Crime => Illegal activities

Cyber => Characteristic of the culture of computers…

Computer crime, or cybercrime, refers to any crime that involves a computer and a network

It is a criminal activity committed on the Internet .

Cyber Crime

Cyber Crime

● It is also include traditional crimes in which computers or networks are used to enable the illicit activity.

● As the computer has become central to commerce, entertainment, and government.

● Cyber crime has grown in importance.

Cyber Crime

● Examples:

– E-mail account of a Federal Minister is hacked.– Credit cards frauds reach to an alarming level. – Visiting CEOs of Multinational Companies gets

threatening E-mails. – Financial institutions are the favourite targets of

Cyber criminals --- worstly effecting the technologicalprogress in the area of e –Commerce.

Such conducts includes: ● Illegal access● Illegal Transactions ● System interference● Data interference● Misuse of devices● Fraud

Cyber crime offenses against the information technology infrastructure.

Cyber Crime <=> Cyber Space <=> Net Crime

Cyber Crime

The first spam email took place in 1978 when it was sent out over the Arpanet.

The first virus was installed on an Apple computer in 1982 16-year-old student, nicknamed “Data Stream”, arrested by UK

police(1994)

History

Denial of Service (DoS) attacks by ‘Mafia Boy’ on eBay, Yahoo! and other popular sites (2000)

FBI's e-mail system is hacked (Feb,2005) Travelling documents of NATO forces were hacked in

Afghanistan.

History

Denial of Service (DoS) attacks by ‘Mafia Boy’ on eBay, Yahoo! and other popular sites (2000)

FBI's e-mail system is hacked (Feb,2005) Travelling documents of NATO forces were hacked in

Afghanistan.

History

The Invisible Criminals Are Dangerous Than The Visible One…

Who is Cyber Criminal

Those who are doing crimes by using the computer as an target or object.

i. Children and adolescents b/w 6-18

ii. Dissatisfied employees

iii. Professional hackers

iv. Crackers

Hacking Email bombing Data diddling Cyber Stalking Cyber Spoofing Denial of Service attack Malware attacks Web jacking …

Types of Cyber Crime

Hacking

● Gain unauthorized access to data in a system or computer.

● Hacking is the practice of modifying the features of a system, in order to accomplish a goal outside of the creator's original purpose. The person who is consistently engaging in hacking activities, and has accepted hacking as a lifestyle and philosophy of their choice, is called a hacker.

Email bombing

● In Internet usage, an email bomb is a form of net abuse consisting of sending huge volumes of email to an address in an attempt to overflow the mailbox.

Denial of Service attack

● In computing, a denial-of-service (DoS) or distributed denial-of-service (DDoS) attack is an attempt to make a machine or network resource unavailable to its intended users

Data Diddling

Data diddling is the changing of data before or during entry into the computer system. Examples include forging or counterfeiting documents used for data entry and exchanging valid disks and tapes with modified replacements.

Cyberstalking

● Cyberstalking is the use of the Internet or other electronic means to stalk or harass an individual, a group, or an organization.

Spoofing attack

● In the context of network security, a spoofing attack is a situation in which one person or program successfully masquerades as another by falsifying data and thereby gaining an illegitimate advantage.

Malware

● Malware, short for malicious software, is any software used to disrupt computer operation, gather sensitive information, or gain access to private computer systems. It can appear in the form of code, scripts, active content, and other software. 'Malware' is a general term used to refer to a variety of forms of hostile or intrusive software.

Web jacking

● In this attack a fake website is created and when the victim opens the link a page will appear saying that the website has been moved and they need to click another link.

Cyber Crime Rises Rapidly in Pakistan

The cyber crimes of multiple kinds in Pakistan have increased by five times over the past four years

According to CCU a branch of FIA

a. 62 cases were reported to the unit in 2007,b. 287 cases in 2008 c. Ratio dropped in 2009d. In 2010 more than 312 cases were registered in different

categories of cyber crimes.

Cyber Crime in Pakistan

Use anti-virus software and firewalls - keep them up to date Keep your operating system up to date Don't open emails or attachments from unknown sources Use hard-to-guess passwords. Don't share access to your computers with strangers Back-up your computer data on disks or CDs often If you have a Wi-Fi network, password protect it Disconnect from the Internet when not in use Reevaluate your security on a regular basis Never send your credit card number to any site that is not secured. Avoid sending any photograph online particularly to strangers.

Protect your Computers

Conclusion User awareness is key to a secure computer/network

Do not open suspicious files/emails Verify ActiveX/Java prompts Avoid using P2P programs Avoid downloading freeware If attacked, disconnect the network. Do not turn off the computer

So we must pay attention to all those issues and protect the World from Cyber Crime

“If you spend more on coffee than on IT security, you will be hacked. What’s more, you deserve to be hacked. — White House Cybersecurity Advisor”, Richard Clarke

Cyber Laws

● The legal issues related to use of communications technology, particularly "cyberspace", i.e. the Internet.

● It is an intersection of many legal fields, like:– Intellectual property, – Privacy

● Cyber laws is an attempt to apply laws designed for the physical world to human activity on the Internet

Cyber Laws in the World

● Electronic Commerce Act (Ireland)● Electronic Transactions Act (UK, USA,

Australia, New Zealand, Singapore)● Electronic Transactions Ordinance (Hong

Kong)● Information Technology Act (India)● Information Communication Technology Act

Draft (Bangladesh)

Electronic Transaction Ordinance 2002

● Overview– The Electronic Transactions Ordinance (ETO), 2002, was

the first IT-relevant legislation created by national lawmakers.

– A first step and a solid foundation for legal sanctity and protection for Pakistani e-Commerce locally and globally.

– Laid the foundation for comprehensive Legal Infrastructure.

– It is heavily taken from foreign law related to cyber crime.

Pre-ETO 2002

● No recognition of electronic documentation● No recognition of electronic records● No recognition of evidential basis of

documents/records● Failure to authenticate or identify digital or

electronic signatures or forms of authentication● No online transaction could be legally binding● Electronic Data & Forensic Evidence not covered.

No Rules

ETO 2002

● Sections– There are 43 sections in this ordinance– It deals with following 8 main areas relating to e-

Commerce.● Recognition of Electronic Documents● Electronic Communications● Digital Signature regime and its evidential consequences● Web Site & Digital Signatures Certification Providers● Stamp Duty● Attestation, notarization, certified copies● Jurisdiction● Offences

ETO 2002

● Important Sections are:– 36. Violation of privacy information

● gains or attempts to gain access● to any information system with or without intent● to acquire the information● Gain Knowledge● Imprisonment 7 years● Fine Rs. 1 million

ETO 2002

– 37. Damage to information system, etc.● alter, modify, delete, remove, generate, transmit or

store information● to impair the operation of,● or prevent or hinder access to, information● knowingly not authorised● Imprisonment 7 years● Fine Rs. 1 million

ETO 2002

– 38. Offences to be non-bailable, compoundable and cognizable

● All offences under this Ordinance shall be non-bailable, compoundable and cognizable.

– 39. Prosecution and trial of offences.● No Court inferior to the Court of Sessions shall try any

offence under this Ordinance.

Post ETO 2002

● Electronic Documentation & Records recognized

● Electronic & Digital forms of authentication & identification given legal sanctity

● Messages through email, fax, mobile phones, Plastic Cards, Online recognized.

Electronic/Cyber Crime Bill 2007

Overview

● “Prevention of Electronic Crimes Ordinance, 2007″ is in force now

● It was promulgated by the President of Pakistan on the 31st December 2007

● The bill deals with the electronic crimes included:– Cyber terrorism– Data damage– Electronic fraud– Electronic forgery– Unauthorized access to code– Cyber stalking– Cyber Spamming/spoofing

Electronic/Cyber Crime Bill 2007

● It offers penalties ranging from six months imprisonment to capital punishment for 17 types of cyber crimes

● It will apply to every person who commits an offence, irrespective of his nationality or citizenship.

● It gives exclusive powers to the Federal Investigation Agency (FIA) to investigate and charge cases against such crimes.

Punishments

● Under this law there are defined punishment for the offence.

● Every respective offence under this law has its distinctive punishment which can be imprisonment or fine.

Offence Imprisonment (years) Fine

Criminal Access 3 3 Lac

Criminal Data Access 3 3 Lac

Data Damage 3 3 Lac

System Damage 3 3 Lac

Electronic Fraud 7 7 Lac

Electronic Forgery 7 7 Lac

Misuse of Device 3 3 Lac

Unauthorized access to code 3 3 Lac

Malicious code 5 5 Lac

Defamation 5 5 Lac

Cyber stalking 3 3 Lac

Cyber Spamming 6 months 50,000

Spoofing 3 3 Lac

Cyber terrorism Life 10 Million

Sections

● Data Damage:– Whoever with intent to illegal gain or cause harm

to the public or any person, damages any data, shall come under this section.

● Punishment:– 3 years– 3 Lac

Electronic/Cyber Crime Bill 2007

● Electronic fraud:– People for illegal gain get in the way or use any

data, electronic system or device or with intent to deceive any person, which act or omissions is likely to cause damage or harm.

● Punishment:– 7 years– 7 Lac

Electronic/Cyber Crime Bill 2007

● Electronic Forgery:– Whoever for unlawful gain interferes with data, electronic

system or device, with intent to cause harm or to commit fraud by any input, alteration, or suppression of data, resulting in unauthentic data that it be considered or acted upon for legal purposes as if it were authentic, regardless of the fact that the data is directly readable and intelligible or not.

● Punishment:– 7years– 7 Lac

Electronic/Cyber Crime Bill 2007

● Malicious code:– Whoever willfully writes, offers, makes available,

distributes or transmits malicious code through an electronic system or device, with intent to cause harm to any electronic system or resulting in the theft or loss of data commits the offence of malicious code.

● Punishment:– 5 years– 5 Lac

Electronic/Cyber Crime Bill 2007

● Cyber stalking: – Whoever with intent to harass any person uses computer,

computer network, internet, or any other similar means of communication to communicate obscene, vulgar, profane, lewd, lascivious, or indecent language, picture or image.

– Make any suggestion or proposal of an obscene nature– Threaten any illegal or immoral act– Take or distribute pictures or photographs of any person

without his consent or knowledge– Commits the offence of cyber stalking.– 3 Years– 3 Lac

Electronic/Cyber Crime Bill 2007

● Spamming:– Whoever transmits harmful, fraudulent, misleading,– illegal or unsolicited electronic messages in bulk to any

person– without the express permission of the recipient,– involves in falsified online user account registration or

falsified domain name registration for commercial purpose commits the offence of spamming.

● Punishment:– 6 month– 50,000

Electronic/Cyber Crime Bill 2007

● Spoofing:– Whoever establishes a website, or sends an

electronic message with a counterfeit source intended to be believed by the recipient or visitor or its electronic system to be an authentic source

– with intent to gain unauthorized access or obtain valuable information

– Later, Information can be used for any lawful purposes commits the offence of spoofing.

– 3 Years– 3 Lac

Electronic/Cyber Crime Bill 2007

● Cyber terrorism:– Any person, group or organization who, with terroristic

intent utilizes,– accesses or causes to be accessed a computer or

computer network or electronic system or device or by any available means,

– knowingly engages in or attempts to engage in a terroristic act commits the offence of cyber terrorism.

● Punishment– Whoever commits the offence of cyber terrorism and

causes death of any person shall be punished with death– Or imprisonment for life, and with fine– Otherwise he shall be punishable with imprisonment of

ten years or with fine ten million rupees