it act
TRANSCRIPT
CONTENTS
Sr No Particular Page No
1 Introduction to Cyber Law 1-2
2 Information Technology ACT 2000 3-4
3 Cyber Crime 5-6
4 Types of Crime 7-8
5 Cyber Criminal 9-10
6 Indian Case Study 11-12
7 Conclusion 13
Introduction to Cyber Law Cyber Law is the law governing cyber space. Cyber space is a very wide term and
includes computers, networks, software, data storage devices (such as hard disks, USB
disks etc), the Internet, websites, emails and even electronic devices such as cell phones,
ATM machines etc.
Cyber crimes can involve criminal activities that are traditional in nature, such as theft,
fraud, forgery, defamation and mischief, all of which are subject to the Indian Penal Code.
The abuse of computers has also given birth to a gamut of new age crimes that are
addressed by the Information Technology Act, 2000.
The expression ‘Crime’ is defined as an act, which subjects the doer to legal punishment
or any offence against morality, social order or any unjust or shameful act. The “Offence"
is defined in the Code of Criminal
Procedure to mean as an act or omission made punishable by any law for the time being in
force.
It’s an unlawful act wherein the computer is either a tool or a target or both.
Acts that are punishable by the Information Technology Act.
Cyber space is a virtual space that has become as important as real space for
business, politics, and communities .
Cyber Crime is emerging as a serious threat. World wide governments, police
departments and intelligence units have started to react.
Cyber Crime is a term used to broadly describe criminal activity in which computers or
computer networks are a tool, a target, or a place of criminal activity and include
everything from electronic cracking to denial of service attacks. It is also used to include
traditional crimes in which computers or networks are used to enable the illicit activity.
Computer crime mainly consists of unauthorized access to computer systems data
alteration, data destruction, theft of intellectual property. Cyber crime in the context of
national security may involve hacking, traditional espionage, or information warfare and
related activities.
1Pornography, Threatening Email, Assuming someone's Identity, Sexual Harassment, Defamation, Spam and Phishing are some examples where computers are used to commit crime, whereas Viruses, Worms and Industrial Espionage, Software Piracy and Hacking are examples where computers become target of crime. The Internet in India is growing rapidly. It has given rise to new opportunities in every
field we can think of – be it entertainment, business, sports or education. There are two
sides to a coin. Internet also has its own disadvantages. One of the major disadvantages is
Cybercrime – illegal activity committed on the Internet. The Internet, along with its
advantages, has also exposed us to security risks that come with connecting to a large
network. Computers today are being misused for illegal activities like e-mail espionage,
credit card fraud, spams, and software piracy and so on, which invade our privacy and
offend our senses. Criminal activities in the cyberspace are on the rise.
"The modern thief can steal more with a computer than with a gun. Tomorrow's
terrorist may be able to do more damage with a key board than with a bomb".
Until recently, many information technology (IT) professionals lacked awareness of an
interest in the cyber crime phenomenon. In many cases, law enforcement officers have
lacked the tools needed to tackle the problem; old laws didn’t quite fit the crimes being
committed, new laws hadn’t quite caught up to the reality of what was happening, and
there were few court precedents to look to for guidance? Furthermore, debates over
privacy issues hampered the ability of enforcement agents to gather the evidence needed
to prosecute these new cases. Finally, there was a certain amount of antipathy—or at the
least, distrust— between the two most important players in any effective fight against
cyber crime: law enforcement agencies and computer professionals. Yet close cooperation
between the two is crucial if we are to control the cyber crime problem and make the
Internet a safe “place” for its users.
21. Information Technology Act 2000
Connectivity via the Internet has greatly abridged geographical distances and made
communication even more rapid. While activities in this limitless new universe are
increasing incessantly, laws must be formulated to monitor these activities. Some
countries have been rather vigilant and formed some laws governing the net. In order to
keep pace with the changing generation, the Indian Parliament passed the much-awaited
Information Technology Act, 2000 .As they say,
"It’s better late than never".
However, even after it has been passed, a debate over certain controversial issues
continues. A large portion of the industrial community seems to be dissatisfied with
certain aspects of the Act. But on the whole, it is a step in the right direction for India.
The Information Technology Act 2000, regulates the transactions relating to the
computer and the Internet
The objectives of the Act as reflected in the Preamble to the Act are:
1. The Preamble to the Act states that it aims at providing legal recognition for
transactions carried out by means of electronic data interchange and other means of
electronic communication, commonly referred to as "electronic commerce", which
involve the use of alternatives to paper-based methods of communication and storage of
information and aims at facilitating electronic filing of documents with the Government
agencies.
2. To facilitate electronic filing of the document with the government of India. The
General Assembly of the United Nations had adopted the Model Law on Electronic
Commerce adopted by the United Nations Commission on International Trade Law
(UNCITRAL) in its General Assembly resolution A/RES/51/162 dated January 30, 1997.
The Indian Act is in keeping with this resolution that recommended that member nations
of the UN enact and modify their laws according to the Model Law.
Thus with the enactment of this Act, Internet transactions will now be recognized, on-line
contracts will be enforceable and e-mails will be legally acknowledged. It will
tremendously augment domestic as well as international trade and commerce.
The Information Technology Act extends to the whole of India and, saves as otherwise
provided in this Act, it applies also to any offence or contravention there under
3
committed outside India by any person.
However The Act does not apply to:
1. a negotiable instrument as defined in section 13 of the Negotiable Instruments
Act,1881;
2. a power-of-attorney as defined in section 1A of the Powers-of- Attorney Act, 1882;
3. a trust as defined in section 3 of the Indian Trusts Act, 1882;
4. A will as defined in clause (h) of section 2 of the Indian Succession Act, 1925including
any other testamentary disposition by whatever name called
5. Any contract for the sale or conveyance of immovable property or any interest in such
property;
6. Any such class of documents or transactions as may be notified by the Central
Government in the Official Gazette.
Some of the Important Definition:
Asymmetric crypto system" means a system of a secure key pair consisting of a private
key for creating a digital signature and a public key to verify the digital signature;
Certifying Authority" means a person who has been granted a licence to issue a Digital
Signature Certificate under section 24;
Certification practice statement" means a statement issued by a Certifying Authority to
specify the practices that the Certifying Authority employs in issuing Digital Signature
Certificates;
Cyber Appellate Tribunal" means the Cyber Regulations Appellate Tribunal established
under sub-section (1) of section 48;
Digital signature" means authentication of any electronic record by a subscriber by
means of an electronic method or procedure in accordance with the provisions of section.
Digital Signature Certificate" means a Digital Signature Certificate issued under
subsection of section 35;
Electronic form" with reference to information means any information generated, sent,
received or stored in media, magnetic, optical, computer memory, micro film, computer
generated micro fiche or similar device;
Electronic Gazette" means the Official Gazette published in the electronic form;
Secure system" means computer hardware, software, and procedure that—
(a) are reasonably secure from unauthorised access and misuse.
(b) provide a reasonable level of reliability and correct operation.
4
2. Introduction to Cyber Crime
The first recorded cyber crime took place in the year 1820! That is not surprising
considering the fact that the abacus, which is thought to be the earliest form of a computer,
has been around since 3500 B.C. in India, Japan and China. The era of modern computers,
however, began with the analytical engine of Charles Babbage. Cyber crime is an evil
having its origin in the growing dependence on computers in modern life. In a day and age
when everything from microwave ovens and refrigerators to nuclear power plants is being
run on computers, cyber crime has assumed rather sinister implications. Major Cyber
crimes in the recent past include the Citibank rip off. US $ 10 million were fraudulently
transferred out of the bank and into a bank account in Switzerland. A Russian hacker
group led by Vladimir Kevin, a renowned hacker, perpetrated the attack. The group
compromised the bank's security systems. Vladimir was allegedly using his office
computer at AO Saturn, a computer firm in St. Petersburg, Russia, to break into Citi bank
computers. He was finally arrested on Heathrow airport on his way to Switzerland.
United Nations’ Definition of Cybercrime
Cybercrime spans not only state but national boundaries as well. Perhaps we should look
to international organizations to provide a standard definition of the crime. At the Tenth
United Nations Congress on the Prevention of Crime and Treatment of Offenders, in a
workshop devoted to the issues of crimes related to computer networks, cybercrime was
broken into two categories and defined thus:
Cybercrime in a narrow sense (computer crime): Any illegal behaviour directed by
means of electronic operations that targets the security of computer systems and
the data processed by them.
Cybercrime in a broader sense (computer-related crime): Any illegal behaviour
committed by means of, or in relation to, a computer system or network, including
such crimes as illegal possession [and] offering or distributing information by
means of a computer system or network.
Of course, these definitions are complicated by the fact that an act may be illegal in one
nation but not in another.
5
There are more concrete examples, including
i. Unauthorized access
ii Damage to computer data or programs
iii Computer sabotage
iv Unauthorized interception of communications
v Computer espionage
These definitions, although not completely definitive, do give us a good starting point one
that has some international recognition and agreement for determining just what we mean
by the term cybercrime.
In Indian law, cyber crime has to be voluntary and wilful, an act or omission that
adversely affects a person or property. The IT Act provides the backbone for e-commerce
and India’s approach has been to look at e-governance and e-commerce primarily from the
promotional aspects looking at the vast opportunities and the need to sensitize the
population to the possibilities of the information age. There is the need to take in to
consideration the security aspects.
Cybercrime is not on the decline. The latest statistics show that cybercrime is actually on
the rise. However, it is true that in India, cybercrime is not reported too much about.
Consequently there is a false sense of complacency that cybercrime does not exist and that
society is safe from cybercrime. This is not the correct picture. The fact is that people in
our country do not report cybercrimes for many reasons. Many do not want to face
harassment by the police. There is also the fear of bad publicity in the media, which could
hurt their Reputation and standing in society. Also, it becomes extremely difficult to
convince the police to register any cybercrime, because of lack of orientation and
awareness about cybercrimes and their registration and handling by the police.
63. Types Of Cyber Crime
Technical Aspects
Technological advancements have created new possibilities for criminal activity, in
particular the criminal misuse of information technologies such as
Unauthorized access & Hacking:-
Access means gaining entry into, instructing or communicating with the logical,
arithmetical, or memory function resources of a computer, computer system or
computer network.
Unauthorized access would therefore mean any kind of access without the
permission of either the rightful owner or the person in charge of a computer,
computer system or computer network.
By hacking web server taking control on another persons website called as web
hijacking
Trojan Attack:-
The program that act like something useful but do the things that are quiet
damping. The programs of this kind are called as Trojans.
Trojans come in two parts, a Client part and a Server part. When the victim
(unknowingly) runs the server on its machine, the attacker will then use the Client
to connect to the Server and start using the trojan.
Virus and Worm attack:-
A program that has capability to infect other programs and make copies of itself
and spread into other programs is called virus.
Programs that multiply like viruses but spread from computer to computer are
called as worms.
E-mail related crimes:-
Email spoofing:-Email spoofing refers to email that appears to have been originated from
one source when it was actually sent from another source. Please Read
Email Spamming:-Email "spamming" refers to sending email to thousands and thousands
of users - similar to a chain letter.
7
Sending malicious codes through email:-
E-mails are used to send viruses, Trojans etc through emails as an attachment or by sending a link of website which on visiting downloads malicious code.
Email bombing:-
E-mail "bombing" is characterized by abusers repeatedly sending an identical email
message to a particular address.
Sending threatening emails
Sending any threatening Email to any Person regarding his live or property is also a
Crime.
Sale of illegal articles
This would include sale of narcotics, weapons and wildlife etc., by posting information on
websites, auction websites, and bulletin boards or simply by using email communication.
Online gambling
There are millions of websites; all hosted on servers abroad, that offer online gambling. In
fact, it is believed that many of these websites are actually fronts for money laundering.
84. Cyber Criminals
Kids (age group 9-16 etc.)
It seems really difficult to believe but it is true. Most amateur hackers and cyber criminals
are teenagers. To them, who have just begun to understand what appears to be a lot about
computers, it is a matter of pride to have hacked into a computer system or a website.
There is also that little issue of appearing really smart among friends. These young rebels
may also commit cyber crimes without really knowing that they are doing anything
wrong.
Organized hacktivists
Hacktivists are hackers with a particular (mostly political) motive. In other cases this
reason can be social activism, religious activism, etc. The attacks on approximately 200
prominent Indian websites by a group of hackers known as Pakistani Cyber Warriors are a
good example of political hacktivists at work.
Disgruntled employees
One can hardly believe how spiteful displeased employees can become. Till now they had
the option of going on strike against their bosses. Now, with the increase independence on
computers and the automation of processes, it is easier for disgruntled employees to do
more harm to their employers by committing computer related crimes, which can bring
entire systems down.
Professional hackers (corporate espionage)
Extensive computerization has resulted in business organizations storing all their
information in electronic form. Rival organizations employ hackers to steal industrial
secrets and other information that could be beneficial to them. The temptation to use
professional hackers for industrial espionage also stems from the fact that physical
presence required to gain access to important documents is rendered needless if hacking
can retrieve those.
Denial of Service Tools
Denial-of-service (or DoS) attacks are usually launched to make a particular service
unavailable to someone who is authorized to use it. These attacks may be launched using
one single computer or many computers across the world. In the latter scenario, the attack
is known as a distributed denial of service attack. Usually these attacks do not necessitate
the need to get access into anyone's system.
These attacks have been getting decidedly more popular as more and more people realize
the amount and magnitude of loss, which can be caused through them.
9
What are the reasons that a hacker may want to resort to a DoS attack? He may have
installed a Trojan in the victim's computer but needed to have the computer restarted to
activate the Trojan. The other good reason also may be that a business may want to harm a
competitor by crashing his systems.
Denial-of-service attacks have had an impressive history having, in the past, blocked out
websites like Amazon, CNN, Yahoo and eBay. The attack is initiated by sending excessive
demands to the victim's computer's, exceeding the limit that the victim's servers can
support and making the server’s crash. Sometimes, many computers are entrenched in this
process by installing a Trojan on them; taking control of them and then making them send
numerous demands to the targeted computer. On the other side, the victim of such an
attack may see many such demands (sometimes even numbering tens of thousands)
coming from computers from around the world. Unfortunately, to be able to gain control
over a malicious denial-of-service attack would require tracing all the computers involved
in the attack and then informing the owners of those systems about the attack. The
compromised system would need to be shut down or then cleaned. This process, which
sounds fairly simple, may prove very difficult to achieve across national and later
organizational bordersDenial-of-service attacks have had an impressive history having, in
the past, blocked out websites like Amazon, CNN, Yahoo and eBay. The attack is initiated
by sending excessive demands to the victim's computer's, exceeding the limit that the
victim's servers can support and making the server’s crash. Sometimes, many computers
are entrenched in this process by installing a Trojan on them; taking control of them and
then making them send numerous demands to the targeted computer. On the other side,
the victim of such an attack may see many such demands (sometimes even numbering
tens of thousands) coming from computers from around the world. Unfortunately, to be
able to gain control over a malicious denial-of-service attack would require tracing all the
computers involved in the attack and then informing the owners of those systems about
the attack. The compromised system would need to be shut down or then cleaned. This
process, which sounds fairly simple, may prove very difficult to achieve across national
and later organizational borders.
105. Indian Case Studies
While I have a huge collection of international cyber crimes I thought it may be more
relevant if we discuss Indian Cyber crime case studies. However if any of you is interested
in international case studies please do reach me. I have not arranged the following section
in an order to create flow of thought for the reader. And it is possible there is a drift from
the taxonomy which we have defined in the beginning.
Insulting Images of Warrior Shivaji on Google – Orkut
An Indian posts ‘insulting images’ of respected warrior-saint Shivaji on Google’s
Orkut.Indian police come knocking at Google’s gilded door demanding the IP address (IP
uniquely identifies every computer in the world) which is the source of this negative
image. Google, India hands over the IP address.
Financial crime
Wipro Spectramind lost the telemarketing contract from Capital one due to an organized
crime.The telemarketing executives offered fake discounts, free gifts to the Americans in
order to boost the sales of the Capital one. The internal audit revealed the fact and
surprisingly it was also noted that the superiors of these telemarketers were also involved
in the whole scenario.
Cyber pornography
Some more Indian incidents revolving around cyber pornography include the Air Force
Balbharati School case. In the first case of this kind, the Delhi Police Cyber Crime Cell
registered a case under section 67 of the IT act, 2000. A student of the Air Force
Balbharati School, New Delhi, was teased by all his classmates for having a pockmarked
face.
Online Gambling
Recent Indian case about cyber lotto was very interesting. A man called Kola Mohan
invented the story of winning the Euro Lottery. He himself created a website and an email
address on the Internet with the address '[email protected].' Whenever accessed, the site
would name him as the beneficiary of the 12.5 million pound. After confirmation a
telgunewspaper published this as a news. He collected huge sums from the public as well
as from some banks for mobilization of the deposits in foreign currency However, the
fraud
11
came to light when a cheque discounted by him with the Andhra Bank for Rs 1.73 million
bounced. Mohan had pledged with Andhra Bank the copy of a bond certificate purportedly
issued by Midland Bank, Sheffields, London stating that a term deposit of 12.5 million
was held in his name.
Intellectual Property crimes
These include software piracy, copyright infringement, trademarks violations, theft of
computer source code etc. In other words this is also referred to as cybersquatting. Satyam
Vs. Siffy is the most widely known case. Bharti Cellular Ltd. filed a case in the Delhi
High Court that some cyber squatters had registered domain names such as
barticellular.com and bhartimobile.com with Network solutions under different fictitious
names. The court directed Network Solutions not to transfer the domain names in question
to any third party and the matter is sub-judice. Similar issues had risen before various
High Courts earlier. Yahoo had sued one Akash Arora for use of the domain name
‘Yahooindia.Com’ deceptively similar to its ‘Yahoo.com’. As this case was governed by
the Trade Marks Act,1958, the additional defence taken against Yahoo’s legal action for
the interim order was that the Trade Marks Act was applicable only to goods.
Cyber Defamation
India’s first case of cyber defamation was reported when a company’s employee started
sending derogatory, defamatory and obscene e-mails about its Managing Director. The
emails were anonymous and frequent, and were sent to many of their business associates
to tarnish the image and goodwill of the company. The company was able to identify the
employee with the help of a private computer expert and moved the Delhi High Court.
The court granted an ad-interim injunction and restrained the employee from sending,
publishing and transmitting e-mails, which are defamatory or derogatory to the plaintiffs.
12
6. CONCLUSION
Obviously computer crime is on the rise, but so is the awareness and ability to fight it.
Law enforcement realizes that it is happening more often than it is reported and are doing
there best to improve existing laws and create new laws as appropriate. The problem is not
with the awareness or the laws, but with actually reporting that a crime has occurred.
Hopefully people will begin to realize that unless they report these crimes and get
convictions, those committing computer crimes will continue to do so. While there is no
silver bullet for dealing with cyber crime, it doesn’t mean that we are completely helpless
against it. The legal system is becoming more tech savvy and manylaw enforcement
departments now have cyber crime units created specifically to deal with computer related
crimes, and of course we now have laws that are specifically designed for computer
related crime. While the existing laws are not perfect, and no law is, they are nonetheless a
step in the right direction toward making the Internet a safer place for business, research
and just casual use. As our reliance on computers and the Internet continues to grow, the
importance of the laws that protect us from the cyber-criminals will continue to grow as
well.
13