Escolar Documentos
Profissional Documentos
Cultura Documentos
INTRODUCTION
The present age is the age of automation where man is
shifting his maximum burden on machines to get work done.
The Computer Technology helps the present human civilization
to such a greater extend that life without computers seem to be
impossible! Speaking with examples, railway reservations,
aircraft transportations, bio-matrix attendance in offices,
Examination result cards, Traffic signals, Telephonic
communications, Banking transactions, all are now carried out
with the help of computer machines and every data and
information has acquired electronic shape and capable to move
through the optic fibers. Today, voice files, song files,
photographs, currencies, news items, clips, bio-datas, letters,
so on and so forth are capable of being transferred, distributed,
circulated and stored in electronic form. Thus present
generation is greatly depends upon the computer technology
for the easy mechanism and effective operations operated in
electric format through computers . However, the facilities of
computer technology have not come out without drawbacks.
Though it makes the life so speedy and fast, but hurled under
the eclipse of threat from the deadliest type of criminality
termed as 'Cyber crime'. The Cyber crime can halt any railway
where it is, it may misguide the planes on its flight by
misguiding with wrong signals, it may cause any important
military data to fall in the hands of foreign countries, and it may
halt e-media and every system can collapse within a fraction of
seconds. Therefore, it is necessary to examine the deadliest
form of criminality of the present millennium, conceptually
termed as Cyber crime.
Evaluating nature of Crime-Socio-Political-Economical
i)Crime as an evil factor of society
i.
said by Per Lord Atkin that the only standard thing that can
measure the criminality of act is the punishment or the
penalisation given to that particular act. Crime in any form
adversely affects all the members of the society. In
developing economies, cyber crime has increased at rapid
strides, due to the rapid diffusion of the Internet and
technology in almost all walks of society right from corporate
governance and state administration, up to the lowest level of
petty shop keepers computerizing their billing system,
computers and other electronic devices pervading the human
life, man cannot spend a day without computers or a mobile.
ELEMENTS OF CRIME : ACTUS REUS AND MENS REA
CYBER CRIME
13
The term 'cyber crime' has not been defined in any Statute or
Act. The Oxford Reference Online defines 'cyber crime' as crime
committed over the Internet.
The Encyclopedia Britannica defines 'cyber crime' as any crime
that is committed by means of special knowledge or expert use
of computer technology. So what exactly is Cyber Crime. Cyber
Crime could reasonably include a wide variety of criminal
offences and activities.
CBI Manual defines cyber crime as:
1. Crimes committed by using computers as a means,
including conventional crimes.
2. Crimes in which computers are targets.
A generalized definition of cyber crime may be "unlawful acts
where in the computer is either a tool or target or both".
DOCTRINE OF
CYBER CRIME :
MENSREA
AND
ACTUS
REUS
IN
CHAPTER-II
15
Scene of
occurrence
Can be
spotted
report to
the police
alleged
accused is
generally a
common
man
Arrest
and
seizure
Investigatio
n
trial by
court having
jurisdiction
productio
n of
evidence
Multinationa
l jurisdiction
Intangible
and
volatile
evidence
Cyber crime
Scene of
occurrence
unknown
Latency in
report to
the police
alleged
accused is
generally a
computer
Police is
untrained
Investigatio
n High tec
16
OFFENSIVE MESSAGES
(Messaging, annoying, intimidating, insulting, misleading,
defaming)
1. SMS-SMS may be sent using mobile phone of ones own
identity or by acquiring a fade identity.Few SMSs had been
circulated affecting public tranquillity; Eg: False Tsunami
warning, false alarm as target of explosion.
2. MMS-Multimedia messages often defaming or obscene
aresent among small groups using mobile phones/
Bluetooth.If there had been a sharing in many mobile
equipmentsthe first source couldnt be fixed. Eg., Arrest of
theManaging Director of bazee.com in a school MMS
scandal in Delhi. Often captured in private places
unknowingly forfuture exploitation.
3. Web based SMS-SMS can be sent by logging onto sites
likeway2sms.com by becoming a member of the sitetyping
the message of choice and choosing destinationto be sent
OFFENSIVE CALLS
(Offender calls either by his/her own name or by acquiring
false identity- Landlinecalls/mobile calls, web based calls
etc.)
1. Landline/mobile calls- Many landlines still have no caller
Ids.Difficulty if the connection is in a non-existentfictitious
address.
2. Web based calls- Calls can be made by spoofing the
mobile numberusing the sites like
http://www.phonetrick.net/www.prankdial.com/
III.
DECEPTIVE MESSAGES
(Lottery, cheating, job racket) (SMS of lottery
cheating, emailsof prize money, articles, falsepromise of
jobs, false mail foradmission to a reputedUniversity).Greed
of the victim is the main reason why cyber frauds are
successful. SMS/Email messages of winning a lottery of
prizemoney or articles, alluring people to deposit
money.Clues available are email IDs and sometimes
fewmobile phone numbers.Live.com, Yahoo.co.uk domains
IP which arefrequently used never share the login IPs and
itprovides a conducive climate for commission ofcrimes.To
the extent it was made available, the IP logsinvariably had
shown some Nigerian, Mediterranean,Middle East and
American countries. Hence usersdetails are not available.
18
IV.
DATA THEFT
(Theft of proprietary information causing breach of
confidentiality and integrity and There by altering its
utility value. More due to disharmony in
employee/employer situations by disgruntled employees.)
Sensitive information belonging to business organizations
is targeted by rivals, criminals and sometimes even by
disgruntled employees.
Disharmony in work place often makes the ex-employees
to take away the
valuable data or design or client
information.
Sometimes they damage it; delete it; or sell it to a
competitor.
Many a times the employers become suspicious about
their ex-employees and attribute instances of data theft
which the ex-employee was holding in his possession to
carryout his official duties at the time of his employment.
Frequently breach of Non Disclosure of Agreement(NDA)
and Memorandum of terms of employment are often
attributed to criminal activity by employers which in truth
may be a civil violation.
V.
IDENTITY THEFT
Identity theft involves fraudulent or dishonest use of
someones electronic signature, password or other unique
identification feature.It is the first step towards credit card
fraud, onlineshare trading scams and e-banking crimes.
VI.
IX.
SPAM/MALWARE/ ESPIONAGE
Spam is the abuse of electronic messaging systems to
send unsolicited bulk messages indiscriminately.
E-mail spam, known as junk mail, is the practice of
sending unwanted email messages, frequently with
commercial content, in large quantities to an
indiscriminate set of recipients.
Malware is software designed to infiltrate or damage a
computer system without the owners informed consent.
Malware is a wide term that includes viruses, worms,
Trojans, rootkits, backdoors, spyware, botnets, keystroke
loggers and dialers.
Cyber espionage is the act of obtaining personal, sensitive
proprietary or classified information without permission.
Also known as cyber spying, it involves the use of
cracking techniques and malicious software including
Trojans and spyware.
21
X.
XI.
DENIAL OF SERVICE
This involves flooding a computer with more requests than
it can handle, causing it to crash.
In a Distributed Denial of Service (DDoS) attack, the
perpetrators are many and are geographically
widespread.5
XII.
SOCIALENGINEERING
A social engineering attack tricks people into revealing
passwords or other confidential information by making
people believe an unanticipated situation.
Training the personnel for handling such situations and
effectively ensuring the need to know basis may be a
viable solution.
XIII.
VIOLATION OF PRIVACY
(Capturing and publishing the images, pictures and videos
of individuals often without the knowledge and
concurrence and thereby passing humiliation
andembarrassment)
Normally females victimized in this way by the posting of
pictures with an attachment of an unwanted message,
often with the phone number to cause incessant
disturbance by calls from international strangers.
5Susan W. Brenner, Cybercrime: Criminal Threats from Cyberspace, ABC-CLIO, 2010, pp. 91
22
CYBER TERRORISM
Cyber terrorism involves the use or threat of disruptive
cyber activities for ideological, religious or political
objectives. Government officials and Information
Technology security specialists have documented a
significant increase in Internet problems and server scans
since early 2001. But there is a growing concern among
federal officials[who?] that such intrusions are part of an
organized effort by cyber terrorists, foreign intelligence
services, or other groups to map potential security holes in
critical systems. A cyber terrorist is someone who
intimidates or coerces a government or organization to
advance his or her political or social objectives by
launching computer-based attack against computers,
network, and the information stored on them.
Cyber terrorism in general, can be defined as an act of
terrorism committed through the use of cyberspace or
computer resources (Parker 1983). As such, a simple
propaganda in the Internet, that there will be bomb
attacks during the holidays can be considered cyber
terrorism. As well there are also hacking activities directed
towards individuals, families, organized by groups within
networks, tending to cause fear among people,
demonstrate power, collecting information relevant for
ruining peoples' lives, robberies, blackmailing etc.
23
OBSCENITY &PORNOGRAPHY
(Uploading obscene and lascivious materials in Internet
and causing propagation and transmission: abusing
children and uploading of images of such abuse)
DRUG TRAFFICKING
Drug traffickers are increasingly taking advantage of the
Internet to sell their illegal substances through
24
CHAPTER-III
INFORMATION TECHNOLOGY ACT, 2000 :
25
6 The bill was passed by both houses of the Parliament and received president assent on
9-6-2000.
26
29
SCHEME OF OFFENCES
Schemes of
offences
INFORMATION
TECHNOLOGY
ACT,2000
INFORMATION
TECHNOLOGY
AMENDMENT ACT
20008
New sections 43 A ,
66 A to F, 67,67 A to
C, 68(2), 69, 69- a &
b,72-A, 84-B And 84 C.
Sections 65 - 72
30
31
Sec 66
Sec 66 A
Sec 66 B
Sec 66C
Sec 66 D
Sec 66 E
Sec 66 F
Sec 67
Sec 67 A
Sec 72
Sec 73
Sec 74
and bailable. This will not prove to play a deterrent factor for
cyber criminals. Further, as per new S. 84B, abetment to
commit an offence is made punishable with the punishment
provided for the offence under the Act and the new S. 84C
makes attempt to commit an offence also a punishable
offence with imprisonment for a term which may extend to
one-half of the longest term of imprisonment provided for that
offence. In certain offences, such as hacking (s 66)
punishment is enhanced from 3 years of imprisonment and
fine of 2 lakhs to fine of 5 lakhs. In S. 67, for publishing of
obscene information imprisonment term has been reduced
from five years to three years (and five years for subsequent
offence instead of earlier ten years) and fine has been
increased from one lakh to five lakhs (rupees ten lakhs on
subsequent conviction). Section 67A adds an offence of
publishing material containing sexually explicit conduct
punishable with imprisonment for a term that may extend to
5 years with fine upto ten lakhs. This provision was essential
to curb MMS attacks and video vouyerism. Section 67B
punishes offence of child pornography, childs sexually
explicit act or conduct with imprisonment on first conviction
for a term upto 5 years and fine upto 10 lakhs. This is a
positive change as it makes even browsing and collecting of
child pornography a punishable offence. Punishment for
disclosure of information in breach of lawful contract under
sec 72 is increased from 2 yrs upto 5 yrs and from one lakh to
5 lakh or both. This will deter the commission of such crime.
By virtue off Section 84 B person who abets a cybercrime will
be punished with punishment provided for that offence under
the Act. This provision will play a deterrent role and prevent
commission of conspiracy linked cybercrimes. Also,
punishment for attempt to commit offences is given under
Section 84 c which will be punishable with one half of the
term of imprisonment prescribed for that offence or such fine
as provided or both.
37
44
Site certification
Security initiatives
Awareness Training
Conformance to Standards, certification
Policies and adherence to policies
Policies like password policy, Access Control, email Policy
etc
Periodic monitoring and review.
The Information Technology (Reasonable security practices
and procedures and sensitive personal data or information)
Rules have since been notified by the Government of India,
Dept of I.T. on 11 April 2011. Any body corporate or a
person on its behalf shall be considered to have complied
with reasonable security practices and procedures, if they
have implemented such security practices and standards
and have a comprehensive documented information
security programme and information security policies
containing managerial, technical, operational and physical
security control measures commensurate with the
information assets being protected with the nature of
45
48
Email spoofing
Web-jacking
Sec 67 of IT Act
Hacking
Sec 66 of IT Act
Pornography
Email bombing
59
Sec 43 of IT Act
Denial of Service Attack
61
CHAPTER-IV
TYPES OF
CYBER CRIME
Cyber law is a term used to describe the legal issues related to
use of communications technology, particularly cyberspace,
i.e. the Internet. It is less of a distinct field of law in the way
that property or contract are, as it is an intersection of many
legal fields, including intellectual property, privacy, freedom of
expression, and jurisdiction. In essence, cyber law is an attempt
to apply laws designed for the physical world, to human activity
on the Internet. In India, The IT Act, 2000 as amended by The IT
(Amendment) Act, 2008 is known as the Cyber law. It has a
separate chapter XI entitled Offences in which various cyber
crimes have been declared as penal offences punishable with
imprisonment and fine.
1. HACKING
Hacking is not defined in The amended IT Act, 2000. According
to wikipedia, Hacking means unauthorized attempts to bypass
the security mechanisms of an in formation system or network.
Also, in simple words Hacking is the unauthorized access to a
computer system, programs, data and network resources.
(The term hacker originally meant a very gifted
programmer. In recent years though, with easier access to
multiple systems, it now has negative implications.)
LAW & PUNISHMENT: Under Information Technology (Amendment)
Act, 2008, Section 43(a) read with section 66 is applicable and
62
Section 379 & 406 of Indian Penal Code, 1860 also are
applicable. If crime is proved under IT Act, accused shall be
punished for imprisonment, which may extend to three years
or with fine, which may extend to five lakh rupees or both.
Hacking offence is cognizable, bailable, compoundable with
permission of the court before which the prosecution of such
offence is pending and triable by any magistrate.
2.DATA THEFT
According to Wikipedia, Data Theft is a growing problem,
primarily perpetrated by office workers with access to
technology such as desktop computers and handheld devices,
capable of storing digital information such as flash drives, iPods
and even digital cameras. The damage caused by data theft
can be considerable with todays ability to transmit very large
files via e-mail, web pages, USB devices, DVD storage and
other hand-held devices. According to Information Technology
(Amendment) Act, 2008, crime of data theft under Section 43
(b) is stated as - If any person without permission of the owner
or any other person, who is in charge of a computer, computer
system of computer network - downloads, copies or extracts
any data, computer data base or information from such
computer, computer system or computer network including
information or data held or
stored in any removable storage medium, then it is data theft.
LAW & PUNISHMENT: Under Information Technology (Amendment)
Act, 2008, Section 43(b) read with Section 66 is applicable and
under Section 379, 405 & 420 of Indian Penal Code, 1860 also
applicable. Data Theft offence is cognizable, bailable,
compoundablewith permission of the court before which the
prosecution of such offence is pending
and triable by any magistrate.
63
3. SPREADING VIRUS
OR
WORMS
4. IDENTITY THEFT
According to wikipedia Identity theft is a form of fraud or
cheating of another persons identity in which someone
pretends to be someone else by assuming that persons
identity, typically in order to access resources or obtain credit
and other benefits in that persons name. Information
Technology (Amendment) Act, 2008, crime of identity theft
under Section 66-C, whoever, fraudulently or dishonestly make
use of the electronic signature, password or any other unique
identification feature of any other person known as identity
theft. Identity theft is a term used to refer to fraud that involves
64
5. E-MAIL SPOOFING
According to wikipedia, e-mail spoofing is e-mail activity in
which the sender addresses and other parts of the e-mail
header are altered to appear as though the e-mail originated
from a different source. E-mail spoofing is sending an e-mail to
another person in such a way that it appears that the e-mail
was sent by someone else. A spoof emailis one that appears to
originate from one source but actually has been sent from
another source. Spoofing is the act of electronically disguising
one computer as another for gaining as the password system. It
is becoming so common that you can no longer take for
granted that the e-mail you are receiving is truly from the
person identified as the sender. Email spoofing is a technique
used by hackers to fraudulently send email messages in which
the sender address and other parts of the email header are
alteredto appear as though the email originatedfrom a source
other than its actual source.
65
JURISDICTION:
This is a major issue which is not satisfactorily addressed in
the ITA or ITAA.Jurisdiction has been mentioned in Sections
46, 48, 57 and 61 in the context of adjudication process and
the appellate procedure connected with and again in Section
80 and as part of the police officers powers to enter, search a
public place for a cyber crime etc. In the context of electronic
record, Section 13 (3) and (4) discuss the place of dispatch
69
EVIDENCES:
Evidences are a major concern in cyber crimes. Pat of
evidences is the crime scene issues. In cyber crime, there is
no cyber crime. We cannot mark a place nor a computer nor a
network, nor seize the hard-disk immediately and keep it
under lock and key keep it as an exhibit taken from the crime
scene.
Very often, nothing could be seen as a scene in cyber crime!
The evidences, the data, the network and the related gadgets
along with of course the log files and trail of events
emanating or recorded in the system are actually the crime
scene. While filing cases under IT Act, be it as a civil case in
the adjudication process or a criminal complaint filed with the
police, many often, evidences may lie in some system like the
intermediaries computers or some times in the opponents
computer system too. In all such cases, unless the police
swing into action swiftly and seize the systems and capture
70
CHAPTER-V
LEGISLATIONS IN OTHER NATIONS:
74
IN THE UK, THE DATA PROTECTION ACT AND THE PRIVACY AND
ELECTRONIC COMMUNICATIONS REGULATIONS ETC ARE ALL REGULATORY
LEGISLATIONS ALREADY EXISTING IN THE AREA OF INFORMATION SECURITY
AND CYBER CRIME PREVENTION, BESIDES CYBER CRIME LAW PASSED
RECENTLY
IN
AUGUST
2011.SIMILARLY,
WE
HAVE
CYBER
CRIME
WHAT
77
79
prove the honesty of the call center and has frozen the
accounts where the money was transferred. There is need for a
strict background check of the call center executives. However,
best of background checks can not eliminate the bad elements
from coming in and breaching security. We must still ensure
such checks when a person is hired. There is need for a national
ID and a national data base where a name can be referred to. In
this case preliminary investigations do not reveal that the
criminals had any crime history. Customer education is very
important so customers do not get taken for a ride. Most banks
are guilt of not doing this.
2. Bazee.com case
CEO of Bazee.com was arrested in December 2004 because a
CD with objectionable material was being sold on the website.
The CD was also being sold in the markets in Delhi. The
Mumbai city police and the Delhi Police got into action. The CEO
was later released on bail. This opened up the question as to
what kind of distinction do we draw between Internet Service
Provider and Content Provider. The burden rests on the accused
that he was the Service Provider and not the Content Provider.
It also raises a lot of issues regarding how the police should
handle the cyber crime cases and a lot of education is
required.8
who attacked Parliament. The laptop which was seized from the
two terrorists, who were gunned down when Parliament was
under siege on December 13 2001, was sent to Computer
Forensics Division of BPRD after computer experts at Delhi
failed to trace much out of its contents. The laptop contained
several evidences that confirmed of the two terrorists motives,
namely the sticker of the Ministry of Home that they had made
on the laptop and pasted on their ambassador car to gain entry
into Parliament House and the the fake ID card that one of the
two terrorists was carrying with a Government of India emblem
and seal. The emblems (of the three lions) were carefully
scanned and the seal was also craftly made along with
residential address of Jammu and Kashmir. But careful detection
proved that it was all forged and made on the laptop.
8. SONY.SAMBANDH.COM CASE
India saw its first cybercrime conviction recently. It all began
after a complaint was filed by Sony India Private Ltd, which runs
a website called www.sony-sambandh.com, targeting Non
85
sort sends out a clear message to all that the law cannot be
taken for a ride.
90
iii.
iv.
v.
92