CONTENTS

Sr No Particular Page No
1 Introduction to Cyber Law 1-2
2 Information Technology CT 2!!! "-#
" Cyber Crime $-%
# Ty&e' of Crime (-)
$ Cyber Criminal *-1!
% Indian Ca'e Study 11-12
( Conclu'ion 1"
Introduction to Cyber Law
Cyber Law is the law governing cyber space. Cyber space is a very wide term and
includes computers, networks, software, data storage devices (such as hard disks, USB
disks etc, the !nternet, websites, emails and even electronic devices such as cell phones,
"#$ machines etc.
Cyber crimes can involve criminal activities that are traditional in nature, such as theft,
fraud, forgery, defamation and mischief, all of which are sub%ect to the !ndian &enal Code.
#he abuse of computers has also given birth to a gamut of new age crimes that are
addressed by the !nformation #echnology "ct, '(((.
#he e)pression *Crime+ is defined as an act, which sub%ects the doer to legal punishment
or any offence against morality, social order or any un%ust or shameful act. #he ,-ffence.
is defined in the Code of Criminal
&rocedure to mean as an act or omission made punishable by any law for the time being in
force.
!t+s an unlawful act wherein the computer is either a tool or a target or both.
"cts that are punishable by the !nformation #echnology "ct.
Cyber space is a virtual space that has become as important as real space for
business, politics, and communities .
Cyber Crime is emerging as a serious threat. /orld wide governments, police
departments and intelligence units have started to react.
Cyber Crime is a term used to broadly describe criminal activity in which computers or
computer networks are a tool, a target, or a place of criminal activity and include
everything from electronic cracking to denial of service attacks. !t is also used to include
traditional crimes in which computers or networks are used to enable the illicit activity.
Computer crime mainly consists of unauthori0ed access to computer systems data
alteration, data destruction, theft of intellectual property. Cyber crime in the conte)t of
national security may involve hacking, traditional espionage, or information warfare and
related activities.
1&ornography, #hreatening 2mail, "ssuming someone3s !dentity, Se)ual 4arassment,
5efamation, Spam and &hishing are some e)amples where computers are used to commit
crime, whereas 6iruses, /orms and !ndustrial 2spionage, Software &iracy and 4acking
are e)amples where computers become target of crime.
#he !nternet in !ndia is growing rapidly. !t has given rise to new opportunities in every
field we can think of 7 be it entertainment, business, sports or education. #here are two
sides to a coin. !nternet also has its own disadvantages. -ne of the ma%or disadvantages is
Cybercrime 7 illegal activity committed on the !nternet. #he !nternet, along with its
advantages, has also e)posed us to security risks that come with connecting to a large
network. Computers today are being misused for illegal activities like e8mail espionage,
credit card fraud, spams, and software piracy and so on, which invade our privacy and
offend our senses. Criminal activities in the cyberspace are on the rise.
+The modern thief can 'teal more with a com&uter than with a gun, Tomorrow-'
terrori't may be able to do more damage with a .ey board than with a bomb+,
Until recently, many information technology (!# professionals lacked awareness of an
interest in the cyber crime phenomenon. !n many cases, law enforcement officers have
lacked the tools needed to tackle the problem9 old laws didn+t :uite fit the crimes being
committed, new laws hadn+t :uite caught up to the reality of what was happening, and
there were few court precedents to look to for guidance; <urthermore, debates over
privacy issues hampered the ability of enforcement agents to gather the evidence needed
to prosecute these new cases. <inally, there was a certain amount of antipathy=or at the
least, distrust= between the two most important players in any effective fight against
cyber crime> law enforcement agencies and computer professionals. ?et close cooperation
between the two is crucial if we are to control the cyber crime problem and make the
!nternet a safe ,place@ for its users.
'
1. Information Technology ct 2!!!
Connectivity via the !nternet has greatly abridged geographical distances and made
communication even more rapid. /hile activities in this limitless new universe are
increasing incessantly, laws must be formulated to monitor these activities. Some
countries have been rather vigilant and formed some laws governing the net. !n order to
keep pace with the changing generation, the !ndian &arliament passed the much8awaited
!nformation #echnology "ct, '((( ."s they say,
+It/' better late than ne0er+,
4owever, even after it has been passed, a debate over certain controversial issues
continues. " large portion of the industrial community seems to be dissatisfied with
certain aspects of the "ct. But on the whole, it is a step in the right direction for !ndia.
The Information Technology ct 2!!!1 regulates the transactions relating to the
computer and the !nternet
#he ob%ectives of the "ct as reflected in the &reamble to the "ct are>
1. #he &reamble to the "ct states that it aims at providing legal recognition for
transactions carried out by means of electronic data interchange and other means of
electronic communication, commonly referred to as .electronic commerce., which
involve the use of alternatives to paper8based methods of communication and storage of
information and aims at facilitating electronic filing of documents with the Aovernment
agencies.
'. #o facilitate electronic filing of the document with the government of !ndia. #he
Aeneral "ssembly of the United Bations had adopted the $odel Law on 2lectronic
Commerce adopted by the United Bations Commission on !nternational #rade Law
(UBC!#C"L in its Aeneral "ssembly resolution "DC2SDE1D1F' dated Ganuary H(, 1IIJ.
#he !ndian "ct is in keeping with this resolution that recommended that member nations
of the UB enact and modify their laws according to the $odel Law.
#hus with the enactment of this "ct, !nternet transactions will now be recogni0ed, on8line
contracts will be enforceable and e8mails will be legally acknowledged. !t will
tremendously augment domestic as well as international trade and commerce.
#he !nformation #echnology "ct e)tends to the whole of India and, saves as otherwi'e
&ro0ided in thi' ct, it applies also to any offence or contravention there under
H
committed outside !ndia by any person.
4owever #he "ct does not apply to>
1. a negotiable instrument as defined in section 1H of the Begotiable !nstruments
"ct,1KK19
'. a power8of8attorney as defined in section 1" of the &owers8of8 "ttorney "ct, 1KK'9
H. a trust as defined in section H of the !ndian #rusts "ct, 1KK'9
L. " will as defined in clause (h of section ' of the !ndian Succession "ct, 1I'Eincluding
any other testamentary disposition by whatever name called
E. "ny contract for the sale or conveyance of immovable property or any interest in such
property9
F. "ny such class of documents or transactions as may be notified by the Central
Aovernment in the -fficial Aa0ette.
Some of the Im&ortant 2efinition3
'ymmetric cry&to 'y'tem. means a system of a secure key pair consisting of a private
key for creating a digital signature and a public key to verify the digital signature9
Certifying uthority. means a person who has been granted a licence to issue a 5igital
Signature Certificate under section 'L9
Certification &ractice 'tatement. means a statement issued by a Certifying "uthority to
specify the practices that the Certifying "uthority employs in issuing 5igital Signature
Certificates9
Cyber &&ellate Tribunal. means the Cyber Cegulations "ppellate #ribunal established
under sub8section (1 of section LK9
2igital 'ignature. means authentication of any electronic record by a subscriber by
means of an electronic method or procedure in accordance with the provisions of section.
2igital Signature Certificate. means a 5igital Signature Certificate issued under
subsection of section HE9
Electronic form. with reference to information means any information generated, sent,
received or stored in media, magnetic, optical, computer memory, micro film, computer
generated micro fiche or similar device9
Electronic 4a5ette. means the -fficial Aa0ette published in the electronic form9
Secure 'y'tem. means computer hardware, software, and procedure that=
(a are reasonably secure from unauthorised access and misuse.
(b provide a reasonable level of reliability and correct operation.
L
'. Introduction to Cyber Crime
#he first recorded cyber crime took place in the year 1K'(M #hat is not surprising
considering the fact that the abacus, which is thought to be the earliest form of a computer,
has been around since HE(( B.C. in !ndia, Gapan and China. #he era of modern computers,
however, began with the analytical engine of Charles Babbage. Cyber crime is an evil
having its origin in the growing dependence on computers in modern life. !n a day and age
when everything from microwave ovens and refrigerators to nuclear power plants is being
run on computers, cyber crime has assumed rather sinister implications. $a%or Cyber
crimes in the recent past include the Citibank rip off. US N 1( million were fraudulently
transferred out of the bank and into a bank account in Swit0erland. " Cussian hacker
group led by 6ladimir Oevin, a renowned hacker, perpetrated the attack. #he group
compromised the bank3s security systems. 6ladimir was allegedly using his office
computer at "- Saturn, a computer firm in St. &etersburg, Cussia, to break into Citi bank
computers. 4e was finally arrested on 4eathrow airport on his way to Swit0erland.
United Bations+ 5efinition of Cybercrime
Cybercrime spans not only state but national boundaries as well. &erhaps we should look
to international organi0ations to provide a standard definition of the crime. "t the #enth
United Bations Congress on the &revention of Crime and #reatment of -ffenders, in a
workshop devoted to the issues of crimes related to computer networks, cybercrime was
broken into two categories and defined thus>
P Cybercrime in a narrow sense (computer crime> "ny illegal behaviour directed by
means of electronic operations that targets the security of computer systems and
the data processed by them.
Cybercrime in a broader sense (computer8related crime> "ny illegal behaviour
committed by means of, or in relation to, a computer system or network, including
such crimes as illegal possession QandR offering or distributing information by
means of a computer system or network.
-f course, these definitions are complicated by the fact that an act may be illegal in one
nation but not in another.
E
#here are more concrete e)amples, including
i. Unauthori0ed access
ii 5amage to computer data or programs
iii Computer sabotage
iv Unauthori0ed interception of communications
v Computer espionage
#hese definitions, although not completely definitive, do give us a good starting point one
that has some international recognition and agreement for determining %ust what we mean
by the term cybercrime.
!n !ndian law, cyber crime has to be voluntary and wilful, an act or omission that
adversely affects a person or property. #he !# "ct provides the backbone for e8commerce
and !ndia+s approach has been to look at e8governance and e8commerce primarily from the
promotional aspects looking at the vast opportunities and the need to sensiti0e the
population to the possibilities of the information age. #here is the need to take in to
consideration the security aspects.
Cybercrime is not on the decline. #he latest statistics show that cybercrime is actually on
the rise. 4owever, it is true that in !ndia, cybercrime is not reported too much about.
Conse:uently there is a false sense of complacency that cybercrime does not e)ist and that
society is safe from cybercrime. #his is not the correct picture. #he fact is that people in
our country do not report cybercrimes for many reasons. $any do not want to face
harassment by the police. #here is also the fear of bad publicity in the media, which could
hurt their Ceputation and standing in society. "lso, it becomes e)tremely difficult to
convince the police to register any cybercrime, because of lack of orientation and
awareness about cybercrimes and their registration and handling by the police.
F
H. Ty&e' Of Cyber Crime
Technical '&ect'
#echnological advancements have created new possibilities for criminal activity, in
particular the criminal misuse of information technologies such as
6nauthori5ed acce'' 7 8ac.ing3-
"ccess means gaining entry into, instructing or communicating with the logical,
arithmetical, or memory function resources of a computer, computer system or
computer network.
Unauthori0ed access would therefore mean any kind of access without the
permission of either the rightful owner or the person in charge of a computer,
computer system or computer network.
By hacking web server taking control on another persons website called as web
hi%acking
Tro9an ttac.3-
#he program that act like something useful but do the things that are :uiet
damping. #he programs of this kind are called as #ro%ans.
#ro%ans come in two parts, a Client part and a Server part. /hen the victim
(unknowingly runs the server on its machine, the attacker will then use the Client
to connect to the Server and start using the tro%an.
:iru' and ;orm attac.>8
" program that has capability to infect other programs and make copies of itself
and spread into other programs is called virus.
&rograms that multiply like viruses but spread from computer to computer are
called as worms.
E-mail related crime'3-
Email '&oofing>82mail spoofing refers to email that appears to have been originated from
one source when it was actually sent from another source. &lease Cead
Email S&amming>82mail .spamming. refers to sending email to thousands and thousands
of users 8 similar to a chain letter.
J
Sending maliciou' code' through email3-
28mails are used to send viruses, #ro%ans etc through emails as an attachment or by
sending a link of website which on visiting downloads malicious code.
Email bombing3-
28mail .bombing. is characteri0ed by abusers repeatedly sending an identical email
message to a particular address.
Sending threatening email'
Sending any threatening 2mail to any &erson regarding his live or property is also a
Crime.
Sale of illegal article'
#his would include sale of narcotics, weapons and wildlife etc., by posting information on
websites, auction websites, and bulletin boards or simply by using email communication.
Online gambling
#here are millions of websites9 all hosted on servers abroad, that offer online gambling. !n
fact, it is believed that many of these websites are actually fronts for money laundering.
K
L. Cyber Criminal'
<id' =age grou& *-1% etc,>
!t seems really difficult to believe but it is true. $ost amateur hackers and cyber criminals
are teenagers. #o them, who have %ust begun to understand what appears to be a lot about
computers, it is a matter of pride to have hacked into a computer system or a website.
#here is also that little issue of appearing really smart among friends. #hese young rebels
may also commit cyber crimes without really knowing that they are doing anything
wrong.
Organi5ed hac.ti0i't'
4acktivists are hackers with a particular (mostly political motive. !n other cases this
reason can be social activism, religious activism, etc. #he attacks on appro)imately '((
prominent !ndian websites by a group of hackers known as &akistani Cyber /arriors are a
good e)ample of political hacktivists at work.
2i'gruntled em&loyee'
-ne can hardly believe how spiteful displeased employees can become. #ill now they had
the option of going on strike against their bosses. Bow, with the increase independence on
computers and the automation of processes, it is easier for disgruntled employees to do
more harm to their employers by committing computer related crimes, which can bring
entire systems down.
Profe''ional hac.er' =cor&orate e'&ionage>
2)tensive computeri0ation has resulted in business organi0ations storing all their
information in electronic form. Cival organi0ations employ hackers to steal industrial
secrets and other information that could be beneficial to them. #he temptation to use
professional hackers for industrial espionage also stems from the fact that physical
presence re:uired to gain access to important documents is rendered needless if hacking
can retrieve those.
2enial of Ser0ice Tool'
5enial8of8service (or 5oS attacks are usually launched to make a particular service
unavailable to someone who is authori0ed to use it. #hese attacks may be launched using
one single computer or many computers across the world. !n the latter scenario, the attack
is known as a distributed denial of service attack. Usually these attacks do not necessitate
the need to get access into anyone3s system.
#hese attacks have been getting decidedly more popular as more and more people reali0e
the amount and magnitude of loss, which can be caused through them.
I
/hat are the reasons that a hacker may want to resort to a 5oS attack; 4e may have
installed a #ro%an in the victim3s computer but needed to have the computer restarted to
activate the #ro%an. #he other good reason also may be that a business may want to harm a
competitor by crashing his systems.
5enial8of8service attacks have had an impressive history having, in the past, blocked out
websites like "ma0on, CBB, ?ahoo and eBay. #he attack is initiated by sending e)cessive
demands to the victim3s computer3s, e)ceeding the limit that the victim3s servers can
support and making the server+s crash. Sometimes, many computers are entrenched in this
process by installing a #ro%an on them9 taking control of them and then making them send
numerous demands to the targeted computer. -n the other side, the victim of such an
attack may see many such demands (sometimes even numbering tens of thousands
coming from computers from around the world. Unfortunately, to be able to gain control
over a malicious denial8of8service attack would re:uire tracing all the computers involved
in the attack and then informing the owners of those systems about the attack. #he
compromised system would need to be shut down or then cleaned. #his process, which
sounds fairly simple, may prove very difficult to achieve across national and later
organi0ational borders5enial8of8service attacks have had an impressive history having, in
the past, blocked out websites like "ma0on, CBB, ?ahoo and eBay. #he attack is initiated
by sending e)cessive demands to the victim3s computer3s, e)ceeding the limit that the
victim3s servers can support and making the server+s crash. Sometimes, many computers
are entrenched in this process by installing a #ro%an on them9 taking control of them and
then making them send numerous demands to the targeted computer. -n the other side,
the victim of such an attack may see many such demands (sometimes even numbering
tens of thousands coming from computers from around the world. Unfortunately, to be
able to gain control over a malicious denial8of8service attack would re:uire tracing all the
computers involved in the attack and then informing the owners of those systems about
the attack. #he compromised system would need to be shut down or then cleaned. #his
process, which sounds fairly simple, may prove very difficult to achieve across national
and later organi0ational borders.
1(
5. Indian Ca'e Studie'
/hile ! have a huge collection of international cyber crimes ! thought it may be more
relevant if we discuss !ndian Cyber crime case studies. 4owever if any of you is interested
in international case studies please do reach me. ! have not arranged the following section
in an order to create flow of thought for the reader. "nd it is possible there is a drift from
the ta)onomy which we have defined in the beginning.
In'ulting Image' of ;arrior Shi0a9i on 4oogle ? Or.ut
"n !ndian posts *insulting images+ of respected warrior8saint Shiva%i on Aoogle+s
-rkut.!ndian police come knocking at Aoogle+s gilded door demanding the !& address (!&
uni:uely identifies every computer in the world which is the source of this negative
image. Aoogle, !ndia hands over the !& address.
@inancial crime
/ipro Spectramind lost the telemarketing contract from Capital one due to an organi0ed
crime.#he telemarketing e)ecutives offered fake discounts, free gifts to the "mericans in
order to boost the sales of the Capital one. #he internal audit revealed the fact and
surprisingly it was also noted that the superiors of these telemarketers were also involved
in the whole scenario.
Cyber &ornogra&hy
Some more !ndian incidents revolving around cyber pornography include the "ir <orce
Balbharati School case. !n the first case of this kind, the 5elhi &olice Cyber Crime Cell
registered a case under section FJ of the !# act, '(((. " student of the "ir <orce
Balbharati School, Bew 5elhi, was teased by all his classmates for having a pockmarked
face.
Online 4ambling
Cecent !ndian case about cyber lotto was very interesting. " man called Oola $ohan
invented the story of winning the 2uro Lottery. 4e himself created a website and an email
address on the !nternet with the address 3eurolotterySusa.net.3 /henever accessed, the site
would name him as the beneficiary of the 1'.E million pound. "fter confirmation a
telgunewspaper published this as a news. 4e collected huge sums from the public as well
as from some banks for mobili0ation of the deposits in foreign currency 4owever, the
fraud
11
came to light when a che:ue discounted by him with the "ndhra Bank for Cs 1.JH million
bounced. $ohan had pledged with "ndhra Bank the copy of a bond certificate purportedly
issued by $idland Bank, Sheffields, London stating that a term deposit of 1'.E million
was held in his name.
Intellectual Pro&erty crime'
#hese include software piracy, copyright infringement, trademarks violations, theft of
computer source code etc. !n other words this is also referred to as cybers:uatting. Satyam
6s. Siffy is the most widely known case. Bharti Cellular Ltd. filed a case in the 5elhi
4igh Court that some cyber s:uatters had registered domain names such as
barticellular.com and bhartimobile.com with Betwork solutions under different fictitious
names. #he court directed Betwork Solutions not to transfer the domain names in :uestion
to any third party and the matter is sub8%udice. Similar issues had risen before various
4igh Courts earlier. ?ahoo had sued one "kash "rora for use of the domain name
*?ahooindia.Com+ deceptively similar to its *?ahoo.com+. "s this case was governed by
the #rade $arks "ct,1IEK, the additional defence taken against ?ahoo+s legal action for
the interim order was that the #rade $arks "ct was applicable only to goods.
Cyber 2efamation
!ndia+s first case of cyber defamation was reported when a company+s employee started
sending derogatory, defamatory and obscene e8mails about its $anaging 5irector. #he
emails were anonymous and fre:uent, and were sent to many of their business associates
to tarnish the image and goodwill of the company. #he company was able to identify the
employee with the help of a private computer e)pert and moved the 5elhi 4igh Court.
#he court granted an ad8interim in%unction and restrained the employee from sending,
publishing and transmitting e8mails, which are defamatory or derogatory to the plaintiffs.
1'
6. CONCL6SION
-bviously computer crime is on the rise, but so is the awareness and ability to fight it.
Law enforcement reali0es that it is happening more often than it is reported and are doing
there best to improve e)isting laws and create new laws as appropriate. #he problem is not
with the awareness or the laws, but with actually reporting that a crime has occurred.
4opefully people will begin to reali0e that unless they report these crimes and get
convictions, those committing computer crimes will continue to do so. /hile there is no
silver bullet for dealing with cyber crime, it doesn+t mean that we are completely helpless
against it. #he legal system is becoming more tech savvy and manylaw enforcement
departments now have cyber crime units created specifically to deal with computer related
crimes, and of course we now have laws that are specifically designed for computer
related crime. /hile the e)isting laws are not perfect, and no law is, they are nonetheless a
step in the right direction toward making the !nternet a safer place for business, research
and %ust casual use. "s our reliance on computers and the !nternet continues to grow, the
importance of the laws that protect us from the cyber8criminals will continue to grow as
well.
1H