Answer Keys- CYBER LAW

SECTION-A

Answer of Ques No.1:

(a) Different Kinds of Viruses:

Resident vs. non-resident viruses
A memory-resident virus (or simply "resident virus") installs itself as part of the operating system when
executed, after which it remains in RAM from the time the computer is booted up to when it is shut
down. Resident viruses overwrite interrupt handling code or other functions, and when the operating
system attempts to access the target file or disk sector, the virus code intercepts the request and
redirects the control flow to the replication module, infecting the target. In contrast, a non-memory-
resident virus (or "non-resident virus"), when executed, scans the disk for targets, infects them, and then
exits (i.e. it does not remain in memory after it is done executing).
Macro viruses
Many common applications, such as Microsoft Outlook and Microsoft Word, allow macro programs to
be embedded in documents or emails, so that the programs may be run automatically when the
document is opened. A macro virus (or "document virus") is a virus that is written in a macro language,
and embedded into these documents so that when users open the file, the virus code is executed, and
can infect the user's computer. This is one of the reasons that it is dangerous to open unexpected
attachments in e-mails.
Boot sector viruses
Boot sector viruses specifically target the boot sector/Master Boot Record (MBR) of the host's hard drive
or removable storage media (flash drives, floppy disks, etc.).

(b)

(c) How do we create a Digital Signature?

The creation of a Digital Signature is a complex mathematical process. However as the complexities of
the process are computed by the computer, applying a Digital Signature is no more difficult that creating
a handwritten one!
The following process illustrates in general terms the processes behind the generation of a Digital
Signature:
1. Alice clicks 'sign' in her email application or selects which file is to be signed.
2. Alice's computer calculates the 'hash' (the message is applied to a publicly known mathematical
hashing function that coverts the message into a long number referred to as the hash).
3. The hash is encrypted with Alice's Private Key (in this case it is known as the Signing Key) to create the
Digital Signature.
4. The original message and its Digital Signature are transmitted to Bob.
5. Bob receives the signed message. It is identified as being signed, so his email application knows which
actions need to be performed to verify it.
6. Bob's computer decrypts the Digital Signature using Alice's Public Key.
7. Bob's computer also calculates the hash of the original message (remember - the mathematical
function used by Alice to do this is publicly known).
8. Bob's computer compares the hashes it has computed from the received message with the now
decrypted hash received with Alice's message.

------------------------------------------------------------------------------------------------------------------------------
Answer to Ques No.2
(a) Categories of Cyber crimes:
i. Computer is the target
ii. Computer is the tool
iii. Computer is incidental

(b)

(c)
Hacking: This is a type of crime wherein a person’s computer is broken into so that his personal or
sensitive information can be accessed. In the United States, hacking is classified as a felony and
punishable as such. This is different from ethical hacking, which many organizations use to check their
Internet security protection. In hacking, the criminal uses a variety of software to enter a person’s
computer and the person may not be aware that his computer is being accessed from a remote location.

Theft: This crime occurs when a person violates copyrights and downloads music, movies, games and
software. There are even peer sharing websites which encourage software piracy and many of these
websites are now being targeted by the FBI. Today, the justice system is addressing this cyber crime and
there are laws that prevent people from illegal downloading.

Cyber Stalking: This is a kind of online harassment wherein the victim is subjected to a barrage of online
messages and emails. Typically, these stalkers know their victims and instead of resorting to offline
stalking, they use the Internet to stalk. However, if they notice that cyber stalking is not having the
desired effect, they begin offline stalking along with cyber stalking to make the victims’ lives more
miserable.

Identity Theft: This has become a major problem with people using the Internet for cash transactions
and banking services. In this cyber crime, a criminal accesses data about a person’s bank account, credit
cards, Social Security, debit card and other sensitive information to siphon money or to buy things
online in the victim’s name. It can result in major financial losses for the victim and even spoil the
victim’s credit history.

Malicious Software: These are Internet-based software or programs that are used to disrupt a network.
The software is used to gain access to a system to steal sensitive information or data or causing damage
to software present in the system.

Child soliciting and Abuse: This is also a type of cyber crime wherein criminals solicit minors via chat
rooms for the purpose of child pornography. The FBI has been spending a lot of time monitoring chat
rooms frequented by children with the hopes of reducing and preventing child abuse and soliciting.
------------------------------------------------------------------------------------------------------------------------------------
Answer to ques No. 3.
a) Electronic governance or e-governance is the application of information and communication
technology (ICT) for delivering government services, exchange of information, communication
transactions, integration of various stand-alone systems and services between government-to-customer
(G2C), government-to-business (G2B), government-to-government (G2G) as well as back office
processes and interactions within the entire government framework.
Through e-governance, government services will be made available to citizens in a convenient, efficient
and transparent manner. The three main target groups that can be distinguished in governance
concepts are government, citizens and businesses/interest groups. In e-governance there are no distinct
boundaries.
Generally four basic models are available – government-to-citizen (customer), government-to-
employees, government-to-government and government-to-business.

b) Section 18 in The Information Technology Act, 2000

18 Functions of Controller. -The Controller may perform all or any of the following functions, namely:-
(a) exercising supervision over the activities of the Certifying Authorities;
(b) certifying public keys of the Certifying Authorities;
(c) laying down the standards to be maintained by the Certifying Authorities;
(d) specifying the qualifications and experience which employees of the Certifying Authority should
possess;
(e) specifying the conditions subject to which the Certifying Authorities shall conduct their business;
(f) specifying the contents of written, printed or visual materials and advertisements that may be
distributed or used in respect of a 1 [Electronic Signature] Certificate and the public key;
(g) specifying the form and content of a 27 [Electronic Signature] Certificate and the key;
(h) specifying the form and manner in which accounts shall be maintained by the Certifying Authorities;
(i) specifying the terms and conditions subject to which auditors may be appointed and the
remuneration to be paid to them;
(j) facilitating the establishment of any electronic system by a Certifying Authority either solely or jointly
with other Certifying Authorities and regulation of such systems;

c) In addition to four classes of certificates given below, the Certifying Authority may issue more classes
of Public Key Certificates, but these must be explicitly defined including the purpose for which each class
is used and the verification methods underlying the issuance of the certificate. The suggested four
classes are the following :-
Class 0 Certificate: This certificate shall be issued only for demonstration/ test purposes.
Class 1 Certificate: Class 1 certificates shall be issued to individuals/private subscribers. These
certificates will confirm that user's name (or alias) and E-mail address form an unambiguous subject
within the Certifying Authorities database.
Class 2 Certificate: These certificates will be issued for both business personnel and private individuals
use. These certificates will confirm that the information in the application provided by the subscriber
does not conflict with the information in well-recognized consumer databases.
Class 3 Certificate: This certificate will be issued to individuals as well as organizations. As these are high
assurance certificates, primarily intended for e-commerce applications, they shall be issued to
individuals only on their personal (physical) appearance before the Certifying Authorities.
-----------------------------------------------------------------------------------------------------------------------
Answer to Ques No.4
(a)
Cryptographic Keys: Private and Public
More complex ciphers use a secret key to control a long sequence of complicated substitutions and
transpositions .There are two general categories of cryptographic keys: Private key and public key
systems.

Private Key Cryptography

Private key systems use a single key. The single key is used both to encrypt and decrypt the information.
Both sides of the transmission need a separate key and the key must be kept secret from. The security
of the transmission will depend on how well the key is protected. The US Government developed the
Data Encryption Standard ("DES") which operates on this basis and it is the actual US standard. DES keys
are 56 bits (16) long. The length of the key was criticised and it was suggested that the short key was
designed to be long enough to frustrate corporate eavesdroppers, but short enough to be broken by the
National Security Agency ("NSA") (17). Export of DES is controlled by the State Department. DES system
is getting old and becoming insecure. US government offered to replace the DES with a new algorithm
called Skipjack which involves escrowed encryption.

Public Key Cryptography-In the public key system there are two keys: a public and a private key. Each
user has both keys and while the private key must be kept secret the public key is publicly known. Both
keys are mathematically related. If A encrypts a message with his private key then B, the recipient of the
message can decrypt it with A's public key. Similarly anyone who knows A's public key can send him a
message by encrypting it with his public key. A will than decrypt it with his private key. Public key
cryptography was developed in 1977 by Rivest, Shamir and Adleman ("RSA") in the US. This kind of
cryptography is more eficient than the private key cryptography because each user has only one key to
encrypt and decrypt all the messages that he or she sends or receives.

(b)
The 3-Pronged Approach to Cyber Security
Dealing with cyber terrorists and cyber terrorism takes a thoroughly thought-out and developed plan,
and the willingness to take immediate action, preferably before a terrorist event takes place. The
following is a simplistic approach to cyber security:
1. Do whatever it takes to protect the infrastructure.
2. Invest to protect your products.
3. Protect your clients, including their personal data.
Be sure that your infrastructure, whether that is your personal computer, social media and online
accounts or the multibillion-dollar waterworks station is protected. Start small. Make sure that all
passwords are strong by incorporating capital and lower case letters, numbers and symbols in unlikely
combinations. Invest in products that increase system security, like malware protection and virus
detection, and use encryption to help protect your client’s personal information.
Taking security to a higher level, consider hiring an ethical hacker to attempt to gain access to your
system, and patch any vulnerability immediately. Also consider insider threat monitoring to identify
behaviors and anomalies with your system and to help meet human capital demands. It takes a lot of
people to adequately protect an organization, just as it takes a large number of people to complete a
cyber attack. Therefore, think like a cyber terrorist to beat them at their own game. They use
technologies to achieve their terrorist goals, so follow suit and use ethical technologies to battle against
their unethical acts and spread security as far as possible within your organization.
Surviving Cyberterrorism
Fighting back against highly sophisticated, intelligent cyber terrorists seems to be a no-win situation, but
with the proper technologies, experts and the willingness to respond, exploitation can be minimized.
The following steps teach you exactly what to do before, during and after a cyberterrorism attack.
1. Anticipate cyber attacks: The question is not if cyber terrorists are going to attack, it’s when.
Think about prevention strategies and what you can do now. Do not wait until you are attacked
to do something about it because it will be too late.
2. Respond immediately to enhance business continuity: When attacked, the goal is to keep the
business functioning as a cohesive unit at all times. This is possible if you have established your
security plan and have practiced what to do before an attack rears its ugly head.
3. Monitor all systems in real time: Invest in technologies and experts to monitor your systems 24
hours a day, 7 days a week, 365 days a year.
4. Evolve: Never stop learning ways to survive cyber attacks, and always use each cyber attack as
an educational tool to enhance your overall security plan.

(c)

Electronic Payment is a financial exchange that takes place online between buyers and sellers.
The content of this exchange is usually some form of digital financial instrument (such as
encrypted credit card numbers, electronic cheques or digital cash) that is backed by a bank or
an intermediary, or by a legal tender.

A.Electronic Tokens:
An electronic token is a digital analog of various forms of payment backed by a bank or financial
institution. There are two types of tokens:
Real Time: (or Pre-paid tokens) - These are exchanged between buyer and seller, their users
pre-pay for tokens that serve as currency. Transactions are settled with the exchange of these
tokens. Examples of these are DigiCash, Debit Cards, Electronic purse etc.
Post Paid Tokens – are used with fund transfer instructions between the buyer and seller.
Examples – Electronic cheques, Credit card data etc.
B.Electronic or Digital Cash:
This combines computerized convenience with security and privacy that improve upon paper
cash. Cash is still the dominant form of payment as: The consumer still mistrusts the banks. The
non-cash transactions are inefficiently cleared. In addition, due to negative real interests rates
on bank deposits. Now we will enumerate some qualities of cash:
Cash is a legal tender i.e. payee is obligatory to take it.
It is negotiable i.e. can be given or traded to someone else.
It is a bearer instrument i.e. possession is proof of ownership.
It can be held & used by anyone, even those without a bank certificate.
It places no risk on part of acceptor.
C.Electronic Cheques
The electronic cheques are modeled on paper checks, except that they are initiated
electronically. They use digital signatures for signing and endorsing and require the use of
digital certificates to authenticate the payer, the payer’s bank and bank account. They are
delivered either by direct transmission using telephone lines or by public networks such as the
Internet.
-------------------------------------------------------------------------------------------------------------------------------

SECTION -B
Answer to Ques no.5
(a) "Computer contaminant" means any set of computer instructions that are designed-

(a) to modify, destroy, record, transmit data or programme residing within a computer, computer
system or computer network; or

(b) by any means to usurp the normal operation of the computer, computer system, or computer
network;

"Computer virus" means any computer instruction, information, data or programme that destroys,
damages, degrades or adversely affects the performance of a computer resource or attaches itself to
another computer resource and operates when a programme, data or instruction is executed or some
other event takes place in that computer resource;

(b) Objectives of passing the Information Technology Act:

i. To give effect to model law of UNCITRAL

ii. To bring new laws and to amend old laws in our country to facilitate e commerce.
iii. To facilitate e governance.
iv. To make consequential amendments in the IPC and Evidence Act.

-------------------------------------------------------------------------------------------------------------------------------
Answer to Ques No.6
(a) Safescrypt
IDRBT
National Informatics Centre
TCS
GNFC
e Mudhra CA

(b)A basic principle in international commercial arbitration is that of party autonomy. It is described by
the. authors of Redfern and Hunter in the following terms: "Party autonomy is the guiding principle in
determining the procedure to be followed in an international. commercial arbitration..
-----------------------------------------------------------------------------------------------------------------------------------
Answer to Ques No.7
a) A public key infrastructure (PKI) is a set of roles, policies, and procedures needed to create, manage,
distribute, use, store, and revoke digital certificates and manage public-key encryption.

b) Malware: software which is specifically designed to disrupt, damage, or gain authorized access to a
computer system.

Logic Bomb: a set of instructions secretly incorporated into a program so that if a particular condition is
satisfied they will be carried out, usually with harmful effects.

--------------------------------------------------------------------------------------------------------------------------

Answer to Ques 8.
The jurisdiction is not define in the cyber laws or The information Technology but it is defined in the
code of civil Procedure 1908.The cyberspace means the growing technology i.e. communication by the
means of websites or through telecommunication. The cyberspace is result of development in the era or
field of technology. Jurisdiction means the place of suing or where the parties are resides. Jurisdiction
can be said the territory of the courts on that basis the court can perform its duty. Section 15 to 20 of
the Civil Procedure Code 1908 provides the place off suing or the subject matter of dispute. But in the
recent we finds that now the place of plaintiff is also accountable in the place of suing which is define in
the Section 15 of the Civil Procedure Code 1908.Now the main issues of the cyberspace is that the
parties and the subject matter of dispute. for an e.g. if the party is resides in the other country and he
wants to business in India he launch an e mail site which contains the subject matter of his business and
if any dispute is raised then who are the competent authorities who are eligible to solved the problem.

First we want to know about that what is jurisdiction and then the problem of jurisdiction under the
cyber laws. According to Oxford Dictionary Jurisdiction means the right to administer justice. In the
simple words Jurisdiction may be defined to be the power or authority of a court to hear and determine
a cause, to adjudicate and exercise any judicial power in relation to it.

In other words, Jurisdiction is meant the authority which a court has to decide matters that are litigated
before it or to take cognizance of matters presented in a formal way for its decision. Jurisdiction is the
power of a court to hear a case and determine a case. Jurisdiction essentially two types, subject matter
jurisdiction and personal jurisdiction.

Now the main issue of our Article is the problem of jurisdiction under cyber laws. The word jurisdiction
we can find in code of civil procedure 1908, but we cannot find the exact meaning of cyber space. So, we
solved the problem of jurisdiction with the help of code of civil procedure 1908.The main problem of
Internet Jurisdiction is the presence of multiple parties in various parts of the world who have only
virtual nexus with each other. Then the problem of place is raised that where the party wants to sue?

Traditional requirements generally encompass two areas-

Firstly, the place where the defendant resides, or

 Secondly, where the cause of action arises.

Then the question is why we raised the issue of jurisdiction in cyber laws?

The answer of the why is the problem of jurisdiction is complete confusion and contradiction that
plague judicial decisions in the area of Internet Jurisdiction. Suppose if a person decides to buy some
products from a website, and pays money for it through a credit card, and suddenly some internet
problem is occurred and the transaction is stopped. In this occasion whether a person is file a suit
against the owner of the site. But the owner of the site is in Singapore. The site itself is based in a server
in South Africa. So the question is raised where the defendant resides? The transaction occurred on the
net. So was it in India or in South Africa.

v Then whether the corporation can be the part of the internet jurisdiction or an individual be a part of
the internet jurisdiction?

In this regard there was a famous case of Cybersell,Inc. vs. Cybersell, Inc 1997 US App. The case is
related with the service mark dispute between two corporations, one at Orlando and another at
Arizona. The court held that the effect test does not apply with the same force to a corporation as it
does to an individual “because a corporation does not suffer harm in a particular geographical location
in the same sense that an individual does”.

Why the problem of jurisdiction in cyber laws?

The main problem is that the picture of place of suing and who are the parties is not clear. If one party
wants to sue the other, where can he sue? Traditional requirements generally encompass two areas, the
place where the defendant resides, or where the cause of action arises. In the Code of Civil Procedure
1908, Section 15 and 20 is dealt with the parties to sue and subject matter of the dispute. But in recently
the place of plaintiff is also be an important part in the jurisdiction issues. Issues of this nature have
contributed to the complete confusion and contradictions. Considering the lack of physical boundaries
on the internet is it possible to reach out beyond the court’s geographical boundaries to haul a
defendant into its court for conduct in cyberspace.

We are talking that after green revolution, the stage of industrial revolution plays a vital role in the field
of economy and then we say technological revolution replace the industrial revolution but we not get
the answer that in this cyber age or technological age we not know to where we sue and if our right is
hamper then how we get the compensation and who will provide us the relief or compensation.

How the problem of jurisdiction is headache for the cyber laws?

The problem of jurisdiction is headache for the cyber laws because the problem of jurisdiction is not
directly solved by the cyber laws, even the problem of jurisdiction is solved by the help of code of civil
procedure 1908 and Information Technology Act 2000.

We know thr provisions of code of civil procedure 1908 but we did not know the provisions of
Information Technology 2000.In Section 1 (2) and 75 (2) provides the issues relating to jurisdiction. But
even if Indian courts are to claim jurisdiction and pass judgments on the basis of the principle
expostulated by IT Act, it is unlikely that foreign Courts will enforce these judgments since they would
not accept the principles utilized by the Act as adequate to grant Indian Courts Jurisdiction. This would
also render the Act ineffective.

Suppose if a person buy some articles through electronic contracts in the process there was some
internet problem is raised and suddenly the transaction will stopped and the person paid the cash
through his credit card whether can he claim for relief if the answer is yes then where he file a sue.

Conclusion

The Indian Code of Civil Procedure 1908, bases territorial jurisdiction (Section 15 to 20) on two principles
– firstly the place of residence of the defendant and secondly the place where the cause of action arises.
However, there are no clear guidelines as to how these are to be determined. In the context of the
Internet, residence of the defendant may well include either his place of physical residence or the place
of where the web-site server is located. Similarly, the accessed or where its server is located. But in the
absence of any statutory clarification, courts will be forced to rely upon precedents, such as those
describe above.

Answer to Ques 9.
HAPTER X : THE CYBER REGULATIONS APPELLATE TRIBUNAL

1. Establishment of Cyber Appellate Tribunal

(1) The Central Government shall, by notification, establish one or more appellate tribunals to be known
as the Cyber Regulations Appellate Tribunal.

(2) The Central Government shall also specify, in the notification referred to in sub-section (1), the
matters and places in relation to which the Cyber Appellate Tribunal may exercise jurisdiction.
2. Composition of Cyber Appellate Tribunal

A Cyber Appellate Tribunal shall consist of one person only (hereinafter referred to as the Presiding
Officer of the Cyber Appellate Tribunal) to be appointed, by notification, by the Central Government.

3. Qualifications for appointment as Presiding Officer of the Cyber Appellate Tribunal

A person shall not be qualified for appointment as the Presiding Officer of a Cyber Appellate Tribunal
unless he-
(a) is, or has been, or is qualified to be, a Judge of a High Court; or

(b) is or has been a member of the Indian Legal Service and is holding or has held a post in Grade I of
that Service for at least three years.
4. Term of officer

The Presiding Officer of a Cyber Appellate shall hold office for a term of five years from the date on
which he enters upon his office or until he attains the age of sixtyfive years, whichever is earlier.

5. Salary, allowances and other terms and conditions of service of Presiding Officer
The salary and allowances payable to, and the other terms and conditions of service including pension,
gratuity and other retirement benefits of, the Presiding Officer or a Cyber Appellate Tribunal shall be
such as may be prescribed: Provided that neither the salary and allowances nor the other terms and
conditions of service of the Presiding Officer shall be varied to his disadvantage after appointment.

6. Filling up of vacancies

If, for reason other than temporary absence, any vacancy occurs in the office of the Presiding Officer of
a Cyber Appellate Tribunal, then the Central Government shall appointment another person in
accordance with the provisions of this Act to fill the vacancy and the proceedings may be continued
before the Cyber Appellate Tribunal from the stage at which the vacancy is filled.

7. Resignation and removal

(1) The Presiding Officer of a Cyber Appellate Tribunal may, be notice in writing under his hand
addressed to the Central Government, resign his office :

Provided that the said Presiding Officer shall, unless he is permitted by the Central Government to
relinquish his officer sooner, continue to hod office until expiry of three months from the date of receipt
of such notice or until a person duly appointed as his successor enters upon his office or until the expiry
of his terms of office, whichever is the earliest.

(2) The Presiding Officer of a Cyber Appellate Tribunal shall not be removed from his officer except by an
order by the Central Government on the ground of proved misbehaviour or incapacity after an inquiry
made by a Judge of the Supreme Court in which the Presiding Officer concerned has been informed of
the charges against him and given a reasonable opportunity of being heard in respect of these charges.

(3) The Central Government may, be rules, regulate the procedure for the investigation of misbehaviour
or incapacity of the aforesaid presiding Officer.
8. Orders constituting Appellate Tribunal to be final and not to invalidate its proceedings

No order of the Central Government appointing any person as the Presiding Officer of a Cyber Appellate
Tribunal shall be called in question in any manner and no act or proceeding before a Cyber Appellate
Tribunal shall be called in question in any manner on the ground merely of any defect in the constitution
of a Cyber Appellate Tribunal.

9. Staff of the Cyber Appellate Tribunal

(1) The Central Government shall provide the Cyber Appellate Tribunal with such officer and employees
as that Government may think fit.

(2) The officers and employees of the Cyber Appellate Tribunal shall discharge their functions under
general superintendence of the Presiding Officer.

(3) The salaries, allowances and other conditions of service of the officers and employees of the Cyber
Appellate Tribunal shall be such as may be prescribed by the Central Government.
10. Appeal to Cyber Appellate Tribunal
(1) Save as provided in sub-section (2), any person aggrieved by an order made by Controller or an
adjudicating officer under this Act may prefer an appeal to a Cyber Appellate Tribunal jurisdiction in the
matter.

(2) No appeal shall lie to the Cyber Appellate Tribunal from an order made by an adjudicating officer
with the consent of the parties.

(3) Every appeal under sub-section (1) shall be filed within a period of forty-five days from the date on
which a copy of the order made by the Controller or the
adjudicating officer is received by the person aggrieved and it shall be in such form and be accompanied
by such fee as may be prescribed :

Provided that the Cyber Appellate Tribunal may entertain an appeal after the expiry of the said period of
forty-five days if it is satisfied that there was sufficient
cause for not filing it within that period.

(4) On receipt of an appeal under sub-section (1), the Cyber Appellate Tribunal may, after giving the
parties to the appeal, an opportunity of being heard, pass such orders thereon as it thinks fit,
confirming, modifying or setting aside the order appealed against.

(5) The Cyber Appellate Tribunal shall send a copy or every order made by it to the parties to the appeal
and to the concerned Controller or adjudicating officer.

(6) The appeal filed before the Cyber Appellate Tribunal under sub-section (1) shall be dealt with by it as
expeditiously as possible and endeavour shall be made by it to dispose of the appeal finally within six
months from the date of receipt of the appeal.
11. Procedure and powers of the Cyber Appellate Tribunal
(1) The Cyber Appellate Tribunal shall not be bound by the procedure laid down by the Code of Civil
Procedure, 1908 but shall be guided by the principles of natural justice and, subject to the other
provisions of this Act and of any rules, the Cyber Appellate Tribunal shall have powers to regulate its
own procedure including the place at which it shall have its sitting.

(2) The Cyber Appellate Tribunal shall have, for the purposes of discharging its functions under this Act,
the same powers as are vested in a civil court under the Code of Civil Procedure, 1908, while trying a
suit, in respect of the following matters, namely : -
(a) summoning and enforcing the attendance of any person and examining him on oath;

(b) requiring the discovery and production of documents or other electronic records;

(c) receiving evidence on affidavits;

(d) issuing commissions for the examination of witnesses of documents;

(e) reviewing its decisions;

(f) dismissing an application for default or deciding it ex parte;

(g) any other matter which may be prescribed.

(3) Every proceeding before the Cyber Appellate Tribunal shall be deemed to be a judicial proceeding
within the meaning of sections 193 and 228, and for the purpose of section 196 of the Indian Penal Code
and the Cyber Appellate Tribunal shall be deemed to be a civil court for the purposes of section 195 and
Chapter XXVI of the Code of Criminal Procedure, 1973.
12. Right to legal representation

The appellant may either appear in person or authorise one or more legal
practitioners or any of its officers to present his or its case before the Cyber Appellate Tribunal.

13. Limitation

The provisions of the Limitation Act, 1963, shall, as far as may be, apply to an appeal made to the Cyber
Appellate Tribunal.

14. Civil court not to have jurisdiction

No court shall have jurisdictions to entertain any suit or proceeding in respect of any matter which an
adjudicating officer appointed under this Act or the Cyber Appellate Tribunal constituted under this Act
is empowered by or under this Act to determine and no injunction shall be granted by any court or other
authority in respect of any action taken or to be taken in pursuance of any power conferred by or under
this Act.

15. Appeal to High Court

Any person aggrieved by any decision or order of the Cyber Appellate Tribunal may file an appeal to the
High Court within sixty days from the date of communication of the decision or order of the Cyber
Appellate Tribunal to him on any question of fact or law arising out of such order : Provided that the
High Court may, if it is satisfied that the appellant was prevented by sufficient cause from filing the
appeal within the said period, allow it to be filed within a further period not exceeding sixty days.

Answer to ques 10
Cyber Terrorism:
Computers and the internet are becoming an essential part of our daily life. They are being used by
individuals and societies to make their life easier. They use them for storing information, processing
data, sending and receiving messages, communications, controlling machines, typing, editing, designing,
drawing, and almost all aspects of life.
The tremendous role of computers stimulated criminals and terrorists to make it their prefered tool for
attacking their targets. The internet has provided a virtual battlefield for countries having problems with
each other such as Taiwan against China, Israel against Palestine, India against Pakistan, China against
the US, and many other countries.
This transformation in the methods of terrorism from traditional methods to electronic methods is
becoming one of the biggest chalenges to modern societies.
In order to combat this type of terrorism a lot of effort should be done at the personal level, the country
level, the regional level, as well as the international level to fight against this transnational type of crime.

Definition of The Term:

The FBI definition of terrorism:
"The unlawful use of force or violence against persons or property to intimidate or coerce a
government, the civilian population, or any segment thereof, in furtherance of political or social
objectives."

U.S. Department of State definition of terrorism:

"Premeditated politically motivated violence perpetrated against noncombatant targets by sub-national
groups or clandestine agents"

Definition of Cyber Terrorism:

The FBI defined cyber terrorism as "The premeditated, politically motivated attack against information,
computer systems, computer programs, and data which result in violence against noncombatant targets
by sub-national groups or clandestine agents".

The U.S. National Infrastructure Protection Center defined the term as:
"A criminal act perpetrated by the use of computers and telecommunications capabilities, resulting in
violence, destruction and/or disruption of services to create fear by causing confusion and uncertainty
within a given population, with the goal of influencing a government or population to conform to
particular political, social or ideological agenda".

James Lewis from the Center for Strategic and International Studies defined cyber terrorism as:
"The use of computer network tools to shut down critical national infrastructure (such as energy,
transportation, government operations) or to coerce or intimidate a government or civilian population".

Who are cyber terrorists?

From American point of view the most dangerous terrorist group is Al-Qaeda which is considered the
first enemy for the US. According to US officials data from computers seized in Afganistan indicate that
the group has scouted systems that control American energy facilities, water distribution,
communication systems, and other critical infrastructure.
After April 2001 collision of US navy spy plane and Chinese fighter jet, Chinese hackers launched Denial
os Service (DoS) attacks against American web sites.
A study that covered the second half of the year 2002 showed that the most dangerous nation for
originating malicious cyber attacks is the United States with 35.4% of the cases down from 40% for the
first half of the same year. South Korea came next with 12.8% , followed by China 6.2% then Germany
6.7% then France 4% . The UK came number 9 with 2.2%.
According to the same study, Israel was the most active country in terms of number of cyber attacks
related to the number of internet users.
There are so many groups who are very active in attacking their targets through the computers. The
Unix Security Guards (USG) a pro Islamic group launched a lot of digital attacks in May 2002.
Another group called World's Fantabulas Defacers (WFD) attacked many Indian sites. Also there is
another pro Pakistan group called Anti India Crew (AIC) who launched many cyber attacks against India.
There are so many Palestinian and Israeli groups fighting against each other through the means of digital
attacks.
Why do they use cyber attacks?
Cyber terrorist prefer using the cyber attack methods because of many advantages for it.
It is Cheaper than traditional methods.
The action is very Difficult to be tracked.
They can hide their personalities and location.
There are no physical barriers or check points to cross.
They can do it remotely from anywhere in the world.
They can use this method to attack a big number of targets.
They can affect a large number of people.

What can they do?

On Oct. 21, 2002, a distributed denial of service (DDOS) attack struck the 13 root servers that provide
the primary road-map for all internet communications. Nine servers out of these thirteen were jammed.
The problem was taken care of in a short period of time.
According to Kevin Coleman (Oct. 10, 2003) the internet being down for just one day could disrupt
nearly $6.5 billion worth of transactions.
At Worcester, Mass, in 1997, a hacker disabled the computer system of the airport control tower.
In the same year a hacker from Sweden jammed the 911 emergency telephone system in the west-
central Florida. This indicates that an attck could be launched from anywhere in the world.
In 1998 attacks were launched against the NASA, the Navy, and the Department of Defense computer
systems.
In 2000, someone hacked into Maroochy Shire, Australia waste management control system and
released millions of gallons of raw sewage on the town.
In Russia In the year 2000, a hacker was able to control the computer system that govern the flow of
natural gas through the pipelines.
Financial institutions have been subject to daily attacks or attack attempts. They are the most preferable
targets for cyber criminals.
The Israeli cyber warfare professionals targeted human rights and anti-war activists across the U.S.A in
late July and August 2002 disrupting communications, harassing hundreds of computer users, and
annoying thousands more.

The danger of cyber terrorism:

General John Gordon, the White House Homeland Security Advisor, speaking at the RSA security
conference in San Francisco, CA Feb. 25, 2004 indicated that whether someone detonates a bomb that
cause bodily harm to innocent people or hacked into a web-based IT system in a way that could, for
instance, take a power grid offline and result in blackout, the result is ostensibly the same. He also
stated that the potential for a terrorist cyber attack is real.
In their paper, Jimmy Sproles and Will Byars said: "By the use of the internet the terrorist can affect
much wider damage or change to a country than one could by killing some people. From disabling a
countries military defenses to shutting off the power in a large area, the terrorist can affect more people
at less risk, than through other means".
Cyber terrorists can destroy the economy of the country by attcking the critical infrastructure in the big
towns such as electric power and water supply, still the blackout of the North Western states in the US
in Aug. 15, 2003 is unknown whether it was a cterrorist act or not, or by attckig the banks and financial
institutions and play with their computer systems.
Senator Jon Kyl, chairman of the senate judiciary subcommittee on terrorism, technology and homeland
security mentioned that members of al-Qaeda have tried to target the electric power grids,
transportation systems, and financial institutions.
In England the National High-Tech Crime Unit (NHTCU) survey showed that 97% of the UK companies
were victims to cyber crime during the period from June 2002 to June 2003.
Cyber terrorists can endanger the security of the nation by targeting the sensitive and secret
information (by stealing, disclosing, or destroying).

Efforts of combating cyber terrorism

The Interpol, with its 178 member countries, is doing a great job in fighting against cyber terrorism. They
are helping all the member countries and training their personnel.
The Council of Europe Convention on Cyber Crime, which is the first international treaty for fighting
against computer crime, is the result of 4 years work by experts from the 45 member and non-member
countries including Japan, USA, and Canada. This treaty has already enforced after its ratification by
Lithuania on 21st of March 2004.
The Association of South East Asia Nations (ASEAN) has set plans for sharing information on computer
security. They are going to create a regional cyber-crime unit by the year 2005.

Answer to Ques 11.

Offences & Penalties under the Information Technology Act, 2000

The introduction of the internet has brought the tremendous changes in our lives. People of all fields are
increasingly using the computers to create, transmit and store information in the electronic form
instead of the traditional papers, documents. Information stored in electronic forms has many
advantages, it is cheaper, easier to store, easier to retrieve and for speedier to connection. Though it has
many advantages, it has been misused by many people in order to gain themselves or for sake or
otherwise to harm others. The high and speedier connectivity to the world from any place has
developed many crimes and these increased offences led to the need of law for protection. Some
countries have been rather been vigilant and formed some laws governing the net. In order to keep in
pace with the changing generation, the Indian Parliament passed the law --- Information Technology Act
2000. The IT Act 2000 has been conceptualized on the United Nations Commissions on International
Trade Law (UNCITRAL) Model Law.
The increase rate of technology in computers has led to enactment of Information Technology Act 2000.
The converting of the paper work into electronic records, the storage of the electronic data, has led
tremendous changed the scenario of the country. The Act further amends the Indian Penal Code, 1860,
The Evidence Act, 1872, The Banker’s Book’s Evidence Act, 1891 and The Reserve Bank of India Act,
1934.

Offences:

Cyber offences are the unlawful acts which are carried in a very sophisticated manner in which either
the computer is the tool or target or both. Cyber crime usually includes:

(a) Unauthorized access of the computers

(b) Data diddling

(c) Virus/worms attack

(d) Theft of computer system

(e) Hacking

(f) Denial of attacks

(g) Logic bombs

(h) Trojan attacks

(i) Internet time theft

(j) Web jacking

(k) Email bombing

(l) Salami attacks

(m) Physically damaging computer system.

The offences included in the IT Act 2000 are as follows:

1. Tampering with the computer source documents.

2. Hacking with computer system.

3. Publishing of information which is obscene in electronic form.

4. Power of Controller to give directions

5. Directions of Controller to a subscriber to extend facilities to decrypt information

6. Protected system

7. Penalty for misrepresentation

8. Penalty for breach of confidentiality and privacy

9. Penalty for publishing Digital Signature Certificate false in certain particulars

10. Publication for fraudulent purpose

11. Act to apply for offence or contravention committed outside India

12. Confiscation

13. Penalties or confiscation not to interfere with other punishments.

14. Power to investigate offences.

Offences Under The It Act 2000:

Section 65. Tampering with computer source documents:

Whoever knowingly or intentionally conceals, destroys or alters or intentionally or knowingly causes

another to conceal, destroy or alter any computer source code used for a computer, computer
Programme, computer system or computer network, when the computer source code is required to be
kept or maintained by law for the being time in force, shall be punishable with imprisonment up to three
year, or with fine which may extend up to two lakh rupees, or with both.

Explanation: For the purpose of this section “computer source code” means the listing of programmes,
computer commands, design and layout and programme analysis of computer resource in any form.

Object: The object of the section is to protect the “intellectual property” invested in the computer. It is
an attempt to protect the computer source documents (codes) beyond what is available under the
Copyright Law
Essential ingredients of the section:

1. knowingly or intentionally concealing ,

2. knowingly or intentionally destroying,

3. knowingly or intentionally altering,

4. knowingly or intentionally causing others to conceal,

5. knowingly or intentionally causing another to destroy,

6. knowingly or intentionally causing another to alter.

This section extends towards the Copyright Act and helps the companies to protect their source code of
their programmes.

Penalties: Section 65 is tried by any magistrate.

This is cognizable and non- bailable offence.

Penalties: Imprisonment up to 3 years and / or

Fine: Two lakh rupees.