Que 1. Write a short note on cyber crime.

Definition of Cybercrime Cybercrime spans not only state but national boundaries as well. Perhaps we should look to international organizations to provide a standard definition of the crime. Cyber crime means any criminal activity in which a computer or network is the source; tool or target or place of crime. Cyber Crimes may be committed against persons, property and government. 1. United Nations defines the Cyber Crime in Two categories as: a. Cybercrime in a narrow sense (computer crime): Any illegal behavior directed by means of electronic operations that targets the security of computer systems and the data processed by them. Cybercrime in a broader sense (computer-related crime): Any illegal behavior committed by means of, or in relation to, a computer system or network, including such crimes as illegal possession offering or distributing information by means of a computer system or network.

b.

Of course, these definitions are complicated by the fact that an act may be illegal in one nation but not in another. there are more concrete examples, including a. b. c. d. e. Unauthorized access. Damage to computer data or programs. Computer sabotage. Unauthorized interception of communications. Computer espionage.

These definitions, although not completely definitive, do give us a good starting point one that has some international recognition and agreementfor determining just what we mean by the term cybercrime. 2. The common types of cyber crimes 1. Hacking - A hacker is an unauthorized user who attempts to or gains access to an information system. Hacking is a crime even if there is no visible damage to the system, since it is an invasion in to the privacy of data. There are different classes of Hackers. a. White Hat Hackers - They believe that information sharing is good, and that it is their duty to share their expertise by facilitating access to information. However there are some white hat hackers who are just joy riding" on computer systems.

b. Black Hat Hackers - They cause damage after intrusion. They may steal or modify data or insert viruses or worms which damage the system. They are also called crackers. c. Grey Hat Hackers - Typically ethical but occasionally violates hacker ethics Hackers will hack into networks, stand-alone computers and software.2 Network hackers try to gain unauthorized access to private computer networks just for challenge, curiosity, and distribution of information.2 Crackers perform unauthorized intrusion with damage like stealing or changing of information or inserting malware (viruses or worms).

2. Cyber Stalking - This crime involves use of internet to harass someone.2 The behavior includes false accusations, threats etc.2 Normally, majority of cyber stalkers are men and the majority of victims are women.

3. Spamming - Spamming is sending of unsolicited bulk and commercial messages over the internet. Although irritating to most email users, it is not illegal unless it causes damage such as overloading network and disrupting service to subscribers or creates negative impact on consumer attitudes towards Internet Service Provider. 4. Cyber Pornography - Women and children are victims of sexual exploitation through internet. Pedophiles use the internet to send photos of illegal child pornography to targeted children so as to attract children to such funs. Later they are sexually exploited for gains 5. Phishing - It is a criminally fraudulent process of acquiring sensitive information such as username, passwords and credit card details by disguising as a trustworthy entity in an electronic communication. 6. Software Piracy - It is an illegal reproduction and distribution of software for business or personal use. This is considered to be a type of infringement of copy right and a violation of a license agreement. Since the unauthorized user is not a party to the license agreement it is difficult to find out remedies. 7. Corporate Espionage - It means theft of trade secrets through illegal means such as wire taps or illegal intrusions. 8. Money Laundering - It means moving of illegally acquired cash through financial and other systems so that it appears to be legally acquired. eg. Transport cash to a country having less stringent banking regulations and move it back by way of loans the interest of which can re deducted from his taxes. This is possible prior to computer and internet technology; electronic transfers have made it easier and more successful. 9. Embezzlement - Unlawful misappropriation of money, property or any other thing of value that has been entrusted to the offenders care, custody or control is called embezzlement. Internet facilities are misused to commit this crime. 10. Password Sniffers - Password sniffers are programmers that monitor and record the name and password of network users as they log in, jeopardizing security at a site. Whoever installs the sniffer can impersonate an authorized user and log in to access on restricted documents. 11. Spoofing - It is the act of disguising one computer to electronically look like another compute, in order to gain access to a system that would be normally is restricted. Spoofing was used to access valuable information stored in a computer belonging to security expert Tsutomu Shimomura.. 12. Credit Card Fraud - In U.S.A. half a billion dollars have been lost annually by consumers who have credit cards and calling card numbers. These are stolen from on-line databases. 13. Web Jacking - The term refers to forceful taking of control of a web site by cracking the password. 14 Cyber terrorism - The use of computer resources to intimidate or coerce government, the civilian population or any segment thereof in furtherance of political or social objectives is called cyber terrorism.2 Individuals and groups quite often try to exploit anonymous character of the internet to threaten governments and terrorize the citizens of the country. Cyber Crimes- Indian Cases 1. Cyber Stalking Facts: One Mrs. Ritu Kohli complained to the police against the person who was using her identity to chat over the Internet at the website www.mirc.com, mostly in the Delhi channel for four consecutive days. Mrs.

Kohli further complained that the person was chatting on the Net, using her name and giving her address and was talking obscene language. The same person was also deliberately giving her telephone number to other chatters encouraging them to call Ritu Kohli at odd hours. Consequently, Mrs Kohli received almost 40 calls in three days mostly at odd hours from as far away as Kuwait, Cochin, Bombay and Ahmedabad. The said calls created havoc in the personal life and mental peace of Ritu Kohliwho decided to report the matter. Investigation: By Delhi Police the IP addresses were traced and the police investigated the entire matter and ultimately arrested Manish Kathuria on the said complaint. Manish apparently pleaded guilty and was arrested. Actions: A case was registered under section 509, of the Indian Penal Code (IPC). Nothing in IT Act. 2. Blackmailing Facts: A Dubai based NRI was lured by anonymous women on internet who after winning his confidence and love started blackmailing him under the guise that the first women with whom the NRI got befriended had committed suicide and police is investigating the case and seeking NRIs details. The accused also sent fake copies of the letters from CBI, High Court of Calcutta, New York police and Punjab University etc. The NRI by that time had paid about Rs. 1.25 crore to the accused. Investigation By Mumbai Police: Thankfully, the NRI has saved all the emails which he has so far received from the strangers he has been communicating with. The I.P. Address embedded in all e-mails received by complainant reveals the origin of the emails. The man assuming these various identities is a single person. Actions: Charges framed u/s292, 389, 420, 465, 467, 468, 469, 471, 474 IPC read with Section 67 of IT Act. Page 10 of 18 3. Credit Card Frauds Air Tickets5 Facts: More than 15000 credit cards were fraudulently used to book Air ticket through the Internet. Total about Rs. 17 crore. The fraud had come to light after the of credit card holders approached the Card Issuing Bank saying they had never booked a ticket. The airline had charged the amount to the bank, which in turn, had passed on the tab to its customers. Investigation: The gang had booked tickets online using credit card numbers obtained from restaurants, hotels, shopping malls and other retail outlets. The tickets were booked from cyber cafes in Mumbai, Delhi, Chennai, Kolkata and Bangalore. Actions: Charges framed under IPC. 4. ILOVEYOU Worm Facts: Also known as VBS/Love letter and Love Bug worm. It began in Philippines on 4thMay 2000 and spread over the world in one day through email boxes. It infected 10% of all computers connected to the internet. Only Microsoft windows operating system eff ected. Subject line: ILOVEYOU. Attachment LOVELETTER-FOR-YOU.TXT.vbs. Damage about Rs. 22,000 Crore. The Pentagon, British Parliament and most of the corporation shut down the email systems to get rid of this worm. Affecting: The worm search all drives which are connected to the infected computer and replace files. The worm propagates by sending out copies of itself to all entries in the Microsoft Outlook address book Action: There was no law against virus writing in Philippines, hence prosecutors dropped all the charges against the offender. Govt. of Philippines enacted a Philippines ecommerce Law on 14thJune 2000 to deal with Cyber Crime. 5. Phishing Facts: The defendants were operating a placement agency involved in `head-hunting' and recruitment. In order to obtain personal data which they could use for head-hunting, the defendants composed and sent emails to third parties in NASSCOM's name. Actions: Injunction (Anton Piller Order) and Rs. 16 lakhs damages Nothing in IT Act Case Law: National Association of Software and Service Companies vs. Ajay Sood & Others, Decided by Delhi High Court in 2005

6. Hacking A case of suspected hacking of certain web portals and obtaining the residential addresses from the e-mail accounts of city residents had recently come to light. After getting the addresses, letters were sent through post mail and the recipients were lured into participating in an international lottery that had Australian $ 23 lakhs at stake. Computer hackers have also got into the Bhaba Atomic Research Centre (BARC) computer and pulled out important data. Some computer professionals who prepared the software for MBBS examination altered the data and gave an upward revision to some students in return for a hefty payment. 7. Parliament Attack Case Bureau of Police Research and Development at Hyderabad had handled some of the top cyber cases, including analyzing and retrieving information from the laptop recovered from terrorist, who attacked Parliament. The laptop which was seized from the two terrorists, who were gunned down when Parliament was under siege on December 13 2001, was sent to Computer Forensics Division of BPRD. The laptop contained several evidences that confirmed of the two terrorists motives, namely the sticker of the Ministry of Home that they had made on the laptop and pasted on their ambassador car to gain entry into Parliament House and the fake ID card that one of the two terrorists was carrying with a Government of India emblem and seal. The emblems (of the three lions) were carefully scanned and the seal was also craftly made along with residential address of Jammu and Kashmir. But careful detection proved that it was all forged and made on the laptop. 8. Sony.Sambandh.Com Case2 A complaint was filed by Sony India Private Ltd, which runs a website called www.sonysambandh.com, targeting Non Resident Indians. The website enables NRIs to send Sony products to their friends and relatives in India after they pay for it online. The company undertakes to deliver the products to the concerned recipients. In May 2002, someone logged onto the website under the identity of Barbara Campa and ordered a Sony Colour Television set and a cordless head phone. She gave her credit card number for payment and requested that the products be delivered to Arif Azim in Noida. The payment was duly cleared by the credit card agency and the transaction processed. After following the relevant procedures of due diligence and checking, the company delivered the items to Arif Azim. At the time of delivery, the company took digital photographs showing the delivery being accepted by Arif Azim. The transaction closed at that, but after one and a half months the credit card agency informed the company that this was an unauthorized transaction as the real owner had denied having made the purchase. The company lodged a complaint for online cheating at the Central Bureau of Investigation which registered a case. The matter was investigated into and Arif Azim was arrested. Investigations revealed that Arif Azim, while working at a call centre in Noida gained access to the credit card number of an American national which he misused on the companys site. The CBI recovered the colour television and the cordless head phone. The court convicted Arif Azim for cheating under Section 418, 419 and 420 of the Indian Penal Code this being the first time that a cyber crime has been convicted. The court, however, felt that as the accused was a young boy of 24 years and a first-time convict, a lenient view needed to be taken. The court therefore released the accused on probation for one year. Page 13 of 18 9. Cyber pornography This would include pornographic websites; pornographic magazines produced using computers (to publish and print the material) and the Internet (to download and transmit pornographic pictures, photos, writings etc). (Delhi Public School case)

10. Sale of illegal articles This would include sale of narcotics, weapons and wildlife etc., by posting information on websites, auction websites, and bulletin boards or simply by using email communication. E.g. many of the auction sites even in India are believed to be selling cocaine in the name of honey. Conclusion Introduction of several provisions in the IT Act by the ITA, 2008, relating to data protection, are extremely essential in todays business environment as several Indian companies providing services to or in conjunction with foreign entities handle large amounts of data that are accessed and/or processed by their employees. Such cross border exchange / transmission of Data further mandates compliance with the provisions of foreign enactments on Data Protection. The increased accountability of data handlers and data aggregators and the enhanced punitive measures, therefore meets such requirements to some extent. The existing provisions along with the additional / revised provisions under the ITA, 2008 provide for criminal prosecution and stringent monetary penalties that are likely to act as effective deterrents. Whilst some inclusions in the ITA 2008 have been subject to criticism, the amendments and additions made to the IT Act are expedient and much awaited additions. Absence of effective provisions to combat offences like Cyber Stalking and cyber squatting are avoidable loopholes, which one hopes will soon be rectified. One could safely conclude that whilst the ITA 2008 is still work in progress, it is definitely headed in the right direction. 'Net surfing by youngsters lures them into dangerous domain. The need for a conscious effort to checkmate the undesirable fallout of youngsters accessing and using the Internet is of concern. The print media has a duty to educate unwary parents and youngsters about the dangers inherent in treading dangerous areas in the cyber-world. Cyber Space Security Management has already become an important component of National Security Management, Military related Scientific Security Management and Intelligence Management all over the world. Future intrusions threatening our national security may not necessarily come from across the land frontier, or in air space or across maritime waters, but happen in cyberspace. Intelligence operations and covert actions will increasingly become cyber-based. It is important that our intelligence agencies gear themselves up to this new threat. It is, therefore, necessary to put in place a 'National Cyber Space Security Management Policy' to define the tasks, specify responsibilities of individual agencies with an integrated architecture. It is a well-known fact that terrorists have been using the Internet to communicate, extort, intimidate, raise funds and coordinate operations. Hostile states have highly developed capabilities to wage cyber wars. They have the capability to paralyze large parts of communication networks, cause financial meltdown and unrest. The degree of our preparedness in the face of all these potential threats, does leaves much to be desired. The Government should also take note of this slow but worrying development and put in place a proper mechanism to curb the misuse.