Cyber Crimes
Cyber Crimes
D. Bala Krishna D. Bala Krishna NALSAR NALSARCrime
Crime
•
• Mala in se & Mala in prohibitaMala in se & Mala in prohibita
•
• DefinitionDefinition
•
Computer Crime
Computer Crime
•• Computer crime encompass a broad range of Computer crime encompass a broad range of potentially
potentially illegal activitiesillegal activities.. •
• It may be divided into two categoriesIt may be divided into two categories
1
1.. CCrriimmees s tthhaatt targettarget computer networks or computer networks or
devices directly
devices directly
2
2.. CCrriimmeess facilitated by computer facilitated by computer networks or networks or
devices,
devices, the primary target of which isthe primary target of which is independent of the computer network
independent of the computer network or or
device device
Computer Crime
Computer Crime
E.g. of crimes that
E.g. of crimes that primarily target computer primarily target computer networks or devices
networks or devices
•
• Malware (malicious code)Malware (malicious code)
•
• Denial-of-service attacksDenial-of-service attacks
•
Computer Crime
Examples of crimes that merely use computer networks or devices
• Cyber stalking
• Fraud and identity theft • Phishing scams
Cyber Crimes
• Credit card frauds • Cyber pornography
• Sale of illegal articles-narcotics, weapons, wildlife • Online gambling
• Intellectual Property Crimes- software piracy, copyright
infringement, trademarks violations, theft of computer source code • Email spoofing • Forgery • Defamation • Cyber stalking • Phishing • Cyber terrorism
Cyber & bad Purposes
• Vandalism
• Vigilantism
• Fraud
• Terrorism
• Warfare
Law & cyber crimes
• I.T Act• I.P.C • Cr.P.C • I.E.A
Arms Act
Online sale of Arms
Sec. 383 IPC Web-Jacking
NDPS Act Online sale of Drugs
Sec 416, 417, 463 IPC Email spoofing
Sec 420 IPC Bogus websites, cyber frauds
Sec 463, 470, 471 IPC Forgery of electronic records
Sec 499, 500 IPC Sending defamatory messages by email
Sec 503 IPC
Sending threatening messages by email
Computer Related Crimes under IPC and Special Laws
Power of Police to Investigate
Sec.165 of Cr.P.C. : Search by police officer. Sec.93 of Cr.P.C : General provision as to
search warrants.
Sec.47 of Cr.P.C. : Search to arrest the accused. Sec.78 of IT Act,2008 : Power to investigate
offences-not below rank of Inspector.
Sec. 80 of IT Act, 2000 : Power of police officer
Power of Police to Investigate
Sec.156 Cr.P.C. : Power to investigate cognizable
offences.
Sec.155.Cr.P.C. :Power to investigate
non-cognizable offences.
Sec.91. Cr.P.C. : Summon to produce documents Sec.160. Cr.P.C. :Summon to require attendance
Information Technology Act
• History of the Act • Specifics of the Act • Essence of the Act
• The Information Technology (Amendment) Act, 2008
• Criticism
Contd.
• History of the Act
• Information Technology Act -2000 • Information Technology Act -2008
• Evolved over a period of time between 1998 to 2009
Specifics of the Act
• Information technology Act 2000 • Consisted of 94 sections
• Segregated into 13 chapters.
Contd.
• In the Act,2008
• there are 124 sections
• (excluding) 5 sections that have been omitted from the earlier version) and
• 14 chapters.
• Schedule I and II have been replaced • Schedules III and IV are deleted.
IT Act,2000
• Essence of the Act
• Information Technology Act 2000 addressed the following issues:
• Legal Recognition of Electronic Documents • Legal Recognition of Digital Signatures
• Offenses and Contraventions
Contd
.
• ITA 2008 as the new version of Information Technology Act 2000
• Provided additional focus on Information Security.
• It has added several new sections on offences including
• Cyber Terrorism and • Data Protection.
Contd
.
• The Information Technology (Amendment) Act, 2008
• The Government of India has brought major amendments to ITA-2000 in form of the
Information Technology Amendment Act, 2008
Criticism
• The amendment was passed in an eventful Parliamentary session on 23rd of December 2008 with no discussion in the House.
• Lack of legal and procedural safeguards to prevent violation of civil liberties of Indians
Appreciation
• It addresses the issue of Cyber Security.
• Sec 69: empowers the Central Government /State Government / its authorized agency
• intercept, monitor or decrypt any information generated, transmitted, received or stored in any
computer resource if it is necessary or expedient so to do in the interest of the sovereignty or integrity of
India, defence of India, security of the State, friendly relations with foreign States or public order or for preventing incitement to the commission of any
cognizable offence or for investigation of any offence.
Contd.
• Notification Of IT Act 2008• The Information Technology Amendment Act, 2008 (IT Act 2008) has been passed on 23rd December 2008 and received the assent of President of India on 5th February, 2009. The IT Act 2008 has been
notified on Oct 27 2009
• Notification under IT (Amendment) Act, 2008 • Enforcement of IT (Amendment) Act 2008
• Notification of Rules under Section 52, 54, 69, 69A, 69B.
Mo Communication & I.T
• Is an Indian government ministry. • It contains three departments:
• Department of Telecommunications
• Department of Information Technology • Department of Posts
Department of Information Technology
• Department of Information Technology
• The newest department, the Department of Information Technology (DIT) regulates the various aspects of Indian information technology. The following are comprehensive functions of the DIT:
• Policy matters relating to Information Technology;
Electronics; and Internet (all matters other than licensing of Internet Service Providers)
• Promotion of Internet, IT and IT-enabled services • Assistance to other departments in the promotion of
e-governance, e-commerce, e-medicine, e-infrastructure, etc. • Promotion of I T education and Information Technology-based
Contd.
• Matters relating to Cyber Laws, administration of the
Information Technology Act 2000 (21 of 2000) and other IT-related laws
• Matters relating to promotion and manufacturing of
semiconductor devices in the country excluding all matters relating to Semiconductor Complex Limited Mohali; the
Semiconductor Integrated Circuits Layout Design Act, 2000 (37 of 2000)
• Interaction in IT-related matters with international agencies and bodies, e. g., Internet for Business Limited, Institute for Education in Information Society and International Code
Council-on line
• Initiative on bridging the Digital Divide: matters relating to Media Lab Asia
• Promotion of standardization, testing and quality in IT and standardization of procedures for IT applications and tasks
CERT
The purpose of the
CERT-• for responding to computer security incidents as and when they occur;
• the CERT-In will also assist members of the Indian Community in implementing proactive measures to reduce the risks of computer
Contd.
• Artifact analysis • Incident tracing • Proactive
• Issue security guidelines, advisories and timely advise. • Vulnerability analysis and response
• Risk Analysis
• Security Product evaluation • Collaboration with vendors
• National Repository of, and a referral agency for, cyber-intrusions. • Profiling attackers.
• Conduct training, research and development.
• Interact with vendors and others at large to investigate and provide solutions for incidents.
CERT
• AUTHORITY• The Indian Computer Emergency Response Team • Operates under the auspices of, and with authority
delegated by, the Department of Information Technology,
• Ministry of Communications & Information
Technology, Government of India. Vide notification published in Part II, Section 3, Sub-section (ii) of the
Gazette of India, Extraordinary, and Dated 27th October, 2009
Contd.
• Network Security "
• Network Security : An Introduction • Networks Vulnerabilities
• Type of Threats/Attacks
• Assessing software and Network device vulnerabilities • Network configuration Flaws
• Host Based Security
• Secure installation of hosts
• Patching up the latest vulnerabilities • Server Services security
• Authentication, authorization and Access control
• Firewall Secure Configuration – Replacing the default configurations with custom configurations
Cyber Crime Brief Description
• Cyber Stalking Stealthily Following a person, tracking his internet chats. 43, 65, 66
• Intellectual Property Crime Source Code Tampering etc. 65 • Pornography Publishing Obscene in Electronic Form 67 • Child Pornography Publishing Obscene in Electronic Form
involving children 67, 67 (2) under proposal
• Video Voyeurism Transmitting Private / Personal Video’s On internet and mobiles Proposed 72(3)
• Salami Attack Deducting small amounts from an account without coming in to notice, to make big amount 43, 65, 66
Contd.
• E-Mail BombinFlooding an E-mail box with innumerable number of E-mails, to disable to notice important message at times.66
• Phishing Bank Financial Frauds in Electronic Banking
Proposed data Protection Provisions under 43, 65, 66, 419 A
• Personal Data Theft Stealing personal data 43 (2)
• Identity Theft Stealing cyberspace identity information of • individual66, 43
• Spoofing Stealing credentials using ,Friendly and familiar GUI’ s Provisions Under 43, 65, 66 and 66
International Cooperation
in
International Nature
• Access/mobility of data fundamental to
economic systems
• Borders by-passed
• Exploitation by criminals & terrorists
– data hidden abroad
– hackers and viruses abroad – economic criminals abroad – illegal content abroad
– communicate to plan
International Nature
• Minimal risk of detection and apprehension • Different national laws
• Crime is borderless but enforcement is constrained by borders
Harmonization of National Laws
• Common framework required
• But , no universal consensus of:
– types of “computer crime” – set of procedural powers
– specifics of definition or scope
Harmonization of National Laws
• No truly international fora
• Problems regarding international cooperation inter-related with harmonization of substantive & procedural law
Inter-relation with procedural law
• International investigative powers are coextensive with domestic powers:
– search or production of data – preservation of stored data – collection of traffic data
– interception of communications
Legal Framework for International
Cooperation
• Mutual legal assistance
– scope of cooperation
– mechanics of cooperation – general obligations
– specific investigative powers
• Extradition
– dual criminality – nationality
Computer security
• Passwords
• Firewalls
• Data Encryption
• Employees
• Web assurance services
• Computer contingency planning
Combating cyber crimes
• Technological measures-Public key
cryptography, Digital signatures ,Firewalls, honey pots
• Cyber investigation- Computer forensics is the process of identifying, preserving, analyzing
and presenting digital evidence in a manner that is legally acceptable in courts of law.
