Introduction to Cyber Crimes and Cyber Laws

Dr.V.Mariappan Dept of Banking Technology Pondicherry University

January 3, 2013

Cyber crimes

Agenda for the session

Concept Crime
Fundamental principles of Crime Growth of Cyber Space

Understanding cyber crime

Introduction to cyber law
January 3, 2013 Cyber crimes 2

Concept of Crime
Crime is eternal As eternal as society
Crime is an action that is fallen outside the pattern of

permitted conduct prescribed by legislature of a country. The concept changes with the evolution of human society Appears different in different countries and different times Crime in one country may not be a crime in another
January 3, 2013 Cyber crimes 3

Concept of crime.,
Reasons Weakness Anger Greed Jealousy some form of human aberration They are irrational, misguided, impulsive and ill-

conditioned.
January 3, 2013 Cyber crimes 4

Fundamental Principles of Crime

Rules of equity, justice and fair play provides basis for

formulation of rational penal policy It is general principle of criminal law that a person may not be convicted of a crime unless the prosecution has proved beyond reasonable doubt that;
He has caused a certain event, or responsibility is to be

attributed to him for the existence of a certain state of affairs, which is forbidden by criminal law; and He had a defined state of mind in relation to the causing of the event or the existence of the state of affairs.
January 3, 2013 Cyber crimes 5

Elements of Crime
Actus reus Connotes a deed, a physical result of human conduct. Defined as such result of human conduct as the law seeks to prevent. It is not merely an act but may consist of a state of affairs not including an act at all. Mens rea Connotes a guilty mind. It consists of a number of different mental attitudes including intention, recklessness and negligence.
January 3, 2013 Cyber crimes 6

Actus reus in Internet crimes

The element of actus reus in internet crimes is relatively

easy to identify, but is very difficult to prove. The fact of the occurrence of the act that can be termed as a crime can be said to have taken place when a person is

Making use of a computer function Accessing data stored on a computer or from a computer which has access to data stored outside An attempt to gain access through internet or passes signals through various computers Trying to login, even though attempts are useless.
Cyber crimes 7

January 3, 2013

Mens rea in Internet crimes

Essential for determining mens era in internet crime

is that he or she must have been aware at the time of causing the computer to perform the function that the access intended to be secured was unauthorized. Two vital ingredients for mens rea are;
There must be unauthorized access intended to be

secured The hacker should gave been aware of the same at the time he or she tried to secure the access.

January 3, 2013

Cyber crimes

Understanding Cybercrime?
Description of cybercrime is problematic.
No uniform or universally accepted definition prevails Cybercrimes is invariably used with computer crimes,

computer misuse or IT crimes. Lack of authoritative and qualitative data Recorded computer crime data are not accurate reflection of the actual number of crimes using ICT. Victims not aware they are victims unless informed Lack of knowledge and training of law enforcing authorities
January 3, 2013 Cyber crimes 9

Cyber Crimes
Definition of Cyber Crime, computer crimes, cyber frauds, computer frauds etc.
Legal definition: I.T. Act No Accepted definitions and usages

Illegal behavior that targets the security of computer systems and/or the data accessed and processed by computer networks An act where computer is an object or a subject of crime Any crime where an I.T. gadget is used in the act

Cyber Crimes are technological variants of normal crimes. The Act of committing, investigation, trial, evidence .. ALL VARY Theft, forgery, fraud, blackmail, harassment, law of torts.

January 3, 2013

Cyber crimes

10

Cyber Crimes - definition

All crimes performed or resorted to by abuse of electronic media or otherwise, with the purpose of influencing the functioning of computer or computer system. COMPUTER CRIME is any crime where Computer is a target or a tool of crime or just incidental to crime.
A harmful acts committed from or against a computer or network. (McConnell International Report, 2000)

January 3, 2013

Cyber crimes

11

Role of Computer in Crime

Both as a tool and a target.
The function of the computer in crime is fourfold, it

serves as:
an object a subject a tool a symbol.

January 3, 2013

Cyber crimes

12

In these four capacities, common computer crimes are;

Cellular telephone fraud;
Data alteration; Data destruction and sabotage; Data extortion; Data theft; Desktop counterfeiting; Disclosure of confidential data; Electronic letter bombing; Identity theft;
January 3, 2013

Cyber crimes

13

common computer crimes are;

Internet consumer fraud;
PBX fraud; Reading another person's e-mail without permission; Sale of proprietary data; Software piracy; Stolen long-distance calling cards; Unauthorized access & entry to systems &

information Voice mail fraud.

January 3, 2013 Cyber crimes 14

Cyber Crimes and Normal Crimes

Scene of crime issues
Investigation mechanism and process Process of trial E-evidence: Volatility, production of an e-evidence Acceptability, irretrievability, technological issues Jurisprudence and related issues Irrefutability and reliability of records and process

Justice should not only be done but should also appear to

have been done

January 3, 2013 Cyber crimes 15

Characteristics of Cyber Crime

Silent in Nature
Global in Character Non existence of physical evidence Creates high impact High potential and easy to perpetrate
January 3, 2013 Cyber crimes 16

Computer criminals normally are;

Disgruntled employees Teenagers (misguided, misadventurous) Political Activist Professional Hackers Business Rival Ex-Boy Friend Divorced spouse

January 3, 2013

Cyber crimes

17

CYBER CRIMES

Key Features of The IT Act

2000 Amended by ITAA 2008

January 3, 2013

Cyber crimes

19

IT Act - Records
Recognition to electronic records is a big step
Reliance on electronic records Acceptability of electronic signatures as an

authentication mechanism Procedures for trying a cyber crime described Search and seizure powers and extra territorial powers etc Role of CERT-In ('Indian Computer Emergency Response Team'. ) recognized

Section 43
Unauthorized access, download, or copy data
Destroys, deletes or alters any info or damages or causes to

damage.. Disrupts or causes to disrupt etc (DoS attack) Computer contaminant definition of virus etc diminishes its value or utility or affects Computer source code: listing of programmes, computer commands, design, layout and programme analysis

Section 43-A

A significant addition in ITAA 2008 Compensation for failure to protect data Body corporate dealing or handling any personal data

.negligent in maintining reasonable security practicescause wrongful losses or wrongful gainliable to pay damages by way of compensation Body corporate, sensitive personal data and reasonable security practices are defined in the section as a major step in compliance for ITOs and CSOs Cyber Law Compliance to be taken seriously Responsibility and liability of CTOs/CEOs as noncompliance of these provisions..

Section 65
Tampering with computer source documents
Conceal, destroy, intentionally or knowingly alter any

computer source code Punishment of three years or with Rs.2 lakhs or with both Computer source code described

Section 66 List of offences

66A Offensive messges thro communication service 66B Dishonestly receiving stolen computer resource 66C Electronic signature or other identity theft 66D Cheating by personation - computer resource 66E Privacy violation Publishing or transmitting 66F Cyber terrorism sovereignty of the nation Life imprisonment

Sec 67 A now widened

Publishing or transmitting obscene material Lascivious or appealing to prurient interest Deprave or corrupt persons 67A Publishing sexually explicit act in e-form 67B e-publishing child pornography 67C Preservation and retention by intermediaries 69 Power to monitor, intercept, decrypt any information trough any computer resource: Criticised to be draconian Privacy of information?

Other provisions
69 Power to intercept, monitor etc 69A Blocking information for public access 70, 70A and 70B CERT-In will be the national agency for incident response 75 offence/contravention committed outside India 76 Confiscation powers 79 NSPs not liable in certain cases -due diligence Inspectors powers to enter, search etc (notwithstanding CrPC) in public place

Amendments to other Acts

I.T. Act amends the following Acts The Indian Penal Code, 1860

record, document, false document, forgery etc The Indian Evidence Act, 1872 Admissibility of electronic record as evidence The Bankers Books Evidence Act 1891 Clause 2 a (3) bankers book includes .certified copy means when the books of a bank maintained ..2A. A and b and A to I clauses inserted as conditions in the section The Reserve Bank of India 1934: EFT like RTGS

Amendments to other Acts

The Indian Telegraph Act, - especially 5(2) on Phone tapping

comparison with Sec 69 ITA The Indian Contract Act The Indian Copyrights Act Consumer Protection Act Anti Money Laundering Act

Other Communications for ISPs and NSPs regulations Regulatory Bodies and their role CERT-In, TRAI, RBI,

SEBI

January 3, 2013

Cyber crimes

28

The three main players

Users

(Banks, ISPs, NSPs, Data custodians)

Regulators (RBI, SEBI, Ministry etc)

January 3, 2013

Cyber crimes

29

Thank you

January 3, 2013

Cyber crimes

30