Combating Cyber crimes- Combating Cyber crimes- Law & Law & Enforcement in IndiaEnforcement in India

Seminar on Information Technology Acts

Submitted to :Mr. Pranjal Bansal

BY:Vishal Soni4th year / 8th SemComputer Engineering08CE97

Introduction to Cyber Introduction to Cyber crimecrime Computer CrimeComputer Crime, , E-E-

CrimeCrime, , Hi-Tech CrimeHi-Tech Crime or or Electronic CrimeElectronic Crime is where is where a a computer is the target of is the target of a a crime or is the means or is the means adopted to commit a crime. adopted to commit a crime.

Most of these crimes are Most of these crimes are not new. Criminals simply not new. Criminals simply devise different ways to devise different ways to undertake standard undertake standard criminal activities such as criminal activities such as fraud, theft, blackmail, , theft, blackmail, forgery, and embezzlement forgery, and embezzlement using the new medium, using the new medium, often involving the Internet often involving the Internet

Computer vulnerabilityComputer vulnerability

Computers store huge amounts of data in small spacesComputers store huge amounts of data in small spaces Ease of accessEase of access Complexity of technologyComplexity of technology Human errorHuman error One of the key elements that keeps most members of any society honest is One of the key elements that keeps most members of any society honest is

fear of being caught — the deterrence factor. Cyberspace changes two of fear of being caught — the deterrence factor. Cyberspace changes two of those rules. First, it offers the criminal an opportunity of attacking his victims those rules. First, it offers the criminal an opportunity of attacking his victims from the remoteness of a different continent and secondly, the results of the from the remoteness of a different continent and secondly, the results of the crime are not immediately apparent.crime are not immediately apparent.

Need new laws and upgraded technology to combat cyber crimes Need new laws and upgraded technology to combat cyber crimes

Types of Cyber crimesTypes of Cyber crimes

Credit card fraudsCredit card frauds Cyber pornography Cyber pornography Sale of illegal articles-Sale of illegal articles-

narcotics, weapons, wildlifenarcotics, weapons, wildlife Online gamblingOnline gambling Intellectual Property crimes- Intellectual Property crimes-

software piracy, copyright software piracy, copyright infringement, trademarks infringement, trademarks violations, theft of computer violations, theft of computer source code source code

Email spoofingEmail spoofing ForgeryForgery DefamationDefamation Cyber stalking (section 509 Cyber stalking (section 509

IPC)IPC) Phising Phising Cyber terrorism Cyber terrorism

Crime against persons

Crime against Government

Crime against property

Computer VirusesComputer Viruses

VirusesViruses A computer virus is a A computer virus is a

computer program that computer program that can infect other can infect other computer programs by computer programs by modifying them in such modifying them in such a way as to include a a way as to include a (possibly evolved) copy (possibly evolved) copy of it. Note that a of it. Note that a program does not have program does not have to perform outright to perform outright damage (such as damage (such as deleting or corrupting deleting or corrupting files) in order to be files) in order to be called a "virus".called a "virus".

Viruses

File infectors

Boot record infectors

Boot and file

viruses

Cyber crimes

Hacking Information

TheftE-mail

bombingSalami attacks

Denial of Service attacks

Trojan attacks

Web jacking

Combating cyber Combating cyber crimescrimes Technological measures-Technological measures-

Public key cryptography, Public key cryptography, Digital signatures ,Firewalls, Digital signatures ,Firewalls, honey potshoney pots

Cyber investigation-Cyber investigation- Computer forensics is the Computer forensics is the process of identifying, process of identifying, preserving, analyzing and preserving, analyzing and presenting digital evidence in presenting digital evidence in a manner that is legally a manner that is legally acceptable in courts of law.acceptable in courts of law.

These rules of evidence These rules of evidence include admissibility (in include admissibility (in courts), authenticity (relation courts), authenticity (relation to incident), completeness, to incident), completeness, reliability and believability. reliability and believability.

Legal framework-laws & Legal framework-laws & enforcementenforcement

International International initiativesinitiatives Representatives from the 26 Representatives from the 26

Council of Europe members, the Council of Europe members, the United States, Canada, Japan and United States, Canada, Japan and South Africa in 2001 signed a South Africa in 2001 signed a convention on cybercrime in efforts convention on cybercrime in efforts to enhance international to enhance international cooperation in combating cooperation in combating computer-based crimes. computer-based crimes.

The The Convention on CybercrimeConvention on Cybercrime, , drawn up by experts of the Council drawn up by experts of the Council of Europe, is designed to coordinate of Europe, is designed to coordinate these countries' policies and laws these countries' policies and laws on penalties on crimes in on penalties on crimes in cyberspace, define the formula cyberspace, define the formula guaranteeing the efficient operation guaranteeing the efficient operation of the criminal and judicial of the criminal and judicial authorities, and establish an authorities, and establish an efficient mechanism for efficient mechanism for international cooperation. international cooperation.

In 1997, The In 1997, The G-8 MinistersG-8 Ministers agreed agreed to ten "Principles to Combat High-to ten "Principles to Combat High-Tech Crime" and an "Action Plan to Tech Crime" and an "Action Plan to Combat High-Tech CrimeCombat High-Tech Crime." ."

Main objectives-Main objectives- Create effective cyber Create effective cyber

crime laws crime laws Handle jurisdiction Handle jurisdiction

issues issues Cooperate in Cooperate in

international international investigations investigations

Develop acceptable Develop acceptable practices for search and practices for search and seizure seizure

Establish effective Establish effective public/private sector public/private sector interaction interaction

Frequency of incidents of Cyber crimes in India

Source: Survey conducted by ASCL

Denial of Service: Section 43

Virus: Section: 66, 43

Data Alteration: Sec. 66

U/A Access: Section 43

Email Abuse: Sec. 67, 500, Other IPC Sections

Data Theft: Sec 66, 65

99

10

No. of Indian web-sites defaced

4411002

2219

7039

0

1000

2000

3000

4000

5000

6000

7000

8000

1998 1999 2000 2001

11

Number of Indian sites hacked

Site of BARC-panic all around

0

6

12

25

0

5

10

15

20

25

1998 1999 2000 2001

2001 CSI/FBI Computer Crime and Security Survey

Of the organizations suffering security compromises in the last year – 95% had Firewalls and 61%had IDSs

981009896Anti-virus software

90929389Access Control

%%%%SECURITY TECHNOLOGIES USED

64626150Encrypted Files

95789181Firewalls

61504235Intrusion Detection Systems

2001200019991998

•False sense of security – “We already have a Firewall”

12

What is India inc’s What is India inc’s biggest threat?biggest threat? Cyber crime is now a bigger threat to India Inc Cyber crime is now a bigger threat to India Inc

than physical crime. In a recent survey by IBM, a than physical crime. In a recent survey by IBM, a greater number of companies (44%) listed cyber greater number of companies (44%) listed cyber crime as a bigger threat to their profitability than crime as a bigger threat to their profitability than physical crime (31%). physical crime (31%).

The cost of cyber crime stems primarily from loss The cost of cyber crime stems primarily from loss of revenue, loss of market capitalisation, damage of revenue, loss of market capitalisation, damage to the brand, and loss of customers, in that order. to the brand, and loss of customers, in that order.

About 67% local Chief Information Officers (CIOs) About 67% local Chief Information Officers (CIOs) who took part in the survey perceived cyber crime who took part in the survey perceived cyber crime as more costly, compared to the global as more costly, compared to the global benchmark of 50%. benchmark of 50%.

Combating Cyber crime-Combating Cyber crime-Indian legal frameworkIndian legal framework Information Technology Act, 2000-came into force on Information Technology Act, 2000-came into force on

17 October 200017 October 2000 Extends to whole of India and also applies to any Extends to whole of India and also applies to any

offence or contravention there under committed offence or contravention there under committed outside India by any person {section 1 (2)} outside India by any person {section 1 (2)}

read with Section 75- Act applies to offence or read with Section 75- Act applies to offence or contravention contravention committed outside Indiacommitted outside India by any person by any person irrespective of his nationality,irrespective of his nationality, if such act involves a if such act involves a computer, computer system or computer, computer system or network located in network located in IndiaIndia

Section 2 (1) (a) –”Access” means gaining entry Section 2 (1) (a) –”Access” means gaining entry into ,instructing or communicating with the logical, into ,instructing or communicating with the logical, arithmetic or memory function resources of a arithmetic or memory function resources of a computer, computer resource or networkcomputer, computer resource or network

IT Act confers legal recognition to electronic records IT Act confers legal recognition to electronic records and digital signatures (section 4,5 of the IT Act,2000) and digital signatures (section 4,5 of the IT Act,2000)

Civil Wrongs under IT Civil Wrongs under IT ActAct Chapter IX of IT Act, Section 43Chapter IX of IT Act, Section 43 Whoever Whoever without permissionwithout permission of owner of the of owner of the

computercomputer– Secures access (mere U/A access)Secures access (mere U/A access)

Not necessarily through a networkNot necessarily through a network– Downloads, copies, extracts any dataDownloads, copies, extracts any data– Introduces or causes to be introduced any viruses or Introduces or causes to be introduced any viruses or

contaminantcontaminant– Damages or causes to be damaged any computer resourceDamages or causes to be damaged any computer resource

Destroy, alter, delete, add, modify or rearrangeDestroy, alter, delete, add, modify or rearrange Change the format of a fileChange the format of a file

– Disrupts or causes disruption of any computer resourceDisrupts or causes disruption of any computer resource Preventing normal continuance ofPreventing normal continuance of

– Denies or causes denial of access by any Denies or causes denial of access by any meansmeans

Denial of service attacksDenial of service attacks

– Assists any person to do any thing aboveAssists any person to do any thing above Rogue Websites, Search Engines, Insiders Rogue Websites, Search Engines, Insiders

providing vulnerabilitiesproviding vulnerabilities

– Charges the services availed by a person to Charges the services availed by a person to the account of another person by tampering the account of another person by tampering or manipulating any computer resourceor manipulating any computer resource

Credit card frauds, Internet time theftsCredit card frauds, Internet time thefts

– Liable to pay damages not exceeding Rs. Liable to pay damages not exceeding Rs. One crore to the affected partyOne crore to the affected party

– Investigation byInvestigation by– ADJUDICATING OFFICERADJUDICATING OFFICER– Powers of a civil courtPowers of a civil court

Section 65: Source Section 65: Source CodeCode Most important asset of software companiesMost important asset of software companies ““Computer Source Code" means the listing Computer Source Code" means the listing

of programmes, computer commands, of programmes, computer commands, design and layoutdesign and layout

IngredientsIngredients– Knowledge or intention Knowledge or intention – Concealment, destruction, alterationConcealment, destruction, alteration– computer source code required to be kept or computer source code required to be kept or

maintained by lawmaintained by law PunishmentPunishment

– imprisonment up to three years and / orimprisonment up to three years and / or– fine up to Rs. 2 lakhfine up to Rs. 2 lakh

Section 66: Hacking

• Ingredients– Intention or Knowledge to cause wrongful loss

or damage to the public or any person– Destruction, deletion, alteration, diminishing

value or utility or injuriously affecting information residing in a computer resource

• Punishment– imprisonment up to three years, and / or – fine up to Rs. 2 lakh

• Cognizable, Non Bailable,

18

Section 66 covers data theft aswell as data alterationSection 66 covers data theft aswell as data alteration

Sec. 67. PornographySec. 67. Pornography IngredientsIngredients

– Publishing or transmitting or causing to be published Publishing or transmitting or causing to be published – in the electronic form, in the electronic form, – Obscene materialObscene material

PunishmentPunishment– On first convictionOn first conviction

imprisonment of either description up to five years and imprisonment of either description up to five years and fine up to Rs. 1 lakhfine up to Rs. 1 lakh

– On subsequent conviction On subsequent conviction imprisonment of either description up to ten years and imprisonment of either description up to ten years and fine up to Rs. 2 lakhfine up to Rs. 2 lakh

Section coversSection covers– Internet Service Providers,Internet Service Providers,– Search engines, Search engines, – Pornographic websitesPornographic websites

Cognizable, Non-Bailable, JMIC/ Court of SessionsCognizable, Non-Bailable, JMIC/ Court of Sessions

Sec 69: Decryption of Sec 69: Decryption of informationinformation IngredientsIngredients

– Controller issues order to Government agency to Controller issues order to Government agency to intercept any information transmitted through any intercept any information transmitted through any computer resource. computer resource.

– Order is issued in the interest of theOrder is issued in the interest of the sovereignty or integrity of India, sovereignty or integrity of India, the security of the State, the security of the State, friendly relations with foreign States, friendly relations with foreign States, public order or public order or preventing incitement for commission of a cognizable preventing incitement for commission of a cognizable

offenceoffence

– Person in charge of the computer resource fails to Person in charge of the computer resource fails to extend all facilities and technical assistance to extend all facilities and technical assistance to decrypt the information-punishment upto 7 years.decrypt the information-punishment upto 7 years.

Sec 70 Protected Sec 70 Protected SystemSystem IngredientsIngredients

– Securing unauthorised access or attempting to Securing unauthorised access or attempting to secure unauthorised accesssecure unauthorised access

– to ‘protected system’to ‘protected system’ Acts covered by this section:Acts covered by this section:

– Switching computer on / off Switching computer on / off – Using installed software / hardwareUsing installed software / hardware– Installing software / hardwareInstalling software / hardware– Port scanningPort scanning

PunishmentPunishment– Imprisonment up to 10 years and fineImprisonment up to 10 years and fine

Cognizable, Non-Bailable, Court of SessionsCognizable, Non-Bailable, Court of Sessions

Cyber crimes Cyber crimes punishable under punishable under various Indian lawsvarious Indian laws Sending pornographic or obscene emails are punishable under Section 67 of the

IT Act.

An offence under this section is punishable on first conviction with imprisonment for a term, which may extend to five years and with fine, which may extend to One lakh rupees.

In the event of a second or subsequent conviction the recommended

punishment is imprisonment for a term, which may extend to ten years and also with fine which may extend to Two lakh rupees.

Emails that are defamatory in nature are punishable under Section 500 of the Indian Penal Code (IPC), which recommends an imprisonment of upto two years or a fine or both.

Threatening emails are punishable under the provisions of the IPC pertaining to criminal intimidation, insult and annoyance (Chapter XXII), extortion (Chapter XVII)

Email spoofingEmail spoofing is covered under provisions of the IPC relating tofraud, cheating by personation (Chapter XVII), forgery (Chapter XVIII)

Arms ActOnline sale of Arms

Sec. 383 IPCWeb-Jacking

NDPS ActOnline sale of Drugs

Sec 416, 417, 463 IPCEmail spoofing

Sec 420 IPCBogus websites, cyber frauds

Sec 463, 470, 471 IPCForgery of electronic records

Sec 499, 500 IPCSending defamatory messages by email

Sec 503 IPC Sending threatening messages by email

Computer Related Crimes under IPC and Special Laws

23

Better Enforcement Better Enforcement initiatives initiatives Mumbai Cyber lab is a joint initiative of Mumbai police Mumbai Cyber lab is a joint initiative of Mumbai police

and NASSCOM –more exchange and coordination of this and NASSCOM –more exchange and coordination of this kindkind

Suggested amendments to the IT Act,2000-new Suggested amendments to the IT Act,2000-new provisions for child pornography, etcprovisions for child pornography, etc

More Public awareness campaignsMore Public awareness campaigns Training of police officers to effectively combat cyber Training of police officers to effectively combat cyber

crimescrimes More Cyber crime police cells set up across the countryMore Cyber crime police cells set up across the country Effective E-surveillance Effective E-surveillance Websites aid in creating awareness and encouraging Websites aid in creating awareness and encouraging

reporting of cyber crime cases.reporting of cyber crime cases. Specialised Training of forensic investigators and experts Specialised Training of forensic investigators and experts Active coordination between police and other law Active coordination between police and other law

enforcement agencies and authorities is required.enforcement agencies and authorities is required.