Cyberlaw and Cybercrime

1

CONTENTS

History of Cyber Crime 2-5 Introduction to Cyber Law 6-7 Categories of Cyber Crime 8 Types of Cyber Crime 9-11 Who are Cyber Criminals 12 Cyber Crime in India 12-15 Need of Cyber Laws 16-17 Cyber Laws in India 18-22 Arrest and Report Under IT Act 23 Conclusion 24

2

The internet in India is growing rapidly. It has given rise to new opportunities in every field we can think of – be it entertainment, business, sports or education.

There are two sides to a coin. Internet also has its own disadvantages. One of the major disadvantages is Cyber crime – illegal activity committed on the internet.

History of Cyber Crime

The first recorded cyber crime took place in the year 1820! In 1820, Joseph-Marie Jacquard, a textile manufacturer in France, produced the loom. This device allowed the repetition of a series of steps in the weaving of special fabrics. This resulted in a fear amongst Jacquard's employees that their traditional employment and livelihood were being threatened. They committed acts of sabotage to discourage Jacquard from further use of the new technology. This is the first recorded cyber crime! 1971

John Draper discovers the give-away whistle in Cap'n Crunch cereal boxes reproduces a 2600Hz tone. Draper builds a ‘blue box’ that, when used with the whistle and sounded into a phone receiver, allows phreaks to make free calls. Esquire publishes "Secrets of the Little Blue Box" with instructions for making one. Wire fraud in the US escalates.

1972

The InterNetworking Working Group is founded to govern the standards of the Internet. Vinton Cerf is the chairman and is known as a "Father of the Internet”.

3

1973

Teller at New York's Dime Savings Bank uses a computer to embezzle over $2 million

1978

First electronic bulletin board system (BBS) appears; becomes the primary means of communication for the electronic underground..

1981

Ian Murphy, aka. "Captain Zap“, becomes first felon convicted of a computer crime. Murphy broke into AT&T’s computers and changed the billing clock so that people receive discounted rates during normal business hours.

1982

Elk Cloner, an AppleII boot virus, is written.

1983

Movie WarGames introduces public to the phenomenon of hacking (actually war-dialing).

US Secret Service gets jurisdiction over credit card and computer fraud.

4

1984

Phiber Optik forms Masters of Deception hacking group. US Comprehensive Crime Control Act gives Secret Service jurisdiction

over computer fraud. Hacker magazine 2600 begins publication (still in print; see Captain

Crunch for the derivation of the name).

1985

Online hacking magazine Phrack established.

1986:

Pakistani Brain, the oldest virus created under unauthorized circumstances, infects IBM computers.

After many break-ins into govt. and corporate computers, Congress passes the Computer Fraud and Abuse Act, making this a crime. The law does not cover juveniles.

1987

Computer Emergency Response Team (CERT) created.

1988

Kevin Mitnick secretly monitors the e-mail of MCI and DEC security officials. He is convicted and sentenced to a year in jail.

Kevin Poulsen is indicted on phone-tampering charges. He goes on the run and avoids capture for 17 months.

First National Bank of Chicago is the victim of $70-million computer theft.

5

Robert T. Morris, Jr., graduate student at Cornell University and son of a chief scientist at the NSA, launches a self-replicating worm (the Morris Worm) on the government's ARPAnet (precursor to the Internet). The worm gets out of hand and spreads to over 6000 networked computers, clogging government and university systems. Morris is dismissed from Cornell, sentenced to three years' probation, and fined $10K.

1989

First large-scale computer extortion case is investigated - under the pretence of a quiz on the AIDS virus, users unwittingly download a program which threatens to destroy all their computer data unless they pay $500 into a foreign account.

Hackers in West Germany (loosely affiliated with the Chaos Computer Club) are arrested for breaking into US government and corporate computers and selling operating-system source code to the KGB.

1990

The Electronic Frontier Foundation (EFF) is formed. Legion of Doom and Masters of Deception engaged in online warfare -

jamming phone lines, monitoring calls, trespassing in each other's private computers.

After a prolonged sting investigation, Secret Service agents swoop down on organizers and members of BBS’s in 14 US cities, including the Legion of Doom. The arrests are aimed at cracking down on credit-card theft and telephone and wire fraud.

6

Introduction to Cyber Law :

Cyber Law is the law governing cyber space. Cyber space is a very wide term and includes computers, networks, software, data storage devices (such as hard disks, USB disks etc), the Internet, websites, emails and even electronic devices such as cell phones, ATM machines etc.

Cyber crimes can involve criminal activities that are traditional in nature, such as theft, fraud, forgery, defamation and mischief, all of which are subject to the Indian Penal Code. The abuse of computers has also given birth to a gamut of new age crimes that are addressed by the Information Technology Act, 2000.

The expression ‘Crime’ is defined as an act, which subjects the doer to legal punishment or any offence against morality, social order or any unjust or shameful act. The “Offence" is defined in the Code of Criminal Procedure to mean as an act or omission made punishable by any law for the time being in force.

It’s an unlawful act wherein the computer is either a tool or a target or

both.

Acts that are punishable by the Information Technology Act.

Cyber space is a virtual space that has become as important as real

space for business, politics, and communities .

Cyber Crime is emerging as a serious threat. World wide governments,

police departments and intelligence units have started to react.

Cyber Crime is a term used to broadly describe criminal activity in which

computers or computer networks are a tool, a target, or a place of

criminal activity and include everything from electronic cracking to

denial of service attacks. It is also used to include traditional crimes in

which computers or networks are used to enable the illicit activity.

7

Computer crime mainly consists of unauthorized access to computer

systems data alteration, data destruction, theft of intellectual property.

Cyber crime in the context of national security may involve hacking,

traditional espionage, or information warfare and related activities.

Pornography, Threatening Email, Assuming someone's Identity, Sexual

Harassment, Defamation, Spam and Phishing are some examples where

computers are used to commit crime, whereas Viruses, Worms and

Industrial Espionage, Software Piracy and Hacking are examples where

computers become target of crime.

A computer crime is any illegal act, the commission of which (in whole or

in part):

– targets computer hardware or software as its focal point, or

– utilizes computer hardware or software to accomplish or assist in

accomplishing the act, or

– involves or uses computer hardware or software to store,

preserve, assimilate, or secrete any evidence or any fruits of the

act, or

– unlawfully accesses, invades or violates computer hardware or

software integrity in accomplishing or in attempting to perform

the act

• notice by this definition, that a murder committed by

bashing someone’s head with a computer monitor would be

considered a computer crime!

8

CATEGORIES OF CYBER CRIME:

Cyber crimes can be basically divided into 3 major categories:

1. Cyber crimes against persons :

Cyber harassment is a distinct Cyber crime. Various kinds of harassment can and

do occur in cyberspace, or through the use of cyberspace. Harassment can be

sexual, racial, religious, or other.

2. Cyber crimes against property :

These crimes include computer vandalism (destruction of others' property),

transmission of harmful programs, unauthorized trespassing through cyber space,

unauthorized possession of computer information.

3. Cyber crimes against government :

Cyber terrorism is one distinct kind of crime in this category.

The growth of internet has shown that the medium of Cyberspace is being used

by individuals and groups to threaten the international governments as also to

terrorize the citizens of a country.

9

Types Of Cyber Crime

Technical Aspects Technological advancements have created new possibilities for criminal activity, in particular the criminal misuse of information technologies such as

a) Unauthorized access & Hacking:-

o Access means gaining entry into, instructing or communicating with the logical, arithmetical, or memory function resources of a computer, computer system or computer network.

o Unauthorized access would therefore mean any kind of access without the permission of either the rightful owner or the person in charge of a computer, computer system or computer network.

o By hacking web server taking control on another persons website called as web hijacking

b) Trojan Attack:-

o The program that act like something useful but do the things that are quiet damping. The programs of this kind are called as Trojans.

o Trojans come in two parts, a Client part and a Server part. When the victim (unknowingly) runs the server on its machine, the attacker will then use the Client to connect to the Server and start using the trojan.

c) Virus and Worm attack:-

o A program that has capability to infect other programs and make copies of itself and spread into other programs is called virus.

o Programs that multiply like viruses but spread from computer to computer are called as worms.

10

d) E-mail related crimes:-

Email spoofing

Email spoofing refers to email that appears to have been originated from one source when it was actually sent from another source. Please Read

Email Spamming

Email "spamming" refers to sending email to thousands and thousands of users - similar to a chain letter.

Sending malicious codes through email

E-mails are used to send viruses, Trojans etc through emails as an attachment or by sending a link of website which on visiting downloads malicious code.

Email bombing

E-mail "bombing" is characterized by abusers repeatedly sending an identical email message to a particular address.

Sending threatening emails

Sending any threatening Email to any Person regarding his live or property is also a Crime.

Defamatory emails

Making of false, derogatory statement(s) in private or public about a person's business practices, character, financial status, morals, or reputation. Oral defamation is a slander whereas printed or published defamation is a libel.

Email frauds

Email fraud is the intentional deception made for personal gain or to damage another individual through email.

11

e) Internet Relay Chat (IRC) related crimes:-

Three main ways to attack IRC are: Denial of service attacks, clone attacks, and flood attacks.

Denial of Service attacks:-

Flooding a computer resource with more requests than it can handle. This causes the resource to crash thereby denying access of service to authorized users.

Examples include

Attempts to "flood" a network, thereby preventing legitimate network traffic

Attempts to disrupt connections between two machines, thereby preventing access to a service

Attempts to prevent a particular individual from accessing a service

Attempts to disrupt service to a specific system or person.

f) Sale of illegal articles

This would include sale of narcotics, weapons and wildlife etc., by posting information on websites, auction websites, and bulletin boards or simply by using email communication.

g) Online gambling

There are millions of websites; all hosted on servers abroad, that offer online gambling. In fact, it is believed that many of these websites are actually fronts for money laundering.

12

Who are Cyber Criminals ?:

Kids (age group 9-16 etc.) Organized hack activists Disgruntled employees Professional hackers (corporate espionage)

Why India?

India stands 11th in the ranking for Cyber Crime in the World, constituting 3%

of the Global Cyber Crime.

13

A rapidly growing online user base

121 Million Internet Users 65 Million Active Internet Users, up by 28% from 51 million in 2010 50 Million users shop online on Ecommerce and Online Shopping Sites 46+ Million Social Network Users 346 million mobile users had subscribed to Data Packages.

Cyber Crime In India

The majority of cybercrimes are centered on forgery, fraud and

Phishing,

India is the third-most targeted country for Phishing attacks after the

US and the UK,

Social networks as well as ecommerce sites are major targets,

6.9 million bot-infected systems in 2010,

14,348 website defacements in 2010,

6,850 .in and 4,150 .com domains were defaced during 2011,

15,000 sites hacked in 2011,

India is the number 1 country in the world for generating spam.

14

Cost Of Cyber Crime In India (2010)

29.9 million people fell victim to cybercrime,

$4 billion in direct financial losses,

$3.6 billion in time spent resolving the crime,

4 in 5 online adults (80%) have been a victim of Cybercrime,

17% of adults online have experienced cybercrime on their mobiles.

A total number of 90, 119, 252 and 219 Government websites tracked by the

Indian Computer Emergency Response Team (CERT-In) were hacked / defaced

by various hacker groups in the year 2008, 2009, 2010 and Jan–Oct 2011

respectively.

15

The police have recorded 3,038 cases but made only 2,700 arrests in 3

years (between 2007 and 2010)

India registered only 1,350 cases under the IT Act and IPC in 2010

50% of cybercrimes are not even reported.

16

NEED FOR CYBER LAWS

Laws are necessary in all segments of society, and e-commerce is no

exception.

Those in the online world should recognize that copyright, patent, and

trademark laws protect much of the material found on the Internet.

All Internet users, including minors, need to be assured of their privacy

and the safety of their personal information online.

In today's highly digitalized world, almost everyone is affected by cyber

law.

Almost all companies extensively depend upon their computer networks

and keep their valuable data in electronic form.

Government forms including income tax returns, company law forms etc

are now filled in electronic form.

Consumers are increasingly using credit cards for shopping.

Most people are using email, cell phones and SMS messages for

communication.

Even in "non-cyber crime" cases, important evidence is found in

computers / cell phones e.g. in cases of divorce, murder, kidnapping, tax

evasion, organized crime, terrorist operations, counterfeit currency etc.

Cyber crime cases such as online banking frauds, online share trading

fraud, source code theft, credit card fraud, tax evasion, virus attacks,

cyber sabotage, phishing attacks, email hijacking, denial of service,

hacking, pornography etc are becoming common.

17

Cyberspace is an intangible dimension that is impossible to govern and

regulate using conventional law.

Cyberspace has complete disrespect for jurisdictional boundaries.

Cyberspace handles gigantic traffic volumes every second.

Cyberspace is absolutely open to participation by all.

Cyberspace offers enormous potential for anonymity to its members.

Cyberspace offers never-seen-before economic efficiency.

Electronic information has become the main object of cyber crime. It is

characterized by extreme mobility, which exceeds by far the mobility of

persons, goods or other services.

A software source code worth cores of rupees or a movie can be pirated

across the globe within hours of their release.

Theft of corporeal information (e.g. Books, papers, CD, ROMs, floppy

disks) is easily covered by traditional penal provisions.

18

Cyber Laws in India :

Under The Information Technology Act, 2000

The primary source of cyber law in India is the Information Technology Act, 2000 (IT Act) which came into force on 17 October 2000.

The primary purpose of the Act is to provide lega lrecognition to electronic commerce andt of acilitate filing of electronic records with the Government.

The IT Act also penalizes various cyber crimes and provides strict punishments (imprisonment terms upto 10 years and compensation up to Rs 1 crore).

CHAPTER XI – OFFENCES – 66. Hacking with computer system.

(1) Whoever with the Intent to cause or knowing that he is likely to cause Wrongful Loss or Damage to the public or any person Destroys or Deletes or Alters any Information Residing in a Computer Resource or diminishes its value or utility or affects it injuriously by any means, commits hack.

(2) Whoever commits hacking shall be punished with imprisonment up to three years, or with fine which may extend up to two lakh rupees, or with both.

(3) CYBER OFFENCES UNDER THE IT ACT • Tampering with computer source documents – Section 65 • Hacking - Section 66 • Publishing of information which is obscene in electronic form - Section 67

19

Information Technology (Certifying Authority) Regulations,2001 came into force on 9 July 2001. They provide further technical standards and procedures to be used by a CA.

Two important guidelines relating to CAs were issued. The first are the Guidelines for submission of application for license to operate as a Certifying Authority under the IT Act. These guidelines were issued on 9th July 2001.

Next were the Guidelines for submission of certificates and certification revocation lists to the Controller of Certifying Authorities for publishing National Repository of Digital Certificates. These were issue on 16th December 2002.

Cyber Regulations Appellate Tribunal (Procedure) Rules, 2000

also came into force on 17th October 2000.

These rules prescribe the appointment and working of the Cyber Regulations Appellate Tribunal (CRAT) whose primary role is to hear appeals against orders of the Adjudicating Officers.

The Cyber Regulations Appellate Tribunal (Salary, Allowances and other terms and conditions of service of Presiding Officer) Rules, 2003 prescribe the salary, allowances and other terms for the Presiding Officer of the CRAT. Information Technology (Other powers of Civil Court vested in Cyber Appellate Tribunal) Rules 2003 provided some additional powers to the CRAT.

20

The Information Technology (Security Procedure) Rules, 2004

came into force on 29th October 2004. They prescribe provisions relating to secure digital signatures and secure electronic records.

Also relevant are the Information Technology (Other Standards) Rules, 2003.

An important order relating to blocking of websites was passed on 27th February, 2003.Computer Emergency Response Team (CERT-IND) can instruct Department of Telecommunications (DOT) to block a website.

The Indian Penal Code (as amended by the IT Act) penalizes several

cyber crimes. These include forgery of electronic records, cyber frauds, destroying electronic evidence etc.

Digital Evidence is to be collected and proven in court as per the provisions of the Indian Evidence Act (as amended by the IT Act).

In case of bank records, the provisions of the Bankers’ Book Evidence Act (as amended by the IT Act) are relevant.

Investigation and adjudication of cyber crimes is done in accordance with

the provisions of the Code of Criminal Procedure and the IT Act.

The Reserve Bank of India Act was also amended by the IT Act.

21

Information Technology Amendment Act, 2008

Section – 43,

Destroys, Deletes or Alters any Information residing in a computer resource or diminishes its value or utility or affects it injuriously by any means;

Steals, conceals, destroys or alters or causes any person to steal, conceal, destroy or alter any computer source code used for a computer resource with an intention to cause damage;

“If any person, dishonestly, or fraudulently, does any act referred to in section 43, he shall be punishable with imprisonment for a term which may extend to two three years or with fine which may extend to five lakh rupees or with both.” [S.66]

S.66A - Punishment for sending offensive messages through communication service, etc

Shall be punishable with imprisonment for a term which may extend to three years and with fine.

S. 66C - Punishment for identity theft

“Whoever, fraudulently or dishonestly make use of the electronic signature, password or any other unique identification feature of any other person, shall be punished with imprisonment of either description for a term which may extend to three years and shall also be liable to fine which may extend to rupees one lakh”

S. 66D - Punishment for cheating by personation by using computer resource

“Whoever, by means of any communication device or computer resource cheats by personation, shall be punished with imprisonment of either description for a term which may extend to three years and shall also be liable to fine which may extend to one lakh rupees. “

22

S. 66E - Punishment for violation of privacy.

“Whoever, intentionally or knowingly captures, publishes or transmits the image of a private area of any person without his or her consent, under circumstances violating the privacy of that person, shall be punished with imprisonment which may extend to three years or with fine not exceeding two lakh rupees, or with both”

S. 67 A - Punishment for publishing or transmitting of material containing sexually explicit act, etc. in electronic form

“Whoever publishes or transmits or causes to be published or transmitted in the electronic form any material which contains sexually explicit act or conduct shall be punished on first conviction with imprisonment of either description for a term which may extend to five years and with fine which may extend to ten lakh rupees”

S. 67 C - Preservation and Retention of information by intermediaries.

“Intermediary shall preserve and retain such information as may be specified for such duration and in such manner and format as the Central Government may prescribe.

Any intermediary who intentionally or knowingly contravenes the provisions of sub section (1) shall be punished with an imprisonment for a term which may extend to three years and shall also be liable to fine.”

CYBER LAWS AMENDMENTS INDIAN PENAL

• CODE,1860

• INDIAN EVIDENCE ACT,1872

• BANKER’S BOOK EVIDENCE ACT,1891

• GENERAL CLAUSES ACT,1897

23

Arrests & Reports Under IT Act

Under the IT Act, 966 cybercrime cases were filed in 2010 420 in 2009)

Geographic breakdown of cases reported:

o 153 from Karnataka,

o 148 from Kerala

o 142 from Maharashtra

o 105 Andhra Pradesh

o 52 Rajasthan

o 52 Punjab

233 persons were arrested in 2010

33% of the cases registered were related to hacking

Under the IPC, 356 cybercrime cases were registered in 2010 (276 cases in 2009)

Geographic breakdown of cases reported --

o 104 from Maharashtra

o 66 Andhra Pradesh

o 46 Chhattisgarh

The majority of these crimes were either forgery or fraud cases.

24

CONCLUSION

• CYBER LAWS_ ESSENTIAL FEATURE IN TODAYS WORLD OF INTERNET

• ACHIEVING GLOBAL PEACE AND HARMONY

• “Indian Laws are well drafted and are capable of handling all kinds of challenges as posed by cyber criminals. However, the enforcement agencies are required to be well versed with the changing technologies and Laws.”

• "As internet technology advances so does the threat of cyber crime. In times like these we must protect ourselves from cyber crime. Anti-virus software, firewalls and security patches are just the beginning. Never open suspicious e-mails and only navigate to trusted sites.”