Projects: CYBER CRIME

INTRODUCTION:

The term ‘cyber crime’ is a misnomer. This term has nowhere been defined in any statute /Act passed or enacted by the Indian Parliament. The concept of cyber crime is not radically different from the concept of conventional crime. Both include conduct whether act or omission, which cause breach of rules of law and counterbalanced by the sanction of the state.

Before evaluating the concept of cyber crime it is obvious that the concept of conventional crime be discussed and the points of similarity and deviance between both these forms may be discussed.

CONVENTIONAL CRIME-

Crime is a social and economic phenomenon and is as old as the human society. Crime is a legal concept and has the sanction of the law. Crime or an offence is “a legal wrong that can be followed by criminal proceedings which may result into punishment.”(1) The hallmark of criminality is that, it is breach of the criminal law. Per Lord Atkin “the criminal quality of an act cannot be discovered by reference to any standard but one: is the act prohibited with penal consequences”. (2)

A crime may be said to be any conduct accompanied by act or omission prohibited by law and consequential breach of which is visited by penal consequences.

CYBER CRIME

Cyber crime is the latest and perhaps the most complicated problem in the cyber world. “Cyber crime may be said to be those species, of which, genus is the conventional crime, and where either the computer is an object or subject of the conduct constituting crime” (13). “Any criminal activity that uses a computer either as an instrumentality, target or a means for perpetuating further crimes comes within the ambit of cyber crime”(12)

A generalized definition of cyber crime may be “ unlawful acts wherein the computer is either a tool or target or both”(3) The computer may be used as a tool in the following kinds of activity- financial crimes, sale of illegal articles, pornography, online gambling, intellectual property crime, e-mail spoofing, forgery, cyber defamation, cyber stalking. The computer may however be target for unlawful acts in the following cases- unauthorized access to computer/ computer system/ computer networks, theft of information contained in the electronic form, e-mail bombing, data didling, salami attacks, logic bombs, Trojan attacks, internet time thefts, web jacking, theft of computer system, physically damaging the computer system.

DISTINCTION BETWEEN CONVENTIONAL AND CYBER CRIME-

There is apparently no distinction between cyber and conventional crime. However on a deep introspection we may say that there exists a fine line of demarcation between the conventional and cyber crime, which is appreciable. The demarcation lies in the involvement of the medium in cases of cyber crime. The sine qua non for cyber crime is that there should be an involvement, at any stage, of the virtual cyber medium.

REASONS FOR CYBER CRIME:

Hart in his work “ The Concept of Law” has said ‘human beings are vulnerable so rule of law is required to protect them’. Applying this to the cyberspace we may say that computers are vulnerable so rule of law is required to protect and safeguard them against cyber crime. The reasons for the vulnerability of computers may be said to be:

Capacity to store data in comparatively small space-

The computer has unique characteristic of storing data in a very small space. This affords to remove or derive information either through physical or virtual medium makes it much more easier.

Easy to access-

The problem encountered in guarding a computer system from unauthorised access is that there is every possibility of breach not due to human error but due to the complex technology. By secretly implanted logic bomb, key loggers that can steal access codes, advanced voice recorders; retina imagers etc. that can fool biometric systems and bypass firewalls can be utilized to get past many a security system.

3.Complex-

The computers work on operating systems and these operating systems in turn are composed of millions of codes. Human mind is fallible and it is not possible that there might not be a lapse at any stage. The cyber criminals take advantage of these lacunas and penetrate into the computer system.

4.Negligence-

Negligence is very closely connected with human conduct. It is therefore very probable that while protecting the computer system there might be any negligence, which in turn provides a cyber criminal to gain access and control over the computer system.

5. Loss of evidence-

Loss of evidence is a very common & obvious problem as all the data are routinely destroyed. Further collection of data outside the territorial extent also paralyses this system of crime investigation.

CYBER CRIMINALS:

The cyber criminals constitute of various groups/ category. This division may be justified on the basis of the object that they have in their mind. The following are the category of cyber criminals-

1. Children and adolescents between the age group of 6 – 18 years –

The simple reason for this type of delinquent behaviour pattern in children is seen mostly due to the inquisitiveness to know and explore the things. Other cognate reason may be to prove themselves to be outstanding amongst other children in their group. Further the reasons may be psychological even. E.g. the Bal Bharati (Delhi) case was the outcome of harassment of the delinquent by his friends.

2. Organised hackers-

These kinds of hackers are mostly organised together to fulfil certain objective. The reason may be to fulfil their political bias, fundamentalism, etc. The Pakistanis are said to be one of the best quality hackers in the world. They mainly target the Indian government sites with the purpose to fulfil their political objectives. Further the NASA as well as the Microsoft sites is always under attack by the hackers.

3. Professional hackers / crackers –

Their work is motivated by the colour of money. These kinds of hackers are mostly employed to hack the site of the rivals and get credible, reliable and valuable information. Further they are ven employed to crack the system of the employer basically as a measure to make it safer by detecting the loopholes.

4. Discontented employees-

This group include those people who have been either sacked by their employer or are dissatisfied with their employer. To avenge they normally hack the system of their employee.

MODE AND MANNER OF COMMITING CYBER CRIME:

Unauthorized access to computer systems or networks / Hacking-

This kind of offence is normally referred as hacking in the generic sense. However the framers of the information technology act 2000 have no where used this term so to avoid any confusion we would not interchangeably use the word hacking for ‘unauthorized access’ as the latter has wide connotation.

Theft of information contained in electronic form-

This includes information stored in computer hard disks, removable storage media etc. Theft may be either by appropriating the data physically or by tampering them through the virtual medium.

Email bombing-

This kind of activity refers to sending large numbers of mail to the victim, which may be an individual or a company or even mail servers there by ultimately resulting into crashing.

Data diddling-

This kind of an attack involves altering raw data just before a computer processes it and then changing it back after the processing is completed. The electricity board faced similar problem of data diddling while the department was being computerised.

Salami attacks-

This kind of crime is normally prevalent in the financial institutions or for the purpose of committing financial crimes. An important feature of this type of offence is that the alteration is so small that it would normally go unnoticed. E.g. the Ziegler case wherein a logic bomb was introduced in the bank’s system, which deducted 10 cents from every account and deposited it in a particular account.

Denial of Service attack-

The computer of the victim is flooded with more requests than it can handle which cause it to crash. Distributed Denial of Service (DDoS) attack is also a type of denial of service attack, in which the offenders are wide in number and widespread. E.g. Amazon, Yahoo.

7. Virus / worm attacks-

Viruses are programs that attach themselves to a computer or a file and then circulate themselves to other files and to other computers on a network. They usually affect the data on a computer, either by altering or deleting it. Worms, unlike viruses do not need the host to attach themselves to. They merely make functional copies of themselves and do this repeatedly till they eat up all the available space on a computer's memory. E.g. love bug virus, which affected at least 5 % of the computers of the globe. The losses were accounted to be $ 10 million. The world's most famous worm was the Internet worm let loose on the Internet by Robert Morris sometime in 1988. Almost brought development of Internet to a complete halt.

8. Logic bombs-

These are event dependent programs. This implies that these programs are created to do something only when a certain event (known as a trigger event) occurs. E.g. even some viruses may be termed logic bombs because they lie dormant all through the year and become active only on a particular date (like the Chernobyl virus).

Trojan attacks-

This term has its origin in the word ‘Trojan horse’. In software field this means an unauthorized programme, which passively gains control over another’s system by representing itself as an authorised programme. The most common form of installing a Trojan is through e-mail. E.g. a Trojan was installed in the computer of a lady film director in the U.S. while chatting. The cyber criminal through the web cam installed in the computer obtained her nude photographs. He further harassed this lady.

Internet time thefts-

Normally in these kinds of thefts the Internet surfing hours of the victim are used up by another person. This is done by gaining access to the login ID and the password. E.g. Colonel Bajwa’s case- the Internet hours were used up by any other person. This was perhaps one of the first reported cases related to cyber crime in India. However this case made the police infamous as to their lack of understanding of the nature of cyber crime.

11. Web jacking-

This term is derived from the term hi jacking. In these kinds of offences the hacker gains access and control over the web site of another. He may even mutilate or change the information on the site. This may be done for fulfilling political objectives or for money. E.g. recently the site of MIT (Ministry of Information Technology) was hacked by the Pakistani hackers and some obscene matter was placed therein. Further the site of Bombay crime branch was also web jacked. Another case of web jacking is that of the ‘gold fish’ case. In this case the site was hacked and the information pertaining to gold fish was changed. Further a ransom of US $ 1 million was demanded as ransom. Thus web jacking is a process where by control over the site of another is made backed by some consideration for it.

CLASSIFICATION:

The subject of cyber crime may be broadly classified under the following three groups. They are-

1. Against Individuals

a. their person &
b. their property of an individual

2. Against Organization

a. Government
c. Firm, Company, Group of Individuals.

3. Against Society at large

The following are the crimes, which can be committed against the followings group

Against Individuals: –

i. Harassment via e-mails.
ii. Cyber-stalking.
iii. Dissemination of obscene material.
iv. Defamation.
v. Unauthorized control/access over computer system.
vi. Indecent exposure
vii. Email spoofing
viii. Cheating & Fraud

Against Individual Property: -

i. Computer vandalism.
ii. Transmitting virus.
iii. Netrespass
iv. Unauthorized control/access over computer system.
v. Intellectual Property crimes
vi. Internet time thefts

Against Organization: -

i. Unauthorized control/access over computer system
ii. Possession of unauthorized information.
iii. Cyber terrorism against the government organization.
iv. Distribution of pirated software etc.

Against Society at large: -

i.     Pornography (basically child pornography).
ii.    Polluting the youth through indecent exposure.
iii.   Trafficking
iv. Financial crimes
v.Sale of illegal articles
vi.Online gambling
vii. Forgery

The above mentioned offences may discussed in brief as follows:

1. Harassment via e-mails-

Harassment through e-mails is not a new concept. It is very similar to harassing through letters. Recently I had received a mail from a lady wherein she complained about the same. Her former boy friend was sending her mails constantly sometimes emotionally blackmailing her and also threatening her. This is a very common type of harassment via e-mails.

2. Cyber-stalking-

The Oxford dictionary defines stalking as "pursuing stealthily". Cyber stalking involves following a person's movements across the Internet by posting messages (sometimes threatening) on the bulletin boards frequented by the victim, entering the chat-rooms frequented by the victim, constantly bombarding the victim with emails etc.

3. Dissemination of obscene material/ Indecent exposure/ Pornography (basically child pornography) / Polluting through indecent exposure-

Pornography on the net may take various forms. It may include the hosting of web site containing these prohibited materials. Use of computers for producing these obscene materials. Downloading through the Internet, obscene materials. These obscene matters may cause harm to the mind of the adolescent and tend to deprave or corrupt their mind. Two known cases of pornography are the Delhi Bal Bharati case and the Bombay case wherein two Swiss couple used to force the slum children for obscene photographs. The Mumbai police later arrested them.

4. Defamation

It is an act of imputing any person with intent to lower the person in the estimation of the right-thinking members of society generally or to cause him to be shunned or avoided or to expose him to hatred, contempt or ridicule. Cyber defamation is not different from conventional defamation except the involvement of a virtual medium. E.g. the mail account of Rohit was hacked and some mails were sent from his account to some of his batch mates regarding his affair with a girl with intent to defame him.

4. Unauthorized control/access over computer system-

This activity is commonly referred to as hacking. The Indian law has however given a different connotation to the term hacking, so we will not use the term "unauthorized access" interchangeably with the term "hacking" to prevent confusion as the term used in the Act of 2000 is much wider than hacking.

5. E mail spoofing-

A spoofed e-mail may be said to be one, which misrepresents its origin. It shows it's origin to be different from which actually it originates. Recently spoofed mails were sent on the name of Mr. Na.Vijayashankar (naavi.org), which contained virus.

Rajesh Manyar, a graduate student at Purdue University in Indiana, was arrested for threatening to detonate a nuclear device in the college campus. The alleged e- mail was sent from the account of another student to the vice president for student services. However the mail was traced to be sent from the account of Rajesh Manyar.(15)

6. Computer vandalism-

Vandalism means deliberately destroying or damaging property of another. Thus computer vandalism may include within its purview any kind of physical harm done to the computer of any person. These acts may take the form of the theft of a computer, some part of a computer or a peripheral attached to the computer or by physically damaging a computer or its peripherals.

7. Transmitting virus/worms-

This topic has been adequately dealt herein above.

8. Intellectual Property crimes / Distribution of pirated software-

Intellectual property consists of a bundle of rights. Any unlawful act by which the owner is deprived completely or partially of his rights is an offence. The common form of IPR violation may be said to be software piracy, copyright infringement, trademark and service mark violation, theft of computer source code, etc.

The Hyderabad Court has in a land mark judgement has convicted three people and sentenced them to six months imprisonment and fine of 50,000 each for unauthorized copying and sell of pirated software. (16)

9. Cyber terrorism against the government organization

At this juncture a necessity may be felt that what is the need to distinguish between cyber terrorism and cyber crime. Both are criminal acts. However there is a compelling need to distinguish between both these crimes. A cyber crime is generally a domestic issue, which may have international consequences, however cyber terrorism is a global concern, which has domestic as well as international consequences. The common form of these terrorist attacks on the Internet is by distributed denial of service attacks, hate websites and hate emails, attacks on sensitive computer networks, etc. Technology savvy terrorists are using 512-bit encryption, which is next to impossible to decrypt. The recent example may be cited of – Osama Bin Laden, the LTTE, attack on America’s army deployment system during Iraq war.

Cyber terrorism may be defined to be “ the premeditated use of disruptive activities, or the threat thereof, in cyber space, with the intention to further social, ideological, religious, political or similar objectives, or to intimidate any person in furtherance of such objectives” (4)

Another definition may be attempted to cover within its ambit every act of cyber terrorism.

A terrorist means a person who indulges in wanton killing of persons or in violence or in disruption of services or means of communications essential to the community or in damaging property with the view to –

(1) putting the public or any section of the public in fear; or

(2) affecting adversely the harmony between different religious, racial, language or regional groups or castes or communities; or

(3) coercing or overawing the government established by law; or

(4) endangering the sovereignty and integrity of the nation

and a cyber terrorist is the person who uses the computer system as a means or ends to achieve the above objectives. Every act done in pursuance thereof is an act of cyber terrorism.

10.Trafficking

Trafficking may assume different forms. It may be trafficking in drugs, human beings, arms weapons etc. These forms of trafficking are going unchecked because they are carried on under pseudonyms. A racket was busted in Chennai where drugs were being sold under the pseudonym of honey.

Fraud & Cheating

Online fraud and cheating is one of the most lucrative businesses that are growing today in the cyber space. It may assume different forms. Some of the cases of online fraud and cheating that have come to light are those pertaining to credit card crimes, contractual crimes, offering jobs, etc.

Recently the Court of Metropolitan Magistrate Delhi (17) found guilty a 24-year-old engineer working in a call centre, of fraudulently gaining the details of Campa's credit card and bought a television and a cordless phone from Sony website. Metropolitan magistrate Gulshan Kumar convicted Azim for cheating under IPC, but did not send him to jail. Instead, Azim was asked to furnish a personal bond of Rs 20,000, and was released on a year's probation.

STATUTORY PROVISONS:

The Indian parliament considered it necessary to give effect to the resolution by which the General Assembly adopted Model Law on Electronic Commerce adopted by the United Nations Commission on Trade Law. As a consequence of which the Information Technology Act 2000 was passed and enforced on 17th May 2000.the preamble of this Act states its objective to legalise e-commerce and further amend the Indian Penal Code 1860, the Indian Evidence Act 1872, the Banker’s Book Evidence Act1891 and the Reserve Bank of India Act 1934. The basic purpose to incorporate the changes in these Acts is to make them compatible with the Act of 2000. So that they may regulate and control the affairs of the cyber world in an effective manner.

The Information Technology Act deals with the various cyber crimes in chapters IX & XI. The important sections are Ss. 43,65,66,67. Section 43 in particular deals with the unauthorised access, unauthorised downloading, virus attacks or any contaminant, causes damage, disruption, denial of access, interference with the service availed by a person. This section provide for a fine up to Rs. 1 Crore by way of remedy. Section 65 deals with ‘tampering with computer source documents’ and provides for imprisonment up to 3 years or fine, which may extend up to 2 years or both. Section 66 deals with ‘hacking with computer system’ and provides for imprisonment up to 3 years or fine, which may extend up to 2 years or both. Further section 67 deals with publication of obscene material and provides for imprisonment up to a term of 10 years and also with fine up to Rs. 2 lakhs. (14)

ANALYSIS OF THE STATUTORY PROVISONS:

The Information Technology Act 2000 was undoubtedly a welcome step at a time when there was no legislation on this specialised field. The Act has however during its application has proved to be inadequate to a certain extent. The various loopholes in the Act are-

1. The hurry in which the legislation was passed, without sufficient public debate, did not really serve the desired purpose (6)-

Experts are of the opinion that one of the reasons for the inadequacy of the legislation has been the hurry in which it was passed by the parliament and it is also a fact that sufficient time was not given for public debate.

2. “Cyberlaws, in their very preamble and aim, state that they are targeted at aiding e-commerce, and are not meant to regulate cybercrime”(6) –

Mr. Pavan Duggal holds the opinion that the main intention of the legislators has been to provide for a law to regulate the e-commerce and with that aim the I.T.Act 2000 was passed, which also is one of the reasons for its inadequacy to deal with cases of cyber crime.

At this point I would like to express my respectful dissent with Mr. Duggal. I feel that the above statement by Mr. Duggal is not fundamentally correct. The reason being that the preamble does state that the Act aims at legalising e-commerce. However it does not stop here. It further amends the I.P.C., Evidence Act, Banker’s Book Evidence and RBI Act also. The Act also aims to deal with all matters connected therewith or incidental thereto. It is a cardinal rule of interpretation that “text should be read as a whole to gather the meaning”. It seems that the above statement has been made in total disregard of this rule of interpretation. The preamble, if read as a whole, makes it very clear that the Act equally aims at legalising e-commerce and to curb any offences arising there from.

3.Cyber torts-

The recent cases including Cyber stalking cyber harassment, cyber nuisance, and cyber defamation have shown that the I.T.Act 2000 has not dealt with those offences. Further it is also contended that in future new forms of cyber crime will emerge which even need to be taken care of. Therefore India should sign the cyber crime convention. However the I.T.Act 2000 read with the Penal Code is capable of dealing with these felonies.

4.Cyber crime in the Act is neither comprehensive nor exhaustive-

Mr. Duggal believes that we need dedicated legislation on cyber crime that can supplement the Indian Penal Code. The contemporary view is held by Mr. Prathamesh Popat who has stated- "The IT Act, 2000 is not comprehensive enough and doesn't even define the term 'cyber crime". (8) Mr. Duggal has further commented, “India, as a nation, has to cope with an urgent need to regulate and punish those committing cyber crimes, but with no specific provisions to do so. Supporters of the Indian Penal Code School vehemently argue that IPC has stood the test of time and that it is not necessary to incorporate any special laws on cyber crime. This is because it is debated by them that the IPC alone is sufficient for all kinds of crime. However, in practical terms, the argument does not have appropriate backing. It has to be distinctly understood that cyber crime and cyberspace are completely new whelms, where numerous new possibilities and opportunities emerge by the day in the form of new kinds of crimes.”(6)

I feel that a new legislation on cyber crime is totally unwarranted. The reason is that the new legislation not come alone but will bring with it the same confusion, the same dissatisfaction and the same desire to supplant it by further new legislation. Mr. Duggal has stated above the need to supplement IPC by a new legislation. If that is the issue then the present legislation along with the Penal Code when read harmoniously and co- jointly is sufficient to deal with the present problems of cyber crime. Further there are other legislations to deal with the intellectual property crimes on the cyber space such as the Patents Act, Copy Right Act, Trade Marks Act.

5.Ambiguity in the definitions-

The definition of hacking provided in section 66 of the Act is very wide and capable of misapplication. There is every possibility of this section being misapplied and in fact the Delhi court has misapplied it. The infamous go2nextjob has made it very clear that what may be the fate of a person who is booked under section 66 or the constant threat under which the netizens are till s. 66 exists in its present form.

Further section 67 is also vague to certain extent. It is difficult to define the term lascivious information or obscene pornographic information. Further our inability to deal with the cases of cyber pornography has been proved by the Bal Bharati case.

6. Uniform law-

Mr. Vinod Kumar (9) holds the opinion that the need of the hour is a worldwide uniform cyber law to combat cyber crime. Cyber crime is a global phenomenon and therefore the initiative to fight it should come from the same level. E.g. the author of the love bug virus was appreciated by his countrymen.

7.Lack of awareness-

One important reason that the Act of 2000 is not achieving complete success is the lack of awareness among the s about their rights. Further most of the cases are going unreported. If the people are vigilant about their rights the law definitely protects their right. E.g. the Delhi high court in October 2002 prevented a person from selling Microsoft pirated software over an auction site. Achievement was also made in the case before the court of metropolitan magistrate Delhi wherein a person was convicted for online cheating by buying Sony products using a stolen credit card. (17)

8. Jurisdiction issues-

Jurisdiction is also one of the debatable issues in the cases of cyber crime due to the very universal nature of cyber space. With the ever-growing arms of cyber space the territorial concept seems to vanish. New methods of dispute resolution should give way to the conventional methods. The Act of 2000 is very silent on these issues.

9. Extra territorial application-

Though S.75 provides for extra-territorial operations of this law, but they could be meaningful only when backed with provisions recognizing orders and warrants for Information issued by competent authorities outside their jurisdiction and measure for cooperation for exchange of material and evidence of computer crimes between law enforcement agencies.

10. Raising a cyber army-

By using the word ‘cyber army’ by no means I want to convey the idea of virtual army, rather I am laying emphasis on the need for a well equipped task force to deal with the new trends of hi tech crime. The government has taken a leap in this direction by constituting cyber crime cells in all metropolitan and other important cities. Further the establishment of the Cyber Crime Investigation Cell (CCIC) of the Central Bureau of Investigation (CBI) 11) is definitely a welcome step in this direction. There are man cases in which the C.B.I has achieved success. The present position of cases of cyber crime (17) is –

Case 1: When a woman at an MNC started receiving obscene calls, CBI found her colleague had posted her personal details on Mumbaidating.com.

Status: Probe on

Case 2: CBI arrested a man from UP, Mohammed Feroz, who placed ads offering jobs in Germany. He talked to applicants via e-mail and asked them to deposit money in his bank account in Delhi.

Status: Chargesheet not filed

Case 3: The official web-site of the Central Board of Direct Taxes was hacked last year. As Pakistan-based hackers were responsible, authorities there were informed through Interpol.

Status: Pak not cooperating.

11. Cyber savvy bench-

Cyber savvy judges are the need of the day. Judiciary plays a vital role in shaping the enactment according to the order of the day. One such stage, which needs appreciation, is the P.I.L., which the Kerela High Court has accepted through an email. The role of the judges in today’s word may be gathered by the statement- judges carve ‘law is’ to ‘law ought to be’. Mr T.K.Vishwanathan, member secretary, Law Commission , has highlighted the requirements for introducing e-courts in India. In his article published in The Hindu he has stated “if there is one area of Governance where IT can make a huge difference to Indian public is in the Judicial System”.

12. Dynamic form of cyber crime-

Speaking on the dynamic nature of cyber crime FBI Director Louis Freeh has said, "In short, even though we have markedly improved our capabilities to fight cyber intrusions the problem is growing even faster and we are falling further behind.” The (de)creativity of human mind cannot be checked by any law. Thus the only way out is the liberal construction while applying the statutory provisions to cyber crime cases.

13. Hesitation to report offences-

As stated above one of the fatal drawbacks of the Act has been the cases going unreported. One obvious reason is the non-cooperative police force. This was proved by the Delhi time theft case. "The police are a powerful force today which can play an instrumental role in preventing cybercrime. At the same time, it can also end up wielding the rod and harassing innocent s, preventing them from going about their normal cyber business."(10) This attitude of the administration is also revelled by incident that took place at Merrut and Belgam. (for the facts of these incidents refer to naavi.com). For complete realisation of the provisions of this Act a cooperative police force is require.

PREVENTION OF CYBER CRIME:

Prevention is always better than cure. It is always better to take certain precaution while operating the net. A should make them his part of cyber life. Saileshkumar Zarkar, technical advisor and network security consultant to the Mumbai Police Cyber crime Cell, advocates the 5P mantra for online security: Precaution, Prevention, Protection, Preservation and Perseverance. A netizen should keep in mind the following things-

1.to prevent cyber stalking avoid disclosing any information pertaining to oneself. This is as good as disclosing your identity to strangers in public place.

2.always avoid sending any photograph online particularly to strangers and chat friends as there have been incidents of misuse of the photographs.

3.always use latest and up date anti virus software to guard against virus attacks.

4.always keep back up volumes so that one may not suffer data loss in case of virus contamination

5.never send your credit card number to any site that is not secured, to guard against frauds.

6.always keep a watch on the sites that your children are accessing to prevent any kind of harassment or depravation in children.

7.it is better to use a security programme that gives control over the cookies and send information back to the site as leaving the cookies unguarded might prove fatal.

8.web site owners should watch traffic and check any irregularity on the site. Putting host-based intrusion detection devices on servers may do this.

9.use of firewalls may be beneficial.

10. web servers running public sites must be physically separate protected from internal corporate network.

Adjudication of a Cyber Crime - On the directions of the Bombay High Court the Central Government has by a notification dated 25.03.03 has decided that the Secretary to the Information Technology Department in each state by designation would be appointed as the AO for each state.

CONCLUSION:

Capacity of human mind is unfathomable. It is not possible to eliminate cyber crime from the cyber space. It is quite possible to check them. History is the witness that no legislation has succeeded in totally eliminating crime from the globe. The only possible step is to make people aware of their rights and duties (to report crime as a collective duty towards the society) and further making the application of the laws more stringent to check crime. Undoubtedly the Act is a historical step in the cyber world. Further I all together do not deny that there is a need to bring changes in the Information Technology Act to make it more effective to combat cyber crime. I would conclude with a word of caution for the pro-legislation school that it should be kept in mind that the provisions of the cyber law are not made so stringent that it may retard the growth of the industry and prove to be counter-productive.

REFERENCES:

1. Granville Williams

2. Proprietary Articles Trade Association v. A.G.for Canada (1932)

3. Nagpal R. – What is Cyber Crime?

4. Nagpal R- Defining Cyber Terrorism

5. Duggal Pawan – The Internet: Legal Dimensions

6. Duggal Pawan - Is this Treaty a Treat?

7. Duggal Pawan - Cybercrime

8. Kapoor G.V. - Byte by Byte

9. Kumar Vinod – Winning the Battle against Cyber Crime

10. Mehta Dewang- Role of Police In Tackling Internet Crimes

11. Postal address-

Superintendent of Police,
Cyber Crime Investigation Cell,
5th Floor, Block No.3, CGO Complex,
Lodhi Road, New Delhi – 110 003
Phone: 4362203, 4392424

e-mail- cbiccic@bol.net.in

12. Duggal Pawan

13. by the Author

14. For the sake of convenience the readers are requested to read sections 43, 65, 66,67 of the Information Technology Act.

15. Sify News 14.03.03

16. Deccan Herald 16.03.03

17. Hindustan Times 03.03.03

Computer crime, or cybercrime, refers to any crime that involves a computer and a network.^[1] The computer may have been used in the commission of a crime, or it may be the target.^[2] Netcrime refers to criminal exploitation of the Internet.^[3]. Such crimes may threaten a nation’s security and financial health^[4] Issues surrounding this type of crime have become high-profile, particularly those surrounding cracking, copyright infringement, child pornography, and child grooming. There are also problems of privacy when confidential information is lost or intercepted, lawfully or otherwise.
Internationally, both governmental and non-state actors engage in cybercrimes, including espionage, financial theft, and other cross-border crimes. Activity crossing international borders and involving the interests of at least one nationstate is sometimes referred to as cyber warfare. The international legal system is attempting to hold actors accountable for their actions through the International Criminal Court.

Topology

Computer crime encompasses a broad range of activities. Generally, however, it may be divided into two categories: (1) crimes that target computer networks or devices directly; (2) crimes facilitated by computer networks or devices, the primary target of which is independent of the computer network or device.^{[citation needed]}
Crimes that primarily target computer networks or devices include:

· Computer viruses

· Denial-of-service attacks

· Malware (malicious code)

Crimes that use computer networks or devices to advance other ends include:

· Cyberstalking

· Fraud and identity theft

· Information warfare

· Phishing scams

[edit] Spam

Spam, or the unsolicited sending of bulk email for commercial purposes, is unlawful in some jurisdictions. While anti-spam laws are relatively new, limits on unsolicited electronic communications have existed for some time.^[6]

[edit] Fraud

Main article: Computer fraud

Computer fraud is any dishonest misrepresentation of fact intended to let another to do or refrain from doing something which causes loss.^{[citation needed]} In this context, the fraud will result in obtaining a benefit by:

· Altering computer input in an unauthorized way. This requires little technical expertise and is not an uncommon form of theft by employees altering the data before entry or entering false data, or by entering unauthorized instructions or using unauthorized processes;

· Altering, destroying, suppressing, or stealing output, usually to conceal unauthorized transactions: this is difficult to detect;

· Altering or deleting stored data;

· Altering or misusing existing system tools or software packages, or altering or writing code for fraudulent purposes.

Other forms of fraud may be facilitated using computer systems, including bank fraud, identity theft, extortion, and theft of classified information.
A variety of Internet scams target consumers direct.

[edit] Obscene or offensive content

The content of websites and other electronic communications may be distasteful, obscene or offensive for a variety of reasons. In some instances these communications may be illegal.
Over 25 jurisdictions place limits on certain speech and ban racist, blasphemous, politically subversive, libelous or slanderous, seditious, or inflammatory material that tends to incite hate crimes.
The extent to which these communications are unlawful varies greatly between countries, and even within nations. It is a sensitive area in which the courts can become involved in arbitrating between groups with strong beliefs.
One area of Internet pornography that has been the target of the strongest efforts at curtailment is child pornography.

[edit] Harassment

Whereas content may be offensive in a non-specific way, harassment directs obscenities and derogatory comments at specific individuals focusing for example on gender, race, religion, nationality, sexual orientation. This often occurs in chat rooms, through newsgroups, and by sending hate e-mail to interested parties (see cyber bullying, cyber stalking, harassment by computer, hate crime, Online predator, and stalking). Any comment that may be found derogatory or offensive is considered harassment.

[edit] Drug trafficking

Drug traffickers are increasingly taking advantage of the Internet to sell their illegal substances through encrypted e-mail and other Internet Technology.^[^{citation needed}^] Some drug traffickers arrange deals at internet cafes, use courier Web sites to track illegal packages of pills, and swap recipes for amphetamines in restricted-access chat rooms.
The rise in Internet drug trades could also be attributed to the lack of face-to-face communication. These virtual exchanges allow more intimidated individuals to more comfortably purchase illegal drugs. The sketchy effects that are often associated with drug trades are severely minimized and the filtering process that comes with physical interaction fades away.

[edit] Cyber terrorism

Government officials and Information Technology security specialists have documented a significant increase in Internet problems and server scans since early 2001. But there is a growing concern among federal officials^[^who?^] that such intrusions are part of an organized effort by cyberterrorists, foreign intelligence services, or other groups to map potential security holes in critical systems. A cyberterrorist is someone who intimidates or coerces a government or organization to advance his or her political or social objectives by launching computer-based attack against computers, network, and the information stored on them.
Cyber terrorism in general, can be defined as an act of terrorism committed through the use of cyberspace or computer resources (Parker 1983). As such, a simple propaganda in the Internet, that there will be bomb attacks during the holidays can be considered cyberterrorism. As well there are also hacking activities directed towards individuals, families, organized by groups within networks, tending to cause fear among people, demonstrate power, collecting information relevant for ruining peoples' lives, robberies, blackmailing etc.
Cyberextortion is a form of cyberterrorism in which a website, e-mail server, or computer system is subjected to repeated denial of service or other attacks by malicious hackers, who demand money in return for promising to stop the attacks. According to the Federal Bureau of Investigation, cyberextortionists are increasingly attacking corporate websites and networks, crippling their ability to operate and demanding payments to restore their service. More than 20 cases are reported each month to the FBI and many go unreported in order to keep the victim's name out of the domain. Perpetrators typically use a distributed denial-of-service attack.^[7]

[edit] Cyber warfare

Main article: Cyber warfare

The U.S. Department of Defense (DoD) notes that cyberspace has emerged as a national-level concern through several recent events of geo-strategic significance. Among those are included the attack on Estonia's infrastructure in 2007, allegedly by Russian hackers. "In August 2008, Russia again allegedly conducted cyber attacks, this time in a coordinated and synchronized kinetic and non-kinetic campaign against the country of Georgia. Fearing that such attacks may become the norm in future warfare among nation-states, the concept of cyberspace operations impacts and will be adapted by warfighting military commanders in the future.^[8]

[edit] Documented cases

One of the highest profiled banking computer crime occurred during a course of three years beginning in 1970. The chief teller at the Park Avenue branch of New York's Union Dime Savings Bank embezzled over $1.5 million from hundreds of accounts.^[9]
A hacking group called the MOD (Masters of Deception), allegedly stole passwords and technical data from Pacific Bell, Nynex, and other telephone companies as well as several big credit agencies and two major universities. The damage caused was extensive, one company, Southwestern Bell suffered losses of $370,000 alone.^[9]
In 1983, a nineteen year old UCLA student used his PC to break into a Defense Department international communications system.^[9]
Between 1995 and 1998 the Newscorp satellite pay to view encrypted SKY-TV service was hacked several times during an on-going technological arms race between a pan-European hacking group and Newscorp. The original motivation of the hackers was to watch Star Trek re-runs in Germany; which was something which Newscorp did not have the copyright to allow.^[10]
On 26 March 1999, the Melissa worm infected a document on a victim's computer, then automatically sent that document and copy of the virus via e-mail to other people.
In February 2000 a individual going by the alias of MafiaBoy began a series denial-of-service attacks against high profile websites, including Yahoo!, Amazon.com, Dell, Inc., E*TRADE, eBay, and CNN. About fifty computers at Stanford University, and also computers at the University of California at Santa Barbara, were amongst the zombie computers sending pings in DDoS attacks. On 3 August 2000, Canadian federal prosecutors charged MafiaBoy with 54 counts of illegal access to computers, plus a total of ten counts of mischief to data for his attacks.
The Russian Business Network (RBN) was registered as an internet site in 2006. Initially, much of its activity was legitimate. But apparently the founders soon discovered that it was more profitable to host illegitimate activities and started hiring its services to criminals. The RBN has been described by VeriSign as "the baddest of the bad".^[11] It offers web hosting services and internet access to all kinds of criminal and objectionable activities, with an individual activities earning up to $150 million in one year. It specialized in and in some cases monopolized personal identity theft for resale. It is the originator of MPack and an alleged operator of the Storm botnet.
On 2 March 2010, Spanish investigators busted 3^[^{clarification needed}^] in infection of over 13 million computers around the world. The "botnet" of infected computers included PCs inside more than half of the Fortune 1000 companies and more than 40 major banks, according to investigators.

[edit] Combatting Computer Crime

A computer can be a source of evidence. Even when a computer is not directly used for criminal purposes, may contain records of value to criminal investigators.

How Cyber Criminals Works

Cyber crime has become a profession and the demographic of your typical cyber criminal is changing rapidly, from bedroom-bound geek to the type of organized gangster more traditionally associated with drug-trafficking, extortion and money laundering.

It has become possible for people with comparatively low technical skills to steal thousands of pounds a day without leaving their homes. In fact, to make more money than can be made selling heroin (and with far less risk), the only time the criminal need leave his PC is to collect his cash. Sometimes they don't even need to do that.

In all industries, efficient business models depend upon horizontal separation of production processes, professional services, sales channels etc. (each requiring specialized skills and resources), as well as a good deal of trade at prices set by the market forces of supply and demand. Cyber crime is no different: it boasts a buoyant international market for skills, tools and finished product. It even has its own currency.

The rise of cyber crime is inextricably linked to the ubiquity of credit card transactions and online bank accounts. Get hold of this financial data and not only can you steal silently, but also – through a process of virus-driven automation – with ruthlessly efficient and hypothetically infinite frequency.

The question of how to obtain credit card/bank account data can be answered by a selection of methods each involving their own relative combinations of risk, expense and skill.

The most straightforward is to buy the ‘finished product’. In this case we’ll use the example of an online bank account. The product takes the form of information necessary to gain authorized control over a bank account with a six-figure balance. The cost to obtain this information is $400 (cyber criminals always deal in dollars). It seems like a small figure, but for the work involved and the risk incurred it’s very easy money for the criminal who can provide it. Also remember that this is an international trade; many cyber-criminals of this ilk are from poor countries in Eastern Europe, South America or South-East Asia.

The probable marketplace for this transaction will be a hidden IRC (Internet Relay Chat) chatroom. The $400 fee will most likely be exchanged in some form of virtual currency such as e-gold.

Not all cyber-criminals operate at the coalface, and certainly don’t work exclusively of one another; different protagonists in the crime community perform a range of important, specialized functions. These broadly encompass:

Coders – comparative veterans of the hacking community. With a few years' experience at the art and a list of established contacts, ‘coders’ produce ready-to-use tools (i.e. Trojans, mailers, custom bots) or services (such as making a binary code undetectable to AV engines) to the cyber crime labour force – the ‘kids’. Coders can make a few hundred dollars for every criminal activity they engage in.

Kids – so-called because of their tender age: most are under 18. They buy, trade and resell the elementary building blocks of effective cyber-scams such as spam lists, php mailers, proxies, credit card numbers, hacked hosts, scam pages etc. ‘Kids’ will make less than $100 a month, largely because of the frequency of being ‘ripped off’ by one another.

Drops – the individuals who convert the ‘virtual money’ obtained in cyber crime into real cash. Usually located in countries with lax e-crime laws (Bolivia, Indonesia and Malaysia are currently very popular), they represent ‘safe’ addresses for goods purchased with stolen financial details to be sent, or else ‘safe’ legitimate bank accounts for money to be transferred into illegally, and paid out of legitimately.

Mobs – professionally operating criminal organizations combining or utilizing all of the functions covered by the above. Organized crime makes particularly good use of safe ‘drops’, as well as recruiting accomplished ‘coders’ onto their payrolls.

Gaining control of a bank account is increasingly accomplished through phishing. There are other cyber crime techniques, but space does not allow their full explanation.

All of the following phishing tools can be acquired very cheaply: a scam letter and scam page in your chosen language, a fresh spam list, a selection of php mailers to spam-out 100,000 mails for six hours, a hacked website for hosting the scam page for a few days, and finally a stolen but valid credit card with which to register a domain name. With all this taken care of, the total costs for sending out 100,000 phishing emails can be as little as $60. This kind of ‘phishing trip’ will uncover at least 20 bank accounts of varying cash balances, giving a ‘market value’ of $200 – $2,000 in e-gold if the details were simply sold to another cybercriminal. The worst-case scenario is a 300% return on the investment, but it could be ten times that.

Better returns can be accomplished by using ‘drops’ to cash the money. The risks are high, though: drops may take as much as 50% of the value of the account as commission, and instances of ‘ripping off’ or ‘grassing up’ to the police are not uncommon. Cautious phishers often separate themselves from the physical cashing of their spoils via a series of ‘drops’ that do not know one another. However, even taking into account the 50% commission, and a 50% ‘rip-off’ rate, if we assume a single stolen balance of $10,000 – $100,000, then the phisher is still looking at a return of between 40 and 400 times the meagre outlay of his/her phishing trip.

In large operations, offshore accounts are invariably used to accumulate the criminal spoils. This is more complicated and far more expensive, but ultimately safer.

The alarming efficiency of cybercrime can be illustrated starkly by comparing it to the illegal narcotics business. One is faster, less detectable, more profitable (generating a return around 400 times higher than the outlay) and primarily non-violent. The other takes months or years to set-up or realise an investment, is cracked down upon by all almost all governments internationally, fraught with expensive overheads, and extremely dangerous.

Add phishing to the other cyber-criminal activities driven by hacking and virus technologies – such as carding, adware/spyware planting, online extortion, industrial spying and mobile phone dialers – and you’ll find a healthy community of cottage industries and international organizations working together productively and trading for impressive profits. Of course these people are threatening businesses and individuals with devastating loss, financial hardship and troubling uncertainty – and must be stopped.

On top of viruses, worms, bots and Trojan attacks, organizations in particular are contending with social engineering deception and traffic masquerading as legitimate applications on the network. In a reactive approach to this onslaught, companies have been layering their networks with stand alone firewalls, intrusion prevention devices, anti-virus and anti-spyware solutions in a desperate attempt to plug holes in the armoury. They're beginning to recognize it's a failed strategy. After all, billions of pounds are being spent on security technology, and yet security breaches continue to rise.

To fight cyber crime there needs to be a tightening of international digital legislation and of cross-border law enforcement co-ordination. But there also needs to be a more creative and inventive response from the organisations under threat. Piecemeal, reactive security solutions are giving way to strategically deployed multi-threat security systems. Instead of having to install, manage and maintain disparate devices, organizations can consolidate their security capabilities into a commonly managed appliance. These measures combined, in addition to greater user education are the best safeguard against the deviousness and pure innovation of cyber-criminal activities.

Cyber Law Introduction

Distributed DOS

A distributed denial of service (DoS) attack is accomplished by using the Internet to break into computers and using them to attack a network.

Hundreds or thousands of computer systems across the Internet can be turned into “zombies” and used to attack another system or website.

Types of DOS

There are three basic types of attack:

a. Consumption of scarce, limited, or non-renewable resources like NW bandwith, RAM, CPU time. Even power, cool air, or water can affect.

b. Destruction or Alteration of Configuration Information

c. Physical Destruction or Alteration of Network Components

e. Pornography:-

The literal mining of the term 'Pornography' is “describing or showing sexual acts in order to cause sexual excitement through books, films, etc.”

This would include pornographic websites; pornographic material produced using computers and use of internet to download and transmit pornographic videos, pictures, photos, writings etc.

Adult entertainment is largest industry on internet.There are more than 420 million individual pornographic webpages today.

Research shows that 50% of the web-sites containing potentially illegal contents relating to child abuse were ‘Pay-Per-View’. This indicates that abusive images of children over Internet have been highly commercialized.

Pornography delivered over mobile phones is now a burgeoning business, “driven by the increase in sophisticated services that deliver video clips and streaming video, in addition to text and images.”

Effects of Pornography

Research has shown that pornography and its messages are involved in shaping attitudes and encouraging behavior that can harm individual users and their families.

Pornography is often viewed in secret, which creates deception within marriages that can lead to divorce in some cases.

In addition, pornography promotes the allure of adultery, prostitution and unreal expectations that can result in dangerous promiscuous behavior.

Some of the common, but false messages sent by sexualized culture.

Sex with anyone, under any circumstances, any way it is desired, is beneficial and does not have negative consequences.

Women have one value - to meet the sexual demands of men.

Marriage and children are obstacles to sexual fulfillment.

Everyone is involved in promiscuous sexual activity, infidelity and premarital sex.

Pornography Addiction

Dr. Victor Cline, an expert on Sexual Addiction, found that there is a four-step progression among many who consume pornography.

1.Addiction: Pornography provides a powerful sexual stimulant or aphrodisiac effect, followed by sexual release, most often through

masturbation.

2.Escalation: Over time addicts require more explicit and deviant material to meet their sexual "needs."

3.Desensitization: What was first perceived as gross, shocking and disturbing, in time becomes common and acceptable.

4.Acting out sexually: There is an increasing tendency to act out behaviors viewed in pornography.

g. Forgery:-

Counterfeit currency notes, postage and revenue stamps, mark sheets etc can be forged using sophisticated computers, printers and scanners.

Also impersonate another person is considered forgery.

h. IPR Violations:-

These include software piracy, copyright infringement, trademarks violations, theft of computer source code, patent violations. etc.

Cyber Squatting- Domain names are also trademarks and protected by ICANN’s domain dispute resolution policy and also under trademark laws.

Cyber Squatters registers domain name identical to popular service provider’s domain so as to attract their users and get benefit from it.

i. Cyber Terrorism:-

Targeted attacks on military installations, power plants, air traffic control, banks, trail traffic control, telecommunication networks are the most likely targets. Others like police, medical, fire and rescue systems etc.

Cyberterrorism is an attractive option for modern terrorists for several reasons.

1.It is cheaper than traditional terrorist methods.

2.Cyberterrorism is more anonymous than traditional terrorist methods.

3.The variety and number of targets are enormous.

4.Cyberterrorism can be conducted remotely, a feature that isespecially appealing to terrorists.

5.Cyberterrorism has the potential to affect directly a larger number of people.

j. Banking/Credit card Related crimes:-

In the corporate world, Internet hackers are continually looking for opportunities to compromise a company’s security in order to gain access to confidential banking and financial information.

Use of stolen card information or fake credit/debit cards are common.

Bank employee can grab money using programs to deduce small amount of money from all customer accounts and adding it to own account also called as salami.

k. E-commerce/ Investment Frauds:-

Sales and Investment frauds. An offering that uses false or fraudulent claims to solicit investments or loans, or that provides for the purchase, use, or trade of forged or counterfeit securities.

Merchandise or services that were purchased or contracted by individuals online are never delivered.

The fraud attributable to the misrepresentation of a product advertised for sale through an Internet auction site or the non-delivery of products purchased through an Internet auction site.

Investors are enticed to invest in this fraudulent scheme by the promises of abnormally high profits.

l. Sale of illegal articles:-

This would include trade of narcotics, weapons and wildlife etc., by posting information on websites, auction websites, and bulletin boards or simply by using email communication.

Research shows that number of people employed in this criminal area. Daily peoples receiving so many emails with offer of banned or illegal products for sale.

m. Online gambling:-

There are millions of websites hosted on servers abroad, that offer online gambling. In fact, it is believed that many of these websites are actually fronts for money laundering.

n. Defamation: -

Defamation can be understood as the intentional infringement of another person's right to his good name.

Cyber Defamation occurs when defamation takes place with the help of computers and / or the Internet. E.g. someone publishes defamatory matter about someone on a website or sends e-mails containing defamatory information to all of that person's friends. Information posted to a bulletin board can be accessed by anyone. This means that anyone can place

Cyber defamation is also called as Cyber smearing.

Cyber Stacking:-

Cyber stalking involves following a persons movements across the Internet by posting messages (sometimes threatening) on the bulletin boards frequented by the victim, entering the chat-rooms frequented by the victim, constantly bombarding the victim with emails etc.

In general, the harasser intends to cause emotional distress and has no legitimate purpose to his communications.

p. Pedophiles:-

Also there are persons who intentionally prey upon children. Specially with a teen they will let the teen know that fully understand the feelings towards adult and in particular teen parents.

They earns teens trust and gradually seduce them into sexual or indecent acts.

Pedophiles lure the children by distributing pornographic material, then they try to meet them for sex or to take their nude photographs including their engagement in sexual positions.

q. Identity Theft :-

Identity theft is the fastest growing crime in countries like America.

Identity theft occurs when someone appropriates another's personal information without their knowledge to commit theft or fraud.

Identity theft is a vehicle for perpetrating other types of fraud schemes.

r. Data diddling:-

Data diddling involves changing data prior or during input into a computer.

In other words, information is changed from the way it should be entered by a person typing in the data, a virus that changes data, the programmer of the database or application, or anyone else involved in the process of having information stored in a computer file.

It also include automatic changing the financial information for some time before processing and then restoring original information.

s. Theft of Internet Hours:-

Unauthorized use of Internet hours paid for by another person.

By gaining access to an organisation's telephone switchboard (PBX) individuals or criminal organizations can obtain access to dial-in/dial-out circuits and then make their own calls or sell call time to third parties.

Additional forms of service theft include capturing 'calling card' details and on-selling calls charged to the calling card account, and counterfeiting or illicit reprogramming of stored value telephone cards.

t. Theft of computer system (Hardware):-

This type of offence involves the theft of a computer, some part(s) of a computer or a peripheral attached to the computer.

u. Physically damaging a computer system:-

Physically damaging a computer or its peripheralseither by shock, fire or excess electric supply etc.

v. Breach of Privacy and Confidentiality

Privacy

Privacy refers to the right of an individual/s to determine when, how and to what extent his or her personal data will be shared with others.

Breach of privacy means unauthorized use or distribution or disclosure of personal information like medical records, sexual preferences, financial status etc.

Confidentiality

It means non disclosure of information to unauthorized or unwanted persons.

In addition to Personal information some other type of information which useful for business and leakage of such information to other persons may cause damage to business or person, such information should be protected.

Generally for protecting secrecy of such information, parties while sharing information forms an agreement about he procedure of handling of information and to not to disclose such information to third parties or use it in such a way that it will be disclosed to third parties.

Many times party or their employees leak such valuable information for monitory gains and causes breach of contract of confidentiality.

Special techniques such as Social Engineering are commonly used to obtain confidential information.

Internet Crime

Internet crime is crime committed on the Internet, using the Internet and by means of the Internet.
Computer crime is a general term that embraces such crimes as phishing, credit card frauds, bank robbery, illegal downloading, industrial espionage, child pornography, kidnapping children via chat rooms, scams, cyberterrorism, creation and/or distribution of viruses, Spam and so on. All such crimes are computer related and facilitated crimes.
With the evolution of the Internet, along came another revolution of crime where the perpetrators commit acts of crime and wrongdoing on the World Wide Web. Internet crime takes many faces and is committed in diverse fashions. The number of users and their diversity in their makeup has exposed the Internet to everyone. Some criminals in the Internet have grown up understanding this superhighway of information, unlike the older generation of users. This is why Internet crime has now become a growing problem in the United States. Some crimes committed on the Internet have been exposed to the world and some remain a mystery up until they are perpetrated against someone or some company.
The different types of Internet crime vary in their design and how easily they are able to be committed. Internet crimes can be separated into two different categories. There are crimes that are only committed while being on the Internet and are created exclusively because of the World Wide Web. The typical crimes in criminal history are now being brought to a whole different level of innovation and ingenuity. Such new crimes devoted to the Internet are email “phishing”, hijacking domain names, virus immistion, and cyber vandalism. A couple of these crimes are activities that have been exposed and introduced into the world. People have been trying to solve virus problems by installing virus protection software and other software that can protect their computers. Other crimes such as email “phishing” are not as known to the public until an individual receives one of these fraudulent emails. These emails are cover faced by the illusion that the email is from your bank or another bank. When a person reads the email he/she is informed of a problem with he/she personal account or another individual wants to send the person some of their money and deposit it directly into their account. The email asks for your personal account information and when a person gives this information away, they are financing the work of a criminal

Statistics

The statistics that have been obtained and reported about demonstrate the seriousness Internet crimes in the world. Just the "phishing" emails mentioned in a previous paragraph produce one billion dollars for their perpetrators (Dalton 1). In a FBI survey in early 2004, 90 percent of the 500 companies surveyed reported a security breach and 80 percent of those suffered a financial loss (Fisher 22). A national statistic in 2003 stated that four billion dollars in credit card fraud are lost each year. Only two percent of credit card transactions take place over the Internet but fifty percent of the four billion, mentioned before, are from the transaction online (Burden and Palmer 5). All these finding are just an illustration of the misuse of the Internet and a reason why Internet crime has to be slowed down.

Stopping the problem

The question about how to police these crimes has already been constructed, but this task is turning out to be an uphill battle. Since the first computer crime law, the Counterfeit Access Device and Computer Fraud and Abuse Act of 1984, the government has been trying to track down and stop online criminals. The FBI has tried many programs and investigations in order to deter Internet crime, like creating an online crime registry for employers (Metchik 29). The reality is that Internet criminals are rarely caught. One reason is that hackers will use one computer in one country to hack another computer in another country. Another eluding technique used is the changing of the emails, which are involved in virus attacks and “phishing” emails so that a pattern cannot be recognized. An individual can do their best to protect themselves simply by being cautious and careful. Internet users need to watch suspicious emails, use unique passwords, and run anti-virus and anti-spyware software. Do not open any email or run programs from unknown sources.

About Cyber Law

The cyber law, in any country of the World, cannot be effective unless the concerned legal system has the following three pre requisites:
(1) A sound Cyber Law regime,
(2) A sound enforcement machinery, and
(3) A sound judicial system.

Let us analyse the Indian Cyber law on the above parameters.

(1) Sound Cyber Law regime: The Cyber law in India can be found in the form of IT Act, 2000.[1] Now the IT Act, as originally enacted, was suffering from various loopholes and lacunas. These “grey areas” were excusable since India introduced the law recently and every law needs some time to mature and grow. It was understood that over a period of time it will grow and further amendments will be introduced to make it compatible with the International standards. It is important to realise that we need “qualitative law” and not “quantitative laws”. In other words, one single Act can fulfil the need of the hour provided we give it a “dedicated and futuristic treatment”. The dedicated law essentially requires a consideration of “public interest” as against interest of few influential segments. Further, the futuristic aspect requires an additional exercise and pain of deciding the trend that may be faced in future. This exercise is not needed while legislating for traditional laws but the nature of cyber space is such that we have to take additional precautions. Since the Internet is boundary less, any person sitting in an alien territory can do havoc with the computer system of India. For instance, the Information Technology is much more advanced in other countries. If India does not shed its traditional core that it will be vulnerable to numerous cyber threats in the future. The need of the hour is not only to consider the “contemporary standards” of the countries having developed Information Technology standards but to “anticipate” future threats as well in advance. Thus, a “futuristic aspect’ of the current law has to be considered.Now the big question is whether India is following this approach? Unfortunately, the answer is in NEGATIVE. Firstly, the IT Act was deficient in certain aspects, though that was bound to happen. However, instead of bringing the suitable amendments, the Proposed IT Act, 2000 amendments have further “diluted” the criminal provisions of the Act. The “national interest” was ignored for the sake of “commercial expediencies”. The proposed amendments have made the IT Act a “tiger without teeth” and a “remedy worst than malady”.

(2) A sound enforcement machinery: A law might have been properly enacted and may be theoretically effective too but it is useless unless enforced in its true letter and spirit. The law enforcement machinery in India is not well equipped to deal with cyber law offences and contraventions. They must be trained appropriately and should be provided with suitable technological support.

(3) A sound judicial system: A sound judicial system is the backbone for preserving the law and order in a society. It is commonly misunderstood that it is the “sole” responsibility of the “Bench” alone to maintain law and order. That is a misleading notion and the “Bar” is equally responsible for maintaining it. This essentially means a rigorous training of the members of both the Bar and the Bench. The fact is that the cyber law is in its infancy stage in India hence not much Judges and Lawyers are aware of it. Thus, a sound cyber law training of the Judges and Lawyers is the need of the hour.In short, the dream for an “Ideal Cyber Law in India” requires a “considerable” amount of time, money and resources. In the present state of things, it may take five more years to appreciate its application. The good news is that Government has sanctioned a considerable amount as a grant to bring e-governance within the judicial functioning. The need of the hour is to appreciate the difference between mere “computerisation” and “cyber law literacy”.[2] The judges and lawyers must be trained in the contemporary legal issues like cyber law so that their enforcement in India is effective. With all the challenges that India is facing in education and training, e-learning has a lot of answers and needs to be addressed seriously by the countries planners and private industry alike. E-learning can provide education to a large population not having access to it.[3]

II. Critical evaluation of the proposed IT Act, 2000 amendments

The proposed IT Act, 2000 amendments are neither desirable nor conducive for the growth of ICT in India. They are suffering from numerous drawbacks and grey areas and they must not be transformed into the law of the land.[4] These amendments must be seen in the light of contemporary standards and requirements.[5] Some of the more pressing and genuine requirements in this regard are:

(a) There are no security concerns for e-governance in India[6]
(b) The concept of due diligence for companies and its officers is not clear to the concerned segments[7]
(c) The use of ICT for justice administration must be enhanced and improved[8]
(d) The offence of cyber extortions must be added to the IT Act, 2000 along with Cyber Terrorism and other contemporary cyber crimes[9]
(e) The increasing nuisance of e-mail hijacking and hacking must also be addressed[10]
(f) The use of ICT for day to day procedural matters must be considered[11]
(g) The legal risks of e-commerce in India must be kept in mind[12]
(h) The concepts of private defence and aggressive defence are missing from the IT Act, 2000[13]
(i) Internet banking and its legal challenges in India must be considered[14]
(j) Adequate and reasonable provisions must me made in the IT Act, 2000 regarding “Internet censorship”[15]
(k) The use of private defence for cyber terrorism must be introduced in the IT Act, 2000[16]
(l) The legality of sting operations (like Channel 4) must be adjudged[17]
(m) The deficiencies of Indian ICT strategies must be removed as soon as possible[18]
(n) A sound BPO platform must be established in India, etc[19].

The concerns are too many to be discussed in this short article. The Government must seriously take the “genuine concerns” and should avoid the cosmetic changes that may shake the base of already weak cyber law in India.

III. Conclusion

The Government has mistakenly relied too much upon “self governance” by private sectors and in that zeal kept aside the “welfare State role”. The concept of self governance may be appropriate for matters having civil consequences but a catastrophic blunder for matter pertaining to crimes, offences, contraventions and cyber crimes. Further, the Government must also draw a line between “privatisation’ and “abdication of duties” as imposed by the Supreme Constitution of India. The concepts of “Public-Private Partnerships’ must be reformulated keeping in mind the welfare State role of India.[20] The “collective expertise” must be used rather than choosing a segment that is not representing the “silent majority”.[21] It would be appropriate if the Government puts the approved draft by the Cabinet before the public for their inputs before finally placing them before the Parliament

About Cyber Law

II. Critical evaluation of the proposed IT Act, 2000 amendments

III. Conclusion

Sides of INDIAN Cyber Law or IT Act of INDIA

Cyber laws are meant to set the definite pattern, some rules and guidelines that defined certain business activities going on through internet legal and certain illegal and hence punishable . The IT Act 2000, the cyber law of India , gives the legal framework so that information is not denied legal effect, validity or enforceability, solely on the ground that it is in the form of electronic records.

One cannot regard government as complete failure in shielding numerous e-commerce activities on the firm basis of which this industry has got to its skies, but then the law cannot be regarded as free from ambiguities.

MMS porn case in which the CEO of bazee.com(an Ebay Company) was arrested for allegedly selling the MMS clips involving school children on its website is the most apt example in this reference. Other cases where the law becomes hazy in its stand includes the case where the newspaper Mid-Daily published the pictures of the Indian actor kissing her boyfriend at the Bombay nightspot and the arrest of Krishan Kumar for illegally using the internet account of Col. (Retd.) J.S. Bajwa.

The IT Act 2000 attempts to change outdated laws and provides ways to deal with cyber crimes. Let’s have an overview of the law where it takes a firm stand and has got successful in the reason for which it was framed.

1. The E-commerce industry carries out its business via transactions and communications done through electronic records . It thus becomes essential that such transactions be made legal . Keeping this point in the consideration, the IT Act 2000 empowers the government departments to accept filing, creating and retention of official documents in the digital format. The Act also puts forward the proposal for setting up the legal framework essential for the authentication and origin of electronic records / communications through digital signature.

2. The Act legalizes the e-mail and gives it the status of being valid form of carrying out communication in India . This implies that e-mails can be duly produced and approved in a court of law , thus can be a regarded as substantial document to carry out legal proceedings.

3. The act also talks about digital signatures and digital records . These have been also awarded the status of being legal and valid means that can form strong basis for launching litigation in a court of law. It invites the corporate companies in the business of being Certifying Authorities for issuing secure Digital Signatures Certificates.

4. The Act now allows Government to issue notification on the web thus heralding e-governance.

5. It eases the task of companies of the filing any form, application or document by laying down the guidelines to be submitted at any appropriate office, authority, body or agency owned or controlled by the government. This will help in saving costs, time and manpower for the corporates.

6. The act also provides statutory remedy to the coporates in case the crime against the accused for breaking into their computer systems or network and damaging and copying the data is proven. The remedy provided by the Act is in the form of monetary damages, not exceeding Rs. 1 crore($200,000).

7. Also the law sets up the Territorial Jurisdiction of the Adjudicating Officers for cyber crimes and the Cyber Regulations Appellate Tribunal.

8. The law has also laid guidelines for providing Internet Services on a license on a non-exclusive basis.

The IT Law 2000, though appears to be self sufficient, it takes mixed stand when it comes to many practical situations. It looses its certainty at many places like:

1. The law misses out completely the issue of Intellectual Property Rights, and makes no provisions whatsoever for copyrighting, trade marking or patenting of electronic information and data. The law even doesn’t talk of the rights and liabilities of domain name holders , the first step of entering into the e-commerce.
2. The law even stays silent over the regulation of electronic payments gateway and segregates the negotiable instruments from the applicability of the IT Act , which may have major effect on the growth of e-commerce in India . It leads to make the banking and financial sectors irresolute in their stands .
3. The act empowers the Deputy Superintendent of Police to look up into the investigations and filling of charge sheet when any case related to cyber law is called. This approach is likely to result in misuse in the context of Corporate India as companies have public offices which would come within the ambit of "public place" under the Act. As a result, companies will not be able to escape potential harassment at the hands of the DSP.
4. Internet is a borderless medium ; it spreads to every corner of the world where life is possible and hence is the cyber criminal. Then how come is it possible to feel relaxed and secured once this law is enforced in the nation??

The Act initially was supposed to apply to crimes committed all over the world, but nobody knows how can this be achieved in practice , how to enforce it all over the world at the same time???

* The IT Act is silent on filming anyone’s personal actions in public and then distributing it electronically. It holds ISPs (Internet Service Providers) responsible for third party data and information, unless contravention is committed without their knowledge or unless the ISP has undertaken due diligence to prevent the contravention .
* For example, many Delhi based newspapers advertise the massage parlors; and in few cases even show the ‘therapeutic masseurs’ hidden behind the mask, who actually are prostitutes. Delhi Police has been successful in busting out a few such rackets but then it is not sure of the action it can take…should it arrest the owners and editors of newspapers or wait for some new clauses in the Act to be added up?? Even the much hyped case of the arrest of Bajaj, the CEO of Bazee.com, was a consequence of this particular ambiguity of the law. One cannot expect an ISP to monitor what information their subscribers are sending out, all 24 hours a day.

Cyber law is a generic term, which denotes all aspects, issues and the legal consequences on the Internet, the World Wide Web and cyber space. India is the 12th nation in the world that has cyber legislation apart from countries like the US, Singapore, France, Malaysia and Japan .

But can the cyber laws of the country be regarded as sufficient and secure enough to provide a strong platform to the country’s e-commerce industry for which they were meant?? India has failed to keep in pace with the world in this respect, and the consequence is not far enough from our sight; most of the big customers of India ’s outsourcing company have started to re-think of carrying out their business in India .Bajaj’s case has given the strongest blow in this respect and have broken India ’s share in outsourcing market as a leader.

If India doesn’t want to loose its position and wishes to stay as the world’s leader forever in outsourcing market, it needs to take fast but intelligent steps to cover the glaring loopholes of the Act, or else the day is not far when the scenario of India ruling the world’s outsourcing market will stay alive in the dreams only as it will be overtaken by its competitors.

Sides of INDIAN Cyber Law or IT Act of INDIA

4. The Act now allows Government to issue notification on the web thus heralding e-governance.

7. Also the law sets up the Territorial Jurisdiction of the Adjudicating Officers for cyber crimes and the Cyber Regulations Appellate Tribunal.

8. The law has also laid guidelines for providing Internet Services on a license on a non-exclusive basis.

The IT Law 2000, though appears to be self sufficient, it takes mixed stand when it comes to many practical situations. It looses its certainty at many places like:

The Act initially was supposed to apply to crimes committed all over the world, but nobody knows how can this be achieved in practice , how to enforce it all over the world at the same time???

Advantages of Cyber Laws

The IT Act 2000 attempts to change outdated laws and provides ways to deal with cyber crimes. We need such laws so that people can perform purchase transactions over the Net through credit cards without fear of misuse. The Act offers the much-needed legal framework so that information is not denied legal effect, validity or enforceability, solely on the ground that it is in the form of electronic records.

In view of the growth in transactions and communications carried out through electronic records, the Act seeks to empower government departments to accept filing, creating and retention of official documents in the digital format. The Act has also proposed a legal framework for the authentication and origin of electronic records / communications through digital signature.

* From the perspective of e-commerce in India, the IT Act 2000 and its provisions contain many positive aspects. Firstly, the implications of these provisions for the e-businesses would be that email would now be a valid and legal form of communication in our country that can be duly produced and approved in a court of law.
* Companies shall now be able to carry out electronic commerce using the legal infrastructure provided by the Act.
* Digital signatures have been given legal validity and sanction in the Act.
* The Act throws open the doors for the entry of corporate companies in the business of being Certifying Authorities for issuing Digital Signatures Certificates.
* The Act now allows Government to issue notification on the web thus heralding e-governance.
* The Act enables the companies to file any form, application or any other document with any office, authority, body or agency owned or controlled by the appropriate Government in electronic form by means of such electronic form as may be prescribed by the appropriate Government.
* The IT Act also addresses the important issues of security, which are so critical to the success of electronic transactions. The Act has given a legal definition to the concept of secure digital signatures that would be required to have been passed through a system of a security procedure, as stipulated by the Government at a later date.
* Under the IT Act, 2000, it shall now be possible for corporates to have a statutory remedy in case if anyone breaks into their computer systems or network and causes damages or copies data. The remedy provided by the Act is in the form of monetary damages, not exceeding Rs. 1 crore.

Projects

Pages

VIBRATION ANALYSIS OF CYLINDRICAL THIN SHELL

Wednesday 10 August 2011