CYBER LAW & CYBER CRIME• Information

Technology Act.• Cyber Law.• Cyber crimes .• Types and Penalties

thereof. • E-commerce and E-

contract. • Internet policy of

Government of India.

By K. VINOTHINI. G. DIVYA.

CYBER LAW

What is Cyber Law?• Cyber Law is the law governing cyber space. Cyber space is a very wide term and includes

computers, networks, software, data storage devices (such as hard disks, USB disks etc), the internet, websites, emails and even electronic devices such as cell phones, ATM machines etc.

• Law encompasses the rules of conduct:1. that have been approved by the government, and 2. which are in force over a certain territory, and 3. which must be obeyed by all persons on that territory.

• Violation of these rules could lead to government action such as imprisonment or fine or an order to pay compensation.

• Cyber law encompasses laws relating to:1. Cyber Crimes 2. Electronic and Digital Signatures 3. Intellectual Property 4. Data Protection and Privacy

Need for Cyber Law

There are various reasons why it is extremely difficult for conventional law to cope with cyberspace. Some of these are discussed below.

1. Cyberspace is an intangible dimension that is impossible to govern and regulate using conventional law.

2. Cyberspace has complete disrespect for jurisdictional boundaries. A person in India could break into a bank’s electronic vault hosted on a computer in USA and transfer millions of Rupees to another bank in Switzerland, all within minutes. All he would need is a laptop computer and a cell phone.

3. Cyberspace handles gigantic traffic volumes every second. Billions of emails are crisscrossing the globe even as we read this, millions of websites are being accessed every minute and billions of dollars are electronically transferred around the world by banks every day.

4. Cyberspace is absolutely open to participation by all. A tenyear-old in Bhutan can have a live chat session with an eightyear-old in Bali without any regard for the distance or the anonymity between them.

5. Cyberspace offers enormous potential.

CYBER LAW AND IT ACT 2000

• Provides legal recognition to electronic documents and a framework to support e-filing and e-commerce transactions and also provides a legal framework to mitigate, check cyber crimes.

• IT Act 2000.• IT (Amendment) Act, 2008.

Information Technology Act, 2000• In India the Information Technology Act, 2000 is the Mother Legislation

that deals with issues related to use of computers, computer systems ,

computer networks and the Internet.

• Information Technology Act, 2000-came into force on 17 October 2000

• amended by the Information Technology (Amendment )Act, 2008.

• Extends to whole of India and also applies to any offence or

contravention there under committed outside India by any person

{section 1 (2)}

Contents of IT act• Penalties and adjudication for various offences

involving computers, computer systems and computer networks..

• Imprisonment and fine for various cybercrimes defined..

• Various cyber offences defined..• Cyber offences to be investigated only by a

Police Officer not bellow the rank of the Inspector (now), Deputy Superintendent of Police(earlier).

Civil Wrongs under IT Act• Chapter IX of IT Act, Section 43• Whoever without permission of owner of the computer

– Secures access (mere U/A access)• Not necessarily through a network

– Downloads, copies, extracts any data– Introduces or causes to be introduced any viruses or

contaminant– Damages or causes to be damaged any computer resource

• Destroy, alter, delete, add, modify or rearrange• Change the format of a file

– Disrupts or causes disruption of any computer resource

CYBER CRIME

• It is a CRIMINAL activity committed on the internet. This is a broad term that describes everything from Electronic cracking to denial of service attacks that cause electronic commerce sites to lose money.

Classification of cyber crimes

• The computer as a target - attacking the computers of others (spreading viruses is an example).

• The computer as a weapon - using a computer to commit "traditional crime" that we see in the physical world (such as fraud or illegal gambling).

• The computer as an accessory - using a computer as a "fancy filing cabinet" to store illegal or stolen information.

Types of Cyber crimes• Hacking• Credit card frauds• Cyber pornography • Sale of illegal articles-narcotics,

weapons, wildlife• Online gambling• Intellectual Property crimes- software

piracy, copyright infringement, trademarks violations, theft of computer source code

• Email spoofing• Forgery• Defamation• Cyber stalking (section 509 IPC)• Phising • Cyber terrorism• Denial of service attack• Virus Disseemination• Software piracy

Pictorial representation

of various cyber crimes

Common cyber crimesHacking

Computer hacking is when someone modifies computer hardware or software in a way that alters the creator's original intent. People who hack computers are known as hackers. Hackers are usually real technology buffs who enjoy learning all they can about computers and how they work.

SpamThe most common type of cyber crime is spam. While email spam laws are fairly new, there have been laws on the books regarding "unsolicited electronic communication" for many years.

FraudCredit fraud is another common form of cyber crime. Certain computer viruses can log keystrokes on your keyboard and send them to hackers, who can then take your Social Security number, credit card number and home address. This information will be used by the hacker for his own means.

Cyber BullyingHarassment, or cyber bullying, is a growing problem among teenagers. Many countries in Europe and several states in the United States have laws to punish those who consistently harass somebody over the Internet.

Drug Trafficking Believe it or not, drug trafficking is happening over the Internet. Many traffickers use encrypted email or password-protected message boards to arrange drug deals.

Cyber Terrorism There are many forms of cyberterrorism. Sometimes it's a rather smart hacker breaking into a government website, other times it's just a group of like-minded Internet users who crash a website by flooding it with traffic. No matter how harmless it may seem, it is still illegal.

Piracy Far and away the most talked about form of cyber crime is thievery. Yes, downloading music from peer-to-peer websites is illegal and therefore a form of cyber crime.

Penalties

• On first conviction - imprisonment of either description for a term which may extend to three years and with fine which may extend to five lakh rupees.

• Second or subsequent conviction – imprisonment of either description for a term which may extend to five years and also with fine which may extend to ten lakh rupees.

Section 66: Hacking

• Ingredients– Intention or Knowledge to cause wrongful loss

or damage to the public or any person– Destruction, deletion, alteration, diminishing

value or utility or injuriously affecting information residing in a computer resource

• Punishment– imprisonment up to three years, and / or – fine up to Rs. 2 lakh

• Cognizable, Non Bailable,

15

Section 66 covers data theft aswell as data alteration

Sec. 67. Pornography• Ingredients

– Publishing or transmitting or causing to be published – in the electronic form, – Obscene material

• Punishment– On first conviction

• imprisonment of either description up to five years and • fine up to Rs. 1 lakh

– On subsequent conviction • imprisonment of either description up to ten years and • fine up to Rs. 2 lakh

• Section covers– Internet Service Providers,– Search engines, – Pornographic websites

• Cognizable, Non-Bailable, JMIC/ Court of Sessions

Sec 69: Decryption of information• Ingredients

– Controller issues order to Government agency to intercept any information transmitted through any computer resource.

– Order is issued in the interest of the• sovereignty or integrity of India, • the security of the State, • friendly relations with foreign States, • public order or • preventing incitement for commission of a cognizable offence

– Person in charge of the computer resource fails to extend all facilities and technical assistance to decrypt the information-punishment upto 7 years.

Arms ActOnline sale of Arms

Sec. 383 IPCWeb-Jacking

NDPS ActOnline sale of Drugs

Sec 416, 417, 463 IPCEmail spoofing

Sec 420 IPCBogus websites, cyber frauds

Sec 463, 470, 471 IPCForgery of electronic records

Sec 499, 500 IPCSending defamatory messages by email

Sec 503 IPC Sending threatening messages by email

Computer Related Crimes under IPC and Special Laws

18

CASE:FIR NO 76/02 PS PARLIAMENT STREET

CASE:FIR NO 76/02 PS PARLIAMENT STREET

• Mrs. SONIA GANDHI RECEIVED THREATING E-MAILS• E- MAIL FROM

– missonrevenge84@khalsa.com– missionrevenge84@hotmail.com

• THE CASE WAS REFERRED • ACCUSED PERSON LOST HIS PARENTS DURING 1984

RIOTS(1984 anti-Sikh riots)

19

Case: Phishing

• With the tremendous increase in the use of online banking, online share trading and ecommerce, there has been a corresponding growth in the incidents of phishing being used to carry out financial frauds.

• Phishing involves fraudulently acquiring sensitive information (e.g. passwords, credit card details etc) by masquerading as a trusted entity.

Scenario 1: The victim receives an email that appears to have been sent from his bank. The email urges the victim to click on the link in the email. When the victim does so, he is taken to “a secure page on the bank’s website”. The victim believes the web page to be authentic and he enters his username, password and other information. In reality, the website is a fake and the victim’s information is stolen and misused. The law Sections 43 and 66 of Information Technology Act and sections 419, 420 and 468 of Indian Penal Code.

Who is liable?All persons involved in creating and sending the fraudulent emails and creating and maintaining

the fake website. The persons who misuse the stolen or “phished” information are also liable.The motive

Illegal financial gain.Modus Operandi• The suspect registers a domain name using fictitious details. The domain name is usually such that can be

misused for spoofing e.g. Noodle Bank has its website at www.noodle.com The suspects can target Noodle customers using a domain name like www.noodle-bank-customerlogin.com

• The suspect then sends spoofed emails to the victims. e.g. the emails may appear to come from info@noodle.com

• The fake website is designed to look exactly like the original website.

AN OVERVIEW OF CYBERCRIME IN INDIA

February 2012

The Cost of Cybercrime

In India in 2010:

– 29.9 million people fell victim to cybercrime– $4 billion in direct financial losses – $3.6 billion in time spent resolving the crime– 4 in 5 online adults (80%) have been a victim of cybercrime– 17% of adults online have experienced cybercrime on their

mobile phone

Source: Norton Cybercrime Report 2011

Why India?

A rapidly growing online user base

– 121 million internet users – 65 million active internet users, up 28% from

51 million in 2010– 50 million users shop online on ecommerce

and online shopping sites– 46+ million social network users– 346 million mobile users had subscribed to

data packages

Source: IAMAI; Juxt; wearesocial 2011

What kind of cybercrimes?

• The majority of cybercrimes are centered on forgery, fraud and phishing

• India is the third-most targeted country for phishing attacks after the US and the UK

• Social networks as well as ecommerce sites are major targets• 6.9 million bot-infected systems in 2010• 14,348 website defacements in 2010• 6,850 .in and 4,150 .com domains were defaced during 2011• 15,000 sites hacked in 2011• India is the number 1 country in the world for generating spam

What should government tackle?• The police have recorded 3,038 cases but

made only 2,700 arrests in 3 years (between 2007 and 2010)

• India registered only 1,350 cases under the IT Act and IPC in 2010

• 50% of cybercrimes are not even reported

• Why are so few cases are reported and does that mean the legislation is inadequate?

Arrests & Reports under IT Act• Under the IT Act, 966 cybercrime cases were filed in 2010 420

in 2009)• Geographic breakdown of cases reported:

– 153 from Karnataka,– 148 from Kerala – 142 from Maharashtra – 105 Andhra Pradesh – 52 Rajasthan – 52 Punjab

• 233 persons were arrested in 2010• 33% of the cases registered were related to hacking

Source: National Crime Records Bureau

The future of cybercrimes in India

• Continued website hacks and defacements

• Data and information theft

• Increasing phishing attacks on ecommerce and financial websites

• Cybercriminals targeting social and professional networks

• Threats directed at the mobile platform: smartphones and tablets

Better Enforcement initiatives

• Mumbai Cyber lab is a joint initiative of Mumbai police and NASSCOM –more exchange

and coordination of this kind

• Suggested amendments to the IT Act,2000-new provisions for child pornography, etc

• More Public awareness campaigns

• Training of police officers to effectively combat cyber crimes

• More Cyber crime police cells set up across the country

• Effective E-surveillance

• Websites aid in creating awareness and encouraging reporting of cyber crime cases.

• Specialised Training of forensic investigators and experts

• Active coordination between police and other law enforcement agencies and authorities

is required.

Recommendations

1. Firms should secure their networked information.

2. Governments should assure that their laws apply to cyber crimes.

3. Firms, governments, and civil society should work cooperatively to strengthen legal frameworks for cyber security.

E-commerce and E-contract. Internet policy of Government of India.

• Electronic contracts (contracts that are not paper based but rather in electronic form) are born out of the need for speed, convenience and efficiency.

For further Reading…Please refer

• http://www.cyberlawsindia.net/

• http://dict.mizoram.gov.in/uploads/attachments/cyber_crime/intro-indian-cyber-law.pdf

• http://www.iibf.org.in/documents/Cyber-Laws-chapter-in-Legal-Aspects-Book.pdf

E Contract:• http://dict.mizoram.gov.in/uploads/attachments/cyber_crime/electronic-contracts

.pdf

BE AWARE!!!THANK YOU