Introduction

Cyber security

DEFINITION OF CYBER SECURITY

Cyber security refers to the body of technologies, processes, and practices designed to
protect networks, devices, programs, and data from attack, damage, or unauthorized
access. Cyber security may also be referred to as information technology security.

THE IMPORTANCE OF CYBER SECURITY

Cyber security is important because government, military, corporate,

financial, and medical organizations collect, process, and store
unprecedented amounts of data on computers and other devices. A
significant portion of that data can be sensitive information, whether that be
intellectual property, financial data, personal information, or other types of
data for which unauthorized access or exposure could have negative
consequences. Organizations transmit sensitive data across networks and
to other devices in the course of doing businesses, and cyber security
describes the discipline dedicated to protecting that information and the
systems used to process or store it. As the volume and sophistication of
cyber attacks grow, companies and organizations, especially those that are
tasked with safeguarding information relating to national security, health, or
financial records, need to take steps to protect their sensitive business and
personnel information.

1
 • The abuse of computers has also given birth to a gamut of new age
crimes that are addressed by the Information Technology Act,
2000.
• The Computer as a Target :-using a computer to attack other
computers.
e.g. Hacking, Virus attacks, DOS attack etc.
• The computer as a weapon: using a computer to commit real world
crimes.
e.g. Cyber Terrorism, IPR violations, Credit card frauds, Pornography

 Cyberlaw
• Cyber law (also referred to as cyberlaw) is a term used to describe
the legal issues related to use of communications technology,
particularly "cyberspace", i.e. the Internet
• Cyberlaw is important because it touches almost all aspects of
transactions and activities on and concerning the Internet, the World
Wide Web and Cyberspace.
• Yes, Cyberlaw does concern you. As the nature of Internet is
changing and this new medium is being seen as the ultimate medium
ever evolved in human history, every activity of yours in Cyberspace
can and will have a Cyberlegal perspective.

Different types of cyber crimes have different

punishments in India
Types of Cybercrime
DDoS Attacks

These are used to make an online service unavailable and take the
network down by overwhelming the site with traffic from a variety of
sources. Large networks of infected devices known as Botnets are created
by depositing malware on users’ computers. The hacker then hacks into
the system once the network is down.

Botnets

Botnets are networks from compromised computers that are controlled

externally by remote hackers. The remote hackers then send spam or

2
attack other computers through these botnets. Botnets can also be used to
act as malware and perform malicious tasks.

Identity Theft

This cybercrime occurs when a criminal gains access to a user’s personal

information to steal funds, access confidential information, or participate in
tax or health insurance fraud. They can also open a phone/internet account
in your name, use your name to plan a criminal activity and claim
government benefits in your name. They may do this by finding out user’s
passwords through hacking, retrieving personal information from social
media, or sending phishing emails.

Social Engineering

Social engineering involves criminals making direct contact with you usually
by phone or email. They want to gain your confidence and usually pose as
a customer service agent so you’ll give the necessary information needed.
This is typically a password, the company you work for, or bank
information. Cybercriminals will find out what they can about you on the
internet and then attempt to add you as a friend on social accounts. Once
they gain access to an account, they can sell your information or secure
accounts in your name.

PUPs

PUPS or Potentially Unwanted Programs are less threatening than other

cybercrimes, but are a type of malware. They uninstall necessary software
in your system including search engines and pre-downloaded apps. They
can include spyware or adware, so it’s a good idea to install
an antivirus software to avoid the malicious download.

Phishing

This type of attack involves hackers sending malicious email attachments

or URLs to users to gain access to their accounts or computer.
Cybercriminals are becoming more established and many of these emails
are not flagged as spam. Users are tricked into emails claiming they need
to change their password or update their billing information, giving criminals
access.

3
Prohibited/Illegal Content

This cybercrime involves criminals sharing and distributing inappropriate

content that can be considered highly distressing and offensive. Offensive
content can include, but is not limited to, sexual activity between adults,
videos with intense violent and videos of criminal activity. Illegal content
includes materials advocating terrorism-related acts and child exploitation
material. This type of content exists both on the everyday internet and on
the dark web, an anonymous network.

Online Scams

These are usually in the form of ads or spam emails that include promises
of rewards or offers of unrealistic amounts of money. Online scams include
enticing offers that are “too good to be true” and when clicked on can cause
malware to interfere and compromise information.

Exploit Kits

Exploit kits need a vulnerability (bug in the code of a software) in order to

gain control of a user’s computer. They are readymade tools criminals can
buy online and use against anyone with a computer. The exploit kits are
upgraded regularly similar to normal software and are available on dark
web hacking forums.

Information Technology Act 2000

• The Information Technology Act, 2000 (also known as ITA-2000, or
the IT Act) is an Act of the Indian Parliament (No 21 of 2000) notified
on 17 October 2000. It is the primary law in India dealing
with cybercrime and electronic commerce. It is based on
the UNCITRAL Model Law on International Commercial
Arbitration recommended by the General Assembly of United Nations
by a resolution dated 30 January 1997.
• The original Act contained 94 sections, divided into 13 chapters and
4 schedules. The laws apply to the whole of India. Persons of other
nationalities can also be indicted under the law, if the crime involves a
computer or network located in India.

4
 • The Act provides a legal framework for electronic governance by
giving recognition to electronic records and digital signatures. It also
defines cyber crimes and prescribes penalties for them. The Act
directed the formation of a Controller of Certifying Authorities to
regulate the issuance of digital signatures. It also established a Cyber
Appellate Tribunal to resolve disputes rising from this new law.[3]The
Act also amended various sections of the Indian Penal Code, 1860,
the Indian, 1872, the Banker's Book Evidence Act, 1891, and
the Reserve Bank of India Act, 1934 to make them compliant with
new technologies.

An IT Act is a cyber security law introduced to secure cyberspace, the

Information Technology Law was amended under;
 the Indian Penal Code
 The Indian Evidence Act
 The Banker’s Book Evidence Act
 The Reserve Bank of India

Section Offence Description Penalty

If a person knowingly conceals,
destroys or alters or intentionally
or causes another to conceal,
Tampering with destroy or alter any computer Imprisonment up to
65 computer source source code used for a computer, three years, or/and with
documents when the computer source code fine up to ₹200,000
is required to be kept or
maintained by law for the time
being in force.
If a person with the intent to
cause damage to the public or
any person destroys or deletes or
Imprisonment up to
Hacking with alters any information residing in
66 three years, or/and with
computer system a computer resource or
fine up to ₹500,000
diminishes its value or utility or
affects it injuriously by any
means, commits hack.
A person receives or retains a
Receiving stolen
computer resource or Imprisonment up to
computer or
66B communication device which is three years, or/and with
communication
known to be stolen or the person fine up to ₹100,000
device
has reason to believe is stolen.

5
 A person fraudulently uses the
Imprisonment up to
Using password of password, digital signature or
66C three years, or/and with
another person other unique identification of
fine up to ₹100,000
another person.
If a person cheats someone Imprisonment up to
Cheating using
66D using a computer resource or three years, or/and with
computer resource
communication. fine up to ₹100,000
If a person captures, transmits or
Imprisonment up to
Publishing private publishes images of a person's
66E three years, or/and with
images of others private parts without his/her
fine up to ₹200,000
consent or knowledge.
If a person denies access to
authorised personnel to a
computer resource, accesses a
protected system or introduces
Acts
66F contaminant into a system, with Imprisonment up to life.
of cyberterrorism
the intention of threatening the
unity, integrity, sovereignty or
security of India, then he commits
cyberterrorism.
If a person publishes or transmits
or causes to be published in the
Publishing
electronic form, any material Imprisonment up to five
information which
67 which is lascivious or appeals to years, or/and with fine
is obscene in
the prurient interest or if its effect up to ₹1,000,000
electronic form.
is such as to tend to deprave and
corrupt persons
Imprisonment up to
Publishing images If a person publishes or transmits
seven years, or/and
67A containing sexual images containing a sexual
with fine up
acts explicit act or conduct.
to ₹1,000,000
Imprisonment up to five
years, or/and with fine
If a person captures, publishes or
up to ₹1,000,000 on
transmits images of a child in a
Publishing child first conviction.
sexually explicit act or conduct. If
67B porn or predating Imprisonment up to
a person induces a child into a
children online seven years, or/and
sexual act. A child is defined as
with fine up
anyone under 18.
to ₹1,000,000 on
second conviction.
Persons deemed as intermediary
Imprisonment up to
Failure to maintain (such as an ISP) must maintain
67C three years, or/and with
records required records for stipulated
fine.
time. Failure is an offence.
The appropriate Government
Securing access or Imprisonment up to ten
70 may, by notification in the Official
attempting to secure years, or/and with fine.
Gazette, declare that any

6
 access to a computer, computer system or
protected system computer network to be a
protected system.
The appropriate Government
may, by order in writing,
authorise the persons who are
authorised to access protected
systems. If a person who secures
access or attempts to secure
access to a protected system,
then he is committing an offence.
If anyone makes any
misrepresentation to, or
suppresses any material fact Imprisonment up to
71 Misrepresentation from, the Controller or the three years, or/and with
Certifying Authority for obtaining fine up to ₹100,000
any license or Digital Signature
Certificate.

• The IT Act 2000 attempts to change outdated laws and provides ways to
deal with cyber crimes. We need such laws so that people can perform
purchase transactions over the Net through credit cards without fear of
misuse
• The IT Act 2000 attempts to change outdated laws and provides ways
to deal with cyber crimes. We need such laws so that people can
perform purchase transactions over the Net through credit cards without
fear of misuse.
• From the perspective of e-commerce in India, the IT Act 2000 and its
provisions contain many positive aspects. Firstly, the implications of
these provisions for the e-businesses would be that email would now be
a valid and legal form of communication in our country that can be duly
produced and approved in a court of law.
• Companies shall now be able to carry out electronic commerce using
the legal infrastructure provided by the Act.
• Digital signatures have been given legal validity and sanction in the Act.

Listed below are some common cyber-crime scenarios which

can attract prosecution as per the penalties and offences
prescribed in the IT Act 2000 (amended via 2008) Act:

1) Harassment via fake public profile on social networking site: A fake

profile of a person is created on a social networking site with the correct

7
address, residential information or contact details but they are labelled as a
‘prostitute’ or a person of ‘loose character’. This leads to harassment of the
victim.
Provisions applicable: Sections 66A, 67 of IT Act and Section 509 of the
Indian Penal Code.
2) Online hate community: Online hate community is created inciting a
religious group to act or pass objectionable remarks against a country,
national figures etc.
Provisions applicable: Section 66A of IT Act and 153A & 153B of the Indian
Penal Code.
3) Email account hacking: If victim’s email account is hacked and
obscene emails are sent to people in victim’s address book.
Provisions applicable: Sections 43, 66, 66A, 66C, 67, 67A and 67B of IT
Act.
4) Credit card fraud: Unsuspecting victims would use infected computers
to make online transactions.
Provisions applicable: Sections 43, 66, 66C, 66D of IT Act and section 420
of the IPC.
5) Introducing viruses, bugs: All of the above are some sort of malicious
programs which are used to destroy or gain access to some electronic
information.
Provisions applicable: Sections 43, 66, 66A of IT Act and Section 426 of
Indian Penal Code.
6) Cyber terrorism: Many terrorists are using virtual (G-Drive, FTP sites)
and physical storage media (USB’s, hard drives) for hiding information and
records of their illicit business.
Provisions applicable: Conventional terrorism laws may apply along with
Section 69 of IT Act.
7) Online sale of illegal articles: Applicable when the sale of narcotics,
drugs weapons and wildlife is facilitated by the internet.
Provisions applicable: Generally conventional laws apply in these cases.
8) Cyber pornography: This is among the largest businesses on the
internet. Pornography may not be illegal in many countries, but child
pornography is.
Provisions applicable: Sections 67, 67A and 67B of the IT Act.
9) Phishing and email scams: Phishing involves fraudulently acquiring
sensitive information through masquerading as a trusted entity. (E.g.
Passwords, credit card information)
Provisions Applicable: Section 66, 66A and 66D of IT Act and Section 420
of IPC

8
10) Theft of confidential information: Many business organizations store
their confidential information in computer systems. This information is
targeted by rivals, criminals and disgruntled employees.
Provisions applicable: Sections 43, 66, 66B of IT Act and Section 426 of
Indian Penal Code.

 Shreya Singhal v. Union of India

• It is a judgement by a two-judge bench of the Supreme Court of

India in 2015, on the issue of online speech and intermediary liability
in India. The Supreme Court struck down Section 66A of
the Information Technology Act, 2000, relating to restrictions on
online speech, as unconstitutional on grounds of violating the
freedom of speech guaranteed under Article 19(1)(a) of
the Constitution of India.
• Section 66A of the Information Technology Act, made it a punishable
offence for any person to "send, by means of a computer resource or
a communication device,
(a) any information that is grossly offensive or has menacing
character; or
(b) any information which he knows to be false, but for the purpose
of causing annoyance, inconvenience, danger, obstruction, insult,
injury, criminal intimidation, enmity, hatred or ill will, persistently by
making use of such computer resource or a communication
device.
(c) any electronic mail or electronic mail message for the purpose
of causing annoyance or inconvenience or to deceive or to
mislead the addressee or recipient about the origin of such
messages,“
• The vague and arbitrary terms used in the Section led to much
misuse of both personal and political nature, with several criminal
cases being instituted against innocuous instances of online speech,
including political commentary and humour.

Section 66A Case

9
  The latest case is from Guntur in Andhra Pradesh, where a man was
arrested by the police for impersonating a woman on a dating app
called Locanto, and asking people for money. After being scammed
on Locanto himself, the accused, Veeramreddy Suman Reddy (29)
had decided to use the same app and methods to meet people and
ask for money, and allegedly cheated 507 people of Rs. 21.58 lakh.
While Reddy was booked under Section 420 (cheating), the police
also registered a case under Section 66A of the IT Act (misleading
people through electronic communication).
• The patently illegal use of Section 66A of the Act is not dissimilar
from the current moment in which banks and private companies
continue to demand Aadhaar numbers from citizens, despite being
expressly forbidden from doing so by the Supreme Court last month.
• The patently illegal use of Section 66A of the Act is not dissimilar
from the current moment in which banks and private companies
continue to demand Aadhaar numbers from citizens, despite being
expressly forbidden from doing so by the Supreme Court last month.
• “See, the law doesn't change just because the Supreme Court says
something," said Praveen Kumar Sinha, IGP and commissioner of
police, Jalandhar

What Happens To The People Arrested For

Insulting Modi?

• A friend Whatsapped Mudassir Rana a meme as he browsed through

his phone over lunch one afternoon in October 2016. Rana shared it
on Facebook without comment. Next evening, there was a knock on
his door. It was the police. Mudassir Rana, the owner of a school in
Sardhana, Uttar Pradesh, was under arrest.
• His crime was his Facebook post: a cartoonish illustration of the faces
of Prime Minister Narendra Modi, Rashritya Swayamsevak Sangh
(RSS) chief Mohan Bhagwat, and several ministers of the ruling BJP,
depicted as the ten heads of Ravan.
• Prime Minister Modi has himself claimed that he welcomed
criticism in a statement in London. But citizens are living in fear as
they might get arrested if they forward a message that is against
Modi.

10
• The next day, a local journalist called Rana to warn him that an FIR
had been lodged against him. A few hours later, an interlocutor
informed Rana that the Bajrang Dal wanted him to come to their
office.
• "They told the common friend that I had to go down on my knees, lie
prostrate and beg for their forgiveness," Rana said. "I was ready to
say sorry, but I was not okay with being humiliated like that.“
• That was the night police arrived at his doorstep and took him to the
police station. He was charged under Section 153-A of IPC for
'promoting disharmony’.
• The next morning, Rana's lawyer posted bail and he was released.
• Since then, Rana says, many Hindu families, who empathize with
Hindu far-right organizations in Sardhana, have distanced themselves
from him.
• Rana was planning to travel abroad for his son's higher studies, but
the family has shelved the plans as getting visas and passports could
get complicated.
• Rana is just one of dozens of Indians arrested for sharing memes,
cartoons, and messages criticizing Modi since his government swept
to power in 2014.
• Over the past four years, news reports of arrests for insulting Modi
have appeared with alarming regularity. The arrested
include teachers, students, businessmen, auto-rickshaw drivers, and
members of the police and paramilitary forces.

Cyber crimes in India: CERT report

 Indeed, a lot of Indian websites have been attacked by the hackers
sitting in each part of the globe. Indian Computer Emergency
Response (CERT-In) has recently released some shocking details.
 According to the report, China has made the highest number of
attacks on the official websites of India. CERT has found that 35 per
cent of intruding activities on Indian cyberspace are from China.
The United States of America: 17 per cent
Russia: 15 per cent
Pakistan: 9 per cent
Canada: 7 per cent
Germany: 5 per cent
Netherlands: 4 per cent
North Korea and France: 2 per cent (each)

11
 Others: 4 per cent
 Cyber law experts, meanwhile, feel the low detection of cyber crimes
is also due to lack of technical knowledge among the police staff and
that there should be more training centres and courses so that they
can upgrade themselves.
 They cite the infamous Blue Whale Challenge, and stress that
parents need to be aware of what games their children play in the
virtual world. (Blue Whale Challenge, created by 21-year-old Russian
Phillip Budeikin, has claimed an estimated 130 lives across the world
during 2015-2016, according to recent reports.
 More than 86 per cent of the mobile apps targeted towards children
are not safe. Lack of consent, excessive permissions and needless
privacy-intrusive features like in-app ads and purchase options make
children’s apps unsafe, says the study titled “State of Privacy of
Indian Apps and Websites - 2018.”

Conclusion
Types of Cyber Fraud to be Aware of:
 Social Engineering – A hacker may dig through your social media
accounts to get your personal information to crack your online
banking password
 Phishing – Fraudsters try to extract sensitive information such as
personal details like bank account number and password by sending
fake emails.
 SIM Cloning – This has come out after OTP became mandatory for
banking and card transactions. The fraudster gets hold of your
account details and identity proof to get a duplicate SIM after getting
the original SIM deactivated.
 ATM Skimming - For obtaining the pin, the fraudster places a
camera which focuses on the keypad or uses a fake keypad.
 Card Cloning - When you leave your card attended in the hands of a
stranger, the stranger just has to swipe the card for the skimming
device to capture all the data. The fraudster just needs to note down
your CVV number.

12
 Vishing – Scamsters dial an individual posing as a bank
representative and weave a web of deceit to extract card details.

 The world we were living in earlier and we are living in

now is totally different. So we just want to remind you
that you need to be extremely careful no matter where
you are and what you do. Because even a slight of
carelessness in today’s generation can land you in big
trouble and you will not even have an idea about it.

13