A PROJECT REPORT

On Information Technology Act with a Special Study on Cyber Crime

Submitted by:
Samira Baptista - 01 Minelli Coelho - 03 Delina Dsouza - 05 Nitin Dsouza - 07 Lowell John - 09 Jenny Fernandes - 11 Alisha Henriques - 13 Tejas Kadam - 15
1|Page

TABLE OF CONTENTS

Sr.No 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 Introduction

Topic

Page No 3 4 7 10 12 21 26 29 35 47 51 55 58 60 62 64

Information Technology Act, 2000 Definitions Digital Signature Offences & Penalties Power & Control Cyber Laws Cyber Crimes Classification of Cyber Crime NASSCOM Prevention from Cyber Crime Cyber crime impact on Banking Sector Amendments of IT Act, 2000 Research Analysis Conclusion Bibliography

2|Page

INTRODUCTION
Modern Communication systems and advanced technology have become a part and parcel of businessmen's life. An awakening in the way people transact business. Not only business class, but even common man has started using computers to create, store, transmit information in an electric form instead of the traditional custom of using paper documents. Such Information stored in computers i.e. electronic forms has many advantages like being cheaper, easier, retrieval and speedy. Although people are aware of the advantages which the electronic form of business provides, people are reluctant to conduct business or conclude and transaction in the electronic form due to lack of appropriate legal framework. Electronic commerce eliminates need for paper based transactions. The two principal hurdles which stand in the way of facilitating electronic commerce and electronic governance, are the requirements of writing and signature for legal recognition. At present many legal provisions assume the existence of paper based records and documents which should bear signatures. The Law of Evidence is traditionally based upon paperbased records and oral testimony.

Connectivity via the Internet has greatly abridged geographical distances and made communication even more rapid. While activities in this limitless new universe are increasing incessantly, laws must be formulated to monitor these activities. Some countries have been rather vigilant and formed some laws governing the net. In order to keep pace with the changing generation, the Indian Parliament passed the much-awaited Information Technology (IT) Act, 2000.

3|Page

THE INFORMATION TECHNOLOGY ACT, 2000

It is an Act that provides legal recognition to electronic communication also known as electronic commerce. The United Nations on 30th January 1997 adopted the Model Law on Electronic Commerce for International Trade by resolution. This resolution recommends that all States take into consideration this Model Law when they revise or enact their own so that there is uniformity in the respective laws applicable. It is important to effectively execute the aid resolution and ensure its accurate and efficient delivery of Government services by means of reliable electronic records.

It is an act to provide legal recognition for transactions carried out by means of electronic data interchange and other means of electronic communication, commonly referred to as "electronic commerce", which involves the use of alternatives to paper based methods of communication and storage of information, to facilitate electronic filing of documents with the government agencies and further to amend the Indian Penal Code, the Indian Evidence Act, 1872, the Bankers Book Evidence Act, 1891 and the Reserve Bank of India Act, 1934 and for matters connected therewith. The IT Act 2000 attempts to change outdated laws and provides ways to deal with cyber crimes. We need such laws so that people can perform purchase transactions over the Net through credit cards without fear of misuse. The Act offers the much-needed legal framework so that information is not denied legal effect, validity or enforceability, solely on the ground that it is in the form of electronic records.

Objectives
1. To give legal recognition to any transaction, which is done by electronic way or use of internet. 2. To give legal recognition to digital signature for accepting any agreement via computer. 3. To provide facility of filling document through online registration. 4. According to I.T. Act 2000, any company can store their data in electronic storage. 5. To stop computer crime and protect privacy of internet users.
4|Page

6. To give legal recognition for keeping books of accounts by bankers and other companies in electronic form. 7. To make more power to IPO, RBI and Indian Evidence act for restricting electronic crime.

Scope
All electronic information is under the scope of I.T. Act 2000 but the following electronic transactions are not under I.T. Act 2000 1. Information Technology Act 2000 is not applicable on the attestation for creating trust via electronic way. Physical attestation is must. 2. I.T. Act 2000 is not applicable on the attestation for making will of any body. Physical attestation by two witnesses is must. 3. A contract of sale of any immovable property. 4. Attestation for giving power of attorney of property is not possible via electronic record.

Features
Due to the introduction of this Act, electronic records like, floppies, compact discs, microfilms, magnetic films, hard disk or any such electronic devices can be produced in a court of law as evidence. From now onwards, any evidence need not be in a typewritten, handwritten or printed paper - it can be in an electronic form. With the advent of this Act, any document or record or information can be retained in the electronic form. Now this Act has come into effect, an electronic record can be affixed with a Digital Signature.

Security Concerns and Requirements

Security Concerns The internet is based on open network architecture, so information can be transferred freely and efficiently. While this greatly facilitates the development of e-commerce applications, it also raises many security concerns. If you have brought something over the internet, you may have following worries:
5|Page

Worry 1: Transmit my credit information over the internet. Can people other than the recipient read it? Worry 2: I agree to pay Rs. 2, 00,000/- for goods. Will this payment information be captured and changed by someone on the internet? Worry 3: This Company claims to be Company X. Is this the real company X?

Security Requirements Confidentiality: It makes sure that a message is kept confidential or secret such that only the intended recipient can read it. This eliminates the first worry because even if an intruder captures your credit card information on the internet, he cannot read the information. To provide data confidentiality, encryption is used. Integrity: It makes sure that if the content of a message is altered, the receiver can detect it. This addresses the second worry because if the payment information is changed, the message is no longer valid. A digital signature is used to ensure data integrity. Authentication: It is about verifying the identity. This eliminates the third worry as the identity of the company can be verified before carrying out the transactions. Availability: It is concerned about making the valid data available to authorized users.

6|Page

DEFINITIONS
Adjudicating Officers
The Central Government shall appoint an officer not below the rank of Director to the Government of India or equivalent officer of the State Government as an adjudicating officer to pass judgment upon any inquiry in connection with the breach of the Act. Such officer must have the legal and judicial experience as may be prescribed by the Central Government in that behalf. The Adjudicating Officer must give the accused person an opportunity to be heard and after being satisfied that he has violated the law, penalize him according to the provisions of the Act. While adjudicating, he shall have certain powers of a Civil Court.

Affixing digital signature

It means with its grammatical variations and cognate expressions means adoption of any methodology or procedure by a person for the purpose of authenticating an electronic record by means of digital signature.

Asymmetric crypto system

It means a system of a secure key pair consisting of a private key for creating a digital signature and a public key to verify the digital signature.

A cipher or cryptosystem is used to encrypt the data. The original data is known as plaintext, and the result of encryption is cipher text. We decrypt the cipher text to recover the original plaintext. Encryption is the process of transforming information (referred to as plaintext) using an algorithm (called a cipher) to make it unreadable to anyone except those possessing special knowledge, usually referred to as a key. The reverse process to make the encrypted information readable again is referred to as decryption.

7|Page

Encryption has long been used by militaries and governments to facilitate secret communication. It is now commonly used in protecting information within many kinds of civilian systems. For example, the Computer Security Institute reported that in 2007, 71% of companies surveyed utilized encryption for some of their data in transit, and 53% utilized encryption for some of their data in storage. Encryption can be used to protect data "at rest", such as files on computers and storage devices (e.g. USB flash drives). In recent years there have been numerous reports of confidential data such as customers' personal records being exposed through loss or theft of laptops or backup drives. Digital rights management systems which prevent unauthorized use or reproduction of copyrighted material and protect software against reverse engineering are another somewhat different example of using encryption on data at rest. Encryption is also used to protect data in transit, for example data being transferred via networks (e.g. the Internet, e-commerce), mobile telephones, wireless microphones, wireless intercom systems, Bluetooth devices and bank automatic teller machines. There have been numerous reports of data in transit being intercepted in recent years. Encrypting data in transit also helps to secure it as it is often difficult to physically secure all access to networks. Encryption, by itself, can protect the confidentiality of messages, but other techniques are still needed to protect the integrity and authenticity of a message; for example digital signature.

8|Page

 Computer network
It means the interconnection of one or more computers through (i) The use of satellite, microwave, terrestrial line or other communication media; and (ii) Terminals or a complex consisting of two or more interconnected computers whether or not the interconnection is continuously maintained.

Computer system
It means a device or collection of devices, including input and output support devices and excluding calculators which are not programmable and capable of being used in conjunction with external files, which contain computer programs, electronic instructions, input data and output data, that performs logic, arithmetic, data storage and retrieval, communication control and other functions.

Electronic form
With reference to information means any information generated, sent, received or stored in media, magnetic, optical, computer memory, micro film, computer generated micro fiche or similar device.

Secure system
It means computer hardware, software, and procedure that (a) Are reasonably secure from unauthorized access and misuse. (b) Provide a reasonable level of reliability and correct operation. (c) Are reasonably suited to performing the intended functions. (d) Adhere to generally accepted security procedures.

9|Page

DIGITAL SIGNATURE
A digital signature is a mathematical scheme for demonstrating the authenticity of a digital message or document. A valid digital signature gives a recipient reason to believe that the message was created by a known sender, and that it was not altered in transit. Digital signatures are commonly used for software distribution, financial transactions, and in other cases where it is important to detect forgery or tampering. Digital signature is a method used to provide data integrity. A digital signature can be used with any kind of message, whether it is encrypted or not, simply so that the receiver can be sure of the sender's identity and that the message arrived intact. A digital certificate contains the digital signature of the certificate-issuing authority so that anyone can verify that the certificate is real.

How It Works
Assume you were going to send the draft of a contract to your lawyer in another town. You want to give your lawyer the assurance that it was unchanged from what you sent and that it is really from you. 1. You copy-and-paste the contract (it's a short one!) into an e-mail note. 2. Using special software, you obtain a message hash (mathematical summary) of the contract. 3. You then use a private key that you have previously obtained from a public-private key authority to encrypt the hash. 4. The encrypted hash becomes your digital signature of the message. (Note that it will be different each time you send a message.) At the other end, your lawyer receives the message. 1. To make sure it's intact and from you, your lawyer makes a hash of the received message. 2. Your lawyer then uses your public key to decrypt the message hash or summary.
10 | P a g e

3. If the hashes match, the received message is valid.

Electronic Governance of digital signature

E-Governance is perhaps the most happening thing in Government. More and more departments are shifting to e-Governance in the recent times. E-Governance envisages e-filing of forms/ returns to enable the department to move to a paper-less era where information is available in digital form for further analysis and follow-ups on a timely basis. It also saves the users from the hustles of standing in queues and they can know their status online through the Internet/ WWW. The following provides details of some prominent initiatives impacting us:

Department URL/ Website Address

Income Tax- http://incometaxindia.gov.in/archive/e-brochure.pdf Excise -http://www.cbec.gov.in/cae/p-notice-digital-signature.pdf https://www.icert.gov.in/Docs/PublicNotice120905.pdf Ministry of Company Affairs - ROC http://dca.nic.in/mca21web.doc
11 | P a g e

OFFENCES & PENALTIES

Penalties
Chapter-IX of the Information Technology Act, 2000 talks about penalties and adjudication for various offences. The penalties for damage to computer, computer systems etc. has been fixed as damages by way of compensation not exceeding Rs. 1,00,00,000 to affected persons. The Act talks of appointment of Adjudicating Officer who shall adjudicate whether any person has made a contravention of any of the provisions of the said Act or rules framed there under. The said Adjudicating Officer has been given the powers of a Civil Court.

Offences
Cyber offences are the unlawful acts which are carried in a very sophisticated manner in which either the computer is the tool or target or both.

The offences included in the IT Act 2000 are as follows: 1.Tampering with the computer source documents. 2. Hacking with computer system. 3. Publishing of information which is obscene in electronic form. 4. Power of Controller to give directions. 5. Directions of Controller to a subscriber to extend facilities to decrypt information. 6. Protected system. 7. Penalty for misrepresentation. 8. Penalty for breach of confidentiality and privacy. 9. Penalty for publishing Digital Signature Certificate false in certain particulars. 10. Publication for fraudulent purpose. 11. Act to apply for offence or contravention committed outside India. 12. Confiscation. 13. Penalties or confiscation not to interfere with other punishments. 14. Power to investigate offences.

12 | P a g e

Offences under the IT Act 2000. Section 65. Tampering with computer source documents:
Explanation: For the purpose of this section computer source code means the listing of programs, computer commands, design and layout and program analysis of computer resource in any form. Objective: The objective of the section is to protect the intellectual property invested in the computer. It is an attempt to protect the computer source documents (codes) beyond what is available under the Copyright Law Essential ingredients of the section: 1. knowingly or intentionally concealing, 2. knowingly or intentionally destroying, 3. knowingly or intentionally altering, 4. knowingly or intentionally causing others to conceal, 5. knowingly or intentionally causing another to destroy, 6. knowingly or intentionally causing another to alter. This section extends towards the Copyright Act and helps the companies to protect their source code of their programs. Penalties: Section 65 is tried by any magistrate. This is cognizable and non- bailable offence. Imprisonment up to 3 years and / or Fine: Two lakh rupees.

Case Laws: 1. Frios v/s State of Kerala

Facts: In this case it was declared that the FRIENDS application software as protected system. The author of the application challenged the notification and the constitutional validity of software under Section 70. The court upheld the validity of both. It included tampering with source code. Computer source code the electronic form, it can be printed on paper.

Held: The court held that Tampering with Source code are punishable with three years jail and
13 | P a g e

or two lakh rupees fine of rupees two lakh rupees for altering, concealing and destroying the source code.

Section 66. Hacking with the computer system.

Explanation: The section tells about the hacking activity. Essential ingredients of the section: 1. Whoever with intention or knowledge. 2. Causing wrongful loss or damage to the public or any person. 3. Destroying or altering any information residing in a computer resource. 4. Or diminishes its value or utility or. 5. Affects it injuriously by any means. Penalties: Punishment: Imprisoned up to three years and Fine: which may extend up to two lakh rupees. Or with both.

Case Laws:
OFFICIAL WEBSITE OF MAHARASTRA GOVERNMENT HACKED MUMBAI, 20 September 2007 IT experts were trying yesterday to restore the official website of the government of Maharashtra, which was hacked in the early hours of Tuesday. Rakesh Maria, joint commissioner of police, said that the states IT officials lodged a formal complaint with the Cyber Crime Branch police on Tuesday. He added that the hackers would be tracked down. Yesterday the website, http://www.maharashtragovernment.in, remained blocked. Deputy Chief Minister and Home Minister R.R. Patil confirmed that the Maharashtra government website had been hacked. He added that the state government would seek the help of IT and the Cyber Crime Branch to investigate the hacking. We have taken a serious view of this hacking, and if need be the government would even go further and seek the help of private IT experts. Discussions are in progress between the officials of the IT Department and experts, Patil added.

14 | P a g e

The state government website contains detailed information about government departments, circulars, reports, and several other topics. IT experts working on restoring the website told Arab News that they fear that the hackers may have destroyed all of the websites contents. According to sources, the hackers may be from Washington. IT experts said that the hackers had identified themselves as Hackers Cool Al-Jazeera and claimed they were based in Saudi Arabia. They added that this might be a red herring to throw investigators off their trail. According to a senior official from the state governments IT department, the official website has been affected by viruses on several occasions in the past, but was never hacked. The official added that the website had no firewall. The official website of the government of Maharashtra was hacked by Hackers Cool Al- Jazeera, and claimed them they were from Saudi Arabia.

Section 67. Publishing of obscene information in electronic form:

Essential ingredients of this section: 1. Publishing or transmitting, or causing to be published, pornographic material in electronic form. Penalties: Punishment: On first conviction - imprisonment which may extend up to five years. Fine: up to on first conviction which may extend to one lakh rupees. On second conviction - imprisonment up to which may extend to ten years and Fine which may extend up to two lakh rupees.

Case Laws: 1. Avnish Bajaj (CEO of bazzee.com) case.

Facts: There were three accused first is the Delhi school boy and IIT Kharagpur Ravi Raj and the service provider Avnish Bajaj.

The law on the subject is very clear. The sections slapped on the three accused were Section 292 (sale, distribution, public exhibition, etc., of an obscene object) and Section 294 (obscene acts, songs, etc., in a public place) of the Indian Penal Code (IPC), and Section 67 (publishing information which is obscene in electronic form) of the Information Technology Act 2000. In addition, the schoolboy faces a charge under Section 201 of the IPC (destruction of evidence),
15 | P a g e

for there is apprehension that he had destroyed the mobile phone that he used in the episode. These offences invite a stiff penalty, namely, imprisonment ranging from two to five years, in the case of a first time conviction, and/or fines.

Held: In this case the Service provider Avnish Bajaj was later acquitted and the Delhi school boy was granted bail by Juvenile Justice Board and was taken into police charge and detained into Observation Home for two days.

Section 68. Power of controller to give directions

Explanation: Any person who fails to comply with any order of Certifying Authority or any employee of such Authority, shall be guilty of an offence and shall be convicted for a term not less then three years or to a fine exceeding two lakh rupees or to both. Penalties: Punishment: imprisonment up to a term not exceeding three years Fine: not exceeding two lakh rupees.

Section 69. Directions of Controller to a subscriber to extend facilities to decrypt information:

Explanation: The subscriber or any person in charge of the computer resource shall, when called upon by any agency should extend all facilities and technical assistance to decrypt the information. The subscriber or any person who fails to assist the agency referred shall be punished with an imprisonment for a term which may extend to seven years.

Penalties: Punishment: imprisonment for a term which may extend to seven years. The offence is cognizable and non- bailable.

Section 70. Protected System:

Explanation: This section grants the power to the appropriate government to declare any computer, computer system or computer network, to be a protected system. Only authorized person has the right to access to protected system.

16 | P a g e

Penalties: Punishment: the imprisonment which may extend to ten years and fine.

Section 71. Penalty for misrepresentation:

Explanation: Whoever makes any misrepresentation to, or suppresses any material fact from, the Controller or the Certifying Authority for obtaining any license or Digital Signature Certificate, as the case may be shall be punished with imprisonment for a term which may extend to two years, or with fine which may extend to one lakh rupees, or with both. Penalties: Punishment: imprisonment which may extend to two years Fine: may extend to one lakh rupees or with both.

Section 72. Penalty for breach of confidentiality and privacy:

Explanation: This section relates to any to nay person who in pursuance of any of the powers conferred by the Act or it allied rules and regulations has secured access to any: Electronic record, books, register, correspondence, information, document, or other material.

If such person discloses such information, he will be punished with punished. It would not apply to disclosure of personal information of a person by a website, by his email service provider.

Penalties: Punishment: term which may extend to two years. Fine: one lakh rupees or with both.

Section 73. Penalty for publishing Digital Signature Certificate false in certain particulars:
Explanation: The Certifying Authority listed in the certificate has not issued it or, the subscriber listed in the certificate has not accepted it or the certificate has been revoked or suspended. The Certifying authority may also suspend the Digital Signature Certificate if it is of the opinion that the digital signature certificate should be suspended in public interest.

A digital signature may not be revoked unless the subscriber has been given opportunity of being
17 | P a g e

heard in the matter. On revocation the Certifying Authority need to communicate the same with the subscriber. Such publication is not an offence it is the purpose of verifying a digital signature created prior to such suspension or revocation.

Penalties: Punishment imprisonment of a term of which may extend to two years. Fine: fine may extend to 1 lakh rupees or with both.

Case Laws: 1. Bennett Coleman & Co. v/s Union of India. In this case the publication has been stated that publication means dissemination and circulation. In the context of digital medium, the term publication includes and transmission of information or data in electronic form.

Section 74. Publication for fraudulent purpose:

Explanation: This section prescribes punishment for the following acts:

Knowingly creating a digital signature certificate for any i. fraudulent purpose or, ii. Unlawful purpose.

Knowingly publishing a digital signature certificate for any i. fraudulent purpose or ii. unlawful purpose

Knowingly making available a digital signature certificate for any i. fraudulent purpose or ii. unlawful purpose.

Penalties: Punishment: imprisonment for a term up to two years. Fine: up to one lakh or both.
18 | P a g e

Section 75. Act to apply for offence or contravention committed outside India:
Explanation: This section has broader perspective including cyber crime, committed by cyber criminals, of any nationality, any territoriality.

Case Laws: R v/s Governor of Brixton prison and another. Facts: In this case the Citibank faced the wrath of a hacker on its cash management system, resulting in illegal transfer of funds from customers account in to the accounts of the hacker, later identified as Valdimer Levin and his accomplices. After Levin was arrested he was extradite to the United States. One of the most important issues was jurisdictional issue, the place of origin of the cyber crime.

Held: The Court helds that the real- time nature of the communication link between Levin and Citibank computer meant that Levins keystrokes were actually occurring on the Citibank computer.

It is thus important that in order to resolve the disputes related to jurisdiction, the issue of territoriality and nationality must be placed by a much broader criteria embracing principles of reasonableness and fairness to accommodate overlapping or conflicting interests of states, in spirit of universal jurisdiction.

Section 76. Confiscation:

Explanation: The aforesaid section highlights that all devices whether computer, computer system, floppies, compact disks, tape drives or any other storage, communication, input or output device which helped in the contravention of any provision of this Act, rules, orders, or regulations made under there under liable to be confiscated.

Section 77. Penalties or confiscation not to interfere with other punishments:

19 | P a g e

Explanation: The aforesaid section lays down a mandatory condition, which states the Penalties or confiscation not to interfere with other punishments to which the person affected thereby is liable under any other law for the time being in force.

Section 78. Power to investigate offences:

Explanation: The police officer not below the rank of Deputy Superintendent of police shall investigate the offence.

20 | P a g e

POWER & CONTROL

Power to police officer and other officers to enter and search.
Any police officer, not below the rank of a Deputy Superintendent of Police or authorized by the Central Government, in this respect may enter any public place, search and arrest without warrant, and any person who is found or reasonably suspected of having committed or committing or being about to commit any offence under this Act. Any person who is arrested by an Officer other than a Police Officer, shall be taken or sent before a magistrate having jurisdiction in the case or before the officer-in-charge of a police station.

Caselet No 1.
A Nigerian national was among three persons arrested by the Chennai Police in Bangalore on Thursday 9th February 2012 in connection with an online lottery fraud, police sources said. Based on a complaint lodged by Dinesh Kumar (21), a third year engineering student of a private university here, that he was relieved of Rs. 1.34 lakh by unidentified persons after he responded to an online lottery prize sent through SMS, a special team of the Central Crime Branch was formed to investigate. The complainant said that he received a SMS that he had won 2 million US Dollars in yahoomsn lottery draw'. When he replied to an email address given in the message, a man claiming to be a diplomat in the United Kingdom responded. Saying that the prize money would be delivered in India, he asked Kumar to deposit Rs. 1.34 lakh in two different accounts of ICICI Bank. The money, the accused said, was for local taxes and customs clearance. After Kumar deposited the money, it was drawn in an ATM centre in Bangalore. The accused called back from a mobile number and said Rs. 3 lakh more had to be deposited in the same accounts towards airport charges. Suspecting foul play, the student lodged a complaint with the Commissioner of Police J.K. Tripathy. This is yet another case where bank accounts and SIM cards activated with bogus documents became effective tools in the hands of culprits. Video footage at an ATM centre in Bangalore
21 | P a g e

showed two persons drawing the money. Following specific clues, the team arrested Paul Osagic Cyril (41), the Nigerian national, and his associates Mohamed Afzal (29) of Mumbai and Rajesh Viswanath Kedia (49) of Kolkata. Rs. 94,000 was recovered from the possession of Cyril, Additional Deputy Commissioner of Police (CCB) M. Sudhakar said. The Nigerian national had come to India in 2009 with a business visa. The antecedents of the other two accused persons were under investigation. Cyril conspired with Afzal and Kedia to commit the fraud. Enquiry is on to check if the accused persons had been involved in similar crimes in the past, Dr. Sudhakar added.

Caselet No 2
Cyber criminals are on the prowl, targeting Pune citizens. A scientist of the National Chemical Laboratory (NCL) was among four in the city who registered police complaints after being cheated by cyber fraudsters. In the case of the scientist, Digambar Vitthal Gokhale, a resident of NCL colony, Rs 2.48 lakh was transferred from his State Bank of India account, to some other bank account in Varanasi, through Internet banking, without his knowledge. Gokhale lodged complaint against one Vishwatma Dube of Varanasi in the case at Chaturshringi police station. Police said Gokhale is a scientist at NCL and the crime had taken place when he had gone to South Korea on December 1, 2011. Police said Gokhale found that the money was transferred from his bank account without his knowledge. He initially approached the bank to get details of transactions. But as the problem was not sorted out, he lodged the police complaint. Inspector S B Nawle is investigating the case. Police are looking into how cyber frauds got Gokhales account information. A 26-year-old, Sahil Satishkumar Sharma of Hairganga housing society, Alandi Road has lodged a police complaint against an unidentified person who allegedly got his secret bank account information and used it to transfer Rs 56,569 without his knowledge through e-banking. An offence was registered at Yerwada police station. Police said the incident had taken place on August 13, 2011. Police have booked the suspect under section 420 of the IPC and other sections of the Information Technology (IT) Act. Inspector S S Shinde is probing the case.

22 | P a g e

Similarly, an unidentified cyber fraudster allegedly hacked the email of Minesh Amar Tolani (30) of Baner and transferred about Rs 15 lakh from his account without his his knowledge through e-banking. Tolani has lodged a complaint at Chaturshringi police station. Police said the transfer was on December 18 and 19, 2011. The cyber crime cell of Pune police is investigating.

Frauds also targeted Deepak Sakhahari Hiwle, 42, of Tingre Nagar. He was allegedly asked to deposit Rs 1,98,125 in a bank account in return for a high salaried job abroad. Hiwle lodged the complaint at Vishrantwadi police station. Police have booked three suspects, Mike Collin, Daina Lee and P Sarvan under section 406 of IPC and 66 ( c) of IT Act. Police said that frauds contacted Hiwle through email and continued communication with him between June 28 and July 7, 2011.They promised a job in foreign country. So Hiwle deposit money into the bank account told by the suspects, but never got any job. Inspector P B Gofne is investigating the case.

23 | P a g e

Information Technology- Control and Audit

The role of information technology (IT) control and audit has become a critical mechanism for ensuring the integrity of information systems (IS) and the reporting of organization finances to avoid and hopefully prevent future financial fiascos such as Enron and WorldCom. Global economies are more interdependent than ever and geopolitical risks impact everyone. Electronic infrastructure and commerce are integrated in business processes around the globe. A need to control and audit IT has never been greater. Initially, IT auditing (formerly called Electronic Data Processing [EDP], Computer Information Systems [CIS], and Information Systems auditing) evolved as an extension of traditional auditing. At that time, the need for an IT audit function came from several directions. Auditors realized that computers had impacted their ability to perform the Attestation Function. Corporate and Information Processing Management recognized that computers were key resources for competing in the business environment and similar to other valuable business resource within the organization, and therefore, the need for control and audit is critical. Professional associations, organizations and government entities recognized the need for IT Control and Audit. An early component of IT Auditing was drawn from several areas. First, Traditional Auditing contributes knowledge of internal control practices and the overall control philosophy. Another contributor was Information Systems Management (IS), which provides methodologies necessary to achieve successful design and implementation of systems. A field of Behavioral Science provided such questions and analysis to when and why IS are likely to fail because of people problems. Finally, the field of Computer Science contributed knowledge about control concepts, discipline, theory, and the formal models that underlie hardware and software design as a basis for maintaining data validity, reliability, and integrity. IT auditing is an integral part of the Audit Function because it supports the Auditors judgment on the quality of the information processed by computer systems. Initially, auditors with IT Audit skills are viewed as the technological resource for the Audit staff. Audit staff often looked to them for technical assistance. There are many types of Audit needs within IT Auditing, such as organizational IT Audits (management control over IT), Technical IT Audits
24 | P a g e

(infrastructure,

data

centers,

data

communication),

Application IT Audits

IT

audit

(business/financial/operational),

Development/Implementation

(specification/

requirements, design, development, and post implementation phases), and compliance IT audits involving national or international standards. An IT auditors role has evolved to provide assurance that adequate and appropriate controls are in place. Of course, the responsibility for ensuring that adequate internal controls are in place rests with the management. An auditors primary role, except in areas of management advisory services, is to provide a statement of assurance as to whether adequate and reliable internal controls are in place and are operating in an efficient and effective manner. Therefore management is to ensure, auditors are to assure. Today, IT auditing is a profession with conduct, aims, and qualities that are characterized by worldwide technical standards, an ethical set of rules (Information Systems Audit and Control Association [ISACA] Code of Ethics), and a professional certification program (Certified Information Systems Auditor [CISA]). It requires specialized knowledge and practical ability, and often long and intensive academic preparation. Often, where academic programs were unavailable, significant in-house training and professional development had to be expended by employers. Most accounting, auditing, and IT professional societies believe that improvements in research and education will definitely provide an IT auditor with better theoretical and empirical knowledge base to the IT audit function. They feel that emphasis should be placed on education obtained at the university level. The breadth and depth of knowledge required to audit IT systems are extensive. For example, IT auditing involves the Application of risk-oriented audit approaches Use of computer-assisted audit tools and techniques Application of standards (national or international) such as ISO 9000/3 and ISO 17799 to improve and implement quality systems in software development and meet security standards Understanding of business roles and expectations in the auditing of systems under development as well as the purchase of software packaging and project management

25 | P a g e

Assessment of information security and privacy issues which can put the organization at risk Examination and verification of the organizations compliance with any IT-related legal issues that may jeopardize or place the organization at risk Evaluation of complex systems development life cycles (SDLC) or new development techniques (e.g., prototyping, end user computing, rapid systems, or application development)

Reporting to management and performing a follow-up review to ensure actions taken at work

The auditing of complex technologies and communications protocols involves the Internet, intranet, extranet, electronic data interchange, client servers, local and wide area networks, data communications, telecommunications, wireless technology, and integrated voice/data/ video systems.

26 | P a g e

CYBER LAW & INFORMATION TECHNOLOGY

Success in any field of human activity leads to crime that needs mechanisms to control it. Legal provisions should provide assurance to users, empowerment to law enforcement agencies and deterrence to criminals. The law is as stringent as its enforcement. Crime is no longer limited to space, time or a group of people. Cyber space creates moral, civil and criminal wrongs. It has now given a new way to express criminal tendencies. Back in 1990, less than 100,000 people were able to log on to the Internet worldwide. Now around 2.3 billion people are hooked up to surf the net around the globe.

WORLD INTERNET USAGE AND POPULATION STATISTICS December 31, 2011

Internet Users Dec. 31, 2000 Internet Penetration Growth Users (% 2000Latest Data Population) 2011 139,875,242 13.5 % Users % of Table

World Regions

Population (2011 Est.)

Africa Asia Europe Middle East North America

1,037,524,058 4,514,400

2,988.4 6.2 % % 789.6 % 376.4 % 44.8 % 22.1 %

3,879,740,877 114,304,000 1,016,799,076 26.2 % 816,426,346 216,258,843 347,394,870 105,096,093 500,723,686 3,284,800 77,020,995 61.3 % 35.6 % 78.6 % 39.5 % 67.5 %

2,244.8 3.4 % % 152.6 % 12.0 %

108,096,800 273,067,546 18,068,919 7,620,480 235,819,740 23,927,457

Latin America / 597,283,165 Carib. Oceania Australia WORLD TOTAL

27 | P a g e

1,205.1 10.4 % % 214.0 % 1.1 % 528.1 % 100.0 %

35,426,995

6,930,055,154 360,985,492 2,267,233,742 32.7 %

Until recently, many information technology (IT) professionals lacked awareness of and interest in the cyber crime phenomenon. In many cases, law enforcement officers have lacked the tools needed to tackle the problem; old laws didnt quite fit the crimes being committed, new laws hadnt quite caught up to the reality of what was happening, and there were few court precedents to look to for guidance. Furthermore, debates over privacy issues hampered the ability of enforcement agents to gather the evidence needed to prosecute these new cases. Finally, there was a certain amount of dislike or at the least, distrust between the two most important players in any effective fight against cyber crime: Law Enforcement Agencies and Computer Professionals. Yet close cooperation between the two is crucial if the Cyber Crime problem needs to be controlled and the Internet needs to be made a safe place for its users. Law enforcement personnel understand the criminal mind-set and know the basics of gathering evidence and bringing offenders to justice. IT personnel understand computers and networks, how they work, and how to track down information on them. Each has half of the key to defeating the cyber criminal. IT professionals need good definitions of cyber crime in order to know when (and what) to report to police, but law enforcement agencies must have statutory definitions of specific crimes in order to charge a criminal with an offense. The first step in specifically defining individual cyber crimes is to sort all the acts that can be considered cyber crimes into organized categories.

Advantages of Cyber Laws

In view of the growth in transactions and communications carried out through electronic records, the Act seeks to empower government departments to accept filing, creating and retention of official documents in the digital format. The Act has also proposed a legal framework for the authentication and origin of electronic records / communications through digital signature. From the perspective of e-commerce in India, the IT Act 2000 and its provisions contain many positive aspects. Firstly, the implications of these provisions for the e-businesses would be that email would now be a valid and legal form of communication in our country that can be duly produced and approved in a court of law.
28 | P a g e

Companies shall now be able to carry out electronic commerce using the legal infrastructure provided by the Act. Digital signatures have been given legal validity and sanction in the Act. The Act throws open the doors for the entry of corporate companies in the business of being Certifying Authorities for issuing Digital Signatures Certificates. The Act now allows Government to issue notification on the web thus heralding egovernance. The Act enables the companies to file any form, application or any other document with any office, authority, body or agency owned or controlled by the appropriate Government in electronic form by means of such electronic form as may be prescribed by the appropriate Government.

The IT Act also addresses the important issues of security, which are so critical to the success of electronic transactions. The Act has given a legal definition to the concept of secure digital signatures that would be required to have been passed through a system of a security procedure, as stipulated by the Government at a later date.

Under the IT Act, 2000, it shall now be possible for corporate to have a statutory remedy in case if anyone breaks into their computer systems or network and causes damages or copies data. The remedy provided by the Act is in the form of monetary damages, not exceeding Rs. 1 Crore.

29 | P a g e

CYBER CRIMES
The modern thief can steal more with a computer than with a gun. Tomorrow's terrorist may be able to do more damage with a keyboard than with a bomb" There are many pros and cons of some new types of technology which are been invented or discovered. Similarly the new & profound technology i.e. use of INTERNET Service, has also got some pros & cons. These cons are named Cyber Crimes, the major disadvantages, illegal activity committed on the Internet by certain individuals because of certain loopholes. Cyber-crime is now amongst the most important revenue sectors for global organized crime. Because of this, the potential risks associated with malware have risen dramatically. Unlike in traditional crimes, the Information Technology infrastructure is not only used to commit the crime but very often is itself the target of the crime. Pornography, threatening email, assuming someone's identity, sexual harassment, defamation, SPAM and Phishing are some examples where computers are used to commit crime, whereas viruses, worms and industrial espionage, software piracy and hacking are examples where computers become target of crime. There are two sides to cyber-crime. One is the generation side and the other is the victimization side. Ultimately they have to be reconciled in that; the number of cyber-crimes committed should be related to the number of victimizations experienced. Of course there will not be a one-to one correspondence since one crime may, inflict multiple victimizations multiple crimes may be responsible for a single victimization. Some crimes may not result in any victimization, or at least in any measurable or identifiable victimization. In recent years, the growth and penetration of Internet across Asia Pacific has been phenomenal. Today, a large number of rural areas in India and a couple of other nations in the region have increasing access to the Internetparticularly broadband. The challenges of information security have also grown manifold. This widespread nature of cyber crime is beginning to show negative impact on the economic growth opportunities in each of the countries. It is becoming imperative for organizations to take both preventive and corrective actions if their systems are to be protected from any kind of compromise by external malicious elements. According to the latest statistics, more than a fifth of the malicious activities in the world
30 | P a g e

originate from the Asia Pacific region. The malicious attacks included denial-of-service attacks, spam, and phishing and boot attacks. Overall, spam made up 69% of all monitored e-mail traffic in the Asia Pacific region. As per the National Crime Records Bureau statistics, there has been a 255% increase in cyber crime in India alone. Computer crime can broadly be defined as criminal activity involving an information technology infrastructure, including illegal access (unauthorized access), illegal interception (by technical means of non-public transmissions of computer data to, from or within a computer system), data interference (unauthorized damaging, deletion, deterioration, alteration or suppression of computer data), systems interference (interfering with the functioning of a computer system by inputting, transmitting, damaging, deleting, deteriorating, altering or suppressing computer data), misuse of devices, forgery (ID theft), and electronic fraud. Cyber crime is emerging as a serious threat. Worldwide governments, police departments and intelligence units have started to react. Initiatives to curb cross border cyber threats are taking shape. Indian police has initiated special cyber cells across the country and have started educating the personnel.

Cyber crimes in India

Cyber crime is not on the decline. The latest statistics show that cyber crime is actually on the rise. However, it is true that in India, cyber crime is not reported too much about. Consequently there is a false sense of complacency that cyber crime does not exist and that society is safe from cyber crime. This is not the correct picture. The fact is that people in our country do not report cyber crimes for many reasons. Many do not want to face harassment by the police. There is also the fear of bad publicity in the media, which could hurt their reputation and standing in society. Also, it becomes extremely difficult to convince the police to register any cyber crime, because of lack of orientation and awareness about cyber crimes and their registration and handling by the police. A recent survey indicates that for every 500-cyber-crime incidents that take place, only 50 are reported to the police and out of that only one is actually registered. These figures indicate how difficult it is to convince the police to register a cyber crime. The establishment of cyber

31 | P a g e

crime cells in different parts of the country was expected to boost cyber crime reporting and prosecution. However, these cells havent quite kept up with expectations. Citizens should not be under the impression that cyber crime is vanishing and they must realize that with each passing day, cyberspace becomes a more dangerous place to be in, where criminals roam freely to execute their criminal intentions encouraged by the so-called anonymity that Internet provides. New Delhi: With increasing penetration of technology, cyber crime is on the rise with 966 cases reported in 2010 under the IT Act, 2000, Communications and IT Minister Kapil Sibal Wednesday said. "With the increase in the increasing proliferation of IT and related services, there is a rise in the number of cyber crimes and cyber security incidents," Sibal said in a written reply to the Lok Sabha. According to data maintained by National Crime Records Bureau (NCRB), a total of 217, 288, 420 and 966 cyber crime cases were registered under the Information Technology Act, 2000, during 2007, 2008, 2009 and 2010, respectively, he said. Sibal added that "...399, 176, 276 and 356 cyber crime cases were reported under Sections of Indian Penal Code (IPC) relating to cyber cases during 2007, 2008, 2009 and 2010, respectively". The nature of cyber crime recorded by NCRB included tampering computer documents, hacking, obscene publication/ transmission in electronic media, unauthorised access/attempt to access protected computer system, breach of privacy/ confidentiality and digital signature related crimes. Sibal said the IT (Amendment) Act, 2008 has been enforced on October 27, 2009 and provides a legal framework to address the issues connected with security breaches of IT infrastructure. He added that the Indian Computer Emergency Response Team (CERT-In) issues alerts, advisories and guidelines regarding cyber security threats and measures to be taken to prevent cyber incidents and enhance security of IT systems. In response to a separate question, Minister of State for IT and Communications Sachin Pilot said that 219 government websites were defaced by various hacker groups between January to October, 2011. "A total of 90, 119, 252 and 219 government websites as reported and tracked by CERT-In were defaced by various hacker groups in 2008, 2009, 2010 and January-October 2011," Pilot said.

Under the IT Act, 32 cyber crime cases were reported in 2010, as against five in 2009. Similarly, 26 cyber cases under the IPC were reported in 2010, as against just three the previous year.
32 | P a g e

Pune is second after Mumbai in the number of cyber crime cases under IPC section in 2010. Of the total 150-cyber crime cases under IPC sections in the country, Pune had 26 cases while Mumbai registered 41. Even though 347 cases were registered in 2010, not many were from Pune. Hyderabad (51), Delhi (41), Bangalore (40) and Jamshedpur (27) have a high number of cases. The cases in Pune pertained to loss or damage of computer resource utility, transmission or obscene publication in electronic form, hacking and tampering computer source document. There were no cases of unauthorized access/attempt to access protected computer system, obtaining license or digital signature by misrepresentation, publishing false digital signature, fraud digital signature, or breach of confidentiality. As for the 966-cyber crime cases under the IT Act, 142 are from Maharashtra in 2010. The overall number of cases registered under IT Act increased from 420 in 2009 to 966 in 2010. Incidentally, the maximum number of persons arrested in connection with cyber crimes from the city is between 18 to 45 years of age. Of the total 43 persons arrested, 23 are between 18 and 30 years of age, and 15 were between 30 and 45 years of age. The rest are above 45. No student, hacker or professional learners were involved in these crimes, which were usually committed by friends, neighbours, relatives, foreign groups, business competitors or disgruntled employees. The motives included making money, causing disrepute, fraud, and eve teasing or harassment. Cyber crime cases in the city pertained to loss or damage to computer resource utility, transmission or obscene publication in electronic form, hacking and tampering computer source document. Pune reported no cases about unauthorized access/attempt to access protected computer system, obtaining license or digital signature by misrepresentation, publishing false digital signature, fraud digital signature, or breach of confidentiality. Maharashtra has reported the highest number of cyber cases registered under the IPC section in 2010. Of the total 356 cases, Maharashtra reported 104 cases (29.2 %). A majority of the crimes of the total 356 cases registered under IPC fall under two categories - forgery (188), and criminal breach of trust or fraud (146). Although such offences fall under the IPC crimes, these cases had cyber overtones wherein computer, Internet or enabled services were a part of the crime. Cases of cyber fraud were the highest in Maharashtra (60), followed by Andhra Pradesh (25), Punjab (15), Chattisgarh and Tamil Nadu (11 each). While a total of 394 people were arrested for cyber crimes under IPC sections in 2010, the highest number of arrests is from Andhra Pradesh (126), Maharashtra (64), Chattisgarh (44), and Punjab (42).
33 | P a g e

Caselet No 1.
On 9 December 2011, hackers broke into the official website of Indias ruling Congress party and defaced the profile page of party president Sonia Gandhi with a pornographic message, according to an AFP report.

Caselet No 2
The city police have registered three phishing cases yesterday where cyber criminals cleaned out Rs 17.5 lakh from bank accounts of three people. While two cases have been registered with the Chatushringi police station, one has been lodged at Yerawada.

In all the three cases, the modus operandi was the same -- the accused accessed the details of the victims' online banking account and transferred hefty sums to their respective accounts. According to the police, all the thefts took place last year. So far the victims were corresponding with their banks about the incidents.

But seeing no respite in sight, they approached the police yesterday. The police have booked the unidentified accused for cheating and hacking. In the first case, the Chatushringi police have booked unknown persons for hacking and stealing Rs 15.21 lakh from the bank account of Minash Amar Tolani (30) from Baner.

The phishing happened between December 18 and 19 last year. Now, the case is being investigated by the Cyber Crime Cell. The same police station is also investigating the case of Digambar Vitthal Gokhale (60), a scientist with the National Chemical Laboratories (NCL) who lives in officers' quarters in Pashan.

Around Rs 2.47 lakh was cleaned out from Gokhale State Bank of India account while he was away to attend a conference in South Korea last October. "He returned after four days only to discover that Rs 2 lakh was transferred to the bank account of one Vishwatma Dubey in Varanasi. We will arrest the accused soon," said Police Inspector (Crime) S B Navle from the Chatushringi Police Station.
34 | P a g e

The Yerawada Police Station has also booked an unknown person for stealing Rs 56,000 from the account of Sahil Satishkumar Sharma from Phulenagar in Alandi Road. Senior Police Inspector Dipak Sawant said they were tracing the transaction details in coordination with Sharma's bank.

35 | P a g e

CLASSIFICATION OF CYBER CRIME

(1) Cyber crime against Individual

(2) Cyber crime Against Property

(3) Cyber crime Against Organization (4) Cyber crime Against Society

(1) Against Individuals (i) Email spoofing : A spoofed email is one in which e-mail header is forged so that mail appears to originate from one source but actually has been sent from another source (ii) Spamming : Spamming means sending multiple copies of unsolicited mails or mass e-mails such as chain letters. (iii) Cyber Defamation : This occurs when defamation takes place with the help of computers and / or the Internet. E.g. someone publishes defamatory matter about someone on a website or sends e-mails containing defamatory information. (iv) Harassment & Cyber stalking : Cyber Stalking Means following the moves of an individual's activity over internet. It can be done with the help of many protocols available such at e- mail, chat rooms, user net groups.

(2) Against Property:

36 | P a g e

(i) Credit Card Fraud : (ii) Intellectual Property crimes : These include Software piracy: illegal copying of programs, distribution of copies of software. Copyright infringement: Trademarks violations: Theft of computer source code: (iii) Internet time theft : the usage of the Internet hours by an unauthorized person which is actually paid by another person.

3) Against Organisation (i) Unauthorized Accessing of Computer: Accessing the computer/network without permission from the owner. it can be of 2 forms: a) Changing/deleting data: Unauthorized changing of data. b) Computer voyeur: The criminal reads or copies confidential or proprietary information, but the data is neither deleted nor changed. (ii) Denial Of Service : When Internet server is flooded with continuous bogus requests so as to denying legitimate users to use the server or to crash the server. (iii) Computer contamination / Virus attack : A computer virus is a computer program that can infect other computer programs by modifying them in such a way as to include a (possibly evolved) copy of it. Viruses can be file infecting or affecting boot sector of the computer. Worms, unlike viruses do not need the host to attach themselves to. (iv) Email Bombing : Sending large numbers of mails to the individual or company or mail servers thereby ultimately resulting into crashing.

37 | P a g e

(v) Salami Attack : When negligible amounts are removed & accumulated in to something larger. These attacks are used for the commission of financial crimes. (vi) Logic Bomb : Its an event dependent programme , as soon as the designated event occurs, it crashes the computer, release a virus or any other harmful possibilities. (vii) Trojan Horse : an unauthorized program which functions from inside what seems to be an authorized program, thereby concealing what it is actually doing. (viii) Data diddling : This kind of an attack involves altering raw data just before it is processed by a computer and then changing it back after the processing is completed.

(4) Against Society (i) Forgery : currency notes, revenue stamps, mark sheets etc can be forged using computers and high quality scanners and printers. (ii) Cyber Terrorism : Use of computer resources to intimidate or coerce others. (iii) Web Jacking : Hackers gain access and control over the website of another, even they change the content of website for fulfilling political objective or for money.

Cyber Stalking
Cyber Stalking can be defined as the repeated acts harassment or threatening behavior of the cyber criminal towards the victim by using Internet services. Stalking in General terms can be referred to as the repeated acts of harassment targeting the victim such as following the victim, making harassing phone calls, killing the victims pet, vandalizing victims property, leaving written messages or objects. Stalking may be followed by serious violent acts such as physical
38 | P a g e

harm to the victim and the same has to be treated and viewed seriously. It all depends on the course of conduct of the stalker. Both kind of Stalkers Online & Offline have desire to control the victims life. Majority of the stalkers are the dejected lovers or ex-lovers, who then want to harass the victim because they failed to satisfy their secret desires. Most of the stalkers are men and victim female.

How Do They Operate

a. Collect all personal information about the victim such as name, family background, Telephone Numbers of residence and work place, daily routine of the victim, address of residence and place of work, date of birth etc. If the stalker is one of the acquaintances of the victim he can easily get this information. If stalker is a stranger to victim, he collects the information from the internet resources such as various profiles, the victim may have filled in while opening the chat or e-mail account or while signing an account with some website.

b. The stalker may post this information on any website related to sex-services or dating services, posing as if the victim is posting this information and invite the people to call the victim on her telephone numbers to have sexual services. Stalker even uses very filthy and obscene language to invite the interested persons.

c. People of all kind from nook and corner of the World, who come across this information, start calling the victim at her residence and/or work place, asking for sexual services or relationships.

d. Some stalkers subscribe the e-mail account of the victim to innumerable pornographic and sex sites, because of which victim starts receiving such kind of unsolicited e-mails.

e. Some stalkers keep on sending repeated e-mails asking for various kinds of favors or threaten the victim.

39 | P a g e

f. Follow their victim from board to board. They hangout on the same BBs as their victim, many times posting notes to the victim, making sure the victim is aware that he/she is being followed. Many times they will flame their victim (becoming argumentative, insulting) to get their attention.

h. Stalkers will almost always make contact with their victims through email. The letters may be threatening, or sexually explicit. He will many times use multiple names when contacting the victim. i. Contact victim via telephone. If the stalker is able to access the victims telephone, he will many times make calls to the victim to threaten, harass, or intimidate them.

Caselet
NEW DELHI (June 20th,2011): A Delhi University law student has been accused of stalking and threatening a woman online. He also created her fake profiles on social networking sites to defame her. The woman, from Vasco-da-Gama, Goa, has lodged a complaint with Delhi Police alleging the accused has been harassing her for over a year now. She said the law student has been making obscene phone calls and sending threatening emails. The victim, while working in Delhi last year, became acquainted with the accused. "He asked her to marry him. She alleged that when she refused, he assaulted her at Sarita Vihar. He also threatened to kill her," said a senior police officer. "She also lodged a complaint with the Sarita Vihar police in July last year. After this, he apologized and promised not to bother her in future," the officer said. The accused had reportedly given a written statement to police that he will not stalk her. After this, she withdrew her complaint. The victim then moved to Goa to live with her parents. But soon after she left Delhi, the accused created her fake profiles on social networking websites. He then uploaded photographs on these sites and declared her to be his wife. "The accused also impersonated the victim online and made contact with her friends through these profiles," the officer said. The girl's marriage was called off due to this. A case under Section 66-A of Information Technology Act was lodged at the Economic Offences Wing on Wednesday. In her complaint, the victim has stated, "she is a victim of cyber stalking and identity theft which has created grave problems for her and her family".

40 | P a g e

Hacking
Hacking in simple terms means an illegal intrusion into a computer system and/or network. There is an equivalent term to hacking i.e. cracking, but from Indian Laws perspective there is no difference between the term hacking and cracking. Every act committed towards breaking into a computer and/or network is hacking. Hackers write or use ready-made computer programs to attack the target computer. They possess the desire to destruct and they get the kick out of such destruction. Some hackers hack for personal monetary gains, such as to stealing the credit card information, transferring money from various bank accounts to their own account followed by withdrawal of money. They extort money from some corporate giant threatening him to publish the stolen information, which is critical in nature. Government websites are the hot targets for hackers due to the press coverage, it receives. Hackers enjoy the media coverage.

Motive behind the Crime a. Greed b. Power c. Publicity d. Revenge e. Adventure f. Desire to access forbidden information g. Destructive mindset h. Wants to sell n/w security services

Caselet
NOIDA, October 22 NOIDA

police claimed to have cracked the case involving an internet hacker gang siphoning off Rs 1.66 crore from the account of an international electronic automotive goods supplier firm. The people accused of being involved in the alleged internet hacking racket are all graduates one of them, who had transferred the withdrawn money in his account is a civil engineer and an MBA. The five arrested by the police are Mitul Trivedi, resident of Pune, Savio
41 | P a g e

Derochlobo, resident of Goa, Bharatbhai Patel, Uday Kapadia and Yogi Anjani Bhandari, all residents of Mumbai. Police said the money transfer chain was broken after interrogating persons in Goa and Mumbai. There are dozens of people who have received the money transferred from the account of P K Aggarwal. We have yet to trace the mastermind. The team sent to Mumbai will hopefully be able to crack the case soon, said R K Chaturvedi, SSP, Gautam Budh Nagar. On October 11, P K Aggarwal had lodged a complaint saying Rs 1.66 crore had been siphoned off his bank account. The first transaction took place on September 29, in which Rs 21.5 lakh was transferred to a Mumbai branch of the Punjab National Bank. The second transaction took place on October 1, in which Rs 81 lakh was siphoned off. The Noida police have tracked down a long chain of money transfer to various local bank accounts in Goa, Mumbai and Mysore after they were alerted of a certain transaction to a bank account in Goa. The police were alerted of the fact that on October 2, Rs 80 lakh was transferred from the account of one Savio Derochlobo, resident of Panjim, Goa, who owns a firm called Panjim Asiatic State Development, to an ICICI Mumbai branch account. The money was then distributed among four, who have also been arrested. Savio had incurred a loan of Rs 5 crore and was in dire need of money, said Chaturvedi. He also added that Rs 12.47 lakh have been recovered, apart from Rs 20 lakh that has been recovered from the bank account of N Venkatesh of Goa, after the police was informed of the money transferred in his account. A total of Rs 52 lakh has been recovered and has been transferred back to the account of P K Aggarwal, said Chaturvedi. According to circle officer Rajiv K Mishra, a team of the Noida police is investigating the accounts in Mumbai. We will trace the complete chain and the mastermind involved in the crime soon, said Mishra.

Phishing
In the field of computer security, phishing is the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication. Communications purporting to be from popular social web sites, auction sites, online payment processors or IT Administrators are commonly used to lure the unsuspecting public. Phishing is typically carried out by e-mail or instant messaging, and it often directs users to enter details at a fake website
42 | P a g e

whose look and feel are almost identical to the legitimate one. Even when using server authentication, it may require tremendous skill to detect that the website is fake. Phishing is an example of social engineering techniques used to fool users, and exploits the poor usability of current web security technologies. Attempts to deal with the growing number of reported phishing incidents include legislation, user training, public awareness, and technical security measures. Phishing, also referred to as brand spoofing or carding, is a variation on "fishing," the idea being that bait is thrown out with the hopes that while most will ignore the bait, some will be tempted into biting. A phishing technique was described in detail in 1987, and the first recorded use of the term "phishing" was made in 1996.

Phishing email

From: *****Bank [mailto:support@****Bank.com] Sent: 08 June 2004 03:25 To: India Subject: Official information from ***** Bank Dear valued ***** Bank Customer! For security purposes your account has been randomly chosen for verification. To verify your account information we are asking you to provide us with all the data we are requesting. Otherwise we will not be able to verify your identity and access to your account will be denied. Please click on the link below to get to the bank secure page and verify your account details. Thank you. https://infinity.*****bank.co.in/Verify.jsp ****** Bank Limited According to the Annual Report of the Indian Computer Emergency Response Team (CERT-In), Dept Of Information Technology, Ministry of Communications & Information Technology, (Govt. of India) in the year 2009, the CERT-In handled about 374 phishing incidents. Major factors for increase in Phishing Attacks: There are three major factors behind the recent spurt in phishing attacks worldwide particularly in India:
43 | P a g e

Unawareness among public: Worldwide, particularly in India, there has been lack of awareness regarding the phishing attacks among the common masses. The users are unaware that criminals are actively targeting their personal information and they do not take proper precautions when they conduct online activities. Unawareness of policy The fraudsters often count on victims unawareness of Bank/financial institution policies and procedures for contacting customers, particularly for issues relating to account maintenance and fraud investigation. Customers unaware of the policies of an online transaction are likely to be more susceptible to the social engineering aspect of a phishing scam, regardless of technical sophistication. Technical sophistication Fraudsters are now using advanced technology that has been successfully used for activities such as spam, distributed denial of service (DDoS), and electronic surveillance. Even as customers are becoming aware of phishing, criminals are developing techniques to counter this awareness. These techniques include URL obfuscation to make phishing emails and web sites appear more legitimate, and exploitation of vulnerabilities in web browsers that allow the download and execution of malicious code from a hostile web site. Some cases of phishing in India: Phishing is a relatively new concept in India, unheard of couple of years back but recently there has been rise in the number of phishing cases in India where the innocent public fall prey to the sinister design of fraudster. In India, the most common form of phishing is by email pretending to be from a bank, where the sinister asks to confirm your personal information/login detail for some made up reason like bank is going to upgrade its server. Needless to say, the email contains a link to fake website that looks exactly like the genuine site. The gullible customers thinking that it is from the bank enter the information asked for and send it into the hands of identity thieves. There were phishing attempts over ICICI Bank, UTI Bank, HDFC Bank, SBI etc. in which the Modus operandi was similar. It was reported that a large number of customers of these banks had received emails, which have falsely been misrepresented to have been originated from their bank. The recipients of the mails were told to update their bank account information on some pretext. These emails included a hyperlink with-in the email itself and a click to that link took recipients to a web page, which was identical to their banks web page. Some of the unsuspecting recipients responded to these mails and gave their login information and passwords. Later on, through Internet banking and by using the information so collected a large number of illegal/fraudulent transactions took place.

44 | P a g e

Apart from the general banking phishing scams, some of the recent phishing attacks that took place in India are as follows: RBI Phishing Scam: In a daring phishing attack of its kind, the fraudsters even have not spared the Reserve Bank of India. The phishing email disguised as originating from the RBI, promised its recipient prize money of Rs.10 Lakhs within 48 hours, by giving a link which leads the user to a website that resembles the official website of RBI with the similar logo and web address. The user is then asked to reveal his personal information like password, I-pin number and savings account number. However, the RBI posted a warning regarding the fraudulent phishing e-mail on the banks official website. IT Department Phishing Scam: The email purporting to be coming from the Income Tax Department lures the user that he is eligible for the income tax refund based on his last annual calculation, and seeks PAN CARD Number or Credit Card details.

ICC World Cup 2011: One of the biggest sporting events is also under phishing attack. The fraudsters have specifically targeted the internet users of the host countries i.e. India, Bangladesh and Sri Lanka where the matches of the world cup are going on. India, which has been allotted 29 matches of the world cup, is obviously the prime targets of the phishing attacks. The Modus Operandi is similar to the banking phishing attack. The fraudsters through the similar looking fake website of organizers of the event have tried to lure victims with special offers and packages for the grand finale of the event. The Users were asked for credit card details to book tickets and packages along with their personal information which once submitted would be used to compromise the online banking account of the victim leading to financial losses to the victim.

Google under Phishing Attack: Recently, the users of the Google email services, Gmail purportedly received a legal notice from the Gmail team which wanted users to refurbish their account name, password, occupation, birth date and country of residence with a warning that users who did not update their details within 7 days of receiving the warning would lose their account permanently. However, the spokesperson of the Google denied any such legal notice coming from them and stated it to be a phishing attack designed to collect personal information, called spoofing or password phishing.

Phishing-A Cyber Crime, the provisions of Information Technology Act, 2000 The phishing fraud is an online fraud in which the fraudster disguise themselves and use false and fraudulent websites of bank and other financial institutions, URL Links to deceive people into disclosing valuable personal data, later on which is used to swindle money from victim account. Thus, essentially it is a cyber crime and it attracts many penal provisions of the
45 | P a g e

Information Technology Act, 2000 as amended in 2008 adding some new provisions to deal with the phishing activity. The following Sections of the Information Technology Act, 2000 are applicable to the Phishing Activity: Section 66: The account of the victim is compromised by the phisher which is not possible unless & until the fraudster fraudulently effects some changes by way of deletion or alteration of information/data electronically in the account of the victim residing in the bank server. Thus, this act is squarely covered and punishable u/s 66 IT Act. Section 66A: The disguised email containing the fake link of the bank or organization is used to deceive or to mislead the recipient about the origin of such email and thus, it clearly attracts the provisions of Section 66A IT Act, 2000. Section 66C: In the phishing email, the fraudster disguises himself as the real banker and uses the unique identifying feature of the bank or organization say Logo, trademark etc. and thus, clearly attracts the provision of Section 66C IT Act, 2000. Section 66D: The fraudsters through the use of the phishing email containing the link to the fake website of the bank or organizations personates the Bank or financial institutions to cheat upon the innocent persons, thus the offence under Section 66D too is attracted. The Information Technology Act, 2000 makes penal provisions under the Chapter XI of the Act and further, Section 81 of the IT Act, 2000 contains a non obstante clause, i.e. the provisions of this Act shall have effect notwithstanding anything inconsistent therewith contained in any other law for the time being in force. The said non obstante clause gives an overriding effect to the provisions of the IT Act over the other Acts including the Indian Penal Code. The aforesaid penal provisions of the IT Act, 2000 which is attracted to the phishing scam are however been made bailable by virtue of Section 77B IT Act intentionally in view of the fact that there is always an identity conflict as to the correct or accurate identity of the person behind the alleged phishing scam and there is always a smokescreen behind the alleged crime as to the identity of the person who has actually via these online computer resources have or have not committed the offence and in view of the possible misuse of the penal provision for cyber offences as contained in the IT Act, the offence is made bailable.

46 | P a g e

NASSCOM
The National Association of Software and Services Companies (NASSCOM) is a trade association of Indian Information Technology (IT) and Business Process Outsourcing (BPO) industry. Established in 1988, NASSCOM is a non-profit organization focused on promoting sustainable growth for the industry and to harness IT and Communications technologies for inclusive and balanced growth.

Functions of NASSCOM

Encourage members to provide world-class quality products, services and solutions in India and overseas and help build brand equity for the Indian IT software and services industry.

Taking effective steps to campaign against software piracy. Provide an ideal forum for overseas and domestic companies to explore the vast potential available for Joint Ventures, Strategic Alliances, Marketing Alliances, Joint Product Development, etc., by organizing Business Meets with delegations of various countries.

Work actively with Overseas Governments, Embassies to make the Visa and Work Permit Rules more "India Industry Friendly".

Disseminate various policies, market information and other relevant statistics by sending more than 200 circulars (annually) to all members.

Involve membership participation in various forums of NASSCOM on subjects such as HRD, Technology, Exports, Domestic Market, E-Governance, IT Enabled Services, IPR, Finance, Government Policies, Quality, etc.

NASSCOM is the global trade body with over 1200 members, of which over 250 are global companies from the US, UK, EU, Japan and China. NASSCOM's member companies are in the business of software development, software services, software products, IT-enabled/BPO

47 | P a g e

services and e-commerce. NASSCOM has been the strongest proponent of global free trade in India. NASSCOM was set up in 1988 to facilitate business and trade in software and services and to encourage advancement of research in software technology. It is a not-for-profit organization, registered under the Indian Societies Act, 1860. Currently, NASSCOM is headquartered in New Delhi, India with regional offices in the cities of Mumbai, Chennai, Hyderabad, Bangalore, Pune and Kolkata. NASSCOM has been the strongest proponent of global free trade, and is committed to work proactively to encourage its members to adopt world class management practices, build and uphold highest standards in quality, security and innovation and remain competitive in todays rapidly changing technology landscape. NASSCOM's Vision is to maintain India leadership position in the global offshore IT-BPO industry, to grow the market by enabling industry to tap into emerging opportunity areas and to strengthen the domestic market in India NASSCOM is constantly raising the bar across processes and quality standards within its member companies and making them partners of choice for customers across the globe. It also enables the Indian IT-BPO industry to evolve in accordance with the rapidly changing technology landscape by adopting, implementing and often creating world class practice.

NASSCOMs 4E Framework for Trusted Sourcing

Engage:

Creation of Global and National Advisory Boards on Security. Meet all stakeholders in India and key markets.

48 | P a g e

Reports to members on model contracts, SLAs (Service Level Agreements), security practices and standards, industry legislation like HIPAA-(Health Insurance Portability and Accountability Act), GLB-(Gramm-Leach-Bliley Act), DPA (Data Protection Act).

Educate:

Seminars to educate members, lawmakers and judiciary Create intellectual capital for members and other stakeholders

Enact:

Examine areas to strengthen legal framework in India. Work with coalitions and regulators in key markets to identify relevant provisions

Enforcement:

To train policemen to effectively deal with the emerging crime scene.

NASSCOM set up a Mumbai Cyber Lab (MCL), a first-of-its-kind initiative in India in 2003. The lab, which became operational in 2004, trained policemen on the basics of computers and the Internet, legal and procedural aspects of investigation, digital media, mobile phone forensics and online fraud.

Case law on Nasscom

Ericsson India Global Services, Ericssons Global Service Center (GSC) in India, has today been awarded with the NASSCOM Innovation Award 2012 in the category Process Innovation. Ericsson India Global Services developed a tool that simplifies a telecom operators network for rapid identification, analysis and troubleshooting in case of emergency situations. The award will be presented on February 15 by Mr Jyotiraditya Madhavrao Scindia, Minister for State, Commerce and Industry, Government of India. The tool has a compelling business proposition that helps operators to reduce revenue loss, minimize network outages and ensure higher end-user satisfaction. The Process Innovation

49 | P a g e

category recognizes innovations made by IT-BPO organizations in business processes, business models and business inputs. Ericsson has always focused on innovation to deliver business results to our customers to make them successful. We are delighted to see this DNA of innovation in our people in India. Our employees help us to win in whatever we do. This award encourages us to do even more, says Mats Agervi, Managing Director of Ericsson India Global Services. It was the first time that Ericsson India Global Services had entered the competition. We won the award against competition from global and local technology companies. The NASSCOM innovation awards, introduced in 2004, serve as a benchmark for innovation across the ICT industry in India. The award recognizes companies that have imbibed innovation as a part of their organizational profile, and used the innovation engine to reinvent their processes, marketing and product development strategies to improve efficiencies. A case study of the Ericsson India Global Services tool will also feature in forthcoming NASSCOM research and case study publication. Global Service Center India provides vendor and technology agnostic support across Consulting and Systems Integration (CSI), Application Development and Maintenance (ADM), Managed Services (Operations, Engineering), Network Rollout and Software Delivery. Ericsson India Global Services, of which Global Service Center India is a part, is spread across five locations in India Noida, Gurgaon, Bangalore, Chennai and Kolkata and also boasts a powerful R&D hub in India across IP, Broadband and Multimedia. During the past year, it has emerged as the fastest growing and the largest global service center and has proved to be a winning edge for Ericsson across the world in meeting our customers current and future business challenges.

50 | P a g e

CYBERCRIME PREVENTION INSTRUCTIONS

Cybercrime prevention can be straightforward. When you're armed with a little technical advice and common sense, you can avoid many attacks. Remember that online criminals are trying to make their money as quickly and easily as possible. The more difficult you make their job, the more likely they are to leave you alone and move on to an easier target. The tips below provide basic information on how you can keep your computer and your identity safe.

Keep your computer current with the latest patches and updates. Make sure your computer is configured securely. Choose strong passwords and keep them safe. Protect your computer with security software. Shield your personal information. Online offers that look too good to be true usually are. Review bank and credit card statements regularly.

Keep your computer current with the latest patches and updates
One of the best ways to keep cyber attackers away from your computer is to apply patches and other software fixes when they become available. By regularly updating your computer, you block attackers from being able to take advantage of software flaws (vulnerabilities) that they could otherwise use to break into your system. While keeping your computer up to date will not protect you from all attacks, it makes it much more difficult for hackers to gain access to your system, blocks many basic and automated attacks completely, and might be enough to discourage a less-determined attacker to look for a more vulnerable computer elsewhere. Most companies release software that can be configured to download and apply updates automatically so that you do not have to remember to check for the latest software. Taking
51 | P a g e

advantage of "auto-update" features in your software is a great start toward keeping yourself safe online.

Make sure your computer is configured securely

Keep in mind that a newly purchased computer may not have the right level of security for you. When you are installing your computer at home, pay attention not just to making your new system function, but also to making it work securely. Configuring popular Internet applications such as your Web browser and email software is one of the most important areas to focus on. For example, settings in your Web browser will determine what happens when you visit websites on the Internet. The strongest security settings will give you the most control over what happens online but may also frustrate you with many questions ("This may not be safe, are you sure you want do this?") or the inability to do what you want to do. Choosing the right level of security and privacy depends on the individual using the computer. Oftentimes security and privacy settings can be properly configured without any sort of special expertise by simply using the "Help" feature of your software or reading the vendor's website. If you are uncomfortable configuring your computer yourself, consult someone you know and trust for assistance or contact the vendor directly.

Choose strong passwords and keep them safe

Passwords are a fact of life on the Internet today. We use them for everything from ordering flowers and banking online to logging into our favorite airline website to see how many miles we have accumulated. The following tips can help make your online experiences secure:

Select a password that cannot be easily guessed to keep your passwords secure and away from the wrong hands. Strong passwords have eight characters or more and use a combination of letters, numbers, and symbols (e.g. # $ %!?).

Avoid using any of the following as your password: your login name, anything based on personal information such as your last name, and words that can be found in the

52 | P a g e

dictionary. Try to select especially strong, unique passwords for protecting activities like online banking.

Keep your passwords in a safe place and try not to use the same password for every service you use online.

Change passwords on a regular basis, at least every 90 days. This can limit the damage caused by someone who has already gained access to your account. If you notice something suspicious with one of your online accounts, one of the first steps you can take is to change your password.

Protect your computer with security software

Several types of security software are necessary for basic online security. Security software essentials include firewall and antivirus programs. A firewall is usually your computer's first line of defense. It controls who and what can communicate with your computer online. You could think of a firewall as a sort of "traffic cop" that watches all the data attempting to flow in and out of your computer on the Internet, allowing communications that it knows are safe and blocking "bad" traffic, such as attacks, from ever reaching your computer. The next line of defense is your antivirus software, which monitors all online activities and protects your computer from viruses, worms, Trojan horses, and other types of malicious programs. More recent versions of antivirus programs protect from spyware and potentially unwanted programs such as adware. Having security software that gives you control over software you may not want and protects you from online threats is essential to staying safe on the Internet. Your antivirus and antispyware software should be configured to update itself, and it should do so every time you connect to the Internet.

Review bank and credit card statements regularly

The impact of identity theft and online crimes can be greatly reduced if you can catch it shortly after your data is stolen or when the first use of your information is attempted. One of the easiest ways to get the tip-off that something has gone wrong is by reviewing the monthly statements provided by your bank and credit card companies for anything out of the ordinary.

53 | P a g e

Additionally, many banks and services use fraud prevention systems that call out unusual purchasing behaviors (e.g., if you live in Mumbai and all of a sudden start buying refrigerators in Delhi). In order to confirm these out of the ordinary purchases, they might call you and ask you to confirm them. Don't take these calls lightly--this is your hint that something bad may have happened and you should take action.

54 | P a g e

CYBER CRIME IN BANKING SECTOR

AUTOMATED TELLER MACHINE (ATM) The traditional and ancient society was devoid of any monetary instruments and the entire exchange of goods and merchandise was managed by the barter system. The use of monetary instruments as a unit of exchange replaced the barter system and money in various denominations was used as the sole purchasing power. The modern contemporary era has replaced these traditional monetary instruments from a paper and metal based currency to plastic money in the form of credit cards, debit cards, etc. This has resulted in the increasing use of ATM all over the world. The use of ATM is not only safe but is also convenient. This safety and convenience, unfortunately, has an evil side as well that do not originate from the use of plastic money rather by the misuse of the same. This evil side is reflected in the form of ATM FRAUDS that is a global problem. The use of plastic money is increasing day by day for payment of shopping bills, electricity bills, school fees, phone bills, insurance premium, travelling bills and even petrol bills. The convenience and safety that credit cards carry with its use has been instrumental in increasing both credit card volumes and usage. This growth is not only in positive use of the same but as well as the negative use of the same. The world at large is struggling to increase the convenience and safety on the one hand and to reduce it misuse on the other. Techniques of ATM Card Frauds Some of the popular techniques used to carry out ATM crime are:

Through Card Jamming ATMs card reader is tampered with in order to trap a customers card. Later on the criminal removes the card. Card Skimming, is the illegal way of stealing the cards security information from the cards magnetic stripe. Card Swapping, through this customers card is swapped for another card without the knowledge of cardholder.

55 | P a g e

Website Spoofing, here a new fictitious site is made which looks authentic to the user and customers are asked to give their card number. PIN and other information are used to reproduce the card for use at an ATM.

ATM machine is physical attacked for removing the cash.

MONEY LAUNDERING Almost all the banks trade in foreign exchange Money laundering in any country or economy affects the foreign exchange market directly. The money laundering reduces the legal volume of the banks business. It also causes fluctuations in the exchange rate. Further, money laundering can undermine the credibility of the banking system. Facilitating the activities of launderers even inadvertently can push the banks into problems with law enforcement agencies and also governments. In some reported cases, the banks survival has come under threat. It is not difficult to see what effect it has on the profitability of banks. CREDIT CARD FRAUD It is a wide-ranging term for theft and fraud committed using a credit card or any similar payment mechanism as a fraudulent source of funds in a transaction. The purpose may be to obtain goods without paying, or to obtain unauthorized funds from an account. Credit card fraud is also an adjunct to identity theft. According to the Federal Trade Commission, while identity theft had been holding steady for the last few years, it saw a 21 percent increase in 2008. However, credit card fraud, that crime which most people associate with ID theft, decreased as a percentage of all ID theft complaints for the sixth year in a row. The cost of credit card fraud reaches into billions of dollars annually. In 2006, fraud in the United Kingdom alone was estimated at 535 million, or US$750-830 million at prevailing 2006 exchange rates.

Caselet: Three people held guilty in on line credit card scam

Customers credit card details were misused through online means for booking air-tickets. These culprits were caught by the city Cyber Crime Investigation Cell in Pune. It is found that details misused were belonging to 100 people.

56 | P a g e

Mr. Parvesh Chauhan, ICICI Prudential Life Insurance officer had complained on behalf of one of his customer. In this regard Mr. Sanjeet Mahavir Singh Lukkad, Dharmendra Bhika Kale and Ahmead Sikandar Shaikh were arrested. Lukkad being employed at a private institution, Kale was his friend. Shaiklh was employed in one of the branches of State Bank of India. According to the information provided by the police, one of the customers received a SMS based alert for purchasing of the ticket even when the credit card was being held by him. Customer was alert and came to know something was fishy; he enquired and came to know about the misuse. He contacted the Bank in this regards. Police observed involvement of many Bank's in this reference. The tickets were book through online means. Police requested for the log details and got the information of the Private Institution. Investigation revealed that the details were obtained from State Bank of India. Shaikh was working in the credit card department; due to this he had access to credit card details of some customers. He gave that information to Kale. Kale in return passed this information to his friend Lukkad. Using the information obtained from Kale Lukkad booked tickets. He used to sell these tickets to customers and get money for the same. He had given few tickets to various other institutions. Cyber Cell head DCP Sunil Pulhari and PI Mohan Mohadikar A.P.I Kate were involved in eight days of investigation and finally caught the culprits.

57 | P a g e

AMENDMENTS TO THE ACT

In 2008 a series of important Amendments were undertaken. They include

Replacing the term digital signature with electronic signature so that the Act becomes more technologically neutral. Sections to define communicative device e.g. Cell phones and cyber cafe have been added.

A new Section (10A) that states that, contracts concluded electronically shall not be seen as unenforceable just because electronic means were used.

Section 43 that earlier stated Rs. One Crore cost for damage to computer or computer systems was changed to the person who is liable having to pay compensation for damages caused to the person affected.

A new Section (43A) states that if a corporate misuses any personal information of a person that they possess in a computer resource, they are liable to pay compensation to that person.

Sections 66A-66F was added that prescribe punishment for obscene electronic messages, identity theft, cheating by impersonation using a computer, violation of privacy and cyber terrorism.

The term for imprisonment has been reduced from 5 years to 3 years while the fine ranges from Rs. 1, 00,000- Rs. 5, 00,000. While Sections 67A-67C deal with penal provisions for offences like publishing sexually explicit content and child pornography.

Section 69 has been amended to deal with cyber terrorism by giving the State the power to intercept or monitor information through any computer resource.

In 2011, a few more Amendments were passed

The Security Practices Rules require entities holding sensitive personal information of users to maintain certain specified security standards. This personal information included passwords, financial information, medical records, sexual orientation, biometric information, etc.

58 | P a g e

The Intermediary Guidelines Rules prohibit content of specific nature on the Internet. An intermediary, such as a website host, is required to block such content. This includes content that is harmful, harassing, blasphemous, obscene, hateful, racially or ethnically objectionable etc.

The Cyber Caf Rules require cyber cafes to register with a registration agency and maintain a log of identity of users and their Internet usage.

Under the Electronic Service Delivery Rules the government can specify certain services, such as applications, certificates, licenses etc, to be delivered electronically. This helps facilitate e-governance.

59 | P a g e

Research Analysis A Report On Primary Research

Questionnaire

Do you have knowledge about the IT act? Has it caused a change in your cyber? Did the IT act affect your business? Do you make sure that cyber crimes do not take place in your cyber? Do you personally make sure that illegal sites are not accessed in your cyber? Do you restrict some sites in your cyber? Are all the softwares installed in your cyber authenticated? Have you been a victim of cyber crime?

In our primary research we prepared a questionnaire and interviewed 5 cyber caf s to gain insight on how the Information Technology Act has impacted their business and whether they possess knowledge about the Act.

In two cases out of five the cyber caf owners had no knowledge about the act and thought I.T was in reference to Income Tax.

Process of checking ID card. In case of whether they were being affected by the act, the three owners said that the process of checking identity proof has majorly affected their business as most people do not carry any identification and at times are needed to be send back. And also the other aspect where they said they were troubled was when the police would come and frequently check the records and systems of the caf. As soon as the government came up with a regulation, there would be posters put up outside the caf and on every computer screen there would be a pop up of a screen saver which had all the sections of the I.T act describing the punishment.

60 | P a g e

Security Measures. These owners, in order to make sure that there was no cyber crime, two out of them would personally take rounds every 15-20 minutes and all of them had CCTVs installed.

All of the owners maintained a separate written record of the all the people who used their systems, one of them maintained a separate file of photo copies of identity proofs of each customer.

In all the cases, none of the owners had in built softwares that restricted access to most illegal sites.

One out of the three owners did not use any Licensed and Authorized software. None of them has had a personal experience with cyber crime.

61 | P a g e

CONCLUSION

The introduction of Information Technology Act has although curbed the cyber crimes but still a necessary precaution needs to be taken by us. There is a nonstop flood of Trojan horses, bots, and phishing attacks assaulting the Internet every day. Crime ware attacks and identity theft can happen to anyone. Disconnect immediately: This can prevent data from being leaked back to the cybercriminal. Breaking your network connection is a sure-fire way to put a stop to the immediate damage. If you are at work, contact your Information Technology (IT) department. The IT team will need to know about the infection as soon as possible. Scan your computer with an up-to-date antivirus program. A program with antivirus and antispyware capabilities can detect and often remove crime ware threats that would otherwise remain hidden on your computer. Back up your critical information: Sensitive data may be leaked by crime ware and it also may be inadvertently destroyed or lost during the clean-up effort. If you have backup software installed, make a copy of your valuable files such as your photos, videos, and other personal or work files to a backup hard drive or removable media, such as a CD or DVD. This will ensure your information's availability after the computer is free of crime ware. Close affected accounts immediately: In the best-case scenario, you will be able to shut down or change any credit card, bank, or other online service accounts before they can be leveraged by the thief. A little more trouble taken up front to freeze or change accounts can save you much more effort later in disputing fraudulent purchases made by a cybercriminal. Watch your credit reports closely: Keeping a sharp eye on your accounts from all three credit reporting agencies is essential because information may not be the same across all three. Remember that it may take some time before all of the fraudulent activity appears on your credit reports.

62 | P a g e

File a police report: Ideally this should be done in the city where the crime took place. Even though you may not be able to provide the police enough information to bring the criminal to justice, you can use a copy of the police report or the report number as evidence with your creditors in case they ask for proof. You may never need it, but it may help you fight fraudulent claims later. Look for signs of identity theft: It's natural to have your guard up after having your identity stolen. During this time, be on the lookout for odd things in the mail, including credit cards you did not request. Also watches to make sure youre receiving all your standard bills, and that they haven't gone missing. Being contacted by vendors regarding accounts you are unaware of, or even worse, by debt collectors for purchases someone else made, are clear signs of lingering identity theft problems. By taking precautions and using strong Internet security software, we can significantly decrease our chances of becoming a victim of cybercrime. Thus IT act plays a very important role when it comes to managing of cyber crimes. Although this act has not completely erased the horror of cyber crime but to some extent it has decreased the possibility of a cyber crime to take place.

63 | P a g e

BIBLIOGRAPHY
http://www.jiclt.com/index.php/jiclt/article/view/97/96 legalservicesindia.com/article/article/offences-&-penalties-under-the-it-act-2000-439-1.html http://www.legalserviceindia.com/copyright/register.htm http://www.cyberlawsindia.net/ http://EzineArticles.com/3479824 Ebsco: http://search.ebscohost.com/

64 | P a g e