CYBER CRIME INTRODUCTION

CYBER CRIME INTRODUCTION: The term ‘cyber crime’ is a misnomer. This term has nowhere been defined in any statute /Act passed or enacted by the Indian Parliament. The concept of cyber crime is not radically different from the concept of conventional crime. Both include conduct whether act or omission, which cause breach of rules of law and counterbalanced by the sanction of the state. Before evaluating the concept of cyber crime it is obvious that the concept of conventional crime be discussed and the points of similarity and deviance between both these forms may be discussed. CONVENTIONAL CRIME- Crime is a social and economic phenomenon and is as old as the human society. Crime is a legal concept and has the sanction of the law. Crime or an offence is “a legal wrong that can be followed by criminal proceedings which may result into punishment.”(1) The hallmark of criminality is that, it is breach of the criminal law. Per Lord Atkin “the criminal quality of an act cannot be discovered by reference to any standard but one: is the act prohibited with penal consequences”. (2) A crime may be said to be any conduct accompanied by act or omission prohibited by law and consequential breach of which is visited by penal consequences. CYBER CRIME Cyber crime is the latest and perhaps the most complicated problem in the cyber world. “Cyber crime may be said to be those species, of which, genus is the conventional crime, and where either the computer is an object or subject of the conduct constituting crime” (13). “Any criminal activity that uses a computer either as an instrumentality, target or a means for perpetuating further crimes comes within the ambit of cyber crime”(12) A generalized definition of cyber crime may be “ unlawful acts wherein the computer is either a tool or target or both”(3) The computer may be used as a tool in the following kinds of activity- financial crimes, sale of illegal articles, pornography, online gambling, intellectual property crime, e-mail spoofing, forgery, cyber defamation, cyber stalking. The computer may however be target for unlawful acts in the following cases- unauthorized access to computer/ computer system/ computer networks, theft of information contained in the electronic form, e-mail bombing, data didling, salami attacks, logic bombs, Trojan attacks, internet time thefts, web jacking, theft of computer system, physically damaging the computer system. DISTINCTION BETWEEN CONVENTIONAL AND CYBER CRIME- There is apparently no distinction between cyber and conventional crime. However on a deep introspection we may say that there exists a fine line of demarcation between the conventional and cyber crime, which is appreciable. The demarcation lies in the involvement of the medium in cases of cyber crime. The sine qua non for cyber crime is that there should be an involvement, at any stage, of the virtual cyber medium. REASONS FOR CYBER CRIME: Hart in his work “ The Concept of Law” has said ‘human beings are vulnerable so rule of law is required to protect them’. Applying this to the cyberspace we may say that computers are vulnerable so rule of law is required to protect and safeguard them against cyber crime. The reasons for the vulnerability of computers may be said to be: Capacity to store data in comparatively small space- The computer has unique characteristic of storing data in a very small space. This affords to remove or derive information either through physical or virtual medium makes it much more easier. Easy to access- The problem encountered in guarding a computer system from unauthorised access is that there is every possibility of breach not due to human error but due to the complex technology. By secretly implanted logic bomb, key loggers that can steal access codes, advanced voice recorders; retina imagers etc. that can fool biometric systems and bypass firewalls can be utilized to get past many a security system. 3.Complex- The computers work on operating systems and these operating systems in turn are composed of millions of codes. Human mind is fallible and it is not possible that there might not be a lapse at any stage. The cyber criminals take advantage of these lacunas and penetrate into the computer system. 4.Negligence- Negligence is very closely connected with human conduct. It is therefore very probable that while protecting the computer system there might be any negligence, which in turn provides a cyber criminal to gain access and control over the computer system. 5. Loss of evidence- Loss of evidence is a very common & obvious problem as all the data are routinely destroyed. Further collection of data outside the territorial extent also paralyses this system of crime investigation. CYBER CRIMINALS: The cyber criminals constitute of various groups/ category. This division may be justified on the basis of the object that they have in their mind. The following are the category of cyber criminals- 1. Children and adolescents between the age group of 6 – 18 years – The simple reason for this type of delinquent behaviour pattern in children is seen mostly due to the inquisitiveness to know and explore the things. Other cognate reason may be to prove themselves to be outstanding amongst other children in their group. Further the reasons may be psychological even. E.g. the Bal Bharati (Delhi) case was the outcome of harassment of the delinquent by his friends. 2. Organised hackers- These kinds of hackers are mostly organised together to fulfil certain objective. The reason may be to fulfil their political bias, fundamentalism, etc. The Pakistanis are said to be one of the best quality hackers in the world. They mainly target the Indian government sites with the purpose to fulfil their political objectives. Further the NASA as well as the Microsoft sites is always under attack by the hackers. 3. Professional hackers / crackers – Their work is motivated by the colour of money. These kinds of hackers are mostly employed to hack the site of the rivals and get credible, reliable and valuable information. Further they are ven employed to crack the system of the employer basically as a measure to make it safer by detecting the loopholes. 4. Discontented employees- This group include those people who have been either sacked by their employer or are dissatisfied with their employer. To avenge they normally hack the system of their employee. MODE AND MANNER OF COMMITING CYBER CRIME: Unauthorized access to computer systems or networks / Hacking- This kind of offence is normally referred as hacking in the generic sense. However the framers of the information technology act 2000 have no where used this term so to avoid any confusion we would not interchangeably use the word hacking for ‘unauthorized access’ as the latter has wide connotation. Theft of information contained in electronic form- This includes information stored in computer hard disks, removable storage media etc. Theft may be either by appropriating the data physically or by tampering them through the virtual medium. Email bombing- This kind of activity refers to sending large numbers of mail to the victim, which may be an individual or a company or even mail servers there by ultimately resulting into crashing. Data diddling- This kind of an attack involves altering raw data just before a computer processes it and then changing it back after the processing is completed. Theelectricity board faced similar problem of data diddling while the department was being computerised. Salami attacks- This kind of crime is normally prevalent in the financial institutions or for the purpose of committing financial crimes. An important feature of this type of offence is that the alteration is so small that it would normally go unnoticed. E.g. the Ziegler case wherein a logic bomb was introduced in the bank’s system, which deducted 10 cents from every account and deposited it in a particular account. Denial of Service attack- The computer of the victim is flooded with more requests than it can handle which cause it to crash. Distributed Denial of Service (DDoS) attack is also a type of denial of service attack, in which the offenders are wide in number and widespread. E.g. Amazon, Yahoo. 7. Virus / worm attacks- Viruses are programs that attach themselves to a computer or a file and then circulate themselves to other files and to other computers on a network. They usually affect the data on a computer, either by altering or deleting it. Worms, unlike viruses do not need the host to attach themselves to. They merely make functional copies of themselves and do this repeatedly till they eat up all the available space on a computer's memory. E.g. love bug virus, which affected at least 5 % of the computers of the globe. The losses were accounted to be $ 10 million. The world's most famous worm was the Internet worm let loose on the Internet by Robert Morris sometime in 1988. Almost brought development of Internet to a complete halt. 8. Logic bombs- These are event dependent programs. This implies that these programs are created to do something only when a certain event (known as a trigger event) occurs. E.g. even some viruses may be termed logic bombs because they lie dormant all through the year and become active only on a particular date (like the Chernobyl virus). Trojan attacks- This term has its origin in the word ‘Trojan horse’. In software field this means an unauthorized programme, which passively gains control over another’s system by representing itself as an authorised programme. The most common form of installing a Trojan is through e-mail. E.g. a Trojan was installed in the computer of a lady film director in the U.S. while chatting. The cyber criminal through the web cam installed in the computer obtained her nude photographs. He further harassed this lady. Internet time thefts- Normally in these kinds of thefts the Internet surfing hours of the victim are used up by another person. This is done by gaining access to the login ID and the password. E.g. Colonel Bajwa’s case- the Internet hours were used up by any other person. This was perhaps one of the first reported cases related to cyber crime in India. However this case made the police infamous as to their lack of understanding of the nature of cyber crime. 11. Web jacking- This term is derived from the term hi jacking. In these kinds of offences the hacker gains access and control over the web site of another. He may even mutilate or change the information on the site. This may be done for fulfilling political objectives or for money. E.g. recently the site of MIT (Ministry of Information Technology) was hacked by the Pakistani hackers and some obscene matter was placed therein. Further the site of Bombay crime branch was also web jacked. Another case of web jacking is that of the ‘gold fish’ case. In this case the site was hacked and the information pertaining to gold fish was changed. Further a ransom of US $ 1 million was demanded as ransom. Thus web jacking is a process where by control over the site of another is made backed by some consideration for it. CLASSIFICATION: The subject of cyber crime may be broadly classified under the following three groups. They are-1. Against Individuals a. their person &b. their property of an individual 2. Against Organization a. Governmentc. Firm, Company, Group of Individuals.3. Against Society at large The following are the crimes, which can be committed against the followings group Against Individuals: – i. Harassment via e-mails.ii. Cyber-stalking.iii. Dissemination of obscene material.iv. Defamation.v. Unauthorized control/access over computer system.vi. Indecent exposurevii. Email spoofing viii. Cheating & Fraud Against Individual Property: - i. Computer vandalism.ii. Transmitting virus.iii. Netrespassiv. Unauthorized control/access over computer system.v. Intellectual Property crimesvi. Internet time thefts Against Organization: - i. Unauthorized control/access over computer systemii. Possession of unauthorized information.iii. Cyber terrorism against the government organization.iv. Distribution of pirated software etc. Against Society at large: - i. Pornography (basically child pornography).ii. Polluting the youth through indecent exposure.iii. Traffickingiv. Financial crimesv.Sale of illegal articlesvi.Online gamblingvii. Forgery The above mentioned offences may discussed in brief as follows: 1. Harassment via e-mails- Harassment through e-mails is not a new concept. It is very similar to harassing through letters. Recently I had received a mail from a lady wherein she complained about the same. Her former boy friend was sending her mails constantly sometimes emotionally blackmailing her and also threatening her. This is a very common type of harassment via e-mails. 2. Cyber-stalking- The Oxford dictionary defines stalking as quot;
pursuing stealthilyquot;
. Cyber stalking involves following a person's movements across the Internet by posting messages (sometimes threatening) on the bulletin boards frequented by the victim, entering the chat-rooms frequented by the victim, constantly bombarding the victim with emails etc. 3. Dissemination of obscene material/ Indecent exposure/ Pornography (basically child pornography) / Polluting through indecent exposure- Pornography on the net may take various forms. It may include the hosting of web site containing these prohibited materials. Use of computers for producing these obscene materials. Downloading through the Internet, obscene materials. These obscene matters may cause harm to the mind of the adolescent and tend to deprave or corrupt their mind. Two known cases of pornography are the Delhi Bal Bharati case and the Bombay case wherein two Swiss couple used to force the slum children for obscene photographs. The Mumbai police later arrested them. 4. Defamation It is an act of imputing any person with intent to lower the person in the estimation of the right-thinking members of society generally or to cause him to be shunned or avoided or to expose him to hatred, contempt or ridicule. Cyber defamation is not different from conventional defamation except the involvement of a virtual medium. E.g. the mail account of Rohit was hacked and some mails were sent from his account to some of his batch mates regarding his affair with a girl with intent to defame him. 4. Unauthorized control/access over computer system- This activity is commonly referred to as hacking. The Indian law has however given a different connotation to the term hacking, so we will not use the term quot;
unauthorized accessquot;
interchangeably with the term quot;
hackingquot;
to prevent confusion as the term used in the Act of 2000 is much wider than hacking. 5. E mail spoofing- A spoofed e-mail may be said to be one, which misrepresents its origin. It shows it's origin to be different from which actually it originates. Recently spoofed mails were sent on the name of Mr. Na.Vijayashankar (naavi.org), which contained virus. Rajesh Manyar, a graduate student at Purdue University in Indiana, was arrested for threatening to detonate a nuclear device in the college campus. The alleged e- mail was sent from the account of another student to the vice president for student services. However the mail was traced to be sent from the account of Rajesh Manyar.(15) 6. Computer vandalism- Vandalism means deliberately destroying or damaging property of another. Thus computer vandalism may include within its purview any kind of physical harm done to the computer of any person. These acts may take the form of the theft of a computer, some part of a computer or a peripheral attached to the computer or by physically damaging a computer or its peripherals. 7. Transmitting virus/worms- This topic has been adequately dealt herein above. 8. Intellectual Property crimes / Distribution of pirated software- Intellectual property consists of a bundle of rights. Any unlawful act by which the owner is deprived completely or partially of his rights is an offence. The common form of IPR violation may be said to be software piracy, copyright infringement, trademark and service mark violation, theft of computer source code, etc. The Hyderabad Court has in a land mark judgement has convicted three people and sentenced them to six months imprisonment and fine of 50,000 each for unauthorized copying and sell of pirated software. (16) 9. Cyber terrorism against the government organization At this juncture a necessity may be felt that what is the need to distinguish between cyber terrorism and cyber crime. Both are criminal acts. However there is a compelling need to distinguish between both these crimes. A cyber crime is generally a domestic issue, which may have international consequences, however cyber terrorism is a global concern, which has domestic as well as international consequences. The common form of these terrorist attacks on the Internet is by distributed denial of service attacks, hate websites and hate emails, attacks on sensitive computer networks, etc. Technology savvy terrorists are using 512-bit encryption, which is next to impossible to decrypt. The recent example may be cited of – Osama Bin Laden, the LTTE, attack on America’s army deployment system during Iraq war. Cyber terrorism may be defined to be “ the premeditated use of disruptive activities, or the threat thereof, in cyber space, with the intention to further social, ideological, religious, political or similar objectives, or to intimidate any person in furtherance of such objectives” (4) Another definition may be attempted to cover within its ambit every act of cyber terrorism. A terrorist means a person who indulges in wanton killing of persons or in violence or in disruption of services or means of communications essential to the community or in damaging property with the view to – (1) putting the public or any section of the public in fear; or (2) affecting adversely the harmony between different religious, racial, language or regional groups or castes or communities; or (3) coercing or overawing the government established by law; or (4) endangering the sovereignty and integrity of the nation and a cyber terrorist is the person who uses the computer system as a means or ends to achieve the above objectives. Every act done in pursuance thereof is an act of cyber terrorism. 10.Trafficking Trafficking may assume different forms. It may be trafficking in drugs, human beings, arms weapons etc. These forms of trafficking are going unchecked because they are carried on under pseudonyms. A racket was busted in Chennai where drugs were being sold under the pseudonym of honey. Fraud & Cheating Online fraud and cheating is one of the most lucrative businesses that are growing today in the cyber space. It may assume different forms. Some of the cases of online fraud and cheating that have come to light are those pertaining to credit card crimes, contractual crimes, offering jobs, etc. Recently the Court of Metropolitan Magistrate Delhi (17) found guilty a 24-year-old engineer working in a call centre, of fraudulently gaining the details of Campa's credit card and bought a television and a cordless phone from Sony website. Metropolitan magistrate Gulshan Kumar convicted Azim for cheating under IPC, but did not send him to jail. Instead, Azim was asked to furnish a personal bond of Rs 20,000, and was released on a year's probation. STATUTORY PROVISONS: The Indian parliament considered it necessary to give effect to the resolution by which the General Assembly adopted Model Law on Electronic Commerce adopted by the United Nations Commission on Trade Law. As a consequence of which the Information Technology Act 2000 was passed and enforced on 17th May 2000.the preamble of this Act states its objective to legalise e-commerce and further amend the Indian Penal Code 1860, the Indian Evidence Act 1872, the Banker’s Book Evidence Act1891 and the Reserve Bank of India Act 1934. The basic purpose to incorporate the changes in these Acts is to make them compatible with the Act of 2000. So that they may regulate and control the affairs of the cyber world in an effective manner. The Information Technology Act deals with the various cyber crimes in chapters IX & XI. The important sections are Ss. 43,65,66,67. Section 43 in particular deals with the unauthorised access, unauthorised downloading, virus attacks or any contaminant, causes damage, disruption, denial of access, interference with the service availed by a person. This section provide for a fine up to Rs. 1 Crore by way of remedy. Section 65 deals with ‘tampering with computer source documents’ and provides for imprisonment up to 3 years or fine, which may extend up to 2 years or both. Section 66 deals with ‘hacking with computer system’ and provides for imprisonment up to 3 years or fine, which may extend up to 2 years or both. Further section 67 deals with publication of obscene material and provides for imprisonment up to a term of 10 years and also with fine up to Rs. 2 lakhs. (14) ANALYSIS OF THE STATUTORY PROVISONS: The Information Technology Act 2000 was undoubtedly a welcome step at a time when there was no legislation on this specialised field. The Act has however during its application has proved to be inadequate to a certain extent. The various loopholes in the Act are- 1. The hurry in which the legislation was passed, without sufficient public debate, did not really serve the desired purpose (6)- Experts are of the opinion that one of the reasons for the inadequacy of the legislation has been the hurry in which it was passed by the parliament and it is also a fact that sufficient time was not given for public debate. 2. “Cyberlaws, in their very preamble and aim, state that they are targeted at aiding e-commerce, and are not meant to regulate cybercrime”(6) – Mr. Pavan Duggal holds the opinion that the main intention of the legislators has been to provide for a law to regulate the e-commerce and with that aim the I.T.Act 2000 was passed, which also is one of the reasons for its inadequacy to deal with cases of cyber crime. At this point I would like to express my respectful dissent with Mr. Duggal. I feel that the above statement by Mr. Duggal is not fundamentally correct. The reason being that the preamble does state that the Act aims at legalising e-commerce. However it does not stop here. It further amends the I.P.C., Evidence Act, Banker’s Book Evidence and RBI Act also. The Act also aims to deal with all matters connected therewith or incidental thereto. It is a cardinal rule of interpretation that “text should be read as a whole to gather the meaning”. It seems that the above statement has been made in total disregard of this rule of interpretation. The preamble, if read as a whole, makes it very clear that the Act equally aims at legalising e-commerce and to curb any offences arising there from. 3.Cyber torts- The recent cases including Cyber stalking cyber harassment, cyber nuisance, and cyber defamation have shown that the I.T.Act 2000 has not dealt with those offences. Further it is also contended that in future new forms of cyber crime will emerge which even need to be taken care of. Therefore India should sign the cyber crime convention. However the I.T.Act 2000 read with the Penal Code is capable of dealing with these felonies. 4.Cyber crime in the Act is neither comprehensive nor exhaustive- Mr. Duggal believes that we need dedicated legislation on cyber crime that can supplement the Indian Penal Code. The contemporary view is held by Mr. Prathamesh Popat who has stated- quot;
The IT Act, 2000 is not comprehensive enough and doesn't even define the term 'cyber crimequot;
.(8) Mr. Duggal has further commented, “India, as a nation, has to cope with an urgent need to regulate and punish those committing cyber crimes, but with no specific provisions to do so. Supporters of the Indian Penal Code School vehemently argue that IPC has stood the test of time and that it is not necessary to incorporate any special laws on cyber crime. This is because it is debated by them that the IPC alone is sufficient for all kinds of crime. However, in practical terms, the argument does not have appropriate backing. It has to be distinctly understood that cyber crime and cyberspace are completely new whelms, where numerous new possibilities and opportunities emerge by the day in the form of new kinds of crimes.”(6) I feel that a new legislation on cyber crime is totally unwarranted. The reason is that the new legislation not come alone but will bring with it the same confusion, the same dissatisfaction and the same desire to supplant it by further new legislation. Mr. Duggal has stated above the need to supplement IPC by a new legislation. If that is the issue then the present legislation along with the Penal Code when read harmoniously and co- jointly is sufficient to deal with the present problems of cyber crime. Further there are other legislations to deal with the intellectual property crimes on the cyber space such as the Patents Act, Copy Right Act, Trade Marks Act. 5.Ambiguity in the definitions- The definition of hacking provided in section 66 of the Act is very wide and capable of misapplication. There is every possibility of this section being misapplied and in fact the Delhi court has misapplied it. The infamous go2nextjob has made it very clear that what may be the fate of a person who is booked under section 66 or the constant threat under which the netizens are till s. 66 exists in its present form. Further section 67 is also vague to certain extent. It is difficult to define the term lascivious information or obscene pornographic information. Further our inability to deal with the cases of cyber pornography has been proved by the Bal Bharati case. 6. Uniform law- Mr. Vinod Kumar (9) holds the opinion that the need of the hour is a worldwide uniform cyber law to combat cyber crime. Cyber crime is a global phenomenon and therefore the initiative to fight it should come from the same level. E.g. the author of the love bug virus was appreciated by his countrymen. 7.Lack of awareness- One important reason that the Act of 2000 is not achieving complete success is the lack of awareness among the s about their rights. Further most of the cases are going unreported. If the people are vigilant about their rights the law definitely protects their right. E.g. the Delhi high court in October 2002 prevented a person from selling Microsoft pirated software over an auction site. Achievement was also made in the case before the court of metropolitan magistrate Delhi wherein a person was convicted for online cheating by buying Sony products using a stolen creditcard. (17) 8. Jurisdiction issues- Jurisdiction is also one of the debatable issues in the cases of cyber crime due to the very universal nature of cyber space. With the ever-growing arms of cyber space the territorial concept seems to vanish. New methods of dispute resolution should give way to the conventional methods. The Act of 2000 is very silent on these issues. 9. Extra territorial application- Though S.75 provides for extra-territorial operations of this law, but they could be meaningful only when backed with provisions recognizing orders and warrants for Information issued by competent authorities outside their jurisdiction and measure for cooperation for exchange of material and evidence of computer crimes between law enforcement agencies. 10. Raising a cyber army- By using the word ‘cyber army’ by no means I want to convey the idea of virtual army, rather I am laying emphasis on the need for a well equipped task force to deal with the new trends of hi tech crime. The government has taken a leap in this direction by constituting cyber crime cells in all metropolitan and other important cities. Further the establishment of the Cyber Crime Investigation Cell (CCIC) of the Central Bureau of Investigation (CBI) 11) is definitely a welcome step in this direction. There are man cases in which the C.B.I has achieved success. The present position of cases of cyber crime (17) is – Case 1: When a woman at an MNC started receiving obscene calls, CBI found her colleague had posted her personal details on Mumbaidating.com. Status: Probe on Case 2: CBI arrested a man from UP, Mohammed Feroz, who placed ads offering jobs in Germany. He talked to applicants via e-mail and asked them to deposit money in his bank account in Delhi. Status: Chargesheet not filed Case 3: The official web-site of the Central Board of Direct Taxes was hacked last year. As Pakistan-based hackers were responsible, authorities there were informed through Interpol. Status: Pak not cooperating. 11. Cyber savvy bench- Cyber savvy judges are the need of the day. Judiciary plays a vital role in shaping the enactment according to the order of the day. One such stage, which needs appreciation, is the P.I.L., which the Kerela High Court has accepted through an email. The role of the judges in today’s word may be gathered by the statement- judges carve ‘law is’ to ‘law ought to be’. Mr T.K.Vishwanathan, member secretary,Law Commission , has highlighted the requirements for introducing e-courts in India. In his article published in The Hindu he has stated“if there is one area of Governance where IT can make a huge difference to Indian public is in the Judicial System”. 12. Dynamic form of cyber crime- Speaking on the dynamic nature of cyber crime FBI Director Louis Freeh has said, quot;
In short, even though we have markedly improved our capabilities to fight cyber intrusions the problem is growing even faster and we are falling further behind.” The(de)creativity of human mind cannot be checked by any law. Thus the only way out is the liberal construction while applying the statutory provisions to cyber crime cases. 13. Hesitation to report offences- As stated above one of the fatal drawbacks of the Act has been the cases going unreported. One obvious reason is the non-cooperative police force. This was proved by the Delhi time theft case. quot;
The police are a powerful force today which can play an instrumental role in preventing cybercrime. At the same time, it can also end up wielding the rod and harassing innocent s, preventing them from going about their normal cyber business.quot;
(10) This attitude of the administration is also revelled by incident that took place at Merrut and Belgam. (for the facts of these incidents refer to naavi.com). For complete realisation of the provisions of this Act a cooperative police force is require. PREVENTION OF CYBER CRIME: Prevention is always better than cure. It is always better to take certain precaution while operating the net. A should make them his part of cyber life. Saileshkumar Zarkar, technical advisor and network security consultant to the Mumbai Police Cyber crime Cell, advocates the 5P mantra for online security: Precaution, Prevention, Protection, Preservation and Perseverance. A netizen should keep in mind the following things- 1.to prevent cyber stalking avoid disclosing any information pertaining to oneself. This is as good as disclosing your identity to strangers in public place. 2.always avoid sending any photograph online particularly to strangers and chat friends as there have been incidents of misuse of the photographs. 3.always use latest and up date anti virus software to guard against virus attacks. 4.always keep back up volumes so that one may not suffer data loss in case of virus contamination 5.never send your credit card number to any site that is not secured, to guard against frauds. 6.always keep a watch on the sites that your children are accessing to prevent any kind of harassment or depravation in children. 7.it is better to use a security programme that gives control over the cookies and send information back to the site as leaving the cookies unguarded might prove fatal. 8.web site owners should watch traffic and check any irregularity on the site. Putting host-based intrusion detection devices on servers may do this. 9.use of firewalls may be beneficial. 10. web servers running public sites must be physically separate protected from internal corporate network. Adjudication of a Cyber Crime - On the directions of the Bombay High Court the Central Government has by a notification dated 25.03.03 has decided that the Secretary to the Information Technology Department in each state by designation would be appointed as the AO for each state. CONCLUSION: Capacity of human mind is unfathomable. It is not possible to eliminate cyber crime from the cyber space. It is quite possible to check them. History is the witness that no legislation has succeeded in totally eliminating crime from the globe. The only possible step is to make people aware of their rights and duties (to report crime as a collective duty towards the society) and further making the application of the laws more stringent to check crime. Undoubtedly the Act is a historical step in the cyber world. Further I all together do not deny that there is a need to bring changes in the Information Technology Act to make it more effective to combat cyber crime. I would conclude with a word of caution for the pro-legislation school that it should be kept in mind that the provisions of the cyber law are not made so stringent that it may retard the growth of the industry and prove to be counter-productive. `Cyber Law of India : Introduction In Simple way we can say that cyber crime is unlawful acts wherein the computer is either a tool or a target or both Cyber crimes can involve criminal activities that are traditional in nature, such as theft, fraud, forgery, defamation and mischief, all of which are subject to the Indian Penal Code. The abuse of computers has also given birth to a gamut of new age crimes that are addressed by the Information Technology Act, 2000. We can categorize Cyber crimes in two waysThe Computer as a Target :-using a computer to attack other computers. e.g. Hacking, Virus/Worm attacks, DOS attack etc. The computer as a weapon :-using a computer to commit real world crimes. e.g. Cyber Terrorism, IPR violations, Credit card frauds, EFT frauds, Pornography etc.Cyber Crime regulated by Cyber Laws or Internet Laws. Technical AspectsTechnological advancements have created new possibilities for criminal activity, in particular the criminal misuse of information technologies such as a. Unauthorized access & Hacking:- Access means gaining entry into, instructing or communicating with the logical, arithmetical, or memory function resources of a computer, computer system or computer network. Unauthorized access would therefore mean any kind of access without the permission of either the rightful owner or the person in charge of a computer, computer system or computer network. Every act committed towards breaking into a computer and/or network is hacking. Hackers write or use ready-made computer programs to attack the target computer. They possess the desire to destruct and they get the kick out of such destruction. Some hackers hack for personal monetary gains, such as to stealing the credit card information, transferring money from various bank accounts to their own account followed by withdrawal of money. By hacking web server taking control on another persons website called as web hijacking b. Trojan Attack:- The program that act like something useful but do the things that are quiet damping. The programs of this kind are called as Trojans. The name Trojan Horse is popular. Trojans come in two parts, a Client part and a Server part. When the victim (unknowingly) runs the server on its machine, the attacker will then use the Client to connect to the Server and start using the trojan. TCP/IP protocol is the usual protocol type used for communications, but some functions of the trojans use the UDP protocol as well. c. Virus and Worm attack:- A program that has capability to infect other programs and make copies of itself and spread into other programs is called virus. Programs that multiply like viruses but spread from computer to computer are called as worms. d. E-mail & IRC related crimes:- 1. Email spoofing Email spoofing refers to email that appears to have been originated from one source when it was actually sent from another source. Please Read 2. Email Spamming Email quot;
spammingquot;
refers to sending email to thousands and thousands of users - similar to a chain letter. 3 Sending malicious codes through email E-mails are used to send viruses, Trojans etc through emails as an attachment or by sending a link of website which on visiting downloads malicious code. 4. Email bombing E-mail quot;
bombingquot;
is characterized by abusers repeatedly sending an identical email message to a particular address. 5. Sending threatening emails 6. Defamatory emails 7. Email frauds 8. IRC related Three main ways to attack IRC are: quot;
verbalâ⦣8218;?Ŧ#8220; attacks, clone attacks, and flood attacks. e. Denial of Service attacks:- Flooding a computer resource with more requests than it can handle. This causes the resource to crash thereby denying access of service to authorized users. Our support will keep you aware of types of Cyber crimes while companies such as www.Lifelock.com can give you the right protection against them. Examples include attempts to quot;
floodquot;
a network, thereby preventing legitimate network traffic attempts to disrupt connections between two machines, thereby preventing access to a service attempts to prevent a particular individual from accessing a service attempts to disrupt service to a specific system or person. Distributed DOS A distributed denial of service (DoS) attack is accomplished by using the Internet to break into computers and using them to attack a network. Hundreds or thousands of computer systems across the Internet can be turned into “zombies” and used to attack another system or website. Types of DOS There are three basic types of attack: a. Consumption of scarce, limited, or non-renewable resources like NW bandwith, RAM, CPU time. Even power, cool air, or water can affect. b. Destruction or Alteration of Configuration Information c. Physical Destruction or Alteration of Network Components e. Pornography:- The literal mining of the term 'Pornography' is “describing or showing sexual acts in order to cause sexual excitement through books, films, etc.” This would include pornographic websites; pornographic material produced using computers and use of internet to download and transmit pornographic videos, pictures, photos, writings etc. Adult entertainment is largest industry on internet.There are more than 420 million individual pornographic webpages today. Research shows that 50% of the web-sites containing potentially illegal contents relating to child abuse were ‘Pay-Per-View’. This indicates that abusive images of children over Internet have been highly commercialized. Pornography delivered over mobile phones is now a burgeoning business, “driven by the increase in sophisticated services that deliver video clips and streaming video, in addition to text and images.” Effects of Pornography Research has shown that pornography and its messages are involved in shaping attitudes and encouraging behavior that can harm individual users and their families. Pornography is often viewed in secret, which creates deception within marriages that can lead to divorce in some cases. In addition, pornography promotes the allure of adultery, prostitution and unreal expectations that can result in dangerous promiscuous behavior. Some of the common, but false messages sent by sexualized culture. Sex with anyone, under any circumstances, any way it is desired, is beneficial and does not have negative consequences. Women have one value - to meet the sexual demands of men. Marriage and children are obstacles to sexual fulfillment. Everyone is involved in promiscuous sexual activity, infidelity and premarital sex. Pornography Addiction Dr. Victor Cline, an expert on Sexual Addiction, found that there is a four-step progression among many who consume pornography. 1.Addiction: Pornography provides a powerful sexual stimulant or aphrodisiac effect, followed by sexual release, most often through masturbation. 2.Escalation: Over time addicts require more explicit and deviant material to meet their sexual quot;
needs.quot;
 3.Desensitization: What was first perceived as gross, shocking and disturbing, in time becomes common and acceptable. 4.Acting out sexually: There is an increasing tendency to act out behaviors viewed in pornography. g. Forgery:- Counterfeit currency notes, postage and revenue stamps, mark sheets etc can be forged using sophisticated computers, printers and scanners. Also impersonate another person is considered forgery. h. IPR Violations:- These include software piracy, copyright infringement, trademarks violations, theft of computer source code, patent violations. etc. Cyber Squatting- Domain names are also trademarks and protected by ICANN’s domain dispute resolution policy and also under trademark laws. Cyber Squatters registers domain name identical to popular service provider’s domain so as to attract their users and get benefit from it. i. Cyber Terrorism:- Targeted attacks on military installations, power plants, air traffic control, banks, trail traffic control, telecommunication networks are the most likely targets. Others like police, medical, fire and rescue systems etc. Cyberterrorism is an attractive option for modern terrorists for several reasons. 1.It is cheaper than traditional terrorist methods. 2.Cyberterrorism is more anonymous than traditional terrorist methods. 3.The variety and number of targets are enormous. 4.Cyberterrorism can be conducted remotely, a feature that isespecially appealing to terrorists. 5.Cyberterrorism has the potential to affect directly a larger number of people. j. Banking/Credit card Related crimes:- In the corporate world, Internet hackers are continually looking for opportunities to compromise a company’s security in order to gain access to confidential banking and financial information. Use of stolen card information or fake credit/debit cards are common. Bank employee can grab money using programs to deduce small amount of money from all customer accounts and adding it to own account also called as salami. k. E-commerce/ Investment Frauds:- Sales and Investment frauds. An offering that uses false or fraudulent claims to solicit investments or loans, or that provides for the purchase, use, or trade of forged or counterfeit securities. Merchandise or services that were purchased or contracted by individuals online are never delivered. The fraud attributable to the misrepresentation of a product advertised for sale through an Internet auction site or the non-delivery of products purchased through an Internet auction site. Investors are enticed to invest in this fraudulent scheme by the promises of abnormally high profits. l. Sale of illegal articles:- This would include trade of narcotics, weapons and wildlife etc., by posting information on websites, auction websites, and bulletin boards or simply by using email communication. Research shows that number of people employed in this criminal area. Daily peoples receiving so many emails with offer of banned or illegal products for sale. m. Online gambling:- There are millions of websites hosted on servers abroad, that offer online gambling. In fact, it is believed that many of these websites are actually fronts for money laundering. n. Defamation: - Defamation can be understood as the intentional infringement of another person's right to his good name. Cyber Defamation occurs when defamation takes place with the help of computers and / or the Internet. E.g. someone publishes defamatory matter about someone on a website or sends e-mails containing defamatory information to all of that person's friends. Information posted to a bulletin board can be accessed by anyone. This means that anyone can place Cyber defamation is also called as Cyber smearing.Cyber Stacking:- Cyber stalking involves following a persons movements across the Internet by posting messages (sometimes threatening) on the bulletin boards frequented by the victim, entering the chat-rooms frequented by the victim, constantly bombarding the victim with emails etc. In general, the harasser intends to cause emotional distress and has no legitimate purpose to his communications. p. Pedophiles:- Also there are persons who intentionally prey upon children. Specially with a teen they will let the teen know that fully understand the feelings towards adult and in particular teen parents. They earns teens trust and gradually seduce them into sexual or indecent acts. Pedophiles lure the children by distributing pornographic material, then they try to meet them for sex or to take their nude photographs including their engagement in sexual positions. q. Identity Theft :- Identity theft is the fastest growing crime in countries like America. Identity theft occurs when someone appropriates another's personal information without their knowledge to commit theft or fraud. Identity theft is a vehicle for perpetrating other types of fraud schemes. r. Data diddling:- Data diddling involves changing data prior or during input into a computer. In other words, information is changed from the way it should be entered by a person typing in the data, a virus that changes data, the programmer of the database or application, or anyone else involved in the process of having information stored in a computer file. It also include automatic changing the financial information for some time before processing and then restoring original information. s. Theft of Internet Hours:- Unauthorized use of Internet hours paid for by another person. By gaining access to an organisation's telephone switchboard (PBX) individuals or criminal organizations can obtain access to dial-in/dial-out circuits and then make their own calls or sell call time to third parties. Additional forms of service theft include capturing 'calling card' details and on-selling calls charged to the calling card account, and counterfeiting or illicit reprogramming of stored value telephone cards. t. Theft of computer system (Hardware):- This type of offence involves the theft of a computer, some part(s) of a computer or a peripheral attached to the computer. u. Physically damaging a computer system:- Physically damaging a computer or its peripheralseither by shock, fire or excess electric supply etc. v. Breach of Privacy and Confidentiality Privacy Privacy refers to the right of an individual/s to determine when, how and to what extent his or her personal data will be shared with others. Breach of privacy means unauthorized use or distribution or disclosure of personal information like medical records, sexual preferences, financial status etc. Confidentiality It means non disclosure of information to unauthorized or unwanted persons. In addition to Personal information some other type of information which useful for business and leakage of such information to other persons may cause damage to business or person, such information should be protected. Generally for protecting secrecy of such information, parties while sharing information forms an agreement about he procedure of handling of information and to not to disclose such information to third parties or use it in such a way that it will be disclosed to third parties. Many times party or their employees leak such valuable information for monitory gains and causes breach of contract of confidentiality. Special techniques such as Social Engineering are commonly used to obtain confidential information. How Cyber Criminals Works Cyber crime has become a profession and the demographic of your typical cyber criminal is changing rapidly, from bedroom-bound geek to the type of organized gangster more traditionally associated with drug-trafficking, extortion and money laundering. It has become possible for people with comparatively low technical skills to steal thousands of pounds a day without leaving their homes. In fact, to make more money than can be made selling heroin (and with far less risk), the only time the criminal need leave his PC is to collect his cash. Sometimes they don't even need to do that. In all industries, efficient business models depend upon horizontal separation of production processes, professional services, sales channels etc. (each requiring specialized skills and resources), as well as a good deal of trade at prices set by the market forces of supply and demand. Cyber crime is no different: it boasts a buoyant international market for skills, tools and finished product. It even has its own currency. The rise of cyber crime is inextricably linked to the ubiquity of credit card transactions and online bank accounts. Get hold of this financial data and not only can you steal silently, but also – through a process of virus-driven automation – with ruthlessly efficient and hypothetically infinite frequency. The question of how to obtain credit card/bank account data can be answered by a selection of methods each involving their own relative combinations of risk, expense and skill. The most straightforward is to buy the ‘finished product’. In this case we’ll use the example of an online bank account. The product takes the form of information necessary to gain authorized control over a bank account with a six-figure balance. The cost to obtain this information is $400 (cyber criminals always deal in dollars). It seems like a small figure, but for the work involved and the risk incurred it’s very easy money for the criminal who can provide it. Also remember that this is an international trade; many cyber-criminals of this ilk are from poor countries in Eastern Europe, South America or South-East Asia. The probable marketplace for this transaction will be a hidden IRC (Internet Relay Chat) chatroom. The $400 fee will most likely be exchanged in some form of virtual currency such as e-gold. Not all cyber-criminals operate at the coalface, and certainly don’t work exclusively of one another; different protagonists in the crime community perform a range of important, specialized functions. These broadly encompass: Coders – comparative veterans of the hacking community. With a few years' experience at the art and a list of established contacts, ‘coders’ produce ready-to-use tools (i.e. Trojans, mailers, custom bots) or services (such as making a binary code undetectable to AV engines) to the cyber crime labour force – the ‘kids’. Coders can make a few hundred dollars for every criminal activity they engage in. Kids – so-called because of their tender age: most are under 18. They buy, trade and resell the elementary building blocks of effective cyber-scams such as spam lists, php mailers, proxies, credit card numbers, hacked hosts, scam pages etc. ‘Kids’ will make less than $100 a month, largely because of the frequency of being ‘ripped off’ by one another. Drops – the individuals who convert the ‘virtual money’ obtained in cyber crime into real cash. Usually located in countries with lax e-crime laws (Bolivia, Indonesia and Malaysia are currently very popular), they represent ‘safe’ addresses for goods purchased with stolen financial details to be sent, or else ‘safe’ legitimate bank accounts for money to be transferred into illegally, and paid out of legitimately. Mobs – professionally operating criminal organizations combining or utilizing all of the functions covered by the above. Organized crime makes particularly good use of safe ‘drops’, as well as recruiting accomplished ‘coders’ onto their payrolls. Gaining control of a bank account is increasingly accomplished through phishing. There are other cyber crime techniques, but space does not allow their full explanation. All of the following phishing tools can be acquired very cheaply: a scam letter and scam page in your chosen language, a fresh spam list, a selection of php mailers to spam-out 100,000 mails for six hours, a hacked website for hosting the scam page for a few days, and finally a stolen but valid credit card with which to register a domain name. With all this taken care of, the total costs for sending out 100,000 phishing emails can be as little as $60. This kind of ‘phishing trip’ will uncover at least 20 bank accounts of varying cash balances, giving a ‘market value’ of $200 – $2,000 in e-gold if the details were simply sold to another cybercriminal. The worst-case scenario is a 300% return on the investment, but it could be ten times that. Better returns can be accomplished by using ‘drops’ to cash the money. The risks are high, though: drops may take as much as 50% of the value of the account as commission, and instances of ‘ripping off’ or ‘grassing up’ to the police are not uncommon. Cautious phishers often separate themselves from the physical cashing of their spoils via a series of ‘drops’ that do not know one another. However, even taking into account the 50% commission, and a 50% ‘rip-off’ rate, if we assume a single stolen balance of $10,000 – $100,000, then the phisher is still looking at a return of between 40 and 400 times the meagre outlay of his/her phishing trip. In large operations, offshore accounts are invariably used to accumulate the criminal spoils. This is more complicated and far more expensive, but ultimately safer. The alarming efficiency of cybercrime can be illustrated starkly by comparing it to the illegal narcotics business. One is faster, less detectable, more profitable (generating a return around 400 times higher than the outlay) and primarily non-violent. The other takes months or years to set-up or realise an investment, is cracked down upon by all almost all governments internationally, fraught with expensive overheads, and extremely dangerous. Add phishing to the other cyber-criminal activities driven by hacking and virus technologies – such as carding, adware/spyware planting, online extortion, industrial spying and mobile phone dialers – and you’ll find a healthy community of cottage industries and international organizations working together productively and trading for impressive profits. Of course these people are threatening businesses and individuals with devastating loss, financial hardship and troubling uncertainty – and must be stopped. On top of viruses, worms, bots and Trojan attacks, organizations in particular are contending with social engineering deception and traffic masquerading as legitimate applications on the network. In a reactive approach to this onslaught, companies have been layering their networks with stand alone firewalls, intrusion prevention devices, anti-virus and anti-spyware solutions in a desperate attempt to plug holes in the armoury. They're beginning to recognize it's a failed strategy. After all, billions of pounds are being spent on security technology, and yet security breaches continue to rise. To fight cyber crime there needs to be a tightening of international digital legislation and of cross-border law enforcement co-ordination. But there also needs to be a more creative and inventive response from the organisations under threat. Piecemeal, reactive security solutions are giving way to strategically deployed multi-threat security systems. Instead of having to install, manage and maintain disparate devices, organizations can consolidate their security capabilities into a commonly managed appliance. These measures combined, in addition to greater user education are the best safeguard against the deviousness and pure innovation of cyber-criminal activities. Cyber Law Cases in India and World MYSPACE CATCHES A MURDERER MySpace has played an important role in helping Oakland police apprehend a 19-year old man accused of shooting a San Leandro High School football player Greg quot;
Doodyquot;
Ballard, Jr. Oakland police had a street name of a suspect and were able to identify Dwayne Stancill, 19 of Oakland from a picture they found on a gang's MySpace page. Police brought the suspect to their headquarters where detectives say he confessed. What was most troubling to investigators was the lack of motive for the killing. OFFICIAL WEBSITE OF MAHARASTRA GOVERNMENT HACKEDMUMBAI, 20 September 2007 — IT experts were trying yesterday to restore the official website of the government of Maharashtra, which was hacked in the early hours of Tuesday. Rakesh Maria, joint commissioner of police, said that the state’s IT officials lodged a formal complaint with the Cyber Crime Branch police on Tuesday. He added that the hackers would be tracked down. Yesterday the website, http://www.maharashtragovernment.in, remained blocked. Deputy Chief Minister and Home Minister R.R. Patil confirmed that the Maharashtra government website had been hacked. He added that the state government would seek the help of IT and the Cyber Crime Branch to investigate the hacking. “We have taken a serious view of this hacking, and if need be the government would even go further and seek the help of private IT experts. Discussions are in progress between the officials of the IT Department and experts,” Patil added. The state government website contains detailed information about government departments, circulars, reports, and several other topics. IT experts working on restoring the website told Arab News that they fear that the hackers may have destroyed all of the website’s contents. According to sources, the hackers may be from Washington. IT experts said that the hackers had identified themselves as “Hackers Cool Al-Jazeera” and claimed they were based in Saudi Arabia. They added that this might be a red herring to throw investigators off their trail. According to a senior official from the state government’s IT department, the official website has been affected by viruses on several occasions in the past, but was never hacked. The official added that the website had no firewall. Three people held guilty in on line credit card scam Customers credit card details were misused through online means for booking air-tickets. These culprits were caught by the city Cyber Crime Investigation Cell in pune. It is found that details misused were belonging to 100 people. Mr. Parvesh Chauhan, ICICI Prudential Life Insurance officer had complained on behalf of one of his customer. In this regard Mr. Sanjeet Mahavir Singh Lukkad, Dharmendra Bhika Kale and Ahmead Sikandar Shaikh were arrested. Lukkad being employeed at a private institution, Kale was his friend. Shaiklh was employed in one of the branches of State Bank of India . According to the information provided by the police, one of the customer received a SMS based alert for purchasing of the ticket even when the credit card was being held by him. Customer was alert and came to know something was fishy; he enquired and came to know about the misuse. He contacted the Bank in this regards. Police observed involvement of many Bank's in this reference. The tickets were book through online means. Police requested for the log details and got the information of the Private Institution. Investigation revealed that the details were obtained from State Bank of India . Shaikh was working in the credit card department; due to this he had access to credit card details of some customers. He gave that information to Kale. Kale in return passed this information to his friend Lukkad. Using the information obtained from Kale Lukkad booked tickets. He used to sell these tickets to customers and get money for the same. He had given few tickets to various other institutions. Cyber Cell head DCP Sunil Pulhari and PI Mohan Mohadikar A.P.I Kate were involved in eight days of investigation and finally caught the culprits. In this regards various Banks have been contacted; also four air-line industries were contacted.DCP Sunil Pulhari has requested customers who have fallen in to this trap to inform police authorities on 2612-4452 or 2612-3346 if they have any problems.How cyber crime operations work – and why they make money Hackers are no longer motivated by notoriety – it's now all about the money. Guillaume Lovet, Threat Response Team Leader at security firm Fortinet, identifies the players, their roles and the returns they enjoy on their investments.Cybercrime which is regulated by Internet Law (Cyber Law) or IT Act has become a profession and the demographic of your typical cybercriminal is changing rapidly, from bedroom-bound geek to the type of organised gangster more traditionally associated with drug-trafficking, extortion and money laundering.It has become possible for people with comparatively low technical skills to steal thousands of pounds a day without leaving their homes. In fact, to make more money than can be made selling heroin (and with far less risk), the only time the criminal need leave his PC is to collect his cash. Sometimes they don't even need to do that.In all industries, efficient business models depend upon horizontal separation of production processes, professional services, sales channels etc. (each requiring specialised skills and resources), as well as a good deal of trade at prices set by the market forces of supply and demand. Cybercrime is no different: it boasts a buoyant international market for skills, tools and finished product. It even has its own currency.The rise of cybercrime is inextricably linked to the ubiquity of credit card transactions and online bank accounts. Get hold of this financial data and not only can you steal silently, but also – through a process of virus-driven automation – with ruthlessly efficient and hypothetically infinite frequency.The question of how to obtain credit card/bank account data can be answered by a selection of methods each involving their own relative combinations of risk, expense and skill.The most straightforward is to buy the ‘finished product’. In this case we’ll use the example of an online bank account. The product takes the form of information necessary to gain authorised control over a bank account with a six-figure balance. The cost to obtain this information is $400 (cybercriminals always deal in dollars). It seems like a small figure, but for the work involved and the risk incurred it’s very easy money for the criminal who can provide it. Also remember that this is an international trade; many cyber-criminals of this ilk are from poor countries in Eastern Europe, South America or South-East Asia.The probable marketplace for this transaction will be a hidden IRC (Internet Relay Chat) chatroom. The $400 fee will most likely be exchanged in some form of virtual currency such as e-gold.Not all cyber-criminals operate at the coalface, and certainly don’t work exclusively of one another; different protagonists in the crime community perform a range of important, specialised functions. These broadly encompass:Coders – comparative veterans of the hacking community. With a few years' experience at the art and a list of established contacts, ‘coders’ produce ready-to-use tools (i.e. Trojans, mailers, custom bots) or services (such as making a binary code undetectable to AV engines) to the cybercrime labour force – the ‘kids’. Coders can make a few hundred dollars for every criminal activity they engage in.Kids – so-called because of their tender age: most are under 18. They buy, trade and resell the elementary building blocks of effective cyber-scams such as spam lists, php mailers, proxies, credit card numbers, hacked hosts, scam pages etc. ‘Kids’ will make less than $100 a month, largely because of the frequency of being ‘ripped off’ by one another.Drops – the individuals who convert the ‘virtual money’ obtained in cybercrime into real cash. Usually located in countries with lax e-crime laws (Bolivia, Indonesia and Malaysia are currently very popular), they represent ‘safe’ addresses for goods purchased with stolen financial details to be sent, or else ‘safe’ legitimate bank accounts for money to be transferred into illegally, and paid out of legitimately. Mobs – professionally operating criminal organisations combining or utilising all of the functions covered by the above. Organised crime makes particularly good use of safe ‘drops’, as well as recruiting accomplished ‘coders’ onto their payrolls.Gaining control of a bank account is increasingly accomplished through phishing. There are other cybercrime techniques, but space does not allow their full explanation.All of the following phishing tools can be acquired very cheaply: a scam letter and scam page in your chosen language, a fresh spam list, a selection of php mailers to spam-out 100,000 mails for six hours, a hacked website for hosting the scam page for a few days, and finally a stolen but valid credit card with which to register a domain name. With all this taken care of, the total costs for sending out 100,000 phishing emails can be as little as $60. This kind of ‘phishing trip’ will uncover at least 20 bank accounts of varying cash balances, giving a ‘market value’ of $200 – $2,000 in e-gold if the details were simply sold to another cybercriminal. The worst-case scenario is a 300% return on the investment, but it could be ten times that.Better returns can be accomplished by using ‘drops’ to cash the money. The risks are high, though: drops may take as much as 50% of the value of the account as commission, and instances of ‘ripping off’ or ‘grassing up’ to the police are not uncommon. Cautious phishers often separate themselves from the physical cashing of their spoils via a series of ‘drops’ that do not know one another. However, even taking into account the 50% commission, and a 50% ‘rip-off’ rate, if we assume a single stolen balance of $10,000 – $100,000, then the phisher is still looking at a return of between 40 and 400 times the meagre outlay of his/her phishing trip.In large operations, offshore accounts are invariably used to accumulate the criminal spoils. This is more complicated and far more expensive, but ultimately safer.The alarming efficiency of cybercrime can be illustrated starkly by comparing it to the illegal narcotics business. One is faster, less detectable, more profitable (generating a return around 400 times higher than the outlay) and primarily non-violent. The other takes months or years to set-up or realise an investment, is cracked down upon by all almost all governments internationally, fraught with expensive overheads, and extremely dangerous.Add phishing to the other cyber-criminal activities driven by hacking and virus technologies – such as carding, adware/spyware planting, online extortion, industrial spying and mobile phone dialers – and you’ll find a healthy community of cottage industries and international organisations working together productively and trading for impressive profits. Of course these people are threatening businesses and individuals with devastating loss, financial hardship and troubling uncertainty – and must be stopped.On top of viruses, worms, bots and Trojan attacks, organisations in particular are contending with social engineering deception and traffic masquerading as legitimate applications on the network. In a reactive approach to this onslaught, companies have been layering their networks with stand alone firewalls, intrusion prevention devices, anti-virus and anti-spyware solutions in a desperate attempt to plug holes in the armoury. They're beginning to recognise it's a failed strategy. After all, billions of pounds are being spent on security technology, and yet security breaches continue to rise.To fight cybercrime there needs to be a tightening of international digital legislation and of cross-border law enforcement co-ordination. But there also needs to be a more creative and inventive response from the organisations under threat. Piecemeal, reactive security solutions are giving way to strategically deployed multi-threat security systems. Instead of having to install, manage and maintain disparate devices, organisations can consolidate their security capabilities into a commonly managed appliance. These measures combined, in addition to greater user education are the best safeguard against the deviousness and pure innovation of cyber-criminal activities. ACCUSESD IN RS 400 MILLION SMS SCAM ARRESTED IN MUMBAIMUMBAI: The alleged mastermind behind a Rs 400 million SMS fraud that duped at least 50,000 people has been arrested along with an associate more than two months after the scam was unearthed.Jayanand Nadar, 30, and Ramesh Gala, 26, were arrested late on Monday from a hotel in Mira Road in the western suburbs. Nadar, a first year college dropout, along with his brother Jayaraj had allegedly duped at least 50,000 people of Rs.400 million, said officials in the city police's Economic Offences Wing (EOW).The two brothers along with Gala allegedly took help of SMS technology and launched the first-of-its- kind SMS fraud in India.According to EOW sources, in August 2006 the duo launched an aggressive and catchy advertisement campaign in the print media that read: quot;
Nothing is impossible. The word itself is: I M Possible.quot;
As part of the attractive scheme, the Nadar brothers messaged random numbers, asking people interested in 'earning Rs.10,000 per month' to contact them.quot;
The modus operandi adopted by the brothers was alluring,quot;
an EOW official said Tuesday.quot;
Interested 'subscribers' were asked to deposit Rs.500 each. The conmen duo claimed to be working with a US-based company named Aropis Advertising Company, which wanted to market its client's products through SMS',quot;
senior inspector A Thakur said. quot;
The brothers even put up a website (www.getpaid4sms. com) to promote their scheme. Subscribers who registered with them received about 10 SMS' every day about various products and were promised handsome commissions if they managed to rope in more subscribers by forwarding the messages,quot;
Thakur said.In return, the Nadars promised to pay Rs.10,000 over 16 months to the investors. The amount was to be paid in instalments of Rs.1,000 every few months.The brothers are said to have told the subscribers that their American clients wanted to conduct a study about local response to their advertisement and were using SMS as it was the latest medium of communication.The duo invited people to become agents and get more members for the scheme. Gala reportedly looked after the accounts.Initially, the brothers paid up small amounts. But when cheques and pay orders of larger sums issued by the duo were not honoured, the agents got worried. The SMSes too suddenly stopped.On November 30, one of the duped agents approached the DN Road police station and lodged a complaint after a bank failed to honour a pay order amounting Rs.2.17 million issued by the Nadar brothers.Then suddenly, the Nadars and Gala disappeared, leaving their agents and investors in the lurch.By December, the police were flooded with similar complaints. The DN Road police station registered a case against the brothers and Gala and later transferred it to the EOW.quot;
By December 2006 the scheme had an over 50,000 membership in Mumbai alone. And we suspect that hundreds of thousands from across the country were also hooked to the scheme, thanks to a massive agent network and a door-to-door campaign carried out by the firm's now duped agents,quot;
Thakur said.quot;
We suspect that the fraud amount may be over Rs.1 billion. With the extent of the scam spread across the country, we are still trying to get the details.quot;
During investigations, the EOW came to know that the Nadars, residents of the upmarket Juhu-Tara Road, owned a fleet of imported sport utility vehicles and sedans.quot;
The brothers led an extravagant life. They would stay in top five star hotels, throw massive parties for investors and were also known faces in the city's Page-3 circuit,quot;
Thakur revealed.quot;
We are now looking for Jayaraj, who has eluded arrest. Gala, who is believed to have looked after the accounts, and Jayanand have been remanded to police custody till March 5.quot;
CITY PRINCIPAL SEEKS POLICE HELP TO STOP CYBER CRIMEPrincipals across the city seem to be taking a cue from principal of Bombay Scottish School, Mahim. After students began posting insults against him on Orkut, instead of punishing them he decided to call in cyber cell cops to talk to students. Now, other school principals have decided to bring in the cyber cell police to speak at their schools. They feel students and parents need to be educated against the legal and moral consequences of cyber crime. Admitting to the existence of some mischievous students who misuse the internet and also stray into restricted sites due to lack of supervision, principals feel the cyber cell can play a huge role in educating students and warning them. Principal Rekha Vijaykar, GHK School, Santacruz, said that with more and more exposure to the internet, students had started misusing the freedom and hence needed to be monitored. quot;
Monitoring and educating students against the pitfalls of visiting restricted sites is the responsibility of parents. However, the school too has to play an active role,quot;
she said. Principal Alka Lokre of J M Bajaj School, Nagothane concurred. quot;
Students need to be oriented with soul searching and conscience questioning which will help restrain them from misusing modern amenities,quot;
she said. As a solution, Principal Fr Dr Francis Swamy of Holy Family School, Andheri, said that apart from educating students, parents and teachers also needed to be roped in for the success of any initiative against internet abuse. quot;
Without the support of parents, no awareness programme can succeed. Parents need to be sensitised to the problem on hand and should be active in stopping their children from maligning anyone,quot;
he said. Principal Paul Machado of Campion School went a step further, highlighting the longterm effect of such uncontrolled freedom to students. quot;
Parents must understand that today their children are misusing the internet to abuse others. Tomorrow, they may become victims of it too. Hence, parents need to be taken into confidence too to stem this rot.quot;
Apart from the above, all principals lauded the move by Dr D P N Prasad, Bombay Scottish principal, to invite the cyber cell to speak on cyber crime and said that they would also be inviting the cell officials to speak on the subject in their schools. UTI BANK HOOKED UP IN A PISHING ATTACKFraudsters of cyberspace have reared its ugly head, the first of its kind this year, by launching a phishing attack on the website of Ahmedabad-based UTI Bank, a leading private bank promoted by India' s largest financial institution, Unit Trust of India (UTI). A URL on Geocities that is almost a facsimile version of the UTI Bank's home page is reported to be circulating amongst email users. The web page not only asks for the account holder's information such as user and transaction login and passwords, it has also beguilingly put up disclaimer and security hazard statements. quot;
In case you have received any e-mail from an address appearing to be sent by UTIBANK, advising you of any changes made in your personal information, account details or information on your user id and password of your net banking facility, please do not respond. It is UTI Bank's policy not to seek or send such information through email. If you have already disclosed your password please change it immediately, quot;
the warning says. The tricky link is available on http://br.geocities If any unsuspecting account holder enters his login id, password, transaction id and password in order to change his details as 'advised' by the bank, the same info is sent vide mailform.cz (the phisher's database). After investigation, we found that Mailform is a service of PC Svet, which is a part of the Czech company PES Consulting. The Webmaster of the site is a person named Petr Stastny whose e-mail can be found on the web page. Top officials at UTI Bank said that they have reported the case to the Economic Office Wing, Delhi Police. The bank has also engaged the services of Melbourne-based FraudWatch International, a leading anti-phishing company that offers phishing monitoring and take-down solutions. quot;
We are now in the process of closing the site. Some of these initiatives take time, but customers have been kept in the loop about these initiatives, quot;
said V K Ramani, President - IT, UTI Bank. As per the findings of UTI Bank's security department, the phishers have sent more that 1,00,000 emails to account holders of UTI Bank as well as other banks. Though the company has kicked off damage control initiatives, none of the initiatives are cent percent foolproof. quot;
Now there is no way for banks to know if the person logging-in with accurate user information is a fraud,quot;
said Ramani. However, reliable sources within the bank and security agencies confirmed that the losses due to this particular attack were zilch. The bank has sent alerts to all its customers informing about such malicious websites, besides beefing up their alert and fraud response system. quot;
Engaging professional companies like FraudWatch help in reducing time to respond to attacks,quot;
said Sanjay Haswar, Assistant Vice President, Network and Security, UTI Bank. ONLINE CREDIT CARD FRAUD ON E-BAYBhubaneswar: Rourkela police busted a racket involving an online fraud worth Rs 12.5 lakh. The modus operandi of the accused was to hack into the eBay India website and make purchases in the names of credit cardholders.Two persons, including alleged mastermind Debasis Pandit, a BCA student, were arrested and forwarded to the court of the subdivisional judicial magistrate, Rourkela. The other arrested person is Rabi Narayan Sahu.Superintendent of police D.S. Kutty said the duo was later remanded in judicial custody but four other persons allegedly involved in the racket were untraceable. A case has been registered against the accused under Sections 420 and 34 of the Indian Penal Code and Section 66 of the IT Act and further investigation is on, he said.While Pandit, son of a retired employee of Rourkela Steel Plant, was arrested from his Sector VII residence last night, Sahu, his associate and a constable, was nabbed at his house in Uditnagar.Pandit allegedly hacked into the eBay India site and gathered the details of around 700 credit cardholders. He then made purchases by using their passwords.The fraud came to the notice of eBay officials when it was detected that several purchases were made from Rourkela while the customers were based in cities such as Bangalore, Baroda and Jaipur and even London, said V. Naini, deputy manager of eBay.The company brought the matter to the notice of Rourkela police after some customers lodged complaints.Pandit used the address of Sahu for delivery of the purchased goods, said police. The gang was involved in train, flight and hotel reservations. The hand of one Satya Samal, recently arrested in Bangalore, is suspected in the crime. Samal had booked a room in a Bangalore hotel for three months. The hotel and transport bills rose to Rs 5 lakh, which he did not pay. Samal was arrested for non-payment of bills, following which Pandit rushed to Bangalore and stood guarantor for his release on bail, police sources said. INDIAN WEBSITES ARE NEW TARGET OF HACKERS Some computer experts managed to break into the high security computer network of Bhabha Atomic Research Center but were luckily detected. ''GForce,'' a group of anonymous hackers whose members write slogans critical of India and its claim over Kashmir, have owned up to several instances of hacking of Indian sites run by the Indian government, private companies or scientific organizations. The NAASCOM chief said Indian companies on an average spent only 0.8 percent of their technology budgets on security, against a global average of 5.5 percent.A number of cases of hacking of Indian internet sites have been traced to Pakistan but it would be difficult to nail them, CBI Director, R K Ragavan said. As the hackers who broke into computer systems in India were not conniving with the Pakistani law enforcers, ''One wonders what kind of cooperation we will get'' Mr. Ragavan said at a seminar on Internet security. Hackers using knowledge of software to break in and steal information from computer systems broke into at least 635 Indian internet sites last year. Mr. Raghavan said the rise of literacy in India could bring down conventional crimes but the vulnerability of computers and the Internet could make crimes over the medium more rampant. ''We at the CBI are convinced that cyber crime is the crime of the future,'' he said. ''It is now much more easily committed and less easily identified.''President of India's National Association of Software and Service Companies (NASSCOM), Dewang Mehta said the lack of uniform laws against cyber crimes involving abuse of computer systems made prosecution of cross-border hackers difficult. ''Hacking is not a universal offence, and there is a problem,'' Mr. Mehta said. Last year, India passed a landmark digital law that makes hacking, spreading of viruses and illegal financial transactions over the Internet punishable. It became the 12th member in a small club of nations with digital laws. It was reported that Pakistan was making use of the computer system to promote terrorism in India.These are just some of the instances which were cited by Bhure Lal, secretary in the Central Vigilance Commission, to make a strong case for implementation of cyber laws. He was addressing the national seminar on Computer-related Crimes organized by the Central Bureau of Investigation (CBI) in the Capital today. Underlining the need for a comprehensive cyber law, he added that computer abuse can also be resorted to for cyber-terrorism.In order to evolve effective safeguards against the menace of computer crimes, other experts various investigative agencies, including the Federal Bureau of Investigation (FBI) and Interpol, today sought specific and comprehensive cyber laws to cover all acts of computer criminals and proactive mechanisms for tackling such offences.``It is not only difficult to detect computer crimes but also to book criminals since the laws have not kept pace with technology,'' Reserve Bank of India Deputy Governor S.P. Talwar said.Stressing the need for effective security features while undertaking computerization, he said ``It is often difficult to attribute guilt using the existing statutes since the act of trespassing into a system and tampering with virtual data may not necessarily be specifically provided for in law.''In his address, CBI Director R.K. Raghavan said the government is aware of the need for legislation in this new area of information technology and accordingly, the Department of Electronics (DoE) in consultation with other expert agencies has already drafted laws relating to this area. Realizing the threat from computer crimes, the CBI has taken a ``proactive'' lead in preparing itself to face the challenge by setting up a special Cyber Crime Unit, he said.The RBI was also associated with the efforts of the ministries of Finance, Commerce and Law in the enactment of laws such as the Information Technology Act and the Cyber Law, Talwar said.At the same time, he added that unless development of security features were also atteneded to at the same level of efficiency and equal speed, banks would be left with ``beautiful software systems for public glare and access, but totally unguarded and gullible against waiting information poachers''.Offensive SMS can lead to 2 years in jail With mobile phones virtually taking over the role of a personal computer, the proposed amendments to the Information Technology Act, 2006, have made it clear that transmission of any text, audio or video that is offensive or has a menacing character can land a cellphone user in jail for two years. The punishment will also be attracted if the content is false and has been transmitted for the purpose of causing annoyance, inconvenience, danger or insult. And if the cellphone is used to cheat someone through personation, the miscreant can be punished with an imprisonment for five years. The need to define communication device under the proposed amendments became imperative as the current law is quiet on what kind of devices can be included under this category. The amended IT Act has clarified that a cellphone or a personal digital assistance can be termed as a communication device and action can be initiated accordingly. Accentuated by various scandals that hit the country during the past two years, including the arrest of the CEO of a well-known portal, the government has also introduced new cyber crimes under the proposed law. The amended Act, which was placed before the Lok Sabha during the recently concluded winter session, has excluded the liability of a network service provider with regard to a third party’s action. However, it has made cyber stalking, cyber defamation and cyber nuisance an offence. Anybody found indulging in all these offences can be imprisoned for two years. The proposed changes have also sought amendments in the form of insertions in the Indian Penal Code, thereby declaring identity theft an offence. If a person cheats by using electronic signature, password or any other unique identification feature of any other person, he shall be punished with imprisonment for two years and also liable to fine. Asking for an insertion in the Indian Penal Code as Section 502A of the law, the proposed amendments have said that whoever intentionally or knowingly captures, publishes or transmits the image of a private area of any person without his or her consent, shall be punished with two years of imprisonment and fine of Rs 2 lakh. The private parts can be either naked or undergarment clad public areas. Making the law more technologically neutral, the amended provisions have included authentication of electronic record by any electronic technique. At the moment, electronic records can be authenticated by just digital signatures, the public key infrastructure technology (PKI). With the new provisions, however, biometric factors like thumb impression or retina of an eye shall be included as techniques for authentication. Even as the law makers have tried to cover up for the lapses of the current IT Act, they seem to have made it liberal by way of reducing the punishment from three years to two years. With these changes, a cyber criminal will now be entitled to bail as a matter of right, as and when he gets arrested. Advantages of Cyber Laws The IT Act 2000 attempts to change outdated laws and provides ways to deal with cyber crimes. We need such laws so that people can perform purchase transactions over the Net through credit cards without fear of misuse. The Act offers the much-needed legal framework so that information is not denied legal effect, validity or enforceability, solely on the ground that it is in the form of electronic records. In view of the growth in transactions and communications carried out through electronic records, the Act seeks to empower government departments to accept filing, creating and retention of official documents in the digital format. The Act has also proposed a legal framework for the authentication and origin of electronic records / communications through digital signature. * From the perspective of e-commerce in India, the IT Act 2000 and its provisions contain many positive aspects. Firstly, the implications of these provisions for the e-businesses would be that email would now be a valid and legal form of communication in our country that can be duly produced and approved in a court of law.* Companies shall now be able to carry out electronic commerce using the legal infrastructure provided by the Act.* Digital signatures have been given legal validity and sanction in the Act.* The Act throws open the doors for the entry of corporate companies in the business of being Certifying Authorities for issuing Digital Signatures Certificates.* The Act now allows Government to issue notification on the web thus heralding e-governance.* The Act enables the companies to file any form, application or any other document with any office, authority, body or agency owned or controlled by the appropriate Government in electronic form by means of such electronic form as may be prescribed by the appropriate Government.* The IT Act also addresses the important issues of security, which are so critical to the success of electronic transactions. The Act has given a legal definition to the concept of secure digital signatures that would be required to have been passed through a system of a security procedure, as stipulated by the Government at a later date.* Under the IT Act, 2000, it shall now be possible for corporates to have a statutory remedy in case if anyone breaks into their computer systems or network and causes damages or copies data. The remedy provided by the Act is in the form of monetary damages, not exceeding Rs. 1 crore. Cyber Law in INDIA Why Cyberlaw in India ? When Internet was developed, the founding fathers of Internet hardly had any inclination that Internet could transform itself into an all pervading revolution which could be misused for criminal activities and which required regulation. Today, there are many disturbing things happening in cyberspace. Due to the anonymous nature of the Internet, it is possible to engage into a variety of criminal activities with impunity and people with intelligence, have been grossly misusing this aspect of the Internet to perpetuate criminal activities in cyberspace. Hence the need for Cyberlaws in India.What is the importance of Cyberlaw ? Cyberlaw is important because it touches almost all aspects of transactions and activities on and concerning the Internet, the World Wide Web and Cyberspace. Initially it may seem that Cyberlaws is a very technical field and that it does not have any bearing to most activities in Cyberspace. But the actual truth is that nothing could be further than the truth. Whether we realize it or not, every action and every reaction in Cyberspace has some legal and Cyber legal perspectives.Does Cyberlaw concern me ? Yes, Cyberlaw does concern you. As the nature of Internet is changing and this new medium is being seen as the ultimate medium ever evolved in human history, every activity of yours in Cyberspace can and will have a Cyberlegal perspective. From the time you register your Domain Name, to the time you set up your web site, to the time you promote your website, to the time when you send and receive emails , to the time you conduct electronic commerce transactions on the said site, at every point of time, there are various Cyberlaw issues involved. You may not be bothered about these issues today because you may feel that they are very distant from you and that they do not have an impact on your Cyber activities. But sooner or later, you will have to tighten your belts and take note of Cyberlaw for your own benefit.Cyberlaw Awareness program Are your electronic transactions legally binding and authentic? Are you verifying your customers' identities to prevent identity theft? Does your online terms and conditions have binding effect? Are you providing appropriate information and clear steps for forming and concluding your online transactions? How are you ensuring data protection and information security on your web site? Are you recognising the rights of your data subjects? Transacting on the Internet has wide legal implications as it alters the conventional methods of doing business. To build enduring relationships with your online customers the legal issues of e-transactions need to be addressed from the onset. This Awareness program will coverthe basics of Internet Security basic information on Indian Cyber Law Impact of technology aided crime Indian IT Act on covering the legal aspects of all Online Activities Types of Internet policies required for an Organization. Minium hardware and software, security measures required in an organization to protect data 2 Sides of INDIAN Cyber Law or IT Act of INDIA Cyber laws are meant to set the definite pattern, some rules and guidelines that defined certain business activities going on through internet legal and certain illegal and hence punishable . The IT Act 2000, the cyber law of India , gives the legal framework so that information is not denied legal effect, validity or enforceability, solely on the ground that it is in the form of electronic records. One cannot regard government as complete failure in shielding numerous e-commerce activities on the firm basis of which this industry has got to its skies, but then the law cannot be regarded as free from ambiguities. MMS porn case in which the CEO of bazee.com(an Ebay Company) was arrested for allegedly selling the MMS clips involving school children on its website is the most apt example in this reference. Other cases where the law becomes hazy in its stand includes the case where the newspaper Mid-Daily published the pictures of the Indian actor kissing her boyfriend at the Bombay nightspot and the arrest of Krishan Kumar for illegally using the internet account of Col. (Retd.) J.S. Bajwa. The IT Act 2000 attempts to change outdated laws and provides ways to deal with cyber crimes. Let’s have an overview of the law where it takes a firm stand and has got successful in the reason for which it was framed. 1. The E-commerce industry carries out its business via transactions and communications done through electronic records . It thus becomes essential that such transactions be made legal . Keeping this point in the consideration, the IT Act 2000 empowers the government departments to accept filing, creating and retention of official documents in the digital format. The Act also puts forward the proposal for setting up the legal framework essential for the authentication and origin of electronic records / communications through digital signature. 2. The Act legalizes the e-mail and gives it the status of being valid form of carrying out communication in India . This implies that e-mails can be duly produced and approved in a court of law , thus can be a regarded as substantial document to carry out legal proceedings. 3. The act also talks about digital signatures and digital records . These have been also awarded the status of being legal and valid means that can form strong basis for launching litigation in a court of law. It invites the corporate companies in the business of being Certifying Authorities for issuing secure Digital Signatures Certificates. 4. The Act now allows Government to issue notification on the web thus heralding e-governance. 5. It eases the task of companies of the filing any form, application or document by laying down the guidelines to be submitted at any appropriate office, authority, body or agency owned or controlled by the government. This will help in saving costs, time and manpower for the corporates. 6. The act also provides statutory remedy to the coporates in case the crime against the accused for breaking into their computer systems or network and damaging and copying the data is proven. The remedy provided by the Act is in the form of monetary damages, not exceeding Rs. 1 crore($200,000). 7. Also the law sets up the Territorial Jurisdiction of the Adjudicating Officers for cyber crimes and the Cyber Regulations Appellate Tribunal. 8. The law has also laid guidelines for providing Internet Services on a license on a non-exclusive basis. The IT Law 2000, though appears to be self sufficient, it takes mixed stand when it comes to many practical situations. It looses its certainty at many places like: 1. The law misses out completely the issue of Intellectual Property Rights, and makes no provisions whatsoever for copyrighting, trade marking or patenting of electronic information and data. The law even doesn’t talk of the rights and liabilities of domain name holders , the first step of entering into the e-commerce.2. The law even stays silent over the regulation of electronic payments gateway and segregates the negotiable instruments from the applicability of the IT Act , which may have major effect on the growth of e-commer

CYBER CRIME INTRODUCTION

Recomendados

Recomendados

Más contenido relacionado

La actualidad más candente

La actualidad más candente (20)

Destacado

Destacado (20)

Similar a CYBER CRIME INTRODUCTION

Similar a CYBER CRIME INTRODUCTION (20)

Último

Último (20)

CYBER CRIME INTRODUCTION