CONTENTS

Sr No Particular Page No

1 Introduction to Cyber Law 1-2

2 Information Technology ACT 2000 3-4

3 Cyber Crime 5-6

4 Types of Crime 7-8

5 Cyber Criminal 9-10

6 Indian Case Study 11-12

7 Conclusion 13

1. Introduction to Cyber Law

Cyber Law is the law governing cyber space. Cyber space is a very wide term and

includes computers, networks, software, data storage devices (such as hard disks, USB

disks etc), the Internet, websites, emails and even electronic devices such as cell phones,

ATM machines etc.

Cyber crimes can involve criminal activities that are traditional in nature, such as theft,

fraud, forgery, defamation and mischief, all of which are subject to the Indian Penal Code.

The abuse of computers has also given birth to a gamut of new age crimes that are

addressed by the Information Technology Act, 2000.

The expression ‗Crime‘ is defined as an act, which subjects the doer to legal punishment

or any offence against morality, social order or any unjust or shameful act. The ―Offence"

is defined in the Code of Criminal

Procedure to mean as an act or omission made punishable by any law for the time being in

force.

It‘s an unlawful act wherein the computer is either a tool or a target or both.

Acts that are punishable by the Information Technology Act.

Cyber space is a virtual space that has become as important as real space for

business, politics, and communities .

Cyber Crime is emerging as a serious threat. World wide governments, police

departments and intelligence units have started to react.

Cyber Crime is a term used to broadly describe criminal activity in which computers or

computer networks are a tool, a target, or a place of criminal activity and include

everything from electronic cracking to denial of service attacks. It is also used to include

traditional crimes in which computers or networks are used to enable the illicit activity.

Computer crime mainly consists of unauthorized access to computer systems data

alteration, data destruction, theft of intellectual property. Cyber crime in the context of

national security may involve hacking, traditional espionage, or information warfare and

related activities.

1

Pornography, Threatening Email, Assuming someone's Identity, Sexual Harassment,

Defamation, Spam and Phishing are some examples where computers are used to commit

crime, whereas Viruses, Worms and Industrial Espionage, Software Piracy and Hacking are

examples where computers become target of crime.

The Internet in India is growing rapidly. It has given rise to new opportunities in every field

we can think of – be it entertainment, business, sports or education. There are two sides to a

coin. Internet also has its own disadvantages. One of the major disadvantages is Cybercrime

– illegal activity committed on the Internet. The Internet, along with its advantages, has also

exposed us to security risks that come with connecting to a large network. Computers today

are being misused for illegal activities like e-mail espionage, credit card fraud, spams, and

software piracy and so on, which invade our privacy and offend our senses. Criminal

activities in the cyberspace are on the rise.

"The modern thief can steal more with a computer than with a gun. Tomorrow's

terrorist may be able to do more damage with a key board than with a bomb".

Until recently, many information technology (IT) professionals lacked awareness of an

interest in the cyber crime phenomenon. In many cases, law enforcement officers have lacked

the tools needed to tackle the problem; old laws didn‘t quite fit the crimes being committed,

new laws hadn‘t quite caught up to the reality of what was happening, and there were few

court precedents to look to for guidance? Furthermore, debates over privacy issues hampered

the ability of enforcement agents to gather the evidence needed to prosecute these new cases.

Finally, there was a certain amount of antipathy—or at the least, distrust— between the two

most important players in any effective fight against cyber crime: law enforcement agencies

and computer professionals. Yet close cooperation between the two is crucial if we are to

control the cyber crime problem and make the Internet a safe ―place‖ for its users.

2

2. Information Technology Act 2000

Connectivity via the Internet has greatly abridged geographical distances and made

communication even more rapid. While activities in this limitless new universe are increasing

incessantly, laws must be formulated to monitor these activities. Some countries have been

rather vigilant and formed some laws governing the net. In order to keep pace with the

changing generation, the Indian Parliament passed the much-awaited Information

Technology Act, 2000 .As they say,

"It’s better late than never".

However, even after it has been passed, a debate over certain controversial issues continues.

A large portion of the industrial community seems to be dissatisfied with certain aspects of

the Act. But on the whole, it is a step in the right direction for India.

The Information Technology Act 2000, regulates the transactions relating to the computer

and the Internet

The objectives of the Act as reflected in the Preamble to the Act are:

1. The Preamble to the Act states that it aims at providing legal recognition for transactions

carried out by means of electronic data interchange and other means of electronic

communication, commonly referred to as "electronic commerce", which involve the use of

alternatives to paper-based methods of communication and storage of information and aims

at facilitating electronic filing of documents with the Government agencies.

2. To facilitate electronic filing of the document with the government of India. The General

Assembly of the United Nations had adopted the Model Law on Electronic Commerce

adopted by the United Nations Commission on International Trade Law (UNCITRAL) in its

General Assembly resolution A/RES/51/162 dated January 30, 1997. The Indian Act is in

keeping with this resolution that recommended that member nations of the UN enact and

modify their laws according to the Model Law.

Thus with the enactment of this Act, Internet transactions will now be recognized, on-line

contracts will be enforceable and e-mails will be legally acknowledged. It will tremendously

augment domestic as well as international trade and commerce.

The Information Technology Act extends to the whole of India and, saves as otherwise

provided in this Act, it applies also to any offence or contravention there under

3

committed outside India by any person.

However The Act does not apply to:

1. a negotiable instrument as defined in section 13 of the Negotiable Instruments Act,1881;

2. a power-of-attorney as defined in section 1A of the Powers-of- Attorney Act, 1882;

3. a trust as defined in section 3 of the Indian Trusts Act, 1882;

4. A will as defined in clause (h) of section 2 of the Indian Succession Act, 1925including

any other testamentary disposition by whatever name called

5. Any contract for the sale or conveyance of immovable property or any interest in such

property;

6. Any such class of documents or transactions as may be notified by the Central Government

in the Official Gazette.

Some of the Important Definition:

Asymmetric crypto system" means a system of a secure key pair consisting of a private key

for creating a digital signature and a public key to verify the digital signature;

Certifying Authority" means a person who has been granted a licence to issue a Digital

Signature Certificate under section 24;

Certification practice statement" means a statement issued by a Certifying Authority to

specify the practices that the Certifying Authority employs in issuing Digital Signature

Certificates;

Cyber Appellate Tribunal" means the Cyber Regulations Appellate Tribunal established

under sub-section (1) of section 48;

Digital signature" means authentication of any electronic record by a subscriber by means of

an electronic method or procedure in accordance with the provisions of section.

Digital Signature Certificate" means a Digital Signature Certificate issued under subsection

of section 35;

Electronic form" with reference to information means any information generated, sent,

received or stored in media, magnetic, optical, computer memory, micro film, computer

generated micro fiche or similar device;

Electronic Gazette" means the Official Gazette published in the electronic form;

Secure system" means computer hardware, software, and procedure that—

(a) are reasonably secure from unauthorised access and misuse.

(b) provide a reasonable level of reliability and correct operation.

4

3. Introduction to Cyber Crime

The first recorded cyber crime took place in the year 1820! That is not surprising considering

the fact that the abacus, which is thought to be the earliest form of a computer, has been

around since 3500 B.C. in India, Japan and China. The era of modern computers, however,

began with the analytical engine of Charles Babbage. Cyber crime is an evil having its origin

in the growing dependence on computers in modern life. In a day and age when everything

from microwave ovens and refrigerators to nuclear power plants is being run on computers,

cyber crime has assumed rather sinister implications. Major Cyber crimes in the recent past

include the Citibank rip off. US $ 10 million were fraudulently transferred out of the bank

and into a bank account in Switzerland. A Russian hacker group led by Vladimir Kevin, a

renowned hacker, perpetrated the attack. The group compromised the bank's security

systems. Vladimir was allegedly using his office computer at AO Saturn, a computer firm in

St. Petersburg, Russia, to break into Citi bank computers. He was finally arrested on

Heathrow airport on his way to Switzerland.

United Nations‘ Definition of Cybercrime

Cybercrime spans not only state but national boundaries as well. Perhaps we should look to

international organizations to provide a standard definition of the crime. At the Tenth United

Nations Congress on the Prevention of Crime and Treatment of Offenders, in a workshop

devoted to the issues of crimes related to computer networks, cybercrime was broken into

two categories and defined thus:

Cybercrime in a narrow sense (computer crime): Any illegal behaviour directed by

means of electronic operations that targets the security of computer systems and the

data processed by them.

Cybercrime in a broader sense (computer-related crime): Any illegal behaviour

committed by means of, or in relation to, a computer system or network, including

such crimes as illegal possession [and] offering or distributing information by means

of a computer system or network.

Of course, these definitions are complicated by the fact that an act may be illegal in one

nation but not in another.

5

There are more concrete examples, including

i. Unauthorized access

ii Damage to computer data or programs

iii Computer sabotage

iv Unauthorized interception of communications

v Computer espionage

These definitions, although not completely definitive, do give us a good starting point one

that has some international recognition and agreement for determining just what we mean by

the term cybercrime.

In Indian law, cyber crime has to be voluntary and wilful, an act or omission that adversely

affects a person or property. The IT Act provides the backbone for e-commerce and India‘s

approach has been to look at e-governance and e-commerce primarily from the promotional

aspects looking at the vast opportunities and the need to sensitize the population to the

possibilities of the information age. There is the need to take in to consideration the security

aspects.

Cybercrime is not on the decline. The latest statistics show that cybercrime is actually on the

rise. However, it is true that in India, cybercrime is not reported too much about.

Consequently there is a false sense of complacency that cybercrime does not exist and that

society is safe from cybercrime. This is not the correct picture. The fact is that people in our

country do not report cybercrimes for many reasons. Many do not want to face harassment by

the police. There is also the fear of bad publicity in the media, which could hurt their

Reputation and standing in society. Also, it becomes extremely difficult to convince the

police to register any cybercrime, because of lack of orientation and awareness about

cybercrimes and their registration and handling by the police.

6

4. Types Of Cyber Crime

Technical Aspects

Technological advancements have created new possibilities for criminal activity, in particular

the criminal misuse of information technologies such as

Unauthorized access & Hacking:-

Access means gaining entry into, instructing or communicating with the logical,

arithmetical, or memory function resources of a computer, computer system or

computer network.

Unauthorized access would therefore mean any kind of access without the permission

of either the rightful owner or the person in charge of a computer, computer system or

computer network.

By hacking web server taking control on another persons website called as web

hijacking

Trojan Attack:-

The program that act like something useful but do the things that are quiet damping.

The programs of this kind are called as Trojans.

Trojans come in two parts, a Client part and a Server part. When the victim

(unknowingly) runs the server on its machine, the attacker will then use the Client to

connect to the Server and start using the trojan.

Virus and Worm attack:-

A program that has capability to infect other programs and make copies of itself and

spread into other programs is called virus.

Programs that multiply like viruses but spread from computer to computer are called

as worms.

E-mail related crimes:-

Email spoofing:-Email spoofing refers to email that appears to have been originated from

one source when it was actually sent from another source. Please Read

Email Spamming:-Email "spamming" refers to sending email to thousands and thousands of

users - similar to a chain letter.

7

Sending malicious codes through email:-

E-mails are used to send viruses, Trojans etc through emails as an attachment or by sending a

link of website which on visiting downloads malicious code.

Email bombing:-

E-mail "bombing" is characterized by abusers repeatedly sending an identical email message

to a particular address.

Sending threatening emails

Sending any threatening Email to any Person regarding his live or property is also a Crime.

Sale of illegal articles

This would include sale of narcotics, weapons and wildlife etc., by posting information on

websites, auction websites, and bulletin boards or simply by using email communication.

Online gambling

There are millions of websites; all hosted on servers abroad, that offer online gambling. In

fact, it is believed that many of these websites are actually fronts for money laundering.

8

5. Cyber Criminals

Kids (age group 9-16 etc.)

It seems really difficult to believe but it is true. Most amateur hackers and cyber criminals are

teenagers. To them, who have just begun to understand what appears to be a lot about

computers, it is a matter of pride to have hacked into a computer system or a website. There

is also that little issue of appearing really smart among friends. These young rebels may also

commit cyber crimes without really knowing that they are doing anything wrong.

Organized hacktivists

Hacktivists are hackers with a particular (mostly political) motive. In other cases this reason

can be social activism, religious activism, etc. The attacks on approximately 200 prominent

Indian websites by a group of hackers known as Pakistani Cyber Warriors are a good

example of political hacktivists at work.

Disgruntled employees

One can hardly believe how spiteful displeased employees can become. Till now they had the

option of going on strike against their bosses. Now, with the increase independence on

computers and the automation of processes, it is easier for disgruntled employees to do more

harm to their employers by committing computer related crimes, which can bring entire

systems down.

Professional hackers (corporate espionage)

Extensive computerization has resulted in business organizations storing all their information

in electronic form. Rival organizations employ hackers to steal industrial secrets and other

information that could be beneficial to them. The temptation to use professional hackers for

industrial espionage also stems from the fact that physical presence required to gain access to

important documents is rendered needless if hacking can retrieve those.

Denial of Service Tools

Denial-of-service (or DoS) attacks are usually launched to make a particular service

unavailable to someone who is authorized to use it. These attacks may be launched using one

single computer or many computers across the world. In the latter scenario, the attack is

known as a distributed denial of service attack. Usually these attacks do not necessitate the

need to get access into anyone's system.

These attacks have been getting decidedly more popular as more and more people realize the

amount and magnitude of loss, which can be caused through them.

9

What are the reasons that a hacker may want to resort to a DoS attack? He may have installed

a Trojan in the victim's computer but needed to have the computer restarted to activate the

Trojan. The other good reason also may be that a business may want to harm a competitor by

crashing his systems.

Denial-of-service attacks have had an impressive history having, in the past, blocked out

websites like Amazon, CNN, Yahoo and eBay. The attack is initiated by sending excessive

demands to the victim's computer's, exceeding the limit that the victim's servers can support

and making the server‘s crash. Sometimes, many computers are entrenched in this process by

installing a Trojan on them; taking control of them and then making them send numerous

demands to the targeted computer. On the other side, the victim of such an attack may see

many such demands (sometimes even numbering tens of thousands) coming from computers

from around the world. Unfortunately, to be able to gain control over a malicious denial-of-

service attack would require tracing all the computers involved in the attack and then

informing the owners of those systems about the attack. The compromised system would

need to be shut down or then cleaned. This process, which sounds fairly simple, may prove

very difficult to achieve across national and later organizational bordersDenial-of-service

attacks have had an impressive history having, in the past, blocked out websites like Amazon,

CNN, Yahoo and eBay. The attack is initiated by sending excessive demands to the victim's

computer's, exceeding the limit that the victim's servers can support and making the server‘s

crash. Sometimes, many computers are entrenched in this process by installing a Trojan on

them; taking control of them and then making them send numerous demands to the targeted

computer. On the other side, the victim of such an attack may see many such demands

(sometimes even numbering tens of thousands) coming from computers from around the

world. Unfortunately, to be able to gain control over a malicious denial-of-service attack

would require tracing all the computers involved in the attack and then informing the owners

of those systems about the attack. The compromised system would need to be shut down or

then cleaned. This process, which sounds fairly simple, may prove very difficult to achieve

across national and later organizational borders.

10

6. Indian Case Studies

While I have a huge collection of international cyber crimes I thought it may be more

relevant if we discuss Indian Cyber crime case studies. However if any of you is interested in

international case studies please do reach me. I have not arranged the following section in an

order to create flow of thought for the reader. And it is possible there is a drift from the

taxonomy which we have defined in the beginning.

Insulting Images of Warrior Shivaji on Google – Orkut

An Indian posts ‗insulting images‘ of respected warrior-saint Shivaji on Google‘s

Orkut.Indian police come knocking at Google‘s gilded door demanding the IP address (IP

uniquely identifies every computer in the world) which is the source of this negative image.

Google, India hands over the IP address.

Financial crime

Wipro Spectramind lost the telemarketing contract from Capital one due to an organized

crime.The telemarketing executives offered fake discounts, free gifts to the Americans in

order to boost the sales of the Capital one. The internal audit revealed the fact and

surprisingly it was also noted that the superiors of these telemarketers were also involved in

the whole scenario.

Cyber pornography

Some more Indian incidents revolving around cyber pornography include the Air Force

Balbharati School case. In the first case of this kind, the Delhi Police Cyber Crime Cell

registered a case under section 67 of the IT act, 2000. A student of the Air Force Balbharati

School, New Delhi, was teased by all his classmates for having a pockmarked face.

Online Gambling

Recent Indian case about cyber lotto was very interesting. A man called Kola Mohan

invented the story of winning the Euro Lottery. He himself created a website and an email

address on the Internet with the address 'eurolottery@usa.net.' Whenever accessed, the site

would name him as the beneficiary of the 12.5 million pound. After confirmation a

telgunewspaper published this as a news. He collected huge sums from the public as well as

from some banks for mobilization of the deposits in foreign currency However, the fraud

11

came to light when a cheque discounted by him with the Andhra Bank for Rs 1.73 million

bounced. Mohan had pledged with Andhra Bank the copy of a bond certificate purportedly

issued by Midland Bank, Sheffields, London stating that a term deposit of 12.5 million was

held in his name.

Intellectual Property crimes

These include software piracy, copyright infringement, trademarks violations, theft of

computer source code etc. In other words this is also referred to as cybersquatting. Satyam

Vs. Siffy is the most widely known case. Bharti Cellular Ltd. filed a case in the Delhi High

Court that some cyber squatters had registered domain names such as barticellular.com and

bhartimobile.com with Network solutions under different fictitious names. The court directed

Network Solutions not to transfer the domain names in question to any third party and the

matter is sub-judice. Similar issues had risen before various High Courts earlier. Yahoo had

sued one Akash Arora for use of the domain name ‗Yahooindia.Com‘ deceptively similar to

its ‗Yahoo.com‘. As this case was governed by the Trade Marks Act,1958, the additional

defence taken against Yahoo‘s legal action for the interim order was that the Trade Marks

Act was applicable only to goods.

Cyber Defamation

India‘s first case of cyber defamation was reported when a company‘s employee started

sending derogatory, defamatory and obscene e-mails about its Managing Director. The emails

were anonymous and frequent, and were sent to many of their business associates to tarnish

the image and goodwill of the company. The company was able to identify the employee

with the help of a private computer expert and moved the Delhi High Court. The court

granted an ad-interim injunction and restrained the employee from sending, publishing and

transmitting e-mails, which are defamatory or derogatory to the plaintiffs.

12

7. CONCLUSION

Obviously computer crime is on the rise, but so is the awareness and ability to fight it. Law

enforcement realizes that it is happening more often than it is reported and are doing there

best to improve existing laws and create new laws as appropriate. The problem is not with the

awareness or the laws, but with actually reporting that a crime has occurred. Hopefully

people will begin to realize that unless they report these crimes and get convictions, those

committing computer crimes will continue to do so. While there is no silver bullet for dealing

with cyber crime, it doesn‘t mean that we are completely helpless against it. The legal system

is becoming more tech savvy and manylaw enforcement departments now have cyber crime

units created specifically to deal with computer related crimes, and of course we now have

laws that are specifically designed for computer related crime. While the existing laws are not

perfect, and no law is, they are nonetheless a step in the right direction toward making the

Internet a safer place for business, research and just casual use. As our reliance on computers

and the Internet continues to grow, the importance of the laws that protect us from the cyber-

criminals will continue to grow as well.

13