CYBER CRIME

INTRODUCTION

The usage of internet services in India is growing rapidly. It has given rise to new
opportunities in every field we can think of be it entertainment, business, sports or education.

There are many pros and cons of some new types of technology which are been invented
or discovered. Similarly the new & profound technology i.e. using of INTERNET Service, has
also got some pros & cons. These cons are named CYBER CRIME, the major disadvantages,
illegal activity committed on the internet by certain individuals because of certain loop-holes.
The internet, along with its advantages, has also exposed us to security risks that come with
connecting to a large network. Computers today are being misused for illegal activities like e-
mail espionage, credit card fraud, spams, and software piracy and so on, which invade our
privacy and offend our senses. Criminal activities in the cyberspace are on the rise.

Computer crimes are criminal activities, which involve the use of information technology
to gain an illegal or an unauthorized access to a computer system with intent of damaging,
deleting or altering computer data. Computer crimes also include the activities such as electronic
frauds, misuse of devices, identity theft and data as well as system interference. Computer crimes
may not necessarily involve damage to physical property. They rather include the manipulation
of confidential data and critical information. Computer crimes involve activities of software

Page 1 of 68
theft, wherein the privacy of the users is hampered. These criminal activities involve the breach
of human and information privacy, as also the theft and illegal alteration of system critical
information. The different types of computer crimes have necessitated the introduction and use
of newer and more effective security measures.

In recent years, the growth and penetration of internet across Asia Pacific has been
phenomenal. Today, a large number of rural areas in India and a couple of other nations in the
region have increasing access to the internetparticularly broadband. The challenges of
information security have also grown manifold. This widespread nature of cyber crime is
beginning to show negative impact on the economic growth opportunities in each of the
countries.

It is becoming imperative for organizations to take both preventive and corrective actions
if their systems are to be protected from any kind of compromise by external malicious elements.
According to the latest statistics, more than a fifth of the malicious activities in the world
originate from the Asia Pacific region. The malicious attacks included denial-of-service attacks,
spam, and phishing and bot attacks. Overall, spam made up 69% of all monitored e-mail traffic
in the Asia Pacific region. As per the National Crime Records Bureau statistics, there has been a
255% increase in cyber crime in India alone. And mind you, these are just the reported cases.

In view of this, various governmental and non-governmental agencies are working

towards reducing cyber crime activities.

Computer crime, cybercrime, e-crime, hi-tech crime or electronic crime generally refers
to criminal activity where a computer or network is the source, tool, target, or place of a crime.
These categories are not exclusive and many activities can be characterized as falling in one or
more category. Additionally, although the terms computer crime and cybercrime are more
properly restricted to describing criminal activity in which the computer or network is a
necessary part of the crime, these terms are also sometimes used to include traditional crimes,
such as fraud, theft, blackmail, forgery, and embezzlement, in which computers or networks are
used. As the use of computers has grown, computer crime has become more important.

Page 2 of 68
 Computer crime can broadly be defined as criminal activity involving an information
technology infrastructure, including illegal access (unauthorized access), illegal interception (by
technical means of non-public transmissions of computer data to, from or within a computer
system), data interference (unauthorized damaging, deletion, deterioration, alteration or
suppression of computer data), systems interference (interfering with the functioning of a
computer system by inputting, transmitting, damaging, deleting, deteriorating, altering or
suppressing computer data), misuse of devices, forgery (ID theft), and electronic fraud (Taylor,
1999)

In 2002 the newly formed U.S. Internet Crime Complaint Center reported that more than
$54 million dollars had been lost through a variety of fraud schemes; this represented a threefold
increase over estimated losses of $17 million in 2001. The annual losses grew in subsequent
years, reaching $125 million in 2003, about $200 million in 2006 and close to $250 million in
2008.

Page 3 of 68
 CYBERCRIMES IN INDIA

As India become the fourth highest number of Internet users in the world, cyber crimes in
India has also increased 50 percent in 2007 over the previous year. According to the Information
Technology (IT) Act, the majority of offenders were under 30 years of age.

Around 46 percent of cyber crimes were related to incidents of cyber pornography,

followed by hacking. According to recent published 'Crime in 2007 report', published by the
National Crime Record Bureau (NCRB), in over 60 percent of these cases, offenders were
between 18 and 30. These cyber-crimes are punishable under two categories; the IT Act 2000 and
the Indian Penal Code (IPC). According to the report, 217 cases of cyber-crime were registered
under the IT Act in 2007, which is an increase of 50 percent from the previous year. Under the
IPC section, 339 cases were recorded in 2007 compared to 311 cases in 2006. Out of 35 mega
cities, 17 cities have reported around 300 cases of cyber-crimes under both categories that is an
increase of 32.6 percent in a year. The report also shows that cyber crime is not only limited to
metro cities but it also moved to small cities like Bhopal. According to the report, Bhopal, the
capital of Madhya Pradesh has reported the highest incidence of cyber crimes in the country.

In order to tackle with cyber crime, Delhi Police have trained 100 of its officers in
handling cyber crime and placed them in its Economic Offences Wing. These officers were
trained for six weeks in computer hardware and software, computer networks comprising data
communication networks, network protocols, wireless networks and network security. Faculty at
Guru Gobind Singh Indraprastha University (GGSIPU) were the trainers.

Page 4 of 68
 CRIME STATISTICS

As per the National Crime Records Bureau statistics, during the year 2005, 179 cases
were registered under the IT Act as compared to 68 cases during the previous year, thereby
reporting a significant increase of 163.2% in 2005 over 2004. During 2005, a total of 302 cases
were registered under IPC sections as compared to 279 such cases during 2004, thereby reporting
an increase of 8.2% in 2005 over 2004. NCRB is yet to release the statistics for 2006. In 2006,
206 complaints were received in comparison with only 58 in 2005, a 255% increase in the total
number of complaints received in the Cyber Cell/EOW over the last year. In terms of cases
registered and investigated in 2006 (up to 22.12.06), a total of 17 cases, where the computer was
the victim, a tool or a repository of evidence, have been registered in the Cyber Cell/EOW as
compared to 12 cases registered in 2005. And mind you, these are just the reported cases.

While the number of cyber crime instances has been constantly growing over the last few
years, the past year and a half, in particular, has seen a rapid spurt in the pace of cyber crime
activities. Cyber lawyers, Pavan Duggal, advocate with the Supreme Court of India and Karnika
Seth, partner, Seth Associates, Advocates and Legal Consultants, testify to this, pointing out that
they have seen a jump in the number of cyber crime cases that they've been handling in the last
one year. One also should remember that the term 'Cyber Crime' should be applied to all offences
committed with the use of 'Electronic Documents'. Hence, cyber crimes must grow at the same
rate as the use of the Internet, mobile phone, ATM, credit cards or perhaps even faster.

"With the little offences came the larger ones involving huge money, and one has seen this
sudden jump from smaller crimes to financial crimes in the last one year"

According to Captain Raghu Raman, CEO, Mahindra Special Services Group (SSG), the
contributing factors are high volume of data processing, rapid growth and major migration into
the online space, especially of financial institutions and their customer transactions.

However, actual numbers continue to include, considering the fact that a majority of the
cases go unreported. Most victims, especially the corporate, continue to downplay on account of

Page 5 of 68
the fear of negative publicity thereby failing to give a correct picture of the cyber crime scene in
the country. According to Cyber law expert Na Vijayashankar (popularly known as Naavi); it is
difficult to measure the growth of Cyber Crimes by any statistics, the reason being that a
majority of cyber crimes don't get reported. "If we, therefore, focus on the number of cases
registered or number of convictions achieved, we only get diverted from real facts," he adds.
Duggal points out to the results of a survey he conducted in early 2006 on the extent of under-
reporting. For every 500 instances of cyber crimes that take place in India, only fifty are reported
and out of that fifty, only one is registered as an FIR or criminal case. So, the ratio effectively is
1:500 and this, he points out, are conservative estimates. Giving an insight into the reasons for
low reporting, Nandkumar Sarvade, director, Cyber Security and Compliance at Nasscom, points
out that very often, people are not aware whether an incident is a cyber crime; there is also lack
of awareness on where to lodge a complaint or whether the police will be able to understand.
"Added to this is the fear of losing business and hence, many cases don't come to light," he adds.

Page 6 of 68
 CHANGING FACE OF CRIME

The last year has seen a quantum jump not only in the quantity and quality but also the
very nature of cyber crime activities. According to Naavi, a perceptible trend being observed is
that cyber crimes are moving from 'Personal Victimization' to 'Economic Offences'. SD Mishra,
ACP, IPR and Cyber Cell, Economic Offences Wing, Delhi Police concurs that the cases that are
now coming up are more related to financial frauds. As opposed to obscenity, pornography,
malicious emails that were more prevalent in the past, now credit card frauds, phishing attacks,
online share trading, etc. are becoming more widespread. As Seth points out, initially, when the
Internet boom began, certain crimes were noticeable and cyber stalking was one of the first ones.
"However, with the little offences came the larger ones involving huge money and one has seen
this sudden jump from smaller crimes to financial crimes in the last one year," she adds.

Page 7 of 68
 CYBERSPACE

As the cases of cybercrime grow; there is a growing need to prevent them. Cyberspace
belongs to everyone. There should be electronic surveillance which means investigators tracking
down hackers often want to monitor a cracker as he breaks into a victim's computer system. The
two basic laws governing real-time electronic surveillance in other criminal investigations also
apply in this context, search warrants which means that search warrants may be obtained to gain
access to the premises where the cracker is believed to have evidence of the crime. Such
evidence would include the computer used to commit the crime, as well as the software used to
gain unauthorized access and other evidence of the crime.

Researchers must explore the problems in greater detail to learn the origins, methods, and
motivations of this growing criminal group. Decision-makers in business, government, and law
enforcement must react to this emerging body of knowledge. They must develop policies,
methods, and regulations to detect incursions, investigate and prosecute the perpetrators, and
prevent future crimes. In addition, Police Departments should immediately take steps to protect
their own information systems from intrusions (Any entry into an area not previously occupied).

Internet provides anonymity: This is one of the reasons why criminals try to get away
easily when caught and also give them a chance to commit the crime again. Therefore, we users
should be careful. We should not disclose any personal information on the internet or use credit
cards and if we find anything suspicious in e-mails or if the system is hacked, it should be
immediately reported to the Police officials who investigate cyber-crimes rather than trying to fix
the problem by ourselves.

Computer crime is a multi-billion dollar problem. Law enforcement must seek ways to
keep the drawbacks from overshadowing the great promise of the computer age. Cybercrime is a
menace that has to be tackled effectively not only by the official but also by the users by co-
operating with the law. The founding fathers of internet wanted it to be a boon to the whole
world and it is upon us to keep this tool of modernization as a boon and not make it a bane to the
society.

Page 8 of 68
 TYPES OF CYBER CRIME

1. Theft of Telecommunications Services

The "phone phreakers" of three decades ago set a precedent for what has become a major
criminal industry. By gaining access to an organizations telephone switchboard (PBX)
individuals or criminal organizations can obtain access to dial-in/dial-out circuits and then make
their own calls or sell call time to third parties (Gold 1999). Offenders may gain access to the
switchboard by impersonating a technician, by fraudulently obtaining an employee's access code,
or by using software available on the internet. Some sophisticated offenders loop between PBX
systems to evade detection. Additional forms of service theft include capturing "calling card"
details and on-selling calls charged to the calling card account, and counterfeiting or illicit
reprogramming of stored value telephone cards.

It has been suggested that as long ago as 1990, security failures at one major
telecommunications carrier cost approximately 290 million, and that more recently, up to 5% of
total industry turnover has been lost to fraud (Schieck 1995: 2-5). Costs to individual subscribers
can also be significant in one case; computer hackers in the United States illegally obtained
access to Scotland Yard's telephone network and made 620,000 worth of international calls for
which Scotland Yard was responsible (Tendler and Nuttall 1996).

2. Communications in Furtherance of Criminal Conspiracies

Just as legitimate organizations in the private and public sectors rely upon information
systems for communications and record keeping, so too are the activities of criminal
organizations enhanced by technology.

There is evidence of telecommunications equipment being used to facilitate organized

drug trafficking, gambling, prostitution, money laundering, child pornography and trade in
weapons (in those jurisdictions where such activities are illegal). The use of encryption
technology may place criminal communications beyond the reach of law enforcement.

The use of computer networks to produce and distribute child pornography has become
the subject of increasing attention. Today, these materials can be imported across national

Page 9 of 68
borders at the speed of light. The more overt manifestations of internet child pornography entail
a modest degree of organization, as required by the infrastructure of IRC and WWW, but the
activity appears largely confined to individuals.

By contrast, some of the less publicly visible traffic in child pornography activity appears
to entail a greater degree of organization. Although knowledge is confined to that conduct which
has been the target of successful police investigation, there appear to have been a number of
networks which extend cross-nationally, use sophisticated technologies of concealment, and
entail a significant degree of coordination.

Illustrative of such activity was the Wonderland Club, an international network with
members in at least 14 nations ranging from Europe, to North America, to Australia. Access to
the group was password protected, and content was encrypted. Police investigation of the
activity, codenamed "Operation Cathedral" resulted in approximately 100 arrests around the
world, and the seizure of over 100,000 images in September, 1998.

3. Telecommunications Piracy

Digital technology permits perfect reproduction and easy dissemination of print, graphics,
sound, and multimedia combinations. The temptation to reproduce copyrighted material for
personal use, for sale at a lower price, or indeed, for free distribution, has proven irresistible to
many.

This has caused considerable concern to owners of copyrighted material. Each year, it has
been estimated that losses of between US$15 and US$17 billion are sustained by industry by
reason of copyright infringement (United States, Information Infrastructure Task Force 1995,
131).

The Software Publishers Association has estimated that $7.4 billion worth of software
was lost to piracy in 1993 with $2 billion of that being stolen from the Internet (Meyer and
Underwood 1994).

Ryan (1998) puts the cost of foreign piracy to American industry at more than $10 billion
in 1996, including $1.8 billion in the film industry, $1.2 billion in music, $3.8 billion in business
application software, and $690 million in book publishing.

Page 10 of 68
 According to the Straits Times (8/11/99) A copy of the most recent James Bond Film The
World is Not Enough, was available free on the internet before its official release.

When creators of a work, in whatever medium, are unable to profit from their creations,
there can be a chilling effect on creative effort generally, in addition to financial loss.

4. Dissemination of Offensive Materials

Content considered by some to be objectionable exists in abundance in cyberspace. This

includes, among much else, sexually explicit materials, racist propaganda, and instructions for
the fabrication of incendiary and explosive devices. Telecommunications systems can also be
used for harassing, threatening or intrusive communications, from the traditional obscene
telephone call to its contemporary manifestation in "cyber-stalking", in which persistent
messages are sent to an unwilling recipient.

One man allegedly stole nude photographs of his former girlfriend and her new boyfriend
and posted them on the Internet, along with her name, address and telephone number. The
unfortunate couple, residents of Kenosha, Wisconsin, received phone calls and e-mails from
strangers as far away as Denmark who said they had seen the photos on the Internet.
Investigations also revealed that the suspect was maintaining records about the woman's
movements and compiling information about her family (Spice and Sink 1999).

In another case a rejected suitor posted invitations on the Internet under the name of a 28-
year-old woman, the would-be object of his affections that said that she had fantasies of rape and
gang rape. He then communicated via email with men who replied to the solicitations and gave
out personal information about the woman, including her address, phone number, details of her
physical appearance and how to bypass her home security system. Strange men turned up at her
home on six different occasions and she received many obscene phone calls. While the woman
was not physically assaulted, she would not answer the phone, was afraid to leave her home, and
lost her job (Miller 1999; Miller and Maharaj 1999).

One former university student in California used email to harass 5 female students in
1998. He bought information on the Internet about the women using a professor's credit card and
then sent 100 messages including death threats, graphic sexual descriptions and references to

Page 11 of 68
their daily activities. He apparently made the threats in response to perceived teasing about his
appearance (Associated Press 1999a).

Computer networks may also be used in furtherance of extortion. The Sunday Times
(London) reported in 1996 that over 40 financial institutions in Britain and the United States had
been attacked electronically over the previous three years. In England, financial institutions were
reported to have paid significant amounts to sophisticated computer criminals who threatened to
wipe out computer systems. (The Sunday Times, June 2, 1996). The article cited four incidents
between 1993 and 1995 in which a total of 42.5 million Pounds Sterling were paid by senior
executives of the organizations concerned, who were convinced of the extortionists' capacity to
crash their computer systems (Denning 1999 233-4).

5. Electronic Money Laundering and Tax Evasion

For some time now, electronic funds transfers have assisted in concealing and in moving
the proceeds of crime. Emerging technologies will greatly assist in concealing the origin of ill-
gotten gains. Legitimately derived income may also be more easily concealed from taxation
authorities. Large financial institutions will no longer be the only ones with the ability to achieve
electronic funds transfers transiting numerous jurisdictions at the speed of light. The
development of informal banking institutions and parallel banking systems may permit central
bank supervision to be bypassed, but can also facilitate the evasion of cash transaction reporting
requirements in those nations which have them. Traditional underground banks, which have
flourished in Asian countries for centuries, will enjoy even greater capacity through the use of
telecommunications.

With the emergence and proliferation of various technologies of electronic commerce,

one can easily envisage how traditional countermeasures against money laundering and tax
evasion may soon be of limited value. I may soon be able to sell you a quantity of heroin, in
return for an untraceable transfer of stored value to my "smart-card", which I then download
anonymously to my account in a financial institution situated in an overseas jurisdiction which
protects the privacy of banking clients. I can discreetly draw upon these funds as and when I may
require, downloading them back to my stored value card (Wahlert 1996).

Page 12 of 68
6. Electronic Vandalism, Terrorism and Extortion

As never before, western industrial society is dependent upon complex data processing
and telecommunications systems. Damage to, or interference with, any of these systems can lead
to catastrophic consequences. Whether motivated by curiosity or vindictiveness electronic
intruders cause inconvenience at best, and have the potential for inflicting massive harm While
this potential has yet to be realised, a number of individuals and protest groups have hacked the
official web pages of various governmental and commercial organizations for e.g.:(Rathmell
1997). http://www.2600.com/hacked_pages/ (visited 4 January 2000). This may also operate in
reverse: early in 1999 an organized hacking incident was apparently directed at a server which
hosted the Internet domain for East Timor, which at the time was seeking its independence from
Indonesia (Creed 1999).

Defence planners around the world are investing substantially in information warfare -
means of disrupting the information technology infrastructure of defence systems (Stix 1995).
Attempts were made to disrupt the computer systems of the Sri Lankan Government (Associated
Press 1998), and of the North Atlantic Treaty Organization during the 1999 bombing of Belgrade
(BBC 1999). One case, which illustrates the transnational reach of extortionists, involved a
number of German hackers who compromised the system of an Internet service provider in
South Florida, disabling eight of the ISPs ten servers. The offenders obtained personal
information and credit card details of 10,000 subscribers, and, communicating via electronic mail
through one of the compromised accounts, demanded that US$30,000 be delivered to a mail drop
in Germany. Co-operation between US and German authorities resulted in the arrest of the
extortionists (Bauer 1998).

More recently, an extortionist in Eastern Europe obtained the credit card details of
customers of a North American based on-line music retailer, and published some on the Internet
when the retailer refused to comply with his demands (Markoff 2000).

7. Sales and Investment Fraud

As electronic commerce becomes more prevalent, the application of digital technology to

fraudulent endeavours will be that much greater. The use of the telephone for fraudulent sales

Page 13 of 68
pitches, deceptive charitable solicitations, or bogus investment overtures is increasingly
common. Cyberspace now abounds with a wide variety of investment opportunities, from
traditional securities such as stocks and bonds, to more exotic opportunities such as coconut
farming, the sale and leaseback of automatic teller machines, and worldwide telephone lotteries
(Cella and Stark 1997 837-844). Indeed, the digital age has been accompanied by unprecedented
opportunities for misinformation. Fraudsters now enjoy direct access to millions of prospective
victims around the world, instantaneously and at minimal cost.

Classic pyramid schemes and "Exciting, Low-Risk Investment Opportunities" are not
uncommon. The technology of the World Wide Web is ideally suited to investment solicitations.
In the words of two SEC staff "At very little cost, and from the privacy of a basement office or
living room, the fraudster can produce a home page that looks better and more sophisticated than
that of a Fortune 500 company" (Cella and Stark 1997, 822).

8. Illegal Interception of Telecommunications

Developments in telecommunications provide new opportunities for electronic

eavesdropping. From activities as time-honoured as surveillance of an unfaithful spouse, to the
newest forms of political and industrial espionage, telecommunications interception has
increasing applications. Here again, technological developments create new vulnerabilities. The
electromagnetic signals emitted by a computer may themselves be intercepted. Cables may act as
broadcast antennas. Existing law does not prevent the remote monitoring of computer radiation.

It has been reported that the notorious American hacker Kevin Poulsen was able to gain
access to law enforcement and national security wiretap data prior to his arrest in 1991 (Littman
1997). In 1995, hackers employed by a criminal organization attacked the communications
system of the Amsterdam Police. The hackers succeeded in gaining police operational
intelligence, and in disrupting police communications (Rathmell 1997).

9. Electronic Funds Transfer Fraud

Electronic funds transfer systems have begun to proliferate, and so has the risk that such
transactions may be intercepted and diverted. Valid credit card numbers can be intercepted
electronically, as well as physically; the digital information stored on a card can be counterfeited.

Page 14 of 68
 Of course, we don't need Willie Sutton to remind us that banks are where they keep the
money. In 1994, a Russian hacker Vladimir Levin, operating from St Petersburg, accessed the
computers of Citibank's central wire transfer department, and transferred funds from large
corporate accounts to other accounts which had been opened by his accomplices in The United
States, the Netherlands, Finland, Germany, and Israel. Officials from one of the corporate
victims, located in Argentina, notified the bank, and the suspect accounts, located in San
Francisco, were frozen. The accomplice was arrested. Another accomplice was caught attempting
to withdraw funds from an account in Rotterdam. Although Russian law precluded Levin's
extradition, he was arrested during a visit to the United States and subsequently imprisoned.
(Denning 1999, 55).

The above forms of computer-related crime are not necessarily mutually exclusive, and
need not occur in isolation. Just as an armed robber might steal an automobile to facilitate a
quick getaway, so too can one steal telecommunications services and use them for purposes of
vandalism, fraud, or in furtherance of a criminal conspiracy.1 Computer-related crime may be
compound in nature, combining two or more of the generic forms outlined above.

Page 15 of 68
 OTHER TYPES OF CYBER CRIME

1. HACKING

Hacking in simple terms means an illegal intrusion into a computer system and/or
network. There is an equivalent term to hacking i.e. cracking, but from Indian Laws perspective
there is no difference between the term hacking and cracking. Every act committed towards
breaking into a computer and/or network is hacking. Hackers write or use ready-made computer
programs to attack the target computer. They possess the desire to destruct and they get the kick
out of such destruction. Some hackers hack for personal monetary gains, such as to stealing the
credit card information, transferring money from various bank accounts to their own account
followed by withdrawal of money. They extort money from some corporate giant threatening
him to publish the stolen information which is critical in nature.

Government websites are the hot targets of the hackers due to the press coverage, it
receives. Hackers enjoy the media coverage.

Motive Behind The Crime

a. Greed

b. Power

c. Publicity

d. Revenge

Page 16 of 68
 e. Adventure

f. Desire to access forbidden information

g. Destructive mindset

h. Wants to sell n/w security services

2. Child Pornography

The Internet is being highly used by its abusers to reach and abuse children sexually,
worldwide. The internet is very fast becoming a household commodity in India. Its explosion has
made the children a viable victim to the cyber crime. As more homes have access to internet,
more children would be using the internet and more are the chances of falling victim to the
aggression of pedophiles.

The easy access to the pornographic contents readily and freely available over the
internet lower the inhibitions of the children. Pedophiles lure the children by distributing
pornographic material, and then they try to meet them for sex or to take their nude photographs
including their engagement in sexual positions. Sometimes Pedophiles contact children in the
chat rooms posing as teenagers or a child of similar age, then they start becoming friendlier with
them and win their confidence. Then slowly pedophiles start sexual chat to help children shed
their inhibitions about sex and then call them out for personal interaction. Then starts actual
exploitation of the children by offering them some money or falsely promising them good
opportunities in life. The pedophiles then sexually exploit the children either by using them as
sexual objects or by taking their pornographic pictures in order to sell those over the internet.

In physical world, parents know the face of dangers and they know how to avoid & face
the problems by following simple rules and accordingly they advice their children to keep away
from dangerous things and ways. But in case of cyber world, most of the parents do not
themselves know about the basics in internet and dangers posed by various services offered over
the internet. Hence the children are left unprotected in the cyber world. Pedophiles take

Page 17 of 68
advantage of this situation and lure the children, who are not advised by their parents or by their
teachers about what is wrong and what is right for them while browsing the internet.

How Do They Operate

a. Pedophiles use false identity to trap the children/teenagers.

b. Pedophiles contact children/teens in various chat rooms which are used by children/teen
to interact with other children/teen.

c. Befriend the child/teen.

d. Extract personal information from the child/teen by winning his confidence.

e. Gets the e-mail address of the child/teen and starts making contacts on the victim e-mail
address as well.

f. Starts sending pornographic images/text to the victim including child pornographic

images in order to help child/teen shed his inhibitions so that a feeling is created in the
mind of the victim that what is being fed to him is normal and that everybody does it.

g. Extract personal information from child/teen.

h. At the end of it, the pedophile set up a meeting with the child/teen out of the house and
then drag him into the net to further sexually assault him or to use him as a sex object.

In order to prevent your child/teen from falling into the trap of pedophile, read the tips under
Tips & Tricks heading.

3. Cyber Stalking

Cyber Stalking can be defined as the repeated acts harassment or threatening behavior of
the cyber criminal towards the victim by using internet services. Stalking in General terms can be
referred to as the repeated acts of harassment targeting the victim such as following the victim,

Page 18 of 68
making harassing phone calls, killing the victims pet, vandalizing victims property, leaving
written messages or objects. Stalking may be followed by serious violent acts such as physical
harm to the victim and the same has to be treated and viewed seriously. It all depends on the
course of conduct of the stalker.

Both kind of Stalkers Online & Offline have desire to control the victims life. Majority
of the stalkers are the dejected lovers or ex-lovers, who then want to harass the victim because
they failed to satisfy their secret desires. Most of the stalkers are men and victim female.

How Do They Operate

a. Collect all personal information about the victim such as name, family background,
Telephone Numbers of residence and work place, daily routine of the victim, address of
residence and place of work, date of birth etc. If the stalker is one of the acquaintances of
the victim he can easily get this information. If stalker is a stranger to victim, he collects
the information from the internet resources such as various profiles, the victim may have
filled in while opening the chat or e-mail account or while signing an account with some
website.

b. The stalker may post this information on any website related to sex-services or dating
services, posing as if the victim is posting this information and invite the people to call
the victim on her telephone numbers to have sexual services. Stalker even uses very filthy
and obscene language to invite the interested persons.

c. People of all kind from nook and corner of the World, who come across this information,
start calling the victim at her residence and/or work place, asking for sexual services or
relationships.

d. Some stalkers subscribe the e-mail account of the victim to innumerable pornographic
and sex sites, because of which victim starts receiving such kind of unsolicited e-mails.

e. Some stalkers keep on sending repeated e-mails asking for various kinds of favors or
threaten the victim.

f. In online stalking the stalker can make third party to harass the victim.

Page 19 of 68
 g. Follow their victim from board to board. They hangout on the same BBs as their
victim, many times posting notes to the victim, making sure the victim is aware that
he/she is being followed. Many times they will flame their victim (becoming
argumentative, insulting) to get their attention.

h. Stalkers will almost always make contact with their victims through email. The letters
may be loving, threatening, or sexually explicit. He will many times use multiple names
when contacting the victim.

i. Contact victim via telephone. If the stalker is able to access the victims telephone, he
will many times make calls to the victim to threaten, harass, or intimidate them.

j. Track the victim to his/her home.

Definition of Cyber stalking

Although there is no universally accepted definition of cyber stalking, the term is used in
this report to refer to the use of the Internet, e-mail, or other electronic communications devices
to stalk another person. Stalking generally involves harassing or threatening behavior that an
individual engages in repeatedly, such as following a person, appearing at a persons home or
place of business, making harassing phone calls, leaving written messages or objects, or
vandalizing a persons property. Most stalking laws require that the perpetrator make a credible
threat of violence against the victim; others include threats against the victims immediate
family; and still others require only that the alleged stalkers course of conduct constitute an
implied threat. (1) While some conduct involving annoying or menacing behavior might fall
short of illegal stalking, such behavior may be a prelude to stalking and violence and should be
treated seriously.

Nature and Extent of Cyber stalking

An existing problem aggravated by new technology. Although online harassment and

threats can take many forms, cyber stalking shares important characteristics with offline stalking.

Page 20 of 68
Many stalkers online or offline are motivated by a desire to exert control over their victims
and engage in similar types of behavior to accomplish this end. As with offline stalking, the
available evidence (which is largely anecdotal) suggests that the majority of cyber stalkers are
men and the majority of their victims are women, although there have been reported cases of
women cyber stalking men and of same-sex cyber stalking. In many cases, the cyber stalker and
the victim had a prior relationship, and the cyber stalking begins when the victim attempts to
break off the relationship. However, there also have been many instances of cyber stalking by
strangers. Given the enormous amount of personal information available through the Internet, a
cyber stalker can easily locate private information about a potential victim with a few mouse
clicks or key strokes.

The fact that cyber stalking does not involve physical contact may create the
misperception that it is more benign than physical stalking. This is not necessarily true. As the
Internet becomes an ever more integral part of our personal and professional lives, stalkers can
take advantage of the ease of communications as well as increased access to personal
information. In addition, the ease of use and non-confrontational, impersonal, and sometimes
anonymous nature of Internet communications may remove disincentives to cyber stalking. Put
another way, whereas a potential stalker may be unwilling or unable to confront a victim in
person or on the telephone, he or she may have little hesitation sending harassing or threatening
electronic communications to a victim. Finally, as with physical stalking, online harassment and
threats may be a prelude to more serious behavior, including physical violence.

4. Phishing

In the field of computer security, phishing is the criminally fraudulent process of

attempting to acquire sensitive information such as usernames, passwords and credit card details
by masquerading as a trustworthy entity in an electronic communication. Communications
purporting to be from popular social web sites, auction sites, online payment processors or IT
Administrators are commonly used to lure the unsuspecting public. Phishing is typically carried
out by e-mail or instant messaging, and it often directs users to enter details at a fake website
whose look and feel are almost identical to the legitimate one. Even when using server
authentication, it may require tremendous skill to detect that the website is fake. Phishing is an

Page 21 of 68
example of social engineering techniques used to fool users, and exploits the poor usability of
current web security technologies. Attempts to deal with the growing number of reported
phishing incidents include legislation, user training, public awareness, and technical security
measures.

Phishing, also referred to as brand spoofing or carding, is a variation on "fishing," the

idea being that bait is thrown out with the hopes that while most will ignore the bait, some will
be tempted into biting.

A phishing technique was described in detail in 1987, and the first recorded use of the
term "phishing" was made in 1996.

Phishing email
From: *****Bank [mailto:support@****Bank.com]
Sent: 08 June 2004 03:25
To: India
Subject: Official information from ***** Bank
Dear valued ***** Bank Customer!
For security purposes your account has been
randomly chosen for verification. To verify
your account information we are asking you to
provide us with all the data we are requesting.
Otherwise we will not be able to verify your identity
and access to your account will be denied. Please click
on the link below to get to the bank secure
page and verify your account details. Thank you.
https://infinity.*****bank.co.in/Verify.jsp

****** Bank Limited

Page 22 of 68
5. Spam

Spam is a generic term used to describe electronic 'junk mail' or unwanted messages sent
to your email account or mobile phone. These messages vary, but are essentially commercial and
often annoying in their sheer volume. They may try to persuade you to buy a product or service,
or visit a website where you can make purchases; or they may attempt to trick you into divulging
your bank account or credit card details.

More information about spam is available from the Australian Communications and
Media Authority (ACMA website).

6. Scams

The power of the Internet and email communication has made it all too easy for email
scams to flourish. These schemes often arrive uninvited by email. Many are related to the well-
documented Nigerian Scam or Lotto Scams and use similar tactics in one form or another.

While the actual amount of money lost by businesses and the community is unknown, the
number of people claiming to have been defrauded by these scams is relatively low.

More information about scams is available from the Australian Competition and
Consumer Commission (ACCC) SCAM watch website and the Australian Securities and
Investments Commission FIDO website.

7. Spyware

Spyware is generally considered to be software that is secretly installed on a computer

and takes things from it without the permission or knowledge of the user. Spyware may take
personal information, business information, bandwidth; or processing capacity and secretly gives
it to someone else. It is recognized as a growing problem.

More information about taking care of spyware is available from the Department of
Broadband, Communication, and the Digital Economy (DBCDE) website.

Page 23 of 68
8. Denial Of Service Attack

This is an act by the criminal, who floods the bandwidth of the victims network or fills
his email box with spam mail depriving him of the services he is entitled to access or provide.

9. Virus Dissemination

Malicious software that attaches itself to other software. (Virus,, worms,, Trojan Horse,,
Time bomb,, Logic Bomb,, Rabbit and Bacterium are the malicious softwares).

10. Software Piracy

Theft of software through the illegal copying of genuine programs or the counterfeiting
and distribution of products intended to pass for the original.

Retail revenue losses worldwide are ever increasing due to this crime.

It can be done in various ways- End user copying, Hard disk loading,, Counterfeiting,,
Illegal downloads from the internet etc

11. Spoofing

Getting one computer on a network to pretend to have the identity of another computer,
usually one with special access privileges, so as to obtain access to the other computers on the
network..

12. Net Extortion

Copying the companys confidential data in order to extort said company for huge
amount.

13.SALAMI ATTACK

In such crime criminal makes insignificant changes in such a manner that such changes
would go unnoticed. Criminal makes such program that deducts small amount like Rs. 2.50 per
month from the account of all the customer of the Bank and deposit the same in his account. In

Page 24 of 68
this case no account holder will approach the bank for such small amount but criminal gains
huge amount.

14.SALE OF NARCOTICS

Sale & Purchase through net.

There are web sites which offer sale and shipment off contrabands drugs.

They may use the techniques off stenography for hiding the messages.

Page 25 of 68
 CLASSIFICATION OF CYBER CRIME

Mr. Pavan Duggal, who is the President of cyber laws, net and consultant, in a report has clearly
defined the various categories and types of cybercrimes.

Cybercrimes can be basically divided into 3 major categories:

1. Cybercrimes Against Persons

Cybercrimes committed against persons include various crimes like transmission of
child-pornography, harassment of any one with the use of a computer such as e-mail. The
trafficking, distribution, posting, and dissemination of obscene material including pornography
and indecent exposure, constitutes one of the most important Cybercrimes known today. The
potential harm of such a crime to humanity can hardly be amplified. This is one Cybercrime
which threatens to undermine the growth of the younger generation as also leave irreparable
scars and injury on the younger generation, if not controlled.

A minor girl in Ahmadabad was lured to a private place through cyber chat by a man,
who, along with his friends, attempted to gang-rape her. As some passersby heard her cry, she
was rescued.

Another example wherein the damage was not done to a person but to the masses is the
case of the Melissa virus. The Melissa virus first appeared on the internet in March of 1999. It
spread rapidly throughout computer systems in the United States and Europe. It is estimated that
the virus caused 80 million dollars in damages to computers worldwide.

Page 26 of 68
 In the United States alone, the virus made its way through 1.2 million computers in one-
fifth of the country's largest businesses. David Smith pleaded guilty on Dec. 9, 1999 to state and
federal charges associated with his creation of the Melissa virus. There are numerous examples
of such computer viruses few of them being "Melissa" and "love bug".

2. Cybercrimes Against Property

The second category of Cybercrimes is that of Cybercrimes against all forms of property.
These crimes include computer vandalism (destruction of others' property), transmission of
harmful programmes.

A Mumbai-based upstart engineering company lost a say and much money in the
business when the rival company, an industry major, stole the technical database from their
computers with the help of a corporate cyber spy.

3. Cybercrimes Against Government

The third category of Cybercrimes relate to Cybercrimes against Government. Cyber

terrorism is one distinct kind of crime in this category. The growth of internet has shown that the
medium of Cyberspace is being used by individuals and groups to threaten the international
governments as also to terrorize the citizens of a country. This crime manifests itself into
terrorism when an individual "cracks" into a government or military maintained website.

The Parliament of India passed its first Cyber law, the Information Technology Act in
2000. It not only provides the legal infrastructure for E-commerce in India but also at the same
time, gives draconian powers to the Police to enter and search, without any warrant, any public
place for the purpose of nabbing cybercriminals and preventing cybercrime. Also, the Indian
Cyber law talks of the arrest of any person who is about to commit a cybercrime.

The Act defines five cybercrimes damage to computer source code, hacking, publishing
electronic information which is lascivious or prurient, breach of confidentiality and publishing
false digital signatures. The Act also specifies that cybercrimes can only be investigated by an
official holding no less a rank than that of Dy. Superintendent of Police (Dy.SP).

Page 27 of 68
 It is common that many systems operators do not share information when they are
victimized by crackers. They don't contact law enforcement officers when their computer
systems are invaded, preferring instead to fix the damage and take action to keep crackers from
gaining access again with as little public attention as possible.

According to Sundari Nanda, SP, CBI, "most of the times the victims do not complain,
may be because they are aware of the extent of the crime committed against them, or as in the
case of business houses, they don't want to confess their system is not secure".

As the research shows, computer crime poses a real threat. Those who believe otherwise
simply have not been awakened by the massive losses and setbacks experienced by companies
worldwide. Money and intellectual property have been stolen, corporate operations impeded, and
jobs lost as a result of computer crime.

Similarly, information systems in government and business alike have been

compromised. The economic impact of computer crime is staggering (great difficulty).

Page 28 of 68
 REASONS FOR CYBER CRIME

Hart in his work The Concept of Law has said human beings are vulnerable so rule of law is
required to protect them. Applying this to the cyberspace we may say that computers are vulnerable
(capable of attack) so rule of law is required to protect and safeguard them against cyber crime. The
reasons for the vulnerability of computers may be said to be:

1. Capacity To Store Data In Comparatively Small Space-

The computer has unique characteristic of storing data in a very small space. This affords to
remove or derive information either through physical or virtual medium makes it much easier.

2. Easy To Access

The problem encountered in guarding a computer system from unauthorised access is that there is
every possibility of breach not due to human error but due to the complex technology. By secretly
implanted logic bomb, key loggers that can steal access codes, advanced voice recorders; retina imagers
etc. that can fool biometric systems and bypass firewalls can be utilized to get past many a security
system.

Page 29 of 68
3. Complex

The computers work on operating systems and these operating systems in turn are composed of
millions of codes. Human mind is fallible and it is not possible that there might not be a lapse at any
stage. The cyber criminals take advantage of these lacunas and penetrate into the computer system.

4. Negligence

Negligence is very closely connected with human conduct. It is therefore very probable that
while protecting the computer system there might be any negligence, which in turn provides a cyber
criminal to gain access and control over the computer system.

5. Loss Of Evidence

Loss of evidence is a very common & obvious problem as all the data are routinely destroyed.
Further collection of data outside the territorial extent also paralyses this system of crime investigation.

Page 30 of 68
 CYBER CRIMINALS

The cyber criminals constitute of various groups/ category. This division may be justified on the
basis of the object that they have in their mind. The following are the category of cyber criminals-

1. Children And Adolescents Between The Age Group Of 6 18 Years

The simple reason for this type of delinquent (A young offender) behaviour pattern in children is
seen mostly due to the inquisitiveness to know and explore the things. Other cognate reason may be to
prove themselves to be outstanding amongst other children in their group. Further the reasons may be
psychological even. E.g. the Bal Bharati (Delhi) case was the outcome of harassment of the delinquent by
his friends.

2. Organised Hackers

These kinds of hackers are mostly organised together to fulfil certain objective. The reason may
be to fulfil their political bias, fundamentalism, etc. The Pakistanis are said to be one of the best quality
hackers in the world. They mainly target the Indian government sites with the purpose to fulfil their
political objectives. Further the NASA as well as the Microsoft sites is always under attack by the hackers.

3. Professional Hackers / Crackers

Their work is motivated by the colour of money. These kinds of hackers are mostly employed to
hack the site of the rivals and get credible, reliable and valuable information. Further they are even
employed to crack the system of the employer basically as a measure to make it safer by detecting the
loopholes.

4. Discontented Employees

This group include those people who have been either sacked by their employer or are dissatisfied
with their employer. To avenge they normally hack the system of their employee.

Page 31 of 68
 MODE AND MANNER OF COMMITING CYBER CRIME

1. Unauthorized Access To Computer Systems Or Networks / Hacking

This kind of offence is normally referred as hacking in the generic sense. However the framers of
the Information Technology Act 2000 have no where used this term so to avoid any confusion we would
not interchangeably use the word hacking for unauthorized access as the latter has wide connotation.

2. Theft Of Information Contained In Electronic Form

This includes information stored in computer hard disks, removable storage media etc. Theft may
be either by appropriating the data physically or by tampering them through the virtual medium.

3. Email Bombing

This kind of activity refers to sending large numbers of mail to the victim, which may be an
individual or a company or even mail servers there by ultimately resulting into crashing.

4. Data Diddling

This kind of an attack involves altering raw data just before a computer processes it and then
changing it back after the processing is completed. The electricity board faced similar problem of data
diddling while the department was being computerised.

5. Salami Attacks

This kind of crime is normally prevalent in the financial institutions or for the purpose of
committing financial crimes. An important feature of this type of offence is that the alteration is so small
that it would normally go unnoticed. E.g. the Ziegler case wherein a logic bomb was introduced in the
banks system, which deducted 10 cents from every account and deposited it in a particular account.

Page 32 of 68
6. Denial Of Service Attack-

The computer of the victim is flooded with more requests than it can handle which cause it to
crash. Distributed Denial of Service (DDS) attack is also a type of denial of service attack, in which the
offenders are wide in number and widespread. E.g. Amazon, Yahoo.

7. Virus / Worm Attacks

Viruses are programs that attach themselves to a computer or a file and then circulate themselves
to other files and to other computers on a network. They usually affect the data on a computer, either by
altering or deleting it. Worms, unlike viruses do not need the host to attach themselves to. They merely
make functional copies of themselves and do this repeatedly till they eat up all the available space on a
computer's memory. E.g. love bug virus, which affected at least 5 % of the computers of the globe. The
losses were accounted to be $ 10 million. The world's most famous worm was the Internet worm let loose
on the Internet by Robert Morris sometime in 1988. Almost brought development of Internet to a
complete halt.

8. Logic Bombs

These are event dependent programs. This implies that these programs are created to do
something only when a certain event (known as a trigger event) occurs. E.g. even some viruses may be
termed logic bombs because they lie dormant all through the year and become active only on a particular
date (like the Chernobyl virus).

9. Trojan Attacks

This term has its origin in the word Trojan horse. In software field this means an unauthorized
programme, which passively gains control over anothers system by representing itself as an authorised
programme. The most common form of installing a Trojan is through e-mail. E.g. a Trojan was installed
in the computer of a lady film director in the U.S. while chatting. The cyber criminal through the web cam
installed in the computer obtained her nude photographs. He further harassed this lady.

Page 33 of 68
10. Internet Time Thefts

Normally in these kinds of thefts the Internet surfing hours of the victim are used up by another
person. This is done by gaining access to the login ID and the password. E.g. Colonel Bajwas case- the
Internet hours were used up by any other person. This was perhaps one of the first reported cases related
to cyber crime in India. However this case made the police infamous as to their lack of understanding of
the nature of cyber crime.

11. Web Jacking

This term is derived from the term hi jacking. In these kinds of offences the hacker gains access
and control over the web site of another. He may even mutilate or change the information on the site. This
may be done for fulfilling political objectives or for money. E.g. recently the site of MIT (Ministry of
Information Technology) was hacked by the Pakistani hackers and some obscene matter was placed
therein. Further the site of Bombay crime branch was also web jacked. Another case of web jacking is
that of the gold fish case. In this case the site was hacked and the information pertaining to gold fish was
changed. Further a ransom of US $ 1 million was demanded as ransom. Thus web jacking is a process
where by control over the site of another is made backed by some consideration for it.

Page 34 of 68
 FINANCIAL SECTOR

Financial services are the economic services provided by the finance industry, which
encompasses a broad range of organizations that manage money, including credit
unions, banks, credit card companies, insurance companies, consumer
finance companies, stock brokerages, investment funds and some government
sponsored enterprises. As of 2004, the financial services industry represented 20% of
the market capitalization of the S&P 500 in the United States.

The term "financial services" became more prevalent in the United States partly as a result of
the Gramm-Leach-Bliley Act of the late 1990s, which enabled different types of companies
operating in the U.S. financial services industry at that time to merge.[2]
Companies usually have two distinct approaches to this new type of business. One approach
would be a bank which simply buys an insurance company or an investment bank, keeps the
original brands of the acquired firm, and adds the acquisition to its holding company simply to
diversify its earnings. Outside the U.S. (e.g., in Japan), non-financial services companies are
permitted within the holding company. In this scenario, each company still looks independent,
and has its own customers, etc. In the other style, a bank would simply create its own brokerage
division or insurance division and attempt to sell those products to its own existing customers,
with incentives for combining all things with one company.

Page 35 of 68
The financial sector is a component of a nation's economy created by the ebb and flow of capital
in the financial industry. Financial services include everything from personal banking to the
insurance industry, and they can make up a sizable portion of a nation's economy. Evaluation of
the true value of the financial sector can be complicated, as the financial industry involves a great
deal of paper pushing which can sometimes be difficult to track and pin down.

Financial institutions like banks, insurance companies, brokerage houses, investment firms, and
so forth are all part of the financial sector. They can trade capital in a variety of ways, including
funds, derivatives, investments, debt instruments, and so forth, with much of the
financial sector being dependent on the extension of credit.

Consumers interact directly with the financial sector every time they apply for a credit card,
deposit a paycheck in a bank, or take out a home loan, and these actions occur on a much
larger scale between institutions and companies.

One of the pinnacles of the financial sector is Wall Street in the United States. As a physical
place, Wall Street houses some of the biggest powerhouses in the global financial industry,
including the New York Stock Exchange and numerous multi-billion dollar firms. Wall Street is
also sometimes discussed as an entity, and a metaphor for the financial sector as a whole,
especially in political campaign rhetoric.

Page 36 of 68
 Financial Sector of India
Financial Sector of India is intrinsically strong, operationally sundry and exhibits competence
and flexibility besides being sensitive to Indias economic aims of developing a market oriented,
industrious and viable economy.

An established financial sector assists greater standards of endowments and endorses

expansion in the economy with its intensity and exposure. The fiscal sector in India entails
banks, financial organization, markets and services. The sector is classified as organized and
conventional sector that is also recognized as unofficial finance market.

Fiscal transactions in an organized industry are executed by a number of financial organizations

which are commercial in nature and offer monetary services to the society. Further classification
includes banking and non-banking enterprises, often recognized as activities that are client
specific.

The chief controller of the finance in India is the Reserve Bank of India (RBI) and is regarded as
the supreme organization in the fiscal structure. Other significant fiscal organizations are
business banks, domestic rural banks, cooperative banks and development banks. Non-banking
fiscal organizations entail credit and charter firms and other organizations like Unit Trust of
India, Provident Funds, Life Insurance Corporation, Mutual funds, GIC, etc.

Financial Sector of India Eligibility for government autonomy

Mentioned below are certain criterions that are required to be fulfilled for acquiring government
autonomy in India:

Availability of sufficient fund of up to 8%

Accessibility of total non-performing wealth of below 9%

Minimum net possessed funds of more than USD 2.5 million and net revenues of
minimum past three years.

Financial institutions that satisfy the abovementioned requirements will be authorized

functional independence in almost all managerial areas.

Financial Sector of India RBI guidelines for NBFC's

The Reserve Bank of India has relaxed its guidelines for the operation of non-bank finance
companies (NBFCs) in India considering the various investments from the investors. It has also
permitted leasing of machinery and rent-buying credit firms with endowment level rankings to
avail public savings increase the maximum limit on the amount of public investments on these
NBFCs that may allow and expand the closing date for observance on its norms by two years.

The fiscal competitiveness of several NBFCs persists to be of importance to the administration

and reserve bank of India controllers. There is a significant merging activity in this industry as
NBFCs are regulated by stringent yardsticks that are obligatory to fulfill.

Page 37 of 68
In addition, India has entered into new agreements with WTO in the area of fiscal services in
Geneva on December 1997.

Financial Sector of India Chief Characteristics

Some of the major characteristics of Financial Sector of India are:

The financial sector of India allows Most Favored Nation (MFN) reputation to all
international banks and firms offering financial facilities.

The sector has relaxed previous MFN tax exemption on banking activities.

Allows 12 new financial bank division authorizations every year to international banks,
that is higher as compared to the existing 8 every year.

Raises the 10% limit of reinsurance by insurance firms in India.

Permits 51% foreign endowment in fiscal advisory, issuing, hiring, business enterprise
capital, business banking and non-banking credit firms.

Page 38 of 68
 CYBER CRIME IN FINANCIAL SECTOR

CYBERCRIME SENDING SHOCKWAVES THROUGH FINANCIAL

SECTOR

Cybercrime is shifting to the top of risk management priority lists in the financial sector.
Wherever money goes, hackers are sure to follow. That logic held true in a
recent survey conducted by PricewaterhouseCoopers (PwC), which showed cybercrime placing
a significant strain on the global financial sector.

"The rise in cybercrime is not so surprising given the sector holds large volumes of the type of
data cybercriminals are interested in and there is an established underground economy
servicing the needs of the market for stolen and compromised data," explained PwC forensic
services partner Andrew Clark. "However, our survey shows cybercrime accounts for a much
greater proportion of economic crime in the [financial services] sector than in other industries."
According to PwC research, cybercrime is now the second most commonly reported economic
crime affecting financial services firms.

Only asset misappropriation, such as rogue trading and embezzlement, was deemed a more
serious risk by responding companies. In fact, the report found that cybercrime was responsible
for 38 percent of all economic crimes observed in the financial sector, compared to the average
rate of 16 percent seen across all other industries.

Nearly half of all responding companies from the financial sector fell victim to fraud in the past
12 months, reflecting a marked increase from the 30 percent cross-industry average. These
figures are not surprising considering the value of the assets held by financial institutions, but
there are a number of ongoing developments contributing to the rise of cybercrime seen in
recent months.

Once again, the perceived level of data security risk was highest among respondents in the
financial sector, reflecting a growing awareness of the unique threats posed by mobile banking
services and applications. According to market research from comScore, mobile banking gained

Page 39 of 68
significant traction in 2011, as institutions catered to the evolving demands of the customers
with an array of new applications.

"There continues to be areas of opportunity for increasing consumer engagement across both
fixed Internet and mobile platforms," explained com Score executive Sarah Lenart. "Financial
institutions who want to ensure they are meeting their customers' needs must continue to
expand and refine digital marketing strategies in 2012 to increase penetration and
engagement."

But as market demands push banks into the era of mobility, few are truly equipped to address
the widespread and complex data protection challenges. According to PwC analysts, just 18
percent of responding institutions met established criteria for sound cybercrime incident
response strategies. This is especially concerning in an era when hackers need only a few
moments to infiltrate a network, pilfer sensitive corporate or consumer data and leave without a
trace.

"Overall responsibility for managing cybercrime risks rests with senior management," report
authors concluded. "It is therefore essential that senior management understand the potential
risks and opportunities the cyber world can present and ensure that there is clear accountability
and responsibility for dealing with these risks and opportunities."

There was some evidence to suggest that executive awareness is on the rise. As IT teams and
compliance officers do a better job of communicating the business implications of data security
frailties, more than half of responding financial professionals built the link between digital threats
and operational consequences by citing reputational damage as a leading concern.

Page 40 of 68
 WHAT IS FINANCIAL ABUSE AND FINANCIAL CRIME
1. While there seems to be broad agreement on the meaning of such concepts as
money laundering, corruption, and tax evasion, the terms financial abuse and
financial crime are far less precise, and in fact are sometimes used interchangeably.

To assure clarity, including for the operational implications for the Fund and the
Bank, definitions are provided below.

2. Usage of these terms (see Annex I) suggests that, among them, financial
abuse has the broadest meaning, encompassing not only illegal activities that may
harm financial systems, but also other activities that exploit the tax and regulatory
frameworks with undesirable results (see Figure 1). When financial abuse involves
financial institutions (or financial markets), it is sometimes referred to as financial
sector abuse.

Financial crime, which is a subset of financial abuse, can refer to any non-violent
crime that generally results in a financial loss, including financial fraud. It also
includes a range of illegal activities such as money laundering and tax evasion.

3. More precise definitions of financial abuse, financial crime, money laundering,

and related concepts are presented below.

Figure 1. Concepts of Financial Abuse Factors Contributing to Financial Abuse

Poor regulatory and supervisory frame work (e.g., excessive bank secrecy, lack
of disclosure rules and effective fiduciary rules for investors and their agents).

Harmful tax practices

Types of Financial Abuse

Page 41 of 68
Financial Sector Crime Other Financial Crime Other Financial
Abuse
Money laundering

Financial fraud (e.g., check, credit card, mortgage, or insurance fraud)

Tax evasion

Circumvention of exchange restrictions

Sale of fictitious financial instruments or insurance policies

Embezzlement of non-financial institutions

Tax evasion

Stock manipulation

Other

Tax avoidance

Connected party lending

Stock manipulation

Other

Financial abuse

Usage of the terms financial abuse and financial crime,

indicate that its meaning varies on different occasions .

To clarify usage, it is helpful to distinguish clearly between factors or incentives that

facilitate or encourage financial abuse, such as poor regulatory and supervisory
frameworks and weak tax systems, and activities that constitute financial abuse.
Accordingly, the concept of financial abuse is interpreted in a very broad sense, as
including illegal financial Annex I provides examples from international usage. As
regards national usages, the Edwards Report, commissioned by the United Kingdom
in 1998, discusses money laundering, tax evasion, drug trafficking, and fraud as

Page 42 of 68
well as illegal capital flight under the general title of financial crime and money
laundering. (See Home Department, Review of Financial Regulation in the Crown
Dependencies, Command Paper,

November 1998, Chapters 14 and 15.) The International Narcotics Strategy Report
of the U.S. Department of State discusses money laundering along with other
financial crimes and tax evasion, and stresses that excessive bank secrecy laws
make financial systems vulnerable to abuse from criminal activities, ranging from
terrorism to tax evasion. (See U.S. Department of State, Bureau for International
Narcotics and Law Enforcement Affairs, International Narcotics Control Strategy
Report, Money Laundering and Financial

Crimes, March 1999.)- -activities, many of which have the potential to harm
financial systems, and legal activities that exploit undesirable features of tax and
regulatory systems.

. Countries also have different legal characterization of specific acts, such as

money laundering, corruption, and tax evasion. For example, considerable variation
exists among countries as to which crimes may give rise to proceeds that may be
laundered. The concept of corruption is also not uniformly defined. For example, in
some countries so-called facilitation or grease payments given to induce foreign
public officials to perform their functions are not illegal, while in others, these are
treated as illegal bribes.

Agreement is also absent as to other types of financial crime. Some countries

consider very low tax rates as abusive or harmful tax competition while others do
not.

Differences also exist on what is excessive in excessive bank secrecy.

Differences exist among jurisdictions as to what acts constitute crimes, which raise
questions as to which domestic laws one country may help another in enforcing. For
example, some countries maintain a broad range of exchange controls (e.g., capital
controls), violations of which are financial crimes. These financial crimes may not,
however, be crimes in other countries.

Financial crime

No internationally accepted definition of financial crime exists.

Rather, the term expresses different concepts depending on the jurisdiction and
on the context. This paper interprets financial crime in a broad sense, as any non-
violent crime resulting in a financial loss. When a financial institution is involved, the
term financial sector crime is used.

Page 43 of 68
This difference among jurisdictions is reflected in the Organization for Economic
Cooperation and Development (OECD) Convention on Combating Bribery of Officials
in International Business Transactions ("OECD Anti-Bribery Convention"), which in
requiring signatories to make the bribery of foreign public officials a crime excludes
facilitation payments. See Article 1, OECD Anti-Bribery Convention (entered into
force February 15, 1999); Article 1, Commentaries on the OECD Anti-Bribery
Convention (adopted by the Negotiating Conference on November 21, 1997).

See Annex II for the OECD concept of harmful tax competition.

Bank secrecy or customer confidentiality is rightfully expected by bank customers

and normally is protected by law. It embodies some level of protection of
confidentiality of information on individual and business affairs from others,
including from government. However, bank supervisors normally have access to
such information but cannot share it with government agencies. Banks separately
provide information on interest income to tax authorities.

Annex III surveys the evolving forms of financial crime.

Financial institutions can be involved in financial crime in three ways: as victim, as

perpetrator, or as an instrumentality.

Under the first category, financial institutions can be subject to the different types
of fraud including, e.g., misrepresentation of financial information, embezzlement,
check and credit card fraud, securities fraud, insurance fraud, and pension fraud.
Under the second (less common) category, financial institutions can commit
different types of fraud on others, including, e.g., the sale of fraudulent financial
products, self dealing, and misappropriation of client funds.

In the third category are instances where financial institutions are used to keep or
transfer funds, either wittingly or unwittingly, that are themselves the profits or
proceeds of a crime, regardless of whether the crime is itself financial in nature. One
of the most important examples of this third category is money laundering.

1. Financial institutions can be used as an instrumentality to keep or transfer the

proceeds of a crime. In addition, whenever a financial institution is an
instrumentality of crime, the underlying, or predicate, crime is itself often a financial
crime.

There is a growing perception in many key jurisdictions that the most rapidly
growing category of predicate crimes are financial, although illegal drug trafficking
remains a major predicate crime. Although the circumstances vary from country to
country, the preeminence of financial crimes as predicate offenses is found mainly:

(i)In major financial centers, and

Page 44 of 68
(ii) In the location of a financial institution (e.g., where the criminal profits are
laundered) which may be a different location from where the predicate crime was
committed.

THE ECONOMIC EFFECTS OF FINANCIAL ABUSE & FINANCIAL

CRIME
1. Financial system abuse has potentially negative consequences for a country's
macro economic performance, impose welfare losses, and may also have
negative cross border negative externalities. Globalization and financial
market integration in particular facilitates financial abuse. This section briefly
reviews the very limited empirical and indirect evidence on the magnitude of
financial system abuse, financial crime, and money laundering.

2.. Trust underpins the existence and development of financial markets. The
effective functioning of financial markets relies heavily on the expectation that high
professional, legal, and ethical standards are observed and enforced. A reputation
for integritysoundness, honesty, adherence to standards and codesis one of the
most valued assets by investors.

For example, black market peso exchange system, the so-called hawala or hundi
system of informal banking found in South Asia, and East Asian system originally
based on chits or tokens (see FATF, Report on Money Laundering Typologies, 1999-
2000, February 3, 2000).

For example, a U.S. State Departments Report viewed bribery and corruption as
important factors in criminal exploitation of financial systems and institutions (see
The U.S. Department of State, Bureau for International Narcotics and Law
Enforcement Affairs, International Narcotics Control Strategy Report, Money
Laundering and Financial Crimes, March 1999).

3.Tax competition, or harmful tax practices and their impact, will be addressed in a
future staff paper financial institutions, and jurisdictions.

Various forms of financial system abuse may compromise financial institutions and
jurisdictions reputation, undermine investors trust in them, and therefore weaken
the financial system. The important link between financial market integrity and
financial stability is underscored in the Basel Core Principles for Effective
Supervision and in the Code of Good Practices on Transparency in Monetary and
Financial Policies, particularly those principles and codes that most directly address

Page 45 of 68
the prevention, uncovering, and reporting of financial system abuse, including
financial crime, and money laundering.

4. Financial system abuse may have other negative macroeconomic

consequences. For example, it could compromise bank soundness with potentially
large fiscal liabilities, lessen the ability to attract foreign investment, and increase
the volatility of international capital flows and exchange rates. In the era of very
high capital mobility, abuse of the global financial system makes national tax
collection and law enforcement more difficult. Financial system abuse, financial
crime, and money laundering may also distort the allocation of resources and the
distribution of wealth and can be costly to detect and eradicate.

A common theme in research is that if crime, underground activity and the

associated money laundering take place on a sufficiently large scale, then
macroeconomic policymakers must take them into account.

AUTOMATED TELLER MACHINE

The traditional and ancient society was devoid of any monetary instruments and the
entire exchange of goods and merchandise was managed by the barter system. The use of
monetary instruments as a unit of exchange replaced the barter system and money in various
denominations was used as the sole purchasing power. The modern contemporary era has
replaced these traditional monetary instruments from a paper and metal based currency to
plastic money in the form of credit cards, debit cards, etc. This has resulted in the increasing
use of ATM all over the world. The use of ATM is not only safe but is also convenient. This

Page 46 of 68
safety and convenience, unfortunately, has an evil side as well that do not originate from the use
of plastic money rather by the misuse of the same. This evil side is reflected in the form
of ATM FRAUDS that is a global problem. The use of plastic money is increasing day by day
for payment of shopping bills, electricity bills, school fees, phone bills, insurance premium,
travelling bills and even petrol bills. The convenience and safety that credit cards carry with its
use has been instrumental in increasing both credit card volumes and usage. This growth is not
only in positive use of the same but as well as the negative use of the same. The world at large is
struggling to increase the convenience and safety on the one hand and to reduce it misuse on the
other.

Page 47 of 68
WAYS TO CARD FRAUDS

Some of the popular techniques used to carry out ATM crime are:

1. Through Card Jamming ATMs card reader is tampered with in order to trap a customers
card. Later on the criminal removes the card.

2. Card Skimming, is the illegal way of stealing the cards security information from the cards
magnetic stripe.

3. Card Swapping, through this customers card is swapped for another card without the
knowledge of cardholder.

4. Website Spoofing, here a new fictitious site is made which looks authentic to the user and
customers are asked to give their card number. PIN and other information, which are used to
reproduce the card for use at an ATM.

5. Physical Attack. ATM machine is physical attacked for removing the cash.

Page 48 of 68
 HOW TO USE CASH MACHINE

Be aware of others around you. If someone close by the cash machine is behaving
suspiciously or makes you feel uncomfortable, choose another .Make sure you check the
machine before you use it for any signs of tampering. Examine the machine for stick on boxes,
stick on card entry slots etc. If you find it difficult to get your card into the slot, do not use it, go
to another machine.

Page 49 of 68
 If
there
is

anything unusual about the cash machine report it to the bank and police or the owner of the
premises immediately. Under no circumstances should members of the public attempt to remove
a device as its possible the offender may be nearby.

HOW TO USE A CASH MACHINE

1. Give other users space to enter their personal identity number (PIN) in private.

2. Be aware of your surroundings. If someone is crowding or watching you, cancel the

transaction and go to another machine. Take your card with you.

3. Do not accept help from "well meaning" strangers and never allow yourself to be distracted.

4. Stand close to the cash machine and always shield the keypad to avoid anyone seeing you
enter your PIN.

Page 50 of 68
What Precaution Should Be Taken While Leaving Cash Machine

Once you have completed a transaction, discreetly put your money and card away before
leaving the cash machine.

If you lose your card in a cash machine, cancel the card immediately with the card
issuers 24-hour emergency line, which can be found on your last bank statement. Do not assume
that your bank automatically knows that the machine has withheld your card. Again, beware of
help offered by "well meaning strangers".

Dispose of your cash machine receipt, mini-statement or balance enquiry slip with care.
Tear up or preferably shred these items before discarding them.

1. Card Fraud Also Happens In The Home:

Cardholders should also be warned of the risks of verifying bank details at home in
unsolicited telephone conversations. Always call the person back using the advertised customer
telephone number, not the telephone number they may give you.

2. Do Not Click On Hyperlinks Sent To You By Email Asking You To Confirm

Your Bank Details Online:

Hyperlinks are links to web pages that have been sent to you by email and may open a
dummy website designed to steal your personal details. Phone your bank instead on their main
customer number or access your account using the bank's main website address.

Use good antivirus and firewall protection.

3. NEVER Write Down Your Pin:

People make life very easy for pickpockets if they write down their PIN and keep it in
their purse or wallet. Do not write down your PIN. If you have been given a number that you
find difficult to remember, take your card along to a cash machine and change the number to one
that you will be able to remember without writing it down.

Page 51 of 68
PREVENTION FOR ATM CARDS

Most ATM frauds happen due to the negligence of customers in using, and more
importantly, negligence of banks in educating their customers about the matters that should be
taken care of while at an ATM. The number of ATM frauds in India is more in regard to
negligence of the Personal Identification Number (PIN), than by sophisticated crimes like
skimming. Banks need to develop a fraud policy the policy should be written and distributed
to all employees, borrowers and depositors.

The most important aspect for reducing ATM related fraud is to educate the customer.
Here is a compiled list of guidelines to help your customer from being an ATM fraud victim:

1. Look for suspicious attachments. Criminals often capture information through ATM
skimming using devices that steal magnetic strip information. At a glance, the skimmer looks
just like a regular ATM slot, but its an attachment that captures ATM card numbers. To spot one,
the attachment slightly protrudes from the machine and may not be parallel with the inherent
grooves. Sometimes, the equipment will even cut off the printed labels on the ATM. The
skimmer will not obtain PIN numbers, however. To get that, fraudsters place hidden cameras
facing the ATM screen. Theres also the helpful bystander (the criminal) who may be standing by
to kindly inform you the machine has had problems and offer to help. If you do not feel safe at
any time, press the ATM cancel button, remove your card and leave the area immediately.

2. Minimize your time at the ATM. The more time you spend at the ATM, the more vulnerable
you are. If you need to update your records after a transaction, one is advised do it at home or
office, but not while at the ATM. Even when depositing a cheque at the ATM, on should not
make/sign the cheque at the ATM. After the transaction, if you think you are being followed, go
to an area with a lot of people and call the police.

3. Make smart deposits. Some ATMs allow you to directly deposit checks and cash into your
accounts without stuffing envelopes. As for the envelope-based deposits, make sure they go
through if it gets jammed and it doesnt fully go into the machine, the next person can walk up
and take it out. After having made the ATM deposit, compare your records with the account
statements or online banking records.

Page 52 of 68
INDIAN SCENARIO

In India, where total number of installed ATMs base is far less than many developed
countries. ATM-related frauds are very less. But they could increase as more and more ATMs
will penetrate in the country, the bank should create awareness among customers about the card-
related frauds to reduce the number of frauds in future. In India, Indian Banks Association (IBA)
can take lead to kick started.

The ATM fraud is not the sole problem of banks alone. It is a big threat and it requires a
coordinated and cooperative action on the part of the bank, customers and the law enforcement
machinery. The ATM frauds not only cause financial loss to banks but they also undermine
customers confidence in the use of ATMs. This would deter a greater use of ATM for monetary
transactions. It is therefore in the interest of banks to prevent ATM frauds.

There is thus a need to take precautionary and insurance measures that give greater
protection to the ATMs, particularly those located in less secure areas. The nature and the
extent of precautionary measures to be adopted will, however, depend upon the requirements of
the respective banks.

Page 53 of 68
 WHAT IS FINANCIAL CRIMEA SURVEY OF CONCEPTS

There is no single, broadly accepted understanding of the meaning of the term

financial crime. Rather, the term has been used to describe a number of different
concepts of varying levels of specificity. At its absolute broadest, the term has
occasionally been used to refer to any type of illegal activity that result in a
pecuniary loss.

This would include violent crimes against the person or property such as armed
robbery or vandalism. At its next broadest, the term has often been used to refer
only to non-violent crimes that result in a pecuniary loss.

This would include crimes where a financial loss was an unintended consequence of
the perpetrators actions, or where there was no intent by the perpetrator to realize
a financial gain for himself or a related party (e.g. when a perpetrator hacks into a
banks computer and either accidentally or intentionally deletes an unrelated
depositors account records.) Also, the term has occasionally been used slightly
more narrowly to refer only to instances where the perpetrator intends to benefit
from the crime.

Either way, criminal fraud (i.e. the act of illegally deceiving or misrepresenting
information so as to gain something of value) for personal benefit is undoubtedly
the most common. The term has been used in a more narrow sense to refer only to
those instances where a nonviolent crime resulting in a pecuniary loss crime also
involves a financial institution. Financial institutions can play one of three roles:

(i) Perpetrator,
(ii) Victim, or
(iii) Knowing or unknowing instrumentality of crime. Of these, the most
common are probably when the financial institution is a victim of fraud
and when it is used as an instrumentality for money laundering.

Some of the more common examples of the former include credit card fraud, check
fraud, mortgage fraud, insurance fraud, pension fund fraud, and securities and
investment fraud.

Page 54 of 68
With the ongoing development and increasing sophistication of commercial and
financial enterprises, coupled with the consequences of globalization, the range and
diversity of financial crime is likely to increase.

The prevention of and fight against organised crime in the

financial sector

PREVENTION

Because of the nature of Cyber money laundering, no country can effectively deal with it
in isolation. Cyber money laundering has to be dealt with at organizational [Bank or Financial
Institution], national and international levels.

This Communication aims to identify those areas where new initiatives may be
needed to strengthen the fight against organised financial crime. This covers a
range of illegal activities, including money laundering, financial fraud and
counterfeiting of the Euro when committed by criminal organisations.

Organised financial crime undermines legitimate economic actors and strengthens

the shadow economy, thus diminishing economic growth and public resources.

The fight against organised financial crime is important since reducing such
crime has a broader impact on the fight against organised crime generally. Given
that money is the lifeblood of organised crime, removing access by organised crime
groups to money is bound to erode their power base

Page 55 of 68
 CASE STUDY

INDIA'S FIRST ATM CARD FRAUD

The Chennai City Police have busted an international gang involved in cyber crime, with
the arrest of Deepak Prem Manwani (22), who was caught red-handed while breaking into an
ATM in the city in June last, it is reliably learnt. The dimensions of the city cops' achievement
can be gauged from the fact that they have netted a man who is on the wanted list of the
formidable FBI of the United States. At the time of his detention, he had with him Rs 7.5 lakh
knocked off from two ATMs in T Nagar and Abiramipuram in the city. Prior to that, he had
walked away with Rs 50,000 from an ATM in Mumbai.

While investigating Manwani's case, the police stumbled upon a cyber crime involving
scores of persons across the globe.

Manwani is an MBA drop-out from a Pune college and served as a marketing executive
in a Chennai-based firm for some time.

Interestingly, his audacious crime career started in an Internet cafe. While browsing the
Net one day, he got attracted to a site which offered him assistance in breaking into the ATMs.
His contacts, sitting somewhere in Europe, were ready to give him credit card numbers of a few
American banks for $5 per card. The site also offered the magnetic codes of those cards, but
charged $200 per code. The operators of the site had devised a fascinating idea to get the
personal identification number (PIN) of the card users. They floated a new site which resembled
that of a reputed telecom companies.

That company has millions of subscribers. The fake site offered the visitors to return
$11.75 per head which, the site promoters said, had been collected in excess by mistake from

Page 56 of 68
them. Believing that it was a genuine offer from the telecom company in question, several lakh
subscribers logged on to the site to get back that little money, but in the process parted with their
PINs.

Armed with all requisite data to hack the bank ATMs, the gang started its systematic
looting. Apparently, Manwani and many others of his ilk entered into a deal with the gang behind
the site and could purchase any amount of data, of course on certain terms, or simply enter into a
deal on a booty-sharing basis.

Meanwhile, Manwani also managed to generate 30 plastic cards that contained necessary
data to enable him to break into ATMS.

He was so enterprising that he was able to sell away a few such cards to his contacts in
Mumbai. The police are on the lookout for those persons too.

On receipt of large-scale complaints from the billed credit card users and banks in the United
States, the FBI started an investigation into the affair and also alerted the CBI in New Delhi that
the international gang had developed some links in India too.

Manwani has since been enlarged on bail after interrogation by the CBI. But the city police
believe that this is the beginning of the end of a major cyber crime.

Page 57 of 68
 GENERAL TIPS ON AVOIDING POSSIBLE INTERNET FRAUD
SCHEMES

1. Don't Judge by Initial Appearances

It may seem obvious, but consumers need to remember that just because something
appears on the Internet - no matter how impressive or professional the Web site looks - doesn't
mean it's true. The ready availability of software that allows anyone, at minimal cost, to set up a
professional-looking Web site means that criminals can make their Web sites look as impressive
as those of legitimate e-commerce merchants.

2. Be Careful About Giving Out Valuable Personal Data Online

If you see e-mail messages from someone you don't know that ask you for personal data -
such as your Social Security number, credit-card number, or password - don't just send the data
without knowing more about who's asking. Criminals have been known to send messages in
which they pretend to be (for example) a systems administrator or Internet service provider
representative in order to persuade people online that they should disclose valuable personal
data.

3. Be Especially Careful About Online Communications with Someone Who Conceals His
True Identity

If someone sends you an e-mail in which he refuses to disclose his full identity, or uses an
e-mail header that has no useful identifying data (e.g., "W6T7S8@provider.com"), that may be
an indication that the person doesn't want to leave any information that could allow you to
contact them later if you have a dispute over undelivered goods for which you paid. As a result,
you should be highly wary about relying on advice that such people give you if they are trying to
persuade you to entrust your money to them.

Page 58 of 68
4. Watch Out for "Advance-Fee" Demands

In general, you need to look carefully at any online seller of goods or services who wants
you to send checks or money orders immediately to a post office box; before you receive the
goods or services you've been promised. Legitimate startup "dot.com" companies, of course, may
not have the brand-name recognition of long-established companies, and still be fully capable of
delivering what you need at a fair price. Even so, using the Internet to research online companies
that aren't known to you is a reasonable step to take before you decide to entrust a significant
amount of money to such companies.

5. SUGGESTIONS ON CYBER MONEY LAUNDERING

Because of the nature of Cyber money laundering, no country can effectively deal with it
in isolation. Cyber money laundering has to be dealt with at organizational [Bank or Financial
Institution], national.

AT ORGANIZATIONAL [BANK] LEVEL

The banking and other financial organizations can reduce the quantum of money
laundering by following the guidelines issued by central banks of respective countries in letter
and spirit. The old principle of Knowing the customer well will help a great deal.

AT NATIONAL LEVEL

Some countries liken UK have taken proactive steps to control this crime, which could be
cumulated by others. In UK, deposit taking institutions (including banks) are expected to report
suspicious transactions to the law enforcement authorities.

Page 59 of 68
 ARTICLE ON CYBER CRIMES IN FINANCIAL SECTOR

Cyber Crime in the financial sector

W RITTEN BY RAOUL CHIESA

A few months ago, I encountered in an article by Ian Rowan at Switched.com reporting the news
of a computer consultant that siphoned $1M USD from a Utah Bank. Also Memento security
commented the article on April 27th explaining how An IT contractor hired to fix some bugs in a
recent computer upgrade used his system access to make fraudulent electronic transfers into
accounts under his control. He allegedly used the funds to remodel his home, pay off his two car
notes, and cover a few mortgage payments. The fraud came to light when his business partner
reported the suspicious transactions.

We are talking about the same old

story that plays over, again and
again. Infosec s1 portals are totally
filled by this kind of news, ranging
from the highly orchestrated
organized-crime actions up to the
one-man crime approach.
Lets take in consideration a couple
of cases, one very recent and the
other rather old. This latter one is
the LGT case, also known as The
Lichtenstein Tax Affair.
Mr. Kieber, an employee at LGT Bank, allegedly stole customers financial data and sold them to
an Intelligence Agency. The peculiar aspect here is that Mr. Kieber was already sought by an
international warrant issued by Spain back in 1997 for running a 600.000 CHF check-fraud. A
bank, where privacy is the fundamental value to be assured to its customers shouldnt have
hired a man with that kind of background in the first place. We may also discuss IT procedures
and checks, as well as Counter-Fraud and Privacy security policies and rules used by the
violated institution. But thats not the real point.

The second example I would like to talk about is even more peculiar. In October 2008, a US

Page 60 of 68
Payment Gateway(2), RBS World Pay, was hacked. The attackers hacked into the credit cards
(CC) database and, apparently, were able to own it completely. No one noticed the break-in and
nothing happened, until a few months later. On January 9th, 2009, a 24-hour withdraw operation
was run among three continents (USA, Asia, Europe). One hundred mules withdrew $9 million
USD in a 24-hour timeframe, leaving no traces behind, except in some cases, where pictures
were shot from the ATMs themselves. .

More than 130 ATMs in 49 cities (from Moscow to Atlanta, to get the idea) were affected by the
attacks. Curious to say, a nearly identical attack happened in 2007, when I Wire (a payment
card company) encountered losses of $5 million USD.

Obviously, if a world-wide known bank, a payment gateway and a payment card company have
all been somehow violated, this means that no one can be totally secure: nothing is 100%
secure.
Nevertheless, I would like to bring the readers attention towards other points and thoughts, far
from the IT Securitys standard approaches. These kinds of crimes will continue, they will never
stop. They will increase in number daily, reaching unimaginable amounts of money. Cybercrime,
intended as all the various sorts of e-crimes, is the most profitable criminal activity ever seen,
much more than international drug dealing and human trafficking. Cyber crime usually involves
a few risks, and typically doesnt require the authors to show up and physically expose
themselves.

Also, the de-facto international approach and MO (Modus Operandi) of these crimes
complicates the law enforcement agencies investigations, information exchange, dialogues and
collaboration, while the laws and the international agreements among different legislation
systems would not always work out, especially in some countries. These countries, obviously,
are among those ones preferred by e-criminals.

Just to give the idea, the 2007 financial turnover for RBN (Russian Business Network), one of
the most important and distributed criminal organizations in the Internet area, was more than $2
Billion USD. RBN has been credited for creating nearly half of 2007s phishing incidents
worldwide, being also specialized in the distribution of malicious codes, hosting malicious Web
sites, developing and selling specialized malware and 0-day exploits. This means money, a lot
of it too.

Thats why cybercrime will constantly represent an issue, now and in the upcoming future.
Thats why I do get amazed when reading news about IT consultants who stole money from
their clients, customers or companies they worked at. Frankly speaking, rather than getting

Page 61 of 68
shocked, I get angry. Todays world is already filled with bad guys, meaning those people that
belong to the well-known criminal world. It has always been like this, since the very ancient past.
Then, particularly since the 80s, we started learning about a new type of criminals, involved in
the so-called white-collar crimes. They were a few, highly specialized people, that decided to
bid over their own life, and try to get the big one to fix all the rest of their lives.

Today the situation is changing, again. We are experiencing white-collar crimes linked with
organized crime. Every day we learn about somebody that has been arrested for e-crime
actions: young people, students, consultants, hackers, and criminals. I think those are just the
tip of the iceberg. The key difference that apparently no one has realized yet is another one: it
doesnt matter whether the bad guy is the IT consultant rather than an anonymous teenager.

Today many more people know about IT security and hacking. Resources are available in a
really easy and accessible way. The Internet is everywhere, allowing attacks to spread
worldwide. People should realize that just like Social Networks exist thanks to the Internet,
similarly, we also have a kind of Criminal Network(s) thanks to the Internet. Its a process that
evolved along the years, and this is the current scenario.

There is close to nothing we can do against it, but we can carry on our efforts in raising
awareness, training and education. Every new technology opens the doors to new criminal
approaches. This should be our first thought whenever using a new technology, along with all
the good things and enhancements the technology itself will surely give us.

RECENT TRENDS

Page 62 of 68
 In February 2009, a group of criminals used counterfeit ATM cards to steal $9 million from
130 ATMs in 49 cities around the world all within a time period of 30 minutes.

June 4, 2009, 10:00 AM IDG News Service

Cybercriminals are improving a malicious software program that can be installed on

ATMs running Microsoft's Windows XP operating system that records sensitive card details,
according to security vendor Trustwave.

The malware has been found on ATMs in Eastern European countries, according to a
Trustwave report.

The malware records the magnetic stripe information on the back of a card as well as the
PIN (Personal Identification Number), which would potentially allow criminals to clone the card
in order to withdraw cash.

The collected card data, which is encrypted using the DES (Data Encryption Standard)
algorithm, can be printed out by the ATM's receipt printer, Trustwave wrote.

The malware is controlled via a GUI that is displayed when a so-called "trigger card" is
inserted into the machine by a criminal. The trigger card causes a small window to appear that
gives its controller 10 seconds to pick one of 10 command options using the ATM's keypad.

"The malware contains advanced management functionality allowing the attacker to fully
control the compromised ATM through a customized user interface built into the malware,"
Trustwave wrote.

A criminal can then view the number of transactions, print card data, reboot the machine
and even uninstall the malware. Another menu option appears to allow the ejection of an ATM's
cash cassette.

Trustwave has collected multiple versions of the malware. The company believes that the
particular one it analyzed is "a relatively early version of the malware and that subsequent
versions have seen significant additions to its functionality."

The company advised banks to scan their ATMs to see if they're infected.

IDG News Service

Page 63 of 68
 CONCLUSION

Lastly I conclude by saying that

Thieves are not born, but made out of opportunities.

This quote exactly reflects the present environment related to technology, where it is
changing very fast. By the time regulators come up with preventive measures to protect
customers from innovative frauds, either the environment itself changes or new technology
emerges. This helps criminals to find new areas to commit the fraud. Computer forensics has
developed as an indispensable tool for law enforcement. But in the digital world, as in the
physical world the goals of law enforcement are balanced with the goals of maintaining personal
liberty and privacy. Jurisdiction over cyber crimes should be standardized around the globe to
make swift action possible against terrorist whose activities are endearing security worldwide.
The National institute of justice, technical working group digital evidence are some of the key
organization involved in research.

The ATM fraud is not the sole problem of banks alone. It is a big threat and it requires a
coordinated and cooperative action on the part of the bank, customers and the law enforcement
machinery. The ATM frauds not only cause financial loss to banks but they also undermine
customers' confidence in the use of ATMs. This would deter a greater use of ATM for monetary
transactions. It is therefore in the interest of banks to prevent ATM frauds. There is thus a need to
take precautionary and insurance measures that give greater "protection" to the ATMs,
particularly those located in less secure areas. The nature and extent of precautionary measures to
be adopted will, however, depend upon the requirements of the respective banks. Internet
Banking Fraud is a fraud or theft committed using online technology to illegally remove money
from a bank account and/or transfer money to an account in a different bank. Internet Banking
Fraud is a form of identity theft and is usually made possible through techniques such as
phishing.

Credit card fraud can be committed using a credit card or any similar payment
mechanism as a fraudulent source of funds in a transaction. The purpose may be to obtain goods
without paying, or to obtain unauthorized funds from an account. Cyber space and cyber

Page 64 of 68
payment methods are being abused by money launderers for converting their dirty money into
legal money. For carrying out their activities launderers need banking system. Internet, online
banking facilitates speedy financial transactions in relative anonymity and this is being exploited
by the cyber money launderers. Traditional systems like credit cards had some security features
built into them to prevent such crime but issue of e-money by unregulated institutions may have
none. Preventing cyber money laundering is an uphill task which needs to be tackled at different
levels. This has to be fought on three planes, first by banks/ financial institutions, second by
nation states and finally through international efforts. The regulatory framework must also take
into account all the related issues like development of e-money, right to privacy of individual.
International law and international co-operation will go a long way in this regard.

Capacity of human mind is unfathomable. It is not possible to eliminate cyber crime from
the cyber space. It is quite possible to check them. History is the witness that no legislation has
succeeded in totally eliminating crime from the globe. The only possible step is to make people
aware of their rights and duties (to report crime as a collective duty towards the society) and
further making the application of the laws more stringent to check crime. Undoubtedly the Act is
a historical step in the cyber world. Further I all together do not deny that there is a need to bring
changes in the Information Technology Act to make it more effective to combat cyber crime.

Capacity of human mind is unfathomable. It is not possible to eliminate cyber

crime from the cyber space. It is quite possible to check them. History is the
witness that no legislation has succeeded in totally eliminating crime from
the globe. The only possible step is to make people aware of their rights and
duties (to report crime as a collective duty towards the society) and further
making the application of the laws more stringent to check crime.

Undoubtedly the Act is a historical step in the cyber world. Further I all together do not
deny that there is a need to bring changes in the Information Technology Act to make it
more effective to combat cyber crime. And prove to be counter-productive.

Page 65 of 68
 REFERENCES:
1. Granville Williams

2. Proprietary Articles Trade Association v. A.G.for Canada (1932)

3. Nagpal R. What is Cyber Crime?

4. Nagpal R- Defining Cyber Terrorism

5. Duggal Pawan The Internet: Legal Dimensions

6. Duggal Pawan - Is this Treaty a Treat?

7. Duggal Pawan - Cybercrime

8. Kapoor G.V. - Byte by Byte

9. Kumar Vinod Winning the Battle against Cyber Crime

10. Mehta Dewang- Role of Police In Tackling Internet Crimes

Page 66 of 68
 BIBLIOGRAPHY

WEBSITE:
www.cybercellmumbai.com
www.agapeinc.in
www.britannica.com

SEARCH ENGINE:
www.google.com
www.yahoo.com
www.wikipedia.com

Page 67 of 68
Page 68 of 68