Escolar Documentos
Profissional Documentos
Cultura Documentos
"Cyber crime" is not a rigorously defined concept. For our purposes, consider it to embrace criminal acts that can be accomplished while sitting at a computer keyboard. Such acts include gaining unauthorized access to computer files, disrupting the operation of remote computers with viruses, worms, logic bombs, Trojan horses, and denial of service attacks; distributing and creating child pornography, stealing another's identity; selling contraband, and stalking victims. Cyber crime is cheap to commit (if one has the know-how to do it), hard to detect (if one knows how to erase one's tracks), and often hard to locate in jurisdictional terms, given the geographical indeterminacy of the net. Our purpose in considering the subject of cyber crime is not to catalog it exhaustively, but rather to raise and consider questions of particular interest that are presented by cyber methodologies of committing crimes. The most interesting questions arise at the points where criminal opportunities presented by the new technologies stretch the bounds of our criminal law. The term cyber crime is a misnomer. This term has nowhere been defined in any statute /Act passed or enacted by the Indian Parliament. The concept of cyber crime is not radically different from the concept of conventional crime. Both include conduct whether act or omission, which cause breach of rules of law and counterbalanced by the sanction of the state.
Computer crime refers to any crime that involves a computer and a network. The
computer may have been used in the commission of a crime, or it may be the target.
Net crime refers to criminal exploitation of the Internet. Cybercrimes are defined as: "Offences that are committed against individuals or groups of individuals with a criminal motive to intentionally harm the reputation of the victim or cause physical or mental harm to the victim directly or indirectly, using modern telecommunication networks such as Internet (Chat rooms, emails, notice boards and groups) and mobile phones (SMS/MMS)". Such crimes may threaten a nations security and financial health. Issues surrounding this type of crime have become high-profile, particularly those surrounding cracking, copyright infringement, child pornography, and child grooming. There are also problems of privacy when confidential information is lost or intercepted, lawfully or otherwise. Internationally, both governmental and non-state actors engage in cybercrimes, including espionage, financial theft, and other cross-border crimes. Activity crossing international borders and involving the interests of at least one nation state is sometimes referred to as cyber warfare. The international legal system is attempting to hold actors accountable for their actions through the International Criminal Court. Before evaluating the concept of cyber crime it is obvious that the concept of conventional crime be discussed and the points of similarity and deviance between both these forms may be discussed.
CRIME STATISTICS
As per the National Crime Records Bureau statistics, during the year 2005, 179 cases were registered under the IT Act as compared to 68 cases during the previous year, thereby reporting a significant increase of 163.2% in 2005 over 2004. During 2005, a total of 302 cases w e r e r e g i s t e r e d u n d e r I P C s e c t i o n s a s c o m p a r e d t o 2 7 9 s u c h c a s e s d u r i n g 2 0 0 4 , t h e r e b y reporting an increase of 8.2% in 2005 over 2004. NCRB is yet to release the statistics for 2006.In 2006, 206 complaints were received in comparison with only 58 in 2005, a 255% increase in the total number of complaints received in the Cyber Cell/EOW over the last year. In terms of c a s e s r e g i s t e r e d a n d i n v e s t i g a t e d i n 2 0 0 6 ( u p t o 2 2 . 1 2 . 0 6 ) , a t o t a l o f 1 7 c a s e s , w h e r e t h e computer was the victim, a tool or a repository of evidence, have been registered in the Cyber Cell/EOW as compared to 12 cases registered in 2005. And mind you, these are just the reported cases. While the number of cyber crime instances has been constantly growing over the last few years, the past year and a half, in particular, has seen a rapid spurt in the pace of cyber crime activities. Cyber lawyers, Pavan Duggal, advocate with the Supreme Court of India and Karnika Seth, partner, Seth Associates, Advocates and Legal Consultants, testify to this, pointing out that they have seen a jump in the number of cyber crime cases that they've been handling in the last o n e y e a r . O n e a l s o s h o u l d r e m e m b e r t h a t t h e t e r m ' C y b e r C r i m e ' s h o u l d b e a p p l i e d t o a l l offences committed with the use of 'Electronic Documents'. Hence, cybe r crimes must grow at the same rate as the use of the Internet, mobile phone, ATM, credit cards or perhaps even faster." W i t h t h e l i t t l e o f f e n c e s c a m e t h e l a r g e r o n e s i n v o l v i n g h u g e m o n e y , a n d one has seen
this s u d d e n j u m p f r o m s m a l l e r c r i m e s t o f i n a n c i a l c r i m e s i n t h e l a s t o n e y e a r " According to Captain Raghu Raman, CEO, Mahindra Special Services Group ( S S G ) , t h e contributing factors are high volume of data processing, rapid growth and major migration intot h e o n l i n e s p a c e , e s p e c i a l l y o f f i n a n c i a l i n s t i t u t i o n s a n d t h e i r c u s t omer transactions. However, actual numbers continue to include, considering the fact that a majority of the cases go unreported. Most victims, especially the corporate, continue to downplay on account of the fear of negative publicity thereby failing to give a correct picture of the cyber crime scene in the country. According to Cyber law expert Na Vijayashankar (popularly known as Navi); it is d i f f i c u l t t o measure the growth of Cyber Crimes b y any statistics, the reason being that a majority of cyber crimes don't get reported. "If we, therefore, focus on the number of cases registered or number of convictions achieved, we only get diverted from real facts," he adds. Duggal points out to the results of a survey he conducted in early 2006 on the extent of under-reporting. For every 500 instances of cyber crimes that take place in India, only fifty are reported and out of that fifty, only one is registered as an FIR or criminal case. So, the ratio effectively is1:500 and this, he points out, are conservative estimates. Giving an insight into the reasons for low reporting, Nandkumar Sarvae, director, Cyber Security and Compliance at Nasscom, points out that very often, people are not aware whether an incident is a cyber crime; there is also lack of awareness on where to lodge a complaint or whether the police will be able to understand."Added to this is the fear of losing business and hence, many cases don't come to light," he adds.
CYBERSPACE
The term "cyberspace" was first used by the cyberpunk science fiction author William Gibson,[2] though the concept was described somewhat earlier, for example in the Vernor Vinge short story "True Names," and even earlier in John M. Ford's novel, Web of Angels. Widely used since, it has been criticized by its inventor, as Gibson himself would later describe it as an "evocative and essentially meaningless" buzz word that could serve as a cipher for all of his "cybernetic musings".[2] The first component of the term comes from "cybernetics", which is derived from the Greek (cyber nts, steersman, governor, pilot, or rudder), a word introduced by Norbert Wiener for his pioneering work in electronic communication and control science. As the cases of cybercrime grow; there is a growing need to prevent them. Cyberspace belongs to everyone. There should be electronic surveillance which means investigators tracking down hackers often want to monitor a cracker as he breaks into a victim's computer system. The two basic laws governing real-time electronic surveillance in other criminal investigations also apply in this context, search warrants which means that search warrants may be obtained to gain a c c e s s t o th e p r e mi s e s w h e r e t h e c r a c k e r is b e l i ev e d to h av e e v id en c e o f t h e c r i me . S u c h evidence would include the computer used to commit the crime, as well as the software used to gain unauthorized access and other evidence of the crime. Researchers must explore the problems in greater detail to learn the origins, methods, and motivations of this growing criminal group. Decision-makers in business, government, and lawn f o r c e me n t mu s t r e a c t t o th i s e me r g i n g b o d y o f k n o w l ed g e . T h e y mu s t d e v e l o p p o l i c i es , methods, and regulations to detect incursions, investigate and prosecute the perpetrators, and prevent future crimes. In addition, Police Departments should immediately take steps to protect their own
information systems from intrusions (Any entry into an area not previously occupied).Internet provides anonymity: This is one of the reasons why criminals try to get aw ay easily when caught and also give them a chance to commit the crime again. Therefore, we users should be careful. We should not disclose any personal information on the internet or use credit c a r d s a n d if w e f in d an y t h in g su sp i c io u s in e - ma i l s o r i f t h e s y s t e m i s h a c k e d , it s h o u ld b e immediately reported to the Police officials who investigate cyber-crimes rather than trying to fix the problem by ourselves. Computer crime is a multi-billion dollar problem. Law enforcement must seek ways to keep the drawbacks from overshadowing the great promise of the computer age. Cybercrime is amenace that has to be tackled effectively not only by the official but also by the users by co-operating with the law. The founding fathers of internet wanted it to be a boon to the whole world and it is upon us to keep this tool of modernization as a boon and not make it a bane to the society.
network with members in at least 14 nations ranging from Europe, to North America, to Australia. Access to t h e g ro u p w a s p a s s wo r d p r o t ec t e d , a n d co n t en t w a s en c r y p te d . P o li c e i n v es t i g at i o n o f t h e activity, codenamed "Operation Cathedral" resulted in approximately 100 arrests around the world, and the seizure of over 100,000 images in September, 1998.
3. Telecommunications Piracy
D i g i t a l t e c h n o lo g y p e r mi t s p e r f e c t r e p ro d u c ti o n an d ea s y d is s e mi n a t i o n o f p r i n t , g r a p h i c s , so u n d , a n d mu l t i me d i a c o mb i n a t i o n s . T h e t e mp t a t i o n t o r ep r o d u c e c o p y r i g h t ed material for personal use, for sale at a lower price, or indeed, for free distribution, has proven irresistible to many. This has caused considerable concern to owners of copyrighted material. Each year, it has been estimated that losses of between US$15 and US$17 billion are sustained by industry by reason of copyright infringement (United States, Information Infrastructure Task Force 1995,131). The Software Publishers Association has estimated that $7.4 billion worth of soft ware was lost to piracy in 1993 with $2 billion of that being stolen from the Internet (Meyer and Underwood 1994) Ryan (1998) puts the cost of foreign piracy to American industry at more than $10 billion in 1996, including $1.8 billion in the film industry, $1.2 billion in music, $3.8 billion in business application software, and $690 million in book publishing.
physically assaulted, she would not answer the phone, was afraid to leave her home, and lost her job (Miller 1999; Miller and Maharaj 1999).One former university student in California used email to harass 5 female students in1998. He bought information on the Internet about the women using a professor's credit card and then sent 100 messages including death threats, graphic sexual descriptions and references to their daily activities. He apparently made the threats in response to perceived teasing about his appearance (Associated Press 1999a). Computer networks may also be used in furtherance of extortion. The Sunday Times (London) reported in 1996 that over 40 financial institutions in Britain and the United States had been attacked electronically over the previous three years. In England, financial institutions were reported to have paid significant amounts to sophisticated computer criminals who threatened to wipe out computer systems. ( The Sunday Times , June 2, 1996). The article cited four incidents between 1993 and 1995 in which a total of 42.5 million Pounds Sterling were pa id by senior executives of the organizations concerned, who were convinced of the extortionists' capacity to crash their computer systems (Denning 1999 233-4).
authorities. Large financial institutions will no longer be the only ones with the ability to achievee l e c t r o n i c f u n d s t r a n s f e r s t r a n s i t i n g n u m e r o u s j u r i s d i c t i o n s a t t h e s p e e d o f l i g h t . T h e development of informal banking institutions and parallel banking systems may permit central bank supervision to be bypassed, but can also facilitate the evasion of cash transaction reporting requirements in those nations which have them. Traditional underground banks, which have flourished in Asian countries for centuries, will enjoy even greater c apacity through the use of telecommunications. With the emergence and proliferation of various technologies of electronic commerce, one can easily envisage how traditional countermeasures against money laundering and tax evasion may soon be of limited value. I may soon be able to sell you a quantity of heroin, in return for an untraceable transfer of stored value to my "smart -card", which I then download anonymously to my account in a financial institution situated in an overseas jurisdiction which protects the privacy of banking clients. I can discreetly draw upon these funds as and when I may require, downloading them back to my stored value card (Wahlert 1996).
1.HACKING
Hacking in simple terms means an illegal intrusion into a computer system an d / o r network. There is an equivalent term to hacking i.e. cracking, but from Indian Laws perspective there is no difference between the term hacking and cracking. Every act committed towards breaking into a computer and/or network is hacking. Hackers write or use ready-made computer programs to attack the target computer. They possess the desire to destruct and they get the kick out of such destruction. Some hackers hack for personal monetary gains, such
as to stealing the credit card information, transferring money from various bank accounts to their own account followed by withdrawal of money. They extort money from some corporate giant threatening him to publish the stolen information which is critical in nature. Government websites are the hot targets of the hackers due to the press c o v e r a g e , i t receives. Hackers enjoy the media coverage.
2.Child Pornography
The Internet is being highly used by its abusers to reach and abuse children sexually, worldwide. The internet is very fast becoming a household commodity in India. Its explosion has made the children a viable victim to the cyber crime. As more homes have access to internet ,More children would be using the internet and more are the chances of falling victim to the aggression of pedophiles. The easy access to the pornographic contents readily and freely available over theinternet lower the inhibitions of the children. Pedophiles lure the children b y d i s t r i b u t i n g pornographic material, and then they try to meet them for sex or to take their nude photographs including their engagement in sexual positions. Sometimes Pedophiles contact children in the chat rooms posing as teenagers or a child of similar age, then they start becoming friendlier with them and win their confidence. Then slowly pedophiles start sexual chat to help children shed their inhibitions about sex and then call them out for personal interaction. Then starts actual e x p l o i t a t i o n o f t h e c h i l d r e n b y o f f e r i n g t h e m s o m e m o n e y o r f a l s e l y p r o m i s i n g t h e m g o o d opportunities in life. The
pedophiles then sexually exploit the children either by using them as sexual objects or by taking their pornographic pictures in order to sell those over the internet. In physical world, parents know the face of dangers and they know how to avoid & face the problems by following simple rules and accordingly they advice their children to keep away f r o m dangerous things and ways. But in case of cyber world, most of the parents do n o t themselves know about the basics in internet and dangers posed by various services offered over t h e i n t e r n e t . H e n c e t h e c h i l d r e n a r e l e f t u n p r o t e c t e d i n t h e c y b e r w o r l d .
d. Gets the e-mail address of the child/teen and starts making contacts on the victim e-mail address as well.
e. S t a r t s s e n d i n g p o r n o g r a p h i c i m a g e s / t e x t t o t h e v i c t i m i n c l u d i n g c h i l d p o r n o g r a p h i c images in order to help child/teen shed his inhibitions so that a feeling is created in the mind of the victim that what is being fed to him is normal and that everybody does it. f. A t t h e e n d o f i t , t h e p e d o p h i l e s e t u p a m e e t i n g w i t h t h e c h i l d / t e e n o u t o f t h e h o u s e a n d then drag him into the net to further sexually assault him or to use him as a sex object. In order to prevent your child/teen from falling into the trap of pedophile, read the tips under Tips & Tricks heading.
3.Cyber Stalking
Cyber Stalking can be defined as the repeated acts harassment or threatening behavior of the cyber criminal towards the victim by using internet services. Stalking in General terms can be referred to as the repeated acts of harassment targeting the victim such as following the victim, making harassing phone calls, killing the victims pet, vandaliz ing victims property, leaving written messages or objects. Stalking may be followed by serious violent acts such as physical harm to the victim and the same has to be treated and viewed seriously. It all depends on the course of conduct of the stalker. Both kind of Stalkers Online & Offline have desire to control the victims life. Majority of the stalkers are the dejected lovers or ex-lovers, who then want to harass the victim because they failed to satisfy their secret desires. Most of the stalkers are men and victim female.
Spam
Spam, or the unsolicited sending of bulk email for commercial purposes, is unlawful in some jurisdictions. While anti-spam laws are relatively new, limits on unsolicited electronic communications have existed for some time.
Fraud
Computer fraud is any dishonest misrepresentation of fact intended to let another to do or refrain from doing something which causes loss. In this context, the fraud will result in obtaining a benefit by: Altering computer input in an unauthorized way. This requires little technical expertise and is not an uncommon form of theft by employees altering the data before entry or entering false data, or by entering unauthorized instructions or using unauthorized processes; Altering, destroying, suppressing, or stealing output, usually to conceal unauthorized transactions: this is difficult to detect; Altering or deleting stored data; Altering or misusing existing system tools or software packages, or altering or writing code for fraudulent purposes. Other forms of fraud may be facilitated using computer systems, including bank fraud, identity theft, extortion, and theft of classified information.
There are instances where committing a crime, which involves the use of a computer, can lead to an enhanced sentence. For example, in the case of United States v. Neil Scott Kramer, Kramer was served an enhanced sentence according to the U.S. Sentencing Guidelines Manual 2G1.3(b)(3) for his use of a cell phone to persuade, induce, entice, coerce, or facilitate the travel of, the minor to engage in prohibited sexual conduct.
Threats
Although freedom of speech is protected by law in most democratic societies (in US this is done by First Amendment) that does not include all types of speech. In fact spoken or written "true threat" speech/text is criminalized because of "intent to harm or intimidate", that also applies for online or any type of network related threats in written text or speech. The US Supreme Court definition of "true threat" is "statements where the speaker means to communicate a serious expression of an intent to commit an act of unlawful violence to a particular individual or group".
Drug trafficking
Drug traffickers are increasingly taking advantage of the Internet to sell their illegal substances through encrypted e-mail and other Internet Technology. Some drug traffickers arrange deals at internet cafes, use courier Web sites to track illegal packages of pills, and swap recipes for amphetamines in restricted-access chat rooms. The rise in Internet drug trades could also be attributed to the lack of face-to-face communication. These virtual exchanges allow more intimidated individuals to more comfortably purchase illegal drugs. The sketchy effects that are often associated with drug trades are severely minimized and the filtering process that comes with physical interaction fades away.
Cyber terrorism
Government officials and Information Technology security specialists have documented a significant increase in Internet problems and server scans since early 2001. But there is a growing concern among federal officials[who?] that such intrusions are part of an organized effort by cyber terrorists, foreign intelligence services, or other groups to map potential security holes in critical systems. A cyber terrorist is someone who intimidates or coerces a government or organization to advance his or her political or social objectives by launching computer-based attack against computers, network, and the information stored on them. Cyber terrorism in general, can be defined as an act of terrorism committed through the use of cyberspace or computer resources (Parker 1983). As such, a simple propaganda in the Internet, that there will be bomb attacks during the holidays can be considered cyber terrorism. As well there are also hacking activities directed towards individuals, families, organized by groups within networks, tending to cause fear among people, demonstrate power, collecting information relevant for ruining peoples' lives, robberies, blackmailing etc. Cyber extortion is a form of cyber terrorism in which a website, e-mail server, or computer system is subjected to repeated denial of service or other attacks by malicious hackers, who demand money in return for promising to stop the attacks. According to the Federal Bureau of Investigation, cyber extortionists are increasingly attacking corporate websites and networks, crippling their ability to operate and demanding payments to restore their service. More than 20 cases are reported each month to the FBI and many
go unreported in order to keep the victim's name out of the domain. Perpetrators typically use a distributed denial-of-service attack.
Cyber warfare
The U.S. Department of Defense (DoD) notes that cyberspace has emerged as a national-level concern through several recent events of geo-strategic significance. Among those are included the attack on Estonia's infrastructure in 2007, allegedly by Russian hackers. "In August 2008, Russia again allegedly conducted cyber attacks, this time in a coordinated and synchronized kinetic and non-kinetic campaign against the country of Georgia. Fearing that such attacks may become the norm in future warfare among nation-states, the concept of cyber space operations impacts and will be adapted by war fighting military commanders in the future.
1. Against Individuals
a. their person & b. their property of an individual
2. Against Organization
a. Government c. Firm, Company, Group of Individuals.
The following are the crimes, which can be committed against the followings group
Against Individuals:
i. Harassment via e-mails. ii. Cyber-stalking. iii. Dissemination of obscene material. iv. Defamation. v. Unauthorized control/access over computer system. vi. Indecent exposure vii. Email spoofing viii. Cheating & Fraud
Against Individual Property: i. Computer vandalism. ii. Transmitting virus. iii. Ne trespass
iv. Unauthorized control/access over computer system. v. Intellectual Property crimes vi. Internet time thefts
Against Organization: i. Unauthorized control/access over computer system ii. Possession of unauthorized information. iii. Cyber terrorism against the government organization. iv. Distribution of pirated software etc.
Against Society at large: i. Pornography (basically child pornography). ii. Polluting the youth through indecent exposure. iii. Trafficking iv. Financial crimes
v. Sale of illegal articles vi. Online gambling vii. Forgery The above mentioned offences may discussed in brief as follows:
1.
Harassment via e-mailsHarassment through e-mails is not a new concept. It is very similar to harassing through letters. Recently I had received a mail from a lady wherein she complained about the same. Her former boy friend was sending her mails constantly sometimes emotionally blackmailing her and also threatening her. This is a very common type of harassment via e-mails.
2. Cyber-stalkingThe Oxford dictionary defines stalking as "pursuing stealthily". Cyber stalking involves following a person's movements across the Internet by posting messages (sometimes threatening) on the bulletin boards frequented by the victim, entering the chat-rooms frequented by the victim, constantly bombarding the victim with emails etc.
3. Dissemination of obscene material/ Indecent exposure/ Pornography (basically child pornography) / Polluting through indecent exposurePornography on the net may take various forms. It may include the hosting of web site containing these prohibited materials. Use of computers for producing these obscene materials. Downloading through the Internet, obscene materials. These obscene matters may cause harm to the mind of the adolescent and tend to deprave or corrupt their mind. Two known cases of pornography are the Delhi Bal Bharati case and the Bombay case wherein two Swiss couple used to force the slum children for obscene photographs. The Mumbai police later arrested them.
4. Defamation
It is an act of imputing any person with intent to lower the person in the estimation of the right-thinking members of society generally or to cause him to be shunned or avoided or to expose him to hatred, contempt or ridicule. Cyber defamation is not different from conventional defamation except the involvement of a virtual medium. E.g. the mail account of Rohit was hacked and some mails were sent from his account to some of his batch mates regarding his affair with a girl with intent to defame him.
5.
This activity is commonly referred to as hacking. The Indian law has however given a different connotation to the term hacking, so we will not use the term "unauthorized access" interchangeably with the term "hacking" to prevent confusion as the term used in the Act of 2000 is much wider than hacking.
6. E mail spoofingA spoofed e-mail may be said to be one, which misrepresents its origin. It shows it's origin to be different from which actually it originates. Recently spoofed mails were sent on the name of Mr. Na.Vijayashankar (naavi.org), which contained virus. Rajesh Manyar, a graduate student at Purdue University in Indiana, was arrested for threatening to detonate a nuclear device in the college campus. The alleged e- mail was sent from the account of another student to the vice president for student services. However the mail was traced to be sent from the account of Rajesh Manyar.
7. Computer vandalismVandalism means deliberately destroying or damaging property of another. Thus computer vandalism may include within its purview any kind of physical harm done to the computer of any person. These acts may take the form of the theft of a computer, some part of a
computer or a peripheral attached to the computer or by physically damaging a computer or its peripherals.
8. Intellectual Property crimes / Distribution of pirated softwareIntellectual property consists of a bundle of rights. Any unlawful act by which the owner is deprived completely or partially of his rights is an offence. The common form of IPR violation may be said to be software piracy, copyright infringement, trademark and service mark violation, theft of computer source code, etc. The Hyderabad Court has in a land mark judgement has convicted three people and sentenced them to six months imprisonment and fine of 50,000 each for unauthorized copying and sell of pirated software.
attacks on sensitive computer networks, etc. Technology savvy terrorists are using 512-bit encryption, which is next to impossible to decrypt. The recent example may be cited of Osama Bin Laden, the LTTE, attack on Americas army deployment system during Iraq war. A terrorist means a person who indulges in wanton killing of persons or in violence or in disruption of services or means of communications essential to the community or in damaging property with the view to (1) putting the public or any section of the public in fear; or (2) affecting adversely the harmony between different religious, racial, language or regional groups or castes or communities; or (3) coercing or overawing the government established by law; or (4) endangering the sovereignty and integrity of the nation and a cyber terrorist is the person who uses the computer system as a means or ends to achieve the above objectives. Every act done in pursuance thereof is an act of cyber terrorism.
Metropolitan magistrate Gulshan Kumar convicted Azim for cheating under IPC, but did not send him to jail. Instead, Azim was asked to furnish a personal bond of Rs 20,000, and was released on a year's probation
1.Capacity To Store Data In Comparatively Small SpaceThe computer has unique characteristic of storing data in a very small space. This affords to remove or derive information either through physical or virtual medium makes it much easier.
2.Easy To Access
The problem encountered in guarding a computer system from unauthorised access is that there is every possibility of breach not due to human error but due to the complex technology. By secretly implanted logic bomb, key loggers that can steal access codes, advanced voice recorders; retina imagers etc. that can fool biometric systems and bypass firewalls can be utilized to get past many a security system.
3.Complex
The computers work on operating systems and these operating systems in turn are composed of millions of codes. Human mind is fallible and it is not possible that there might not be a lapse at any stage. The cyber criminals take advantage of these lacunas and penetrate into the computer system.
4.Negligence
Negligence is very closely connected with human conduct. It is therefore very probable that while protecting the computer system there might be any negligence, which in turn provides a cyber criminal to gain access and control over the computer system. 5.Loss Of Evidence Loss of evidence is a very common & obvious problem as all the data are routinely destroyed. Further collection of data outside the territorial extent also paralyses this system of crime investigation.
2.
Usage of these terms (see Annex I) suggests that, among them, financial abuse has the
broadest meaning, encompassing not only illegal activities that may harm financial systems, but also other activities that exploit the tax and regulatory frameworks with undesirable results (see Figure 1). When financial abuse involves financial institutions (or financial markets), it is sometimes referred to as financial sector abuse.
Financial crime, which is a subset of financial abuse, can refer to any non-violent crime that generally results in a financial loss, including financial fraud. It also includes a range of illegal activities such as money laundering and tax evasion.
3.
More precise definitions of financial abuse, financial crime, money laundering, and
Financial abuse
4. Usage of the terms financial abuse and financial crime, indicate that its meaning varies on different occasions.
To clarify usage, it is helpful to distinguish clearly between factors or incentives that facilitate or encourage financial abuse, such as poor regulatory and supervisory frameworks and weak tax systems, and activities that constitute financial abuse. Accordingly, the concept of financial abuse is interpreted in a very broad sense, as including illegal financial Annex I provides examples from international usage. As regards national usages, the Edwards Report, commissioned by the United Kingdom in 1998, discusses money laundering, tax evasion, drug trafficking, and fraud as well as illegal capital flight under the general title of financial crime and money laundering. (See Home Department, Review of Financial Regulation in the Crown Dependencies, Command Paper, November 1998, Chapters 14 and 15.) The International Narcotics Strategy Report of the U.S. Department of State discusses money laundering along with other financial crimes and tax evasion,
and stresses that excessive bank secrecy laws make financial systems vulnerable to abuse from criminal activities, ranging from terrorism to tax evasion. (See U.S. Department of State, Bureau for International Narcotics and Law Enforcement Affairs, International Narcotics Control Strategy Report, Money Laundering and Financial Crimes, March 1999.)- -activities, many of which have the potential to harm financial systems, and legal activities that exploit undesirable features of tax and regulatory systems.
. Countries also have different legal characterization of specific acts, such as money laundering, corruption, and tax evasion. For example, considerable variation exists among countries as to which crimes may give rise to proceeds that may be laundered. The concept of corruption is also not uniformly defined. For example, in some countries so-called facilitation or grease payments given to induce foreign public officials to perform their functions are not illegal, while in others, these are treated as illegal bribes.
Agreement is also absent as to other types of financial crime. Some countries consider very low tax rates as abusive or harmful tax competition while others do not. Differences also exist on what is excessive in excessive bank secrecy. Differences exist among jurisdictions as to what acts constitute crimes, which raise questions as to which domestic laws one
country may help another in enforcing. For example, some countries maintain a broad range of exchange controls (e.g., capital controls), violations of which are financial crimes. These financial crimes may not, however, be crimes in other countries.
5.Financial crime
. No internationally accepted definition of financial crime exists. Rather, the term expresses different concepts depending on the jurisdiction and on the context. This paper interprets financial crime in a broad sense, as any non-violent crime resulting in a financial loss. When a financial institution is involved, the term financial sector crime is used. This difference among jurisdictions is reflected in the Organization for Economic Cooperation and Development (OECD) Convention on Combating Bribery of Officials in International Business Transactions ("OECD Anti-Bribery Convention"), which in requiring signatories to make the bribery of foreign public officials a crime excludes facilitation payments. See Article 1, OECD Anti-Bribery Convention (entered into force February 15, 1999); Article 1, Commentaries on the OECD AntiBribery Convention (adopted by the Negotiating Conference on November 21, 1997).
Bank secrecy or customer confidentiality is rightfully expected by bank customers and normally is protected by law. It embodies some level of protection of confidentiality of information on individual and business affairs from others, including from government. However, bank supervisors normally have access to such information but cannot share it with government agencies. Banks separately provide information on interest income to tax authorities. Annex III surveys the evolving forms of financial crime. Financial institutions can be involved in financial crime in three ways: as victim, as perpetrator, or as an instrumentality. Under the first category, financial institutions can be subject to the different types of fraud including, e.g., misrepresentation of financial information, embezzlement, check and credit card fraud, securities fraud, insurance fraud, and pension fraud. Under the second (less common) category, financial institutions can commit different types of fraud on others, including, e.g., the sale of fraudulent financial products, self dealing, and misappropriation of client funds. In the third category are instances where financial institutions are used to keep or transfer funds, either wittingly or unwittingly, that are themselves the profits or proceeds of a crime, regardless of whether the crime is itself financial in nature. One of the most important examples of this third category is money laundering.
1.
proceeds of a crime. In addition, whenever a financial institution is an instrumentality of crime, the underlying, or predicate, crime is itself often a financial crime.
There is a growing perception in many key jurisdictions that the most rapidly growing category of predicate crimes are financial, although illegal drug trafficking remains a major predicate crime. Although the circumstances vary from country to country, the preeminence of financial crimes as predicate offenses is found mainly:
(ii) In the location of a financial institution (e.g., where the criminal profits are laundered) which may be a different location from where the predicate crime was committed.
For example, black market peso exchange system, the so-called hawala or hundi system of informal banking found in South Asia, and East Asian system originally based on chits or tokens (see FATF, Report on Money Laundering Typologies, 1999-2000, February 3, 2000).
For example, a U.S. State Departments Report viewed bribery and corruption as important factors in criminal exploitation of financial systems and institutions (see The U.S. Department of State, Bureau for International Narcotics and Law Enforcement Affairs, International Narcotics Control Strategy Report, Money Laundering and Financial Crimes, March 1999).
3.Tax competition, or harmful tax practices and their impact, will be addressed in a future staff paper financial institutions, and jurisdictions. Various forms of financial system abuse may compromise financial institutions and jurisdictions reputation, undermine investors trust in them, and therefore weaken the financial system. The important link between financial market integrity and financial stability is underscored in the Basel Core Principles for Effective Supervision and in the Code of Good Practices on Transparency in Monetary and Financial Policies, particularly those principles and codes that most directly address the prevention, uncovering, and reporting of financial system abuse, including financial crime, and money laundering. 4. Financial system abuse may have other negative macroeconomic consequences. For example, it could compromise bank soundness with potentially large fiscal liabilities, lessen the ability to attract foreign investment, and increase the volatility of international capital flows and exchange
rates. In the era of very high capital mobility, abuse of the global financial system makes national tax collection and law enforcement more difficult. Financial system abuse, financial crime, and money laundering may also distort the allocation of resources and the distribution of wealth and can be costly to detect and eradicate. A common theme in research is that if crime, underground activity and the associated money laundering take place on a sufficiently large scale, then macroeconomic policymakers must take them into account. 5.. Economic damage can arise not only directly from financial system abuse, but also from allegations that affect the reputation of a country, or from one countrys actions against perceived financial system abuse in another economy. Such allegations or actions can through reputational effects affect the willingness of economic agents, particularly those outside the country, to conduct business in a given country (e.g., inward investment, banking correspondent relationships) with adverse consequences. One recent example includes the impact of the lists published by the FSF, FATF, and OECD, whether or not such listing was deserved. On the other hand, jurisdictions benefit from the economic activity and income attracted by lax regulatory and tax practices.
There is no single, broadly accepted understanding of the meaning of the term financial crime. Rather, the term has been used to describe a number of different concepts of varying levels of specificity. At its absolute broadest, the term has occasionally been used to refer to any type of illegal activity that result in a pecuniary loss. This would include violent crimes against the person or property such as armed robbery or vandalism. At its next broadest, the term has often been used to refer only to non-violent crimes that result in a pecuniary loss. This would include crimes where a financial loss was an unintended consequence of the perpetrators actions, or where there was no intent by the perpetrator to realize a financial gain for himself or a related party (e.g. when a perpetrator hacks into a banks computer and either accidentally or intentionally deletes an unrelated depositors account records.) Also, the term has occasionally been used slightly more narrowly to refer only to instances where the perpetrator intends to benefit from the crime. Either way, criminal fraud (i.e. the act of illegally deceiving or misrepresenting information so as to gain something of value) for personal benefit is undoubtedly the most common. The term has
been used in a more narrow sense to refer only to those instances where a nonviolent crime resulting in a pecuniary loss crime also involves a financial institution. Financial institutions can play one of three roles: (i) Perpetrator, (ii) Victim, or (iii) Knowing or unknowing instrumentality of crime. Of these, the most common are probably when the financial institution is a victim of fraud and when it is used as an instrumentality for money laundering.
Some of the more common examples of the former include credit card fraud, check fraud, mortgage fraud, insurance fraud, pension fund fraud, and securities and investment fraud.
With the ongoing development and increasing sophistication of commercial and financial enterprises, coupled with the consequences of globalization, the range and diversity of financial crime is likely to increase.
Cybercrime is shifting to the top of risk management priority lists in the financial sector. Wherever money goes, hackers are sure to follow. That logic held true in a recent survey conducted by PricewaterhouseCoopers (PwC), which showed cybercrime placing a significant strain on the global financial sector. "The rise in cybercrime is not so surprising given the sector holds large volumes of the type of data cybercriminals are interested in and there is an established underground economy servicing the needs of the market for stolen and compromised data," explained PwC forensic services partner Andrew Clark. "However, our survey shows cybercrime accounts
for a much greater proportion of economic crime in the [financial services] sector than in other industries." According to PwC research, cybercrime is now the second most commonly reported economic crime affecting financial services firms. Only asset misappropriation, such as rogue trading and embezzlement, was deemed a more serious risk by responding companies. In fact, the report found that cybercrime was responsible for 38 percent of all economic crimes observed in the financial sector, compared to the average rate of 16 percent seen across all other industries. Nearly half of all responding companies from the financial sector fell victim to fraud in the past 12 months, reflecting a marked increase from the 30 percent cross-industry average. These figures are not surprising considering the value of the assets held by financial institutions, but there are a number of ongoing developments contributing to the rise of cybercrime seen in recent months. Once again, the perceived level of data security risk was highest among respondents in the financial sector, reflecting a growing awareness of the unique threats posed by mobile banking services and applications. According to market research from comScore, mobile banking gained significant traction in 2011, as institutions catered to the evolving demands of the customers with an array of new applications. "There continues to be areas of opportunity for increasing consumer engagement across both fixed Internet and mobile platforms," explained comScore executive Sarah Lenart. "Financial institutions who want to ensure they are meeting their customers' needs must
continue to expand and refine digital marketing strategies in 2012 to increase penetration and engagement." But as market demands push banks into the era of mobility, few are truly equipped to address the widespread and complex data protection challenges. According to PwC analysts, just 18 percent of responding institutions met established criteria for sound cybercrime incident response strategies. This is especially concerning in an era when hackers need only a few moments to infiltrate a network, pilfer sensitive corporate or consumer data and leave without a trace. "Overall responsibility for managing cybercrime risks rests with senior management," report authors concluded. "It is therefore essential that senior management understand the potential risks and opportunities the cyber world can present and ensure that there is clear accountability and responsibility for dealing with these risks and opportunities." There was some evidence to suggest that executive awareness is on the rise. As IT teams and compliance officers do a better job of communicating the business implications of data security frailties, more than half of responding financial professionals built the link between digital threats and operational consequences by citing reputational damage as a leading concern. .
The prevention of and fight against organised crime in the financial sector
This Communication aims to identify those areas where new initiatives may be needed to strengthen the fight against organised financial crime. This covers a range of illegal activities, including money laundering, financial fraud and counterfeiting of the Euro when committed by criminal organisations. Organised financial crime undermines legitimate economic actors and strengthens the shadow economy, thus diminishing economic growth and public resources. The fight against organised financial crime is important since reducing such crime has a broader impact on the fight against organised crime generally. Given that money is the lifeblood of organised crime, removing access by organised crime groups to money is bound to erode their power base.
RECENT TRENDS
In February 2009 A group of criminals used counterfeit ATM cards to steal $9 million from 130 ATMs in 49 cities around the world all within a time period of 30 minutes.
June 4, 2009, 10:00 AM IDG News Service Cybercriminals are improving a malicious software program that can be installed on ATMs running Microsoft's Windows XP operating system that records sensitive card details, according to security vendor Trust wave. The malware has been found on ATMs in Eastern European countries, according to a Trust wave report. The malware records the magnetic stripe information on the back of a card as well as the PIN (Personal Identification Number), which would potentially allow criminals to clone the card in order to withdraw cash. The collected card data, which is encrypted using the DES (Data Encryption Standard)algorithm, can be printed out by the ATM's receipt printer, Trust wave wrote. The malware is controlled via a GUI that is displayed when a so-called "trigger card" is inserted into the machine by a criminal. The trigger card causes a small window to appear that gives its controller 10 seconds to pick one of 10 command options using the ATM's keypad." The malware contains advanced management functionality allowing the attacker to fully control the compromised ATM through a customized user interface built into the malware, "Trust wave wrote. A criminal can then view the number of transactions, print card data, reboot the machine and even uninstall the malware. Another menu option appears to allow the ejection of an ATM's cash cassette. Trust wave has collected multiple versions of the malware. The company believes that the particular one it
analyzed is "a relatively early version of the malware and that subsequent versions have seen significant additions to its functionality." The company advised banks to scan their ATMs to see if they are infected. IDG news service
A few months ago, I encountered in an article by Ian Rowan at Switched.com reporting the news of a computer consultant that siphoned $1M USD from a Utah Bank. Also Memento security commented the article on April 27th explaining how An IT contractor hired to fix some bugs in a recent computer upgrade used his system access to make fraudulent electronic transfers into accounts under his control. He allegedly used the funds to remodel his home, pay off his two car notes, and cover a few mortgage payments. The fraud came to light when his business partner reported the suspicious transactions. We are talking about the same old story that plays over, again and again. Infosec s1 portals are totally filled by this kind of news, ranging from the highly orchestrated organized-crime actions up to the one-man crime approach. Lets take in consideration a couple of cases, one very recent and the other rather old. This latter one is the LGT case, also known as The Lichtenstein Tax Affair. Mr. Kieber, an employee at LGT Bank, allegedly stole customers financial data and sold them to an Intelligence Agency. The peculiar aspect here is that Mr. Kieber was already sought by an international warrant issued by Spain back in 1997 for running a 600.000 CHF checkfraud. A bank, where privacy is the fundamental value to be assured to its customers shouldnt have hired a man with that kind of background in the first place. We may also discuss IT procedures and checks, as well as Counter-Fraud and Privacy security policies and rules used by the violated institution. But thats not the real point.
The second example I would like to talk about is even more peculiar. In October 2008, a US Payment Gateway(2), RBS World Pay, was hacked. The attackers hacked into the credit cards (CC) database and, apparently, were able to own it completely. No one noticed the break-in and nothing happened, until a few months later. On January 9th, 2009, a 24hour withdraw operation was run among three continents (USA, Asia, Europe). One hundred mules withdrew $9 million USD in a 24-hour timeframe, leaving no traces behind, except in some cases, where pictures were shot from the ATMs themselves (http://media2.myfoxny.com/pdf/atmwantedposter.pdf). More than 130 ATMs in 49 cities (from Moscow to Atlanta, to get the idea) were affected by the attacks. Curious to say, a nearly identical attack happened in 2007, when iWire (a payment card company) encountered losses of $5 million USD. Obviously, if a world-wide known bank, a payment gateway and a payment card company have all been somehow violated, this means that no one can be totally secure: nothing is 100% secure. Nevertheless, I would like to bring the readers attention towards other points and thoughts, far from the IT Securitys standard approaches. These kinds of crimes will continue, they will never stop. They will increase in number daily, reaching unimaginable amounts of money. Cybercrime, intended as all the various sorts of e-crimes, is the most profitable criminal activity ever seen, much more than international drug dealing and human
trafficking. Cyber crime usually involves a few risks, and typically doesnt require the authors to show up and physically expose themselves . Also, the de-facto international approach and MO (Modus Operandi) of these crimes complicates the law enforcement agencies investigations, information exchange, dialogues and collaboration, while the laws and the international agreements among different legislation systems would not always work out, especially in some countries. These countries, obviously, are among those ones preferred by e-criminals. Just to give the idea, the 2007 financial turnover for RBN (Russian Business Network), one of the most important and distributed criminal organizations in the Internet area, was more than $2 Billion USD. RBN has been credited for creating nearly half of 2007s phishing incidents worldwide, being also specialized in the distribution of malicious codes, hosting malicious Web sites, developing and selling specialized malware and 0-day exploits. This means money, a lot of it too. Thats why cybercrime will constantly represent an issue, now and in the upcoming future. Thats why I do get amazed when reading news about IT consultants who stole money from their clients, customers or companies they worked at. Frankly speaking, rather than getting shocked, I get angry. Todays world is already filled with bad guys, meaning those people that belong to the well-known criminal world. It has always been like this, since the very ancient past. Then, particularly since the 80s, we started learning about a new type of criminals, involved in the so-called white-collar crimes. They were a few, highly
specialized people, that decided to bid over their own life, and try to get the big one to fix all the rest of their lives. Today the situation is changing, again. We are experiencing white-collar crimes linked with organized crime. Every day we learn about somebody that has been arrested for e-crime actions: young people, students, consultants, hackers, and criminals. I think those are just the tip of the iceberg. The key difference that apparently no one has realized yet is another one: it doesnt matter whether the bad guy is the IT consultant rather than an anonymous teenager. Today many more people know about IT security and hacking. Resources are available in a really easy and accessible way. The Internet is everywhere, allowing attacks to spread worldwide. People should realize that just like Social Networks exist thanks to the Internet, similarly, we also have a kind of Criminal Network(s) thanks to the Internet. Its a process that evolved along the years, and this is the current scenario. There is close to nothing we can do against it, but we can carry on our efforts in raising awareness, training and education. Every new technology opens the doors to new criminal approaches. This should be our first thought whenever using a new technology, along with all the good things and enhancements the technology itself will surely give us.
CONCLUSION
Lastly I conclude by saying that Thieves are not born, but made out of opportunities.This quote exactly reflects the present environment related to technology, where it is changing very fast. By theti me regul at ors come up wit h preventi ve mea sures t o protect customers from innovative frauds, either the environment itself changes or new technology emerges. This helps criminals to find new areas to commit the fraud. Computer forensics has developed a s a n i ndispensabl e t ool f or law enf orcement. But in the digital world, a s in t he physical world the goals of law enforcement are balanced with the goals of maintaining personal liberty and privacy. Jurisdiction over cyber crimes should be standardized around the globe to make swift action possible against terrorist whose activities are endearing security worldwide. The National institute of justice, technical working group digital evidence are some of the key organization involved in research. The ATM fraud is not the sole problem of banks alone. It is a big threat and it requires acoordinated and cooperative action on the part of the bank, customers and the law enforcement machinery. The ATM frauds not only cause financial loss to banks but they also undermine customers' confidence in the use of ATMs. This would deter a greater use of ATM for monetary transactions. It is therefore in the interest of banks to prevent ATM frauds. There is thus a need t o take precauti onary and insura nce measures t ha t give greate r "protect ion" t o t he ATMs, particularly those located in less secure areas. The nature and extent of precautionary measures to be adopted will, however, depend upon the requirements of the respective
banks. Internet Banking Fraud is a fraud or theft committed using online technology to illegally remove money from a bank account and/or transfer money to an account in a different bank. Internet Banking Fraud i s a f orm of i dentit y theft and is usuall y made possibl e t hrough techniques such as phishing. Credit card fraud can be committed using a credit card or any r p a y m e n t mechanism as a fraudulent source of funds in a transaction. The purpose may be to obtain goodswi thout payi ng, or t o obt ain unaut ho rized f un ds f rom a n account. Cyb er spa ce and cyber payment methods are being abused by money launderers for converting their dirty money in to legal money. For carrying out their activities launderers need banking system. Internet, online banking facilitates speedy financial transactions in relative anonymity and this is being exploited by the cyber money launderers. Traditional systems like credit cards had some security features built into them to prevent such crime but issue of e-money by unregulated institutions may have none. Preventing cyber money laundering is an uphill task which needs to be tackled at different levels. This has to be fought on three planes, first by banks/ financial institutions, second by nation states and finally through international efforts. The regulatory framework must also take into account all the related issues like development of e-money, right to privacy of individual. International law and international co-operation will go a long way in this regard .Capacity of human mind
is unfathomable. It is not possible to eliminate cyber crime from the cyber space. It is quite possible to check them. History is the witness that no legislation has succeeded in totally eliminating crime from the globe. The only possible step is to make people aware of their rights and duties (to report crime as a collective duty towards the society) and further making the application of the laws more stringent to check crime. Undoubtedly the Act is a historical step in the cyber world. Further I all together do not deny that there is a need to bring changes in the Information Technology Act to make it more effective to combat cyber crime.
Capacity of human mind is unfathomable. It is not possible to eliminate cyber crime from the cyber space. It is quite possible to check them. History is the witness that no legislation has succeeded in totally eliminating crime from the globe. The only possible step is to make people aware of their rights and duties (to report crime as a collective duty towards the society) and further making the application of the laws more stringent to check crime. Undoubtedly the Act is a historical step in the cyber world. Further I all together do not deny that there is a need to bring changes in the Information Technology Act to make it more effective to combat cyber crime. And prove to be counter-productive.
REFERENCES:
1. 2. 3. 4. Granville Williams Proprietary Articles Trade Association v. A.G.for Canada (1932) Nagpal R. What is Cyber Crime? Nagpal R- Defining Cyber Terrorism
5. Duggal Pawan The Internet: Legal Dimensions 6. Duggal Pawan - Is this Treaty a Treat? 7. Duggal Pawan - Cybercrime 8. Kapoor G.V. - Byte by Byte 9. Kumar Vinod Winning the Battle against Cyber Crime 10. Mehta Dewang- Role of Police In Tackling Internet Crimes