Cyber Law &

Cyber Security
JAGADISH.A.T
ASSISTANT PROFESSOR OF LAW
JSS LAW COLLEGE, AUTONOMOUS
MYSORE

The modern thief can steal more

with a computer than with a gun.
Tomorrow's terrorist may be able to
do more damage with a keyboard
than with a bomb

-National Research Council,

U.S.A
Computers at Risk
(1991)

CYBER LAW
Cyber Law is a distinct branch of law to deal with the activities in

Cyber Space.
Cyberspace is created when two or more computers are inter-

connected with each other with the help of a network. It is a

wider term and includes computers, networks, software, data
storage devices,( such as hard disk, USB disk, etc), the internet,
websites e-mails, and even electronic devices such as cell phones,
ATM machines etc.
Cyber

Law is also called as Internet

Technology Law, Computer Law.

Law,

Information

Cyber Lawdescribes the legal issues related to use of inter-

networked information technology. It is less a distinct field of law in

the way that property or contract are, as it is a domain covering
many areas of law and regulation. Some leading topics include
Intellectual Property, Privacy, Data Protection, Freedom of Speech &
Expression, and Jurisdiction, Cyber Security.

CYBER LAW
Cyber Law is a term first coined by Jonathan Rosenoer as the title for a
service aimed at explaining legal issues to computer users. It derives
from the term, Cybernetics.
Cyber Law (tm) was first published on an AOL user group no later than
early 1992, as a version of a series of articles published in print, under
the name "The Legal Side," by major US computer (primarily Macintosh)
users groups, such as BMUG, and on The WELL.
It can defined as computers and computer networks, internet
infrastructure and topography, software, websites and internet based
communication technologies and its in-depth scientific knowledge that is
used to upload, access, search, process, share, transmit, post, update
information including textual or multimedia based images or other
information. It includes hardware, databases, programs, and other
internet related equipment used for storage, processing and
transmission of information across computer network.

CYBER CRIME
Cyber crime is the latest and perhaps the most complicated

problem in the cyber world.

Cyber crime may be said to be those species, of which,
genus is the conventional crime, and where either the
computer is an object or subject of the conduct constituting
crime Any criminal activity that uses a computer either
as an instrumentality, target or a means for perpetuating
further crimes comes within the ambit of cyber crime
Cyber crimes can involve criminal activities that are
traditional in nature, such as theft, fraud, forgery,
defamation and mischief, all of which are subject to the
Indian Penal Code.
A generalized definition of cyber crime may be unlawful
acts wherein the
i)computer is either a tool
ii)computer is a target or
iii)computer is incidental to the commission of crime.

3Billion Internet Users, 2.3 Mobile Broadband Subscribers Globally By End OF 2014
Posted:06 May 2014 05:04 AM PDT
Trakin' the india business buzz
info@trak.in

UNs International Telecommunications Union (ITU) has

released their latest report on Internet users across the

world. According to it, there will be almost 3 billion internet
users globally with nearly two-thirds coming from
developing countries like India by end of 2014. On the
other hand mobile broadband subscriptions too have seen a
steep rise and will reach 2.3 billion.
Internet user penetration is roughly 40 per cent globally, 78
percent in developed countries and 32 percent in developing
countries. More than 90 per cent of the people who are not
yet using the Internet are from the developing world.

NEED & IMPORTANCE OF CYBER LAWS

Tackling Cyber Crime Successful

smooth functioning of ecommerce

virtual communication
No Jurisdictional Boundaries.

and

Cyber Security: Some challenges and concerns

(a) Lack of awareness and the culture of cyber security at individual as

well as institutional level.
(b) Lack of trained and qualified manpower to implement the counter
measures.
(c) Too many information security organisations which have become
weak due to 'turf wars' or financial compulsions.
(d) A weak IT Act which has became redundant due to non exploitation
and age old cyber laws.
(e) No e-mail account policy especially for the defence forces, police
and the agency personnel.
(f) Cyber attacks have come not only from terrorists but also from
neighbouring countries inimical to our National interests.
(g) Explosion of computer and broadband internet availability .
(h) Low priority of security for software developers.
(i) Challenge of timely patching vulnerabilities on all systems.

What is the Information

Security and Risk
Management Domain?
Information security and risk management
consists of the preventive and proactive
measures taken to prevent cybercrimes.
Information security: policies and procedures
required to secure information assets, including
IT hardware, software, and stored data.
Information risk management: manages the
risk related to information assets and IT and is
part of the larger enterprise risk management
(ERM).

What does Information Security

mean to you?
The protection of information system against

unauthorized access to or modification of

information, whether in storage, processing or
transit, and against the denial of service to
authorized users or the provision of service to
unauthorized users, including those measures
necessary to detect, document, and counter
such threats.

Information Security and Risk Management

Domain

Security Management Principles

Fundamental principles of information security
include CIA:

Confidentiality: Sensitive data at each

point in information processing is secure and
protected from unauthorized access
Integrity: Data is accurate and reliable.
Availability: Required data is available as
needed by an organizations users, such as
accountants. If data is destroyed, data can be
restored so it is available.

Indian Computer Emergency

Response Team (Cert-In)
Cert-In is the most important constituent of

India's cyber community. Its mandate states,

'ensure security of cyber space in the country
by enhancing the security communications
and
information
infrastructure,
through
proactive action and effective collaboration
aimed at security incident prevention and
response and security assurance'.

National Information Security

Assurance Programme (NISAP).
This is for Government and critical infrastructures,
Highlights are :
(a) Government and critical infrastructures should
have a security policy and create a point of contact.
(b) Mandatory for organizations to implement security
control and report any security incident to Cert-In.
(c) Cert-In to create a panel of auditor for IT security.
(d) All organizations to be subject to a third party
audit from this panel once a year.
(e) Cert-In to be reported about security compliance
on periodic basis by the organizations.

Cyber security
Cyber security involves protection of sensitive personal

and
business
information
through
prevention,
detection, and response to different online attacks.
Cyber security actually protects your personal
information by responding, detecting and preventing
the attacks.
Cyber security Privacy policy : Before submitting your
name, email address, or other personal information on
a web site, look for the site's privacy policy.
Evidence that your information is being encrypted : To
protect attackers from hijacking your information, any
personal information submitted online should be
encrypted. Many sites use SSL or secure sockets layer,
to encrypt information. Protecting your privacy.

Cyber security

Cyber security Keep software up to date: If the seller

releases patches for the software operating your

device, install them as soon as possible. Installing
them will prevent attackers from being able to take
advantage. Use good passwords: Select passwords
that will be difficult for thieves to guess. Do not choose
options that allow your computer to remember your
passwords.
How can we protect? Disable remote connectivity:
Some PDAs and phones are equipped with wireless
technologies, such as Bluetooth, that can be used to
connect to other devices or computers. You should
disable these features when they are not in use.

Advantages
security

of

cyber

The cyber security will defend us from critical

attacks.
It helps us to browse the safe website.
Internet security process all the incoming and
outgoing data on our computer.
cyber security will defend from hacks and virus.
The application of cyber security used in our PC
needs update every week.
The security developers will update their database
every week once. Hence the new virus also
deleted.

Statutory Framework in India

Information Technology Act, 2000 (Amended

in 2008)
The
Information
Technology
(Certifying
Authority) Regulations, 2001 (amended in
2011)
The personal Data Protection Bill, 2006
The Communication Convergence Bill, 2001
The
Information Technology (Karnataka)
Rules, 2004
Basis for Information Technology Act, 2000

UNCITRAL Model Law on E-Commerce

Safety tips to cyber crime

Use antivirus softwares
Insert firewalls
uninstall unnecessary software maintain

backup
check security settings

Information Technology Act,

2000
Chapter-I Preliminary (section 1, 2)
Chapter-II Digital Signature and

Electronic

Signature (section 3, 3A)

Chapter-III Electronic Governance (section 4 to
10, 10A)
Chapter IV Attribution, Acknowledgment and
Dispatch of Electronic Records (section 11 to 13)
Chapter-V Secure Electronic Records and secure
(Electronic Signatures) (section 14 to 16)

Information Technology Act, 2000

Chapter- VI Regulating of Certifying authorities

(section 17 to 34)
Chapter VII Electronic Signature Contracts
(section 35 to 42)
Chapter VIII Duties of Subscribers (section 40 to
42)
Chapter
IX
Penalties,
Compensation
and
Adjudication (section 43 to 47)
Chapter- X The Cyber Appellate Tribunal (section
48 to 64)
Chapter XI Offences (section 65 to 78)

Information Technology Act, 2000

Chapter-XII Intermediaries not to be liable in

certain cases (section 79)

Chapter-XII A Examiner of Electronic Evidence
(section 79A)
Chapter XIII Miscellaneous (section 80 to 94)
repealed

The
first
ScheduleDocuments
or
Transactions to which the Act shall not apply
The Second Schedule- Electronic Signature or
Electronic Authentication Technique and
Procedure.

Information Technology Act,2000 not

applicable in following cases: First Schedule
a) negotiable instrument (Other than a cheque) as defined

in section 13 of the Negotiable Instruments Act, 1881;

b) a power-of-attorney as defined in section 1A of the
Powers-of-Attorney Act, 1882;
c) a trust as defined in section 3 of the Indian Trusts Act,
1882
d) a will as defined in clause (h) of section 2 of the Indian
Succession Act, 1925 including any other testamentary
disposition
e) any contract for the sale or conveyance of immovable
property or any interest in such property;
f) any such class of documents or transactions as may be
notified by the Central Government

Recent amendments in IT Act,2000

To protect interests of sovereignty , integrity of India, public order,

security of State , defense of India, friendly relations with foreign states

Section 69 -Power of interception, decryption, monitoring of information

by Central govt/state govt authorized agencies

Section 69 A -Power to block objectionable websites-to protect interests

of sovereignty , integrity of India, public order, security of State , defense

of India, friendly relations with foreign states

Section 69 B -Power to authorize to monitor and collect traffic data, or

information through any computer resource for cyber security

Section 70 -Protected systems, and Section 70A Central Govt shall

appoint Indian Computer Emergency Response Team to protect its critical

infrastructure

Types of Cybercrime
HACKING:
Hacking

in simple terms means an illegal

intrusion into a computer system and/or
network. It is also known as CRACKING.
Government websites are the hot targets of the
hackers due to the press coverage, it receives.
Hackers enjoy the media coverage.
Motive Behind The Crime called HACKING Greed
Power Publicity Revenge Adventure Desire to
access
forbidden
information
Destructive
mindset Wants to sell security services

Types of Cybercrime
CHILD PORNOGRAPHY:

The Internet is being highly used by its abusers to

reach and abuse children sexually, worldwide. . As

more homes have access to internet, more
children would be using the internet and more are
the chances of falling victim to the aggression of
pedophiles.
How do they Operate : Pedophiles use false
identity to trap the children/teenagers.
Pedophiles contact children/teens in various chat
rooms which are used by children/teen to interact
with other children/teen Befriend the child/teen.
Extract personal information from the child/teen
by winning his confidence.

Types of Cybercrime
DENIAL OF SERVICE ATTACK:
This is an act by the criminal, who
floods the bandwidth of the victims
network or fills his e-mail box with
spam mail depriving him of the
services he is entitled to access or
provide . Many DoS attacks, such as
the Ping of Death and Teardrop
attacks, exploit limitations in the
TCp/IP protocols.

Type of Cyber Crime

VIRUS DISSEMINITION :
Malicious software that attaches itself to other

software. (virus, worms, Trojan Horse, web

jacking, e-mail bombing etc)

ITS A JUNGLE OUT THERE

Computer Viruses

Network Worms

Trojan Horses

Logic Bombs

Address Book theft

Hijacked Home Pages

DNS Poisoning

Denial of Service Attacks

Zombies, IP Spoofing

Buffer Overruns

Password Grabbers

Password Crackers

AND THE EVER POPULAR:

Hoaxes

Ploys
Pop-Ups
Scams
Spam

DID YOU KNOW?

In 1980 a computer cracked a 3-character
password within one minute.
In 1999 a team of computers cracked a 56character password within one day.

In 2011 a computer virus infected 1

million computers within one hour.

DEFINITIONS
A computer program
Tells a computer what to do and how to do it.

Computer viruses, network worms,

Trojan Horse
These are computer programs.

Types of Cybercrime
COMPUTER VANDALISM:
Damaging or destroying data rather than

stealing or misusing them is called cyber

vandalism. Transmitting virus: These are
programs that attach themselves to a file and
then circulate . They usually affect the data on
a computer, either by altering or deleting it
against properties.

SALIENT DIFFERENCES
1) Computer Virus: Needs a host file
Copies itself
Executable
2) Network Worm: No host (self-contained)
Copies itself
Executable
3) Trojan Horse:

No host (self-contained)
Does not copy itself
Imposter Program

TYPICAL SYMPTOMS
File deletion
File corruption
Visual effects
Pop-Ups
Erratic (and unwanted) behavior
Computer crashes

Types of Cybercrime
CYBER TERRORISM

The most popular weapon in cyber terrorism is the use of computer viruses and
worms. In some cases of cyber terrorism is also called 'computer terrorism'. The
attacks or methods on the computer infrastructure can be classified into three
different categories.
(a) Physical Attack: The computer infrastructure is damaged by using
conventional methods like bombs, fire etc.
(b) Syntactic Attack: The computer infrastructure is damaged by modifying the
logic of the system in order to introduce delay or make the system unpredictable.
Computer viruses and Trojans are used in this type of attack.
(c) Semantic Attack: This is more treacherous as it exploits the confidence of the
user in the system. During the attack the information keyed in the system during
entering and exiting the system is modified without the users knowledge in order to
induce errors,
Cyber terrorism is not only limited to paralyzing computer infrastructures but it has
gone far beyond that. It is also the use of computers, Internet and information
gateways to support the traditional forms of terrorism like suicide bombings.
Internet and email can be used for organizing a terrorist attack also. Most common
usage of Internet is by designing and uploading websites on which false
propaganda can be pasted. This comes under the category of using technology for
psychological warfare.

Tools of Cyber Terrorism

Cyber terrorists use certain tools and methods to unleash this new age terrorism.
These are :
(a) Hacking: The most popular method used by a terrorist. It is a generic term
used for any kind of unauthorized access to a computer or a network of
computers. Some ingredient technologies like packet sniffing, tempest attack,
password cracking and buffer outflow facilitates hacking.
(b) Trojans: Programmes which pretend to do one thing while actually the~ are
meant for doing something different, like the wooden Trojan Horse of the 1z'
Century BC.
(c) Computer Viruses: It is a computer programme, which infects other
computer, programmes by modifying them. They spread very fast.
(d) Computer Worms: The term 'worm' in relation to computers is a self
contained programme or a set of programmes that is able to spread functional
copies of itself or its segments to other computer systems usually via network
connections.
(e) E-Mail Related Crime: Usually worms and viruses have to attach themselves
to a host programme to be injected. Certain emails are used as host by viruses
and worms. E-mails are also used for spreading disinformation, threats and
defamatory stuff.
(f) Denial of Service: These attacks are aimed at denying authorized persons
access to a computer or computer network.
(g) Cryptology: Terrorists have started using encryption, high frequency
encrypted voice/data links etc. It would be a Herculean task to decrypt the

Examples of Cyberterrorism
Attacks that lead to death or bodily injury, explosions, plane

crashes, water contamination, or severe economic loss or Serious

attacks against critical infrastructures would be examples.

Solar Sunrise- In early 1998 U.S. military systems were subjected

to an "electronic assault," noted as "Solar Sunrise." The intruders

hid their tracks by routing their attack through computer systems in
the United Arab Emirates.
It was found that two young hackers in California had carried out
the attacks under the direction of a hacker in Israel, himself a
teenager. They gained privileged access to computers using tools
available from a university web site and installed sniffer programs
to collect user passwords. They created a backdoor to get back into
the system and then used a patch available from another university
web site to fix the vulnerability and prevent others from repeating
their exploit.

Examples of Cyber
terrorism
Middle East terrorist groups--such as Hizballah, HAMAS, and

Usama Bin Ladin's organization--are using computerized files, email,

and encryption to support their organizations.
Kurdish separatists in Greece and Turkey, Kashmiri separatists in

India, and Zapatista rebels in Mexico have also hacked official

government Web pages and posted anti-government propaganda and
pictures.
Terrorists and extremists already use the Internet to cause
destruction, communicate, to raise funds, recruit, and gather
intelligence. They may even launch attacks remotely from countries
where their actions are not illegal or with whom we have no
extradition agreements

Types of Cybercrime
SOFTWARE PIRACY:

Theft of software through the

illegal copying of genuine

programs
or
the
counterfeiting and distribution
of products intended to pass
for the original.

CASE LAWS

Examples of Data thefts

In June 2006, Nadeem Kashmiri, an employee at HSBC's call center

in Bangalore, sold the customer credit card information to a group

of scamsters who used the information to siphon off nearly Rs 1.8
crore from bank accounts of UK-based customers.

An Indian engineer and former Intel employee, Bishwasmohan Pani

has been charged as stealing secret information from Intel for its
new employer and Intel's rival Advanced Micro Devices (AMD)

Acme Tele Power Private Limited, a Manesar-based IT company,

decided to shift its $10 million R&D facility to Australia because of a

recent incident of data theft that caused it a loss of Rs 750 crore.
Acme had developed a product called Power Interface Unit (PIU) and
had it patented by the government of India. The patent was valued
at Rs 750 crore by Ernst and Young. One of our employees,
Sachidanand Patnaik, worked on the project and leaked the
patented software of PIU to Lambda Eastern Telecom Limited.

Glaring Examples Data thefts

The incidents in the recent past involving Cyber Space have

highlighted the issues of privacy and data protection in India

The Pune scam was the first among the many BPO frauds that made

international headlines. In April 2005, five employees of MsourcE in Pune

were arrested for allegedly pulling off a fraud worth nearly 2.5 crore rupees
from the Citibank accounts of four New York-based account holders.
In June 2005, the British tabloid Sun, in a sting operation, purchased the
bank account details of 1,000 Britons from Karan Bahree, an employee of
Gurgaon-based BPO company Infinity E-Search.

MMS Scams
The Multimedia Messaging Service,

similar to EMS, is a new and

improved format of Short Message
Service (SMS). MMS allows
compatible cell phone users to
exchange multimedia messages on
their phones, such as graphical
postcards, animations, video clips,
maps and business cards.

Where a video clip is circulated in

the cyberspace through Multimedia

Messaging Service which contains
sexually explicit material can be
defined as MMS scams

MMS scandals
In 2004 a DPS (Delhi Public School) student filmed a sexually explicit video clip

of his classmate in a compromising position on his cell phone, forwarded the video
via MMS to his friends. The clip was then put up on Bazee.com and widely
circulated.
Case of the State of Tamil Nadu Vs Suhas Katti is notable for the fact that the
conviction was achieved successfully within a relatively quick time of 7 months
from the filing of the FIR .
The case related to posting of obscene, defamatory and annoying message about a
divorcee woman in the yahoo message group. Additional Chief Metropolitan
Magistrate, delivered the judgment on 5-11-04 as follows:
The accused is found guilty of offences under section 469, 509 IPC and 67 of IT

Act 2000 and the accused is convicted and is sentenced for the offence to undergo
RI for 2 years under 469 IPC and to pay fine of Rs.500/- and for the offence u/s
509 IPC sentenced to undergo 1 year Simple imprisonment and to pay fine of
Rs.500/- and for the offence u/s 67 of IT Act 2000 to undergo RI for 2 years and to
pay fine of Rs.4000/- All sentences to run concurrently.

This is considered the first case convicted under section 67 of Information

Technology Act 2000 in India

The Noida MMS Scandal

In February 2009, an MBA

student in Noida a boy

circulated video clip of his 23
-year-old-girlfriend doing
striptease for him to his
classmates using the girl's email id.
After the girl refused to
marry him, the boy who had
access to the girl's mail id
and circulated that MMS clip
to fellow students.
Police registered a case of
criminal intimidation
following a complaint filed by
the girl's family

Srinagar Sex abuse scandal

Srinagar sex abuse scandal
involved top J&K politicians.
Police arrested Mohammad
Ashraf after a 15-year-old victim
recognised him during an
identification parade.
Clip was prepared to blackmail
the girl so that she did not marry
anybody else .
the 15-year old victim of the J&K
sex abuse scandal given to the
CBI which identifies the culprit
behind the filming of the MMS
and unveils the personal trauma
of the girl child
(5june 2006 Indian express)

THANK YOU