Download Introduction to Cyber Crimes and more Lecture notes Cyberlaw and Internet Law in PDF only on Docsity!
Cyber Crimes and Cyber Laws
“Technology... is a queer thing. It brings you great gifts on one side and it stabs you in the
back on the other. As the technology advances, risk too advances.”
In short and simple words every coin has two sides, and importantly both faces are opposite
to each other. No doubt that our technological power increase but multiple side effects and
hazards also escalate.
Someone has withdrew 1000 rupees from his PNB ATM card today, but balance deducted
was 6000 buck, how is this possible? On enquiry, it was informed that he is a victim of a
cyber crime.
What is Cyber Crime?
Cyber Crime is the outcome of our high dependence on the Cyberspace or so called the
Internet world. Cyber Crimes are unlawful/illegal acts where the computer is used either as a
tool or a target or both. First cyber crime reported was in the year 1820.The enormous growth
in electronic commerce (e-commerce) and online share trading has led to a phenomenal spurt
in incidents of cyber crime.
As per 2015 CBS report the statistics are a look into hell it will make you to think again
about security over internet, it has been determined to have 1.5 million Cyber Attacks per
year, which means there are over 4000 cyber Attacks every day,170 attacks every hour or
nearly three attacks every minute. IBM estimates there are an average of 16,856 times a year
Businesses are getting targeted. That means 46 attacks a Business has to deal every day –or
nearly two attacks in an hour.
The actual or major cause of Cyber Crime is WE ourselves. We are not that much careful as
it is required and hackers do get the benefit from our careless behavior. We ignore to keep
security software, we do not logout after every session, we are unaware about our security
and privacy settings and keep on sharing our personal photos and other details in public
network or open unknown E- mails click on the links given in those emails, which throws us
to the web of hackers, viruses, Trojans etc.
How it is done?
General Threats
Normal or General Threats are those which are not been recognized proactively and they
silently come to our organization and affect it. It can further categorized as below-
• Unauthorized Access
• Data Theft
• Hacking
Unauthorized Access
In this case the attacker mostly an outsider, is linked to a different network and then the
Organization’s network and then breached the security and can access the information stored
in the Organization’s network.
It can have huge impact on Company’s reputation moreover the confidential information can
be misused in many ways.
Data Theft
Here an attacker illegally tries to obtain or steal the user’s credentials to get access of the
Organization’s information by authenticating himself as a privileged user to the
Organization’s server. The credentials of a user can be stolen by internals users, friends and
colleagues and by using various applications such as malware installed on the system. These
applications are designed in such a way that they can gather the information from the
machine where it is installed and then send back that information to the attacker.
Hacking
A hacking is technique by which someone usually called as Hacker seeks and exploits the
weakness of a computer system. Hacker uses various techniques like Brute force attack,
Password Cracking, Packet analyzing, Phishing etc. Hackers are technically sound and
skilled programmers and they use these techniques for malicious reasons.
Social Engineering
As we know that 100% security is a myth, different security policies and vulnerability checks
can provide protection only up to certain limits. The most critical part of security of any
system is its users, they trust each other and share their personal data and often adopts a
careless approach. An attacker takes the benefit of this tendency of users and collects
valuable information.
Various communication Medias are used here like telephone, Emails, Internet.
Telephone is the cheapest way to manipulate people. Suppose somebody got a call from a
person and that person pretends himself to be a banker and asks for customer’s secret
information like ATM number, Pin code etc. to verify the details in the system. The customer
who is not proactive and unaware of these things will share these details and can become a
victim of Cyber Crime.
In Case Of Emails , suppose a social engineer broadcasted an invitation email to multiple
users to participate in a contest to get prizes where users need to fill a form asking for their
personal information including user name and password. The user who will not understand
their trick may become victim of Cyber Crime.
Same trick can be used by creating a website where user needs to fill a form which asks about
their personal information.
Network Level Threat
Above were the Normal level threats but there are Network level attacks too where attacker
breaches the Network Security and gains access to the information of the Organization. It can
be done in following ways-
IP Spoofing Attack -Here the attacker tries to breach the security by a fake IP address and
gets access to the target machine it enables hacker to access the confidential information.
Denial Of Service Attack (DoS)- Here attacker send various Spam emails to the servers so
that it stops responding after a certain time period even to the legitimate requests because of
high bandwidth consumption , in this way this attack disables the system which provides the
service.
Man in Middle Attack- Here the attacker tries to access the network between two legitimate
machines and gains the information from first user and sends the tampered information to the
receiver. In this way he gets control on the communication of both sides of legitimate users.
Precautions and Countermeasures-
We can adopt a proactive approach and can reduce the possibility of getting hacked.
1. Being alert is the first step to be secure and keep an eye on all the undesired or
uncommon activities happening around.
2. A password policy should be there in the organization, our passwords should be
difficult and hard to guess and it should be changed monthly or quarterly.
to be done.
Information technology is affecting us as individual and as a society. Information technology stands firmly on hardware and software of a computer and tele-communication infrastructure. But this is only one facet of the information Technology, today the other facets are the challenges for the whole world like cyber crimes and more over cyber terrorism. When Internet was first developed, the founding fathers hardly had any inkling that internet could transform itself into an all pervading revolution which could be misused for criminal activities and which required regulations. With the emergence of the technology the misuse of the technology has also expanded to its optimum level the examples of it are:
- Cyber stalking
- Cyber harassment
- Cyber fraud
- Cyber defamation
- Spam
- Hacking
- Trafficking
- Distribution
- Posting and dissemination of obscene material including pornography,
- Indecent exposure and child pornography etc.
The misuse of the technology has created the need of the enactment and implementation of the cyber laws but whether this cyber laws are capable to control the cyber crime activities, the question requires the at most attention.
Cyber Crimes and Cyber terrorism: “Is the Internet the new “Wild Wild West?” There can be no one exhaustive definition about Cybercrime. However, any activities which basically offend human sensibilities, can also be included in its ambit. Child Pornography on the Internet constitutes one serious Cybercrime. Similarly, online pedophiles, using internet to induce minor children into sex, are as much Cyber criminals as any other.
“Cyber terrorism is the premeditated, politically motivated attack against information, computer systems, computer programs, and data which result in violence against property, government and people at large.”
In the era of globalization: the use of steganography[1] as a means for communicating the terrorist design online – Red Fort case, E-mail threats in Taj Mahal Case, Supreme Court E mail Threat Case. The use of internet to plan and carry out the terrorists’ acts of September 11th – World Trade Center attack, reflects the present condition and provides the answer to the question that “Is the internet the new Wild Wild West?”
Forms of Cyber Terrorism:[2]
(I) Privacy violation: The law of privacy is the recognition of the individual's right to be let alone and to have his personal space inviolate. The right to privacy as an independent and distinctive concept originated in the field of Tort law, under which a new cause of action for damages resulting from unlawful invasion of privacy was recognized. In recent times, however, this right has acquired a constitutional status, the violation of which attracts both civil as well as criminal consequences under the respective laws. The
intensity and complexity of life have rendered necessary some retreat from the world. Man under the refining influence of culture, has become sensitive to publicity, so that solitude and privacy have become essential to the individual. Modern enterprise and invention have, through invasions upon his privacy, subjected him to mental pain and distress, far greater than could be inflicted by mere bodily injury. Right to privacy is a part of the right to life and personal liberty enshrined under Article 21 of the Constitution of India. With the advent of information technology the traditional concept of right to privacy has taken new dimensions, which require a different legal outlook. To meet this challenge recourse of Information Technology Act, 2000 can be taken. The various provisions of the Act aptly protect the online privacy rights of the citizens. Certain acts have been categorized as offences and contraventions, which have tendency to intrude with the privacy rights of the citizens.
(II) Secret information appropriation and data theft: The information technology can be misused for appropriating the valuable Government secrets and data of private individuals and the Government and its agencies. A computer network owned by the Government may contain valuable information concerning defense and other top secrets, which the Government will not wish to share otherwise. The same can be targeted by the terrorists to facilitate their activities, including destruction of property. It must be noted that the definition of property is not restricted to moveables or immoveables alone.
In R.K. Dalmia v Delhi Administration the Supreme Court held that the word "property" is used in the I.P.C in a much wider sense than the expression "movable property". There is no good reason to restrict the meaning of the word "property" to moveable property only, when it is used without any qualification. Whether the offence defined in a particular section of IPC can be committed in respect of any particular kind of property, will depend not on the interpretation of the word "property" but on the fact whether that particular kind of property can be subject to the acts covered by that section.
(III) Demolition of e-governance base: The aim of e-governance is to make the interaction of the citizens with the government offices hassle free and to share information in a free and transparent manner. It further makes the right to information a meaningful reality. In a democracy, people govern themselves and they cannot govern themselves properly unless they are aware of social, political, economic and other issues confronting them. To enable them to make a proper judgment on those issues, they must have the benefit of a range of opinions on those issues. Right to receive and impart information is implicit in free speech. This, right to receive information is, however, not absolute but is subject to reasonable restrictions which may be imposed by the Government in public interest.
(IV) Distributed denial of services attack: The cyber terrorists may also use the method of distributed denial of services (DDOS) to overburden the Government and its agencies electronic bases. This is made possible by first infecting several unprotected computers by way of virus attacks and then taking control of them. Once control is obtained, they can be manipulated from any locality by the terrorists. These infected computers are then made to send information or demand in such a large number that the server of the victim collapses. Further, due to this unnecessary Internet traffic the legitimate traffic is prohibited from reaching the Government or its agencies computers. This results in immense pecuniary and strategic loss to the government and its agencies.
It must be noted that thousands of compromised computers can be used to simultaneously attack a
defined in the IT Act, 2000 are by no means exhaustive. However, the drafting of the relevant provisions of the IT Act, 2000 makes it appear as if the offences detailed therein are the only cyber offences possible and existing. The IT Act, 2000 does not cove various kinds of cyber crimes and Internet related crimes.
These Include:- a) Theft of Internet hours b) Cyber theft c) Cyber stalking d) Cyber harassment e) Cyber defamation f) Cyber fraud g) Misuse of credit card numbers h) Chat room abuse
- The IT Act, 2000 has not tackled several vital issues pertaining to e-commerce sphere like privacy and content regulation to name a few. Privacy issues have not been touched at all.
- Another grey area of the IT Act is that the same does not touch upon any anti- trust issues.
- The most serious concern about the Indian Cyber law relates to its implementation. The IT Act, 2000 does not lay down parameters for its implementation. Also, when internet penetration in India is extremely low and government and police officials, in general are not very computer savvy, the new Indian cyber law raises more questions than it answers. It seems that the Parliament would be required to amend the IT Act, 2000 to remove the grey areas mentioned above.
Conclusion: The new legislation which can cover all the aspects of the Cyber Crimes should be passed so the grey areas of the law can be removed. The recent blasts in Ahmedabad, Bangalore and Delhi reflects the threat to the mankind by the cyber space activities against this I personally believes that only the technology and its wide expansion can give strong fight to the problems. The software’s are easily available for download should be restricted by the Government by appropriate actions. New amendment should be including to the IT Act, 2000 to make it efficient and active against the crimes. The training and public awareness programs should be organized in the Companies as well as in common sectors. The number of the cyber cops in India should be increased. The jurisdiction problem is there in the implementation part which should be removed because the cyber criminals does not have any jurisdiction limit then why do the laws have, after all they laws are there, to punish the criminal but present scenario gives them the chance to escape.
