information technology act - final

8/11/2019 Information Technology Act - Final

1/56

INFORMATION TECHNOLOGY

ACT & CYBER LAWS

INFORMATION TECHNOLOGY ACT 2000

INDEX

1. Introduction1.1. Overview1.2. Purpose of the Act1.3. Things covered in the Act

2. Amendment Act 20082.1. Need for Amendment2.2. Structure of the Act2.3. Appic!"iit#

3. Terminoogies4. $#"er $rimes % T#pes

5. $#"er $rime St!tistics in Indi!6. $#"er $!fe &!ws


2/56

7. Sections incuded under IT Act8. 'oe of IT in (!n)ing Sector. NASS$O*10. $omp!rison "etween Indi!n $#"er &!ws !nd Phiippines $#"er &!ws11. $!se studies

11.1. N*I*S11.2. (A+,,.$O*11.3. T'-,$A&&,' 11.. /',, A$,'S11.. APP&,

12.News Artices13. Surve# on $#"er !ws !nd $#"er Thre!ts14. $oncerns of $#"er !ws15. (i"iogr!ph#

I!"#$%'"($!

O)*#)(*+

New communic!tions s#stems !nd digit! technoog# h!ve m!de dr!m!tic ch!nges in w!# of

tr!ns!cting "usiness. *id 04s s!w !n impetus in go"!i5!tion !nd computeris!tion6 with

more !nd more n!tions computeri5ing their govern!nce6 !nd e7commerce seeing !n enormous

growth. -se of computers to cre!te6 tr!nsmit6 !nd store inform!tion is incre!sing. $omputers

h!ve m!n# !dv!nt!ges in e7commerce. It is difficut to shift "usiness from p!per to eectronic

form due to 2 eg! hurdes

19 'e:uirements !s to writing629 Sign!ture for eg! recognition.

The -nited N!tions $ommission on Intern!tion! Tr!de &!w ;-N$IT'A&9 !dopted the

*ode &!w on e7commerce in 1


3/56

!mend the Indi!n Pen! $ode6 the Indi!n ,vidence Act6 18>26 the (!n)ers@ (oo)s ,vidence

Act6 181 !nd the 'eserve (!n) of Indi! Act6 13 !nd for m!tters connected therewith or

incident! thereto. The Inform!tion Technoog# Act6 20006 w!s thus p!ssed !s the Act No.21

of 20006 got President Assent.

As per the pre!m"e to the !ct6 the purpose of the !ct is

To gr!nt eg! recognitions for tr!ns!ctions c!rried out "# me!ns of eectronic d!t!6

interch!nge !nd other me!ns of eectronic communic!tion common# referred to !s

Beectronic commerce in p!ce of p!per "!sed communic!tion methods.

To give eg! recognition to Cigit! Sign!ture for !uthentic!tion of !n# inform!tion or

m!tter th!t re:uires !uthentic!tion under !n# !w.

To f!ciit!te eectronic fiing of documents with /overnment dep!rtments. To f!ciit!te eectronic stor!ge of d!t!.

To f!ciit!te !nd give eg! s!nction to eectronic fund tr!nsfers "etween "!n)s !nd

fin!nci! institutions.

To give eg! recognition for )eeping "oo)s of !ccount "# (!n)ers in eectronic form.

The !ct does not !pp# to

19 A negoti!"e instrument eDcept $he:ue29 A power of !ttorne#39 A trust9 A wi9 An# contr!ct for the s!e or conve#!nce of immov!"e propert# or !n# interest in such

propert#


4/56

A*!%*!" A'" 2008

N**% /$# A*!%*!"

Eith proifer!tion of inform!tion technoog# en!"ed services such !s e7govern!nce6 e7

commerce !nd e7tr!ns!ctionsF d!t! securit#6 d!t! priv!c# !nd impement!tion of securit#

pr!ctices !nd procedures re!ting to these !ppic!tions of eectronic communic!tions h!ve

!ssumed gre!ter import!nce !nd the# re:uired h!rmoni5!tion with the provisions of the

Inform!tion Technoog# Act. Gurther6 protection of $ritic! Inform!tion Infr!structure is

pivot! to n!tion! securit#6 econom#6 pu"ic he!th !nd s!fet#6 thus it h!d "ecome necess!r#to dec!re such infr!structure !s protected s#stem6 so !s to restrict un!uthorised !ccess.

Gurther6 ! r!pid incre!se in the use of computer !nd Internet h!s given rise to new forms of

crimes i)e6 sending offensive em!is !nd mutimedi! mess!ges6 chid pornogr!ph#6 c#"er

terrorism6 pu"ishing seDu!# eDpicit m!teri!s in eectronic form6 video vo#eurism6 "re!ch

of confidenti!it# !nd e!)!ge of d!t! "# intermedi!r#6 e7commerce fr!uds i)e che!ting "#

person!tion 7 common# )nown !s phishing6 identit# theft6 fr!uds on onine !uction sites6 etc.

So6 pen! provisions were re:uired to "e incuded in the Inform!tion Technoog# Act6 2000.

Aso6 the Act needed to "e technoog#7neutr! to provide for !tern!tive technoog# of

eectronic sign!ture for "ringing h!rmoni5!tion with *ode &!w on ,ectronic Sign!tures

!dopted "# -nited N!tions $ommission on Intern!tion! Tr!de &!w ;-N$IT'A&9

eeping in view the !"ove6 /overnment h!d introduced the Inform!tion Technoog#

;Amendment9 (i6 200< in the &o) S!"h! on 1th Cecem"er 200


5/56

P!ri!ment p!ssed the (i on 23rd Cecem"er 2008. Su"se:uent# the Inform!tion

Technoog# ;Amendment9 Act6 2008 received the !ssent of President on th Ge"ru!r# 200

!nd w!s notified in the /!5ette of Indi!.

Some of the not!"e fe!tures of the ITAA !re !s foows

Gocussing on d!t! priv!c#

Gocussing on Inform!tion Securit#

Cefining c#"er c!fe

*!)ing digit! sign!ture technoog# neutr!

Cefining re!son!"e securit# pr!ctices to "e foowed "# corpor!te

'edefining the roe of intermedi!ries

'ecognising the roe of Indi!n $omputer ,mergenc# 'esponse Te!m

Incusion of some !ddition! c#"er crimes i)e chid pornogr!ph# !nd c#"er terrorism

Authori5ing !n Inspector to investig!te c#"er offences ;!s !g!inst the CSP e!rier9


6/56

S"#'"#* $/ "* A'"

The Act "egins with preimin!r# !nd definitions !nd from there on the ch!pters th!t foow

de! with !uthentic!tion of eectronic records6 digit! sign!tures6 eectronic sign!tures etc.

,!"or!te procedures for certif#ing !uthorities ;for digit! certific!tes !s per IT Act 72000 !nd

since rep!ced "# eectronic sign!tures in the ITAA 720089 h!ve "een spet out. The civi

offence of d!t! theft !nd the process of !d?udic!tion !nd !ppe!te procedures h!ve "een

descri"ed. Then the Act goes on to define !nd descri"e some of the we7)nown c#"er crimes

!nd !#s down the punishments therefore.

Then the concept of due diigence6 roe of intermedi!ries !nd some misce!neous provisions

h!ve "een descri"ed. 'ues !nd procedures mentioned in the Act h!ve !so "een !id down in

! ph!sed m!nner6 with the !test one on the definition of priv!te !nd sensitive person! d!t!

!nd the roe of intermedi!ries6 due diigence etc.6 "eing defined !s recent# !s Apri 2011. Ee

wi "e discussing some of the import!nt.

A--('(("

The Act eDtends to the whoe of Indi! !nd eDcept !s otherwise provided6 it !ppies to !so

!n# offence or contr!vention there under committed outside Indi! "# !n# person. There is

some specific eDcusion to the Act ;i.e. where it is not !ppic!"e9 which is s!me !s

Inform!tion Technoog# Act 2000.


7/56

T*#(!$$(*

C$-"*# It me!ns !n# eectronic m!gnetic6 optic! or other high7speed d!t!

processing device or s#stem which performs ogic!6 !rithmetic6 !nd memor#

functions "# m!nipu!tions of eectronic6 m!gnetic or optic! impuses6 !nd incudes

! input6 output6 processing6 stor!ge6 computer softw!re6 or communic!tion f!ciities

which !re connected or re!ted to the computer in ! computer s#stem or computer

networ).

C$-"*# S"* The word Hcomputer s#stem4 me!ns ! device or ! coection of

devices with input6 output !nd stor!ge c!p!"iities. Interesting#6 the word Hcomputer4

!nd Hcomputer s#stem4 h!ve "een so wide# defined to me!n !n# eectronic device

with d!t! processing c!p!"iit#6 performing computer functions i)e ogic!6

!rithmetic !nd memor# functions with input6 stor!ge !nd output c!p!"iities. A

c!refu re!ding of the words wi m!)e one underst!nd th!t ! high7end progr!mm!"e

g!dgets i)e even ! w!shing m!chine or switches !nd routers used in ! networ) c!n

! "e "rought under the definition.

C$!('"($! D*)('*Simi!r# the word Hcommunic!tion devices4 inserted in

the ITAA72008 h!s "een given !n incusive definition6 t!)ing into its cover!ge ce

phones6 person! digit! !ssist!nce or such other devices used to tr!nsmit !n# teDt6

video etc i)e wh!t w!s !ter "eing m!r)eted !s iP!d or other simi!r devices on Ei7fi

!nd ceu!r modes.

D" It me!ns ! represent!tion of inform!tion6 )nowedge6 f!cts6 concepts or

instructions which !re "eing prep!red or h!ve "een prep!red in ! form!ised m!nner6

!nd is intended to "e processed6 is "eing processed or h!s "een processed in !

computer s#stem or computer networ)6 !nd m!# "e in !n# form ;incuding computer

printouts m!gnetic or optic! stor!ge medi!6 punched c!rds6 punched t!pes9 or stored

intern!# in the memor# of the computer.

Cefinitions for some words i)e Hc#"er c!f4 were !so !ter incorpor!ted in the ITAA2008 when HIndi!n $omputer response ,mergenc# Te!m4 w!s incuded


8/56

D((" S(!"#* A digit! sign!ture is "!sic!# ! w!# to ensure th!t !n eectronic

document ;e7m!i6 spre!dsheet6 teDt fie6 etc.9 is !uthentic. Authentic me!ns th!t #ou

)now who cre!ted the document !nd #ou )now th!t it h!s not "een !tered in !n# w!#since th!t person cre!ted it. Cigit! sign!tures re# on cert!in t#pes of encr#ption to

ensure !uthentic!tion. ,ncr#ption is the process of t!)ing ! the d!t! th!t one

computer is sending to !nother !nd encoding it into ! form th!t on# the other

computer wi "e !"e to decode. Authentic!tion is the process of verif#ing th!t

inform!tion is coming from ! trusted source. These two processes wor) h!nd in h!nd

for digit! sign!tures. There !re sever! w!#s to !uthentic!te ! person or inform!tion

on ! computer

E*'"#$!(' S(!"#* An eectronic sign!ture c!n "e !s "!sic !s ! t#ped n!me or !

digiti5ed im!ge of ! h!ndwritten sign!ture. $onse:uent#6 e7sign!tures !re ver#

pro"em!tic with reg!rds to m!int!ining integrit# !nd securit#6 !s nothing prevents

one individu! from t#ping !nother individu!@s n!me. Cue to this re!it#6 !n eectronic

sign!ture th!t does not incorpor!te !ddition! me!sures of securit# ;the w!# digit!

sign!tures do6 !s descri"ed !"ove9 is considered !n insecure w!# of signing

document!tion.In ITAA 7 2008 thus introducing technoogic! neutr!it# "# !doption

of eectronic sign!tures !s ! eg!# v!id mode of eDecuting sign!tures. This incudes

digit! sign!tures !s one of the modes of sign!tures !nd is f!r "ro!der in !m"it

covering "iometrics !nd other new forms of cre!ting eectronic sign!tures not

confining the recognition to digit! sign!ture process !one. Ehie *Js. T$S6 *Js.

S!fescript !nd *Js. *TN& !re some of the digit! sign!ture certif#ing !uthorities in

Indi!6 IC'(T ;Institute for Ceveopment of 'ese!rch in (!n)ing Technoog# K the

rese!rch wing of '(I9 is the $ertif#ing Authorities ;$A9 for the Indi!n (!n)ing !nd

fin!nci! sector icensed "# the $ontroer of $ertif#ing Authorities6 /overnment of

Indi!.

* $/ E*'"#$!(' S(!"#* "$ "* C$-!(*

It is estim!ted th!t ever# #e!r6 30 "iion p!per documents !re copied or printed "# -S

comp!nies. Ehen f!ctoring the costs of cop#ing6 sc!nning6 !rchiving6 routing6 !nd retrieving


9/56

ost documents6 e!ch p!per7"!sed sign!ture is estim!ted to cost L


10/56

E*'"#$!(' : G$)*#!!'* The term ,ectronic /overn!nce refers to the !ppic!tion

of inform!tion technoog# to the processes of /overnment functioning in order to

"ring !"out Simpe6 *or!6 Account!"e6 'esponsive !nd Tr!nsp!rent ;S*A'T9.The!ct provides for eg! recognitions of eectronic records !nd digit! sign!tures in

/overnment !nd its !gencies. ,ectronic /overn!nce is recognition "# /overnment to

!ccept communic!tion6 stor!ge of inform!tion6 !ccept!nce of digit! sign!ture in

eectronic form !nd retention of eectronic records !nd giving it ! eg! s!nctit#. ,7

/overn!nce is the future m!n# countries !re oo)ing forw!rd to for ! corruption free

government. ,7government is one7w!# communic!tion protoco where!s ,7

govern!nce is two7w!# communic!tion protoco. The essence of ,7govern!nce is to

re!ch the "enefici!r# !nd ensure th!t the services intended to re!ch the desired

individu! h!s "een met with. There shoud "e !n !uto7response s#stem to support the

essence of ,7govern!nce6 where"# the /overnment re!i5es the effic!c# of its

govern!nce. ,7govern!nce is "# the governed6 for the governed !nd of the governed.

,st!"ishing the identit# of the end "enefici!r# is ! true ch!enge in ! citi5en7centric

services. St!tistic! inform!tion pu"ished "# governments !nd word "odies do not

!w!#s reve! the f!cts. (est form of ,7govern!nce cuts down on unw!nted

interference of too m!n# !#ers whie deivering government! services. It depends on

good infr!structur! setup with the support of oc! processes !nd p!r!meters for

governments to re!ch their citi5ens or end "enefici!ries. (udget for p!nning6

deveopment !nd growth c!n "e derived from we !id out ,7govern!nce s#stems.

The word Beectronic in the term e7/overn!nce impies technoog# driven

govern!nce. ,7/overn!nce is the !ppic!tion of Inform!tion !nd $ommunic!tion

Technoog# ;I$T9 for deivering government services6 eDch!nge of inform!tion

communic!tion tr!ns!ctions6 integr!tion of v!rious st!nd7!one s#stems !nd services

"etween /overnment7to7$iti5ens ;/2$96 /overnment7to7

(usiness;/2(96/overnment7to7/overnment; /2/9 !s we !s "!c) office processes

!nd inter!ctions within the entire government fr!me wor). Through the e7/overn!nce6

the government services wi "e m!de !v!i!"e to the citi5ens in ! convenient6

efficient !nd tr!nsp!rent m!nner. The three m!in t!rget groups th!t c!n "e

distinguished in govern!nce concepts !re /overnment6 citi5ens !nd

"usinessesJinterest groups. In e/overn!nce there !re no distinct "ound!ries.


11/56

/ener!# four "!sic modes !re !v!i!"e7/overnment to $ustomer ;$iti5en96

/overnment to ,mpo#ees6 /overnment to /overnment !nd /overnment to (usinessF

G$)*#!!'* I! IT /#*+$#;

,Dp!nsion of Internet !nd eectronic commerce6 is redefining re!tionships !mong

v!rious st!)e hoders in the process of /overn!nce.

A new mode of govern!nce woud "e "!sed upon the tr!ns!ctions in virtu! sp!ce6

digit! econom# !nd de!ing with )nowedge oriented societies.

,ectronic /overn!nce is !n emerging trend to re7invent the w!# the /overnment

wor)s.

CYBER CRIMES

Cefining c#"er crimes6 !s M!cts th!t !re punish!"e "# the Inform!tion Technoog#

ActM woud "e unsuit!"e !s the Indi!n Pen! $ode !so covers m!n# c#"er crimes6 such !s

em!i spoofing !nd c#"er def!m!tion6 sending thre!tening em!is etc. A simpe #et sturd#

definition of c#"er crime woud "e Mun!wfu !cts wherein the computer is either ! too or !

t!rget or "othM.

$#"ercrime6 especi!# invoving the Internet6 represents !n eDtension of eDisting crimin!

"eh!viour !ongside some nove ieg! !ctivities.

*ost c#"ercrime is !n !tt!c) on inform!tion !"out individu!s6 corpor!tions6 or governments.

Athough the !tt!c)s do not t!)e p!ce on ! ph#sic! "od#6 the# do t!)e p!ce on the person!

or corpor!te virtu! "od#6 which is the set of inform!tion! !ttri"utes th!t define peope !nd

institutions on the Internet.

An import!nt !spect of c#"ercrime is its nonoc! ch!r!cter !ctions c!n occur in ?urisdictions

sep!r!ted "# v!st dist!nces. This poses severe pro"ems for !w enforcement since previous#

oc! or even n!tion! crimes now re:uire intern!tion! cooper!tion. Gor eD!mpe6 if ! person

!ccesses chid pornogr!ph# oc!ted on ! computer in ! countr# th!t does not "!n chid

pornogr!ph#6 is th!t individu! committing ! crime in ! n!tion where such m!teri!s !reieg! Ehere eD!ct# does c#"ercrime t!)e p!ce $#"ersp!ce is simp# ! richer version of


12/56

the sp!ce where ! teephone convers!tion t!)es p!ce6 somewhere "etween the two peope

h!ving the convers!tion. As ! p!net7sp!nning networ)6 the Internet offers crimin!s mutipe

hiding p!ces in the re! word !s we !s in the networ) itsef. owever6 ?ust !s individu!s

w!)ing on the ground e!ve m!r)s th!t ! s)ied tr!c)er c!n foow6 c#"ercrimin!s e!ve

cues !s to their identit# !nd oc!tion6 despite their "est efforts to cover their tr!c)s.

T-* $/ C*# C#(*

1. C$-"*# I!"#($!

The !ct of intruding or g!ining un!uthori5ed !ccess to ! s#stem t#pic!# e!ves tr!ces th!t

c!n "e discovered "# intrusion detection s#stems. One of the go!s of intruders is to rem!in

undetected for !s ong !s possi"e so th!t the# c!n continue with their m!icious !ctivit#

undistur"ed.

H';(!is ! t#pe of computer intrusion. It is the !ct of g!ining un!uthori5ed !ccess to !

computer s#stem or networ) !nd in some c!ses m!)ing un!uthori5ed use of this !ccess.

!c)ing is !so the !ct "# which other forms of c#"er7crime ;e.g.6 fr!ud6 terrorism6 etc.9 !re

committed. An# person who tresp!sses !n# computer6 computer s#stem6 computer networ) or

!n# p!rt thereof6 )nowing#6 with m!icious intentions to g!in !ccess or use or m!)es !n

!ttempt to !ccess or use6 is s!id to commit ! computer crime.

*!icious purpose m!# incude

*one# !undering6 o"t!ining mone#6 theft.

Gr!uduent pretences or represent!tions

Gormu!ting !nd eDecuting !n# fr!uduent scheme

E


13/56

2. I!"*#!*"/#%

In this !ctivit#6 !n individu! receives !n e7m!i !sserting th!t the sender re:uires hep intr!nsferring ! !rge sum of mone# out of one countr# or !nother dist!nt countr#. -su!#6 this

mone# is in the form of !n !sset th!t is going to "e sod6 such !s oi6 or ! !rge !mount of c!sh

th!t re:uires B!undering to conce! its sourceF the v!ri!tions !re endess6 !nd new specifics

!re const!nt# "eing deveoped. The mess!ge !s)s the recipient to cover some cost of moving

the funds out of the countr# in return for receiving ! much !rger sum of mone# in the ne!r

future. Shoud the recipient respond with ! chec) or mone# order6 he is tod th!t

compic!tions h!ve deveopedF more mone# is re:uired. Over time6 victims c!n ose

thous!nds of do!rs th!t !re utter# unrecover!"e.

In m!n# c!ses6 individu!s put products up for s!e on Internet !uction sites6 dem!nd mone#

"efore deiver#6 !nd never fufi their o"ig!tions to the consumer. Such sc!ms !ccount for

!"out h!f of the fr!ud c!ses e!ch #e!r. -ni)e identit# theft6 where the theft occurs without

the victim4s )nowedge6 these more tr!dition! forms of fr!ud occur in p!in sight. The victim

wiing# provides priv!te inform!tion th!t en!"es the crimeF hence6 these !re tr!ns!ction!

crimes. Cespite ! v!st !mount of consumer educ!tion6 Internet fr!ud rem!ins ! growth

industr# for crimin!s !nd prosecutors. ,urope !nd the -nited St!tes !re f!r from the on#

sites of c#"ercrime. South ore! is !mong the most wired countries in the word6 !nd its

c#"ercrime fr!ud st!tistics !re growing !t !n !!rming r!te. =!p!n h!s !so eDperienced !

r!pid growth in simi!r crimes.

3. ATM F#%

Autom!ted teer m!chine ;AT*9 through which m!n# peope now gets c!sh. In order to

!ccess !n !ccount6 ! user suppies ! c!rd !nd person! identific!tion num"er ;PIN9. $rimin!s

h!ve deveoped me!ns to intercept "oth the d!t! on the c!rd4s m!gnetic strip !s we !s the

user4s PIN. In turn6 the inform!tion is used to cre!te f!)e c!rds th!t !re then used to withdr!w

funds from the unsuspecting individu!4s !ccount.

Gor eD!mpe6 in 2002 theNew York Times reported th!t more th!n 216000 Americ!n "!n)

!ccounts h!d "een s)immed "# ! singe group eng!ged in !c:uiring AT* inform!tion

ieg!#. A p!rticu!r# effective form of fr!ud h!s invoved the use of AT*s in shopping
http://www.britannica.com/EBchecked/topic/291494/Internethttp://www.britannica.com/EBchecked/topic/291494/Internet


14/56

centres !nd convenience stores. These m!chines !re free7st!nding !nd not ph#sic!# p!rt of !

"!n). $rimin!s c!n e!si# set up ! m!chine th!t oo)s i)e ! egitim!te m!chineF inste!d of

dispensing mone#6 however6 the m!chine g!thers inform!tion on users !nd on# tes them

th!t the m!chine is out of order !fter the# h!ve t#ped in their PINs. /iven th!t AT*s !re the

preferred method for dispensing currenc# ! over the word6 AT* fr!ud h!s "ecome !n

intern!tion! pro"em.

4. I!"**'" ,#$-*#" F#%

These incude softw!re pir!c#6 cop#right infringement6 tr!dem!r)s vio!tions6 theft of

computer source code etc.

5. , ,*# C('; F#%

$ic) fr!ud ;!so )nown !s p!# per cic) fr!ud9 is ! t#pe of fr!ud th!t occurs on the Internet

in p!# per cic) onine !dvertising when ! person6 !utom!ted script or computer progr!m

imit!tes ! egitim!te user of ! we" "rowser cic)ing on !n !d6 for the purpose of gener!ting !

ch!rge per cic) without h!ving !ctu! interest in the t!rget of the !d@s in). $ic) fr!ud is the

su"?ect of some controvers# !nd incre!sing itig!tion due to the !dvertising networ)s "eing !

)e# "enefici!r# of the fr!ud.

P!# per cic) !dvertising6 or PP$ !dvertising6 is !n !rr!ngement in which we"m!sters

;oper!tors of Ee" sites96 !cting !s pu"ishers6 disp!# cic)!"e in)s from !dvertisers in

eDch!nge for ! ch!rge per cic). ,!ch time ! ;"eieved to "e9 v!id Ee" user cic)s on !n !d6

the !dvertiser p!#s the !dvertising networ)6 who in turn p!#s the pu"isher ! sh!re of this

mone#. This revenue7sh!ring s#stem is seen !s !n incentive for cic) fr!ud.

E


15/56

Cisputes over the issue h!ve resuted in ! num"er of !wsuits. In one c!se6 /ooge ;!cting !s

"oth !n !dvertiser !nd !dvertising networ)9 won ! !wsuit !g!inst ! TeD!s comp!n# c!ed

Auction ,Dperts ;!cting !s ! pu"isher96 which /ooge !ccused of p!#ing peope to cic) on

!ds th!t !ppe!red on Auction ,Dperts@ site6 costing !dvertisers L06000. Cespite networ)s@

efforts to stop it6 pu"ishers !re suspicious of the motives of the !dvertising networ)s6

"ec!use the !dvertising networ) receives mone# for e!ch cic)6 even if it is fr!uduent.

6. ,((!=C#%(! !% M$!* L!%*#(!

In computing6 phishing ;!so )nown !s c!rding !nd spoofing9 is ! form of soci! engineering6

ch!r!cteri5ed "# !ttempts to fr!uduent# !c:uire sensitive inform!tion6 such !s p!sswords

!nd credit c!rd det!is6 "# m!s:uer!ding !s ! trustworth# person or "usiness in !n !pp!rent#

offici! eectronic communic!tion6 such !s !n em!i spoofing or !n inst!nt mess!ge. The term

phishing !rises from the use of incre!sing# sophistic!ted ures to MfishM for users@ fin!nci!

inform!tion !nd p!sswords. It often directs users to enter det!is !t ! f!)e we"site whose oo)

!nd fee !re !most identic! to the egitim!te one. /ener!#6 the# !so cre!te ! Moo)7!7i)eM

we"site th!t is designed to cose# resem"e the t!rget comp!n#@s offici! site.

This f!)e we"site m!# present ! form which m!# re:uest the user to fi in priv!te

inform!tion such !s credit c!rd det!is !nd "!n)ing det!is. These det!is !re then misused "#

the sc!mmers.

,D!mpe In 20117126 em!is were received on "eh!f of &!rsen !nd Tou"ro reg!rding

recruitments which !s)ed the receiver to su"mit credit c!rd det!is !nd tr!nsfer ! cert!in

!mount to ! "!n) !ccount to !pp# for the process. This w!s ! ce!r c!se of phishing sc!m.

C* $/ ,((!

One fin!nci! Institute registered ! crime st!ting th!t some persons ;Bperpetr!tors9 h!ve

perpetr!ted cert!in !cts through mise!ding em!is ostensi"# em!n!ting from I$I$I (!n)4s

em!i IC. Such !cts h!ve "een perpetr!ted with !n intent to defr!ud the $ustomers.

The Investig!tion w!s c!rried out with hep of those em!is received "# the customers of th!t

fin!nci! Institute !nd !rrested the !ccused 6 the p!ce of offence !t Qi?!#w!d! w!s se!rched

for the evidence . There one &!p Top !nd *o"ie Phone w!s sei5ed which w!s used for the

commission of the crime


16/56

The !rrested !ccused h!d used open source code em!i !ppic!tion softw!re for sending sp!m

em!is. e h!s down o!ded the s!me softw!re from net !nd then used it !s it is.

e used on# QSN& em!is to sp!m the em!i to customers of fin!nci! Institute "ec!use

QSN& em!i service provider do not h!ve sp!m "oD to "oc) the unsoicited em!is.

After sp!mming em!is to fin!nci! Institute customers he got the response from !round 120

customers of which 80 !re genuine !nd others !re not correct "ec!use it do not h!ve de"it

c!rd det!is !s re:uired for e7"!n)ing.

The fin!nci! Institute customers those who h!ve received his em!i fet th!t the em!i w!s

origin!ted from the fin!nci! Institute "!n). Ehen the# fied the confidenti! inform!tion !nd

su"mitted th!t time s!id inform!tion w!s directed to !ccused. This w!s possi"e "ec!use the

d#n!mic in) w!s given in the first p!ge ;ome p!ge9 of the f!)e we" site. The d#n!mic in)

me!ns when peope cic) on the in) provided in sp!mming em!i th!t time on# the in) wi

"e !ctiv!ted. The d#n!mic in) w!s coded "# h!nding the Internet ,Dporer oncic);9 event

!nd the inform!tion of the form wi "e su"mitted to the we" server ;Ehere the f!)e we" site

is hosted9. Then server wi send he d!t! to configured em!i !ddress !nd in this c!se em!i

configured w!s to the !ccused em!i . So on su"mission of the confidenti! inform!tion the

inform!tion w!s directed to em!i IC !ccused em!i .The ! the inform!tion !fter fishing

;user n!me6 p!ssword6 Tr!ns!ction p!ssword6 Ce"it c!rd Num"er !nd PIN6 mothers m!iden

n!me9 which he h!d received through Ei7Gi internet connectivit# of 'ei!nce.com which w!s

!v!i!"e on his Acer &!p Top. This crime !ttr!cts punishment of 3 #e!rs imprisonment !nd

fine up to 2 !cs rupees.


17/56

C*# C#(* S""("('


18/56

C* #*("*#*% !%*# "* I.T A'"


19/56

S""* +(* C#(* R*'$#%*%

C"*$#(* $/ C#(*


20/56

C*# C/* L+

These rues !re c!ed the Inform!tion Technoog# ;/uideines for $#"er $!fe9 'ues6 2011.


21/56

The Act defines ! '*# '/*!s me!ning B!n# f!ciit# from where !ccess to the internet is

offered "# !n# person in the ordin!r# course of "usiness to the mem"ers of the pu"ic. This

woud incude internet !ccess provided in !irports6 in rest!ur!nts6 !nd in m!n# other p!ces

where the provisions of these rues ;such !s those !"out height of p!rtitions6 etc.9 ?ust wi not

"e pr!ctic!"e. Thus6 this provision wi h!ve unintended conse:uences.

B'egistr!tion Agenc# me!ns !n !genc# design!ted "# the Appropri!te /overnment to

register c#"er c!f for their oper!tionF

B&og 'egister me!ns ! register m!int!ined "# the $#"er $!f for !ccess !nd use of

computer resourceF

B-ser me!ns ! person who !v!is or !ccess the computer resource !nd incudes other

persons ?oint# p!rticip!ting in !v!iing or !ccessing the computer resource in ! c#"er c!f.

A c#"er c!fes sh! "e registered with ! uni:ue registr!tion num"er with !n !genc# c!ed !s

registr!tion !genc# !s notified "# the Appropri!te /overnment in this reg!rd.

I%*!"(/('"($! $/ *#

;19 The $#"er $!f sh! not !ow !n# user to use its computer resource without the identit#

of the user "eing est!"ished. The intending user m!# est!"ish his identif# "# producing !

document which sh! identif# the users to the s!tisf!ction of the $#"er $!f.

;29 The $#"er $!fe sh! )eep ! record of the user identific!tion document "# either storing !

photocop# or ! sc!nned cop# of the document du# !uthentic!ted "# the user !nd !uthorised

represent!tive of c#"er c!fe. Such record sh! "e secure# m!int!ined for ! period of !t e!st

one #e!r.

;39 In !ddition to the identit# est!"ished "# ! user6 he m!# "e photogr!phed "# the $#"er

$!fe using ! we" c!mer! inst!ed on one of the computers in the $#"er $!fe for est!"ishing

the identit# of the user. Such we" c!mer! photogr!phs6 du# !uthentic!ted "# the user !nd

!uthorised represent!tive of c#"er c!fe6 sh! "e p!rt of the og register which m!# "e

m!int!ined in ph#sic! or eectronic form.


22/56

;9 A minor without photo Identit# c!rd sh! "e !ccomp!nied "# !n !dut with !n# of the

documents !s re:uired under su"7rue ;19.

;9 A person !ccomp!n#ing ! user sh! "e !owed to enter c#"er c!f !fter he h!s est!"ished

his identit# "# producing ! document isted in su"7rue ;19 !nd record of s!me sh! "e )ept in

!ccord!nce with su"7rue ;29.

;A ?C$-*!"($! /$# /(#* "$ -#$"*'" %"@


23/56

New Section 37de!ing with compens!tion for f!iure to protect d!t! w!s introduced in the

ITAA 72008. This is !nother w!tershed in the !re! of d!t! protection especi!# !t the

corpor!te eve.

As per this Section6 where ! "od# corpor!te is negigent in impementing re!son!"e securit#

pr!ctices !nd there"# c!uses wrongfu oss or g!in to !n# person6 such "od# corpor!te sh!

"e i!"e to p!# d!m!ges "# w!# of compens!tion to the person so !ffected.

The Section further eDp!ins the phr!se H"od# corpor!te4 !nd :uite signific!nt# the phr!ses

Hre!son!"e securit# pr!ctices !nd procedures4 !nd Hsensitive person! d!t! or inform!tion4.

;need eDp!n!tion of the !"ove phr!ses9

Thus the corpor!te responsi"iit# for d!t! protection is gre!t# emph!si5ed "# inserting

Section 3A where"# corpor!tes !re under !n o"ig!tion to ensure !doption of re!son!"e

securit# pr!ctices. Gurther wh!t is sensitive person! d!t! h!s since "een c!rified "# the

centr! government vide its Notific!tion d!ted 11 Apri 2011 giving the ist of ! such d!t!

which incudes p!ssword6 det!is of "!n) !ccounts or c!rd det!is6 medic! records etc. After

this notific!tion6 the IT industr# in the n!tion incuding techs!vv# !nd wide# technoog#7

"!sed "!n)ing !nd other sectors "ec!me sudden# !w!re of the responsi"iit# of d!t!

protection !nd ! gener! !w!reness incre!sed on wh!t is d!t! priv!c# !nd wh!t is

the roe of top m!n!gement !nd the Inform!tion Securit# Cep!rtment in org!nis!tions in

ensuring d!t! protection6 especi!# whie h!nding the customers4 !nd other third p!rt# d!t!.

'e!son!"e Securit# Pr!ctices

Site certific!tion

Securit# initi!tives

Aw!reness Tr!ining

$onform!nce to St!nd!rds6 certific!tion

Poicies !nd !dherence to poicies

Poicies i)e p!ssword poic#6 Access $ontro6 em!i Poic# etc

Periodic monitoring !nd review.

The Inform!tion Technoog# ;'e!son!"e securit# pr!ctices !nd procedures !nd sensitive

person! d!t! or inform!tion9 'ues h!ve since "een notified "# the /overnment of Indi!6

Cept of I.T. on 11 Apri 2011. An#"od# corpor!te or ! person on its "eh!f sh! "e

considered to h!ve compied with re!son!"e securit# pr!ctices !nd procedures6 if the# h!ve


24/56

impemented such securit# pr!ctices !nd st!nd!rds !nd h!ve ! comprehensive documented

inform!tion securit# progr!mme !nd inform!tion securit# poicies cont!ining m!n!geri!6

technic!6 oper!tion! !nd ph#sic! securit# contro me!sures commensur!te with the

inform!tion !ssets "eing protected with the n!ture of "usiness.

In the event of !n inform!tion securit# "re!ch6 the "od# corpor!te or ! person on its "eh!f

sh! "e re:uired to demonstr!te6 !s !nd when c!ed upon to do so "# the !genc# m!nd!ted

under the !w6 th!t the# h!ve impemented securit# contro me!sures !s per their documented

inform!tion securit# progr!mme !nd inform!tion securit# poicies.

In view of the foregoing6 it h!s now "ecome ! m!?or compi!nce issue on the p!rt of not on#

IT comp!nies "ut !so those in the (!n)ing !nd Gin!nci! Sector especi!# those "!n)s with

huge computerised oper!tions de!ing with pu"ic d!t! !nd depending he!vi# on technoog#.

In times of ! itig!tion or !n# securit# "re!ch resuting in ! c!im of compens!tion of

fin!nci! oss !mount or d!m!ges6 it woud "e the huge responsi"iit# on the p!rt of those

"od# corpor!te to prove th!t th!t s!id B'e!son!"e Securit# Pr!ctices !nd Procedures were

!ctu!# in p!ce !nd ! the steps mentioned in the 'ues p!ssed in Apri 2011 st!ted !"ove6

h!ve "een t!)en.

In the ne!r future6 this is one of the sections th!t is going to cre!te much noise !nd "e the

su"?ect of much de"!tes in the event of itig!tions6 i)e in re7defining the roe of !n empo#ee6

the responsi"iit# of !n empo#er or the top m!n!gement in d!t! protection !nd issues i)e the

!ctu! !nd vic!rious responsi"iit#6 the !ctu! !nd contri"utor# negigence of ! st!)e hoders

invoved etc.

The issue h!s wider r!mific!tions especi!# in the c!se of ! coud computing scen!rio. $oud

$omputing is the pr!ctice of using ! networ) of remote servers hosted on the Internet to

store6 m!n!ge6 !nd process d!t!6 r!ther th!n ! oc! server6 with the services m!n!ged "# the

provider sod on dem!nd6 for the !mount of time used. In coud computing where more !nd

more org!nis!tions h!nde the d!t! of others !nd the inform!tion is stored esewhere !nd not

in the owners4 s#stem. Possi"#6 more de"!tes wi em!n!te on the :uestion of inform!tion

owners vis ! vis the inform!tion cont!iner !nd the inform!tion custodi!ns !nd the Service

&eve Agreements of ! p!rties invoved wi !ssume ! gre!ter signific!nce.


25/56

,*!"(*

!ving de!t with civi offences6 the Act then goes on to descri"e civi remed# to such

offences. Ad?udic!tion powers !nd procedures h!ve "een e!"or!te# !id down in Sections 0F or

;(9 )nowing# or intention!# penetr!tes or !ccesses ! computer resource without

!uthoris!tion or eDceeding !uthorised !ccess6 !nd "# me!ns of such conduct o"t!ins !ccess to

inform!tion6 d!t! or computer d!t!"!se th!t is restricted for re!sons of the securit# of the

St!te or foreign re!tionsF or !n# restricted inform!tion6 d!t! or computer d!t!"!se6 with

re!sons to "eieve th!t such inform!tion6 d!t! or computer d!t!"!se so o"t!ined m!# "e used

to c!use or i)e# to c!use in?ur# to the interests of the sovereignt# !nd integrit# of Indi!6 the

securit# of the St!te6 friend# re!tions with foreign St!tes6 pu"ic order6 decenc# or mor!it#6

or in re!tion to contempt of court6 def!m!tion or incitement to !n offence6 or to the

!dv!nt!ge of !n# foreign n!tion6 group of individu!s or otherwise6 commits

the offence of c#"er terrorism.

;29 Ehoever commits or conspires to commit c#"er terrorism sh! "e punish!"e with

imprisonment which m!# eDtend to imprisonment for ife.


29/56

S*'"($! 67

Section de!s with pu"ishing or tr!nsmitting o"scene m!teri! in eectronic form. The

e!rier Section in ITA w!s !ter widened !s per ITAA 2008 in which chid pornogr!ph# !nd

retention of records "# intermedi!ries were ! incuded.

Pu"ishing or tr!nsmitting o"scene m!teri! in eectronic form is de!t with here. Ehoever

pu"ishes or tr!nsmits !n# m!teri! which is !scivious or !ppe!s to the prurient interest or if

its effect is such !s to tend to depr!ve !nd corrupt persons who !re i)e# to re!d the m!tter

cont!ined in it6 sh! "e punished with first conviction for ! term upto three #e!rs !nd fine of

five !)h rupees !nd in second conviction for ! term of five #e!rs !nd fine of ten !)h rupees

or "oth.

,$#!$#- !% $'*!* (!/$#"($! An !ddition to the $#"er $!fe rues is th!t !

computers h!ve to "e e:uipped with the Bcommerci!# !v!i!"e s!fet# or fitering softw!re

so !s to the !void6 !s f!r !s possi"e6 !ccess to the we"sites re!ting to pornogr!ph# incuding

chid pornogr!ph# or o"scene inform!tion.

The other p!rt is th!t B$#"er $!fe4s !re m!nd!ted to disp!# ! "o!rd6 ce!r# visi"e to the

users6 prohi"iting them from viewing pornogr!phic sites !s we !s cop#ing or downo!ding

inform!tion which is prohi"ited under the !w. Ehich rest!ur!nt which gives users Internet

!ccess wi w!nt to do this

One positive ch!nge in the rues is th!t of inspection. In the e!rier rues6 !n office not "eow

the r!n) of Poice Officer w!s !uthori5ed to inspect the $#"er $!fe !nd networ)F in the

ch!nged rues6 !n officer of the registr!tion !genc# wi "e !uthori5ed. This me!ns th!t the

h!r!ssment of $#"er $!fe ownersJm!n!gers woud pro"!"# not "e done "# ! poice officer.

Im!gine ! rest!ur!nt with EiGi6 s!#6 the *!r)et $!fe in h!n *!r)et6 Cehi6 h!ving to

conform to these rues. Or im!gine us w!nting to give EiGi !ccess !t ! conference K wi we

need to register !s ! $#"er $!fe It ?ust won4t h!ppen. As with most other rues6 these rues

wi pro"!"# not "e enforced6 "ut the pro"em is in the eDception! c!ses6 when the# !re used

in order to h!r!ss est!"ishments. *ost of us re!ding this thin) th!t it c!n4t h!ppen to us6 "ut

the f!ct is th!t it c!n. I4ve he!rd ! c!se of "i5!rre re:uests "eing m!de of ! we"site owner

"ec!use of something he pu"ished !nd !ter retr!cted6 !s ong !s four #e!rs !fter the


30/56

retr!ction.

The provisions in the !w need to "e more i"er! in order to prevent its misuse "# !wm!)ers6

!nd in our opinion6 these $#"er$!fe guideines h!ve cre!ted the found!tion for further

h!r!ssment.

R*$! /$# ,$#!$#- *(! !$" (*

P!w!n Cugg!6 ! !w#er who speci!i5es in IT !ws6 s!id the new guideines were !r"itr!r#.

ME!tching pornogr!ph# is not ieg! in Indi!6M he s!id. MIt@s !"surd to !s) c#"er c!fe owners

to te their customers not to !ccess pornogr!phic m!teri! even !s !w !ows individu!s to

!ccess !dut we"sites uness it@s not chid pornogr!ph#. The new rues re:uire ! second oo).M

The new rues suggest c!fe owners inst! fitering softw!re !nd )eep ! og of ! we"sites

!ccessed "# customers for !t e!st one #e!r. $!fe owners h!ve !so "een !s)ed not to "uid !

c!"inJcu"ice with ! height of more th!n four !nd h!f feet. In ! c#"er c!fe where there !re no

cu"ices6 Mowners wi h!ve to p!ce computers with the screens f!cing outw!rdM or tow!rds

open sp!ce. The move is !imed !t reducing priv!c# ! c#"er c!fe user c!n get.

Cugg! s!id if impemented e!rnest#6 the new rues wi put most of c#"er c!fe owners out of

"usiness.

Internet !ctivists termed the guideines Munconstitution!M. Pr!nesh Pr!)!sh6 ! progr!mme

m!n!ger with $entre of Internet !nd Societ#6 s!id the rues wi vio!te priv!c# !nd wi

h!mper internet users@ !"iit# to free# eDpress themseves.

The new rues m!)e it m!nd!tor# for user to c!rr# !n identit# c!rd. $#"er c!fe owners h!ve"een !s)ed to give user ogs to the Mregistr!tion !genc#M ever# month !s we )eep these

records !ong with the og of we"sites !ccessed !t the c#"er c!fe s!fe for ! period of one #e!r.

A few c!fe owners s!id th!t technic!#6 it woud "e ! d!unting t!s) to )eep ! record of ever#

we"site !ccessed using their computers for ! #e!r.

Ehie minors6 if c!rr#ing identit# c!rds h!ve "een permitted to use computers in ! c#"er c!fe6

the# won@t "e !owed inside cu"ices if not !ccomp!nied "# gu!rdi!ns or p!rents. There is

!so provision of photogr!phing c#"er c!fe users using ! we"c!m or other device. The
http://timesofindia.indiatimes.com/topic/Indiahttp://timesofindia.indiatimes.com/topic/India


31/56

photogr!phs wi h!ve to "e !uthentic!ted "# the user. Pr!)!sh s!id th!t photogr!phing users

r!ises serious priv!c# :uestions6 especi!# in the c!se of chidren.

S*'"($! 6

This section empowers the /overnment or !gencies !s stipu!ted in the Section6 to intercept6

monitor or decr#pt !n# inform!tion gener!ted6 tr!nsmitted6 received or stored in !n#

computer resource6 su"?ect to compi!nce of procedure !s !id down here.

This power c!n "e eDercised if the $entr! /overnment or the St!te /overnment6 !s the c!se

m!# "e6 is s!tisfied th!t it is necess!r# or eDpedient in the interest of sovereignt# or integrit#

of Indi!6 defence of Indi!6 securit# of the St!te6 friend# re!tions with foreign St!tes or pu"ic

order or for preventing incitement to the commission of !n# cogni5!"e offence re!ting to

!"ove or for investig!tion of !n# offence.

ROLE OF IT IN BAN9ING SECTOR

;19 Adv!ncement in technoog# h!s ventured new products6 new services6 new m!r)ets

!nd h!s ch!nged the entire deiver# ch!nne for the "!n)ing industr#.;29 Inform!tion Technoog# h!s !so provided "!n)ing industr# new me!ns to de! with

the ch!enges posed "# the ch!nging econom#. Inform!tion technoog# h!s !imed !t


32/56

the incre!sing the speed !nd rei!"iit# of fin!nci! oper!tions !nd h!s further

strengthen the "!n)ing sector.;39 The progress of technoog# !nd the deveopment of wordwide networ) h!ve

signific!nt# reduced the cost of go"! fund tr!nsfer.

;9 IT h!s en!"ed "!n)s to s!tisf# the ever incre!sing dem!nds of the customers who !re

techno7s!vv#.;9 IT h!s "een providing soutions to "!n)s for the !ccounting !nd "!n) office

re:uirements.; e7*onies ,ectronic Gund Tr!nsfer J e$he:ues

8 Onine P!#ment of ,Dcise % Service T!D

(i P!#ments

10 $!rd to $!rd Gunds Tr!nsfer

11 (!n)ome ;i9 ,Dpress Ceiver#

12 $!sh on T!p ;ii9 Norm! Ceiver#

13 Sm!rt *one# Order

Some products c!n "e eDp!ined !s foows

1. A"$"(' T**# M'(!* ?ATM@

An AT* is ! computeri5ed teecommunic!tions device th!t provides ! customers ! secure

method of performing fin!nci! tr!ns!ctions in ! pu"ic sp!ce without the need for ! hum!n

cer) or "!n) teer. AT*s !re in)ed to "!n)4s centr! computer !nd identif# the customer


33/56

through m!gnetic coding on the c!rd provided to customer !nd Person! Identific!tion

Num"er ;PIN96 )e#ed in "# the customer. It upd!tes the !ccount of the customer !fter the

competion of the tr!ns!ction. This !so proves to "e !n !dvertising !gent for the comp!n#.

The tr!ns!ction using AT* c!n r!nge from simpe tr!ns!ctions invoving c!sh withdr!w!s

!nd deposits to m!)ing hote reserv!tions etc.

2. E*'"#$!(' F!% T#!/*# ?EFT@

To tr!nsfer funds inst!nt# !mong v!rious "r!nches !t v!rious oc!tions in the countr#F "#

connecting these "r!nches through ! networ) using the !test communic!tion technoog#

which incudes s!teite6 e!sed ines6 di!7up ines etc.

3. SMS B!;(!

It is ! technoog#7en!"ed service offering from "!n)s to its customers6 permitting them to

oper!te seected "!n)ing services over their mo"ie phones using S*S mess!ging.S*S

(!n)ing services !re oper!ted using "oth Push !nd Pu *ess!ges

Push mess!ges !re those th!t the "!n) chooses to send out to ! customer4s mo"ie phone6

without the customer initi!ting ! re:uest for the inform!tion6 these !re either *o"ie

*!r)eting mess!ges or mess!ges !erting !n event which h!ppens in the customer4s "!n)

!ccount6 such !s ! !rge p!#ment using the customer4s credit c!rd6 etc.

Pu mess!ges !re those th!t !re initi!ted "# the customer6 using ! mo"ie phone6 for o"t!ining

inform!tion or performing ! tr!ns!ction in the "!n) !ccount.Pu mess!ges incude !n !ccount

"!!nce en:uir#6 or re:uests for current inform!tion i)e deposit interest r!tes6 !s pu"ished

!nd upd!ted "# the "!n).

4. I!"*#!*" B!;(!

(!n)s !nd fin!nci! services firms !re now w!)ing up to the tremendous potenti! of

internet. Internet "!n)ing m!# "e done through ! "!n)4s we"site where "!n) !so h!s !

ph#sic! structure or user c!n choose ! Bvirtu! "!n) or fin!nci! institution th!t h!s no

pu"ic "uiding !nd eDists on# onine. Internet "!n)ing is usu!# conducted through !

person! computer ;P$9 th!t connects to ! "!n)ing we" site vi! the Internet. Internet "!n)ing

!so c!n "e conducted vi! wireess technoog# through "oth Person! Cigit! Assist!nts

;PCAs9 !nd $eu!r Phones. Internet "!n)ing6 !p!rt from providing gener! "!n)ing

f!ciities to customers6 provides foowing !ddition! services 7


34/56

. *TAX

(!n)s i)e IC(I h!ve e!sed the process of t!D p!#ment "# impementing the eTA

pro?ect. P!#ment of eDcise !nd customs dut# over the Internet is !so possi"e.S(I e7

t!D is !n onine p!#ment f!ciit#. This f!ciit# s!ves time6 is convenient6 h!sse free

!nd p!peress. It is !v!i!"e on ! 2 D > "!sis !nd en!"es user to p!# t!Des onine6

with e!se !nd simpicit#.

. O!(!* R*(""!'*

Another eD!mpe of how we IT h!s "een !igned with "!n)ing6 !nd is providing

v!ue to customers6 is "etter onine remitt!nces from !round the word. (enefici!ries

in Indi! !re credited with remitt!nce mone# within hours.

'. O!(!* B!'#!'*

It is ! p!c)!ge of fin!nci! services invoving distri"ution of insur!nce products

through "!n)4s "r!nch networ). Onine (!nc!ssur!nce f!ciit!tes customer to p!#

insur!nce premium6 !t ! ow cost6 "# visiting the concerned "!n)4s we"site. This h!s6

ed to the migr!tion of customers from high cost "r!nch tr!ns!ction to ow7cost onine

interf!ces6 "ringing down the tot! cost per tr!ns!ction.

%. B( ,*!"

,ectronic "i p!#ment is ! fe!ture of onine "!n)ing6 !owing ! depositor to send

mone# from his dem!nd !ccount to ! creditor or vendor such !s ! pu"ic utiit# or !

dep!rtment store to "e credited !g!inst ! specific !ccount.The p!#ment is optim!#

eDecuted eectronic!# in re! time6 though some fin!nci! institutions or p!#ment

services wi w!it unti the neDt "usiness d!# to send out the p!#ment.

*. O"*# * A%%*% S*#)('*

Some "!n)s !so offer v!ue !dded services in the !re!s of '!iw!# reserv!tion. The f!ciit#

h!s "een !unched w.e.f. Septem"er 16 2003 in !ssoci!tion with I'$T$. The scheme

f!ciit!tes (oo)ing of '!iw!#s Tic)et Onine. Thus6 customer doesn4t h!ve to their entr# into

the soci! networ)ing sites. Athough the# h!ve not "een entire# successfu !s of now6 there

is ! good ch!nce th!t the# coud wrec) h!voc on th!t sp!ce.


35/56

NASSCOM

I!"#$%'"($!

The N!tion! Associ!tion of Softw!re !nd Services $omp!nies ;NASS$O*9 is ! tr!de!ssoci!tion of Indi!n Inform!tion Technoog# ;IT9 !nd (usiness Process Outsourcing ;(PO9industr#. ,st!"ished in 1886 NASS$O* is ! non7profit org!ni5!tion.It is the go"! tr!de "od# with over 1200 mem"ers6 of which 20 !re go"! comp!nies6form -S6 -6 ,-6 =!p!n !nd $hin!. The mem"ers !re "!sic!# in the "usiness of softw!redeveopment6 softw!re services6 softw!re products6 IT7en!"edJ(PO services !nd e7commerce. NASS$O* w!s set up in 188 to f!ciit!te "usiness !nd tr!de in softw!re !ndservices !nd to encour!ge !dv!ncement of rese!rch in softw!re technoog#.It is the strongest proponent of go"! free tr!de6 !nd is committed to wor) pro!ctive# toencour!ge its mem"ers to !dopt word c!ss m!n!gement pr!ctices6 "uid !nd uphod highestst!nd!rds in :u!it#6 securit# !nd innov!tion !nd rem!in competitive in tod!#4s r!pid#ch!nging technoog# !ndsc!pe. It is the most rei!"e source of d!t! !nd inform!tion in theIndi! Softw!re Industr#.In Indi! !nd !round the word6 NASS$O* mem"ers !re p!rticip!nts in the new go"!econom# !nd !re reputed for their cutting7edge "usiness pr!ctices !nd soci! initi!tives.

N'$ (($!

NASS$O*@s vision is to est!"ish Indi! !s the 21st centur#@s softw!re powerhouse !nd

position the countr# !s the go"! sourcing hu" for softw!re !nd services.*em"ers en?o# sever! "enefits incuding inform!tion on ch!nges in poicies of the/overnment of Indi! with reg!rds to computer softw!re !nd IT services.

A( !% O*'"()*

The prim!r# o"?ective of NASS$O* is to !ct !s ! c!t!#st for the growth of the softw!redriven IT industr# in Indi!. Other go!s incude f!ciit!tion of tr!de !nd "usiness in softw!re!nd services6 encour!gement !nd !dv!ncement of rese!rch6 prop!g!tion of educ!tion !ndempo#ment6 en!"ing the growth of the Indi!n econom# !nd provide compeing "usiness

"enefits to go"! economies "# go"! sourcing.

NASS$O* !so ende!vors to ever!ge IT !nd n!rrow the digit! divide in Indi! !nd en!"eher citi5ens to en?o# the "enefits of IT. It !so "oosts the process of Innov!tionF IT wor)forcedeveopment !nd enh!nce c#"er securit#.

,#"!*#(- +(" "* G$)*#!*!"

NASS$O* !cts !s !n !dvisor6 consut!nt !nd coordin!ting "od# for the softw!re !ndservices industr# in Indi!.

NASS$O* h!s p!#ed ! )e# roe in en!"ing the government in Indi! to deveop industr#friend# poicies. It h!s "een ! proponent of free tr!de6 !rguing for 5ero t!riff protection6

strong inteectu! propert# !nd d!t! protection !ws6 deregu!tion of the teecom m!r)et !nd


36/56

the cre!tion of softw!re technoog# p!r)s !nd priv!te sector p!rticip!tion in the educ!tions#stem 7 me!sures which h!ve resuted in signific!nt growth of the industr#.

NASS$O* !so p!#s ! roe in eng!ging with go"! !i!nces on softw!re :u!it# st!nd!rds6immigr!tion poicies6 ETO !nd free tr!de in services6 !nd neDt7gener!tion "est pr!ctices ingo"! sourcing of services.

R**#'

NASS$O* undert!)es rese!rch on the I$T industr# in Indi! !nd the word in order tocontinuous# educ!te its mem"ers of new "usiness opportunities6 "usiness pr!ctices in go"!m!r)ets6 potenti! thre!ts to industr# growth !nd !ttr!ct !ddition! investments in Indi!.

(" $/ ,#$%'" !% S*#)('*

NASS$O* strong# "eieves in encour!ging its mem"ers to provide go"! :u!it# products!nd services. The !ssoci!tion provides !ssist!nce to its mem"ers in !chieving intern!tion!:u!it# certific!tions "# org!ni5ing semin!rs !nd re!ted progr!ms on :u!it# st!nd!rds !nddissemin!ting reev!nt inform!tion.

I!"**'" ,#$-*#" R("

NASS$O* is !n !rdent supporter of strong inteectu! propert# !ws in Indi!.NASS$O* !so !unched the countr#@s first !nti7pir!c# hotine !nd Indi!@s first !nti7pir!c#to7free hotine. NASS$O* h!s !so successfu# f!ciit!ted enforcement !ws !g!instsoftw!re pir!c# in Indi! !nd heped introduce $#"er &!ws.

,#"!*#(- +(" M**#

The org!ni5!tion provides v!rious services to its mem"ers such !s the foowing

$re!ting "usiness opportunities !nd sh!ring of "est pr!ctices )nowedge through

forums6 semin!rs !nd conferences Pu"ishing rese!rch reports th!t provide the mem"ers counse from e!ding industr#

!n!#sts. The org!ni5!tion !so m!int!ins ! d!t!"!se of mem"er comp!nies specif#ingtheir !re!s of eDpertise.

Providing inform!tion on go"! "usiness norms on t!D!tion6 regu!tions6 recruitment6

etc.

NASSCOM INITIATIES INCLDE

The Comestic *!r)et Initi!tive6 cre!ted to integr!te the IT !nd non7IT sectors !nd to

p!n for continued IT industr# growth.

The Innov!tion Initi!tive6 cre!ted to foster !n environment th!t meets the specific

needs of Indi!n "usinesses of ! si5es.

The ,duc!tion Initi!tive6 cre!ted to provide !ddition! tr!ining !nd s)i enh!ncement

to improve gr!du!te empo#!"iit#. This initi!tive !so interf!ces "etween industr#6

!c!demi! !nd government.


37/56

The Eomen in &e!dership7IT Initi!tive6 cre!ted to incre!se the num"er of women

entering the IT7(PO industr# !nd enh!nce the c!reer prospects for those women in the

industr#.

The Securit# Initi!tive6 cre!ted to promote inform!tion securit# !nd compi!nce

through pu"ic educ!tion !nd cre!tion of ! securit#7!w!re environment.

THE CRIME AND CRIMINAL TRAC9ING NETWOR9 AND SYSTEMS ?CCTNS@

I!("("()* NASSCOM & N"($! C#(* R*'$#% B#* M(!("# $/ H$* A//(#

Eith the $$TNS in p!ce6 ! inform!tion wi "e !v!i!"e onine. Inform!tion reg!rdingfingerprints6 unidentified "odies6 missing persons6 stoen vehices6 stoen !rms6 etc.6 wi "e

?ust ! cic) !w!#.

G!ciit!te coection6 stor!ge6 retriev!6 !n!#sis6 tr!nsfer !nd sh!ring of d!t! !nd Inform!tion!mong Poice St!tions6 Cistrict6 St!te he!d:u!rters !nd other org!ni5!tionJ!gencies6 incudingthose !t /overnment of Indi! eve.

ep in en!"ing !nd !ssisting the senior Poice Officers in "etter m!n!gement of

Poice Gorce

eeping tr!c) of the progress of the crime !nd crimin! investig!tion !nd prosecution

c!ses6 incuding progress of c!ses in the court

ep in reducing the m!nu! !nd redund!nt record )eeping.

C$-#($! *"+**! I!%(! C*# + & ,((--(!* C*# L+

INDIAN CYBER LAWS ,HILI,INNES CYBER LAWS

$iti5ens c!n !v!i wider freedom of Greedom of eDpression is restricted due to


38/56

eDpression sternness of the !w

The punishments under this !w !re ess

severe

The punishments !re h!rsh. Onine crimes !re

punished more severe# th!n the re! crime

which incudes fine of miion "uc)s or up to

12 #e!rs in ?!i.

$hid pornogr!ph# % c#"er s:u!tting is

punish!"e under this !w.

The !mendment under this !w on 3 rdOcto"er

2012 proposed to remove chid pornogr!ph#

% c#"er s:u!tting.

There is no such provision under this !w. This !w m!nd!tes N!tion! (ure!u of

investig!tion % Phiippine n!tion! poice to

org!ni5e c#"er crime units st!ffed "# speci!

investig!tors who !re soe# responsi"e to

h!nde c#"ercrime c!ses.

Person! d!t! of citi5ens is e!si# !ccessi"e. Person! d!t! of citi5ens is )ept high#

confidenti!

CASE STDIES

NMIMS

In ! m!?or educ!tion7re!ted r!c)et "ust6 siD persons h!ve "een identified for h!ving

imperson!ted 8> c!ndid!tes in the N!rsee *on?ee *!n!gement Aptitude Test ;N*AT9 which

w!s hed from Octo"er 11 to Cecem"er 16 2012. A ?oint te!m of the c#"er7crime poice !nd

-nit 86 $rime (r!nch6 *um"!i h!s !rrested one of these imperson!tors whie the rem!ining

five !re #et to "e c!ught6 c!imed the *um"!i7"!sed N!rsee *on?ee Institute of *!n!gement


39/56

Studies ;N*I*S9 -niversit#6 which conducts the N*AT for !dmissiSons to its *(A

progr!ms.

The !eged imperson!tor c!ught unti now is n!med Ao) um!r. In !ddition6 the poice

c!imed to h!ve !rrested five other peope who were org!nising the

m!pr!ctice. (r!?endr!pr!t!p Singh6 one of these !ccused6 h!d promised one student of

securing him p!ssing m!r)s in the N*AT through m!n!gement :uot! for 's 1 !)h.

There!fter6 the !ccused too) 's >. !)h !s !dv!nce from the student !nd empo#ed ! dumm#

c!ndid!te to t!)e the test in p!ce of the student. The !ccused then informed the student th!t

he h!d p!ssed the N*AT eD!m !nd h!d "een shortisted for the group discussion !nd

interview. The student woud then "e !s)ed to p!# up the rem!ining 's >. !)h.

The other !ccused h!ve "een tr!ced !nd !rrested from Cehi6 -tt!r Pr!desh !nd

Pune. !num!nt Singh /u?!r@s credit c!rd w!s used to p!# the !dmission fees for some of the

students whie his "rother Sugriv Singh /u?!r used to medi!te "etween the students !nd

dumm# test t!)ers. P!v!n um!r !nd im!nshu She)h!r were "oth !so middemen who

used to ure N*I*S !spir!nts into p!#ing mone# on the preteDt of !dmission through

m!n!gement :uot! !nd then p!ss them on to consut!nts. Such w!s the efficienc# of the

ieg! service th!t most of these students scored 220 m!r)s or !"ove in N*AT6 ! ver# high

score for the test.

Ehie the imperson!tors m!n!ged to get p!st the N*AT verific!tion s#stems using forged

prim!r# !nd second!r# identit# proofs6 the students "enefitting from the m!pr!ctice were

n!ied "# N*I*S during the group discussion !nd interview st!ge !fter their photogr!phs

were found to "e not m!tching those given !t the time of the test. Among the 8> students who

!eged# !v!ied of this m!pr!ctice6 on#


40/56

profiing6 used to prevent imperson!tion6 during the test chec)7in process. Cespite !rgu!"#

we!)er securit# me!sures6 the N*AT costs 's 16 students !cross the countr#. The# shunted cities6 time sots !nd test

st!ges to c!rr# out the !eged su"terfuge. *ore th!n 's 13 crore ch!nged h!nds in the

process. Aso6 this might on# "e the tip of the ice"erg !s preimin!r# investig!tions reve!ed

th!t this g!ng might "e invoved in simi!r m!pr!ctices !t other m!n!gement entr!nce eD!ms

!s we.

BAEE.COM CASE

Avnish (!?!? Qs. St!te ;N.$.T.9 of Cehi

Avnish (!?!? K $,O of (!!5ee.com6 ! customer7to7customer we"site6 which f!ciit!tes theonine s!e of propert#. (!!5ee.com receives commission from such s!es !nd !so gener!tes

revenue from !dvertisements c!rried on its we" p!ges.

An o"scene **S cipping w!s isted for s!e on (!!5ee.com on 2>th Novem"er6 200 in then!me of BCPS /ir h!ving fun. Some copies of the cipping were sod through (!!5ee.com!nd the seer received the mone# for the s!e.

Avnish (!?!? w!s !rrested under section of the Inform!tion Technoog# Act6 2000 !nd his"!i !ppic!tion w!s re?ected "# the tri! court. e then !ppro!ched the Cehi igh $ourt for"!i.

A#*!" "* -#$*'"($! :

1. The !ccused did not stop p!#ment through "!n)ing ch!nnes !fter e!rning of the

ieg! n!ture of the tr!ns!ction.2. The item description BCPS /ir h!ving fun shoud h!ve r!ised !n !!rm.

A#*!" "* %*/*!%!" :

1. Section of the Inform!tion Technoog# Act re!tes to pu"ic!tion of o"scene

m!teri!. It does not re!te to tr!nsmission of such m!teri!.

2. On coming to e!rn of the ieg! ch!r!cter of the s!e6 remedi! steps were t!)en

within 38 hours6 since the intervening period w!s ! wee)end.

F(!%(! $/ "* '$#"

1. It h!s not "een est!"ished from the evidence th!t !n# pu"ic!tion too) p!ce "# the

!ccused6 direct# or indirect#.2. The !ctu! o"scene recordingJcip coud not "e viewed on the port! of (!!5ee.com.


41/56

3. The s!e consider!tion w!s not routed through the !ccused.

. Prim! f!cie (!!5ee.com h!d ende!vored to pug the oophoe.

. The !ccused h!d !ctive# p!rticip!ted in the investig!tions.

d!t!"!ses of 0/( in si5e from

Truec!er servers. At the time of writing this !rtice it4s not ce!r whether the entire d!t!"!se

h!s "een stoen or on# p!rti!. The d!t!"!se !so !pp!rent# cont!ins !ccess codes to user4s

G!ce"oo)6 Twitter6 /m!i6 !nd &in)edIn !ccounts6 !owing h!c)ers to su"mit !n upd!te from

Truec!er users !ccount who h!ve connected these networ)s to their !ccount6 !s per the

report. Ee !dvise users to immedi!te# remove Truec!er from giving !ccess to Truec!er

service.

(esides ste!ing the d!t!"!se6 the h!c)ers !so posted !dmin ogin credenti!s to Truec!er4s

d!t!"!se on Twitter. At the time of writing this !rtice the d!t!"!se w!s not !ccessi"e6

however6 we c!n4t rue out the possi"iit# of d!t!"!se re!ching in wrong h!nds.

True$!er !ows users to oo) up for !non#mous mo"ie !nd !ndine num"ers on the we"

or on their Internet7en!"ed mo"ie phone !nd "rowse through cont!ct inform!tion of the

owner of th!t mo"ie or !ndine num"er. (esides this6 it !so !ows users to view c!er IC
http://www.truecaller.com/http://www.truecaller.com/


42/56

inform!tion of the current c!er6 "oc) unw!nted c!s !nd connect their G!ce"oo) or

&in)edIn !ccount to view the !test mess!ges from their connections.

The issue with the !pp is th!t -*#$! ( !$" (! '$!"#$ (/ "*(# !*# ( *(! #*% $!

"* *#)('* $!* $/ "*(# '$!"'". Ehie the service doesoffer!n option to unist !

num"er6 we !re not sure how m!n# peope !re !w!re th!t their num"er is !re!d# sh!red on

the service !nd then go !"out unisting their num"er on the service. (esides th!t6 it4s !so

unce!r whether Truec!er !ctu!# deetes ! records from their d!t!"!se !fter one deists

their num"ers. Grom their GAU

BGor the respect of #our securit#6 #our num"er wi "e immedi!te# !nd perm!nent# removed

from !n# se!rch resut. ou c!nnot su"mit #our num"er !g!in. Pe!se go

tohttpJJwww.truec!er.comJunistto unist #our num"er perm!nent#.

Ehie it st!tes th!t it removes one4s num"er from se!rch resuts it4s not !pp!rent th!t the

records !re perm!nent# deeted. So even if one h!s unisted their num"er6 we !re not :uite

sure whether their d!t! h!s "een compromised !s it might sti "e stored in Truec!er4s

servers.

&!st month6 Truec!er h!dc!imedto h!ve coc)ed 20 miion users go"!# !st month6 up

from10 miion usersin =!nu!r# 2013. Truec!er h!d previous# c!imed th!t m!?orit# of its

users !re from Indi!6 !though it h!dn4t discosed !n# specific inform!tion on its Indi!n user

"!se. An ,T reportsuggests th!t the comp!n# h!d 1.< miion users in Indi! !s of =une 2012

!nd !ccounted for h!f of the comp!n#4s user"!se. Aso note th!t6 these 1.< miion users th!t

the report suggests !re the ones th!t use the !ppic!tion6 which me!ns th!t "* '" !*#

$/ -$!* $$; #*'$#% /#$ I!%( $! T#*'*# *#)*# '$% * ' (*#.

G#**; ';*# "* R 13 ; /#$ A


43/56

Poor# secured c!rds from Indi!n "!n)s!nd crimin! eements eDpoiting unprofession! w!#

of using de"it !nd credit c!rds!re r!ising the num"er of fin!nci! crimes "oth oc!# !nd

!"ro!d. At e!st 's 30 crore worth of tr!ns!ctions were done !st Cecem"er !nd =!nu!r#

using stoen credit c!rd identit#. MEe h!ve reversed the imp!ct in ! such customers@ !ccounts

with immedi!te effect6 to ensure the# !re not inconvenienced6@@ s!id !n ADis (!n) spo)esm!n.

The intern!tion! s#ndic!te of crimin!s w!s !ccessing inform!tion !"out c!rd hoders !t

ret!i est!"ishments. These were done most# "# coning c!rds during intern!tion! tr!ve.

Some of the countries such !s South Afric! !nd Th!i!nd !re notorious for th!t.

(!n)s !re enh!ncing the securit# to prevent misuse of eectronic p!#ments6 which h!s now

"ecome the preferred mode of tr!ns!ction for customers. MIf the# profie customers !nd

determine vectors correct# then !n !"norm! us!ge woud cre!te ! red f!g 7 i)e the oc!tion

where the mone# is withdr!wn6M S!?!n P!u6 director7 s#stems engineering 7 Indi! % SAA'$

for =uniper Networ)s tod ,T.

In Cecem"er6 Pune7"!sed p!#ment processor ,ectr!$!rd Services w!s h!c)ed "# ! go"!

c#"er7crime ring6 which !so "ro)e into the s#stems of (!ng!ore7"!sed ,nSt!ge Inc.

compens!ted the victims.

A--* /( softw!re upd!te6 which is s!ted for

this f!.
http://economictimes.indiatimes.com/topic/Indian%20bankshttp://economictimes.indiatimes.com/topic/Indian%20bankshttp://economictimes.indiatimes.com/topic/credit%20cardshttp://economictimes.indiatimes.com/topic/electronic%20paymentshttp://economictimes.indiatimes.com/topic/EnStage%20Inc.http://economictimes.indiatimes.com/topic/iOShttp://economictimes.indiatimes.com/topic/Indian%20bankshttp://economictimes.indiatimes.com/topic/credit%20cardshttp://economictimes.indiatimes.com/topic/electronic%20paymentshttp://economictimes.indiatimes.com/topic/EnStage%20Inc.http://economictimes.indiatimes.com/topic/iOS


44/56

Three computer scientists6 who !erted Appe to the pro"em e!rier this #e!r6 demonstr!ted

the securit# vuner!"iit# !t the (!c) !t h!c)ing convention in &!s Qeg!s on Eednesd!#

where some >6000 securit# profession!s !re e!rning !"out the !test thre!ts posed "#

computer h!c)ing.

Appe s!id the issue h!d "een fiDed in the !test "et! of iOS >6 which h!s !re!d# "een

ree!sed to softw!re deveopers.

MEe woud i)e to th!n) the rese!rchers for their v!u!"e input6M Appe spo)esm!n Tom

Neum!#rs!id.

The wor) w!s done "# (i# &!u6! rese!rch scientist !t the/eorgi! Institute of Technoog#6

!nd gr!du!te students eong?in =!ng!nd $heng#u Song.

In ! demonstr!tion !t the h!c)ing conference6 the# pugged !n iPhone into ! custom7"uit

ch!rger the# e:uipped with ! tin# &inuD computer th!t w!s progr!mmed to !tt!c) iOS

devices. The# s!id it cost !"out L to "u# !nd ! wee) to design.

It infected the phone with ! computer virus designed to di! the phone of one of the

rese!rchers6 which it did.

The# s!id th!t re!7word c#"er crimin!s might "uid viruses th!t woud give them remote

contro of the devices. Th!t woud en!"e them to t!)e screen shots for ste!ing "!n)ing

p!sswords !nd credit c!rd num"ers. The# coud !so !ccess em!is6 teDts !nd cont!ct

inform!tion or tr!c) the oc!tion of the phone@s owner6 &!u s!id.MIt c!n "ecome ! sp#ing

too6M s!id &!u.

&!u s!id the# were pu"ici5ing the issue in the spirit of Mwhite h!tM h!c)ing6 which is finding

securit# "ugs so th!t m!nuf!cturers c!n fiD them "efore crimin!s eDpoit them.

MSecurit# doesn@t wor) if #ou "ur# pro"ems6M he tod 'euters on the sideines of the press

conference.

&!u s!id th!t devices running /ooge Inc@s Androidoper!ting s#stem !re not vuner!"e to

the s!me t#pes of !tt!c) "ec!use the# w!rn users if the# pug devices into ! computer6 even

one posing !s ! ch!rging st!tion.After Appe@s iOS > softw!re upd!te6 ! mess!ge wi pop up
http://economictimes.indiatimes.com/topic/Tom%20Neumayrhttp://economictimes.indiatimes.com/topic/Tom%20Neumayrhttp://economictimes.indiatimes.com/topic/Billy%20Lauhttp://economictimes.indiatimes.com/topic/Billy%20Lauhttp://economictimes.indiatimes.com/topic/Georgia%20Institute%20of%20Technologyhttp://economictimes.indiatimes.com/topic/Georgia%20Institute%20of%20Technologyhttp://economictimes.indiatimes.com/topic/Georgia%20Institute%20of%20Technologyhttp://economictimes.indiatimes.com/topic/Yeongjin%20Janghttp://economictimes.indiatimes.com/topic/iPhonehttp://economictimes.indiatimes.com/topic/Linuxhttp://economictimes.indiatimes.com/topic/Androidhttp://economictimes.indiatimes.com/topic/Tom%20Neumayrhttp://economictimes.indiatimes.com/topic/Tom%20Neumayrhttp://economictimes.indiatimes.com/topic/Billy%20Lauhttp://economictimes.indiatimes.com/topic/Georgia%20Institute%20of%20Technologyhttp://economictimes.indiatimes.com/topic/Yeongjin%20Janghttp://economictimes.indiatimes.com/topic/iPhonehttp://economictimes.indiatimes.com/topic/Linuxhttp://economictimes.indiatimes.com/topic/Android


45/56

to !ert the user th!t the# !re connecting to ! computer6 not !n ordin!r# ch!rger6 he s!id.

NEWS ARTICLES

M$" "$'; *'#(* "*(' #(;

N,E C,&I A m!?orit# of stoc) eDch!nges wordwide c!me under c#"er !tt!c)s!st #e!r

!nd !most 0 per cent of them perceive such !ctivities to "e ! potenti! s#stemic ris)6

!ccording to ! surve#.

Gor the "ourses6 c#"er7crimes 77 whose n!ture is "ecoming more compeD 77 coud resut in

Mm!ssive fin!nci! !nd reput!tion! imp!ct6M !mong other !dverse f!outs.

The findings !re p!rt of the 2012713 $#"er7$rime Surve# ?oint# conducted "# the IOS$O

'ese!rch Cep!rtment !nd the Eord Geder!tion of ,Dch!nges. It covered v!rious eDch!nges

!nd centr! counterp!rt# ce!ring houses !cross the word.

The Intern!tion! Org!nis!tion of Securities $ommissions ;IOS$O9 is ! grouping of c!pit!

m!r)etregu!tors6 incuding the Securities !nd ,Dch!nge (o!rd of Indi!; Se"i9.

MA m!?orit# of eDch!nges ;8 per cent9 view c#"er7crime in securities m!r)ets !s ! potenti!

s#stemic ris)6M the report s!id.

*ore th!n h!f of the eDch!nges surve#ed s!id the# h!d suffered ! c#"er !tt!c) in 2012.

M,Dch!nges from the Americ!s were more i)e# to report h!ving suffered !n !tt!c) ; per

cent96M it !dded.

$#"er7crimes in the securities m!r)ets !re gener!# disruptive in n!ture !nd coud neg!tive#

imp!ct m!r)et integrit# !nd efficienc#.

Gurther6 the surve# showed th!t eDch!nges empo# sever! prevent!tive !nd detection

mech!nisms to t!c)e c#"er7crimes.
http://economictimes.indiatimes.com/topic/cyber%20attackshttp://economictimes.indiatimes.com/topic/cyber%20attackshttp://economictimes.indiatimes.com/topic/IOSCOhttp://economictimes.indiatimes.com/topic/capital%20markethttp://economictimes.indiatimes.com/topic/capital%20markethttp://economictimes.indiatimes.com/topic/capital%20markethttp://economictimes.indiatimes.com/topic/Sebihttp://economictimes.indiatimes.com/topic/cyber%20attackshttp://economictimes.indiatimes.com/topic/IOSCOhttp://economictimes.indiatimes.com/topic/capital%20markethttp://economictimes.indiatimes.com/topic/capital%20markethttp://economictimes.indiatimes.com/topic/Sebi


46/56

M...Ne!r# ! ; per cent9 of eDch!nges surve#ed report th!t dis!ster7recover# protocos !re

in p!ce in their org!nis!tion6M it !dded.

owever6 !"out ! :u!rter of the p!rticip!ting "ourses s!id th!t current prevent!tive !nd

recover# mech!nisms m!# not "e sufficient in the f!ce of ! !rge7sc!e6 coordin!ted c#"er7

!tt!c).

*e!nwhie6 ! st!ff wor)ing p!per pu"ished on =u# 1< "# IOS$O s!id inst!nces of !tt!c)s

!g!inst eDch!nges me!ns th!t c#"er7crime is !re!d# t!rgeting securities m!r)ets@ core

infr!structures !nd providers of essenti! ;!nd non7su"stitut!"e services9.

MAt this st!ge6 these c#"er7!tt!c)s h!ve not imp!cted core s#stems or m!r)et integrit# !nd

efficienc#. owever6 some eDch!nges surve#ed suggest th!t ! !rge7sc!e6 successfu !tt!c)

m!# h!ve the potenti! to do so6M the p!per s!id.

C*# '#(* E $!* '; $/ %*"*##*!" (% $+ $ #;*" #* I!%(! (!"$

';(! *#)('*

*-*(AI Indi! is f!st emerging !s ! t!ent hotspot for the go"! c#"er7crime industr# !mid

sow hiring in the tr!dition! softw!re industr#6 the ure of e!s# mone#6 !nd !c) of !w

enforcement6 !ccording to computer securit# eDperts.

Eor) such !s h!c)ing into computer networ)s !nd cre!tion of m!w!re is "eing outsourced to

c#"er7mercen!ries in Indi! through underground m!r)etp!ces. It is possi"e to rent "otnets 7

computers controed "# ! h!c)er 7 to !unch dis!"ing !tt!c)s to "ring down we"sites for !s

itte !s MIncre!sing#6 Indi! is "ecoming not ?ust the victim "ut the host countr# with reg!rd

to c#"er !tt!c)s6M =!gdish *!h!p!tr!6 m!n!ging director for Indi! !nd SAA'$ !t !nti7virus

m!)er *cAfee6 tod ,T. The process h!s "ecome so org!nised th!t some of these h!c)ing

services come with &ive $h!t customer support6 !ccording to *cAfee.

In 20126 *cAfee &!"s identified !t e!st 80 sep!r!te "its of re!d#7to7downo!d m!w!re

hosted on computers in Indi!. In the first :u!rter of 20136 the num"er h!d ?umped to 16100.

Indi! is r!n)ed eighth in the word in terms of num"er of !tt!c)s origin!ting here6 ! report "#A)!m!i Technoogies in *!# s!id.


47/56

M(!c)h!ts c!n m!)e ! ot of mone#6 so I@m not surprised th!t we@re "eginning to see c#"er7

crime m!r)ets emerge in Indi!6M s!id OD"ood 'uffin6 ! $!n!di!n h!c)tivist "!sed in

(!ng!ore. In Internet securit# !ngu!ge6 ! "!c)h!t refers to someone who eDpoits

vuner!"iities in computers with m!icious intent or person! g!in. In *!rch6 Norwegi!n

teecommunic!tions services provider Teenor reported !n intrusion into its computer

networ)s. $#"er7securit# comp!n# Norm!n Sh!r) tr!ced th!t !tt!c) to Indi! !nd documented

it in ! whitep!per tited @-nveiing !n Indi!n $#"er7!tt!c) Infr!structure@.

I!%( H "* S;(

Mou h!ve underground h!c)er forums where peope post their h!c)ing re:uirement !nd #ou

c!n "id for them !nd h!ve the mone# tr!nsferred to ! P!#P! !ccount vi! ! service c!ed

Perfect *one#6M S!rv!i#! s!id. Ehie ethic! h!c)ers coud e!rn 306000 ! mon7th eg!#6

c#"er crime fetches mo7re th!n L26000 ; 163060009 ! month.

Perfect *one# functions !s !n e7currenc#. The currenc# units c!n "e tr!nsferred "etween

customers6 whose identities c!n "e hidden. The units c!n "e redeemed for c!sh 7 in do!rs or

euros 7 or god "# third7p!rt# eDch!nge services.

The h!c)er forums c!nnot "e !ccessed vi! st!nd!rd we" "rowsers 7 wh!t is re:uired is !

speci! "rowser c!ed ! Tor (rowser th!t !ows !ccess to the @hidden we"@ where these

"!c)h!t h!c)ers oper!te.

The forums oo) i)e ! soci! networ)ing site designed "# de!th7met! f!ns. Attempts "# ,T

to cont!ct h!c)ers on these forums were not successfu. Some of the tr!its th!t m!de Indi! the

hu" for sourcing technoog# services !re !so contri"uting to the rise of this new du"ious

tr!de. Mou need softw!re s)isF the countr# h!s th!t c!p!"iit#. Then #ou need motiv!tion6

which is the mone#6 !nd the )nowedge th!t the Indi!n eg! s#stem is i)e# to not "e !"e to

prosecute #ou. These !re cross7"order computer crimes6 our !ws h!ve not re!ched th!t

point6M s!id Cinesh Pi!i6 $,O of *!hindr! Speci! Services /roup.

There is no estim!te of the num"er of Indi!n h!c)ers for hire. And securit# industr#

profession!s s!id whie the# )new the num"er of !tt!c)s from Indi! w!s rising6 the# coud


48/56

not pinpoint individu! !tt!c)s th!t coud "e !ttri"uted to Indi!n h!c)ers L2 ; 129 per hour.

I!%( I!' $% +;* - "$ "* '*# "#*"

The recent incident of c#"er theft !t ADis (!n)shoud serve !s ! w!)e7up c! for Indi!n

industr#. Ee !re vuner!"e.

Cem!teri!ised sh!res hed in eectronic !ccounts6 "!n)s !nd pension funds6 power

tr!nsmission !nd distri"ution s#stems6 tr!in sign!ing s#stems6 he!th c!re s#stems !nd

records6 w!ter distri"ution s#stems6 the A!dh!!r d!t!"!se6 pr!ctic!# ever#thing is tod!#

controed in c#"er sp!ce.

If th!t contro does not wor) !s it is supposed to6 or gets hi?!c)ed "# crimin!s or hostie st!te

!gencies6 ch!os wi resut. Indi! needs to put in p!ce s#stems to gu!rd !g!inst !rge7sc!e

disruption !nd oss !s ! resut of c#"er !tt!c)s. And this goes "e#ond form! !dherence to

ISO st!nd!rds.

The government is re!d#ing ! c#"er securit# fr!mewor)6 ! c#"er securit# poic# !nd !

N!tion! $#"er $oordin!tion $entre;N$$$9 th!t wi monitor met!d!t! on c#"er tr!ffic

fows. owever6 it is "e#ond the government@s prowess to ensure securit# on its own.

On# strong pu"ic7priv!te p!rtnership c!n secure the n!tion !nd its vit! functions. This c!s

for coordin!ted !ction on mutipe fronts. One is poic# !nd egis!tion6 to ensure integrit#

!nd !ccount!"iit# to c#"er monitoring.

The government proceeds !s if one c!use in the Inform!tion Technoog# Act is enough to

protect Indi!ns@ priv!c#. Ee need ! sep!r!te !nd we7thought7out !w on the su"?ect.

Procedures for "re!ching it when necess!r# must "e rigorous6 tr!nsp!rent !nd !men!"e to

!udit. A second front is technoogic! c!p!"iit#. Grom setting st!nd!rds !nd testing of

e:uipment to !dv!nces in cr#ptogr!ph#6 !rge !re!s c! for institutions to "e set up !nd

hum!n c!p!"iit# "uit up.

A strong domestic m!nuf!cturing "!se woud "e ! gre!t hep. Pu"ic !w!reness !nd

invovement is the third !re! of !ction. Grom p!ssive securing of individu! phones !nd
http://economictimes.indiatimes.com/axis-bank-ltd/stocks/companyid-9175.cmshttp://economictimes.indiatimes.com/topic/pensionhttp://economictimes.indiatimes.com/topic/cyber%20security%20policyhttp://economictimes.indiatimes.com/topic/National%20Cyber%20Coordination%20Centrehttp://economictimes.indiatimes.com/topic/Information%20Technology%20Acthttp://economictimes.indiatimes.com/axis-bank-ltd/stocks/companyid-9175.cmshttp://economictimes.indiatimes.com/topic/pensionhttp://economictimes.indiatimes.com/topic/cyber%20security%20policyhttp://economictimes.indiatimes.com/topic/National%20Cyber%20Coordination%20Centrehttp://economictimes.indiatimes.com/topic/Information%20Technology%20Act


49/56

computers to !ctive rese!rch in com"!ting c#"er !tt!c)s !nd snooping6 ! r!nge of !ctivit#

c!s for vigorous p!rticip!tion "# Indi!@s #outh. The# must "e enthused !nd motiv!ted. The

c#"er !gend! is !rge !nd urgent.

9*# "$ *" - 1 '*# '* "$ "';* '*# '#(*

TI'-QANANTAP-'A* The er!! government wi set up 1 c#"er ces to t!c)e the

growing incidence of c#"er7re!ted crimes in the st!te6 $hief *inister Oommen $h!nd#s!id

here tod!#.

Spe!)ing to reporters !fter ! c!"inet meeting6 he s!id the c#"er ces woud "e set up in poice

district he!d:u!rters6 for which seven new posts h!ve "een s!nctioned.

S#)* $! '*# + & '*# "#*"

ECONOMICS TIME ANALYSIS ?12" SE,TEMBER 2012@

In the p!st 12 months6 c#"er crime cost ever# Indi!n net worth victim 's. 106 on !n!ver!ge. Indi! is emerging !s the go"! hot spot of c#"er croo)s.
http://economictimes.indiatimes.com/topic/Oommen%20Chandyhttp://economictimes.indiatimes.com/topic/Oommen%20Chandy


50/56

S#)* A!( INDIA GLOBAL

AERAGE

N*# $/ '*# '#(* )('"( 2 miion 23 miion

T$* %*/#%*% $!'* (! "*(# (/*"(*


51/56

2. !ve #ou ever tried the foowing !ctivities


52/56

3. Co #ou )now how !nd where to report c#"er7crime re!ted !ctivities

. An eectronic sign!ture is used for !uthentic!ting !n onine document. ow s!fe do

#ou thin) it is '!te on ! sc!e of 17. ;17ver# uns!fe6 7 ver# s!fe9


53/56

. Eh!t do #ou thin) the IT Act is for

CONCERNS OF CYBER LAWS

L$$-$*

!ving discussed in det!i ! the provisions of ITA !nd ITAA6 et us now oo) !t some of the

"ro!der !re!s of omissions !nd commissions in the Act !nd the gener! criticism the Acts

h!ve f!ced over the #e!rs.

A@ A+#*!*There is no serious provision for cre!ting !w!reness !nd putting such

initi!tives in p!ce in the Act. The government or the investig!ting !gencies i)e the

Poice dep!rtment ;whose ?o" h!s "een m!de comp!r!tive# e!sier !nd focused6

th!n)s to the p!ssing of the IT Act96 h!ve t!)en !n# serious step to cre!te pu"ic

!w!reness !"out the provisions in these egis!tions6 which is !"soute# essenti!

considering the f!ct th!t this is ! new !re! !nd technoog# h!s to "e e!rnt "# ! the

st!)e7hoders i)e the ?udici! officers6 eg! profession!s6 itig!nt pu"ic !nd the

pu"ic or users !t !rge. ,speci!# provisions i)e scope for !d?udic!tion process isnever )nown to m!n# incuding those in the investig!ting !gencies.


54/56

B@ #(%('"($!This is ! m!?or issue which is not s!tisf!ctori# !ddressed in the ITA or

ITAA.

=urisdiction h!s "een mentioned in Sections !nd


55/56

it is :uite n!tur! th!t m!n# issues on c#"er crimes !nd m!n# crimes per se !re eft

uncovered. *!n# c#"er crimes i)e c#"er s:u!tting with !n evi !ttention to eDtort

mone#. Sp!m m!is6 ISP4s i!"iit# in cop#right infringement6 d!t! priv!c# issues h!ve

not "een given !de:u!te cover!ge.

(esides6 most of the Indi!n corpor!te incuding some Pu"ic Sector undert!)ings use

Oper!ting S#stems th!t !re from the Eest especi!# the -S !nd m!n# softw!re

utiities !nd h!rdw!re items !nd sometimes firmw!re !re from !"ro!d. In such c!ses6

the !ctu! re!ch !nd import of IT Act Sections de!ing with ! utiit# softw!re or !

s#stem softw!re or !n Oper!ting S#stem upgr!de or upd!te used for downo!ding the

softw!re utiit#6 is to "e specific!# !ddressed6 !s otherwise ! pecui!r situ!tion m!#

come6 when the user m!# not )now whether the upgr!de or the p!tch is getting

downo!ded or !n# sp#w!re getting inst!ed. The Act does not !ddress the

government4s poic# on )eeping the "!c)up of corpor!tes incuding the PS-s !nd

PS(s in our count# or !"ro!d !nd if )ept !"ro!d6 the su"?ective eg! ?urisprudence on

such softw!re "!c)ups. *ost of the c#"er crimes in the n!tion !re sti "rought under

the reev!nt sections of IP$ re!d with the comp!r!tive sections of ITA or the ITAA

which gives ! comfort f!ctor to the investig!ting !gencies th!t even if the ITA p!rt of

the c!se is ost6 the !ccused c!nnot esc!pe from the IP$ p!rt.

To :uote the noted c#"er !w eDpert in the n!tion !nd Supreme $ourt !dvoc!te Shri

P!v!n Cugg!6 BEhie the !wm!)ers h!ve to "e compemented for their !dmir!"e

wor) removing v!rious deficiencies in the Indi!n $#"er!w !nd m!)ing it

technoogic!# neutr!6 #et it !ppe!rs th!t there h!s "een ! m!?or mism!tch "etween

the eDpect!tion of the n!tion !nd the resut!nt effect of the !mended egis!tion. The

most "i5!rre !nd st!rting !spect of the new !mendments is th!t these !mendments

see) to m!)e the Indi!n c#"er!w ! c#"er crime friend# egis!tion th!t chooses to

encour!ge c#"er crimin!s "# essening the :u!ntum of punishment !ccorded to them

under the eDisting !wF W.. ! egis!tion which m!)es ! m!?orit# of c#"ercrimes

stipu!ted under the IT Act !s "!i!"e offencesF ! egis!tion th!t is i)e# to p!ve w!#

for Indi! to "ecome the potenti! c#"er crime c!pit! of the wordWW


56/56

information technology act - final

Documents