1.

INTRODUCTION

Cyber crime is an evil having its origin in the growing dependence on computer in modern life. A simple yet sturdy definition of cyber crime would be unlawful acts wherein the computer is either a tool or a target or both. Defining cyber crimes, as acts that are punishable by the information Technology Act would be unsuitable as the Indian Penal Code also covers many cyber crimes, such as e-mail spoofing, cyber defamation, etc. Cybercrime in a narrow sense (computer crime): Any illegal behavior directed by means of electronic operations that targets the security of computer systems and the data processed by them. Cybercrime in a broader sense (computer-related crime): Any illegal behavior committed by means of, or in relation to, a computer system or network, including such crimes as illegal possession [and] offering or distributing information by means of a computer system or network.

2. TYPES OF CYBER CRIME

Cyber Crime refers to all activities done with criminal intent in cyberspace. These fall into three slots.

Those against persons. Against Business and Non-business organizations. Crime targeting the government.

Let us examine the acts wherein the computer is a tool for an unlawful act. This kind of activity usually involves a modification of a conventional crime by using computer. Some examples areFinancial Claims This would include cheating, credit card frauds, money laundering etc. Cyber Pornography This would include pornographic websites, pornographic magazines produced using computer and the internet (to download and transmit pornographic pictures, photos, writings etc.) Sale of Illegal Articles This would include sale of narcotics, weapons and wildlife etc., by posting information on websites, bulletin boards or simply by using email Communications. Online Gambling There are millions of websites; all hosted on servers abroad, that offer online gambling. In fact, it is believed that many of these websites are actually fronts for money laundering.

Intellectual Property Crimes These include software piracy, copyright infringement, trademarks violations etc. E-mail Spoofing A spoofed email is one that appears to originate from one source but actually has been sent from another source. This can also be termed as Email forging. Forgery Counterfeit currency notes, postage and revenue stamps, mark sheets etc. can be forged using sophisticated computers, printers and scanners. Cyber Defamation This occurs when defamation takes place with the help of computers and or the Internet e.g. someone published defamatory matter about someone on websites or sends e-mail containing defamatory information to all of that persons friends. Cyber Stalking Cyber stalking involves following a persons movements across the Internet by posting messages on the bulletin boards frequented by the victim, entering the chat-rooms frequented by the victim. Let us examine some of the acts wherein the computer or computer Network is the target for an unlawful act. It may be noted that in these activities the computer may also be a tool. This kind of activity is usually out of the purview of conventional criminal law. Some examples are:

I.

Unauthorized access to computer system or network

This activity is commonly referred to as hacking. The Indian Law has however given a different connotation to the term hacking. II. Theft of information contained in electronic from:

This includes information stored in computer hard disks, removable storage media ect. III. Email Bombing

Email bombing refers to sending a large amount of e-mails to the victim Resulting in the victims e-mails accounts or mail servers. IV. Data Diddling This kind of an attack involves altering the raw data just before it is processed by a computer and then changing it back after the processing is completed. V. Salami Attacks

Those attacks are used for the commission of financial crimes. The key here is to make the alteration so insignificant that in a single case it would go completely unnoticed e.g. A bank employee inserts a program into banks servers, that deducts a small amount from the account of every customer. VI. Denial of Service

This involves flooding computer resources with more requests than it can handle. This causes the resources to crash thereby denying authorized users the service offered by the resources. VII. Virus/worm:
4

Viruses are programs that attach themselves to a computer or a file and then circulate themselves to other files and to other computers on a network. They usually affect the data on a computer, either by altering or deleting it. Worms, unlike viruses don not need the host to attach themselves to. VIII. Logic bombs

These are dependent programs. This implies that these programs are created to do something only when a certain event occurs, e.g. some viruses may be termed logic bombs because they lie dormant all through the year and become active only on a particular date. IX. Trojan Horse

A Trojan as this program is aptly called is an unauthorized program which functions from inside what seems to be an authorized program, thereby concealing what it is actually doing. X. Internet Time Theft

This connotes the usage by unauthorized persons of the Internet hours paid for by another person.

XI.

Physically damaging a computer system

This crime is committed by physically damaging a computer or its peripherals.

3. CYBER CRIME LAWS

Cyber law is a much newer phenomenon having emerged much after the onset of Internet. Internet grew in a completely unplanned and unregulated manner. Even the inventors of Internet could not have really anticipated the scope and far reaching consequences of cyberspace. The growth rate of cyberspace has been enormous. Internet is growing rapidly and with the population of Internet doubling roughly every 100 days, Cyberspace is becoming the new preferred environment of the world. With the spontaneous and almost phenomenal growth of cyberspace, new and ticklish issues relating to various legal aspects of cyberspace began cropping up. In response to the absolutely complex and newly emerging legal issues relating to cyberspace, CYBERLAW or the law of Internet came into being. The growth of Cyberspace has resulted in the development of a new and highly specialized branch of law called CYBERLAWS- LAWS OF THE INTERNET AND THE WORLD WIDE WEB. The general laws in India were drafted and enacted in the 19 century . Whilst each of the general laws have undergone modifications and amendments, the broad and underlying provisions have withstood the test of time, including unimaginable advancements in technology, which speaks to the dynamism of the General laws. The general laws referred to in this Article are the Indian Penal Code, 1860 (IPC), wh ich is the general penal law of India and the Indian Evidence Act, 1872 (Evidence Act), the general law pertaining to admissibility of evidence in civil and criminal trials. The manner in which trial of criminal cases are to be conducted is dealt with under the Criminal Procedure Code, 1973 (Cr. P. C). India got its first codified Act in the Information Technology Act, 2000 (IT Act), which fell far short of the Industrys requirements to meet global standards. The focus if the IT Act was however recognition of electronic records and facilitation of e -commerce. Barely ten sections were incorporated in the IT Act to deal with Cyber Crime. At the time when the IT Act was passed several acts deemed to be illegal in most jurisdictions including virus attacks, data theft, illegal access to data /
6

accessing and removal of data without the consent of the owner, etc., were listed as civil penalties under the IT Act. The IT Industry continued to rely on self regulation and contractual undertakings to appease its global clients, as it had done before the passing of the IT Act. The primary offences under the IT Act were:

Tampering with source code Deleting, destroying or altering any data on any computer resource with mala fide intent to cause wrongful loss or to diminish its value Publishing or transmitting pornographic material through a computer resource; Provisions pertaining to encryption technology, the right of the Government authorities to intercept and decrypt such data and to call upon any entity or individual to decrypt such data were also included in the IT Act. Certain acts affecting the integrity and sovereignty of the nation were classified as offences. The saving grace of the IT Act were the amendments carried out to the IPC and Evidence Act, which to some extent provided for prosecution of rampant offences like the Nigerian Scams, Phishing and other Banking Table I. Important Cyber Laws Provisions in India Offence Tampering with Computer source documents Hacking with Computer systems, Data alteration Publishing obscene information Un-authorized access to protected system Breach of Confidentiality and Privacy Publishing false digital signature certificates Section under IT Act Sec.65 Sec.66 Sec.67 Sec.70 Sec.72 Sec.73

NOTE: Sec.78 of I.T. Act empowers Deputy Superintendent Of Police to investigate cases falling under this Act. Table II. Computer Related Crimes Covered under Indian Penal Code and Special Laws Offence Sending threatening messages by email Sending defamatory messages by email Forgery of electronic records Bogus websites, cyber frauds Email spoofing Web-Jacking E-Mail Abuse Online sale of Drugs Online sale of Arms Section Sec 503 IPC Sec 499 IPC Sec 463 IPC Sec 420 IPC Sec 463 IPC Sec 383 IPC Sec 500 IPC NDPS Act Arms Act

4. ELEMENTARY PROBLEMS ASSOCIATED WITH CYBER-CRIMES

One of the greatest lacunae in the field of Cyber Crime is the absence of comprehensive law anywhere in the World. The problem is further aggravated due to disproportional growth ratio of Internet and cyber laws. Though a beginning has been made by the enactment of I.T. Act and amendments made to Indian Penal Code, problems associated with cyber crimes continue to persist. Jurisdiction is the highly debatable issue as to the maintainability of any suits, which has been filed. Today with the growing arms of cyber space the territorial boundaries seem to vanish. Thus the concept of territorial jurisdiction as envisaged under S.16 of Cr.P.C. and S.2.of the I.P.C. will have to give way to alternative method of dispute resolution. Loss of evidence is a very common & expected problem as all the data are routinely destroyed. Further, collection of data outside the territorial extent also paralyses the system of crime investigation. Cyber Army: There is also an imperative need to build a high technology crime & investigation infrastructure, with highly technical staff at the other end. A law regulating the cyber-space, which India has done. Though S.75 provides for extra-territorial operations of this law, but they could be meaningful only when backed with provision recognizing orders and warrants for Information issued by competent authorities outside their jurisdiction and measure for cooperation for exchange of material and evidence of computer crimes between law enforcement agencies. Cyber savvy judges are the need of the day. Judiciary plays a vital role in shaping the enactment according to the order of the day. One such case,

which needs appreciation, is the P.I.L. (Public Interest Litigation), which the Kerala High Court has accepted through an email. 'Perfect' is a relative term. Nothing in this world is perfect. The persons who legislate the laws and by-laws also are not perfect. The laws therefore enacted by them cannot be perfect. The cyber law has emerged from the womb of globalization. It is at the threshold of development. In due course of exposure through varied and complicated issues it will grow to be a piece of its time legislation.

10

5. IT ACTS

An Act to provide legal recognition for transactions carried out by means of electronic data interchange and other means of electronic communication, commonly referred to as "electronic commerce", which involve the use of alternatives to paper-based methods of communication and storage of information, to facilitate electronic filing of documents with the Government agencies and further to amend the Indian Penal Code, the Indian Evidence Act, 1872, the Bankers' Books Evidence Act, 1891 and the Reserve Bank of India Act, 1934 and for matters connected therewith or incidental thereto. WHEREAS the General Assembly of the United Nations by resolution A/RES/51/162, dated the 30th January, 1997 has adopted the Model Law on Electronic Commerce adopted by the United Nations Commission on International Trade Law; AND WHEREAS the said resolution recommends inter alia that all States give favorable consideration to the said Model Law when they enact or revise their laws, in view of the need for uniformity of the law applicable to alternatives to paper-cased methods of communication and storage of information; AND WHEREAS it is considered necessary to give effect to the said resolution and to promote efficient delivery of Government services by means of reliable electronic records. BE it enacted by Parliament in the Fifty-first Year of the Republic of India as Follows: 5.1 Short title, extent, commencement and application This Act may be called the Information Technology Act, 2000. It shall extend to the whole of India and, save as otherwise provided in this Act, it applies also to any offence or contravention there under committed outside India by any person. It shall come into force on such date as the Central Government may, by notification, appoint and different dates may be appointed for different provisions of this Act and any reference in any such provision to the
11

commencement of this Act shall be construed as a reference to the commencement of that provision. Nothing in this Act shall apply to A negotiable instrument as defined in section 13 of the Negotiable Instruments Act, 1881; A power-of-attorney as defined in section 1A of the Powers-ofAttorney Act, 1882; A trust as defined in section 3 of the Indian Trusts Act, 1882; A will as defined in clause (h) of section 2 of the Indian Succession Act, 1925 including any other testamentary disposition by whatever name called; Any contract for the sale or conveyance of immovable property or any interest in such property; Any such class of documents or transactions as may be notified by the Central Government in the Official Gazette. 5.2 The Gazette of India Extraordinary In this Act, unless the context otherwise requires, "access" with its grammatical variations and cognate expressions means gaining entry into, instructing or communicating with the logical, arithmetical, or memory function resources of a computer, computer system or computer network; "Addressee" means a person who is intended by the originator to receive the electronic record but does not include any intermediary; "Adjudicating officer" means an adjudicating officer appointed under subsection (1) of section 46; "Affixing digital signature" with its grammatical variations and cognate expressions means adoption of any methodology or procedure by a person for the purpose of authenticating an electronic record by means of digital signature; "Appropriate Government" means as respects any matter, o Enumerated in List II of the Seventh Schedule to the Constitution;

12

o Relating to any State law enacted under List III of the Seventh Schedule to the Constitution. "asymmetric crypto system" means a system of a secure key pair consisting of a private key for creating a digital signature and a public key to verify the digital signature; "Certifying Authority" means a person who has been granted a license to issue a Digital Signature Certificate under section 24; "certification practice statement" means a statement issued by a Certifying Authority to specify the practices that the Certifying Authority employs in issuing Digital Signature Certificates; "computer" means any electronic magnetic, optical or other highspeed data processing device or system which performs logical, arithmetic, and memory functions by manipulations of electronic, magnetic or optical impulses, and includes all input, output, processing, storage, computer software, or communication facilities which are connected or related to the computer in a computer system or computer network; "computer network" means the interconnection of one or more computers through o The use of satellite, microwave, terrestrial line or other communication media; and o Terminals or a complex consisting of two or more interconnected computers whether or not the interconnection is continuously maintained. "computer resource" means computer, computer system, computer network, data, computer data base or software; "computer system" means a device or collection of devices, including input and output support devices and excluding calculators which are not programmable and capable of being used in conjunction with external files, which contain computer programmers, electronic instructions, input data and output data, that performs logic, arithmetic, data storage and retrieval, communication control and other functions; "Controller" means the Controller of Certifying Authorities appointed under sub-section(1) of section 17;
13

 "Cyber Appellate Tribunal" means the Cyber Regulations Appellate Tribunal established under sub-section (1) of section 48; "data" means a representation of information, knowledge, facts, concepts or instructions which are being prepared or have been prepared in a formalized manner, and is intended to be processed, is being processed or has been processed in a computer system or computer network, and may be in any form (including computer printouts magnetic or optical storage media, punched cards, punched tapes) or stored internally in the memory of the computer; "digital signature" means authentication of any electronic record by a subscriber by means of an electronic method or procedure in accordance with the provisions of section 3; "Digital Signature Certificate" means a Digital Signature Certificate issued under sub-section (4) of section 35; "electronic form" with reference to information means any information generated, sent, received or stored in media, magnetic, optical, computer memory, micro film, computer generated micro fiche or similar device; "Electronic Gazette" means the Official Gazette published in the electronic form; "electronic record" means data, record or data generated, image or sound stored, received or sent in an electronic form or micro film or computer generated micro fiche; "function", in relation to a computer, includes logic, control arithmetical process, deletion, storage and retrieval and communication or telecommunication from or within a computer; "information" includes data, text, images, sound, voice, codes, computer programmers, software and databases or micro film or computer generated micro fiche: "intermediary" with respect to any particular electronic message means any person who on behalf of another person receives, stores or transmits that message or provides any service with respect to that message; "key pair", in an asymmetric crypto system, means a private key and its mathematically related public key, which are so related that the public key can verify a digital signature created by the private key;
14

 "Law" includes any Act of Parliament or of a State Legislature, Ordinances promulgated by the President or a Governor, as the case may be. Regulations made by the President under article 240, Bills enacted as President's Act under sub-clause (a) of clause (1) of article 357 of the Constitution and includes rules, regulations, bye-laws and orders issued or made there under; "license" means a license granted to a Certifying Authority under section 24; (za) "originator" means a person who sends, generates, stores or transmits any

15

6. CIBER CRIME CASE STUDY

6.1 SOME INDIA CASES STUDIES

6.1.1 Open Source Licensing Open source licensing is resorted to by many sites. However this has certain legal issues. Basically there can be an issue of copyright. Other relevant issues are questions of enforceability on account of clash of local legislation and international agreement. The rights of a programmer warranties and software patent also needs to detailed study. 6.1.2 Cyber Jurisdiction Internet creates virtual world. There are no demarcated boundaries between the people who utilize the web. The utility extends to information, e-banking, e-commerce, communication etc. the technology is open to hacking, pornography, gambling, identity-theft etc. This requires understanding of jurisdiction. Various principles have been evolved to decide the jurisdiction. To mention (1) minimum contest test (2) personal jurisdiction (3) long arm statutes. With reference to Indian situation section 75 of Information Technology Act, 2000 contents the provisions regarding jurisdiction. Section 13(3), (4) and (5) also deal with cause of action which is of significance in internet transactions. Jurisdiction can also be decided on the basis of choice of law, location of server, defendants domicile, and place of performance of contract, plaintiffs domicile and purposeful availment. 6.1.3 Andhra Pradesh Tax Case Dubious tactics of a prominent businessman from Andhra Pradesh was exposed after officials of the department got hold of computers used by the accused person. The owner of a plastics firm was arrested and Rs 22 crore cash was recovered from his house by sleuths of the Vigilance
16

Department. They sought an explanation from him regarding the unaccounted cash within 10 days. The accused person submitted 6,000 vouchers to prove the legitimacy of trade and thought his offence would go undetected but after careful scrutiny of vouchers and contents of his computers it revealed that all of them were made after the raids were conducted. It later revealed that the accused was running five businesses under the guise of one company and used fake and computerized vouchers to show sales records and save tax.

6.2 SELECTED ASIA / PACIFIC CASES:

The following section provides a selection of actions taken against filesharing Web sites and P2P services in the Asia/Pacific region, focusing on Australia, China, Japan and South Korea. 6.2.1 In Australias largest copyright infringement case, three university students received criminal sentences for running a Web site called MP3/WMA Land, which offered more than 1,800 pirated songs for download. In light of their age at the time and the fact that they never profited from their actions, the court warranted 18-month suspended sentences for two of the students and an additional fine of US$5,000 for one of them. Moreover, one student and a third participant were given 200 hours of community service.

6.2.2 Reportedly, China has become a leading exporter of counterfeit and pirated goods to the world. The U.S. industry estimates the value of counterfeit goods in China at US$19 billion to US$24 billion, with losses to U.S. companies exceeding US$1.8 billion a year. The severe piracy problems derive from a combination of cultural, historic and economic factors and are further aggravated by inconsistent, weak enforcement by officials. File-sharing Web sites and networks such as Jelawat and Kuro have been developing rapidly, too. The distributors of P2P software claim that file-sharing falls within the private use exception to copyright, but the
17

Supreme Peoples Court of China rejected this interpretation. Increasingly, copyright owners and right organizations are challenging file-sharing Web sites on copyright infringement claims. 6.2.3. The Beijing No 1 Peoples Court ruled in April 2004 that the Web site chinamp3.com violated the IP rights of Hong Kong-based entertainment companies Go East Entertainment and Sony Music Entertainment (Hong Kong), and ordered the site to pay US$19,000 in damages. The suit concerned the unauthorized distribution of MP3 music files. The defendant argued that he had merely provided links for download and not a direct download service, and therefore should not be held responsible for the IP rights violations. According to observers, the courts ruling may prove to be a significant development in the nascent field of Chinese copyright enforcement in the digital age.

6.2.4 PARLIAMENT ATTACK CASE

Bureau of Police Research and Development at Hyderabad had handled some of the top cyber cases, including analyzing and retrieving information from the laptop recovered from terrorist, who attacked Parliament. The laptop which was seized from the two terrorists, who were gunned down when Parliament was under siege on December 13 2001, was sent to Computer Forensics Division of BPRD after computer experts at Delhi failed to trace much out of its contents.

The laptop contained several evidences that confirmed of the two terrorists motives, namely the sticker of the Ministry of Home that they had made on the laptop and pasted on their ambassador car to gain entry into Parliament House and the fake ID card that one of the two terrorists was carrying with a Government of India emblem and seal.

The emblems (of the three lions) were carefully scanned and the seal was also craftily made along with residential address of Jammu and Kashmir.

18

But careful detection proved that it was all forged and made on the laptop.

6.2. 5 State of Tamil Nadu Vs Suhas Katti

The Case of Suhas Katti is notable for the fact that the conviction was achieved successfully within a relatively quick time of 7 months from the filing of the FIR. Considering that similar cases have been pending in other states for a much longer time, the efficient handling of the case which happened to be the first case of the Chennai Cyber Crime Cell going to trial deserves a special mention. The case related to posting of obscene, defamatory and annoying message about a divorcee woman in the yahoo message group. E-Mails were also forwarded to the victim for information by the accused through a false email account opened by him in the name of the victim. The posting of the message resulted in annoying phone calls to the lady in the belief that she was soliciting.

Based on a complaint made by the victim in February 2004, the Police traced the accused to Mumbai and arrested him within the next few days. The accused was a known family friend of the victim and was reportedly interested in marrying her. She however married another person. This marriage later ended in divorce and the accused started contacting her once again. On her reluctance to marry him, the accused took up the harassment through the Internet.

On 24-3-2004 Charge Sheet was filed u/s 67 of IT Act 2000, 469 and 509 IPC before The Honble Addl. CMM Egmore by citing 18 witnesses and 34 documents and material objects. The same was taken on file in C.C.NO.4680/2004. On the prosecution side 12 witnesses were examined and entire documents were marked as Exhibits.

19

The Defense argued that the offending mails would have been given either by ex-husband of the complainant or the complainant herself to implicate the accused as accused alleged to have turned down the request of the complainant to marry her.

Further the Defense counsel argued that some of the documentary evidence was not sustainable under Section 65 B of the Indian Evidence Act. However, the court relied upon the expert witnesses and other evidence produced before it, including the witnesses of the Cyber Cafe owners and came to the conclusion that the crime was conclusively proved. Ld. Additional Chief Metropolitan Magistrate, Edmore, delivered the judgment on 5-11-04 as follows:

" The accused is found guilty of offences under section 469, 509 IPC and 67 of IT Act 2000 and the accused is convicted and is sentenced for the offence to undergo RI for 2 years under 469 IPC and to pay fine of Rs.500/-and for the offence u/s 509 IPC sentenced to undergo 1 year Simple imprisonment and to pay fine of Rs.500/- and for the offence u/s 67 of IT Act 2000 to undergo RI for 2 years and to pay fine of Rs.4000/All sentences to run concurrently."

The accused paid fine amount and he was lodged at Central Prison, Chennai. This is considered as the first case convicted under section 67 of Information Technology Act 2000 in India.

6.2.6 Baazee.com case

CEO of Baazee.com was arrested in December 2004 because a CD with objectionable material was being sold on the website. The CD was also being sold in the markets in Delhi. The Mumbai city police and the Delhi Police got into action. The CEO was later released on bail. This opened up the question as to what kind of distinction do we draw between Internet
20

Service Provider and Content Provider. The burden rests on the accused that he was the Service Provider and not the Content Provider. It also raises a lot of issues regarding how the police should handle the cyber crime cases and a lot of education is required.

6.2.7 Pune Citibank MphasiS Call Center Fraud

US $ 3, 50,000 from accounts of four US customers were dishonestly transferred to bogus accounts. This will give a lot of ammunition to those lobbying against outsourcing in US. Such cases happen all over the world but when it happens in India it are a serious matter and we cannot ignore it. It is a case of sourcing engineering. Some employees gained the confidence of the customer and obtained their PIN numbers to commit fraud. They got these under the guise of helping the customers out of difficult situations. Highest security prevails in the call centers in India as they know that they will lose their business. There was not as much of breach of security but of sourcing engineering.

The call center employees are checked when they go in and out so they cannot copy down numbers and therefore they could not have noted these down. They must have remembered these numbers, gone out immediately to a cyber caf and accessed the Citibank accounts of the customers.

All accounts were opened in Pune and the customers complained that the money from their accounts was transferred to Pune accounts and thats how the criminals were traced. Police has been able to prove the honesty of the call center and has frozen the accounts where the money was transferred.

There is need for a strict background check of the call center executives. However, best of background checks can not eliminate the bad elements from coming in and breaching security. We must still ensure such checks when a person is hired. There is need for a national ID and a national data base where a name can be referred to. In this case preliminary
21

investigations do not reveal that the criminals had any crime history. Customer education is very important so customers do not get taken for a ride. Most banks are guilt of not doing this.

22

7. CIBER CRIME PREVENTION TECHNIQUES

7.1PREVENTIVE STEPS FOR INDIVIDUALS

7.1.1 CHILDREN Children should not give out identifying information such as Name, Home address, School Name or Telephone Number in a chat room. They should not give photographs to anyone on the Net without first checking or informing parents guardians. They should not respond to messages, which are suggestive, obscene, belligerent or threatening, and not to arrange a face-to face meeting without telling parents or guardians. They should remember that people online might not be who they seem. \ 7.1.2 PARENTS Parent should use content filtering software on PC to protect children from pornography, gambling, hate speech, drugs and alcohol. There is also software to establish time controls for use of limpets (for example blocking usage after a particulars time) and allowing parents to see which site item children have visited. Use this software to keep track of the type of activities of children. 7.1.3 GENERAL INFORMATION Dont delete harmful communications (emails, chats etc). They will provide vital Information about system and address of the person behind these. Try not to panic. If you feel any immediate physical danger contacts your local police. Avoid getting into huge arguments online during chat and discussions with other users. Remember that all other Internet users are strangers; you do not know who you are chatting with. So be careful. Be extremely careful about how you share personal information about yourself online. Choose your chatting nickname carefully so as others.
23

3 do not share personal information in public space online; do not give it to strangers. Be extremely cautious about meeting online introduced person. If you choose to meet, do so in a public place along with a friend. if a situation online becomes hostile, log off and if a situation places you in fear, contact local police. Save all communications for evidence. Do not edit it in any way. Also, keep a record of your contacts and inform Law Enforcement Officials.

7.2 PREVENTIVE STEPS FOR ORGANISATIONS AND GOVERNMENT

7.2.1 PHYSICAL SECURITY Physical security is most sensitive component, as prevention from cyber crime Computer network should be protected from the access of unauthorized persons. 7.2.2 ACCESS CONTROL Access Control system is generally implemented using firewalls, which provide a centralized point from which to permit or allow access. Firewalls allow only authorized communications between the internal and external network. 7.2.3 PASSWORD Proof of identity is an essential component to identify intruder. The use of passwords in the most common security for network system including servers, routers and firewalls. Mostly all the systems are programmed to ask for username and password for access to computer system. This provides the verification of user. Password should be charged with regular interval of time and it should be alpha numeric and should be difficult to judge.

24

7.2.4 FINDING THE HOLES IN NETWORK System managers should track down the holes before the intruders do. Many networking product manufactures are not particularly aware with the information about security holes in their products. So organization should work hard to discover security holes, bugs and weaknesses and report their findings as they are confirmed. 7.2.5 USING NETWORK SCANNING PROGRAMS There is a security administrations tool called UNIX, which is freely available on Internet. This utility scans and gathers information about any host on a network, regardless of which operating system or services the hosts were running. It checks the known vulnerabilities include bugs, security weakness, inadequate password protection and so on. There is another product available called COPS (Computer Oracle and Password System). It scans for poor passwords, dangerous file permissions, and dates of key files compared to dates of CERT security advisories. 7.2.6 USING INTRUSION ALERT PROGRAMS As it is important to identify and close existing security holes, you also need to put some watchdogs into service. There are some intrusion programs, which identify suspicious activity and Report so that necessary action is taken. They need to be operating constantly so that all unusual behavior on network is caught immediately. 7.2.7 USING ENCRYPTION Encryption is able to transform data into a form that makes it almost impossible to read it without the right key. This key is used to allow controlled access to the information to selected people. The information Can be passed on to anyone but only the people with the right key are able to see the information. Encryption allows sending confidential documents by E-mail or save confidential information on laptop computers without having to fear that if someone steals it the data will become public. With the right encryption/decryption software installed, it
25

will hook up to mail program and encrypt/decrypt messages automatically without user interaction.

7.3 DETECTION
Cyber crime is the latest and perhaps the most specialized and dynamic field in cyber laws. Some of the Cyber Crimes like network Intrusion are difficult to detect and investigation even though most of crimes against individual like cyber stalking, cyber defamation, cyber pornography can be detected and investigated through following steps: After receiving such type of mail (1) Give command to computer to show full header of mail. (2) In full header find out the IP number and time of delivery of number and this IP number always different for every mail. From this IP number we can know who was the Internet service provider for that system from which the mail had come. (3) To know about Internet Service Provider from IP number take the service of search engine like nic.com, macffvisualroute. Com, apnic.com, arin.com. (4) After opening the website of any of above mentioned search engine, feed the IP number and after some time name of ISP can be obtained. (5) After getting the name of ISP we can get the information about the sender from the ISP by giving them the IP number, date and time of sender. (6) ISP will provide the address and phone number of the system, which was used to send the mail with bad intention. After Knowing the address and phone number criminal can be apprehended by using conventional police methods.

26

8. CONCLUSION

A simple yet sturdy definition of cyber crime would be unlawful acts wherein the computer is either a tool or a target or both. Defini ng cyber crimes, as acts that are punishable by the information Technology Act would be unsuitable as the Indian Penal Code also covers many cyber crimes, such as e-mail spoofing, cyber defamation etc., India owes a lot to the exponential growth of the Information Technology service Industry over the last 15 years. Though India got its first codified Act in the Information Technology Act (IT Act), in the year 2000, the IT Industry and in fact all businesses with cross-border obligations have been left crying themselves hoarse for more! The Indian Legislature has now passed a mish mash legislation in December 2008, which clearly demonstrates the appeasement policy adapted to meet the various and in some instances divergent interests of the Industry and the Government. The scope of this paper is to highlight some important provisions of the cyber criminal laws in India relating to data protection, privacy, encryption and other cyber crimes and the extent to which the said provisions arm the enforcement authorities to combat not just existing but emerging trends in

27

REFERENCES

[1] Cyber Crime Cases Registered in India : 2010-11 www.ciberlawclinic.org [2] http://www/cyberlaws.net/introduction.htm [3] http://www.cidap.gov.in/documents/cyber%20Crime.pdf [4] http://www.cidap.gov.in/documents/Cyber%20Crime.pdf [5] www.unafei.or.jp/english/pdf/RS_No79/No79_09VE_Jang2.pdf

28