Name-ANMOL KATARUKA

User-ID 1804_anmol
ONLINE ASSIGNMENT-3

Ques.1 Critically analyze the difference between conventional crime and

cyber crime?
Answer - Conventional forms of crime violate state, national, and
local laws. Cyber crime (or computer crime) encompasses a wide
variety of criminal activities that also breach state, or federal
laws, but is done so through the computer, including hacking,
software piracy, malware, electronic money laundering,
harassment, and even identity theft.
The difference between Cyber crime and Conventional forms of
crime include technology allowing individuals to commit
Conventional types of crime without leaving their home. Another
difference is individuals who are involved in computer crimes
have the ability to commit criminal acts across state lines, or even
across international boundaries, often time making it impossible
to prosecute. An illegal act performed via the internet in one
state, might not be illegal in another.
Four types of Cyber crimes in relation to Conventional crimes
include the following:
1) Identity theft is a Cyber crime that can be compared to its
Conventional counterpart of larceny. Identity theft involves
stealing an individual's personal information, and then using it
maliciously. Identity theft occurs on the internet, as well as in
person. Criminals have been known to steal information through a
variety of personal ways, including sifting through people's
garbage, or using a mobile phone, and taping an individual typing
in their ATM number. Compared to victims of Conventional
larceny, identity theft victims are most likely not to know who
their 'attacker' was.
2) Cyber that involve illegal online gambling can be compared

with the Conventional form of illegal gambling. In certain states,

there are legalized forms of gambling, yet internet gambling
allows an individual in one state, that may prohibit such acts,
gamble in another state or country, in which it is legal. Again, this
makes it more difficult to prosecute individuals across state or
country lines. Another comparison is that Conventional based
casinos are government regulated, while internet gambling is
unregulated, and allows for anyone to participate, including
minors. As well as illegal gambling casinos, internet gambling is
also a source of benefit for members of organized crime.
3) Cyber stalking is comparable to stalking a person offline, and is
another criminal act that proposes problems. Cyber stalking
involves using technology to intimidate, threaten, or abuse an
individual online. Unlike Conventional stalkers, cyber stalkers
believe that they hide behind the anonymity of the internet, and
nobody will know who they are. Conventional stalking includes
harassment, or abuse through letters, calls, physical contact, or
intimidation by showing up at various places that the victim may
visit or resides. Cyber stalking and stalking are meant to instill
fear in the victims. Both Conventional forms of stalking and cyber
stalking are harmful, and dangerous. Some individuals do not
believe that cyber stalking is just as threatening to victims as
Conventional stalking, since the harassment is done through the
computer. There needs to be more awareness among law
enforcement about cyber stalking, and its potential to be just as
dangerous as Conventional stalking. Many individuals believe that
someone can stop a cyber stalker by staying off the internet, but
that is not the case. "'There have been reports, for example, that
alleged victims of on-line harassment have been told by police
officers, unfamiliar with the technology involved, simply to turn off
their computers.'" (Wall, 2001. pg. 146) As with other cyber
crimes, jurisdiction plays a part in cyber stalking. With
Conventional stalking, the stalker is usually within the same
proximity as the victim, but with cyber stalkers, the stalker can be
on the other side of the country, or in across international
borders. "This means that a potential offender may not be within
the jurisdiction where an offence is committed."
4) Cyber involving cyber terrorism is comparable to its more
Conventional form of terrorism. Conventional terroristic activity

encompass directing the activities at targeted individuals, or often

time, buildings. The FBI defines terrorism as the unlawful force or
violence against persons or property to intimidate or coerce a
government or population in furtherance of political or social
objectives.
Cyber terrorism involves using the internet as a means of assault
through various activities, and includes wiring money to terrorist
organisations, recruiting, sending virus, malware, trojans, or logic
bombs, or any other activity that destroys information, or
promotes terrorism. Unlike Conventional terrorism, cyber
terrorism allows for the recruitment of others across nations, as
well as communicating plans of attack with members from all
over the world, and even training.
Conventional terrorists have been known to use computers to
map attacks. This allows the terrorists a level of anonymity.
"...both the 1993 and 2001 attacks on the World Trade Center
made use of computers in various ways, from managing
communications to helping plan the attacks in depth." Both forms
of terrorism can result in casualties. While Conventional terrorists
do not hide their attacks, and often carry out their attacks in the
'open,' cyber terrorism targets its victims in a 'sneaky' manner.
For example, the United States relies on a computerized system
that run networks, individuals would be vulnerable if someone
hacked into any system that controlled vital resources, such as
water, power, or transportation. As a result of both Conventional
terroristic activities and possible cyber terrorism, security has
increased. "In 1998, the federal National Infrastructure Protection
Center (NIPC) was created to serve as a focal point within the U.S.
government for threat assessment, warning, investigation, and
response to threats or attacks against the nation's critical
infrastructure."

Ques.2 Enumerate the existing laws in India to prevent cyber crime?

Answer- Due to immense increase in the use of Internet and

dependency of individuals in every field, a number of new crimes
related to Computer and other gadgets based on internet have
evolved in the society. Such crimes where use of computers
coupled with the use of Internet is involved are broadly termed as
Cyber Crimes.
Governing Laws
There was no statute in India for governing Cyber Laws involving
privacy issues, jurisdiction issues, intellectual property rights
issues and a number of other legal questions. With the tendency
of misusing of technology, there arisen a need of strict statutory
laws to regulate the criminal activities in the cyber world and to
protect the true sense of technology "INFORMATION TECHNOLOGY
ACT, 2000" [ITA- 2000] was enacted by Parliament of India to
protect the field of e-commerce, e-governance, e-banking as well
as penalties and punishments in the field of cyber crimes. The
above Act was further amended in the form of IT Amendment Act,
2008 [ITAA-2008].
The ITA-2000 defines 'Computer' means any electronic magnetic,
optical or other high-speed data processing device or system
which performs logical, arithmetic, and memory functions by
manipulations of electronic, magnetic or optical impulses, and
includes all input, output, processing, storage, computer software,
or communication facilities which are connected or related to the
computer in a computer system or computer network. The word
'computer' and 'computer system' have been so widely defined
and interpreted to mean any electronic device with data
processing capability, performing computer functions like logical,
arithmetic and memory functions with input, storage and output
capabilities and therefore any high-end programmable gadgets
like even a washing machine or switches and routers used in a
network can all be brought under the definition.
Scope and applicability

The scope and applicability of ITA-2000 was increased by its

amendment in 2008. The word 'communication devices' inserted
having an inclusive definition, taking into its coverage cell
phones, personal digital assistance or such other devices used to
transmit any text, video etc like what was later being marketed as
iPad or other similar devices on Wi-fi and cellular models. Though
ITA- 2000 defined 'digital signature', however said definition was
incapable to cater needs of hour and therefore the term
'Electronic signature' was introduced and defined in the ITAA
-2008 as a legally valid mode of executing signatures. This
includes digital signatures as one of the modes of signatures and
is far broader in ambit covering biometrics and other new forms of
creating electronic signatures not confining the recognition to
digital signature process alone.
The new amendment has replaced Section 43 with Section 66.
The Word "hacking" used in Section 66 of earlier Act has been
removed and named as "data theft" in this section and has further
been widened in the form of Sections 66A to 66F. The section
covers the offences such as the sending of offensive messages
through communication service, misleading the recipient of the
origin of such messages, dishonestly receiving stolen computers
or other communication device, stealing electronic signature or
identity such as using another persons' password or electronic
signature, cheating by personation through computer resource or
a communication device, publicly publishing the information
about any person's location without prior permission or consent,
cyber terrorism, the acts of access to a commuter resource
without authorization, such acts which can lead to any injury to
any person or result in damage or destruction of any property,
while trying to contaminate the computer through any virus like
Trojan etc. The offences covered under section 66 are cognizable
and non-bailable. Whereas, the consequence of Section 43 of
earlier Act were Civil in nature having its remedy in the form of
damages and compensation only, but under Section 66 of the
Amendment Act, if such act is done with criminal intention that is
mens rea, then it will attract criminal liability having remedy in
imprisonment or fine or both.

Adjudication
Adjudication powers and procedures have been dealt in Sections
46 and thereafter. As per the Act, the Central Government may
appoint any officer not below the rank of a director to the
Government of India or a state Government as the adjudicator.
The I.T. Secretary in any state is normally the nominated
Adjudicator for all civil offences arising out of data thefts and
resultant losses in the particular state. Very few applications were
received during first 10 years of existence of the ITA, that too in
the major metros only. However, the trend of receiving complaint
under ITA is rapidly growing. The first adjudication obtained under
this provision was in Chennai, Tamil Nadu, in a case involving ICICI
Bank in which the bank was told to compensate the applicant with
the amount wrongfully debited in Internet Banking, along with
cost and damages. There is an appellate procedure under this
process and the composition of Cyber Appellate Tribunal at the
national level, has also been described in the Act. Every
adjudicating officer has the powers of a civil court and the Cyber
Appellate Tribunal has the powers vested in a civil court under the
Code of Civil Procedure.
The major Acts , which got amended after enactment of ITA
The Indian Penal Code, 1860
The Indian Penal Code was amended by inserting the word
'electronic' thereby treating the electronic records and documents
on a par with physical records and documents. The Sections
dealing with false entry in a record or false document etc (e.g.
192, 204, 463, 464, 464, 468 to 470, 471, 474, 476 etc) have
since been amended as 'electronic record and electronic
document' thereby bringing within the ambit of IPC. Now,
electronic record and electronic documents has been treated just
like physical records and documents during commission of acts of
forgery or falsification of physical records in a crime. After the
above amendment, the investigating agencies file the cases/
charge-sheet quoting the relevant sections from IPC under section
463,464, 468 and 469 read with the ITA/ITAA under Sections 43

and 66 in like offences to ensure the evidence and/or punishment

can be covered and proved under either of these or under both
legislation.
The Indian Evidence Act 1872
Prior to enactment of ITA, all evidences in a court were in the
physical form only. After existence of ITA, the electronic records
and documents were recognized. The definition part of Indian
Evidence Act was amended as "all documents including electronic
records" were substituted. Other words e.g. 'digital signature',
'electronic form', 'secure electronic record' 'information' as used in
the ITA, were also inserted to make them part of the evidentiary
importance under the Act. The important amendment was seen
by recognition of admissibility of electronic records as evidence as
enshrined in Section 65B of the Act.
The Bankers' Books Evidence (BBE) Act 1891:
Before passing of ITA, a bank was supposed to produce the
original ledger or other physical register or document during
evidence before a Court. After enactment of ITA, the definitions
part of the BBE Act stood amended as: "'bankers ' books' include
ledgers, day-books, cashbooks, account-books and all other books
used in the ordinary business of a bank whether kept in the
written form or as printouts of data stored in a floppy, disc, tape
or any other form of electro-magnetic data storage device". When
the books consist of printouts of data stored in a floppy, disc, tape
etc, a printout of such entry ...certified in accordance with the
provisions ....to the effect that it is a printout of such entry or a
copy of such printout by the principal accountant or branch
manager; and (b) a certificate by a person in-charge of computer
system containing a brief description of the computer system and
the particulars of the safeguards adopted by the system to ensure
that data is entered or any other operation performed only by
authorized persons; the safeguards adopted to prevent and
detect unauthorized change of data ...to retrieve data that is lost
due to systemic failure or ....

The above amendment in the provisions in Bankers Books

Evidence Act recognized the printout from a computer system and
other electronic document as a valid document during course of
evidence, provided, such print-out or electronic document is
accompanied by a certificate in terms as mentioned above.
Issues not covered under ITA
ITA and ITAA is though landmark first step and became mile-stone
in the technological growth of the nation; however the existing
law is not sufficed. Many issues in Cyber crime and many crimes
are still left uncovered.
Territorial Jurisdiction is a major issue which is not satisfactorily
addressed in the ITA or ITAA. Jurisdiction has been mentioned in
Sections 46, 48, 57 and 61 in the context of adjudication process
and the appellate procedure connected with and again in Section
80 and as part of the police officers' powers to enter, search a
public place for a cyber crime etc. Since cyber crimes are
basically computer based crimes and therefore if the mail of
someone is hacked in one place by accused sitting far in another
state, determination of concerned P.S., who will take cognizance is
difficult. It is seen that the investigators generally try to avoid
accepting such complaints on the grounds of jurisdiction. Since
the cyber crime is geography-agnostic, borderless, territory-free
and generally spread over territories of several jurisdiction; it is
needed to proper training is to be given to all concerned players
in the field.
Preservation of evidence is also big issue. It is obvious that while
filing cases under IT Act, very often, chances to destroy the
necessary easily as evidences may lie in some system like the
intermediaries' computers or sometimes in the opponent's
computer system too.
However, most of the cyber crimes in the nation are still brought
under the relevant sections of IPC read with the comparative
sections of ITA or the ITAA which gives a comfort factor to the

investigating agencies that even if the ITA part of the case is lost,
the accused cannot escape from the IPC part.
Conclusion
Society as on today is happening more and more dependent upon
technology and crime based on electronic offences are bound to
increase. Endeavor of law making machinery of the nation should
be in accordance with mile compared to the fraudsters, to keep
the crimes lowest. Hence, it should be the persistent efforts of
rulers and law makers to ensure that governing laws of
technology contains every aspect and issues of cyber crime and
further grow in continuous and healthy manner to keep constant
vigil and check over the related crimes.

QUES.3 Whether cyber terrorism can be treated as a threat to national

security?
Answer - the cyber threat is the single greatest threat to the
national security of the country, as it appears now and in the
future; the infrastructure of warfare is changing. The foundation of
all things combative is the internet. Every creature comfort we
enjoy in cyberspace has the ability to be turned around on us and
used against us. When the intent is there, a cyber hacker may
take your information at will to disrupt and generate fear
comparable to traditional terrorism.
Cyber-terrorism has been commonplace for sometime now, even
amongst displaced terrorists it is relatively easy to hack into your
information with amateurish equipment. A computer, a Rs 15,000
antenna, and free downloadable software is all one needs to
cause disruption in cyberspace. Famously Al-Qaeda operatives
used cyber-terrorism through network and YouTube garnering
propaganda against the U.S, to recruit and train more agents of
terrorism.
Thousands of attempts on our national security are made
everyday. Data flows through the air like invisible smart bullets

that have the capability to bleed you out slowly or smash you to
pieces. For the defense department, cyber-terrorists exists as
some Orwellian nightmare where everyone is vying for Big brother
supremacy. Computer hounds are now employed to break apart
entire networks and disintegrate the fabrics that interconnect our
everyday lives. In recent days the Pentagon has begun to address
these virtual threats by increasing the size of their cyber security
force by more than 4,000 people.
Cyber-terrorism is all-pervasive, like an ethereal Rubik's cube;
you cant touch it and it keeps resetting itself. Those in China are
not surprised by recent developments in the U.S, citing that they
too have been the victims of cyber-terrorism.
In the 21st century its not going to matter how many arms you
carry, but instead how many buttons you press As the Internet
becomes more pervasive in all areas of human endeavor,
individuals or groups can use the anonymity afforded by
cyberspace to threaten citizens, specific groups (i.e. with
membership based on ethnicity or belief), communities and entire
countries, without the inherent threat of capture, injury, or death
to the attacker that being physically present would bring. Many
groups such as Anonymous, use tools such as Denial-of-service
attack to attack and censor groups who oppose them, creating
many concerns for freedom and respect for differences of
thought.
Many believe that cyber terrorism is an extreme threat to our
economy, and fear an attack could potentially lead to similar
times like the Great Depression. Several leaders agree that
cyber terrorism has the highest percentage of threat over other
possible attacks on U.S. territory. Although natural disasters are
considered a top threat and have proven to be devastating to our
people and land, there is ultimately little we can do to prevent
such events from happening. Thus, the expectation is to focus
more on preventative measures that will make internet attacks
impossible for execution.
As the Internet continues to expand, and computer systems
continue to be assigned more responsibility while becoming more
and more complex and interdependent, sabotage or terrorism via
cyberspace may become a more serious threat and is possibly

one of the top 10 events to "end the human race".

Dependence on the internet is rapidly increasing on a worldwide
scale, creating a platform for international cyber terror plots to be
formulated and executed as a direct threat to national security.
For terrorists, cyber-based attacks have distinct advantages over
physical attacks. They can be conducted remotely, anonymously,
and relatively cheaply, and they do not require significant
investment in weapons, explosive and personnel. The effects can
be widespread and profound. Incidents of cyber terrorism are
likely to increase. They will be conducted through denial-ofservice attacks that overload that servers, worms, viruses,
unauthorized intrusion, Web site defacements, attacks on network
infrastructures and other methods that are difficult to envision
today.
RECENT ATTACKS
In March 2013, the New York Times reported on a pattern of
cyber attacks against U.S. financial institutions believed to
be instigated by Iran as well as incidents affecting South
Korean financial institutions that originate with the North
Korean government.
In August 2013, media companies including the New York
Times, Twitter and the Huffington Post lost control of some of
their websites Tuesday after hackers supporting the Syrian
government breached the Australian Internet company that
manages many major site addresses. The Syrian Electronic
Army, a hacker group that has previously attacked media
organisations that it considers hostile to the regime of Syrian
president Bashar al-Assad, claimed credit for the Twitter and
Huffington Post hacks in a series of Twitter messages.
Electronic records showed that NYTimes.com, the only site
with an hours-long outage, redirected visitors to a server
controlled by the Syrian group before it went dark.
Ques. 4 Differentiate between Trojan attacks and web jacking?
Answer- Web-jacking

This term is derived from the term hi jacking. In these kinds of

offences the hacker gains access and control over the web site of
another. He may even change the information on the site. This
may be done for fulfilling political objectives or for money. E.g.
recently the site of MIT (Ministry of Information Technology) was
hacked by the Pakistani hackers and some obscene matter was
placed therein. Further the site of Bombay crime branch was also
web jacked. Another case of web jacking is that of the gold fish
case. In this case the site was hacked and the information
pertaining to gold fish was changed.
Trojan Attacks
A Trojan horse, or Trojan, in computing is a generally non-selfreplicating type of malware program containing malicious code
that, when executed, carries out actions determined by the nature
of the Trojan, typically causing loss or theft of data, and possible
system harm. The term is derived from the story of the wooden
horse used to trick defenders of Troy into taking concealed
warriors into their city in ancient Anatolia, because computer
Trojans often employ a form of social engineering, presenting
themselves as routine, useful, or interesting in order to persuade
victims to install them on their computers.
A Trojan often acts as a backdoor, contacting a controller which
can then have unauthorized access to the affected computer.
While Trojans and backdoors are not easily detectable by
themselves, computers may appear to run slower due to heavy
processor or network usage. Malicious programs are classified as
Trojans if they do not attempt to inject themselves into other files
(computer virus) or otherwise propagate themselves (worm).A
computer may host a Trojan via a malicious program a user is
duped into executing (often an e-mail attachment disguised to be

unsuspicious, e.g., a routine form to be filled in) or by drive-by

download.

A Trojan is a unauthorized program which functions from inside

what seems to be an authorised program, thereby concealing
what it is actually doing. It performs undisclosed malicious
functions that allow unauthorized access to the host machine,
giving them the ability to save files on the users computer or
even watch the users screen and control the computer.

A Trojan is a unauthorized program which functions from inside

what seems to be an authorised program, thereby concealing
what it is actually doing. It performs undisclosed malicious
functions that allow unauthorized access to the host machine,
giving them the ability to save files on the users computer or
even watch the users screen and control the computer.

Ques. 5 BrieflyanalyzethevarioussectionsinINFORMATION
TECHNOLOGYACT,2000thatdealswithcybercrimes?
Answer- IT Act 2000 was mainly to ensure legal recognition of e
commerce within India. Due to this most provisions are mainly
concerned with establishing digital certification processes within
the country. Cyber crime as a term was not defined in the act. It
only delved with few instances of computer related crime. These
acts as defined in Chapter XI of the Act are

1. Illegal access, introduction of virus, denial of services,

causing damage and manipulating computer accounts
(Section 43)
2. Tampering, destroying and concealing computer code
(Section 65)
3. Acts of hacking leading to wrongful loss or
damage(Section66)
4. Acts related to publishing, transmission or causing
Publication of obscene/ lascivious in nature (section 67)
Act of causing denial of service, introduction of virus etc as
defined in section 43 only amounts to payment of damages which
could be upto one crore.
Punishment in section 65 and 66 is three years or fine up to two
lakh rupees or both. For section 67 the first time offenders can be
punished up to 5 years with fine up to one lakhs of rupees.
Subsequent offence can lead to ten years of punishment and fine
up to two lakhs of rupees.