Crime => Illegal activities
Cyber => Characteristic of the culture of computers…
Computer crime, or cybercrime, refers to any crime that involves a computer and a network
It is a criminal activity committed on the Internet .
Cyber Crime
Cyber Crime
● It is also include traditional crimes in which computers or networks are used to enable the illicit activity.
● As the computer has become central to commerce, entertainment, and government.
● Cyber crime has grown in importance.
Cyber Crime
● Examples:
– E-mail account of a Federal Minister is hacked.– Credit cards frauds reach to an alarming level. – Visiting CEOs of Multinational Companies gets
threatening E-mails. – Financial institutions are the favourite targets of
Cyber criminals --- worstly effecting the technologicalprogress in the area of e –Commerce.
Such conducts includes: ● Illegal access● Illegal Transactions ● System interference● Data interference● Misuse of devices● Fraud
Cyber crime offenses against the information technology infrastructure.
Cyber Crime <=> Cyber Space <=> Net Crime
Cyber Crime
The first spam email took place in 1978 when it was sent out over the Arpanet.
The first virus was installed on an Apple computer in 1982 16-year-old student, nicknamed “Data Stream”, arrested by UK
police(1994)
History
Denial of Service (DoS) attacks by ‘Mafia Boy’ on eBay, Yahoo! and other popular sites (2000)
FBI's e-mail system is hacked (Feb,2005) Travelling documents of NATO forces were hacked in
Afghanistan.
History
Denial of Service (DoS) attacks by ‘Mafia Boy’ on eBay, Yahoo! and other popular sites (2000)
FBI's e-mail system is hacked (Feb,2005) Travelling documents of NATO forces were hacked in
Afghanistan.
History
The Invisible Criminals Are Dangerous Than The Visible One…
Who is Cyber Criminal
Those who are doing crimes by using the computer as an target or object.
i. Children and adolescents b/w 6-18
ii. Dissatisfied employees
iii. Professional hackers
iv. Crackers
Hacking Email bombing Data diddling Cyber Stalking Cyber Spoofing Denial of Service attack Malware attacks Web jacking …
Types of Cyber Crime
Hacking
● Gain unauthorized access to data in a system or computer.
● Hacking is the practice of modifying the features of a system, in order to accomplish a goal outside of the creator's original purpose. The person who is consistently engaging in hacking activities, and has accepted hacking as a lifestyle and philosophy of their choice, is called a hacker.
Email bombing
● In Internet usage, an email bomb is a form of net abuse consisting of sending huge volumes of email to an address in an attempt to overflow the mailbox.
Denial of Service attack
● In computing, a denial-of-service (DoS) or distributed denial-of-service (DDoS) attack is an attempt to make a machine or network resource unavailable to its intended users
Data Diddling
Data diddling is the changing of data before or during entry into the computer system. Examples include forging or counterfeiting documents used for data entry and exchanging valid disks and tapes with modified replacements.
Cyberstalking
● Cyberstalking is the use of the Internet or other electronic means to stalk or harass an individual, a group, or an organization.
Spoofing attack
● In the context of network security, a spoofing attack is a situation in which one person or program successfully masquerades as another by falsifying data and thereby gaining an illegitimate advantage.
Malware
● Malware, short for malicious software, is any software used to disrupt computer operation, gather sensitive information, or gain access to private computer systems. It can appear in the form of code, scripts, active content, and other software. 'Malware' is a general term used to refer to a variety of forms of hostile or intrusive software.
Web jacking
● In this attack a fake website is created and when the victim opens the link a page will appear saying that the website has been moved and they need to click another link.
Cyber Crime Rises Rapidly in Pakistan
The cyber crimes of multiple kinds in Pakistan have increased by five times over the past four years
According to CCU a branch of FIA
a. 62 cases were reported to the unit in 2007,b. 287 cases in 2008 c. Ratio dropped in 2009d. In 2010 more than 312 cases were registered in different
categories of cyber crimes.
Cyber Crime in Pakistan
Use anti-virus software and firewalls - keep them up to date Keep your operating system up to date Don't open emails or attachments from unknown sources Use hard-to-guess passwords. Don't share access to your computers with strangers Back-up your computer data on disks or CDs often If you have a Wi-Fi network, password protect it Disconnect from the Internet when not in use Reevaluate your security on a regular basis Never send your credit card number to any site that is not secured. Avoid sending any photograph online particularly to strangers.
Protect your Computers
Conclusion User awareness is key to a secure computer/network
Do not open suspicious files/emails Verify ActiveX/Java prompts Avoid using P2P programs Avoid downloading freeware If attacked, disconnect the network. Do not turn off the computer
So we must pay attention to all those issues and protect the World from Cyber Crime
“If you spend more on coffee than on IT security, you will be hacked. What’s more, you deserve to be hacked. — White House Cybersecurity Advisor”, Richard Clarke
Cyber Laws
● The legal issues related to use of communications technology, particularly "cyberspace", i.e. the Internet.
● It is an intersection of many legal fields, like:– Intellectual property, – Privacy
● Cyber laws is an attempt to apply laws designed for the physical world to human activity on the Internet
Cyber Laws in the World
● Electronic Commerce Act (Ireland)● Electronic Transactions Act (UK, USA,
Australia, New Zealand, Singapore)● Electronic Transactions Ordinance (Hong
Kong)● Information Technology Act (India)● Information Communication Technology Act
Draft (Bangladesh)
Electronic Transaction Ordinance 2002
● Overview– The Electronic Transactions Ordinance (ETO), 2002, was
the first IT-relevant legislation created by national lawmakers.
– A first step and a solid foundation for legal sanctity and protection for Pakistani e-Commerce locally and globally.
– Laid the foundation for comprehensive Legal Infrastructure.
– It is heavily taken from foreign law related to cyber crime.
Pre-ETO 2002
● No recognition of electronic documentation● No recognition of electronic records● No recognition of evidential basis of
documents/records● Failure to authenticate or identify digital or
electronic signatures or forms of authentication● No online transaction could be legally binding● Electronic Data & Forensic Evidence not covered.
No Rules
ETO 2002
● Sections– There are 43 sections in this ordinance– It deals with following 8 main areas relating to e-
Commerce.● Recognition of Electronic Documents● Electronic Communications● Digital Signature regime and its evidential consequences● Web Site & Digital Signatures Certification Providers● Stamp Duty● Attestation, notarization, certified copies● Jurisdiction● Offences
ETO 2002
● Important Sections are:– 36. Violation of privacy information
● gains or attempts to gain access● to any information system with or without intent● to acquire the information● Gain Knowledge● Imprisonment 7 years● Fine Rs. 1 million
ETO 2002
– 37. Damage to information system, etc.● alter, modify, delete, remove, generate, transmit or
store information● to impair the operation of,● or prevent or hinder access to, information● knowingly not authorised● Imprisonment 7 years● Fine Rs. 1 million
ETO 2002
– 38. Offences to be non-bailable, compoundable and cognizable
● All offences under this Ordinance shall be non-bailable, compoundable and cognizable.
– 39. Prosecution and trial of offences.● No Court inferior to the Court of Sessions shall try any
offence under this Ordinance.
Post ETO 2002
● Electronic Documentation & Records recognized
● Electronic & Digital forms of authentication & identification given legal sanctity
● Messages through email, fax, mobile phones, Plastic Cards, Online recognized.
Electronic/Cyber Crime Bill 2007
Overview
● “Prevention of Electronic Crimes Ordinance, 2007″ is in force now
● It was promulgated by the President of Pakistan on the 31st December 2007
● The bill deals with the electronic crimes included:– Cyber terrorism– Data damage– Electronic fraud– Electronic forgery– Unauthorized access to code– Cyber stalking– Cyber Spamming/spoofing
Electronic/Cyber Crime Bill 2007
● It offers penalties ranging from six months imprisonment to capital punishment for 17 types of cyber crimes
● It will apply to every person who commits an offence, irrespective of his nationality or citizenship.
● It gives exclusive powers to the Federal Investigation Agency (FIA) to investigate and charge cases against such crimes.
Punishments
● Under this law there are defined punishment for the offence.
● Every respective offence under this law has its distinctive punishment which can be imprisonment or fine.
Offence Imprisonment (years) Fine
Criminal Access 3 3 Lac
Criminal Data Access 3 3 Lac
Data Damage 3 3 Lac
System Damage 3 3 Lac
Electronic Fraud 7 7 Lac
Electronic Forgery 7 7 Lac
Misuse of Device 3 3 Lac
Unauthorized access to code 3 3 Lac
Malicious code 5 5 Lac
Defamation 5 5 Lac
Cyber stalking 3 3 Lac
Cyber Spamming 6 months 50,000
Spoofing 3 3 Lac
Cyber terrorism Life 10 Million
Sections
● Data Damage:– Whoever with intent to illegal gain or cause harm
to the public or any person, damages any data, shall come under this section.
● Punishment:– 3 years– 3 Lac
Electronic/Cyber Crime Bill 2007
● Electronic fraud:– People for illegal gain get in the way or use any
data, electronic system or device or with intent to deceive any person, which act or omissions is likely to cause damage or harm.
● Punishment:– 7 years– 7 Lac
Electronic/Cyber Crime Bill 2007
● Electronic Forgery:– Whoever for unlawful gain interferes with data, electronic
system or device, with intent to cause harm or to commit fraud by any input, alteration, or suppression of data, resulting in unauthentic data that it be considered or acted upon for legal purposes as if it were authentic, regardless of the fact that the data is directly readable and intelligible or not.
● Punishment:– 7years– 7 Lac
Electronic/Cyber Crime Bill 2007
● Malicious code:– Whoever willfully writes, offers, makes available,
distributes or transmits malicious code through an electronic system or device, with intent to cause harm to any electronic system or resulting in the theft or loss of data commits the offence of malicious code.
● Punishment:– 5 years– 5 Lac
Electronic/Cyber Crime Bill 2007
● Cyber stalking: – Whoever with intent to harass any person uses computer,
computer network, internet, or any other similar means of communication to communicate obscene, vulgar, profane, lewd, lascivious, or indecent language, picture or image.
– Make any suggestion or proposal of an obscene nature– Threaten any illegal or immoral act– Take or distribute pictures or photographs of any person
without his consent or knowledge– Commits the offence of cyber stalking.– 3 Years– 3 Lac
Electronic/Cyber Crime Bill 2007
● Spamming:– Whoever transmits harmful, fraudulent, misleading,– illegal or unsolicited electronic messages in bulk to any
person– without the express permission of the recipient,– involves in falsified online user account registration or
falsified domain name registration for commercial purpose commits the offence of spamming.
● Punishment:– 6 month– 50,000
Electronic/Cyber Crime Bill 2007
● Spoofing:– Whoever establishes a website, or sends an
electronic message with a counterfeit source intended to be believed by the recipient or visitor or its electronic system to be an authentic source
– with intent to gain unauthorized access or obtain valuable information
– Later, Information can be used for any lawful purposes commits the offence of spoofing.
– 3 Years– 3 Lac
Electronic/Cyber Crime Bill 2007
● Cyber terrorism:– Any person, group or organization who, with terroristic
intent utilizes,– accesses or causes to be accessed a computer or
computer network or electronic system or device or by any available means,
– knowingly engages in or attempts to engage in a terroristic act commits the offence of cyber terrorism.
● Punishment– Whoever commits the offence of cyber terrorism and
causes death of any person shall be punished with death– Or imprisonment for life, and with fine– Otherwise he shall be punishable with imprisonment of
ten years or with fine ten million rupees