Parents, teachers, non-profits, government, and industry have been working hard to protect kids online.

However, we also need to think about protecting the Internet from kids who might abuse it . The Department of Justice categorizes computer crime in three ways: The computer as a target - attacking the computers of others (spreading viruses is an example). The computer as a weapon - using a computer to commit "traditional crime" that w e see in the physical world (such as fraud or illegal gambling). The computer as an accessory - using a computer as a "fancy filing cabinet" to s tore illegal or stolen information. Reports of alleged computer crime have been a hot news item of late. Especially alarming is the realization that many of the masterminds behind these criminal a cts are mere kids. In fact, children no longer need to be highly skilled in order to execute cyber crimes. "Hacker tools" are easily available on the Net and, once downloaded, ca n be used by even novice computer users. This greatly expands the population of possible wrongdoers. Children (and in som e cases - their parents) often think that shutting down or defacing Web sites or releasing network viruses are amusing pranks. Kids might not even realize that what they are doing is illegal. Still other kids might find themselves hanging out online with skilled hackers w ho share hacking tools with them and encourage them to do inappropriate things o nline. Unfortunately, some of these kids don't realize that they are committing crimes until it is too late. Even more distressing and difficult to combat is the fact that some in the medi a portray the computer criminal as a modern day Robin Hood. Nothing could be further from the truth. So what are cyber crimes? Can the law enforcement authorities find criminals onl ine? How can you create context for your children to understand what cyber crime s are? The following information (and areas throughout the site) will help famil iarize you with unethical and illegal online behavior. Additionally, to learn more about cyber crime, visit the Department of Justice Computer Crime & Intellectual Property Section's website at www.cybercrime.gov. The Computer Emergency Response Team (CERT) at www.cert.org and the National Inf rastructure Protection Center at the FBI at www.infragard.net provides regularly updated information and descriptions of cyber crimes. Mumbai Cyber Crime Investigation Cell (Crime Branch, C.I.D), Annex-III Building, Police Commissioner Office, Crowford Market, Mumbai 22641261 officer@cybercellmumbai.com http://www.cybercellmumbai.com/ Internet crime Internet crime is crime committed on the Internet, using the Internet and by mea ns of the Internet. Computer crime is a general term that embraces such crimes as phishing, credit c ard frauds, bank robbery, illegal downloading, industrial espionage, child porno graphy, kidnapping children via chat rooms, scams, cyberterrorism, creation and/ or distribution of viruses, Spam and so on. All such crimes are computer related and facilitated crimes. With the evolution of the Internet, along came another revolution of crime where

the perpetrators commit acts of crime and wrongdoing on the World Wide Web. Int ernet crime takes many faces and is committed in diverse fashions. The number of users and their diversity in their makeup has exposed the Internet to everyone. Some criminals in the Internet have grown up understanding this superhighway of information, unlike the older generation of users. This is why Internet crime h as now become a growing problem in the United States. Some crimes committed on t he Internet have been exposed to the world and some remain a mystery up until th ey are perpetrated against someone or some company. The different types of Internet crime vary in their design and how easily they a re able to be committed. Internet crimes can be separated into two different cat egories. There are crimes that are only committed while being on the Internet an d are created exclusively because of the World Wide Web. The typical crimes in c riminal history are now being brought to a whole different level of innovation a nd ingenuity. Such new crimes devoted to the Internet are email phishing , hijackin g domain names, virus immistion, and cyber vandalism. A couple of these crimes a re activities that have been exposed and introduced into the world. People have been trying to solve virus problems by installing virus protection software and other software that can protect their computers. Other crimes such as email phish ing are not as known to the public until an individual receives one of these frau dulent emails. These emails are cover faced by the illusion that the email is fr om your bank or another bank. When a person reads the email he/she is informed o f a problem with he/she personal account or another individual wants to send the person some of their money and deposit it directly into their account. The emai l asks for your personal account information and when a person gives this inform ation away, they are financing the work of a criminal Statistics The statistics that have been obtained and reported about demonstrate the seriou sness Internet crimes in the world. Just the "phishing" emails mentioned in a pr evious paragraph produce one billion dollars for their perpetrators (Dalton 1). In a FBI survey in early 2004, 90 percent of the 500 companies surveyed reported a security breach and 80 percent of those suffered a financial loss (Fisher 22) . A national statistic in 2003 stated that four billion dollars in credit card f raud are lost each year. Only two percent of credit card transactions take place over the Internet but fifty percent of the four billion, mentioned before, are from the transaction online (Burden and Palmer 5). All these finding are just an illustration of the misuse of the Internet and a reason why Internet crime has to be slowed down. Stopping the problem The question about how to police these crimes has already been constructed, but this task is turning out to be an uphill battle. Since the first computer crime law, the Counterfeit Access Device and Computer Fraud and Abuse Act of 1984, the government has been trying to track down and stop online criminals. The FBI has tried many programs and investigations in order to deter Internet crime, like c reating an online crime registry for employers (Metchik 29). The reality is that Internet criminals are rarely caught. One reason is that hackers will use one c omputer in one country to hack another computer in another country. Another elud ing technique used is the changing of the emails, which are involved in virus at tacks and phishing emails so that a pattern cannot be recognized. An individual ca n do their best to protect themselves simply by being cautious and careful. Inte rnet users need to watch suspicious emails, use unique passwords, and run anti-v irus and anti-spyware software. Do not open any email or run programs from unkno wn sources. 2 Sides of INDIAN Cyber Law or IT Act of INDIA

Cyber laws are meant to set the definite pattern, some rules and guidelines that defined certain business activities going on through internet legal and certain illegal and hence punishable . The IT Act 2000, the cyber law of India , gives the legal framework so that information is not denied legal effect, validity or enforceability, solely on the ground that it is in the form of electronic record s. One cannot regard government as complete failure in shielding numerous e-commerc e activities on the firm basis of which this industry has got to its skies, but then the law cannot be regarded as free from ambiguities. MMS porn case in which the CEO of bazee.com(an Ebay Company) was arrested for al legedly selling the MMS clips involving school children on its website is the mo st apt example in this reference. Other cases where the law becomes hazy in its stand includes the case where the newspaper Mid-Daily published the pictures of the Indian actor kissing her boyfriend at the Bombay nightspot and the arrest of Krishan Kumar for illegally using the internet account of Col. (Retd.) J.S. Baj wa. The IT Act 2000 attempts to change outdated laws and provides ways to deal with cyber crimes. Let s have an overview of the law where it takes a firm stand and ha s got successful in the reason for which it was framed. 1. The E-commerce industry carries out its business via transactions and communi cations done through electronic records . It thus becomes essential that such tr ansactions be made legal . Keeping this point in the consideration, the IT Act 2 000 empowers the government departments to accept filing, creating and retention of official documents in the digital format. The Act also puts forward the prop osal for setting up the legal framework essential for the authentication and ori gin of electronic records / communications through digital signature. 2. The Act legalizes the e-mail and gives it the status of being valid form of c arrying out communication in India. This implies that e-mails can be duly produc ed and approved in a court of law , thus can be a regarded as substantial docume nt to carry out legal proceedings. 3. The act also talks about digital signatures and digital records . These have been also awarded the status of being legal and valid means that can form strong basis for launching litigation in a court of law. It invites the corporate comp anies in the business of being Certifying Authorities for issuing secure Digital Signatures Certificates. 4. The Act now allows Government to issue notification on the web thus heralding e-governance. 5. It eases the task t by laying down the rity, body or agency ving costs, time and of companies of the filing any form, application or documen guidelines to be submitted at any appropriate office, autho owned or controlled by the government. This will help in sa manpower for the corporates.

6. The act also provides statutory remedy to the coporates in case the crime aga inst the accused for breaking into their computer systems or network and damagin g and copying the data is proven. The remedy provided by the Act is in the form of monetary damages, not exceeding Rs. 1 crore($200,000). 7. Also the law sets up the Territorial Jurisdiction of the Adjudicating Officer s for cyber crimes and the Cyber Regulations Appellate Tribunal. 8. The law has also laid guidelines for providing Internet Services on a license

on a non-exclusive basis. The IT Law 2000, though appears to be self sufficient, it takes mixed stand when it comes to many practical situations. It looses its certainty at many places l ike: 1. The law misses out completely the issue of Intellectual Property Rights, and makes no provisions whatsoever for copyrighting, trade marking or patenting of e lectronic information and data. The law even doesn t talk of the rights and liabil ities of domain name holders , the first step of entering into the e-commerce. 2. The law even stays silent over the regulation of electronic payments gateway and segregates the negotiable instruments from the applicability of the IT Act , which may have major effect on the growth of e-commerce in India . It leads to make the banking and financial sectors irresolute in their stands . 3. The act empowers the Deputy Superintendent of Police to look up into the inve stigations and filling of charge sheet when any case related to cyber law is cal led. This approach is likely to result in misuse in the context of Corporate Ind ia as companies have public offices which would come within the ambit of "public place" under the Act. As a result, companies will not be able to escape potenti al harassment at the hands of the DSP. 4. Internet is a borderless medium ; it spreads to every corner of the world whe re life is possible and hence is the cyber criminal. Then how come is it possibl e to feel relaxed and secured once this law is enforced in the nation?? The Act initially was supposed to apply to crimes committed all over the world, but nobody knows how can this be achieved in practice , how to enforce it all ov er the world at the same time??? * The IT Act is silent on filming anyone s personal actions in public and then dis tributing it electronically. It holds ISPs (Internet Service Providers) responsi ble for third party data and information, unless contravention is committed with out their knowledge or unless the ISP has undertaken due diligence to prevent th e contravention . * For example, many Delhi based newspapers advertise the massage parlors; and in few cases even show the therapeutic masseurs hidden behind the mask, who actually are prostitutes. Delhi Police has been successful in busting out a few such rac kets but then it is not sure of the action it can take should it arrest the owners and editors of newspapers or wait for some new clauses in the Act to be added u p?? Even the much hyped case of the arrest of Bajaj, the CEO of Bazee.com, was a consequence of this particular ambiguity of the law. One cannot expect an ISP t o monitor what information their subscribers are sending out, all 24 hours a day . Cyber law is a generic term, which denotes all aspects, issues and the legal con sequences on the Internet, the World Wide Web and cyber space. India is the 12th nation in the world that has cyber legislation apart from countries like the US , Singapore, France, Malaysia and Japan . But can the cyber laws of the country be regarded as sufficient and secure enoug h to provide a strong platform to the country s e-commerce industry for which they were meant?? India has failed to keep in pace with the world in this respect, a nd the consequence is not far enough from our sight; most of the big customers o f India s outsourcing company have started to re-think of carrying out their busi ness in India .Bajaj s case has given the strongest blow in this respect and have broken India s share in outsourcing market as a leader. If India doesn t want to loose its position and wishes to stay as the world s leader forever in outsourcing market, it needs to take fast but intelligent steps to c over the glaring loopholes of the Act, or else the day is not far when the scena rio of India ruling the world s outsourcing market will stay alive in the dreams o

nly as it will be overtaken by its competitors.

BLACK HAT HACKERS A black hat is a person who compromises the security of a computer system withou t permission from an authorized party, typically with malicious intent. The term white hat is used for a person who is ethically opposed to the abuse of compute r systems, but is frequently no less skilled. The term cracker was coined by Ric hard Stallman to provide an alternative to using the existing word hacker for th is meaning.[1] The somewhat similar activity of defeating copy prevention device s in software which may or may not be legal in a country's laws is actually soft ware cracking. Terminology Use of the term "cracker" is mostly limited (as is "black hat") to some areas of the computer and security field and even there, it is considered controversial. Until the 1980s, all people with a high level of skills at computing were known as "hackers". A group that calls themselves hackers refers to "a group that con sists of skilled computer enthusiasts". The other, and currently more common usa ge, refers to those who attempt to gain unauthorized access to computer systems. Over time, the distinction between those perceived to use such skills with soci al responsibility and those who used them maliciously or criminally, became perc eived as an important divide. Many members of the first group attempt to convinc e people that intruders should be called crackers rather than hackers, but the c ommon usage remains ingrained. The former became known as "hackers" or (within t he computer security industry) as white hats, and the latter as "crackers" or "b lack hats". The general public tends to use the term "hackers" for both types, a source of some conflict when the word is perceived to be used incorrectly; for example Linux has been criticised as "written by hackers". In computer jargon th e meaning of "hacker" can be much broader. Usually, a black hat is a person who uses their knowledge of vulnerabilities and exploits for private gain, rather than revealing them either to the general pub lic or the manufacturer for correction. Many black hats hack networks and web pa ges solely for financial gain. Black hats may seek to expand holes in systems; a ny attempts made to patch software are generally done to prevent others from als o compromising a system they have already obtained secure control over. A black hat hacker may write their own zero-day exploits (private software that exploits security vulnerabilities; 0-day exploits have not been distributed to the publi c). In the most extreme cases, black hats may work to cause damage maliciously, and/or make threats to do so as extortion. Methods Techniques for breaking into systems can involve advanced programming skills and social engineering, but more commonly will simply be the use of semi-automatic software. Common software weaknesses exploited include buffer overflow, integer overflow, memory corruption, format string attacks, race conditions, cross-site scripting, cross-site request forgery, code injection and SQL injection bugs

GREY HAT HACKERS A Grey Hat in the computer security community, refers to a skilled hacker who so metimes acts legally, sometimes in good will, and sometimes not. They are a hybr id between white and black hat hackers. They usually do not hack for personal ga in or have malicious intentions, but may or may not occasionally commit crimes d

uring the course of their technological exploits. Disambiguation One reason a grey hat might consider himself to be grey is to disambiguate from the other two extremes: black and white. It might be a little misleading to say that grey hat hackers do not hack for personal gain. While they do not necessari ly hack for malicious purposes, grey hats do hack for a reason, a reason which m ore often than not remains undisclosed. A grey hat will not necessarily notify t he system admin of a penetrated system of their penetration. Such a hacker will prefer anonymity at almost all cost, carrying out their penetration undetected a nd then exiting said system still undetected with minimal damages. Consequently, grey hat penetrations of systems tend to be for far more passive activities suc h as testing, monitoring, or less destructive forms of data transfer and retriev al. A person who breaks into a computer system and simply puts their name there whil st doing no damage (such as in wargaming - see) can also be classified as a grey hat. WHITE HAT HACKERS A white hat hacker, also rendered as ethical hacker, is, in the realm of informa tion technology, a person who is ethically opposed to the abuse of computer syst ems. Realization that the Internet now represents human voices from around the w orld has made the defense of its integrity an important pastime for many. A whit e hat generally focuses on securing IT systems, whereas a black hat (the opposit e) would like to break into them. Terminology The term white hat hacker is also often used to describe those who attempt to br eak into systems or networks in order to help the owners of the system by making them aware of security flaws, or to perform some other altruistic activity. Man y such people are employed by computer security companies; these professionals a re sometimes called sneakers. Groups of these people are often called tiger team s. The primary difference between white and black hat hackers is that a white hat h acker claims to observe ethical principles. Like black hats, white hats are ofte n intimately familiar with the internal details of security systems, and can del ve into obscure machine code when needed to find a solution to a tricky problem. Some use the term grey hat and fewer use brown hat to describe someone's activi ties that cross between black and white. In recent years the terms white hat and black hat have been applied to the Searc h Engine Optimization (SEO) industry. Black hat SEO tactics, also called spamdex ing, attempt unfairly to redirect search results to particular target pages, whe reas white hat methods are generally approved by the search engines Cyber Law Cases in India and World MYSPACE CATCHES A MURDERER MySpace has played an important role in helping Oakland police apprehend a 19-ye ar old man accused of shooting a San Leandro High School football player Greg "D oody" Ballard, Jr. Oakland police had a street name of a suspect and were able to identify Dwayne S

tancill, 19 of Oakland from a picture they found on a gang's MySpace page. Polic e brought the suspect to their headquarters where detectives say he confessed. W hat was most troubling to investigators was the lack of motive for the killing. OFFICIAL WEBSITE OF MAHARASTRA GOVERNMENT HACKED MUMBAI, 20 September 2007 IT experts were trying yesterday to restore the offici al website of the government of Maharashtra, which was hacked in the early hours of Tuesday. Rakesh Maria, joint commissioner of police, said that the state s IT officials lod ged a formal complaint with the Cyber Crime Branch police on Tuesday. He added t hat the hackers would be tracked down. Yesterday the website, http://www.maharas htragovernment.in, remained blocked. Deputy Chief Minister and Home Minister R.R. Patil confirmed that the Maharashtr a government website had been hacked. He added that the state government would s eek the help of IT and the Cyber Crime Branch to investigate the hacking. We have taken a serious view of this hacking, and if need be the government would even go further and seek the help of private IT experts. Discussions are in pro gress between the officials of the IT Department and experts, Patil added. The state government website contains detailed information about government depa rtments, circulars, reports, and several other topics. IT experts working on res toring the website told Arab News that they fear that the hackers may have destr oyed all of the website s contents. According to sources, the hackers may be from Washington. IT experts said that t he hackers had identified themselves as Hackers Cool Al-Jazeera and claimed they w ere based in Saudi Arabia. They added that this might be a red herring to throw investigators off their trail. According to a senior official from the state government s IT department, the offi cial website has been affected by viruses on several occasions in the past, but was never hacked. The official added that the website had no firewall. Three people held guilty in on line credit card scam Customers credit card details were misused through online means for booking airtickets. These culprits were caught by the city Cyber Crime Investigation Cell i n pune. It is found that details misused were belonging to 100 people. Mr. Parvesh Chauhan, ICICI Prudential Life Insurance officer had complained on b ehalf of one of his customer. In this regard Mr. Sanjeet Mahavir Singh Lukkad, D harmendra Bhika Kale and Ahmead Sikandar Shaikh were arrested. Lukkad being empl oyeed at a private institution, Kale was his friend. Shaiklh was employed in one of the branches of State Bank of India . According to the information provided by the police, one of the customer receive d a SMS based alert for purchasing of the ticket even when the credit card was b eing held by him. Customer was alert and came to know something was fishy; he en quired and came to know about the misuse. He contacted the Bank in this regards. Police observed involvement of many Bank's in this reference. The tickets were book through online means. Police requested for the log details and got the information of the Private Institution. Investigation revealed that the details were obtained from State Bank of India . Shaikh was working in the credit card department; due to this he had access to credit card details of some customers. He gave that information to Kale. Kale in return passed this informa

tion to his friend Lukkad. Using the information obtained from Kale Lukkad booke d tickets. He used to sell these tickets to customers and get money for the same . He had given few tickets to various other institutions. Cyber Cell head DCP Sunil Pulhari and PI Mohan Mohadikar A.P.I Kate were involve d in eight days of investigation and finally caught the culprits. In this regards various Banks have been contacted; also four air-line industries were contacted. DCP Sunil Pulhari has requested customers who have fallen in to this trap to inf orm police authorities on 2612-4452 or 2612-3346 if they have any problems. How cyber crime operations work and why they make money

Hackers are no longer motivated by notoriety it's now all about the money. Guill aume Lovet, Threat Response Team Leader at security firm Fortinet, identifies th e players, their roles and the returns they enjoy on their investments. Cybercrime which is regulated by Internet Law (Cyber Law) or IT Act has become a profession and the demographic of your typical cybercriminal is changing rapid ly, from bedroom-bound geek to the type of organised gangster more traditionally associated with drug-trafficking, extortion and money laundering. It has become possible for people with comparatively low technical skills to ste al thousands of pounds a day without leaving their homes. In fact, to make more money than can be made selling heroin (and with far less risk), the only time th e criminal need leave his PC is to collect his cash. Sometimes they don't even n eed to do that. In all industries, efficient business models depend upon horizontal separation o f production processes, professional services, sales channels etc. (each requiri ng specialised skills and resources), as well as a good deal of trade at prices set by the market forces of supply and demand. Cybercrime is no different: it bo asts a buoyant international market for skills, tools and finished product. It e ven has its own currency. The rise of cybercrime is inextricably linked to the ubiquity of credit card tra nsactions and online bank accounts. Get hold of this financial data and not only can you steal silently, but also through a process of virus-driven automation w ith ruthlessly efficient and hypothetically infinite frequency. The question of how to obtain credit card/bank account data can be answered by a selection of methods each involving their own relative combinations of risk, ex pense and skill. The most straightforward is to buy the finished product . In this case we ll use the example of an online bank account. The product takes the form of information nec essary to gain authorised control over a bank account with a six-figure balance. The cost to obtain this information is $400 (cybercriminals always deal in doll ars). It seems like a small figure, but for the work involved and the risk incur red it s very easy money for the criminal who can provide it. Also remember that t his is an international trade; many cyber-criminals of this ilk are from poor co untries in Eastern Europe, South America or South-East Asia. The probable marketplace for this transaction will be a hidden IRC (Internet Rel ay Chat) chatroom. The $400 fee will most likely be exchanged in some form of vi rtual currency such as e-gold. Not all cyber-criminals operate at the coalface, and certainly don t work exclusiv ely of one another; different protagonists in the crime community perform a rang e of important, specialised functions. These broadly encompass: Coders comparative veterans of the hacking community. With a few years' experien ce at the art and a list of established contacts, coders produce ready-to-use tool s (i.e. Trojans, mailers, custom bots) or services (such as making a binary code undetectable to AV engines) to the cybercrime labour force the kids . Coders can m ake a few hundred dollars for every criminal activity they engage in. Kids so-called because of their tender age: most are under 18. They buy, trade a nd resell the elementary building blocks of effective cyber-scams such as spam l

ists, php mailers, proxies, credit card numbers, hacked hosts, scam pages etc. Ki ds will make less than $100 a month, largely because of the frequency of being rip ped off by one another. Drops the individuals who convert the virtual money obtained in cybercrime into re al cash. Usually located in countries with lax e-crime laws (Bolivia, Indonesia and Malaysia are currently very popular), they represent safe addresses for goods purchased with stolen financial details to be sent, or else safe legitimate bank a ccounts for money to be transferred into illegally, and paid out of legitimately . Mobs professionally operating criminal organisations combining or utilising all of the functions covered by the above. Organised crime makes particularly good u se of safe drops , as well as recruiting accomplished coders onto their payrolls. Gaining control of a bank account is increasingly accomplished through phishing. There are other cybercrime techniques, but space does not allow their full expl anation. All of the following phishing tools can be acquired very cheaply: a scam letter and scam page in your chosen language, a fresh spam list, a selection of php mai lers to spam-out 100,000 mails for six hours, a hacked website for hosting the s cam page for a few days, and finally a stolen but valid credit card with which t o register a domain name. With all this taken care of, the total costs for sendi ng out 100,000 phishing emails can be as little as $60. This kind of phishing tri p will uncover at least 20 bank accounts of varying cash balances, giving a market value of $200 $2,000 in e-gold if the details were simply sold to another cyberc riminal. The worst-case scenario is a 300% return on the investment, but it coul d be ten times that. Better returns can be accomplished by using drops to cash the money. The risks are high, though: drops may take as much as 50% of the value of the account as comm ission, and instances of ripping off or grassing up to the police are not uncommon. Cautious phishers often separate themselves from the physical cashing of their s poils via a series of drops that do not know one another. However, even taking int o account the 50% commission, and a 50% rip-off rate, if we assume a single stolen balance of $10,000 $100,000, then the phisher is still looking at a return of b etween 40 and 400 times the meagre outlay of his/her phishing trip. In large operations, offshore accounts are invariably used to accumulate the cri minal spoils. This is more complicated and far more expensive, but ultimately sa fer. The alarming efficiency of cybercrime can be illustrated starkly by comparing it to the illegal narcotics business. One is faster, less detectable, more profita ble (generating a return around 400 times higher than the outlay) and primarily non-violent. The other takes months or years to set-up or realise an investment, is cracked down upon by all almost all governments internationally, fraught wit h expensive overheads, and extremely dangerous. Add phishing to the other cyber-criminal activities driven by hacking and virus technologies such as carding, adware/spyware planting, online extortion, industr ial spying and mobile phone dialers and you ll find a healthy community of cottage industries and international organisations working together productively and tr ading for impressive profits. Of course these people are threatening businesses and individuals with devastating loss, financial hardship and troubling uncertai nty and must be stopped. On top of viruses, worms, bots and Trojan attacks, organisations in particular a re contending with social engineering deception and traffic masquerading as legi timate applications on the network. In a reactive approach to this onslaught, co mpanies have been layering their networks with stand alone firewalls, intrusion prevention devices, anti-virus and anti-spyware solutions in a desperate attempt to plug holes in the armoury. They're beginning to recognise it's a failed stra tegy. After all, billions of pounds are being spent on security technology, and yet security breaches continue to rise. To fight cybercrime there needs to be a tightening of international digital legi slation and of cross-border law enforcement co-ordination. But there also needs to be a more creative and inventive response from the organisations under threat

. Piecemeal, reactive security solutions are giving way to strategically deploye d multi-threat security systems. Instead of having to install, manage and mainta in disparate devices, organisations can consolidate their security capabilities into a commonly managed appliance. These measures combined, in addition to great er user education are the best safeguard against the deviousness and pure innova tion of cyber-criminal activities.

Cyber Law in INDIA Why Cyberlaw in India ? When Internet was developed, the founding fathers of Internet hardly had any inc lination that Internet could transform itself into an all pervading revolution w hich could be misused for criminal activities and which required regulation. Tod ay, there are many disturbing things happening in cyberspace. Due to the anonymo us nature of the Internet, it is possible to engage into a variety of criminal a ctivities with impunity and people with intelligence, have been grossly misusing this aspect of the Internet to perpetuate criminal activities in cyberspace. He nce the need for Cyberlaws in India. What is the importance of Cyberlaw ? Cyberlaw is important because it touches almost all aspects of transactions and activities on and concerning the Internet, the World Wide Web and Cyberspace. In itially it may seem that Cyberlaws is a very technical field and that it does no t have any bearing to most activities in Cyberspace. But the actual truth is tha t nothing could be further than the truth. Whether we realize it or not, every a ction and every reaction in Cyberspace has some legal and Cyber legal perspectiv es. Does Cyberlaw concern me ? Yes, Cyberlaw does concern you. As the nature of Internet is changing and this n ew medium is being seen as the ultimate medium ever evolved in human history, ev ery activity of yours in Cyberspace can and will have a Cyberlegal perspective. From the time you register your Domain Name, to the time you set up your web sit e, to the time you promote your website, to the time when you send and receive e mails , to the time you conduct electronic commerce transactions on the said sit e, at every point of time, there are various Cyberlaw issues involved. You may n ot be bothered about these issues today because you may feel that they are very distant from you and that they do not have an impact on your Cyber activities. B ut sooner or later, you will have to tighten your belts and take note of Cyberla w for your own benefit. Cyberlaw Awareness program Are your electronic transactions legally binding and authentic? Are you verifyin g your customers' identities to prevent identity theft? Does your online terms a nd conditions have binding effect? Are you providing appropriate information and clear steps for forming and concluding your online transactions? How are you en suring data protection and information security on your web site? Are you recogn ising the rights of your data subjects? Transacting on the Internet has wide legal implications as it alters the convent ional methods of doing business. To build enduring relationships with your onlin e customers the legal issues of e-transactions need to be addressed from the ons et. This Awareness program will cover

the basics of Internet Security basic information on Indian Cyber Law Impact of technology aided crime Indian IT Act on covering the legal aspects of all Online Activities

Internet Fraud Overview Internet fraud is committed in several ways. The FBI and police agencies worldwi de have people assigned to combat this type of fraud; according to figures from the FBI, U.S. companies' losses due to Internet fraud in 2003 surpassed US$500 m illion. In some cases, fictitious merchants advertise goods for very low prices and never deliver. However, that type of fraud is minuscule compared to criminal s using stolen credit card information to buy goods and services. The Internet serves as an excellent tool for investors, allowing them to easily and inexpensively research investment opportunities. But the Internet is also an excellent tool for fraudsters. Geographic origin In some cases Internet Fraud schemes originate in the US and European countries, but a significant proportion seems to come from Africa, particularly Nigeria an d Ghana, and sometimes from Egypt. Some originate in Eastern Europe, Southwest A sia and China. For some reason, many fraudulent orders seem to originate from Be lgium, from Amsterdam in the Netherlands, from Norway, and from Malm in Sweden. Geographic targets Europe, US, and some Asia Pacific countries like Singapore and Australia are the leading targets of this type of fraud. Popular products Fraudsters seem to prefer small and valuable products, such as: watches, jewelry , laptops, ink cartridges, digital cameras, and camcorders. These items are usua lly commodities that are easily sellable and have a broad range of appeal. Howev er, fraud in hosted marketplaces such as Ebay covers a broad range of products f rom cellular phones to desktop computers. The craft has continually evolved in s ophistication. In some instances, a picture of the product is sent in place of t he actual product. Other times, products are outright never sent after the bill is charged to credit card accounts. Victims are left to deal with credit card co mpanies for chargebacks. Some Fraudsters market intangibles such as software downloads or documentation. Pricing on such items is low in order to encourage a purchase perceived by the c onsumer as low risk (in accordance with low cost.) Software download scams are f requently targeted at high-population buying communities such as online gaming w orlds. Wow stat hack is an example of one such scam. Identity theft schemes Stolen credit cards Most Internet fraud is done through the use of stolen credit card information wh ich is obtained in many ways, the simplest being copying information from retail ers, either online or offline. There have been many cases of crackers obtaining huge quantities of credit card information from companies' databases. There have been cases of employees of companies that deal with millions of customers in wh ich they were selling the credit card information to criminals.

Despite the claims of the credit card industry and various merchants, using cred it cards for online purchases can be insecure and carry a certain risk. Even so called "secure transactions" are not fully secure, since the information needs t o be decrypted to plain text in order to process it. This is one of the points w here credit card information is typically stolen. Get wire transfer info Some fraudsters approach merchants asking them for large quotes. After they quic kly accept the merchant's quote, they ask for wire transfer information to send payment. Immediately, they use online check issuing systems as Qchex that requir e nothing but a working email, to produce checks that they use to pay other merc hants or simply send associates to cash them. Purchase scams Direct solicitations The most straightforward type of purchase scam is a buyer in another country app roaching many merchants through spamming them and directly asking them if they c an ship to them using credit cards to pay. An example of such email is as follows: From: XXXXXX XXXXXX [XXXXXXX@hotmail.com] Sent: Saturday, October 01, 2005 11:35 AM Subject: International order enquiry Goodday Sales, This is XXXXXX XXXXXXX and I will like to place an order for some products in your store, But before I proceed with listing my requirements, I wi ll like to know if you accept credit card and can ship internationally to Lagos, Nigeria. Could you get back to me with your website so as to forward you the li st of my requirements as soon as possible. Regards, XXXXXX XXXXXX, XXXXXXXX Inc. 9999 XXXXX street, Mushin, Lagos 23401, Nigeria Telephone: 234-1-99999999, Fax: 234-1-9999999, Email: XXXXXXXXX@hotmail.com Most likely, a few weeks or months after the merchant ships and charges the Nige rian credit card, he/she will be hit with a chargeback from the credit card proc essor and lose all the money. Counterfeit Postal Money Orders According to the FBI and postal inspectors, there has been a significant surge i n the use of Counterfeit Postal Money Orders since October 2004. More than 3,700 counterfeit postal money orders (CPMOs) were intercepted by authorities from Oc tober to December of 2004, and according to the USPS, the "quality" of the count erfeits is so good that ordinary consumers can easily be fooled. On March 9, 2005, the FDIC issued an alert [1] stating that it had learned that counterfeit U.S. Postal Money Orders had been presented for payment at financial institutions. On April 26, 2005, Tom Zeller Jr. wrote an article in The New York Times[2] rega rding a surge in the quantity and quality of the forging of U.S. Postal Money Or ders, and its use to commit online fraud. The article shows a picture of a man t hat had been corresponding with a woman in Nigeria through a dating site, and re ceived several fake postal money orders after the woman asked him to buy a compu ter and mail it to her. Who has received Counterfeit Postal Money Orders (CPMOs): Small Internet retailers. Classified advertisers. Individuals that have been contacted through email or chat rooms by fraudsters p osing as prospective social interests or business partners, and convinced to hel

p the fraudsters unknowingly. Geographical origin: Mostly from Nigeria Ghana Eastern Europe The penalty for making or using counterfeit postal money orders is up to ten yea rs in jail and a US$25,000 fine. Online automotive fraud There are two basic schemes in online automotive fraud: A fraudster posts a vehicle for sale on an online site, generally for luxury or sports cars advertised for thousands less than market value. The details of the vehicle, including photos and description, are typically lifted from sites such as eBay Motors and re-posted elsewhere. An interested buyer, hopeful for a barga in, emails the seller, who responds saying the car is still available but is loc ated overseas. He then instructs the buyer to send a deposit via wire transfer t o initiate the "shipping" process. The unwitting buyer wires the funds, and does n't discover until days or weeks later that they were scammed. A fraudster feigns interest in an actual vehicle for sale on the Internet. The " buyer" explains that a client of his is interested in the car, but due to an ear lier sale that fell through has a certified check for thousands more than the as king price and requests the seller to send the balance via wire transfer. If the seller agrees to the transaction, the buyer sends the certified check via expre ss courier (typically from Nigeria). The seller takes the check to their bank, w hich makes the funds available immediately. Thinking the bank has cleared the ch eck, the seller follows through on the transaction by wiring the balance to the buyer. Days later, the check bounces and the seller realizes they have been scam med. But the money has long since been picked up and is not recoverable. In another type of fraud, a fraudster contacts the seller of an automobile, aski ng for the vehicle identification number, putatively to check the accident recor d of the vehicle. However, the supposed buyer actually uses the VIN to make fake papers for a stolen car that is then sold. Cash the check system In some cases, fraudsters approach merchants and ask for large orders: $50,000 t o $200,000, and agree to pay via wire transfer in advance. After brief negotiati on, the buyers gives an excuse about the impossibility of sending a bank wire tr ansfer. The buyer then offers to send a check, stating that the merchant can wai t for the check to clear before shipping any goods. The check received, however, is a counterfeit of a check from a medium to large U.S. company. If asked, the buyer will claim that the check is money owed from the large company. The mercha nt deposits the check and it clears, so the goods are sent. Only later, when the larger company notices the check, will the merchant's account be debited. In some cases, the fraudsters agree to the wire but ask the merchant for their b ank's address. The fraudsters send the counterfeited check directly to the merch ant's bank with a note asking to deposit it to the merchant's account. Unsuspect ing bank officers deposit the check, and then the fraudster contacts the merchan t stating that they made a direct deposit into the merchant's account. Re-shippers Re-shipping scams trick individuals or small businesses into shipping goods to c ountries with weak legal systems. The goods are generally paid for with stolen o r fake credit cards. Nigerian version In the Nigerian version, the fraudsters have armies of people actively recruitin g single women from western countries through chat & matchmaking sites. At some point, the criminal promises to marry the lady and come to their home country in the near future. Using some excuse the criminal asks permission of his "future wife" to ship some goods he is going to buy before he comes. As soon as the woma n accepts the fraudster uses several credit cards to buy at different Internet s

ites simultaneously. In many cases the correct billing address of the cardholder is used, but the shipping address is the home of the unsuspecting "future wife" . Around the time when the packages arrive, the criminal invents an excuse for n ot coming and tells his "bride" that he urgently needs to pick up most or all th e packages. Since the woman has not spent any money, she sees nothing wrong and agrees. Soon after, she receives a package delivery company package with pre-pri nted labels that she has agreed to apply to the boxes that she already has at ho me. The next day, all boxes are picked up by the package delivery company and sh ipped to the criminal's real address (in Nigeria or elsewhere). After that day t he unsuspecting victim stops receiving communications from the "future husband" because her usefulness is over. To make matters worse, in most cases the crimina ls were able to create accounts with the package deliverer, based on the woman's name and address. So, a week or two later, the woman receives a huge freight bi ll from the shipping company which she is supposed to pay because the goods were shipped from her home. Unwittingly, the woman became the criminal re-shipper an d helped him with his criminal actions. East European version This is a variant of the Nigerian Version, in which criminals recruit people thr ough classified advertising. The criminals present themselves as a growing Europ ean company trying to establish a presence in the U.S. and agree to pay whatever the job applicant is looking to make, and more. The fraudsters explain to the u nsuspecting victim that they will buy certain goods in the U.S. which need to be re-shipped to a final destination in Europe. When everything is agreed they sta rt shipping goods to the re-shipper's house. The rest is similar to the Nigerian Version. Sometimes, when the criminals send the labels to be applied to the box es, they also include a fake cheque, as payment for the re-shipper's services. B y the time the cheque bounces unpaid, the boxes have been picked up already and all communication between fraudster and re-shipper has stopped. Chinese version This is a variant of the East European Version, in which criminals recruit peopl e through spam. The criminals present themselves as a growing Chinese company tr ying to establish a presence in the U.S. or Europe and agree to pay an agent wha tever the unsuspecting victim is looking to make, and more. Here is an example o f a recruiting email: Dear Sir/Madam, I am Mr. XXX XXX, managing XXXXXXXXXXX Corp. We are a company wh o deal on mechanical equipment, hardware and minerals, electrical products, Medi cal & Chemicals, light industrial products and office equipment, and export into the Canada/America and Europe. We are searching for representatives who can hel p us establish a medium of getting to our costumers in the Canada/America and Eu rope as well as making payments through you to us. Please if you are interested in transacting business with us we will be glad. Please contact us for more info rmation. Subject to your satisfaction you will be given the opportunity to negot iate your mode of which we will pay for your services as our representative in C anada/America and Europe. Please if you are interested forward to us your phone number/fax and your full contact addresses. Thanks in advance. Mr. XXX XXX. Mana ging Director" Call tag scam The Merchant Risk Council reported that the "call tag" scam re-emerged over the 2005 holidays and several large merchants suffered losses. Under the scheme, cri minals use stolen credit card information to purchase goods online for shipment to the legitimate cardholder. When the item is shipped and the criminal receives tracking information via email, he/she calls the cardholder and falsely identif ies himself as the merchant that shipped the goods, saying that the product was mistakenly shipped and asking permission to pick it up upon receipt. The crimina l then arranges the pickup issuing a "call tag" with a shipping company differen t from the one the original merchant used. The cardholder normally doesn't notic e that there is a second shipping company picking up the product, which in turn has no knowledge it is participating in a fraud scheme. The cardholder then noti

ces a charge in his card and generates a chargeback to the unsuspecting merchant . Business opportunity/"Work-at-Home" schemes Fraudulent schemes often use the Internet to advertise purported business opport unities that will allow individuals to earn thousands of dollars a month in "wor k-at-home" ventures. These schemes typically require the individuals to pay anyw here from $35 to several hundred dollars or more, but fail to deliver the materi als or information that would be needed to make the work-at-home opportunity a p otentially viable business. Often, after paying a registration fee, the applicant will be sent advice on how to place ads similar to the one that recruited him in order to recruit others, which is effectively a pyramid scheme. Other types of work at home scams include home assembly kits. The applicant pays a fee for the kit, but after assembling and returning the item, it s rejected as sub-standard, meaning the applicant is out of pocket for the materials. Similar scams include home-working directories, medical billing, data entry (data entry scam) at home or reading books for money. Website scams Click fraud The latest scam to hit the headlines is the multi-million dollar Clickfraud whic h occurs when advertising network affiliates force paid views or clicks to ads o n their own websites via spyware, the affiliate is then paid a commission on the cost-per-click that was artificially generated. Affiliate programs such as Goog le's Adsense capability pay high commissions that drive the generation of bogus clicks. With paid clicks costing as much as US$100[verification needed] and an o nline advertising industry worth more than US$10 billion, this form of Internet fraud is on the increase. International modem dialing Many consumers connect to the Internet using a modem calling a local telephone n umber. Some web sites, normally containing adult content, use international dial ing to trick consumers into paying to view content on their web site. Often thes e sites purport to be free and advertise that no credit card is needed. They the n prompt the user to download a "viewer" or "dialer" to allow them to view the c ontent. Once the program is downloaded it disconnects the computer from the Inte rnet and proceeds to dial an international long distance or premium rate number, charging anything up to US$7-8 per minute. An international block is recommende d to prevent this, but in the U.S. and Canada, calls to the Caribbean (except Ha iti) can be dialed with a "1" and a three-digit area code, so such numbers, as w ell as "10-10 dial-round" phone company prefixes, can circumvent an internationa l block. Another type of Click Fraud This type of fraud involves a supposed internet marketing specialist presenting a prospective client with detailed graphs and charts that indicate that his web site receives (x) thousands of hits per month, emphasizing that if you pay for h is services you will succeed in getting a number clicks converted to customers o r clients. When you receive no request for more information and no clients, the fraudster r esponds that it must be something you web site is not doing right. Phishing Main article: Phishing "Phishing" is the act of attempting to fraudulently acquire sensitive informatio n, such as passwords and credit card details, by masquerading as a trustworthy p erson or business with a real need for such information in a seemingly official

electronic notification or message (most often an email, or an instant message). It is a form of social engineering attack. The term was coined in the mid 1990s by crackers attempting to steal AOL account s. An attacker would pose as an AOL staff member and send an instant message to a potential victim. The message would ask the victim to reveal his or her passwo rd, for instance to "verify your account" or to "confirm billing information". O nce the victim gave over the password, the attacker could access the victim's ac count and use it for criminal purposes, such as spamming. Phishing has been widely used by fraudsters using spam messages masquerading as large banks (Citibank, Bank of America) or PayPal. These fraudsters can copy the code and graphics from legitimate websites and use them on their own sites to c reate a legitimate-looking scam web pages. They can also link to the graphics on the legitimate sites to use on their own scam site. These pages are so well don e that most people cannot tell that they have navigated to a scam site. Fraudste rs will also put the text of a link to a legitimate site in an e-mail but use th e source code to links to own fake site. This can be revealed by using the "view source" feature in the e-mail application to look at the destination of the lin k or putting the cursor over the link and looking at the code in the status bar of the browser. Although many people don't fall for it, the small percentage of people that do fall for it, multiplied by the sheer numbers of spam messages sen t, presents the fraudster with a substantial incentive to keep doing it. Anti-phishing technologies are now available. Pharming Pharming is the exploitation of a vulnerability in the DNS server software that allows a hacker to acquire the domain name for a site, and to redirect that webs ite's traffic to another web site. DNS servers are the machines responsible for resolving internet names into their real addresses - the "signposts" of the inte rnet. If the web site receiving the traffic is a fake web site, such as a copy of a ba nk's website, it can be used to "phish" or steal a computer user's passwords, PI N or account number. Note that this is only possible when the original site was not SSL protected, or when the user is ignoring warnings about invalid server ce rtificates. For example, in January 2005, the domain name for a large New York ISP, Panix, w as hijacked to a site in Australia. In 2004 a German teenager hijacked the eBay. de domain name. Secure e-mail provider Hushmail was also caught by this attack on 24th of April 2005 when the attacker rang up the domain registrar and gained enough informatio n to redirect users to a defaced webpage. Anti-pharming technologies are now available. Auction and retail schemes online Fraudsters launch auctions on eBay or TradeMe with very low prices and no reserv ations especially for high priced items like watches, computers or high value co llectibles. They received payment but never deliver, or deliver an item that is less valuable than the one offered, such as counterfeit, refurbished or used. So me fraudsters also create complete webstores that appear to be legitimate, but t hey never deliver the goods. An example of such a fraudulent site is marselle.co m. They take payment but never shipped the order. In some cases, some stores or auctioneers are legitimate but eventually they stopped shipping after cashing th e customers' payments.

Sometimes fraudsters will combine phishing to hijacking legitimate member accoun ts on eBay, typically with very high numbers of positive feedback, and then set up a phony online store. They received payment usually via check, money-order, c ash or wire transfer but never deliver the goods; then they leave the poor, unkn owing eBay member to sort out the mess. In this case the fraudster collects the money while ruining the reputation of the conned eBay member and leaving a large number of people without the goods they thought they purchased. Stock market manipulation schemes These are also called investment schemes online. Criminals use these to try to m anipulate securities prices on the market, for their personal profit. According to enforcement officials of the Securities and Exchange Commission, the 2 main m ethods used by these criminals are: Pump-and-dump schemes False and/or fraudulent information is disseminated in chat rooms, forums, inter net boards and via email (spamming), with the purpose of causing a dramatic pric e increase in thinly traded stocks or stocks of shell companies (the "pump"). As soon as the price reaches a certain level, criminals immediately sell off their holdings of those stocks (the "dump"), realizing substantial profits before the stock price falls back to its usual low level. Any buyers of the stock who are unaware of the fraud become victims once the price falls. When they realize the fraud, it is too late to sell. They lost a high percentage of their money. Even if the stock value does increase, the stocks may be hard to sell because of lack of interested buyers, leaving the shareholder with the shares for a far longer term than desired. Short-selling or "scalping" schemes This scheme takes a similar approach to the "pump-and-dump" scheme, by dissemina ting false or fraudulent information through chat rooms, forums, internet boards and via email (spamming), but this time with the purpose of causing dramatic pr ice decreases in a specific company's stock. Once the stock reaches a certain lo w level, criminals buy the stock or options on the stock, and then reverse the f alse information or just wait for it to wear off with time or to be disproved by the company or the media. Once the stock goes back to its normal level, the cri minal sells the stock or option and reaps the huge gain. Avoiding Internet investment scams The US Security Exchange Commission have enumerated guideline on how to avoid in ternet investment scams. The summary are as follows: The Internet allows individuals or companies to communicate with a large audienc e without spending a lot of time, effort, or money. Anyone can reach tens of tho usands of people by building an Internet web site, posting a message on an onlin e bulletin board, entering a discussion in a live "chat" room, or sending mass e -mails. If you want to invest wisely and steer clear of frauds, you must get the facts. The types of investment fraud seen online mirror the frauds perpetrated over the phone or through the mail. Consider all offers with skepticism. Types of Internet policies required for an Organization. Minium hardware and software, security measures required in an organization to p rotect data Cyber Lawyering Cyber law (also referred to as cyberlaw) is a term used to describe the legal is sues related to use of communications technology, particularly "cyberspace", i.e . the Internet. It is less a distinct field of law in the way that property or c ontract are as it is an intersection of many legal fields, including intellectua

l property, privacy, freedom of expression, and jurisdiction. In essence, cyber law is an attempt to integrate the challenges presented by human activity on the Internet with legacy system of laws applicable to the physical world. Jurisdiction and Sovereignty Issues of jurisdiction and sovereignty have quickly come to the fore in the era of the Internet. The Internet does not tend to make geographical and jurisdictio nal boundaries clear, but Internet users remain in physical jurisdictions and ar e subject to laws independent of their presence on the Internet. As such, a sing le transaction may involve the laws of at least three jurisdictions: 1) the laws of the state/nation in which the user resides, 2) the laws of the state/nation that apply where the server hosting the transaction is located, and 3) the laws of the state/nation which apply to the person or business with whom the transact ion takes place. So a user in one of the United States conducting a transaction with another user in Britain through a server in Canada could theoretically be s ubject to the laws of all three countries as they relate to the transaction at h and. Jurisdiction is an aspect of state sovereignty and it refers to judicial, legisl ative and administrative competence. Although jurisdiction is an aspect of sover eignty, it is not coextensive with it. The laws of a nation may have extra-terri torial impact extending the jurisdiction beyond the sovereign and territorial li mits of that nation. This is particularly problematic as the medium of the Inter net does not explicitly recognize sovereignty and territorial limitations. There is no uniform, international jurisdictional law of universal application, and s uch questions are generally a matter of conflict of laws, particularly private i nternational law. An example would be where the contents of a web site are legal in one country and illegal in another. In the absence of a uniform jurisdiction al code, legal practitioners are generally left with a conflict of law issue. Another major problem of cyber law lies in whether to treat the Internet as if i t were physical space (and thus subject to a given jurisdiction's laws) or to ac t as if the Internet is a world unto itself (and therefore free of such restrain ts). Those who favor the latter view often feel that government should leave the Internet community to self-regulate. John Perry Barlow, for example, has addres sed the governments of the world and stated, "Where there are real conflicts, wh ere there are wrongs, we will identify them and address them by our means. We ar e forming our own Social Contract . This governance will arise according to the conditions of our world, not yours. Our world is different" (Barlow, A Declarati on of the Independence of Cyberspace [1]). A more balanced alternative is the De claration of Cybersecession: "Human beings possess a mind, which they are absolu tely free to inhabit with no legal constraints. Human civilization is developing its own (collective) mind. All we want is to be free to inhabit it with no lega l constraints. Since you make sure we cannot harm you, you have no ethical right to intrude our lives. So stop intruding!" [2]. Other scholars argue for more of a compromise between the two notions, such as Lawrence Lessig's argument that " The problem for law is to work out how the norms of the two communities are to a pply given that the subject to whom they apply may be in both places at once" (L essig, Code 190). Though rhetorically attractive, cybersecession initiatives have had little real impact on the Internet or the laws governing it. In practical terms, a user of t he Internet is subject to the laws of the state or nation within which he or she goes online. Thus, in the U.S., Jake Baker faced criminal charges for his e-con duct (see Free Speech), and numerous users of peer-to-peer file-sharing software were subject to civil lawsuits for copyright infringement. This system runs int o conflicts, however, when these suits are international in nature. Simply put, legal conduct in one nation may be decidedly illegal in another. In fact, even d ifferent standards concerning the burden of proof in a civil case can cause juri sdictional problems. For example, an American celebrity, claiming to be insulted

by an online American magazine, faces a difficult task of winning a lawsuit aga inst that magazine for libel. But if the celebrity has ties, economic or otherwi se, to England, her or she can sue for libel in the British court system, where the standard of libelous speech is far lower.Its nice to know that there is such l aw to prevent "CYBER CRIME". Net Neutrality Another major area of interest is net neutrality, which affects the regulation o f the infrastructure of the Internet. Though not obvious to most Internet users, every packet of data sent and received by every user on the Internet passes thr ough routers and transmission infrastructure owned by a collection of private an d public entities, including telecommunications companies like Ehsan Bayat Afgha n Wireless, universities, and governments, suggesting that the Internet is not a s independent as Barlow and others would like to believe. This is turning into o ne of the most critical aspects of cyber law and has immediate jurisdictional im plications, as laws in force in one jurisdiction have the potential to have dram atic effects in other jurisdictions when host servers or telecommunications comp anies are affected. Free Speech in Cyberspace In comparison to traditional print-based media, the accessibility and relative a nonymity of cyber space has torn down traditional barriers between an individual and his or her ability to publish. Any person with an internet connection has t he potential to reach an audience of millions with little-to-no distribution cos ts. Yet this new form of highly-accessible authorship in cyber space raises ques tions and perhaps magnifies legal complexities relating to the freedom and regul ation of speech in cyberspace. Recently, these complexities have taken many forms, three notable examples being the Jake Baker incident, in which the limits of obscene Internet postings were at issue, the controversial distribution of the DeCSS code, and Gutnick v Dow Jo nes, in which libel laws were considered in the context of online publishing. Th e last example was particularly significant because it epitomized the complexiti es inherent to applying one country's laws (nation-specific by definition) to th e internet (international by nature). In 2003, Jonathan Zittrain considered this issue in his paper, "Be Careful What You Ask For: Reconciling a Global Internet and Local Law" [3]. In many countries, speech through cyberspace has proven to be another means of c ommunication which has been regulated by the government. The Open Net Initiative , [4], whose mission statement is "to investigate and challenge state filtration and surveillance practices" in order to "...generate a credible picture of thes e practices," has released numerous reports documenting the filtration of intern et-speech in various countries. While China has thus far proven to be the most r igorous in its attempts to filter unwanted parts of the internet from its citize ns [5], many other countries - including Singapore, Iran, Saudi Arabia, and Tuni sia - have engaged in similar practices. In one of the most vivid examples of in formation-control, the Chinese government for a short time transparently forward ed requests to the Google search engine to its own, state-controlled search engi nes [6]. These examples of filtration bring to light many underlying questions c oncerning the freedom of speech, namely, does the government have a legitimate r ole in limiting access to information? And if so, what forms of regulation are a cceptable? The recent blocking of "blogspot" and other websites in India failed to reconcile the conflicting interests of speech and expression on the one hand and legitimate government concerns on the other hand. In the UK the case of Keith-Smith v Williams confirmed that existing libel laws applied to internet discussions.[1] Governance

The unique structure of the Internet has raised several judicial concerns. While grounded in physical computers and other electronic devices, the Internet is in dependent of any geographic location. While real individuals connect to the Inte rnet and interact with others, it is possible for them to withhold personal info rmation and make their real identities anonymous. If there are laws that could g overn the Internet, then it appears that such laws would be fundamentally differ ent from laws that geographic nations use today. In their essay "Law and Borders -- The Rise of Law in Cyberspace," [7], David Jo hnson and David Post offer a solution to the problem of Internet governance. Giv en the Internet's unique situation, with respect to geography and identity, John son and Post believe that it becomes necessary for the Internet to govern itself . Instead of obeying the laws of a particular country, Internet citizens will ob ey the laws of electronic entities like service providers. Instead of identifyin g as a physical person, Internet citizens will be known by their usernames or em ail addresses. Since the Internet defies geographical boundaries, national laws will no longer apply. Instead, an entirely new set of laws will be created to ad dress concerns like intellectual property and individual rights. In effect, the Internet will exist as its own sovereign nation. Even if the Internet represents a legal paradigm shift, Johnson and Post do not make clear exactly how or by whom the law of the Internet will be enforced. Inst ead, the authors see market mechanisms, like those that Medieval merchants used, guiding Internet citizens' actions like Adam Smith's invisible hand. Yet, as mo re physical locations go online, the greater the potential for physical manifest ation of electronic misdeeds. What do we do when someone electronically turns of f the hospital lights? However, there is also substantial literature and commentary that the internet i s not only regulable, but is already subject to substantial regulation, both publi c and private, by many parties and at many different levels. Leaving aside the m ost obvious examples of internet filtering in nations like China or Saudi Arabia (that monitor content), there are four primary modes of regulation of the inter net described by Lawrence Lessig in his book, Code and Other Laws of Cyberspace: 1. Law: Standard East Coast Code, and the most self-evident of the four modes of regulation. As the numerous statutes, evolving case law and precedents make cle ar, many actions on the internet are already subject to conventional legislation (both with regard to transactions conducted on the internet and images posted). Areas like gambling, child pornography, and fraud are regulated in very similar ways online as off-line. While one of the most controversial and unclear areas of evolving laws is the determination of what forum has subject matter jurisdict ion over activity (economic and other) conducted on the internet, particularly a s cross border transactions affect local jurisdictions, it is certainly clear th at substantial portions of internet activity are subject to traditional regulati on, and that conduct that is unlawful off-line is presumptively unlawful online, and subject to similar laws and regulations. Scandals with major corporations l ed to US legislation rethinking corporate governance regulations such as the Sar banes-Oxley Act. 2. Architecture: West Coast Code: these mechanisms concern the parameters of how information can and cannot be transmitted across the internet. Everything from internet filtering software (which searches for keywords or specific URLs and bl ocks them before they can even appear on the computer requesting them), to encry ption programs, to the very basic architecture of TCP/IP protocol, falls within this category of regulation. It is arguable that all other modes of regulation e ither rely on, or are significantly supported by, regulation via West Coast Code . 3. Norms: As in all other modes of social interaction, conduct is regulated by s

ocial norms and conventions in significant ways. While certain activities or kin ds of conduct online may not be specifically prohibited by the code architecture of the internet, or expressly prohibited by applicable law, nevertheless these activities or conduct will be invisibly regulated by the inherent standards of t he community, in this case the internet users. And just as certain patterns of con duct will cause an individual to be ostracized from our real world society, so t oo certain actions will be censored or self-regulated by the norms of whatever c ommunity one chooses to associate with on the internet. 4. Markets: Closely allied with regulation by virtue of social norms, markets al so regulate certain patterns of conduct on the internet. While economic markets will have limited influence over non-commercial portions of the internet, the in ternet also creates a virtual marketplace for information, and such information affects everything from the comparative valuation of services to the traditional valuation of stocks. In addition, the increase in popularity of the internet as a means for transacting all forms of commercial activity, and as a forum for ad vertisement, has brought the laws of supply and demand in cyberspace. Internet Regulation In Other Countries While there is some United States law that does restrict access to materials on the internet, it does not truly filter the internet. Many Asian and Middle Easte rn nations use any number of combinations of code-based regulation (one of Lessi g's four methods of net regulation) to block material that their governments hav e deemed inappropriate for their citizens to view. China and Saudi Arabia are tw o excellent examples of nations that have achieved high degrees of success in re gulating their citizens access to the internet (for further reading, please see ONI's studies on both: http://www.opennetinitiative.net/studies/saudi/ and http: //www.opennetinitiative.net/studies/china/) About Cyber Law The cyber law, in any country of the World, cannot be effective unless the conce rned legal system has the following three pre requisites: (1) A sound Cyber Law regime, (2) A sound enforcement machinery, and (3) A sound judicial system. Let us analyse the Indian Cyber law on the above parameters. (1) Sound Cyber Law regime: The Cyber law in India can be found in the form of I T Act, 2000.[1] Now the IT Act, as originally enacted, was suffering from variou s loopholes and lacunas. These grey areas were excusable since India introduced th e law recently and every law needs some time to mature and grow. It was understo od that over a period of time it will grow and further amendments will be introd uced to make it compatible with the International standards. It is important to realise that we need qualitative law and not quantitative laws . In other words, one single Act can fulfil the need of the hour provided we give it a dedicated and fu turistic treatment . The dedicated law essentially requires a consideration of publ ic interest as against interest of few influential segments. Further, the futuris tic aspect requires an additional exercise and pain of deciding the trend that m ay be faced in future. This exercise is not needed while legislating for traditi onal laws but the nature of cyber space is such that we have to take additional precautions. Since the Internet is boundary less, any person sitting in an alien territory can do havoc with the computer system of India. For instance, the Inf ormation Technology is much more advanced in other countries. If India does not shed its traditional core that it will be vulnerable to numerous cyber threats i n the future. The need of the hour is not only to consider the contemporary stand ards of the countries having developed Information Technology standards but to ant icipate future threats as well in advance. Thus, a futuristic aspect of the current law has to be considered.Now the big question is whether India is following thi

s approach? Unfortunately, the answer is in NEGATIVE. Firstly, the IT Act was de ficient in certain aspects, though that was bound to happen. However, instead of bringing the suitable amendments, the Proposed IT Act, 2000 amendments have fur ther diluted the criminal provisions of the Act. The national interest was ignored f or the sake of commercial expediencies . The proposed amendments have made the IT A ct a tiger without teeth and a remedy worst than malady . (2) A sound enforcement machinery: A law might have been properly enacted and ma y be theoretically effective too but it is useless unless enforced in its true l etter and spirit. The law enforcement machinery in India is not well equipped to deal with cyber law offences and contraventions. They must be trained appropria tely and should be provided with suitable technological support. (3) A sound judicial system: A sound judicial system is the backbone for preserv ing the law and order in a society. It is commonly misunderstood that it is the s ole responsibility of the Bench alone to maintain law and order. That is a misleadi ng notion and the Bar is equally responsible for maintaining it. This essentially means a rigorous training of the members of both the Bar and the Bench. The fact is that the cyber law is in its infancy stage in India hence not much Judges an d Lawyers are aware of it. Thus, a sound cyber law training of the Judges and La wyers is the need of the hour.In short, the dream for an Ideal Cyber Law in India requires a considerable amount of time, money and resources. In the present state of things, it may take five more years to appreciate its application. The good n ews is that Government has sanctioned a considerable amount as a grant to bring e-governance within the judicial functioning. The need of the hour is to appreci ate the difference between mere computerisation and cyber law literacy .[2] The judge s and lawyers must be trained in the contemporary legal issues like cyber law so that their enforcement in India is effective. With all the challenges that Indi a is facing in education and training, e-learning has a lot of answers and needs to be addressed seriously by the countries planners and private industry alike. E-learning can provide education to a large population not having access to it. [3] II. Critical evaluation of the proposed IT Act, 2000 amendments The proposed IT Act, 2000 amendments are neither desirable nor conducive for the growth of ICT in India. They are suffering from numerous drawbacks and grey are as and they must not be transformed into the law of the land.[4] These amendment s must be seen in the light of contemporary standards and requirements.[5] Some of the more pressing and genuine requirements in this regard are: (a) There are no security concerns for e-governance in India[6] (b) The concept of due diligence for companies and its officers is not clear to the concerned segments[7] (c) The use of ICT for justice administration must be enhanced and improved[8] (d) The offence of cyber extortions must be added to the IT Act, 2000 along with Cyber Terrorism and other contemporary cyber crimes[9] (e) The increasing nuisance of e-mail hijacking and hacking must also be address ed[10] (f) The use of ICT for day to day procedural matters must be considered[11] (g) The legal risks of e-commerce in India must be kept in mind[12] (h) The concepts of private defence and aggressive defence are missing from the IT Act, 2000[13] (i) Internet banking and its legal challenges in India must be considered[14] (j) Adequate and reasonable provisions must me made in the IT Act, 2000 regardin g Internet censorship [15] (k) The use of private defence for cyber terrorism must be introduced in the IT Act, 2000[16] (l) The legality of sting operations (like Channel 4) must be adjudged[17] (m) The deficiencies of Indian ICT strategies must be removed as soon as possibl

e[18] (n) A sound BPO platform must be established in India, etc[19]. The concerns are too many to be discussed in this short article. The Government must seriously take the genuine concerns and should avoid the cosmetic changes tha t may shake the base of already weak cyber law in India. III. Conclusion The Government has mistakenly relied too much upon self governance by private sect ors and in that zeal kept aside the welfare State role . The concept of self govern ance may be appropriate for matters having civil consequences but a catastrophic blunder for matter pertaining to crimes, offences, contraventions and cyber cri mes. Further, the Government must also draw a line between privatisation and abdica tion of duties as imposed by the Supreme Constitution of India. The concepts of Pu blic-Private Partnerships must be reformulated keeping in mind the welfare State role of India.[20] The collective expertise must be used rather than choosing a se gment that is not representing the silent majority .[21] It would be appropriate if the Government puts the approved draft by the Cabinet before the public for the ir inputs before finally placing them before the Parliament

What to do in case of a Cyber Crime

In the previous sections we have given you the information about what constitute s a cyber crime. If you are the victim of a cyber crime, the first thing you wil l have to do is to file a complaint with details of the crime. The subsequent Q & As will familiarize you with the steps to handling a cyber crime. First of all, here are some important numbers and contact points of where you ca n report a cyber crime. As a general rule, though, we suggest you first contact your local law enforceme nt authorities (police station) and let them know what happened, depending on th e scope of the crime, it will be investigated by special cyber crime investigati on cell. Mumbai Address: Assistant Commissioner of Police Cyber Crime Investigation Cell Office of Commissioner of Police office, Annex -3 Building, 1st floor, Near Crawford Market, Mumbai-01. Contact Details: +91-22-22630829 +91-22-22641261 Web site: http://www.cybercellmumbai.com E-mail id: officer@cybercellmumbai.com Where was the world's first crime laboratory established?

One of the first crime laboratories was established in 1910 in Lyon, France, by Edmond Locard, a physician. Locard helped work out scientific methods to investi gate crimes. Alphonse Bertillon, a French statistician, developed a method of id entifying persons according to their body measurements. This method, called the Bertillon system, was first used in Paris in 1879 and soon spread throughout the world. See Bertillon system. Sir William J. Herschel, a British colonial administrator in India during the la te 1800's, was probably the first person to devise a workable method of fingerpr int identification. Historians credit Sir Francis Galton, a British scientist, w ith developing Herschel's methods into a modern system of fingerprint identifica tion in the 1880's. By the late 1910's, fingerprinting had replaced the Bertillo n system almost entirely as a more accurate method of identification. In the Uni ted States, the Federal Bureau of Investigation (FBI) established a fingerprint file in 1930. Hans Gross, an Austrian judge, probably invented the word criminalistics. In his book Criminal Investigation (1893), Gross declared that criminalistics was a sc ience that should use a systematic approach to investigate crimes and analyze ev idence. The first U.S. crime laboratory was set up in Los Angeles in 1923. Today, the na tion has about 250 crime laboratories. The FBI crime laboratory, organized in 19 32, is one of the finest in the world (see Federal Bureau of Investigation). FBI experts examine about 900,000 pieces of evidence yearly. Some crime laboratorie s examine only one type of evidence. For example, the U.S. Postal Inspector's De partment Laboratory examines documents associated with such crimes as mail theft and forgery of money order

Resources: Anti-cybercrime networks, organisations and initiatives Taking effective measures against cybercrime and thus to protect human rights an d the rule of law on the Internet is a shared responsibility requiring transnati onal multi-stakeholder cooperation. A wide range of international networks, orga nisations and initiatives have already been established to meet the challenge of cybercrime. This resource is to facilitate access to these initiatives and to a llow for networking among networks. It lists initiatives and networks involving public and/or private sector institutions or NGOs cooperating across borders:

Name Focus Mission Membership Contact Action Innocence

Child abuse To inform and educate the public, parents and children of the dangers of Intern et To promote safe use of Internet To fight against cybercrimes against children

Independent associations in France, Switzerland, Belgium and Monaco Via website 181, avenue Victor Hugo - 75116 Paris Tel : 00 33 1 44 05 05 33 Email: france@actioninnocence.org Anti-Phishing Working Group (APWG) Phishing Fraud A global pan-industrial and law enforcement association focused on eliminating f raud and identity theft resulting from phishing, pharming and email spoofing of all types A detailed list of APWG members is available on the website

Via website To report phishing: reportphishing@antiphishing.org

Asia-Pacific Economic Cooperation (APEC) Telecommunications and Information Working Group (TEL)

Malware To improve telecommunication and information infrastructure in the Asia-Pacific region by developing and implementing appropriate policies Australia, Brunei Darussalam, Canada, Chile, China, Hong Kong, Indonesia, Japan, Republic of Korea, Malaysia, Mexico, New Zealand, Papua New Guinea, Peru, The Philippines, Russia, Singapore, Chinese Taipei, Thailand, USA, Vietnam Telecommunications and Information Working Group Chair: Mr Liu Ziping Director Department of International Cooperation Ministry of Industry and Information Technology 13 West Chang An Ave. Beijing 100804 APEC Secretariat Ms. Susan B. Natividad Director (Program)

APEC Secretariat 35 Heng Mui Keng Terrace, Singapore 119616 Tel: (65) 68 919 600 Fax: (65) 68 919 690 Email: info@apec.org Association of Southeast Asian Nations (ASEAN) Telecommunication and IT (TELMIN)

Cybercrime To develop common framework to coordinate exchange of information, establishment of standards and cooperation among enforcement agencies Brunei Darussalam, Cambodia, Indonesia, Lao PDR, Malaysia, Myanmar, The Philippi nes, Singapore, Thailand, Vietnam Via website Child Helpline International - Emergency phone service

Child abuse To respond to children in need of care and protection and To voice children's concerns to policy and decision makers by establishing a glo bal network of children's helplines To provide support to individual child helplines The detailed list of the Helplines in 86 countries is available on the website

Via website Herengracht 418 1017 BZ Amsterdam The Netherlands Tel: +31 (0)20 528 9625 Email: info@childhelplineinternational.org Ciber delincuencia All cybercrime To promote the international instruments on cybercrime (Council of Europe Conven tion on Cybercrime and its Additional Protocol) as well as resolutions and recom mendations emerging from international and regional organizations; To facilitate and promote exchange of information among experts in the field of cybercrime in order to identify problems, differences and address legal challeng es in Latin America. To develop and promote exchange of best practices regulation, enforcement, and c ooperation among law enforcement authorities and the judiciary in Latin America and to foster the creation of adequate policies to counter cybercrime in the reg ion

To facilitate and disseminate the use of the website as a collaborative tool to exchange information by and between experts, entities, groups and authorities in charge of combating cybercrime at the international and regional level.

By e-mail request and based on the experience of the candidate. Currently trying to include most of the Latin American countries without cybercrime legislation in place. Email: cristosv@ciberdelincuencia.org or info@ciberdelincuencia.org Cloud Security Alliance (CSA)

Cloud computing To promote the use of best practices for providing security assurance within Clo ud Computing and to provide education on the uses of Cloud Computing to help sec ure all other forms of computing Full list available on the website Email: info@cloudsecurityalliance.org Contact network of spam authorities (CNSA) Spam To share information and best practices in enforcing anti-spam laws between nati onal authorities of EU Member States and of the EEA EU Member States Current Coordinator : Office of Fair Trading (United Kingdom) Contact: enquiries@oft.gsi.gov.uk Cooperative Cyber Defence Centre of Excellence

Cyber Defence To enhance the capability, cooperation and information sharing among NATO, NATO nations and Partners in cyber defence by virtue of education, research and devel opment, lessons learned and consultation. The core areas of research include: legal and policy, concepts and strategy, tac tical environment, critical information infrastructure protection Estonia, Latvia, Lithuania, Germany, Italy, the Slovak Republic, and Spain Filtri tee 12, 10132 Tallinn, Estonia

Tel: +372 717 6800 Fax: +372 717 6308 Email: ccdcoe@ccdcoe.org Council of Europe Cooperation against cybercrime Cybercrime Convention Committee Contact points for police and judicial cooperation All Cybercrime To establish a global framework for efficient cooperation against cybercrime To support the strengthening of legislation and capacity building To facilitate the implementation of the Budapest Convention on Cybercrime Member States of the Council of Europe Parties to the Budapest Convention on Cybercrime Public and private sector institutions participating in project activities Council of Europe Economic Crime Division Strasbourg, France Email: cybercrime@coe.int Cybercrime Centres of Excellence Network for Training Research and Education (2C entre) Law enforcement training To establish a network of university Cen tres of Excellence to train law enforcement agencies on cybercrime investigation techniques Law enforcement, industry and academia University College Dublin Universit de Tchnologie Troyes Contact: http://www.2centre.eu/contact European Child Safety Online NGO Network (ENACSO) Child safety online To build and develop a dynamic network of children's NGOs from across the EU wit h expertise on child internet safety, to be the central focal point representing civil society in relation to child protection on the Internet and new media in Europe To develop a common approach to protecting children in relation to new and emerg ing technologies based on the experience of children's rights NGOs To influence relevant policies and strategies at national, European and internat ional level by promoting legislative, technical and other solutions that protect and enhance children's rights online The overriding goal is to create a safer o nline environment for children through fulfilling these objectives 13 NGOs from all Europe (Austria, Belgium, Czech Republic, Denmark, Finland, Fra

nce, Hungary, Ireland, Italy, Poland, Spain, The Netherlands, United Kingdom).

Carstensen Dieter Rosenoerns All 12 1634 Copenhagen V Denmark Tel. +45 35248523 Fax. +45 35391119 Email: dc@redbarnet.dk End Child Prostitution, Child Pornography and Trafficking of Children For Sexual Purposes (ECPAT) Child abuse To ensure and realise the right of all children to live free of child prostituti on, child pornography and child trafficking for sexual purposes To build collaboration among local civil society actors and the broader child ri ghts community to form a global social movement for protection of children from sexual exploitation The International Secretariat of ECPAT International is based in Bangkok, Thaila nd. The ECPAT network gathered more than than 80 independent organisations or coalit ions in over 70 countries. 328 Phayathai Road. Rachathewi , Bangkok , Thailand 10400 Tel. +662 215 3388 Email: info@ecpat.net Europol - Analysis Work Files (AWF) Child abuse To support member states in preventing & combating criminal networks involved in production, sale or distribution of child pornography, and the associated forms of crime within Europol s mandate, e.g. the sexual exploitation of children European Union member states Europol Raamweg 47 PO Box 90850 2509 LW The Hague Netherlands Tel. +31 70 302 5000 European Cybercrime Training and Education Group (ECTEG)

Cybercrime Investigation Training To provide ongoing support to organisations delivering training courses by makin g current training material available and by providing training support

Europol Raamweg 47 PO Box 90850 2509 LW The Hague Netherlands Tel. +31 70 302 5000 European Financial Coalition

Child protection To bring together all stakeholder groups engaged in the fight against the commer cial distribution of child abuse images in order to facilitate and support pan-E uropean police operations, with cross sector solutions targeting in particular t he electronic payment systems that are used to purchase child exploitation and a buse images on the internet

Child Exploitation and Online Protection Centre 33 Vauxhall Bridge Road London SW1V 2WG Email: efc@ceop.gsi.gov.uk.

EuroISPA Internet safety To protect and promote the interests of Europe as a whole within the global Inte rnet, securing for Europe a premier position in the key industry of the new Mill ennium To help deliver the benefits of this new technology of liberation and empowermen t to individuals, while at the same time meeting the legitimate concerns of pare nts and others responsible for the weaker members of society. To encourage the development of a free and open telecommunications market, somet hing of great benefit to society as a whole but essential to the healthy develop ment of the Internet. To promote the interests of our members and provide common services to them wher e these cannot be had elsewhere ISPA represents over 1700 Internet service providers across the EU and EFTA coun tries, including ISPs from Austria, Belgium, Czech Republic, Finland, France, Ge rmany, Ireland, Italy, Norway, Romania and the UK. A detailed list of ISPA members is available on the website

A detailed list of ISPA partners is available on the website

EuroISPA Secretariat 39, Rue Montoyer B - 1000 Brussels Belgium Tel. +32 2 503 22 65 Fax. +32 2 503 42 95 Email: secretariat@euroispa.org Forum of Incident Response and Security Teams (FIRST)

Internet safety To foster cooperation and coordination between computer security incident respon se teams (CSIRTS) from government, commercial, and educational organizations in incident prevention To stimulate rapid and effective reaction to incidents by providing access to be st practices, tools, and trusted communication with member teams. To promote information sharing among members and the community at large

More than 210 members spread over Africa, the Americas, Asia, Europe and Oceania . FIRST.Org, Inc., PO Box 1187 Morrisville North Carolina 27560-1187 U.S.A. Email: first-sec@first.org In case of emergency, contact the local response team directly Family Online Safety Institute (FOSI)

Internet safety To make the online world safer for kids and their families by identifying and pr omoting best practice, tools and methods in the field of online safety, that als o respect free expression A detailed list of FOSI members is available on the website Via website or FOSI office in North America Family Online Safety Institute

624 Ninth Street, Suite 222 Washington, DC 20001, United States of America FOSI office in Europe Family Online Safety Institute 12-13 Ship Street Brighton East Sussex BN1 1AD United Kingdom Financial Coalition Against Child Pornography

Child protection tation

To prevent the abuse of payment systems for child exploi

FCACP is made up of 32 of the leading banks, credit card companies, electronic p ayment networks, third party payments companies, and Internet services companies The International Centre for Missing & Exploited Children 1700 Diagonal Road, Suite 625 Alexandria, Virginia 22314 United States of America Telephone:001.703.837.6313 Fax:001.703.549.4504 Email: information@icmec.org

GetNetWise - Coalition

Child safety, privacy, security and spam To help ensure that Internet users have safe, constructive, and educational or e ntertaining online experiences Internet industry corporations and public interest organisations Via website Global Prosecutors E-Crime Network (GPEN) International cooperation Investigation and prosecution of cybercrimes To enable all jurisdictions to develop a co-ordinated approach for dealing with e-crime that supports effective prosecutions and promotes the Cybercrime Convent ion. To encourage enhanced international cooperation in the e-crime arena To improve the exchange of information To develop appropriate training courses to train prosecutors International Association of Prosecutors members International Association of Prosecutors (IAP) Hartogstraat 13, The Hague, The Netherlands

Tel. +45 33 43 67 34 Email: info@gpen.info G-8 Subgroup on high-tech crime Cybercrime "To enhance the abilities of G8 countries to prevent, investigate, and prosecute crimes involving computers, networked communications, and other new technologie s G8 members:Canada, France, Germany, Italy, Japan, Russia, UK, US, EU ICANN Security & Stability Advisory Committee (SSAC) Working Group

System security and integrity To advise ICANN community on matters relating to the security and integrity of the Internet's naming and address allocation syst ems A detailed list of the Working Group members is available on the websit e Comments and questions should be sent by email to: Steve Crocker steve@stevecrocker.com Dave Piscitello dave.piscitello@icann.org Julie Hedlund julie.hedlund@icann.org . International Multilateral Partnership on Cyber Threats (IMPACT) Cyberthreats and -security Cybersecurity executing arm of the United Nations specialised agency, the Interna tional Telecommunication Union (ITU) - bringing together governments, academia a nd industry experts to enhance the global community s capability in dealing with c yber threats. A detailed list of ITU (International Communication Union) member States that ar e IMPACT partner countries is available on the website Via website or IMPACT Jalan IMPACT 63000 Cyberjaya Malaysia Tel: +60 (3) 8313 2020 Fax: +60 (3) 8319 2020 Email: contactus@impact-alliance.org International Working Group on Data Protection in Telecommunications (IWGDPT)

Data protection To improve the protection of privacy in telecommunications with a particular foc us on the protection of privacy on the Internet Representatives from Data Protection Authorities and other bodies of national pu blic administrations, international organisations and scientists from all over t he world Interpol - 24/7 Cybercrime To connect law enforcement officials in all member States and to provide them wi th the means to share crucial information on criminals and criminal activities To enable member states to access each others national databases using a business -to-business (B2B) connection Interpol 188 member States Via website or INTERPOL General Secretariat 200, quai Charles de Gaulle 69006 Lyon France Fax. +33 (0)4 72 44 71 63 Interpol - Regional Working Parties on Information Technology Crime Factsheet on Interpol activities on Cybercrime Cybercrime To facilitate the development of strategies, technologies and information on the latest IT crime methods 4 regional working parties: Europe, Africa, Asia-South Pacific, Latin America More information on each of the working parties is available on the website Via website or INTERPOL General Secretariat 200, quai Charles de Gaulle 69006 Lyon France Fax. +33 (0)4 72 44 71 63 Interpol - National Central Reference points (NRCP) Factsheet on Interpol activities on Cybercrime International police cooperation To facilitate international police co-operation through National Central Referen ce Points (NCRP), a designated network of investigators working in national comp uter crime units,

More than 120 INTERPOL National Central Bureaus have designated NCRPs Via website or INTERPOL General Secretariat 200, quai Charles de Gaulle 69006 Lyon France Fax. +33 (0)4 72 44 71 63 Innocence en danger Child abuse To sensitise and catalyse, educate and inform governmental and non-governmental bodies, European and international intergovernmental bodies, business enterprise s, and the general public on the increasing problems of paedo-criminality Offices in Switzerland, France, Germany, Colombia, Morocco and the United States of America The contact details of all national offices are available on the website International Association of Internet Hotlines (INHOPE)

Illegal content To support and enhance the performance of internet hotlines around the world, en suring swift action is taken in responding to reports of illegal content to make the internet a safer place Internet hotlines around the world INHOPE Association 25 Sandyford Office Park Sandyford Dublin 18 Ireland Email: info@inhope.org INSAFE

Online safety Child protection online To promote safe, responsible use of the Internet and mobile devices to young peo ple To empower citizens to use the internet, as well as other online technologies, p ositively, safely and effectively INSAFE is a network of: -National Awareness Centres in 30 countries; -helplines and youth panels. INSAFE also runs a pan-European youth panel on onli ne safety. -Safer Internet Day committees in more than 30 countries across the world Insafe Project Manager

European Schoolnet 61 rue de Trves 1040 Brussels, Belgiu Tel. +32 2 790 7575 Fax. +32 2 790 7585 Email: info-insafe@eun.org Information Security Forum (ISF) Information security To supply authoritative opinion and guidance on all aspects of information secur ity Over 300 members worldwide Information Security Forum 10 - 18 Union Street London SE1 1SZ United Kingdom Tel. +44 (0) 20 7212 1173 Fax. +44 (0) 20 7213 4813 Email: mx2@securityforum.org International Center for Missing and Exploited Children (ICMEC) Child protection To identify and coordinate a global network of organizations fighting child-sexu al exploitation and abduction.

The International Centre for Missing & Exploited Children 1700 Diagonal Road, Suite 625 Alexandria, Virginia 22314 United States of America Telephone:001.703.837.6313 Fax:001.703.549.4504 Email: information@icmec.org International Telecommunication Union (ITU) Cybersecurity activities

Cybersecurity To build confidence and security in the use of information and c ommunication technologies ITU member States Website: Contact information Internet Governance Forum (IGF)

Cybercrime To discuss public policy issues related to key elements of Internet governance i n order to foster the sustainability, robustness, security, stability and develo

pment of the Internet; To identify emerging issues, bring them to the attention of the relevant bodies and the general public, and, where appropriate, make recommendations; To contribute to capacity building for Internet governance in developing countri es, drawing fully on local sources of knowledge and expertise; To help to find solutions to the issues arising from the use and misuse of the I nternet, of particular concern to everyday users UN member States, international organisations, public and private sector stakeho lders United Nations Secretariat of the Internet Governance Forum (IGF) Bocage Annex Palais des Nations, CH-1211 Geneva 10 Switzerland Tel. +41 22 917 46 65 Fax. +41 22 917 00 92 Email: igf@unog.ch

London Action Plan Spam to promote international spam enforcement cooperation and address spam related problems, such as online fraud and deception, phishing, and dissemination of vir uses. The participants also open the Action Plan for participation by other inte rested government and public agencies, and by appropriate private sector represe ntatives, as a way to expand the network of entities engaged in spam enforcement cooperation See list of public and private sector members Email: admin@londonactionplan.org Messaging Anti-Abuse Working Group (MAAWG)

Messaging abuses To bring the messaging industry together to work collaboratively and to successf ully address the various forms of messaging abuse, such as spam, viruses, denial -of-service attacks and other messaging exploitations A detailed list of MAAWG members is available on the website Operation Spam Zombies Spam, Zombies To inform ISPs on spam prevention measures To encourage ISPs to implement anti-zombie measures Via website

A detailed list of the governmental agencies participating in this operation is available on the website Possibility to forward deceptive spam email to spam@uce.gov Organisation for Economic Co-operation and Development (OECD) Task Force on SPAM Spam To support the development of an inclusive and coherent answer to the spam issue , the OECD has launched an Anti-Spam Toolkit as the first step in a broader initia tive to help policy makers, regulators and industry players orient their policie s relating to spam solutions and restore trust in the Internet and e-mail.

Email: spam.project at oecd.org Organisation for Economic Co-operation and Development (OECD) Working Party for Information Security and Privacy (WPISP) Network security Privacy To promote an internationally coordinated approach to policymaking in security and protection of privacy and personal data in order to help build trust in the global information society and facilitate e-commerce.

WPISP Secretariat 2, rue Andr-Pascal 75775 Paris Cedex 16 - FRANCE Tel. +33 (0) 1 4524 8200 Fax. +33 (0)1 4430 6259 Email: dsti.contact@oecd.org Organisation of American States (OAS) Inter-American Co-operation Portal on Cybe r-Crime Cybercrime To complete a diagnosis of criminal activity which targets computers and informa tion, or which uses computers as the means of committing an offense To complete a diagnosis of national legislation, policies and practices regardin g such activity To identify national and international entities with relevant expertise; and To identify mechanisms of cooperation within the inter-American system to combat cybercrime. OAS member States or Via website

Email: Legalcooperation@oas.org Rseaux IP Europens Community (RIPE) Anti-Abuse Working Group

Network abuse To develop best common practice for Internet service providers (ISPs) To provide advice to ISPs, Governments and Law Enforcement Agencies To discuss and disseminate information on technical and non-technical methods of preventing or reducing network abuse. The RIPE community has formed a number of working groups to deal with issues and topics affecting the Internet community. A detailed list of all RIPE working groups is available on the website Email of the Anti-Abuse Working Group: anti-abuse-wg@ripe.net

Office address RIPE NCC Singel 258 1016 AB Amsterdam The Netherlands Tel. +31 20 535 4444 Fax. +31 20 535 4445 Postal address RIPE NCC P.O. Box 10096 1001EB Amsterdam The Netherlands A full list of RIPE email addresses is available on RIPE website Society for the Policing of Cyberspace (POLCYB)

Cybersecurity To enhance international partnerships among public and private professionals to prevent and combat crimes in cyberspace To facilitate information-sharing between and among executives, administrators, and front-line professionals through seeking expert advice among our global and diverse membership. To provide public education on information protection and internet safety to rai se public awareness of cybercrime, including those committed against children an d youth Individual and organisational memberships are possible. A detailed list of organisations members of POLCYB is available on the website Bessie Pang Executive Director The Society for the Policing of Cyberspace Suite 834 - 6540 East Hastings St. Burnaby, British Columbia V5B 4Z5 CANADA Tel. 778.883.8432 Fax. 604-980-5231 Email: polcyb@polcyb.org Safer Internet Programme

Child safety online Illegal content and conduct To empower and protect children and young people online by awareness raising ini tiatives and by fighting illegal and harmful online content and conduct EU Member States: a detailed list of the 27 Safer Internet Centres is available

on the website

Safer Internet EUFO 1194 European Commission L-2920 Luxembourg Fax. +352 4301 34079 E-mail: saferinternet@ec.europa.eu Shared.brain

Spam, phishing, network abuse Real-time database for sharing SMTP reputation-information between ISPs To maximize effectiveness of anti-abuse-strategies Partners: eco Bizanga Mr. Sven Karge Head of Content Department eco Verband der deutschen Internetwirtschaft e.V. Lichtstr. 43h D-50825 Kln Tel. + 49 221 7000480 Fax. + 49 221 70004811 E-mail: sven.karge@eco.de Possibility for interested ISPs to get an access, upon request, to the shared.br ain WIKI space Verband der deutschen Internetwirtschaft

Virtual Global Taskforce

Child abuse To build an effective, international partnership of law enforcem ent agencies that helps to protect children from online child abuse. -Australian Federal Police -Canadian National Child Exploitation Coordination Centre (NCECC) as part of the Royal Canadian Mounted Police -Italian Postal and Communication Police Service -UK Child Exploitation and Online Protection Centre

-U.S. Immigration and Customs Enforcement (ICE) -Interpol Possibility to report abuse via the website United Nations Office on Drugs and Crime (UNODC)

Crime prevention and criminal justice With regard to cybercrime: Coming out the global study on the threat of responses to cybercrime Capacity building United Nations Member State Via website Gillian Murray Chief, Conference Support Section Focal Point on Cybercrime Organized Crime and Illicit Trafficking Branch Division for Treaty Affairs P.O. Box 500, A-1400 Vienna, Austria Tel:+43 (1) 260604084 Email: gillian.murray@unodc.org Is it a crime to plan a crime but not commit the crime? yes Whether the created crime is deemed worthy of being punishable as an actual crim e is probably more based on the viewpoint of he who created it. In other words, you decide with the help or lack of a conscience. If you have a clear mind for t hinking it, then no worries; you're hands are clean, as long as no one else know s about it. ;) We are our own decider of the evils in this world with all things considered. So long as we have the freedom of choice. One thing to think about though...you chose to not commit the crime, so does that make you innocent?? Or does it still condemn you as a criminal based on your criminal mind?? muwahahaha a KB What happens when a person didn't commit a crime at all but was with the person who did commit the crime? If you were with a person who committed the crime, you are an accessory to a cri me. (There are exceptions. It depends on what you mean by the word with. If you were with a person and totally unaware he was going to commit a crime and did nothin g to participate in the crime, there may be an exception. I know of one case whe re a woman discovered she was with a drug dealer. She took her stuff and walked to the bus station and caught a bus. The law left her alone.) It depends on what you knew and when you knew it and what you did about it. What is the punishment for a first-offense cyber crime?

If the crime is committed for commercial advantage, malicious destruction, priva te commercial gain, or in furtherance of any criminal act, the punishment is a f ine and/or imprisonment for up to five years for a first offense.

the weapons Botnets Average size is 5000 computers, some have been as large as 500,000 computers New command and control software allows botnet capacity leasing of subsections o f the botnet Phishing You guys *do* know what phishing is, right? Targeted Viruses Used to create quick one-time-use botnets Also used when specifically targeting a single site or organization The usual Internet attack tools Metasploit, etc WHAT DO CYBER CRIMINALS TARGET? Unlike conventional crimes of theft, in which the owner actually loses their physical property, the theft of information by cyber criminals may not result in the loss of anything physical at all. Moreover, the theft can often leave the original data exactly where it was to begin with. With the exception of the well-understood and documented copyright theft issue, information stolen by cyber criminals often falls into the following categories: Bulk business data this often needs to be online to enable efficient transactions to take place, and is usually customersensitive (for example, customer addresses or financial details). Any associated data breaches can carry large regulatory penalties as well as substantial reputational damage. Most organisations employ conventional information assurance methods (such as firewalls) to protect this data, and we believe it is targeted mainly by opportunist individual cyber criminals, or small cyber criminal networks. Some types of digital data, once they are stolen, tend to have great longevity for instance, data containing names, dates of birth, and National Insurance numbers have lifetime durations and cannot be 'reset'. This data will potentially be just as valuable to cyber criminals in the long term as it is now. This is quite distinct from transient data (such as login passwords), which can readily be reset, and are frequently changed on a regular cycle. High-value IP different business sectors have different approaches to developing, investing in and exploiting their IP. IP does not necessarily need to be stored online,

and usually contains information that has long-term high value to an organisation. While much exists in a tangible form, many other types of IP are intangible in the form of tacit knowledge and the skills of employees, for example. The types of IP most likely to be stolen by cyber criminals are ideas, designs, methodologies and trade secrets, which exist mostly in tangible form and add considerable value to a competitor. Examples include R&D outputs; product prototypes; documents describing unique business process methodologies or corporate strategies and business decision-making; staff details, including personal information, skill sets and remuneration levels; and descriptions of company capabilities and weaknesses. Any associated data breaches can result in significant damage or compromise to long-term strategy or corporate finances 26 . Protection for this type of information is often provided by storage on a standalone IT system, complemented by additional physical and personnel security. High-value IP is targeted mainly by foreign intelligence services 27 , but can also be of interest to highlevel organised criminal networks, who can sell the information on to interested third parties 28 . Tactical corporate information frequently this is communicated using online technology but is not necessarily stored online, is low in volume and contains short-term sensitive information (for example, contract bid prices, or share-price sensitive material). Protection for this information typically involves procedural and messaging security implemented at an organisation s seniormanagement level. It has a high financial impact if it is breached (especially by cyber criminals who operate in the stock market) and is eminently exploitable by cyber criminals if they know how to manipulate or sell this information at the right moment. We believe that this information is targeted mainly by well organised and sophisticated cyber criminal networks, but can also be used by foreign intelligence services to weaken the UK economy 29 . When it comes to stealing IP from organisations, there are four ways cyber criminals can obtain what they want. They can: buy it (in the case of a product), and then reverse-engineer or copy it;

carry out a cyber attack, to obtain the information electronically while remaining outside the organisation s network; carry out an insider attack, so that the data is stolen by someone authorised to access it from within an organisation; steal it, by physically breaking-in to office premises or by stealing from employees. For the purposes of this study, we have defined insider attacks as security breaches associated with employees while cyber attacks are security breaches associated with company technology. Therefore, although we acknowledge that insider attacks can be performed using cyber means, to simplify our model, we have focused our study on external cyber attacks, which tend to go unnoticed and unreported 30 . Footnotes 26 For example, see The Consumer's Report Card on Data Breach Notification , Ponemo n Institue, 2008. 27 GCHQ Press Release, Director GCHQ, Iain Lobban, makes Cyber speech at the IIS S, 12 October 2010 28 For example, see Businesses under Cybercrime attack: how to protect your corp orate network and data against its impact ,

How to report a Cyber Crime Filing a complaint/ Writing an application letter. What details will I be asked to include in my complaint? You may need to provide the following possible information, along with an applic ation letter addressing the head of cyber crime investigation cell when filing a complaint: Your name, Your mailing address, Your telephone number, Specific details on how the offence was committed, along with the names and addr esses of suspects and any other relevant information necessary. What contents should be there in the application letter? Contents vary with respect to the type of fraud or crime faced by you. Cyber Stalking: It is the most common kind of cyber crime happening in India and the victim s repo rt could contain the following information: Email/IM communications received Phone numbers of the obscene callers, if any Website address which contains the profile Screenshot or the webpage (to be saved and submitted in hard copy) Other important necessary information could be provided after consulting law enf orcement agency. Note:

Victims of Cyber Stalking often request webmaster to delete their Profile. Delet ing the profile means the evidence is lost. Password Hacking: When did you access your email account last? From where and which computer did you browse it? All information about email account e.g. date of birth entered, pin code entered and security question and the last password? What type of documents should be included in my application which can be conside red as proof or evidence in regard to my complaint? Every possible information which can be provided by you with proper documents ca n be included in the application letter and be considered as proof or evidence. Proof or Evidence may include the following: E-mail printouts, Chat-room or newsgroup text or screenshots if taken by you, Email printouts should contain full email header information, Transaction acknowledgements or receipts, Credit card records, transaction details and receipts, Envelopes or letters received via post courier, FAX copies, Pamphlets or brochures (if you have received), Phone bills, Printed or preferably electronic copies of web pages Keep the necessary information in a safe location; you will be required to provi de them for investigation as and when required. Note: Proof or documents which will be part of the application are not restricte d to the above list, additional information may be required depending on the nat ure of crime. What should I do if I believe my complaint is time sensitive? You should contact your local police station directly if you believe your matter is time sensitive. You can get the crime related information on other below mentioned web sites lin ks:Mumbai Police: www.mumbaipolice.org Pune Police: www.punepolice.com Thane Police: www.thanepolice.org Indian Computer Emergency Response Team: www.cert-in.org.in If you think you or anyone you know are in immediate danger, please contact your local police station or main control room (Phone no. 100) immediately! Online reporting should NEVER be used in the event of an emergency requiring immediate attention.

Approximately 40 federal statutes govern the prosecution of computer-related cri mes. Among the most prominent are the Copyright Act, the National Stolen Propert y Act, mail and wire fraud statutes, the Electronic Communications Privacy Act, the Communications Decency Act of 1996, the Child Pornography Prevention Act, an d the Child Pornography Prevention Act of 1996. Congress recognized computer-related crimes as discrete federal offenses with th e 1984 passage of the Counterfeit Access Device and Computer Fraud and Abuse Law , which was revised four times in the following decade. This law narrowly protec

ted classified U.S. defense and foreign relations information, files of financia l institutions and consumer reporting agencies, and access to governmental compu ters. Congress enacted another major anti-cyber-crime law in 1996, the National Inform ation Infrastructure Protection Act (NIIPA). NIIPA broadened the scope of protec tion offered by the Computer Fraud and Abuse Law by covering all computers attac hed to the Internet and, therefore all computers used in interstate commerce. It also criminalized all unauthorized access of computer files in order to transmi t classified government information; intentional access of U.S. department or ag ency non-public computers without permission; and accessing protected computers, without or beyond authorization, to defraud and obtain something of value. The Copyright Act covers computer-related copyright infractions, such as softwar e piracy. The act provides criminal remedies for any intentional infringement of a copyright perpetrated for commercial advantage or private financial gain. Giv en the ease and anonymity of nearly identical reproductions made of online intel lectual property, such as software, digitized text, and audio and visual files and the ability to disseminate those copies worldwide many see copyright as an increa singly costly cyber-crime offense. Traditional exceptions to copyright privilege s, such as "fair use" and the "right of first sale," may be eroded under evolvin g copyright protection laws in cyberspace. Digital intellectual property rights also are regulated by the No Electronic Theft Act of 1996, which criminalizes th e electronic reproduction and dissemination of copyrighted material. The National Stolen Property Act (NSPA) has been extended to cover the fraudulen t transfer of funds online, as well as the theft of tangible hardware. The court s have determined that federal mail and wire fraud statutes, which outlaw the us e of interstate wire communications or the mail to defraud persons of money or p roperty, also can apply to computer-aided theft. However, the case law on this p oint is still evolving. One of the most controversial areas of cyber law, the extent of online privacy p rotection, was addressed in the Electronic Communications Privacy Act of 1986 (E CPA). ECPA has been utilized to prosecute computer hacking, since it strengthens the privacy rights of computer users and permits law enforcement to use electro nic surveillance when investigating computer crimes. ECPA also has been used in cases of the theft of encrypted, satellite-transmitted television broadcasts. The problem of online child pornography spawned several laws intended to block t he online transmission of pornographic material to minors. Congress passed the C ommunications Decency Act of 1996 (CDA, also Title V of the Telecommunications A ct of 1996), which prohibited the transmission of "indecent," "patently offensiv e," and "obscene" material to minors over the Internet. However, the Supreme Cou rt invalidated certain sections of the DCA in Reno v. American Civil Liberties U nion, stating that they infringed the First Amendment protection of free speech. In response, Congress passed the Child Online Protection Act, which penalized an y commercial Web site that allowed children to access content that was "harmful to minors." By summer 2001, this act was challenged on First Amendment grounds i n a U.S. circuit court. The Internet's role in the production and dissemination of child pornography also is addressed by the Child Pornography Prevention Act o f 1996 (CPPA), intended to criminalize the production, distribution, and recepti on of computer-generated, sexual images of children. The CPPA has survived const itutional challenges in court. Despite the plethora of anti-cyber-crime laws, few cases have been adjudicated u nder them. This is due to the reluctance of victims to lodge suits, the difficul ty of gathering evidence and identifying perpetrators in cyberspace, the desire

of many victims to pursue matters privately, and the fact that many such inciden ts were prosecuted under state, rather than federal, laws. Prosecution of cybercrime raises several difficult constitutional dilemmas. Among these are Fourth A mendment concerns about the legality of the search and seizure of computer recor ds and software, First Amendment concerns about freedom of speech, and general q uestions about the extent of citizens' online privacy. Since 1978, the states also have addressed cyber-crimes in their own legislation , with Arizona and Florida being the first to do so. Every state has some such l egislation on the books. The states have taken the lead in specifically addressi ng some forms of cyber-crime, such as online harassment. However, the expansion of state computer crime legislation also generates conflicts between federal and state authorities regarding cyber-crime prosecution. Most Common Types of Viruses and Other Malicious Programs 1. Resident Viruses This type of virus is a permanent which dwells in the RAM memory. From there it can overcome and interrupt all of the operations executed by the system: corrupt ing files and programs that are opened, closed, copied, renamed etc. Examples include: Randex, CMJ, Meve, and MrKlunky. 2. Multipartite Viruses Multipartite viruses are distributed through infected media and usually hide in the memory. Gradually, the virus moves to the boot sector of the hard drive and infects executable files on the hard drive and later across the computer system. 3. Direct Action Viruses The main purpose of this virus is to replicate and take action when it is execut ed. When a specific condition is met, the virus will go into action and infect f iles in the directory or folder that it is in and in directories that are specif ied in the AUTOEXEC.BAT file PATH. This batch file is always located in the root directory of the hard disk and carries out certain operations when the computer is booted. 4. Overwrite Viruses Virus of this kind is characterized by the fact that it deletes the information contained in the files that it infects, rendering them partially or totally usel ess once they have been infected. The only way to clean a file infected by an overwrite virus is to delete the fil e completely, thus losing the original content. Examples of this virus include: Way, Trj.Reboot, Trivial.88.D. 5. Boot Virus This type of virus affects the boot sector of a floppy or hard disk. This is a c rucial part of a disk, in which information on the disk itself is stored togethe r with a program that makes it possible to boot (start) the computer from the di sk. The best way of avoiding boot viruses is to ensure that floppy disks are write-p rotected and never start your computer with an unknown floppy disk in the disk d

rive. Examples of boot viruses include: Polyboot.B, AntiEXE. 6. Macro Virus Macro viruses infect files that are created using certain applications or progra ms that contain macros. These mini-programs make it possible to automate series of operations so that they are performed as a single action, thereby saving the user from having to carry them out one by one. Examples of macro viruses: Relax, Melissa.A, Bablas, O97M/Y2K. 7. Directory Virus Directory viruses change the paths that indicate the location of a file. By exec uting a program (file with the extension .EXE or .COM) which has been infected b y a virus, you are unknowingly running the virus program, while the original fil e and program have been previously moved by the virus. Once infected it becomes impossible to locate the original files. 8. Polymorphic Virus Polymorphic viruses encrypt or encode themselves in a different way (using diffe rent algorithms and encryption keys) every time they infect a system. This makes it impossible for anti-viruses to find them using string or signature searches (because they are different in each encryption) and also enables them to create a large number of copies of themselves. Examples include: Elkern, Marburg, Satan Bug, and Tuareg. 9. File Infectors This type of virus infects programs or executable files (files with an .EXE or . COM extension). When one of these programs is run, directly or indirectly, the v irus is activated, producing the damaging effects it is programmed to carry out. The majority of existing viruses belongs to this category, and can be classifie d depending on the actions that they carry out. 10. Encrypted Viruses This type of viruses consists of encrypted malicious code, decrypted module. The viruses use encrypted code technique which make antivirus software hardly to de tect them. The antivirus program usually can detect this type of viruses when th ey try spread by decrypted themselves. 11. Companion Viruses Companion viruses can be considered file infector viruses like resident or direc t action types. They are known as companion viruses because once they get into t he system they "accompany" the other files that already exist. In other words, i n order to carry out their infection routines, companion viruses can wait in mem ory until a program is run (resident viruses) or act immediately by making copie s of themselves (direct action viruses). Some examples include: Stator, Asimov.1539, and Terrax.1069 12. Network Virus

Network viruses rapidly spread through a Local Network Area (LAN), and sometimes throughout the internet. Generally, network viruses multiply through shared res ources, i.e., shared drives and folders. When the virus infects a computer, it s earches through the network to attack its new potential prey. When the virus fin ishes infecting that computer, it moves on to the next and the cycle repeats its elf. The most dangerous network viruses are Nimda and SQLSlammer. 13. Nonresident Viruses This type of viruses is similar to Resident Viruses by using replication of modu le. Besides that, Nonresident Viruses role as finder module which can infect to files when it found one (it will select one or more files to infect each time th e module is executed). 14. Stealth Viruses Stealth Viruses is some sort of viruses which try to trick anti-virus software b y intercepting its requests to the operating system. It has ability to hide itse lf from some antivirus software programs. Therefore, some antivirus program cann ot detect them. 15. Sparse Infectors In order to spread widely, a virus must attempt to avoid detection. To minimize the probability of its being discovered a virus could use any number of differen t techniques. It might, for example, only infect every 20th time a file is execu ted; it might only infect files whose lengths are within narrowly defined ranges or whose names begin with letters in a certain range of the alphabet. There are many other possibilities. 16. Spacefiller (Cavity) Viruses Many viruses take the easy way out when infecting files; they simply attach them selves to the end of the file and then change the start of the program so that i t first points to the virus and then to the actual program code. Many viruses th at do this also implement some stealth techniques so you don't see the increase in file length when the virus is active in memory. A spacefiller (cavity) virus, on the other hand, attempts to be clever. Some pro gram files, for a variety of reasons, have empty space inside of them. This empt y space can be used to house virus code. A spacefiller virus attempts to install itself in this empty space while not damaging the actual program itself. An adv antage of this is that the virus then does not increase the length of the progra m and can avoid the need for some stealth techniques. The Lehigh virus was an ea rly example of a spacefiller virus. 17. FAT Virus The file allocation table or FAT is the part of a disk used to connect informati on and is a vital part of the normal functioning of the computer. This type of virus attack can be especially dangerous, by preventing access to c ertain sections of the disk where important files are stored. Damage caused can result in information losses from individual files or even entire directories. 18. Worms

A worm is technically not a virus, but a program very similar to a virus; it has the ability to self-replicate, and can lead to negative effects on your system and most importantly they are detected and eliminated by antiviruses. Examples of worms include: PSWBugbear.B, Lovgate.F, Trile.C, Sobig.D, Mapson. 19. Trojans or Trojan Horses Another unsavory breed of malicious code (not a virus as well) are Trojans or Tr ojan horses, which unlike viruses do not reproduce by infecting other files, nor do they self-replicate like worms. 20. Logic Bombs They are not considered viruses because they do not replicate. They are not even programs in their own right but rather camouflaged segments of other programs. Their objective is to destroy data on the computer once certain conditions have been met. Logic bombs go undetected until launched, and the results can be destr uctive.

1. Boot Sector Virus The term boot sector is a generic name that seems to originally come from MS-DOS b ut is now applied generally to the boot information used by any operating system . In modern computers this is usually called the master boot record, and it is the first sector on a partitioned storage device. Boot sector viruses became popular because of the use of floppy disks to boot a computer. The widespread usage of the Internet and the death of the floppy has m ade other means of virus transmission more effective. 2. Browser Hijacker This type of virus, which can spread itself in numerous ways including voluntary download, effectively hijacks certain browser functions, usually in the form of re-directing the user automatically to particular sites. It s usually assumed tha t this tactic is designed to increase revenue from web advertisements. There are a lot of such viruses, and they usually have search included somewhere i n their description. CoolWebSearch may be the most well known example, but other s are nearly as common. 3. Direct Action Virus This type of virus, unlike most, only comes into action when the file containing the virus is executed. The payload is delivered and then the virus essentially becomes dormant it takes no other action unless an infected file is executed aga in. Most viruses do not use the direct action method of reproduction simply because it is not prolific, but viruses of this type have done damage in the past. The V ienna virus, which briefly threatened computers in 1988, is one such example of a direct action virus. 4. File Infector Virus Perhaps the most common type of virus, the file infector takes root in a host fi le and then begins its operation when the file is executed. The virus may comple tely overwrite the file that it infects, or may only replace parts of the file, or may not replace anything but instead re-write the file so that the virus is e xecuted rather than the program the user intended.

Although called a file virus the definition doesn t apply to all viruses in all file s generally for example, the macro virus below is not referred to by the file vi rus. Instead, the definition is usually meant to refer only to viruses which use an executable file format, such as .exe, as their host. 5. Macro Virus A wide variety of programs, including productivity applications like Microsoft E xcel, provide support for Macros special actions programmed into the document us ing a specific macro programming language. Unfortunately, this makes it possible for a virus to be hidden inside a seemingly benign document. Macro viruses very widely in terms of payload. The most well known macro virus i s probably Melissa, a Word document supposedly containing the passwords to porno graphic websites. The virus also exploited Word s link to Microsoft Outlook in ord er to automatically email copies of itself. 6. Multipartite Virus While some viruses are happy to spread via one method or deliver a single payloa d, Multipartite viruses want it all. A virus of this type may spread in multiple ways, and it may take different actions on an infected computer depending on va riables, such as the operating system installed or the existence of certain file s. 7. Polymorphic Virus Another jack-of-all-trades, the Polymorphic virus actually mutates over time or after every execution, changing the code used to deliver its payload. Alternativ ely, or in addition, a Polymorphic virus may guard itself with an encryption alg orithm that automatically alters itself when certain conditions are met. The goal of this trickery is evasion. Antivirus programs often find viruses by t he specific code used. Obscuring or changing the code of a virus can help it avo id detection. 8. Resident Virus This broad virus definition applies to any virus that inserts itself into a syst em s memory. It then may take any number of actions and run independently of the f ile that was originally infected. A resident virus can be compared to a direct payload virus, which does not inser t itself into the system s memory and therefore only takes action when an infected file is executed. 9. Web Scripting Virus Many websites execute complex code in order to provide interesting content. Disp laying online video in your browser, for example, requires the execution of a sp ecific code language that provides both the video itself and the player interfac e. Of course, this code can sometimes be exploited, making it possible for a virus to infect a computer or take actions on a computer through a website. Although m alicious sites are sometimes created with purposely infected code, many such cas es of virus exist because of code inserted into a site without the webmaster s kno wledge.