CONTENTS

Sr No Particular Page No
1 Introduction to Cyber Law 1-2
2 Information Technology ACT 2000 3-4
3 Cyber Crime 5-6
4 Types of Crime 7-8
5 Cyber Criminal 9-10
6 Indian Case Study 11-12
7 Conclusion 13









1. Introduction to Cyber Law
Cyber Law is the law governing cyber space. Cyber space is a very wide term and
includes computers, networks, software, data storage devices (such as hard disks, USB
disks etc), the Internet, websites, emails and even electronic devices such as cell phones,
ATM machines etc.
Cyber crimes can involve criminal activities that are traditional in nature, such as theft,
fraud, forgery, defamation and mischief, all of which are subject to the Indian Penal Code.
The abuse of computers has also given birth to a gamut of new age crimes that are
addressed by the Information Technology Act, 2000.
The expression Crime is defined as an act, which subjects the doer to legal punishment
or any offence against morality, social order or any unjust or shameful act. The Offence"
is defined in the Code of Criminal
Procedure to mean as an act or omission made punishable by any law for the time being in
force.
Its an unlawful act wherein the computer is either a tool or a target or both.
Acts that are punishable by the Information Technology Act.
Cyber space is a virtual space that has become as important as real space for
business, politics, and communities .
Cyber Crime is emerging as a serious threat. World wide governments, police
departments and intelligence units have started to react.
Cyber Crime is a term used to broadly describe criminal activity in which computers or
computer networks are a tool, a target, or a place of criminal activity and include
everything from electronic cracking to denial of service attacks. It is also used to include
traditional crimes in which computers or networks are used to enable the illicit activity.
Computer crime mainly consists of unauthorized access to computer systems data
alteration, data destruction, theft of intellectual property. Cyber crime in the context of
national security may involve hacking, traditional espionage, or information warfare and
related activities.






1
Pornography, Threatening Email, Assuming someone's Identity, Sexual Harassment,
Defamation, Spam and Phishing are some examples where computers are used to commit
crime, whereas Viruses, Worms and Industrial Espionage, Software Piracy and Hacking are
examples where computers become target of crime.
The Internet in India is growing rapidly. It has given rise to new opportunities in every field
we can think of be it entertainment, business, sports or education. There are two sides to a
coin. Internet also has its own disadvantages. One of the major disadvantages is Cybercrime
illegal activity committed on the Internet. The Internet, along with its advantages, has also
exposed us to security risks that come with connecting to a large network. Computers today
are being misused for illegal activities like e-mail espionage, credit card fraud, spams, and
software piracy and so on, which invade our privacy and offend our senses. Criminal
activities in the cyberspace are on the rise.
"The modern thief can steal more with a computer than with a gun. Tomorrow's
terrorist may be able to do more damage with a key board than with a bomb".
Until recently, many information technology (IT) professionals lacked awareness of an
interest in the cyber crime phenomenon. In many cases, law enforcement officers have lacked
the tools needed to tackle the problem; old laws didnt quite fit the crimes being committed,
new laws hadnt quite caught up to the reality of what was happening, and there were few
court precedents to look to for guidance? Furthermore, debates over privacy issues hampered
the ability of enforcement agents to gather the evidence needed to prosecute these new cases.
Finally, there was a certain amount of antipathyor at the least, distrust between the two
most important players in any effective fight against cyber crime: law enforcement agencies
and computer professionals. Yet close cooperation between the two is crucial if we are to
control the cyber crime problem and make the Internet a safe place for its users.















2

2. Information Technology Act 2000
Connectivity via the Internet has greatly abridged geographical distances and made
communication even more rapid. While activities in this limitless new universe are increasing
incessantly, laws must be formulated to monitor these activities. Some countries have been
rather vigilant and formed some laws governing the net. In order to keep pace with the
changing generation, the Indian Parliament passed the much-awaited Information
Technology Act, 2000 .As they say,
"Its better late than never".
However, even after it has been passed, a debate over certain controversial issues continues.
A large portion of the industrial community seems to be dissatisfied with certain aspects of
the Act. But on the whole, it is a step in the right direction for India.
The Information Technology Act 2000, regulates the transactions relating to the computer
and the Internet
The objectives of the Act as reflected in the Preamble to the Act are:
1. The Preamble to the Act states that it aims at providing legal recognition for transactions
carried out by means of electronic data interchange and other means of electronic
communication, commonly referred to as "electronic commerce", which involve the use of
alternatives to paper-based methods of communication and storage of information and aims
at facilitating electronic filing of documents with the Government agencies.
2. To facilitate electronic filing of the document with the government of India. The General
Assembly of the United Nations had adopted the Model Law on Electronic Commerce
adopted by the United Nations Commission on International Trade Law (UNCITRAL) in its
General Assembly resolution A/RES/51/162 dated January 30, 1997. The Indian Act is in
keeping with this resolution that recommended that member nations of the UN enact and
modify their laws according to the Model Law.
Thus with the enactment of this Act, Internet transactions will now be recognized, on-line
contracts will be enforceable and e-mails will be legally acknowledged. It will tremendously
augment domestic as well as international trade and commerce.
The Information Technology Act extends to the whole of India and, saves as otherwise
provided in this Act, it applies also to any offence or contravention there under


3

committed outside India by any person.
However The Act does not apply to:
1. a negotiable instrument as defined in section 13 of the Negotiable Instruments Act,1881;
2. a power-of-attorney as defined in section 1A of the Powers-of- Attorney Act, 1882;
3. a trust as defined in section 3 of the Indian Trusts Act, 1882;
4. A will as defined in clause (h) of section 2 of the Indian Succession Act, 1925including
any other testamentary disposition by whatever name called
5. Any contract for the sale or conveyance of immovable property or any interest in such
property;
6. Any such class of documents or transactions as may be notified by the Central Government
in the Official Gazette.
Some of the Important Definition:
Asymmetric crypto system" means a system of a secure key pair consisting of a private key
for creating a digital signature and a public key to verify the digital signature;
Certifying Authority" means a person who has been granted a licence to issue a Digital
Signature Certificate under section 24;
Certification practice statement" means a statement issued by a Certifying Authority to
specify the practices that the Certifying Authority employs in issuing Digital Signature
Certificates;
Cyber Appellate Tribunal" means the Cyber Regulations Appellate Tribunal established
under sub-section (1) of section 48;
Digital signature" means authentication of any electronic record by a subscriber by means of
an electronic method or procedure in accordance with the provisions of section.
Digital Signature Certificate" means a Digital Signature Certificate issued under subsection
of section 35;
Electronic form" with reference to information means any information generated, sent,
received or stored in media, magnetic, optical, computer memory, micro film, computer
generated micro fiche or similar device;
Electronic Gazette" means the Official Gazette published in the electronic form;
Secure system" means computer hardware, software, and procedure that
(a) are reasonably secure from unauthorised access and misuse.
(b) provide a reasonable level of reliability and correct operation.



4
3. Introduction to Cyber Crime
The first recorded cyber crime took place in the year 1820! That is not surprising considering
the fact that the abacus, which is thought to be the earliest form of a computer, has been
around since 3500 B.C. in India, Japan and China. The era of modern computers, however,
began with the analytical engine of Charles Babbage. Cyber crime is an evil having its origin
in the growing dependence on computers in modern life. In a day and age when everything
from microwave ovens and refrigerators to nuclear power plants is being run on computers,
cyber crime has assumed rather sinister implications. Major Cyber crimes in the recent past
include the Citibank rip off. US $ 10 million were fraudulently transferred out of the bank
and into a bank account in Switzerland. A Russian hacker group led by Vladimir Kevin, a
renowned hacker, perpetrated the attack. The group compromised the bank's security
systems. Vladimir was allegedly using his office computer at AO Saturn, a computer firm in
St. Petersburg, Russia, to break into Citi bank computers. He was finally arrested on
Heathrow airport on his way to Switzerland.
United Nations Definition of Cybercrime
Cybercrime spans not only state but national boundaries as well. Perhaps we should look to
international organizations to provide a standard definition of the crime. At the Tenth United
Nations Congress on the Prevention of Crime and Treatment of Offenders, in a workshop
devoted to the issues of crimes related to computer networks, cybercrime was broken into
two categories and defined thus:
Cybercrime in a narrow sense (computer crime): Any illegal behaviour directed by
means of electronic operations that targets the security of computer systems and the
data processed by them.
Cybercrime in a broader sense (computer-related crime): Any illegal behaviour
committed by means of, or in relation to, a computer system or network, including
such crimes as illegal possession [and] offering or distributing information by means
of a computer system or network.
Of course, these definitions are complicated by the fact that an act may be illegal in one
nation but not in another.




5
There are more concrete examples, including
i. Unauthorized access
ii Damage to computer data or programs
iii Computer sabotage
iv Unauthorized interception of communications
v Computer espionage
These definitions, although not completely definitive, do give us a good starting point one
that has some international recognition and agreement for determining just what we mean by
the term cybercrime.
In Indian law, cyber crime has to be voluntary and wilful, an act or omission that adversely
affects a person or property. The IT Act provides the backbone for e-commerce and Indias
approach has been to look at e-governance and e-commerce primarily from the promotional
aspects looking at the vast opportunities and the need to sensitize the population to the
possibilities of the information age. There is the need to take in to consideration the security
aspects.
Cybercrime is not on the decline. The latest statistics show that cybercrime is actually on the
rise. However, it is true that in India, cybercrime is not reported too much about.
Consequently there is a false sense of complacency that cybercrime does not exist and that
society is safe from cybercrime. This is not the correct picture. The fact is that people in our
country do not report cybercrimes for many reasons. Many do not want to face harassment by
the police. There is also the fear of bad publicity in the media, which could hurt their
Reputation and standing in society. Also, it becomes extremely difficult to convince the
police to register any cybercrime, because of lack of orientation and awareness about
cybercrimes and their registration and handling by the police.










6
4. Types Of Cyber Crime
Technical Aspects
Technological advancements have created new possibilities for criminal activity, in particular
the criminal misuse of information technologies such as
Unauthorized access & Hacking:-
Access means gaining entry into, instructing or communicating with the logical,
arithmetical, or memory function resources of a computer, computer system or
computer network.
Unauthorized access would therefore mean any kind of access without the permission
of either the rightful owner or the person in charge of a computer, computer system or
computer network.
By hacking web server taking control on another persons website called as web
hijacking
Trojan Attack:-
The program that act like something useful but do the things that are quiet damping.
The programs of this kind are called as Trojans.
Trojans come in two parts, a Client part and a Server part. When the victim
(unknowingly) runs the server on its machine, the attacker will then use the Client to
connect to the Server and start using the trojan.
Virus and Worm attack:-
A program that has capability to infect other programs and make copies of itself and
spread into other programs is called virus.
Programs that multiply like viruses but spread from computer to computer are called
as worms.
E-mail related crimes:-
Email spoofing:-Email spoofing refers to email that appears to have been originated from
one source when it was actually sent from another source. Please Read
Email Spamming:-Email "spamming" refers to sending email to thousands and thousands of
users - similar to a chain letter.


7

Sending malicious codes through email:-

E-mails are used to send viruses, Trojans etc through emails as an attachment or by sending a
link of website which on visiting downloads malicious code.
Email bombing:-
E-mail "bombing" is characterized by abusers repeatedly sending an identical email message
to a particular address.
Sending threatening emails
Sending any threatening Email to any Person regarding his live or property is also a Crime.
Sale of illegal articles
This would include sale of narcotics, weapons and wildlife etc., by posting information on
websites, auction websites, and bulletin boards or simply by using email communication.
Online gambling
There are millions of websites; all hosted on servers abroad, that offer online gambling. In
fact, it is believed that many of these websites are actually fronts for money laundering.































8
5. Cyber Criminals
Kids (age group 9-16 etc.)
It seems really difficult to believe but it is true. Most amateur hackers and cyber criminals are
teenagers. To them, who have just begun to understand what appears to be a lot about
computers, it is a matter of pride to have hacked into a computer system or a website. There
is also that little issue of appearing really smart among friends. These young rebels may also
commit cyber crimes without really knowing that they are doing anything wrong.
Organized hacktivists
Hacktivists are hackers with a particular (mostly political) motive. In other cases this reason
can be social activism, religious activism, etc. The attacks on approximately 200 prominent
Indian websites by a group of hackers known as Pakistani Cyber Warriors are a good
example of political hacktivists at work.
Disgruntled employees
One can hardly believe how spiteful displeased employees can become. Till now they had the
option of going on strike against their bosses. Now, with the increase independence on
computers and the automation of processes, it is easier for disgruntled employees to do more
harm to their employers by committing computer related crimes, which can bring entire
systems down.
Professional hackers (corporate espionage)
Extensive computerization has resulted in business organizations storing all their information
in electronic form. Rival organizations employ hackers to steal industrial secrets and other
information that could be beneficial to them. The temptation to use professional hackers for
industrial espionage also stems from the fact that physical presence required to gain access to
important documents is rendered needless if hacking can retrieve those.
Denial of Service Tools
Denial-of-service (or DoS) attacks are usually launched to make a particular service
unavailable to someone who is authorized to use it. These attacks may be launched using one
single computer or many computers across the world. In the latter scenario, the attack is
known as a distributed denial of service attack. Usually these attacks do not necessitate the
need to get access into anyone's system.
These attacks have been getting decidedly more popular as more and more people realize the
amount and magnitude of loss, which can be caused through them.
9
What are the reasons that a hacker may want to resort to a DoS attack? He may have installed
a Trojan in the victim's computer but needed to have the computer restarted to activate the
Trojan. The other good reason also may be that a business may want to harm a competitor by
crashing his systems.
Denial-of-service attacks have had an impressive history having, in the past, blocked out
websites like Amazon, CNN, Yahoo and eBay. The attack is initiated by sending excessive
demands to the victim's computer's, exceeding the limit that the victim's servers can support
and making the servers crash. Sometimes, many computers are entrenched in this process by
installing a Trojan on them; taking control of them and then making them send numerous
demands to the targeted computer. On the other side, the victim of such an attack may see
many such demands (sometimes even numbering tens of thousands) coming from computers
from around the world. Unfortunately, to be able to gain control over a malicious denial-of-
service attack would require tracing all the computers involved in the attack and then
informing the owners of those systems about the attack. The compromised system would
need to be shut down or then cleaned. This process, which sounds fairly simple, may prove
very difficult to achieve across national and later organizational bordersDenial-of-service
attacks have had an impressive history having, in the past, blocked out websites like Amazon,
CNN, Yahoo and eBay. The attack is initiated by sending excessive demands to the victim's
computer's, exceeding the limit that the victim's servers can support and making the servers
crash. Sometimes, many computers are entrenched in this process by installing a Trojan on
them; taking control of them and then making them send numerous demands to the targeted
computer. On the other side, the victim of such an attack may see many such demands
(sometimes even numbering tens of thousands) coming from computers from around the
world. Unfortunately, to be able to gain control over a malicious denial-of-service attack
would require tracing all the computers involved in the attack and then informing the owners
of those systems about the attack. The compromised system would need to be shut down or
then cleaned. This process, which sounds fairly simple, may prove very difficult to achieve
across national and later organizational borders.





10
6. Indian Case Studies
While I have a huge collection of international cyber crimes I thought it may be more
relevant if we discuss Indian Cyber crime case studies. However if any of you is interested in
international case studies please do reach me. I have not arranged the following section in an
order to create flow of thought for the reader. And it is possible there is a drift from the
taxonomy which we have defined in the beginning.
Insulting Images of Warrior Shivaji on Google Orkut

An Indian posts insulting images of respected warrior-saint Shivaji on Googles
Orkut.Indian police come knocking at Googles gilded door demanding the IP address (IP
uniquely identifies every computer in the world) which is the source of this negative image.
Google, India hands over the IP address.
Financial crime
Wipro Spectramind lost the telemarketing contract from Capital one due to an organized
crime.The telemarketing executives offered fake discounts, free gifts to the Americans in
order to boost the sales of the Capital one. The internal audit revealed the fact and
surprisingly it was also noted that the superiors of these telemarketers were also involved in
the whole scenario.
Cyber pornography
Some more Indian incidents revolving around cyber pornography include the Air Force
Balbharati School case. In the first case of this kind, the Delhi Police Cyber Crime Cell
registered a case under section 67 of the IT act, 2000. A student of the Air Force Balbharati
School, New Delhi, was teased by all his classmates for having a pockmarked face.
Online Gambling
Recent Indian case about cyber lotto was very interesting. A man called Kola Mohan
invented the story of winning the Euro Lottery. He himself created a website and an email
address on the Internet with the address 'eurolottery@usa.net.' Whenever accessed, the site
would name him as the beneficiary of the 12.5 million pound. After confirmation a
telgunewspaper published this as a news. He collected huge sums from the public as well as
from some banks for mobilization of the deposits in foreign currency However, the fraud





11
came to light when a cheque discounted by him with the Andhra Bank for Rs 1.73 million
bounced. Mohan had pledged with Andhra Bank the copy of a bond certificate purportedly
issued by Midland Bank, Sheffields, London stating that a term deposit of 12.5 million was
held in his name.
Intellectual Property crimes
These include software piracy, copyright infringement, trademarks violations, theft of
computer source code etc. In other words this is also referred to as cybersquatting. Satyam
Vs. Siffy is the most widely known case. Bharti Cellular Ltd. filed a case in the Delhi High
Court that some cyber squatters had registered domain names such as barticellular.com and
bhartimobile.com with Network solutions under different fictitious names. The court directed
Network Solutions not to transfer the domain names in question to any third party and the
matter is sub-judice. Similar issues had risen before various High Courts earlier. Yahoo had
sued one Akash Arora for use of the domain name Yahooindia.Com deceptively similar to
its Yahoo.com. As this case was governed by the Trade Marks Act,1958, the additional
defence taken against Yahoos legal action for the interim order was that the Trade Marks
Act was applicable only to goods.
Cyber Defamation
Indias first case of cyber defamation was reported when a companys employee started
sending derogatory, defamatory and obscene e-mails about its Managing Director. The emails
were anonymous and frequent, and were sent to many of their business associates to tarnish
the image and goodwill of the company. The company was able to identify the employee
with the help of a private computer expert and moved the Delhi High Court. The court
granted an ad-interim injunction and restrained the employee from sending, publishing and
transmitting e-mails, which are defamatory or derogatory to the plaintiffs.







12
7. CONCLUSION
Obviously computer crime is on the rise, but so is the awareness and ability to fight it. Law
enforcement realizes that it is happening more often than it is reported and are doing there
best to improve existing laws and create new laws as appropriate. The problem is not with the
awareness or the laws, but with actually reporting that a crime has occurred. Hopefully
people will begin to realize that unless they report these crimes and get convictions, those
committing computer crimes will continue to do so. While there is no silver bullet for dealing
with cyber crime, it doesnt mean that we are completely helpless against it. The legal system
is becoming more tech savvy and manylaw enforcement departments now have cyber crime
units created specifically to deal with computer related crimes, and of course we now have
laws that are specifically designed for computer related crime. While the existing laws are not
perfect, and no law is, they are nonetheless a step in the right direction toward making the
Internet a safer place for business, research and just casual use. As our reliance on computers
and the Internet continues to grow, the importance of the laws that protect us from the cyber-
criminals will continue to grow as well.






























13