6- cyber crime and it act 2000

8/10/2019 6- Cyber Crime and IT Act 2000

1/45

Social & Legal Issues

CYBER CRIME

&IT ACT 2000


2/45


WHAT IS CYBER CRIME

All crimes performed or resorted to by abuse of electronic

media or otherwise, with the purpose of influencing the

functioning of computer or computer system.

COMPUTER CRIME is any crime where

Computer is a target.

Computer is a tool of crime

Computer is incidental to crime


3/45


Who carries out Cyber Crime?

Insiders (employees)

Hackers (cyber-mercenaries)

Criminals (serious & organized crime) Terrorists (sub-state groups)

Corporations (commercial espionage)

Government agencies (counterintelligence)


4/45


Motives behind Cyber Crime

There are many motives:

Revenge

Ideology

Competition

Money

Influence


5/45


VICTIMS

Children and adolescents between the agegroup of 618 years

Greedy people Unskilled & Inexperienced

Unlucky people


6/45


Computer Crimes are Vulnerable

Because of :

Anonymity

Computers storage capacity,

Weakness in Operating System,

Lack off Awareness off user.


7/45


Cyber crime is mainly categorized in two ways

The Computer as a Target: using a computer to

attack other computers. e.g. Hacking, Virus/Worm

attacks, DOS attack etc. The Computer as a Weapon: using a computer to

commit real world crimes. e.g. Cyber Terrorism, IPR

violations, Credit card frauds, EFT frauds,

Pornography etc.


8/45


Types of Cyber Crime

HACKING

DENIAL OF SERVICE

ATTACK

VIRUSDISSEMINATION

SOFTWARE PIRACY

PORNOGRAPHY

IRC CRIME

FINANCIAL FRAUD

NET EXTORTION

PHISHING

SPOOFING

CYBER STALKING CYBER DEFAMATION

THREATENING

SALAMI ATTACK


9/45


1. HACKING

Hacking in simple terms means illegal intrusion into a

computer system without the permission of the computer

owner/user.

Hackers write or use ready-made computer programs to

attack the target computer. They possess the desire to destruct

and they get the kick out of such destruction. Some hackers

hack for personal monetary


10/45


2. DENIAL OF SERVICE ATTACK

This is an act by the criminal, who

floods the bandwidth of the victims

network or fills his e-mail box with

spam mail depriving him of theservices he is entitled to access or

provide


11/45


3.VIRUS DISSEMINATION

Malicious software that attaches itself to other

software.(virus, worms, Trojan Horse, Time bomb, Logic

Bomb, Rabbit and Bacterium are the malicious

softwares)


12/45


VIRUSES

A program that has capability to infect other programsand make copies of itself and spread into otherprograms is called virus.

software that piggybacks on other software andruns when you run something else

Macro in excel, word

Transmitted through sharing programs onbulletin boards

Passing around floppy disks

An .exe, .com file in your email


13/45


WORMS

Programs that multiply like viruses but spread from computer

to computer are called as worms.

Software that uses computer networks to find security holes

to get in to your computerusually in Microsoft OS. But

worm for MAC was recently written.


14/45


4.SOFTWARE PIRACY

Theft of software through the illegal copying ofgenuine programs or the counterfeiting and

distribution of products intended to pass for the

original.

Retail revenue losses worldwide are ever

increasing due to this crime

Can be done in various ways-

End user copying, Hard disk loading, Counterfeiting,

Illegal downloads from the internet etc.


15/45


5. PORNOGRAPHY

Pornography is the first consistently successful e-commerce product.

Deceptive marketing tactics and mouse trapping

technologies Pornography encourage customers toaccess their websites.


16/45


6.IRC CRIME

Internet Relay Chat (IRC) servers have chat rooms inwhich people from anywhere the world can cometogether and chat with each other

Criminals use it for meeting coconspirators.

Hackers use it for discussing their exploits / sharing thetechniques.

Pedophiles use chat rooms to allure small children.

Cyber Stalking - In order to harass a woman hertelephone number is given to others as if she wants to

befriend males.


17/45


7. FINANCIAL FRAUD

You simply have to type credit card number into

www page off the vendor for online transaction

If electronic transactions are not secured

the credit card numbers can be stolen by

the hackers who can misuse this card by

impersonating the credit card owner

l l


18/45


8. NET EXTORTION

Copying the companys confidential data in order toextort said company for huge amount.

l l


19/45


9. PHISHING

It is technique of pulling out confidential information

from the bank / financial institutional account holders

by deceptive means.

l L l


20/45


10. SPOOFING

Getting one computer on a network to pretend to

have the identity off another computer, usually one

with special access privileges, so as to obtain access

to the other computers on the network.

S i l & L l I


21/45


11.CYBER STALKING

The Criminal follows the victim by sending emails,

entering the chat rooms frequently.

S i l & L l I


22/45


12. CYBER DEFAMATION

The Criminal sends emails containingdefamatory matters to all concerned off the

victim or post the defamatory matters on a

website.

(disgruntled employee may do this against

boss, ex-boyfriends against girl, divorced

husband against wife, etc.)

S i l & L l I


23/45


13. THREATENING

The Criminal sends threatening email

or comes in contact in chat rooms with victim.(Any one disgruntled may do this against boss, friend

or official)

S i l & L l I


24/45


14. SALAMI ATTACK

In such crime criminal makes insignificantchanges in a system in such a manner thatsuch changes would go unnoticed.

For example, criminal makes such programthat deducts small amount like Rs. 2.50 permonth from the account of all the customerof the Bank and deposit the same in hisaccount. In this case no account holder will

approach the bank for such small amount butcriminal gains huge amount.

S i l & L l I


25/45


15. SALE OF NARCOTICS

Sale & Purchase through net.

There are web site which offer sale and shipment off

contrabands drugs.

They may use the techniques off stenography for hidingthe messages.

So i l & L g l Iss s


26/45


How to protect your computer

Use anti-virus software and firewalls - keep them up to date

Keep your operating system up to date with critical securityupdates and patches

Don't open emails or attachments from unknown sources Use hard-to-guess passwords. Dont use words found in a

dictionary. Remember that password cracking tools exist

Back-up your computer data on disks or CDs often



27/45


How to protect your computer

Don't share access to your computers with strangers

If you have a wi-fi network, password protect it

Disconnect from the Internet when not in use

Re-evaluate your security on a regular basis

Make sure your employees and family members know thisinformation too



28/45


How to prevent Cyber crime

Technical prevention Network administrator

Tasks

Role in the company organisation chart

Personal data and privacy

Update OS

Antivirus protection

Anti-spam and Trojan protection Home banking and Internet banking

Good legal policies



29/45


How to prevent Cyber crime

Using the computer at workplace between efficiency and

privacy

- Include the Policy on how to use Internet at workplace as a

part of the labour contract- Training the employees on usage of Internet and software

- Training the employees on how they should treat confidential

information and the essential passwords



30/45


International initiatives

Representatives from the 26 Council of Europe members, theUnited States, Canada, Japan and South Africa in 2001 signed aconvention on cyber crime in efforts to enhance internationalcooperation in combating computer-based crimes.

The Convention on Cyber crime, drawn up by experts of theCouncil of Europe, is designed to coordinate these countries'policies and laws on penalties on crimes in cyberspace, definethe formula guaranteeing the efficient operation of the criminaland judicial authorities, and establish an efficient mechanismfor international cooperation.

In 1997, The G-8 Ministers agreed to ten "Principles to CombatHigh-Tech Crime" and an "Action Plan to Combat High-TechCrime."


31/45


32/45



33/45


IT ACT 2000

Information technology Act 2000 consisted of 94 sections

segregated into 13 chapters. Four schedules form part of the

Act.



34/45


Information Technology (Amendment) Act 2008

Information Technology (Amendment) Bill 2008 passed by

Indian Parliament in December 2008 notified as the IT(Amendment) Act 2008 has received the assent of thePresident on the 5th Feb, 2009. This Act punishes variouscyber crimes including Cyber Terrorism

These amendments have strengthened the IT Act and alsoaddressed earlier concerns about the act. Also the amendmentsare very concise and better define some of the vaguer terms inthe original version of the act



35/45


WHAT DOES IT 2008 COMPRISE OF

In the 2008 version of the Act, there are 124 sections

(excluding 5 sections that have been omitted from the earlier

version) and 14 chapters. Schedule I and II have been

replaced. Schedules III and IV are deleted.



36/45


Civil liabilities, penalties and adjudication

Penalty for damage to computer, computer system etc.(Sec 43):

Any person, who, without the permission of the owner or any other personin-charge of a computer, computer system or computer network

a. accesses or secures access to such computer, computer system or

computer network; b. downloads, copies or extracts any data, computer database or

information from such computer, computer system or computer networkincluding information or data held or stored in any removable storagemedium;

c. introduces or causes to be introduced any computer contaminant orcomputer virus into any computer, computer system or computer network;



37/45



d. damages or causes to be damaged any computer, computer system orcomputer network, data, computer database or any other programmesresiding in such computer, computer system or computer network;

e. disrupts or causes disruption of any computer, computer system orcomputer network;

f. denies or causes the denial of access to any person authorised to accessany computer, computer system or computer network;

g. provides any assistance to any person to facilitate access to a computer,computer system or computer network in contravention of the provisionsthis Act, rules or regulations made under thereunder;

h. charges the services availed of by a person to the account of anotherperson by tampering with or manipulating any computer, computer system

or computer network,shall be liable to pay damages by way ofcompensation not exceeding one crore rupees to the person so affected.



38/45



Penalty for failure to furnish information, return etc.(Sec 44): Any person who is required under the Act, or rules or regulations made

thereunder to

a. furnish any document, return or report to the Controller or the CertifyingAuthority fails to furnish the same, shall be liable to a penalty notexceeding one lakh and fifty thousand rupees for each such failure;

b. file any return or furnish any information, books or other documentswithin the time specified thereof in the regulations fails to file the same intime he shall be liable to a penalty not exceeding five thousand rupees forevery day during which such failure continues;

c. maintain books of account or records fails to maintain the same he shallbe liable to penalty not exceeding ten thousand rupees for everyday during

which the failure continues.



39/45


Sections Hacking with computer system (Sec 66): Hacking with computer system is a punishable offence under the Act. It means any

person intentionally or knowingly causes wrongful loss or damage to the public ordestroys or deletes or alters any information residing in the computer resources ordiminishes its value or utility or affects it injuriously by any means, commitshacking.

Such offenses will be punished with three years imprisonment or with fine of twolakh rupees or with both.

Publishing of information which is obscene in electronic form (Sec 67):

Whoever publishes or transmits or causes to be published in the electronic form,any material which is lascivious or appeals to prurient interest or if its effect is suchas to tend to deprave and corrupt persons who are likely, having regard to allrelevant circumstances, to read, see or hear the matter contained or embodied in it

shall be punished on first conviction with imprisonment for a term extending up to5 years and with fine which may extend to one lakh rupees. In case of second andsubsequent conviction imprisonment may extend to ten years and also with finewhich may extend up to two lakh rupees.



40/45


Sections

Failure to comply with orders of the controller by a CertifyingAuthority or any employee of such authority (Sec 68):

Failure to comply with orders of the Controller by any Certifying Authorityor by any employees of Certifying Authority is a punishable offence. Such

persons are liable to imprisonment for a term not exceeding three years orto a fine not exceeding two lakh rupees or to both.

Fails to assist any agency of the Government to decrypt theinformation (Sec 69):

If any subscriber or any person-in-charge of the computer fails to assist orto extend any facilities and technical assistance to any Government agencyto decrypt the information on the orders of the Controller in the interest ofthe sovereignty and integrity of India etc. is a punishable offence under the

Act. Such persons are liable for imprisonment for a term, which mayextend to seven years.



41/45

S c & L g Iss s

Sections

Unauthorized access to a protected system (Sec 70):

Any person who secures access or attempts to secure access toa protected system in contravention of the provisions is

punishable with imprisonment for a term which may extend to

ten years and also liable to fine. Misrepresentation before authorities (Sec 71):

Any person who obtains Digital Signature Certificate bymisrepresentation or suppressing any material fact from theController or Certifying Authority as the case may be punished

with imprisonment for a term which may extend two years orwith fine up to one lakh rupees or with both.



42/45

S & g ss s

Sections

Breach of confidentiality and privacy (Sec 72): Any person in pursuant of the powers conferred under the act, unauthorisedly

secures access, to any electronic record, books, register, correspondence,information, document or other material without the consent of the personconcerned discloses such materials to any other person shall be punished withimprisonment for a term which may extend to two years, or with fine up to one lakhrupees or with both.

Publishing false particulars in Digital Signature Certificate (Sec 73):

No person can publish a Digital Signature Certificate or otherwise make it availableto any other person with the knowledge that: -

a. the Certifying Authority listed in the certificate has not issued it; or

b. the subscriber listed in the certificate has not accepted it; or

c. the certificate has been revoked or suspended

unless such publication is for the purpose of verifying a digital signature createdprior to such suspension or revocation. Any person who contravenes the provisionsshall be punishable with imprisonment for a term, which may extend to two yearsor with fine up to rupees one lakh or with both.



43/45

& g

Sections

Publication of Digital Signature Certificate for fraudulent purpose (Sec 74):

Any person knowingly creates, publishes or otherwise makes available a Digital

Signature Certificate for any fraudulent or unlawful purpose shall be punished with

imprisonment for a term which may extend to two years or with fine up to one lakhrupees or with both



44/45

g

Limitations

IT Act, 2000 does not mention about domain names and the rights ofdomain names owners.

IT Act, 2000 does not mention about INTELLECTUAL PROPERTYRIGHTS

IT Act, 2000 does not confer any right upon any person to insist that the

document in questions should be accepted in electronic form.



45/45

g

Mumbai Cyber lab is a joint initiative of Mumbai police andNASSCOMmore exchange and coordination of this kind

Suggested amendments to the IT Act,2000-new provisions forchild pornography, etc

More Public awareness campaigns

Training of police officers to effectively combat cyber crimes

More Cyber crime police cells set up across the country

Effective E-surveillance

Websites aid in creating awareness and encouraging reporting

of cyber crime cases. Specialized Training of forensic investigators and experts

Active coordination between police and other lawenforcement agencies and authorities is required.

6- cyber crime and it act 2000

Documents