Beruflich Dokumente
Kultur Dokumente
Firewalls
The first line of defense against cyber criminals is a good firewall. The best
remedy when it comes to firewalls is combining both an appliance side (router
with a built-in SPI firewall) and a software firewall solution. When you combine
both types of firewall, you will eliminate 95 percent of cyber criminals who ping
your system to see if it is secure. The other 5 percent might stop by to see if they
can get in without getting detected to see what you are protecting.
Antivirus
The right antivirus solution is your second line of defense against cyber criminals.
However, the myth among most individual consumers is they can use a free or
low-end antivirus solution and that will be enough. The reality is, you need an
active, best of the best, hourly update antivirus solution. You will need one that
provides hourly definition updates. You also want a solution that has 24/7
research and analysis by first responders and automated algorithms.
Anti-Spyware
This type of cyber crime security solution is portable and if you buy one with
FIPS (Federal Information Processing Standard) 140-2 Level 3, then your system
is vertically hacker proof. This type of security mechanism is the same type used
by the Department of Defense. Because it is based on a USB flash drive, it is
difficult to hack since it is pulled from the system when not online.
2. Using the computer as a weapon :-using a computer to commit real world crimes.
e.g. Cyber Terrorism, IPR violations, Credit card frauds, EFT frauds, Pornography etc.
Access means gaining entry into, instructing or communicating with the logical,
arithmetical, or memory function resources of a computer, computer system or computer
network. Unauthorized access means any kind of access without the permission of either
the rightful owner or the person in charge of a computer, computer system or computer
network. Every acts committed towards breaking into a computer and/or network is
hacking. Hackers write or use ready-made computer programs to attack the target
computer. They possess the desire to destruct and they get the kick out of such
destruction. Some hackers hack for personal monetary gains, such as to steal the credit
card information, transfer money from various bank accounts to their own account etc.
Web hijacking is also a crime which means taking control of others website
A program that has capability to infect other programs and make copies of itself and
spread into other programs is called virus.
Programs that multiply like viruses but spread from computer to computer are called as
worms.
a) Email spoofing
an email shown to have sent from once source in fact has been sent frm a deferent source
is called spoofing
b) Email Spamming
sending email to thousands and thousands of users - similar to a chain letter is called
email spamming.
E-mails are used to send viruses, Trojans etc through emails as an attachment or by
sending a link of website which on visiting downloads malicious code.
d) Email bombing
abusive identical messages sent repeatedly to a particular address is called emails E-mail
"bombing".
f) Defamatory emails
g) Email frauds
h) IRC related
Trojan Attack:-
Trojan attack means by representing as a useful link or a helper it causes harm to your
programme. Trojans come in two parts, a Client part and a Server part. When the victim
(unknowingly) runs the server on its machine, the attacker will then use the Client to
connect to the Server and start using the trojan.
Flooding a computer resource with more requests than it can handle. This causes the
resource to crash thereby denying access of service to authorized users.
Distributed DOS
Types of DOS-
e. Pornography:-
The literal meaning of the term 'Pornography' is "describing or showing sexual acts in
order to cause sexual excitement through books, films, etc." This includes pornographic
websites; pornographic material produced using computers and use of internet to
download and transmit pornographic videos, pictures, photos, writings etc.
g. Forgery:-
Counterfeit currency notes, postage and revenue stamps, mark sheets etc can be forged
using sophisticated computers, printers and scanners. Also impersonate another person is
considered forgery.
h. IPR Violations:-
Cyber Squatting- Domain names are also trademarks and protected by ICANN's domain
dispute resolution policy and also under trademark laws.
Cyber Squatters registers domain name identical to popular service provider's domain so
as to attract their users and get benefit from it.
i. Cyber Terrorism:-
Targeted attacks on military installations, power plants, air traffic control, banks, trail
traffic control, telecommunication networks are the most likely targets. Others like
police, medical, fire and rescue systems etc.
Cyber terrorism is an attractive option for modern terrorists for several reasons.
5.Cyber terrorism has the potential to affect directly a larger number of people.
In the corporate world, Internet hackers are continually looking for opportunities to
compromise a company's security in order to gain access to confidential banking and
financial information. Use of stolen card information or fake credit/debit cards are
common. Bank employee can grab money using programs to deduce small amount of
money from all customer accounts and adding it to own account also called as salami.
This would include trade of narcotics, weapons and wildlife etc., by posting information
on websites, auction websites, and bulletin boards or simply by using email
communication. This kind of business is increasing day by day.
m. Online gambling:-
Gambling activities done through fake websites are called as online gambling which is
offence if it is game of chance.
n. Defamation: -
Defamation can be understood as tarnishing the image, respect or dignity of any person in
front of right thinking members of the society.
A matter defaming a person is sent to the said person directly is not defamation however
if the said mail is sent through CC or BCC to third parties and if the contents tarnish the
image of the recipient it is defamation. Cyber Defamation occurs when defamation takes
place with the help of computers and / or the Internet. Publication of defamatory articles
and matter on a website are defamation. Cyber defamation is also called as Cyber
smearing.
Cyber Stacking:-
Cyber stalking involves following a persons movements across the Internet by posting
messages (sometimes threatening) on the bulletin boards frequented by the victim,
entering the chat-rooms frequented by the victim, constantly bombarding the victim with
emails etc.
In general, the harasser intends to cause emotional distress and has no legitimate purpose
to his communications.
q. Identity Theft :-
r. Data diddling:-
Changing data prior or during input into a computer is called as Data diddling. It also
include automatic changing the financial information for some time before processing
and then restoring original information.
Confidentiality
CYBER LAW –
INTRODUCTION;-
The computer crime or an e-crime can be simply defined as a crime where a computer is
the target of a crime or it is the means adopted to commit a crime. While some of the
crimes may be new, the others are simply different ways to commit conventional crimes
such as frauds, theft, blackmailing, forgery, and embezzlement using the online medium
often involving the use of internet.
Important cyber crimes are virus attacks, salami attacks, e-mail bombing, DOS attacks,
internet hacking or information offences increase day by day.
Cyber law is important because it touches almost all aspects of transactions and activities
concerning the Internet, the World Wide Web and cyberspace. As the nature and scope of
the Internet is changing, it is perceived as the ultimate medium ever evolved in human
history. Every activity in cyberspace can and will have a cyber legal perspective. From
the moment a person registers a domain name, sets up and promotes his or her web site,
and then conducts electronic commerce and has transactions on the site, various cyber
law issues are involved. As the Internet grows, numerous legal issues arise relating to
domain names, intellectual Property rights, electronic commerce, privacy, encryption,
electronic contracts, Cyber crime, online banking, spamming and so on.
The Parliament of India passed its cyber law in the form of the Information Technology
Act, 2000, which provides the legal infrastructure for ecommerce.
The objective of the Information Technology Act, 2000 would be to provide legal
recognition for transactions carried out by means of electronic data interchange and
other means of electronic communication, commonly referred to as electronic methods
of communication and storage of information. The act also facilitate electronic filing of
documents with various government agencies and further to amend the Indian Penal
Code, the Indian Evidence Act, 1872, the Banker’s Book Evidence Act, 1891 and the
Reserve Bank of India Act,1934 for related matters. The Act thereafter stipulates
numerous provisions in order to provide for the legal framework so that legal sanctity is
accorded to all electronic records and other activities carried out by electronic means.
The Act further states that unless otherwise agreed to, the acceptance of a contract
expressed by electronic means of communication shall have legal validity and
enforceability. The Act would facilitate electronic intercourse in trade and commerce,
eliminate barriers and obstacles to electronic commerce that result from the celebrated
uncertainties relating to writing and signature requirements over the Internet.
The objectives of the Act also aim to promote and develop the legal and business
infrastructure necessary for implementing electronic commerce.
The Act stipulates that any subscriber may authenticate an electronic record by affixing
his digital signature. It further states that any person can verify the electronic record by
the use of a public key of the subscriber. It contains details about e-governance and
provides, among other things, that where any law provides that information or other
matters shall be in writing, type written or printed form, then, notwithstanding anything
contained in such a law, that requirement should be satisfied if the information or matter
is:
(a) Rendered or made available in an electronic form;
(b) Accessible to make it usable for subsequent reference.
The Act also covers penalties and adjudication for various types of offences and mentions
the power and qualifications for the adjudicating officer. A provision foresees a Cyber-
Regulations Appellate Tribunal where appeals against the orders passed by Adjudicating
Officers could be referred. The tribunal would not be bound by the principles of the Code
of Civil Procedure, but would follow the principles of natural justice and have the
same powers as a civil court. Any appeal against an order or decision of the Cyber-
Regulations Appellate Tribunal would be made to the High Court. It covers various
offences and stipulates that the investigation must be by a police officer only, and that
officer should havethe rank of deputy superintendent of police or higher. These offences
include tampering with computer source documents, publishing obscene
information in electronic form, breach of confidentiality and privacy,
misrepresentation, publishing a digital signature certificate that is false in certain
particulars and publication for fraudulent purposes.
Hacking and penalties if found guilty have been defined in Section 66. For the first
time, punishment for hacking has been designated as a cyber crime. The Act also
provides for constituting the Cyber-Regulations Advisory Committee, which would
advise the government about any rules or other matter connected with the Act. The Act
also has four schedules which amend the Indian Penal Code, 1860, the Indian Evidence
Act, 1872, The Bankers’ Books Evidence Act, 1891, The Reserve Bank of India Act,
1934 to make them conform with provisions of the IT Act. Overall, the Information
Technology Act, 2000 is considered to be a commendable effort by the government to
create the necessary legal infrastructure to promote and encourage the growth of
electronic commerce. India has incorporated some aspects relating to cyber crime into its
Cyber law. Certain acts have been stipulated as cyber crimes with punishment in the form
of imprisonment and fines.
Improvements to be made
3. Changes recommended:
when the law was framed, there were no technologies like MMS or sophisticated devices
like mobile phones Latest News about mobile phones with cameras. The IT Act is
struggling to cope with the change in modern technology.
India is likely to have a tighter data protection and privacy regime in place later, after
bowing to pressure from Western users of outsourcing services.The National Association
of Software and Service Companies (NASSCOM) in Delhi is confident that new
measures will be passed as law in the coming session of India's parliament, Opponents of
offshore outsourcing to India have often cited the absence of a data protection and
privacy law in India as a strong reason for stopping the movement of call centre and BPO
work to the country.
Rather than have a separate law to deal with data security and privacy issues, the
government is considering an amendment to its Information Technology Act of 2000.
NASSCOM is in the process of inserting new clauses in the IT Act 2000, and these are
being reviewed by the government .The act in its existing form only covers unauthorized
access and data theft from computers and networks, with a maximum penalty of about
$220,000,and does not have specific provisions relating to privacy of data Even though
the government has delayed the implementation of a legal framework for prosecution of
data and privacy breaches, Indian BPO companies have implemented processes such as
the BS7799 standard for information security management. Standards such as BS7799,
and the ISO17799 standard for information security, restrict the quantity of data that can
be made available to employees of BPO and call centers.
Conclusion –
The Indian experience has shown that it is easy to enact law on paper. However, it is
extremely difficult to enforce laws in actual practice. There are numerous challenges that
require appropriate awareness among citizens about e-commerce laws. This is so because
at the end of the day, the ecommerce laws are basically targeted to protect and help those
citizens .It is also necessary for ensure that there is adequate training of the relevant
departments and government officials who would draft and implement policies relating to
e-commerce.
CYBER CRIME
Computer crime, or cybercrime, refers to any crime that involves a computer and a
network The computer may have been used in the commission of a crime, or it may be
the target. Netcrime refers, more precisely, to criminal exploitation of the Internet.
Issues surrounding this type of crime have become high-profile, Chaptericularly those
surrounding hacking, copyright infringement, child pornography, and child grooming.
There are also problems of privacy when confidential information is lost or intercepted,
lawfully or otherwise.
On the global level, both governments and non-state actors continue to grow in
importance, with the ability to engage in such activities as espionage, financial theft, and
other cross-border crimes sometimes referred to as cyber warfare. The international legal
system is attempting to hold actors accountable for their actions, with the International
Criminal Court among the few addressing this threat.
Let us examine the acts wherein the computer is a tool for an unlawful act. This
kind of activity usually involves a modification of a conventional crime by using
computer. Some examples are;
Financial Claims: This would include cheating, credit card frauds, money laundering
etc.
Cyber Pornography: This would include pornographic websites; pornographic
magazines produced using computer and the Internet (to down load and transmit
pornographic pictures, photos, writings etc.)
Sale of illegal articles: This would include sale of narcotics, weapons and wildlife etc.,
by posting information on websites, bulletin boards or simply by using e-mail
communications.
Online gambling: There are millions of websites, all hosted on servers abroad, that offer
online gambling. In fact, it is believed that many of these websites are actually fronts for
money laundering.
Forgery: Counterfeit currency notes, postage and revenue stamps, mark sheets etc., can
be forged using sophisticated computers, printers and scanners.
Cyber Defamation: This occurs when defamation takes place with the help of computers
and or the Internet e.g. someone published defamatory matter about someone on a
websites or sends e-mail containing defamatory information to all of that person’s
friends.
Cyber Stalking: Cyber stalking involves following a person’s movements across the
Internet by posting messages on the bulletin boards frequented by the victim, entering the
chat-rooms frequented by the victim.
Let us examine some of the acts wherein the computer or computer Network is
the target for an unlawful act. It may be noted that in these activities the computer may
also be a tool. This kind of activity is usually out of the purview of conventional criminal
law. Some examples are:
E-Mail bombing: Email bombing refers to sending a large amount of e-mails to the
victim resulting in the victims’ e-mail account or mail servers.
Data diddling: This kind of an attack involves altering the raw data just before it is
processed by a computer and then changing it back after the processing is completed.
Salami attacks: Those attacks are used for the commission of financial crimes. The key
here is to make the alteration so insignificant that in a single case it would go completely
unnoticed e.g. A bank employee inserts a program into bank’s servers, that deducts a
small amount from the account of every customer.
Denial of Service: This involves flooding computer resources with more requests than it
can handle. This causes the resources to crash thereby denying authorized users the
service offered by the resources.
Virus/worm: Viruses are programs that attach themselves to a computer or a file and
then circulate themselves to other files and to other computers on a network. They
usually affect the data on a computer, either by altering or deleting it. Worms, unlike
viruses don not need the host to attach themselves to.
Logic bombs: These are dependent programs. This implies that these programs are
created to do something only when a certain event occurs, e.g. some viruses may be
termed logic bombs because they lie dormant all through the year and become active only
on a Chaptericular date.
Internet Time Theft: This connotes the usage by unauthorized persons of the Internet
hours paid for by another person.
PREVENTION
The main issue in the field of Cyber Crime is the absence of law & opaqueness in
regulations pertaining to Cyber activity anywhere in the world. The issue is further
provoked due to a mismatch in the growth of Internet and cyber laws. Though there has
been an enactment of IT act, but there seem to be huge problems still in the way:
1. One of the major issues is the worldwide connectivity through the internet
& because of which jurisdiction seems to be out of control & going beyond the
boundaries.
2. Evidence loss has become a problem as all the data are ruined on daily basis.
3. Cyber Army: There is also an imperative need to build a high technology crime &
investigation infrastructure, with highly technical staff at the other end.
5. Though S.75 provides for extra-territorial operations of this law, but they could be
meaningful only when backed with provision recognizing orders and warrants for
Information issued by competent authorities outside their jurisdiction and measure for
cooperation for exchange of material and evidence of computer crimes between law
enforcement agencies.
1. Cyber savvy judges are the need of the day. Judiciary plays a vital role in shaping the
enactment according to the order of the day. One such case, which needs
appreciation, is the P.I.L. (Public Interest Litigation), which the Kerala High Court
has accepted through an email.
This Act aims to provide the legal infrastructure for e-commerce in India. And the cyber
laws have a major impact for e-businesses and the new economy in India. So, it is
important to understand what are the various perspectives of the IT Act, 2000 and what it
offers.
In May 2000, both the houses of the Indian Parliament passed the Information
Technology Bill. The Bill received the assent of the President in August 2000 and came
to be known as the Information Technology Act, 2000. Cyber laws are contained in the
IT Act, 2000.
The Information Technology Act, 2000 also aims to provide for the legal framework so
that legal sanctity is accorded to all electronic records and other activities carried out by
electronic means. The Act states that unless otherwise agreed, an acceptance of contract
may be expressed by electronic means of communication and the same shall have legal
validity and enforceability. Some highlights of the Act are listed below:
Chapter-II of the Act specifically stipulates that any subscriber may authenticate an electronic
record by affixing his digital signature. It further states that any person can verify an electronic
record by use of a public key of the subscriber.
Chapter-III of the Act details about Electronic Governance and provides inter alia amongst others
that where any law provides that information or any other matter shall be in writing or in the
typewritten or printed form, then, notwithstanding anything contained in such law, such
requirement shall be deemed to have been satisfied if such information or matter is
• rendered or made available in an electronic form; and
Chapter-X of the Act talks of the establishment of the Cyber Regulations Appellate Tribunal,
which shall be an appellate body where appeals against the orders passed by the Adjudicating
Officers, shall be preferred.
Chapter-XI of the Act talks about various offences and the said offences shall be investigated
only by a Police Officer not below the rank of the Deputy Superintendent of Police. These
offences include tampering with computer source documents, publishing of information, which is
obscene in electronic form, and hacking.
Chapter-XII of The Act provides for the constitution of the Cyber Regulations Advisory
Committee, which shall advice the government as regards any rules, or for any other purpose
connected with the said act. The said Act also proposes to amend the Indian Penal Code, 1860,
the Indian Evidence Act, 1872, The Bankers' Books Evidence Act, 1891, The Reserve Bank of
India Act, 1934 to make them in tune with the provisions of the IT Act.