cybercrimes. That is, these are crimes related to illegal unauthorized access to any information, to any database, information system, and illegal possession of information. And we also have criminal divisions in the Criminal Code which provide for committing crimes related to telecommunications networks. That is, for example, spreading false information, and inciting discord,» said Kabyshev in an interview for this story.
According to him, one of the most popular cybercrimes in Kazakhstan is leaks of personal data.
«In the part that we have in the administrative code on administrative offenses and in the criminal code, there are articles such as the article on the illegal collection of personal data processing if the data operator sends for processing. There is an administrative liability for this. If there was any significant damage, it already falls under criminal offense, article 148 of the Criminal Code,» he explained.
Leaks of personal data can include information ranging from card numbers to the last and first name of a person and his or her individual identification number.
Data leaks in the post-service are also common.
«We found a forum, where they [referring to hackers] seemed to be selling the database for $25,000. Here was this database containing almost all personal data. As an example, the hacker posted the first 1,000 lines of this database on the forum, and this database contained data on whether that person had any bank cards, last name, first name, middle name, address, phone, date of birth, gender, postal items, deposits, and money orders. A lot of data was also up to date up until December 2021. The hacker was selling access to the server, and there were about 12 million records. The total weight was about 110 gigabytes, and there were 44 tables of this data,» said Kabyshev.
The expert said there is essentially no system that cannot be hacked. But there is also a human factor.
«If you have invested a lot of money in the technical component of your platform, which contains personal data, but you have not properly trained the employees who work with that system to use software, emails, and passwords. Then this whole investment is just leveled out,» said Kabyshev.
Cybercrimes rise in Kazakhstan, mostly Internet frauds
In Kazakhstan, the Ministry of Internal Affairs warns of an increasing number of cybercrimes, mostly internet frauds, and that the criminals become savvy in new tricks.
Out of the total number of frauds in the country in January alone, 43.3 percent account for internet frauds. The latest data as of May indicate there were 24,501 cases of fraud, and 10,478 were internet frauds or 42.7 percent.
«The cases of calls under the guise of police officers and other law enforcement agencies with the use of switched numbers similar to the subscriber numbers of Kazakhstan mobile operators have become more frequent. Fraudsters, posing as inquirers or investigators, report that relatives or acquaintances of citizens have turned to the police department in connection with an alleged online loan. To clarify the data, the criminals offer citizens to provide information about the accounts, as well as personal information: last name, first name, middle name, and individual identification number. There have been cases when citizens under the pressure of fraudulent manipulation installed applications designed for remote access on their devices,» explained the ministry's spokesperson Shugyla Turlybek.
All these actions are aimed at gaining access to bank cards and deposits of potential victims for further transfer of money or arrangement of a loan. In case of such calls, the ministry recommends hanging up and contacting the bank to clarify the details.
«It is important to remember that neither the police nor bank employees ever ask to confirm bank account or personal information. To ensure the protection of your bank accounts it is necessary to adhere to basic security measures,» she said.
Between 2017 and 2021, the number of registered internet frauds in the country has spiked more than tenfold from 2,000 in 2017 to 21,000 in 2021.
Сitizens most often fall victims to fraud in the field of online trading on popular sites and social networks. Criminals can also steal money through online loans, and bank cards, under the pretext of investing, betting, games and lotteries.
What can be done to prevent such crimes?
On the national level, to minimize such crimes the Prosecutor General's Office has developed a special road map, which provides for the introduction of digital technologies, improvement of existing regulatory documents, as well as the development of IT programs and applications.
A set of measures is being implemented to raise awareness about internet fraud and illegal activities of financial pyramids and similar organizations. According to Kabyshev, digital literacy is key to countering cybercrimes. One of the goals of the country's Digital Kazakhstan program is to improve digital literacy among the population.
Digital literacy, which is defined in the program as a person's skills to use a personal computer, smartphone, tablet, or standard programs, and receive services via the internet, stands at 87.3 percent, according to the latest data provided by the Bureau of National Statistics.
«The highest level was recorded in Nur-Sultan - 94.6 percent, then the Almaty Region - 89.3 percent and then the city of Almaty - 88.9 percent. The lowest level, however, was in the North Kazakhstan, West Kazakhstan, Akmola and Karaganda regions,» said Kabyshev.
Digital literacy enables a person to use technology safely and avoid all the dangers and challenges associated with it.
«I think that not only state but also ordinary people, especially when young people help their elderly family members protect from frauds,» said the expert.
How to protect yourself?
Everyone can be a victim of cybercrimes, but some common rules will help you prevent this from happening.
A person should make sure their software and operating systems are up-to-date, they should not give bank card details, account numbers and security codes to unauthorized persons, avoid dubious links to the sites of banks, which look legitimate but can turn out to be malicious, and do not enter your personal data there.
Kabyshev advised people to educate themselves and understand some basic algorithms. He said there are many useful articles online, including on the electronic government website.
Written by Assel Satubaldina