ject By:-

FORMATION AND TECHNOLOGY GIVING RISE TO MORE C

Sharma61 n Taxali.63 ur Udeshi.65 sh Jain.67 Maheshwari.69 a Salian.71 al Shah73 il Gawari.75 si Shah77 ur Agarwal79

Table of Contents

Introduction...................................................................................................3 Information Technology Act........................................................................7 Amendments in the IT Act.........................................................................14 Computer & Cyber-Crimes.......................................................................16 IT in the Banking Sector............................................................................31 Statistics & Figures.....................................................................................34 Survey Questionnaire.................................................................................42 Feedback Analysis.......................................................................................43 NASSCOM...................................................................................................53 Conclusion....................................................................................................57 Bibliography................................................................................................58

INTRODUCTION

The rapid developing scenario has changed the mindset of a lot of people around the globe. As communication and technology evolved it has made a dramatic change in the lives of people and their perception towards business. There is a change in the way people deal and transact in their businesses. A change from brick and mortar to click and mortar. The traditional paper form has been taken over by the new age computer form. This electronic form is cheaper, easier to store and retrieve data and speedier to communicate. People got aware about the increasing demand for electronic business and along with they started adopting it. E- Commerce ruled out paperwork completely and because of this what became necessary was a legal regulatory framework. A framework that would be formed that does not hampers the working of the electronic business. This was to be framed as legal provisions are very important while transacting or entering into any business. As in the traditional paper form, the legality of business was such that all the transactions that took place or any new venture entered were in written form and properly signed by the people in the business. These documents act as evidences and this one of the major hurdles that was faced on the emergence of E-Commerce. Law of Evidence was based on records and testimony and hence to facilitate E- Commerce there was a need for legal changes and it became the biggest necessity.

Success in any field of human activity leads to crime that needs mechanisms to control it. Legal provisions should provide assurance to users, empowerment to law enforcement agencies and deterrence to criminals. The
3

law is as stringent as its enforcement. Crime is no longer limited to space, time or a group of people. Cyber space creates moral, civil and criminal wrongs. It has now given a new way to express criminal tendencies. Back in 1990, less than 100,000 people were able to log on to the Internet worldwide. Now around 500 million people are hooked up to surf the net around the globe.

The Government of India realized the need for introducing a new law and for making suitable amendments to the existing laws to facilitate e-commerce and giving legal recognition to electronic records and digital signatures. The legal recognition to electronic records and digital signatures in turn will facilitate the conclusion of contracts and the creation of legal rights and obligation through the electronic communication like internet. This gave birth to the Information Technology Bill, 1999. In May 2000, both the houses of the Indian Parliament passed the Information Technology Bill. The Bill received the assent of the President in August 2000 and came to be known as The Information Technology Act, 2000. Cyber Laws are contained in the IT Act, 2000. The following are its main objectives:1. It is objective of I.T. Act 2000 to give legal recognition to any transaction which is done by electronic way or use of internet. 2. To give legal recognition to digital signature for accepting any agreement via computer. 3. To provide facility of filling document online relating to school admission
4

or registration in employment exchange. 4. According to I.T. Act 2000, any company can store their data in electronic storage. 5. To stop computer crime and protect privacy of internet users. 6. To give legal recognition for keeping books of accounts by bankers and other companies in electronic form. 7. To make more power to IPO, RBI and Indian Evidence act for restricting electronic crime.

What is the objective / purpose of the Information Technology Act 2000?

To provide legal recognition for transactions carried out by means of

electronic data interchange and other means of electronic communication, commonly referred to as electronic commerce, which involve the use of alternatives information,

to

paper-based

methods

of communication

and

storage of

To facilitate electronic filing of documents with the Government agencies

and

To amend the Indian Penal Code, the Indian Evidence Act, 1872, the

Bankers Books Evidence Act, 1891 and the Reserve Bank of India Act, 1934 and for matters connected therewith or incidental thereto.

THE INFORMATION TECHNOLOGY ACT, 2000 [9th June, 2000] An Act to provide legal recognition for transactions carried out by means of electronic data interchange and other means of electronic communication, commonly referred to as "electronic commerce", which involve the use of alternatives to paper-based methods of communication and storage of information, to facilitate electronic filing of documents with the Government agencies and further to amend the Indian Penal Code, the Indian Evidence Act, 1872, the Bankers' Books Evidence Act, 1891 and the Reserve Bank of India Act, 1934 and for matters connected therewith or incidental thereto. It shall extend to the whole of India and, save as otherwise provided in this Act, it applies also to any offence or contravention there under committed outside India by any person. Nothing in this(a) A negotiable instrument as defined in section 13 of the Negotiable Instruments Act, 1881 (b) A power-of-attorney as defined in section 1A of the Powers-of-Attorney Act, 1882; (c) A trust as defined in section 3 of the Indian Trusts Act, 1882; (d) A will as defined in clause (h) of section 2 of the Indian Succession Act, 1925 including any other testamentary disposition by whatever name called; (e) Any contract for the sale or conveyance of immovable property or any interest in such property; (f) Any such class of documents or transactions as may be notified by the Central Government in the Official Gazette.
6

DEFINITIONS Digital Signature: means authentication of any electronic record by a subscriber by means of an electronic method or procedure in accordance with the provisions of section 3. A digital signature is an electronic signature that can be used to authenticate the identity of the sender of a message or the signer of a document, and possibly to ensure that the original content of the message or document that has been sent is unchanged. Digital signatures are easily transportable, cannot be imitated by someone else, and can be automatically time-stamped. The ability to ensure that the original signed message arrived means that the sender cannot easily repudiate it later. A digital signature can be used with any kind of message, whether it is encrypted or not, simply so that the receiver can be sure of the sender's identity and that the message arrived intact. A digital certificate contains the digital signature of the certificate-issuing authority so that anyone can verify that the certificate is real. How It Works Assume you were going to send the draft of a contract to your lawyer in another town. You want to give your lawyer the assurance that it was unchanged from what you sent and that it is really from you.
1.

You copy-and-paste the contract into an e-mail note.

2.

Using special software, you obtain a message hash (mathematical summary) You then use a private key that you have previously obtained from a publicThe encrypted hash becomes your digital signature of the message. (Note At the other end, your lawyer receives the message.

of the contract.
3.

private key authority to encrypt the hash.

4.

that it will be different each time you send a message.)

1.

To make sure it's intact and from you, your lawyer makes a hash of the Your lawyer then uses your public key to decrypt the message hash or If the hashes match, the received message is valid. "Affixing digital signature" with its grammatical variations and cognate expressions means adoption of any methodology or procedure by a person for the purpose of authenticating an electronic record by means of digital signature.

received message.
2.

summary.
3.

"Certifying Authority" means a person who has been granted a licence to issue a Digital Signature Certificate under section 24.

Secure System: means computer hardware, software, and procedure that (a) are reasonably secure from unauthorised access and misuse; (b) provide a reasonable level of reliability and correct operation; (c) are reasonably suited to performing the intended functions; and
8

(d) adhere to generally accepted security procedures;

SOME IMPORTANT SECTIONS UNDER THE IT ACT 2000

Section 43: Penalty for damage to computer, computer system, etc.If any person without permission of the owner or any other person who is in charge of a computer, computer system or computer network, accesses or secures access to such computer, computer system or computer network downloads, copies or extracts any data, computer data base information from such computer, computer system or computer network including information or data held or stored in any removable storage medium. Introduces or causes to be introduced any computer contaminant or computer virus into any computer, computer system or computer network; damages or causes to be damaged and computer, computer system or computer network, data, computer database or any other programmes residing in such computer, computer system or computer network; disrupts or causes disruption of any computer, computer system or computer network; denies or causes the denial of access to any person authorized to access any computer, computer system or computer network by any means;
9

provides any assistance to any person to facilitate access to a computer, computer system or computer network in contravention of the provisions of this Act, rules or regulations made there under; charges the services availed of by a person to the account of another person by tampering with or manipulating any computer, computer system or compute network he shall be liable to pay damages by way of compensation not exceeding one crore rupees to the person so affected.

Explanation.-For the purposes of this section(i) "Computer contaminant" means any set of computer instructions that are designed (a) to modify, destroy, record, transmit date or programme residing within a computer, computer system or computer network; or (b) by any means to usurp the normal operation of the computer, compute system, or computer network; (ii) "Computer database" means a representation of information, knowledge, facts, concepts or instructions in text, image, audio, video that are being prepared or have been prepare in a formalised manner or have been produced by a computer, computer system or computer network and are intended for use in a computer, computer system or computer network; (iii) "Computer virus" means any computer instruction, information, data or programme that destroys, damages,
10

degrades adversely affects the performance of a computer resources or attaches itself to another itself to another computer resources and operates when a programme, date or instruction is executed or some other even takes place in that computer resource; (iv) "Damage" means to destroy, alter, delete, add, modify or re-arrange any computer resource by any means.

Section 65: Tampering with computer source documents. Whoever knowingly or intentionally conceals, destroy, or alter any computer source code used for a computer, computer programme, computer system or computer network, when the computer source code is required to be kept or maintained by law for the time being in force, shall be punishable with imprisonment up to three years, or with fine which may extend up to two lakh rupees, or with both. Explanation - For the purposes of this section, "computer source code" means the listing of programmes, compute commands, design and layout and programme analysis of computer resource in any form.

Section 66: Hacking with Computer System.

(1) Whoever with the intent of cause or knowing that is likely to cause wrongful loss or damage to the public or any person destroys or deletes or alters any information residing
11

in a computer resource or diminishes its value or utility or affects it injuriously by any means, commits hacking. (2) Whoever commits hacking shall be punished with imprisonment up to three years, or with fine which may extend up to two lakh rupees, or with both.

Section

67:

Publishing

of

information

which

is

obscene in electronic form. Whoever publishes or transmits or causes to be published in the electronic form, any material which is lascivious or appeal to the prurient interest or if its effect is such as to tend to deprave and corrupt persons who are likely, having regard to all relevant circumstances, to read, see or hear the matter contained or embodied in it, shall be punished on first conviction with imprisonment of either description for a term which may extend to five years and with fine which may extend to one lakh rupees and in the event of a second or subsequent conviction with imprisonment of either description for a term which may extend to ten years and also with fine which may extend to two lakh rupees.

Section 71: Penalty for misrepresentation. Whoever makes any misrepresentation, to, or suppresses any material fact from, the Controller or the Certifying
12

Authority for obtaining any license or Digital Signature Certificate, as the case may be, shall be punished with imprisonment for a term which may extend to two years, or with fine which may extend to one lakh rupees, or with both.

Section 72: Breach of confidentiality and privacy. Save as otherwise provided in this Act or any other law for the time being in force, if any person who, in pursuance of any of the powers conferred under this Act, rules or regulations made there under, has secured access to any electronic information, record, record, book, or register, other correspondence, without the document material

consent of the person concerned discloses such electronic book, register, correspondence, information, document or other material to any other person shall be punished with imprisonment for a term which may extend to two years, or with fine which may extend to one lakh rupees, or with both.

AMENDMENTS TO THE IT ACT 2000

Section Amendments 2
13

2(d) modified, and the term "Digital Signature" replaced with "Electronic Signature" in the Act. Section 2(ha) added to define "Communication Device" In 2(j) "Computer Systems" and "Communication Devices", "Wire" "Wireless" added. 2 (na) introduced to define the term "Cyber Cafe" 2(nb) introduced to define the term "Cyber Security" 2(ta) and 2(tb) introduces the term of "Electronic Signature" and "Electronic Signature Certificate" 2(ua) defines "Indian Computer Emergency Response Team" 2(v)-"Message" included in the definition of "Information" 2(w) "Intermediary" defined 6 New Section 6A introduced to provide for appointment of Service Providers in eGovernance services New Section 43 A included for "Data Protection" need.-specifies liability for a body corporate handling sensitive data, introduces concept of "reasonable security practices" and sensitive personal data. No limit for compensation

New Sections added under 66A, 66B, 66 C,66D, 66E and 66 F to cover new offences. 66A: Sending offensive Messages 66B: Receiving a Stolen Computer Resource 66C: Identity Theft 66D: Cheating by personation 66E: Violation of Privacy 66F: Cyber Terrorism

14

New Section 67A introduced to cover material containing "Sexually Explicit Act" Increased imprisonment and fine compared to Sec 67. New Section 67B introduced to cover Child Pornography with stringent punishment. Imprisonment 5 or 7 years and fine RS 5 or 10 lakhs for first and subsequent instances respectively. Also covers "grooming" and self abuse 67C: This is a new section introduced requiring Intermediaries to preserve and retain certain records for a stated period

COMPUTER & CYBER CRIMES

Cyber Pornography There is no settled definition of pornography or obscenity. What is considered simply sexually explicit but not obscene in USA may well be considered obscene in India. There have been many attempts to limit the availability of pornographic content on the Internet by governments and law enforcement bodies all around the world but with little effect. Pornography on the Internet is available in different formats. These range from pictures and short animated movies, to sound files and stories. The Internet also
15

makes it possible to discuss sex, see live sex acts, and arrange sexual activities from computer screens. Although the Indian Constitution guarantees the fundamental right of freedom of speech and expression, it has been held that a law against obscenity is constitutional. The Supreme Court has defined obscene as offensive to modesty or decency; lewd, filthy, repulsive. Punishment: Section 67 of the IT Act is the most serious Indian law penalizing cyber pornography. Other Indian laws that deal with pornography include the Indecent Representation of Women (Prohibition) Act and the Indian Penal Code. According to Section 67 of the IT Act; the guilty shall be punished on first conviction with imprisonment for a term which may extend to five years and with fine which may extend to one lakh rupees and in the event of a second or subsequent conviction with imprisonment for a term which may extend to ten years and also with fine which may extend to two lakh rupees.

Illustration: Sameer launches a website that contains information on sex education. The website is targeted at higher secondary school students. Pooja is one such student who is browsing the said website. Her illiterate young maid servant happens to see some explicit photographs on the website and is filled with lustful thoughts. This website would not be considered obscene. This is because it is most likely to be seen by educated youngsters who appreciate the knowledge sought to be imparted through the photographs. It is under very rare circumstances that an illiterate person would see these explicit images.

16

Cyber Terrorism Due to the increase in cyber terrorism, the hacking into official websites or the crashing of official websites, government officials and Information Technology security specialists have recently begun a significant increase their mapping of potential security holes in critical systems in order to better protect information sensitive sites. The threat of cyber terrorism is something that has been haunting not only India but the rest of the world too. In 2011, terrorist groups had launched a major drive to recruit jihadis online but it was not something that really worked too well for them as they didn't find many takers. Although security agencies across the world can breathe a sigh of relief that not many recruitments took place online, security experts say that there is still cause for concern as it not something that terrorist groups would give up on. In the year 2012, the internet is something that would continue to dominate in terror circles and despite having not so much of a successful 2011, these groups will continue to use the internet as their prime medium to both recruit and more importantly communicate with each other. Ronald Noble, former head of the United States secret service who is now the secretary general of the Interpol says in an interview in the Independent that the internet is giving terrorists new ways to plot mass murders. India's National Investigation Agency which is considered to be the premier body fighting terrorism too has been foxed with the manner in which terrorists have been communicating using the internet. Despite such awareness, laws and tight vigilance they always manage to put across their point to their fellow operatives using the internet. The use of the mobile phone is something that has become extinct in terrorist circles which has only gone on to make the job even harder.
17

Security agencies and cyber experts warn that in the coming year, there would be surely be an intensified effort on part of these terrorist groups to dominate the web. They have been trying to make their entry into the social networking sites. Although they have not been entirely successful as of now, there is a good chance that they could wreck havoc on that space. Terror on the social networking space would not be about planning or recruitments. The whole of last year terror groups have been trying to push in the Osama virus particularly on Facebook. This virus could come in the form of mails, attachments and messages and once clicked it could shut down your system. The cyber criminals are working very hard on targeting social networking sites and in the days to come they would also try and access information by sending out these viruses. The future would see more such coordinated attacks by two groups using the web space and this is something that we need to watch out for.

CASE STUDY: David Headley Case - Cyber Terrorism

Take the David Headley case for instance. Not a single person had a clue as to what the man was up to and neither did anyone think that such a major operation would be planned in such a simple manner. Today, the NIA has even contacted the email providers for help. It is not so much about what they have spoken during the planning of the 26/11 operation, but it would be extremely essential to know what they had planned for the future as well, NIA sources point out. Headley had various email ids. The interesting part was that these were not mail addresses exclusive to Headley. These addresses
18

had a common password which was accessible to him, Tawwahur Rana and the rest of the handlers such as Sajid Mir, Major Iqbal and Major Samir Ali. This was an intentional ploy and all communications had been saved into the drafts and each one read the communication on a regular basis. The ploy was clear and this was being done to avoid any sort of detection. A Pakistani intelligence officer directed that a Jewish community center be added to the list of targets in the 2008 Mumbai terrorist attack because he believed it was being used as a front for Israels Mossad intelligence agency, a U.S. government witness testified Tuesday. The testimony by confessed terrorist David Coleman Headley may be especially significant because three Americans including a young Brooklyn rabbi who ran the community center were killed when Pakistani terrorists invaded the building during a November 2008 rampage through the Indian city that left 164 dead. Headley has admitted on the witness stand that he was used by Lashkar e Taiba (LET), the terrorist group that conducted the attack, to videotape the Mumbai targets during advance scouting trips to the city between 2006 and 2008. But he has also said that, before his trips, he met separately with an officer of Pakistans ISI intelligence agency a man he has called Major Iqbal to review the targets and discuss the operational plans for the mission. Assistant U.S. attorney Dan Collins sought to buttress Headleys testimony by introducing multiple emails among the witness, Rana, Major Iqbal and Pasha most of them written in code to establish his ties to all the players. He also asked Headley to recount conversations with Rana about the attacks after it received international media coverage. Story: Chicago terror trial could complicate US-Pakistan relations Ranas replay, according to Headley: They deserved it, Headley testified.
19

The subject of the Chabad House came up again later in the day when Headley testified about his meetings with Ilyas Kashmiri, a top al-Qaida terrorist, in 2009. Headley was taken to meet Kashmiri in Waziristan by Pasha to discuss more terrorist attacks in India and Denmark, where Kashmiri wanted to target a Danish newspaper that had published cartoons deemed disrespectful of the Prophet Mohammed. Headley said Kashmiri congratulated him on the Mumbai attack, telling him well done. He then asked him to return to India to videotape Chabad Houses in three other Indian cities for another attack in retaliation for the Israeli bombing of Gaza. In a later conversation about the plan to attack the Danish newspaper, the Jyllands-Posten, Kashmiri laid out a plan for terrorists to storm the building, take hostages, kill them and then chop off their heads and throw them out of the window. Financial crimes Financial crimes are crime against property, involving the unlawful conversion of the ownership of property (belonging to one person) to one's own personal use and benefit. Financial crimes may involve fraud (cheque fraud, credit card fraud, fraud, mortgage payment fraud, medical of sale) fraud, corporate care fraud, securities fraud); theft;scams fraud (including insider (point or confidence trading), bank tricks; tax theft; money

fraud, health

evasion; bribery; embezzlement; identity

laundering; and forgery and counterfeiting, including the production of Counterfeit money and consumer goods.

20

Financial crimes may involve additional criminal acts, such as computer crime, elder abuse, burglary, armed robbery, and even violent crime such as robbery or murder. Financial crimes may be carried out by individuals, corporations, or by organized crime groups. Victims may include individuals, corporations, governments, and entire economies.

CASE STUDY: Citibank and MphasisS BPO case April 23, 2005 The Mphasis-Citibank funds siphoning case is particularly noteworthy because of the ease with which a bunch of young BPO employees from middle-class, criminal-free backgrounds allegedly pulled off a financial fraud worth nearly half-a-million dollars ($425,000 at last count on April 20, 2011). The five accused employees of Msource the BPO arm of MphasiS BFL unit supervisor Maurelene Fernandes (25), Bijoy Alexander (26, HR), and former customer care executives Ivan Thomas (30), Siddhartha Mehta (20) and Steph-an Daniel (24) were no geeks or hackers. They were not breaking through firewalls or decoding encrypted software. Instead, they are said to have identified glaring loopholes in the MphasiS system, devised a modus operandi, roped in friends like John who was a taxi driver from outside and executed the fraud over four months, without MphasiS getting a whiff of what was happening. The scam may never have come to light but for Citibank, New York, and Citigroup Investigative Services, Mumbai, which detected the fraud, did their own snooping and then urged the Pune police to lay a trap.
21

MphasiS vice-chairman Jeroen Tas said in an e-mail interview from the US that there was no evidence of a breach or audit failure in the processes or systems employed by MphasiS and its client as it appears to be a case of password/PIN sharing and compromise. However, in the light of this incident, they were conducting full external audits on processes and compliance. The Pune cybercrime cell, headed by Assistant Commissioner of Police Sanjay Jadhav, had revealed that even Citigroup realized the illegal funds transfers had happened through MphasiS only when former employees spilled the beans after being nabbed by the police. Being the authorized e-banking service providers to Citibank, MphasiSMsource employees were privy to confidential details of various account holders. The only pieces missing were the password/PINs which the prime accused in the scam Maurelene and Ivan allegedly got by "sweet-talking" five account holders. Having obtained the PINs, the group allegedly opened fictitious e-mail accounts to divert e-banking funds transfer confirmations. Thus, the original account holders never got the confirmations they would have otherwise got in the event of a funds transfer. Neither Citibank nor MphasiS detected anything amiss after the first illegal transfer in November 2004. In March 2005, a series of rapid fire wire transfers took place, with money being moved to about a dozen bank accounts opened with the help of documents allegedly forged by John and co-accused Anand Karnavat, an ICICI home loans agent. John and Karnavat are among 11 of the 16 arrested in the case who are non-BPO employees and whose role was largely to facilitate the

22

However, Citibank finally smelt a rat, after at least one account-holder complained. It alerted Citigroup Investigative Services in Mumbai, headed by Rajendra Bhagwat. Bhagwat's team in Mumbai immediately touched base with the recipient banks in Pune and confirmed the fraud. The Pune police's cybercrime cell was alerted and a trap duly lay. On April 1, Ivan and a co-accused, Shailesh Bhulewar, came to check about a transfer in a Rupee Co-operative Bank branch in Pune. The police immediately swung into action and detained the suspects. There have been a total of 16 arrests since that day, with investigations throwing up fresh details virtually every day. Many of the accused have been charged under section 67 of the IT Act, 2000 and Indian Penal Code sections 420 (cheating), 465, 467 and 671 (forgery) besides other sections. The police had recovered about Rs 8.5 lakh from Ivan as per his lawyer Harshad Nimbalkar, who's also representing three other accused. "They were to decide their defense once the police framed the charge sheets. Forgery Forgery may be termed as the fraudulent making or alteration of a writing to the prejudice of another man's right. A person commits forgery if he:
1. 2. i. ii. iii. iv.

Makes any false document or any part of it, With an intent to: cause damage or injury to the public or any person, support any claim or title, cause any person to part with property cause any person to enter into express or implied contract,
23

v. 3.

commit any fraud or that the fraud may be committed. For Example: B, picks up a cheque on a banker signed by D, payable to

bearer, but without any sum having been inserted in the cheque. B, fraudulently fills up the cheque by inserting the sum of ten thousand rupees. B, commits forgery.

Punishment
1.

Whoever commits forgery shall be punished with imprisonment, which may

extend to two years, or with fine or both.

2.

Where the forgery is committed with intent to cheat then

the punishment shall extend to seven years and will also be liable to fine.
3.

Where there is fraudulent cancellation or destruction of the will, authority to

adopt or valuable security, then the person committing such mischief shall be punished with imprisonment for life, or imprisonment which may extend to seven years, and shall also be liable to fine (Sect.477). CASE STUDY: SONY.SAMBANDH.COM

India saw its first cyber crime conviction recently. It all began after a complaint was filed by Sony India Private Ltd, which runs a website called www.sony-sambandh.com, targeting Non Resident Indians. The website enables NRIs to send Sony products to their friends and relatives in India after they pay for it online. The company undertakes to deliver the products to the concerned recipients. In May 2002, someone logged onto the website under the identity of Barbara Campa and ordered a Sony Colour Television set and a cordless head phone. She gave her credit card number for payment and requested that the products be delivered to Arif Azim in Noida. The payment was duly cleared by the
24

credit card agency and the transaction processed. After following the relevant procedures of due diligence and checking, the company delivered the items to Arif Azim. At the time of delivery, the company took digital photographs showing the delivery being accepted by Arif Azim. The transaction closed at that, but after one and a half months the credit card agency informed the company that this was an unauthorized transaction as the real owner had denied having made the purchase. The company lodged a complaint for online cheating at the Central Bureau of Investigation which registered a case under Section 418, 419 and 420 of the Indian Penal Code. The matter was investigated into and Arif Azim was arrested. Investigations revealed that Arif Azim, while working at a call centre in Noida gained access to the credit card number of an American national which he misused on the companys site. The CBI recovered the colour television and the cordless head phone. In this matter, the CBI had evidence to prove their case and so the accused admitted his guilt. The court convicted Arif Azim under Section 418, 419 and 420 of the Indian Penal Code this being the first time that a cybercrime has been convicted. The court, however, felt that as the accused was a young boy of 24 years and a first-time convict, a lenient view needed to be taken. The court therefore released the accused on probation for one year. The judgment is of immense significance for the entire nation. Besides being the first conviction in a cybercrime matter, it has shown that the Indian Penal Code can be effectively applied to certain categories of cyber crimes which are not covered under the Information Technology Act 2000. Secondly, a judgment of this sort sends out a clear message to all that the law cannot be taken for a ride.
25

Cyber stalking Cyber stalking is the use of the Internet or other electronic means to stalk or harass an individual, a group of individuals, or an organization. It may include false accusations, monitoring, making threats, identity theft, damage to data or equipment, the solicitation of minors for sex, or gathering information in order to harass. The definition of "harassment" must meet the criterion that a reasonable person, in possession of the same information, would regard it as sufficient to cause another reasonable person distress. Cyber stalking is different from spatial or offline stalking. However, it sometimes leads to it, or is accompanied by it.

Case of Cyber stalking Little did Seema Khanna (name changed), an employee with an embassy in New Delhi, know that web surfing would lead to an invasion of her privacy. In an apparent case of cyber stalking, Khanna (32) received a series of emails from a man asking her to either pose in the nude for him or pay Rs 1 lakh to him. In her complaint to Delhi Police, the woman said she started receiving these mails in the third week of November. The accused threatened Khanna that he would put her morphed pictures on display at sex websites , along with her telephone number and address. He also allegedly threatened to put up these pictures in her neighbourhood in southwest Delhi. "Initially, she ignored the mails, but soon she started receiving letters through post, repeating the same threat. She was forced to report the matter to the police," said an officer with cyber crime cell. That, however, was not the end
26

of her ordeal. The accused mailed the woman her photographs. The woman claimed these were the same photographs which she had kept in her mail folder. The police said the accused had hacked her e-mail password which enabled him to access the pictures. A preliminary inquiry into the complaint has revealed that the mails were sent to the victim from a cyber cafe in south Delhi. "We hope to trace the accused soon," said deputy commissioner of police (crime) Dependra Pathak. The police feel the accused might be known to the victim as he seemed to know a lot about her. The cyber stalker can be booked under Section 509 of the IPC for outraging the modesty of a woman and also under the Information Technology Act, 2000. CASE STUDY: State of Tamil Nadu Vs Suhas Katti

The Case of Suhas Katti is notable for the fact that the conviction was achieved successfully within a relatively quick time of 7 months from the filing of the FIR. Considering that similar cases have been pending in other states for a much longer time, the efficient handling of the case which happened to be the first case of the Chennai Cyber Crime Cell going to trial deserves a special mention. The case related to posting of obscene, defamatory and annoying message about a divorcee woman in the yahoo message group. E-Mails were also forwarded to the victim for information by the accused through a false e-mail account opened by him in the name of the victim. The posting of the message resulted in annoying phone calls to the lady in the belief that she was soliciting. Based on a complaint made by the victim in February 2004, the

27

Police traced the accused to Mumbai and arrested him within the next few days. The accused was a known family friend of the victim and was reportedly interested in marrying her. She however married another person. This marriage later ended in divorce and the accused started contacting her once again. On her reluctance to marry him, the accused took up the harassment through the Internet. On 24-3-2004 Charge Sheet was filed u/s 67 of IT Act 2000, 469 and 509 IPC before The Honble Addl. CMM Egmore by citing 18 witnesses and 34 documents and material objects. The same was taken on file in C.C.NO.4680/2004. On the prosecution side 12 witnesses were examined and entire documents were marked as Exhibits.

The Defence argued that the offending mails would have been given either by ex-husband of the complainant or the complainant her self to implicate the accused as accused alleged to have turned down the request of the complainant to marry her. Further the Defence counsel argued that some of the documentary evidence was not sustainable under Section 65 B of the Indian Evidence Act. However, the court relied upon the expert witnesses and other evidence produced before it, including the witnesses of the Cyber Cafe owners and came to the conclusion that the crime was conclusively proved. Ld. Additional Chief Metropolitan Magistrate, Egmore, delivered the judgement on 5-11-04 as follows: " The accused is found guilty of offences under section 469, 509 IPC and 67 of IT Act 2000 and the accused is convicted and is sentenced for the offence to undergo RI for 2 years under 469 IPC and to pay fine of Rs.500/and for the offence u/s 509 IPC sentenced to undergo 1 year Simple

28

imprisonment and to pay fine of Rs.500/- and for the offence u/s 67 of IT Act 2000 to undergo RI for 2 years and to pay fine of Rs.4000/- All sentences to run concurrently."

The accused paid fine amount and he was lodged at Central Prison, Chennai. This is considered as the first case convicted under section 67 of Information Technology Act 2000 in India.

IT IN BANKING SECTOR

The modern contemporary era has replaced these traditional monetary instruments from a paper and metal based currency to plastic money in the form of credit cards, debit cards, etc. This has resulted in the increasing use of ATM all over the world. The use of ATM is not only safe but is also convenient. This safety and convenience, unfortunately, has an evil side as well that do not originate from the use of plastic money rather by the misuse of the same. This evil side is reflected in the form of ATM frauds that is a global problem. Internet commerce has grown exponentially during the past few years and is still growing. But unfortunately the growth is not on the expected lines because the credit card fraud which has become common has retarded the e-commerce growth. Credit card fraud has become regular on internet which not only affects card holders but also online merchants. Credit
29

card fraud can be done by taking over the account, skimming or if the card is stolen. Certain preventive measures can be taken to becoming a credit card victim. With the advances in information technology, most banks in India have migrated to core banking platforms and have moved transactions to payment cards (debit and credit cards) and to electronic channels like ATMs, internet banking and mobile banking. Fraudsters have also followed customers into this space. "However, the response of most of the banks to frauds in these areas needs further improvement, thereby avoiding putting the entire onus on the customer," the RBI said. It said most retail cyber and electronic banking frauds would be less than Rs 1 crore. A need is therefore felt to have an industry-wide framework on fraud governance, with particular emphasis on tackling electronic channel based frauds, it said. RBI had appointed a Working Group headed by RBI Executive Director G Gopalakrishna on various issues arising out of the use of information technology in banks. The apex bank examined various issues and made its recommendations in nine broad areas, including IT Governance, Information Security and Cyber Fraud. In the guidelines, RBI said banks need to ensure

implementation of basic organisational framework and put

30

in place policies and procedures which do not require extensive budgetary support, infrastructural or technology changes, by October 31, 2011.

CASE STUDY: Three people held guilty in on line credit card scam Customers credit card details were misused through online means for booking air-tickets. These culprits were caught by the city Cyber Crime Investigation Cell in pune. It is found that details misused were belonging to 100 people. Mr. Parvesh Chauhan, ICICI Prudential Life Insurance officer had complained on behalf of one of his customer. In this regard Mr. Sanjeet Mahavir Singh Lukkad, Dharmendra Bhika Kale and Ahmead Sikandar Shaikh were arrested. Lukkad being employeed at a private institution, Kale was his friend. Shaiklh was employed in one of the branches of State Bank of India . According to the information provided by the police, one of the customer received a SMS based alert for purchasing of the ticket even when the credit card was being held by him. Customer was alert and came to know something was fishy; he enquired and came to know about the misuse. He contacted the Bank in this regards. Police observed involvement of many Bank's in this reference. The tickets were book through online means. Police requested for the log details and got the information of the
31

Private Institution. Investigation revealed that the details were obtained from State Bank of India . Shaikh was working in the credit card department; due to this he had access to credit card details of some customers. He gave that information to Kale. Kale in return passed this information to his friend Lukkad. Using the information obtained from Kale Lukkad booked tickets. He used to sell these tickets to customers and get money for the same. He had given few tickets to various other institutions. Cyber Cell head DCP Sunil Pulhari and PI Mohan Mohadikar A.P.I Kate were involved in eight days of investigation and finally caught the culprits. In this regards various Banks have been contacted; also four air-line industries were contacted. DCP Sunil Pulhari has requested customers who have fallen in to this trap to inform police authorities on 2612-4452 or 2612-3346 if they have any problems.

STATISTICS
Cybercrime is a big threat to Indias online population, which loses billions to Internet fraud every year, but when it comes to reporting such cases, very few seem to come forward, if government records are anything to go by. The police have recorded only 3,038 cases and made fewer arrests (2,700) between 2007 and 2010, under both the Information Technology (IT) Act as well as the Indian Penal Code (IPC). And only three convictions have taken place, according to lawyers.
32

Going by the latest available figures from the National Crime Records Bureau (NCRB), 966 cybercrime cases were filed under the IT Act, 2000, in 2010 and 420 in 2009. Of these, 153 cases were reported from Karnataka, followed by Kerala (148), Maharashtra (142), Andhra Pradesh (105), Rajasthan and Punjab (52 each). About one-third of the cases registered were related to hacking and 233 persons were arrested in 2010. Under the IPC, 356 cybercrime cases were registered in 2010 and 276 cases in 2009. Maharashtra reported the maximum number of such cases (104), followed by Andhra Pradesh (66) and Chhattisgarh (46). A majority of these crimes were either forgery or fraud cases. Although such offences fall under traditional IPC crimes, they had cyber-overtones, according to NCRB.

INTERNET CRIME COMPLAINT CENTER (IC3): A partnership between the Federal Bureau of Investigation (FBI) and the National White Collar Crime Center (NW3C). In 2010, IC3 received the second-highest number of complaints since its 2000. IC3 received its twomillionth complaint in 2010. On average, IC3 receives and processes 25,000 complaints per month. The most common victim complaints in 2010 were non-delivery of payment/merchandise, scams impersonating the FBI (hereafter FBI-related scams) and identity theft. Victims of these crimes reported losing hundreds of millions of dollars.

National Crime Records Bureau:

33

(NEW DELHI, 7 AUG, 2011) According to 23rd Report on Information Technology, the Parliamentary Standing Committee on Information Technology was told on the disposal status of registered cybercrime cases that at present National Crime Records Bureau (NCRB) is not maintaining any such data. With increasing cybercrime, there is a need to update tools and techniques to detect and analyze them and need for a mechanism to insure against financial loss through e-fraud which is an emerging field, said a Parliamentary report. The 31-member Committee chaired by Rao Inderjit Singh said that with regard to the cybercrime cases registered till date under Information Technology Act, the department has provided few data.

No cyber cases registered in Haryana, Bihar, Jammu and Kashmir,

Jharkhand, Meghalaya, Mizoram, Nagaland, Sikkim, Tripura, Andaman and Nicobar Islands, Dadra and Nagar Haveli, Daman and Diu, Lakshadweep and Pondicherry, Karnataka.

Bengaluru had the highest number of hacking cases totaling 91 out of

the 118 cases registered countrywide during 2009.

The 53-page report dealing with various aspects of Information

Technology was told that a total of 106, 201 and 315 Government websites were hacked during 2008, 2009 and 2010 respectively and these attacks were directed from countries like USA, UK, Mexico, Spain, Brazil,
34

Turkey, Iran, Pakistan, China, Lebanon, Peru, Morocco, Japan, Korea, Saudi Arabia, Algeria and Nigeria.

It noted that of the Rs 600 crore allocated for the Eleventh Five Year

Plan for tackling cybercrime, only Rs 122.98 crore has been spent till 201011 since beginning of the Plan in 2007-08. According to figures available it was 2007-08 (Rs 22.73 crore), 2008-09 (Rs 30.61 crore), 2009-2010 (Rs 29.64 crore) and tentative expenditure for 2010-11 was Rs 40 crore.

The report said the department of financial services of the ministry of

finance has informed it that online banking frauds worth Rs 590.49 lakh in 2009 and the CBI has registered six cybercrime cases causing financial loss of Rs 2, 70,650 to the government and private parties. The Committee also sought to know whether there is a measure to compensate the financial loss occurring due to cyber fraud. To this the department informed that the Information Technology Act, 2000, provides for compensation for the damages suffered by the victims of computer crimes and frauds and it also provides for punishment in the form of imprisonment and fine to the perpetrator.

A recent survey indicates that for every 500 cybercrime incidents that take place, only 50 are reported to the police and out of that only one is actually registered. These figures indicate how difficult it is to convince the police to register a cybercrime.

35

The United States remains at the top with 28.78% of all phishing sites located out of the United States and 11.96% out of China. Korea, Germany, Australia, Canada, Japan, United Kingdom, Italy and India are the other countries where phishing attacks are prevalent. As of now, 2.11% of the phishing sites are located in India.

CYBER CRIME IN INDIA:

36

A total number of 219 Government websites tracked by the Indian Computer Emergency Response Team (CERT-In) were hacked / defaced by various hacker groups in the year 2008, 2009, 2010 and JanOct 2011 respectively.

37

The annual report on Cyber Crimes released by Norton (2011):

INDIA GLOBALLY ( 24 countries ) CYBERCRIME COSTS 1) Total net cost of 341.1bn (US$7.6bn) US $388bn

cybercrime

162.6bn 2) Victims value of the time lost to (US$3.6bn)

US $274bn

38

cybercrime

178.5bn (US$4bn)

US $114bn

3)Direct cash cost (money stolen/cost cybercrime ) of resolving

CYBERCRIME EXPERIENCES

1) Online adults who have 1. 80% experienced their lifetime cybercrime in

1. 69%

2) Victims who experienced cybercrime in the past 12 2. 81% months 2. 65%

3)

Adults

who mobile

have related

experienced cybercrime LOST TIME Days taken

3.17%

3. 10%

to

resolve 15 days

10 days

cybercrime in the past year (average)

TOP CRIME

CYBER Most common types of cybercrime in past 12 months (% of all cybercrime)

Computer viruses/mal ware

Computer viruses/mal ware

(60% overall, (54% overall,

39

of which 75% occurred the past months)

of which 58% in 12

in occurred 12 the past months)

Online scams

Online scams

(20% overall, (11% overall, of which 48% occurred the past months) of which 52% in 12

in occurred 12 the past months)

Phishing

Phishing

(19% overall, (10% overall, of which 59% occurred the past months) of which 53% in 12

in occurred 12 the past months)

40

SECURTIY

Adults (%) who do not have 43% up todate security software

41%

ONLINE/ OFFLINE CRIME: All adults (%) who: online

1) Have been a victim of 65% online cybercrime in the last 12 months 25% 2) Have been a victim of physical world (offline) crime in the last 12 months 44% 3) Think they are more likely to be a victim of online crime than offline crime (over next 12 months)

44%

15%

31%

41

Top 10 Countries by Count- Individual Complainants (Numbered by Rank):

COUNTRIES
1. United States

PERCENTAGES
91.2 %

2. Canada

1.5 %

3. United Kingdom

1.0 %

4. Australia

0.7 %

5. India

0.5 %

6. South Africa

0.2 %

7. Germany

0.2 %

8. Mexico

0.2 %

42

9. France

0.2 %

10. Philippines

0.2 %

INDIA, BRAZIL AND CHINA CYBER CRIME LAWS:

DATA CRIME
COUNTRY

NETWORK CRIME
Data Theft Network Interferen ce Network Sabotage

ACCESS CRIME

RELATED CRIM

Data Intercepti on

Data Modificati on

Unauthorized Access

Virus Dissemination

Aiding and Abetting cyber crime

Computer Related Forgery

INDIA

BRAZIL

CHINA

Average Monetary loss per Fraud Complaint Looking at the average monetary loss gives us a glimpse into the significance of this type of crime. The average monetary loss per complaint:
43

Debit/Credit Card fraud Auction fraud Non-Delivery (merchandise and payment) Computer fraud Nigerian letter fraud Confidence fraud Check fraud

$ 223 $ 610 $ 800 $ 1,000 $ 1,650 $ 2,000 $ 3,000

QUESTIONNAIRE ON CYBER CRIME

1) a)

How much of time do you spend on the internet per day? Less than 1 hr (b) 1-2 hrs (c) 2-3 hrs (d) more than 3 hrs

2)

What are your usual reasons for using the internet service? (b) Gaming (c) Social networking (e) shopping

a) Research & academic use

service (d) Chat/communication

3)

Have you ever got an e-mail that was a spam? (b) No If yes, what did you do about the spam e-mail? (c) stop all mails from that source Others _______________ Has your identity ever been stolen, your account been hacked? If yes

a) Yes

4)

a) Delete it (b) Report it

(d)
5)

then which of the following accounts?

44

a) Social website (Facebook, orkut etc) (b) twitter

(c) email accounts

(d) blogs
6)

(e) financial a/c (demat a/c )

If you are a victim of cyber crimes do you report it? (b) No

a) Yes

7)

Do you shop online using your credit card? (b) No

a) Yes

8)

If yes have you been a victim of online financial frauds? (b) No

a) Yes

9)

Is the operating system you are using an original licensed version? (b) No- pirated

a) Yes- original

10)

Are you aware of the cyber crime cell that deals with cyber crimes? (b) No

a) Yes

ANALYSIS:
1) How much of time do you spend on the internet per day? (a) Less than 1 hr (b) 1-2 hrs (c) 2-3 hrs (d) more than 3 hrs TOTAL 9 15 12 24 60

45

2) What are your usual reasons for using the internet service? (a)Research & academic use (b)Gaming (c )Social networking (d) Chat/communication (e) Shopping TOTAL 15 9 27 6 3 60

3) Have you ever got an e-mail that was a spam? (a) Yes (b) No TOTAL 51 9 60

46

4) If yes, what did you do about the spam e-mail? (a) Delete it (b) Report it (c) stop all mails from that source (d) Others TOTAL 51 3 6 0 60

5) Has your identity ever been stolen, your account been hacked? If yes then which of the following accounts?
47

(a)Social website (Facebook, orkut etc) (b) Twitter (c) Email Accounts (d) Blogs (e) Financial A/c (Demat A/c ) (f) None TOTAL

21

17 9 0 7

6 60

6) If you are a victim of cyber crimes do you report it? (a) Yes (b) No TOTAL 9 51 60

48

7) Do you shop online using your credit card? (a) Yes (b) No TOTAL 27 33 60

8) If yes have you been a victim of online financial frauds? (a) Yes (b) No TOTAL 6 54 60

49

9) Is the operating system you are using an original licensed version? (a) Yes- original (b) No- pirated TOTAL 18 42 60

10) Are you aware of the cyber crime cell that deals with cyber crimes? (a) Yes (b) No
50

21 39

TOTAL

60

NASSCOM
NASSCOM is Indias National Association of Software and Service Companies, the premier trade body and the chamber of commerce of the IT software and services industry in India. NASSCOM is a truly global trade body with around 900 members, of which nearly 150 are global companies from the US, UK, EU, Japan and China. NASSCOMs member companies are in the business of software development, software services, and ITenabled/BPO services. NASSCOM was set up to facilitate business and trade in software and services and to encourage advancement of research in software technology. It is a not-for-profit organization, (funded entirely by its members) registered under the Societies Act, 1860. NASSCOM has been the strongest proponent of global free trade in India. NASSCOM is committed to work proactively to encourage its members to
51

adopt world class management practices, build and uphold highest quality standards and become globally competitive.

Innitiatives by NASSCOM
NASSCOM undertakes several initiatives and works with multiple stakeholders within the global IT-BPO eco-system:

Policy Advocacy: NASSCOM collaborates with the Government of India at

the centre and states to build a policy framework that is conducive to the growth of the IT-BPO industry in the country.

Membership Engagement: NASSCOM works closely with its member

companies, encouraging them to share best practices and experiences, and mentor smaller organisations that are still on the learning curve.

Industry Development: NASSCOM undertakes several development

initiatives to spur the growth of the sector.

o

Research: It conducts industry research, surveys, and studies on emerging

IT-BPO trends and sector performance to provide factual perspectives on the industry and the growth opportunities ahead.
o

Events: It organises national and international events to showcase new

opportunities, collaborate, build thought leadership and networking.

o

Forums: Industry forums at NASSCOM cater to the needs of diverse

segments and build specific programmes that can help these sectors to realise their potential. The forums at NASSCOM include:

Animation VFX Gaming Technology Business Process Outsourcing (BPO) Engineering Research and Design Remote Infrastructure Management

52

Entrepreneurship: NASSCOM is committed to promoting and

nurturing small-and-medium companies within the IT-BPO industry. It does so through its Emerge-Product Group, a one-stop-platform that uses online and offline sessions to promote mentorship and help members evolve winning sales and marketing, partnership and funding strategies.

Enabling Environment: NASSCOM, in partnership with the industry,

has created specific programmes and awards that encourage innovation, security best practices and Tier 2/ 3 city development.

Sustainability: In order to promote balanced growth across India, and

build a sustainable IT-BPO industry, NASSCOM engages with its members on critical issues related to Corporate Social Responsibility, enhancing diversity, inclusive growth and Green IT.

FUNCTIONS OF NASSCOM

Partnership with the government: NASSCOM acts as an

advisor to the Indian government at the centre as well as state levels. With adequate representation in various ministries of the government, the organization ensures that the government frames industry friendly policies. It also forms partnerships at the global level for promoting the Indian IT and ITES industries.

Support for quality products and services: NASSCOM

encourages its members to maintain high quality of products and services with the aim of developing global public confidence for its members and the industry. It also helps the members achieve

53

international quality certifications through regular seminars and workshops on quality standards.

Protection

of

Intellectual

Property

Rights:

The

organization is a strong proponent of intellectual property rights. It supports software anti piracy by setting up hotlines and facilitating law enforcement.

Reinforce the brand equity of Indian IT and ITES

industries: NASSCOM organizes regular international seminars and conferences to build a brand for the Indian IT and ITES industries.

Increase talent pool in India: India has one of the largest

talent pool in the world with 300,000 engineers and 2.1 million graduates being produced by its 11,200 higher education institutions each year. NASSCOM ensures that the quality and quantity of professionals in the country increases with time and that the country is able to cater to the global demand of IT and ITES outsourcing services.

Partnerships

with

member

companies:

The

organization provides various services to its members such as the following:

o

Creating business opportunities and sharing of best knowledge through forums, seminars and

practices

conferences
o

Publishing research reports that provide the members

counsel from leading industry analysts. The organization

54

also maintains a database of member companies specifying their areas of expertise.

o

Providing information on global business norms on

taxation, regulations, recruitment, etc.

CONCLUSION
After studying the IT act of 2000 & the amendments made in 2006 & 2008; we would like to conclude that; knowing or unknowing many of us indulge in unlawful activities. It might be as simple as using the Pirated version of any software. For this the masses need to be educated & made aware about the act. With the number of internet users increasing day by day & accessible
55

to everyone; the probability of unlawful cyber activities has also seen an increase. The advancement in the technology has seen the advent of more & more sophisticated cyber crimes happening. Technological activities cannot be stopped as it is the need of the hour, but what we can do is make people aware of the safety procedures & safe methods of using the internet. Our cyber laws are one of the best in the world; however there is still scope for improvement. Thus we conclude that since India being the IT hub; the masses should be made aware of these laws & the safe methods & lawful ways of using Technology for the betterment rather that for unlawful activities.

BIBLIOGRAPHY

http://www.cyberlawclinic.org/casestudy.asp http://www.cyberlawclinic.org/cyberlaw.htm

56

http://www.ecommercetimes.com/story/42112.html http://www.cyberlawsindia.net/cases.html http://nicca.nic.in/pdf/itact2000.pdf http://www.cyberlawconsulting.com/it-act.html http://www.livemint.com/2011/12/19005304/Cybercrime-on-the-

rise-but-no.html

http://trak.in/tags/business/2011/12/02/cyber-attacks-india-

numbers/

57