Cybercrime

CybercrimePreventive steps & Awareness

Objectives To provide a general awareness of

Cybercrime To understand Cybercrime methods To identify Internet scams To learn how to keep from being a victim

What is Cybercrime? Cybercrime is any illegal act committed

by using a computer network. Cybercrime is a subset of computer crime.

Examples of Cybercrime Web defacement Unauthorized network

access Cyber-Stalking Internet fraud

Identity theft Child pornography Interception and

fabrication of emails Theft of passwords

Who are the perpetrators? Not just “hackers.”

Companies seeking competitor’s trade secrets Con-artists Pedophiles Disgruntled employees “Accidental” criminals

The Internet should be viewed as another medium in which criminals can conduct illegal acts.

Who are the cyber victims? Companies

No security awareness Bottom liners

Individuals The unaware individuals The “don’t care” individuals The “innocent by-stander” individuals

Society

Desktop Security

Many people become victims of a cyber attack by what is referred to as “drive by hacking.”

Tools are freely available on the Internet to allow for such behavior to occur.

The latest Microsoft Security flaw is a good example of how vulnerable each users desktop is to such an attack.

Spyware Spyware is used by companies to gather

the surfing habits of individuals. Pop-up ads are usually a result of spyware

being present on a computer. Keyloggers are a form of spyware that

secretly record keystrokes and have the ability to email them back to the intruder.

What can I do?

Awareness is the first step in protecting yourself and your family.

Invest in Anti-virus, Firewall, and SPAM blocking software for your PC.

Detect secure websites when conducting transactions online.

Do NOT respond or act on emails sent from unknown sources.

Detecting Secure Websites

HTTPS instead of HTTP

Yellow Lock at bottom right of website

Emails SPAM emails are becoming easier to

detect by the average user. Look for these clues to identify SPAM: The receiver’s name is the same as the sender’s The subject is offering money making deals The user is unknown and there are links to what

appear to be legitimate websites.

Cyber crime: an important note The IT Act provides the backbone for e-

commerce and India’s approach has been to look at e-governance and e-commerce primarily from the promotional aspects looking at the vast opportunities and the need to sensitize the population to the possibilities of the information age. There is the need to take in to consideration the security aspects.

Cyber crime: Indian law In Indian law, cyber crime has to be voluntary and

willful, an act or omission that adversely affects a person or property. The IT Act provides the backbone for e-commerce and India’s approach has been to look at e-governance and e-commerce primarily from the promotional aspects looking at the vast opportunities and the need to sensitize the population to the possibilities of the information age. There is the need to take in to consideration the security aspects.

United Nations’ Definition of Cybercrime a. Cybercrime in a narrow sense (computer crime): Any

illegal behavior directed by means of electronic operations that targets the security of computer systems and the data processed by them.

b. Cybercrime in a broader sense (computer-related crime): Any illegal behavior committed by means of, or in relation to, a computer system or network, including such crimes as illegal possession [and] offering or distributing information by means of a computer system or network.

Cyber crime: There are more concrete examples, including Unauthorized access Damage to computer data or programs Computer sabotage Unauthorized interception of

communications Computer espionage

What are the basic steps in fortifying the legal position of an organisation in cases of data theft? While passing the IT Act, the government

has also amended other related legislation, such as the Copyright Act or the Law of Evidence. Now, an organisation can keep a log of how a particular piece of intellectual property was built, by documenting the steps that led to development of a solution or product. This documentation will help establish the ownership of the final product.

What about simple information or databases? The same applies to these. Beginning with

the source of the database or information, their build up, fine-tuning and periodical revision will establish ownership.

How broad is the scope of protection under the laws? Section 66 of the IT Act has defined hacking as

(among other things) intentionally destroying, deleting or altering any information residing on a computer. There is no mention of the word copying here. However, the latter part of this section refers to "diminishing the value or utility" of this information. Copying is covered under this. If someone steals information and pastes it on a web site available to all, the value of this information diminishes.

Are there methods to ensure adherence to data access norms for employees? Each organisation must have a well-defined IT use

policy. It is important to offer written description of the limits each employee needs to follow. They should also be told the legal consequences of any breach of the access norms. There are provisions for imprisonment of three to five years and a fine for different offences under the IT Act. The law also provides judicial custody of up to a week to allow investigation. The idea of staying in a lock-up can be a deterrent enough for the techie kind, provided they are told about it.

Is the redressal process speedier for those hit by cyber crimes? Any incident of data theft can be addressed on both criminal

and civil tracks of the law. While the criminal proceedings will intend to regain the custody of data, the civil proceeding will seek compensation for loss caused by such theft. Disposal of cases will be handled at par with other cases of either nature. However, under the IT Act, the secretary of the information technology department of the Central or state government has been empowered to adjudicate the civil cases. This officer has the powers to order summary investigation and is not compelled to follow any legal procedures and will simply follow. If he follows the principles of natural justice (such as giving the accused an opportunity to be heard) he can examine the evidence, impose punishment and order compensation.

Conclusion The key to protecting yourself is being

aware. Not all cybercriminals are “hackers.” There is a whole other world that exists in

cyberspace…make sure that your information travels safely.

Questions

HR & Administrative [email protected]