Professional Documents
Culture Documents
Table of Contents
1. Introduction to Cybercrime .................................................................................................... 2
1.1 Cybercrime- Definition .................................................................................................... 3
1.1.1 The U.S. Department of Justice (DOJ) divides cybercrime into three categories:
3
1.2 Origin of Cybercrime ....................................................................................................... 5
1.3 Information Security ........................................................................................................ 6
1.3.1 Definitions of information security...................................................................... 7
1.4 Classifications of Cybercrimes ........................................................................................ 8
1.5 Who are Cybercriminals? .............................................................................................. 14
1.6 A Global Perspective on Cybercrimes ........................................................................... 15
1.7 Cybercrime as a business ............................................................................................... 16
1.8 Cybercrime laws around the globe ................................................................................ 17
1.8.1 Famous incidents relating to cyber crimes ........................................................ 19
1.8.2 Cybercrime in India ........................................................................................... 21
1.8.3 Grounds of cybercrime in India ......................................................................... 22
1.8.4 Cybercrime cases in India .................................................................................. 23
1.8.5 Reporting a cybercrime in India ........................................................................ 24
1.8.6 Cyber Crime Complaint Online ......................................................................... 25
1.9 Cyber crime legislation and agencies ............................................................................ 27
1.10 Protection against cybercrime ...................................................................................... 30
1.11 Prevention against cybercrime ..................................................................................... 31
2. Cyber Offenses: ................................................................................................................... 33
2.1 The offences included in the I.T. Act 2000 are as follows − ......................................... 34
2.2 Compounding of Offences ............................................................................................. 42
2.3 How Criminals Plan the Attacks:................................................................................... 43
2.3.1 Reconnaissance .................................................................................................. 43
2.3.2 Passive Attacks .................................................................................................. 44
2.3.3 Active Attacks.................................................................................................... 45
2.3.4 Scanning and Scrutinizing Gathered Information ............................................. 45
2.3.5 Attack (Gaining and Maintaining the System Access) ...................................... 46
3. Cyber stalking: ..................................................................................................................... 46
1. Introduction to Cybercrime
our use of the internet is essential for the successful completion of our daily tasks and activities.
However, accessing the internet can also lead to a number of online crimes, such as breach of
A number of cybercrime cases including phishing, identity theft, and fraud, have surged
in recent years. In the previous year alone, India saw a multifold increase in the number of
This emphasises the significance of creating more effective and deterrent legal structures, as
examine the country’s existing cybersecurity legislation to see if they provide adequate
While most cybercrimes are carried out in order to generate profit for the
cybercriminals, some cybercrimes are carried out against computers or devices directly to
damage or disable them. Others use computers or networks to spread malware, illegal
information, images or other materials. Some cybercrimes do both -- i.e., target computers to
infect them with a computer virus, which is then spread to other machines and, sometimes,
entire networks.
types of profit-driven criminal activity, including ransomware attacks, email and internet fraud,
and identity fraud, as well as attempts to steal financial account, credit card or other payment
card information.
network.
technical gadgets, or the internet. Although some cybercrimes are intended to cause harm to
the victim, the vast majority are committed for financial gain.
1.1.1 The U.S. Department of Justice (DOJ) divides cybercrime into three categories:
1. crimes in which the computing device is the target -- for example, to gain network
access;
2. crimes in which the computer is used as a weapon -- for example, to launch a denial-
3. crimes in which the computer is used as an accessory to a crime -- for example, using
The Council of Europe Convention on Cybercrime, to which the U.S. is a signatory, defines
cybercrime as a wide range of malicious activities, including the illegal interception of data,
system interferences that compromise network integrity and availability, and copyright
infringements.
Individuals and corporations are both targets. Individuals are typically part of a bigger
assault in which the hacker tries to distribute malware across machines for-profit motive.
Business assaults, on the other hand, are usually a one-shot deal. Businesses are also far more
Cybercrimes generally do not occur in a vacuum; they are, in many ways, distributed
in nature. That is, cybercriminals typically rely on other actors to complete the crime. This is
whether it's the creator of malware using the dark web to sell code, the distributor of illegal
pharmaceuticals using cryptocurrency brokers to hold virtual money in escrow or state threat
Despite the fact that the internet is only roughly 30 years old, experts believe the 1834
hack to be the first cyberattack in history. Two crooks infiltrated the French Telegraph System
Some early cyberattacks, which began in the late 1800s and the early 20th century, saw
cybercriminals target telephone infrastructure. Only two years after the invention of the
telephone, adolescent guys stole into Alexander Graham Bell’s telephone firm and wreaked
havoc by misleading calls. Phone hacking, also known as phreaking, became popular in the
Rene Carmille, a French computer scientist, broke into the Nazi data registry in 1940
The introduction of email in the 1980s brought with it phishing schemes and viruses
sent via attachments. Web browsers, like computer viruses, had grown prevalent by the 1990s.
Because of the nature of these platforms, the broad use of social media in the 2000s
only exacerbated cyber crime, particularly data theft. Malware infections and data theft have
surged rapidly over the last 10 years and show no indications of slowing down anytime soon.
With the evolution of the internet, hackers now have a plethora of novel attack vectors
at their disposal. As more and more ordinary devices — refrigerators, washing machines,
heating systems, light bulbs, and so on — go online, cybercriminals gain new weaknesses and
possibilities.
access to data or the unlawful use, disclosure, disruption, deletion, corruption, modification,
the adverse impacts of such incidents. Protected information may take any form, e.g., electronic
primary focus is the balanced protection of data confidentiality, integrity, and availability (also
known as the CIA triad) while maintaining a focus on efficient policy implementation, all
without hampering organization productivity. This is largely achieved through a structured risk
Identifying information and related assets, plus potential threats, vulnerabilities, and
Deciding how to address or treat the risks, i.e., to avoid, mitigate, share, or accept them
Monitoring the activities and making adjustments as necessary to address any issues,
The protection of information and information systems from unauthorized access, use,
and availability (Committee on National Security Systems: National Information Assurance (IA)
is concerned with the development and implementation of security mechanisms of all available
types (technical, organizational, human-oriented and legal) in order to keep information in all
its locations (within and outside the organization's perimeter) and, consequently, information
systems, where information is created, processed, stored, transmitted and destroyed, free from
corresponding security goal may be defined for each category of threats. A set of security goals,
identified as a result of a threat analysis, should be revised periodically to ensure its adequacy
and conformance with the evolving environment. The currently relevant set of security goals
Security and Information Assurance. The Discussion about the Meaning, Scope and Goals".
Identity theft and embezzlement are examples of fraudulent crimes that might
While children are more likely to be victims of cyberbullying, adults are not
exempt. According to a survey, 40% of polled teens said they had encountered
online harassment, while 24% of adults aged 26–35 said they had experienced
cyberbullying.
Malware: Malware is a term that refers to any software program that is meant
to infiltrate or harm a device. Viruses are a type of software that falls under the
malware category. Viruses may cause a range of problems once they enter a
device. They may delete files, record your keystrokes, erase your disk drive, or
notifying the victim that their bank account or personal device is under assault,
Figure 1.7Phishing
Cyberextortion: Cyber extortion is a type of blackmail that takes place through
the internet. In these occurrences, cybercriminals target or try to harm the person
Figure 1.8Cyberextortion
Ransomware: Ransomware is a sort of cyber extortion that uses malware to
achieve its purpose. This software threatens to disclose the victim’s data or to
block the user from retrieving his/her data unless the cybercriminal gets a
Figure 1.9Ransomware
Source:- https://www.globalsign.com/
enter the device of a victim to steal data whereas the cryptojackers are not
because falling prey to it can drastically delay one’s device and render it
unwitting access to their data. Cybercriminals can access a victim’s credit card
data, passwords, web cam, and microphone depending on the type of spyware
employed.
Adware: Adware is software that you may unintentionally download and install
lawful and innocuous, others are invasive due to the type and number of ads
infiltrate and gain control of these machines in order to do things online without
the user’s consent, allowing them to commit fraudulent crimes while remaining
undetected. They may send spam emails and conduct targeted hacks into a
company’s assets, financial records, data analyses, and other vital information.
Dating hoodwinks: Some hackers utilise dating websites, chat rooms, and
online dating apps to pose as possible mates and attract people in order to have
corporate information as well as personal and private data. Despite this, not all
hackers are crooks. Some “white hat” hackers are employed by software
hackers get into a company’s network in order to uncover existing holes in their
Credit card fraud - An attack that occurs when hackers infiltrate retailers'
systems to get the credit card and/or banking information of their customers.
Stolen payment cards can be bought and sold in bulk on darknet markets, where
hacking groups that have stolen mass quantities of credit cards profit by selling
individual accounts.
instant messages.
Software piracy: An attack that involves the unlawful copying, distribution and
Exit scam: The dark web, not surprisingly, has given rise to the digital version
of an old crime known as the exit scam. In today's form, dark web administrators
Cybercriminals or “black hat” hackers may desire to go clean and abandon their
criminal activities occasionally. In these circumstances, one of the finest possibilities is to work
as a security analyst for the organisations they used to torture. These individuals have greater
expertise and experience with network intrusion than the majority of computer security
specialists.
Cybercriminals use various attack vectors to carry out their cyberattacks and are
constantly seeking new methods and techniques for achieving their goals, while avoiding
Cybercriminals often carry out their activities using malware and other types of
software, but social engineering is often an important component for executing most types of
cybercrime. Phishing emails are another important component to many types of cybercrime but
especially so for targeted attacks, like business email compromise (BEC), in which the attacker
attempts to impersonate, via email, a business owner in order to convince employees to pay out
bogus invoices.
Because of the significant danger of data loss, the consequences of cybercrime may be
Individual: Individuals bear the brunt of the consequences of cyber crime. With the
gadgets, there may be difficulties such as data breaches, identity theft, or trafficking to
harmful websites, among other things. As a result, one may notice unusual purchases
on their credit cards and lose access to their financial accounts. Furthermore, fraudsters
Business: Businesses may suffer from the loss of sensitive data, financial loss, or brand
harm, among other things. It can have a direct impact on the value of a firm, and the
stock value can result in a loss of reputation, clients, and so on. Companies that fail to
secure client data will face fines and penalties. Furthermore, a malicious user may
it, is a serious breach of data. Cybercriminals employ cutting-edge tools and technology
to obtain access to extremely sensitive government data. The primary goal of attacking
The dark web, which is distinct from the deep web, has its own economy where
cybercrime occurs. Criminals purchase and sell adware, botnets, data lists, and other items in
order to conduct fraud and identity theft. However, there is a darker side to the dark web.
The dark web is used for a variety of purposes, including sex trafficking, the spread of
child pornography, hitmen, and much more. There’s a sector of the internet, hidden behind
many redirection and encrypted pages, that allows such heinous actions to take place. We’re
Due to the extensive paper trail created by accessing the internet, criminals who engage
in such operations are concerned about their identity. Access to relevant portions of the dark
web is typically possible through a combination of TOR browsers (The Onion Router) and a
secure virtual private network, as well as the confidence of individuals who run in such circles.
accessible for purchase on the dark web. According to Experian, a business that provides
identity theft protection, someone’s social security number might be sold on the dark web for
as low as $1. Credit card numbers may be purchased for as low as $5.
anybody could use a different identity on the internet. Securing our personal data is critical, not
just for the money in the bank account, as well as for our liberty.
countries throughout the world have enacted several cyber laws that specify the offences and
The United States of America: Computer fraud and abuse are prohibited under the
Computer Fraud and Abuse Act (CFAA), 18 USC 1030. These are cyber defence
systems. It protects them from intrusion, threats, vandalism, spying, and being corruptly
utilised as fraud instruments. It is not a complete provision, but rather covers holes and
Sharing Act (CISA), United States Code, and The Framework for Improving
Canada: A complicated legal and regulatory structure governs data protection and
risks (or the effect of such risks when they materialise) can have major legal and
area of law and governance is critical for enterprises that operate in Canada (in whole
5 (‘PIPEDA’) along with the Criminal Code of Canada is a data privacy act that
essentially provides two key cybersecurity duties for Canadian private sector
European Union: The EU intends to create a single set of guidelines and laws covering
cybersecurity and data protection. Directives are legislative actions that establish
legally obligatory objectives for all member nations. Once enacted, each country must
2018
o The General Data Protection Regulation (GDPR) is the most comprehensive
and unified piece of cyber law in the EU. It has a direct impact on foreign
based. The GDPR, which was established in 2018 to harmonise data protection
and privacy rules across member nations, is now in effect. It empowers member
measures that directly affect enterprises. It went into effect on June 27, 2019,
China: When China’s Cybersecurity Law went into effect in June 2017, it created the
groundwork for a defence plan against widespread cybercrime and possible nation-state
operators,” requiring them to keep personal and essential network data within China.
However, the criteria might be imprecise and wide, and even organisations in the
financial industry may fall under the category of information infrastructure operator.
Multinational firms must keep data generated in China within the country’s boundaries,
collaborating with local cloud data centre providers or developing their own centres in
o The Data Security Law (“DSL”) was passed by the People’s Republic of
China’s National People’s Congress Standing Committee on June 10, 2021. The
DSL’s primary goal is to safeguard and secure important data related to national
The United Kingdom: In the United Kingdom, the Computer Misuse Act, of 2013,
preparatory conduct and the trafficking of technology used for unauthorised computer
access.
Cyber assaults and data breaches are common occurrences. If we read tech news, we
might have come across headlines indicating cybercriminals are continually developing and
In late 2019, the Australian Cyber Security Centre issued a warning to national
businesses about the Emotet virus, a significant global cyber threat. Emotet was created to
crack simple passwords, steal information, and inject other malware onto computers. This virus
was a financial trojan with a variety of characteristics and capabilities that has been affecting
governmental bodies, public enterprises, and private groups all over the world since 2014.
Cyber security risks are not limited to technology firms; they have also invaded the
video gaming sector. An excellent example is Capcom, a Japanese video game creation
business, which had a data breach. Capcom’s plans for the next four years were disclosed online
in November 2020 when thieves stole its systems. Not only did the attack have an influence on
the company’s 2021 releases, but it also raised concerns among its consumers about the security
The evidence presented above indicates that cybercrime may affect every type of
Yahoo was negotiating a transaction with Verizon at the time of the announcements.
The transaction price was reduced by an estimated $350 million once the news surfaced. It’s
frightening to believe that this was one of the greatest data breaches in history, and Yahoo
The Blackshades RAT was a popular extortion tool about the same period, if not earlier.
A Distant Access Tool, or RAT, allows a remote computer to operate yours without requiring
a physical connection. The vast majority of RATs are used legally, such as when a computer
exploited it for extortion. Cassidy Wolf, Miss Teen USA in 2014, was one of the more well-
known instances. Jared Abrahams, a student who had previously cyber-attacked 100-150 other
world’s second-largest internet population. Cybercrime in India cost Rs.1.25 lakh crore in
2019, putting India in second place among nations hit by cyber-attacks between 2016 and 2018.
Ransomware assaults are becoming more common, and many cybercriminals operate from
their homes. In other words, cybercrime in India may be described as unlawful access to a
computer system without the consent of the legitimate owner or location of criminal activity
Phishing, spoofing, DoS (Denial of Service) attacks, credit card fraud, online
transaction fraud, cyber defamation, child pornography, and other forms of cybercrime are
examples.
There are several vulnerabilities in devices such as mobile phones that individuals use
to access services. An examination of the attack vector in a mobile phone found that other than
the programs, there are 15 distinct points through which a hacker might gain access to it.
Bluetooth, communication modules, microchips, operating systems, CPUs, and Wi-Fi are all
examples.
Hackers have devised a number of methods for acquiring user passwords by leveraging
assaults is growing, with 7 lakh documented intrusions through August of this year—a stunning
So, let’s take a closer look at India’s current cybersecurity regulations and what
generate money. They target cash-rich organisations, like banks and other financial institutions,
where large sums of money are handled on a daily basis. They hack sensitive information by
taking advantage of flaws in IT security mechanisms. The following are the reasons why IT
breach a computer system. Hackers can obtain access codes, sophisticated voice
recorders, retina scans, and other data that can be used to circumvent security
measures.
Complex codes– Operating systems are used to run computers, and these
operating systems are made up of millions of lines of code. Because the human
mind is flawed, errors can occur at any time and in such cases, cybercriminals
Ability to store data in a relatively small space– A computer has the unique
ability to store data in a very tiny space. This makes it easier for someone to
take data from other storage devices and utilise it for personal gain.
result, there is a chance that when securing the computer system, we may make
a mistake that allows cyber-criminal access and control over the computer
system.
Evidence loss– Data relating to the crime can be readily deleted. As a result,
evidence loss has become a very widespread and evident problem that paralyses
The following are notable cybercrime incidents that have resulted in massive losses for
In 2018, a cyber-attack on the Cosmos bank in Pune startled the whole banking
industry. Hackers stole Rs 94.42 crore by breaking into the bank’s ATM server
In 2018 again a massive data breach involving 1.1 billion Aadhar card users
WhatsApp for Rs 500 per individual. In addition, for a meagre Rs 300, one could
Canara bank’s ATM servers were attacked in a cyber assault in mid-2018. The
crooks have over Rs 20 lakhs stashed away in several bank accounts. Skimming
devices were used by hackers to acquire information from 300 debit cards. The
40,000.
data, and then sends it to a third-party provider without the user’s permission.
NSO Group, an Israeli cyber weaponry company, designed it. It mostly needed
instantly installed on their phone. According to the Indian news portal The Wire,
The initial step in reporting cybercrime in India is to register a complaint with a cybercrime
cell in a police station in the city where the crime occurred, or where the affected device is
located.
The second step is to know where to report cybercrime in India, which may be done both online
and offline by filing a complaint against the perpetrator of the cybercrime. In India, one can
file a complaint with either a cyber cell or a police station. One can go to your state’s police
station or write an email to the police, who will pass your report to the Cyber Cell, or one can
The first step in learning how to report cybercrime in India is to file a complaint in
accordance with India’s cybercrime regulations. There is no online letter style for filing a
required:
2. If a website is vandalised, make a soft and hard duplicate of the defaced web page.
3. A soft copy of the original data and a soft copy of the compromised data are required if
4. Details on the access control system, such as who had access and what sort of access.
To register a cybercrime report in the instance of email abuse, the following actions must be
taken:
1. The problematic email’s extended headers must be removed, and both the soft and hard
3. The objectionable email must be copied and stored on the computer’s hard disk.
In the past decades the advancement in technology and the number of internet users
have grown at a great pace and upto a great extent. With the increase in use of internet it is
obvious that there will be cons for excessive use as well. In lieu of the excessive use certain
crimes online are also committed and thus, for the protection of the victim it is necessary to
have provisions for registering the complaint and intimating the officials about the commission
Step 1
o One can submit a complaint about cybercrime both offline and online. Cyber
Cell India is the department that deals with online and offline cyber complaints
and thus, the first step is to report the complaint to this department. One can also
give a call on the cybercrime helpline number. You can visit here to file an
Step 2
o A written complaint has to be filed with the cybercrime cell by the victim in the
city he or she is in. But since cybercrime comes under the purview of the global
jurisdiction thus, it is implied from this that one can file a cyber complaint in
the cybercrime cell of any city irrespective of the fact that the person originates
Step 3
Step 4
o In case of no access to the cyber cell India, one can report the matter to the local
police station by filing a First Information Report. If the complaint due to any
reason does not get accepted in the police station then in that case one can
Step 5
o One can also file a First Information Report under the provision of the Indian
Penal Code if the offence falls under this Code. it is an obligation of every
police officer to lodge the complaint as it has been made mandatory under
Since most of the cyber crimes under the Indian Penal Code are classified under the
category of cognizable offences, thus, there is no requirement of any warrant for arresting the
accused because cognizable offences are those offences in which for the purpose of carrying
out the investigation or for making an arrest there is no requirement of any warrant.
online cyber crime registration portal. The purpose is to remove the requirement of moving to
An online portal for registration of Cyber crime online has been launched by the Cyber
security-cis-division)
To combat the threat posed by cybercriminals, the government created the Information
Technology Act of 2000, the primary goal of which is to provide an enabling environment for
successful internet use as well as to report cyber crime in India. The Information Technology
Act (IT Act), which was enacted in 2000, governs Indian cyber legislation. The main goal of
this Act is to provide eCommerce with trustworthy legal protection by making it easier to
register real-time information with the government. However, as cyber attackers became more
The IT Act, which was passed by India’s Parliament, emphasises the harsh fines and
penalties that protect the e-governance, e-banking, and e-commerce sectors. The scope
of ITA has now been expanded to include all of the most recent communication devices.
areas of e-governance, e-commerce, and e-banking. In India, the cyber law also
The IT Act is the most important, as it directs all Indian legislation to strictly regulate
cyber crime:
Section 43 – This section applies to those who destroy computer systems without the
owner’s authorization. In such instances, the owner is entitled to full recompense for
the acts listed in section 43 dishonestly or fraudulently. In such cases, the penalty might
Section 66B – Incorporates the penalties for obtaining stolen communication devices
Depending on the severity, this sentence might also be followed by a fine of Rs. 1 lakh.
Section 66C – This section looks at identity thefts including impostor digital signatures,
password hacking, and other unique identifying elements. If found guilty, a three-year
Section 66 D – This section was added on the spot to focus on penalising cheaters who
The Indian Penal Code was also updated to encompass crimes such as fraud, forgery,
theft, and other similar offences committed through the internet or through electronic
media.
Sections 43 and 66 of the IT Act penalise a person who commits data theft, transmits a
virus into a system, hacks, destroys data, or denies an authorised person access to the
network with up to three years in jail or a fine of Rs. five lacs, or both. Simultaneously,
data theft is penalised under Sections 378 and 424 of the IPC, with maximum sentences
of three years in jail or a fine, or both, and two years in prison or a fine, or both. Denying
under Section 426 of the IPC by imprisonment for up to three months, a fine, or both.
Section 65 of the IT Act makes it illegal to tamper with computer source materials.
Section 66E specifies the penalty for invasion of privacy. It states that anyone who
captures, publishes, or distributes an image of a person’s private area without his or her
Section 66F addresses a critical issue, cyber terrorism, and sets penalties for it. It defines
virus/malware with the intent of causing death or injury to any person, all with the intent
The offence of deceitfully obtaining stolen computer resources or devices is dealt with
under Section 66B of the IT Act and Section 411 of the IPC.
Section 66C of the IT Act specifies penalties for identity theft, stating that anybody who
uses another person’s identification credentials for fraud or in a dishonest manner faces
imprisonment for up to three years and a fine of up to Rs. three lacs. Cheating by
Section 66D of the IT Act. Sections 419, 463, 465, and 468 of the IPC include similar
prohibitions for these offences. The IT Act penalises not only individuals but also
corporations, if they fail to build and implement a reasonable and attentive procedure
to secure any person’s sensitive data in their control. Such a corporation is obligated to
compensate the individual who has sustained a loss as a result of the corporation’s
carelessness.
In addition to the measures for punishment, the IT Act authorises the Central
computer resource for the public if it deems it essential in the interests of the state. It
In order to protect ourselves from the perils of cybercrime, the following preventative
safeguard users against cybercrime. Modern programs monitor the machine’s data for
harmful content and give real-time security against dangers like phishing.
Making use of a Virtual Private Network. A VPN connection will protect your online
privacy. It’s an important tool for privacy, which protects people from identity theft.
Unsolicited emails, text messages, and phone calls should be avoided, especially if they
utilise the crisis to coerce people into circumventing standard security safeguards.
Change the Wi-Fi network’s default password to something more secure. Limit the
number of devices that may connect to the Wi-Fi network and only allow trustworthy
devices to connect.
Use lengthy and complicated passwords that incorporate numbers, letters, and special
characters.
Make sure to update all the systems and programs, as well as to install and maintain an
Data backup should be a routine procedure since data may be quickly destroyed,
infected, or manipulated.
authorities, the digital tech industry, information security groups, internet firms, and financial
institutions are required. Cyber thieves, unlike their counterparts in the physical world, do not
compete for dominance or control. Instead, they collaborate to enhance their talents and even
assist one another with new chances. As a result, traditional crime-fighting strategies cannot be
employed to combat cyber crime in India. Mentioned below are some steps to prevent cyber
crime:
1. Use complex passwords: Use various login details combinations for separate accounts
2. Keeping online profiles secret: Make sure to keep your social networking profiles
(Facebook, Twitter, YouTube, and so on) private. Make sure to double-check your
security settings. Take caution with the information you put on the internet. Once it’s
3. Safeguard mobile devices: Many individuals are unaware that their mobile devices are
download software from reputable sites. It is also critical that your operating system is
kept up to date. Install anti-virus software and utilize a secure lock screen in addition.
Otherwise, if you misplace your phone or lay it down for a few seconds, anyone may
see all of your personal information on it. Someone may even install malicious software
4. Safeguarding data: Encrypt sensitive files such as financial documents and tax returns,
5. Secure online identity: When it comes to protecting one’s identity online, an individual
should be vigilant. When providing personal information such as your name, address,
phone number, and/or financial information on the Internet, you must exercise extreme
caution. While making an online purchase, etc., be sure to check whether the websites
are safe. This includes turning on your privacy settings while using or visiting social
networking sites.
6. Safeguarding computers with security software: For basic internet security, several
types of security softwares are required. Firewall and antivirus software are key pieces
of security software. A firewall is typically the first line of defence for your computer.
It governs who can communicate, and access the computer via the internet. Assume a
firewall to be a type of ‘policeman’ who monitors all data attempting to flow to and
from the computer via the Internet, permitting transactions that it knows are secure
As people’s reliance on technology grows, cyber laws in India and throughout the world
must be constantly updated and refined. The epidemic has also driven a large portion of the
workforce into a remote working mode, heightening the need for app security. Legislators must
go above and beyond to keep ahead of the impostors and stop them in their tracks. cyber crime
can be managed, but it takes the combined efforts of governments, Internet or network
providers, intermediaries such as banks and shopping sites, and most crucially, consumers.
2. Cyber Offenses:
Cyber offences are the illegitimate actions, which are carried out in a classy manner
Data diddling
Virus/worms attack
Hacking
Denial of attacks
Logic bombs
Trojan attacks
Web jacking
Email bombing
2.1 The offences included in the I.T. Act 2000 are as follows −
Protected system.
Offences Under The It Act 2000 Section 65. Tampering with computer source
documents
knowingly causes another to conceal, destroy or alter any computer source code used for a
computer, computer program, computer system or computer network, when the computer
source code is required to be kept or maintained by law for the being time in force, shall be
punishable with imprisonment up to three year, or with fine which may extend up to two lakh
Explanation − For the purpose of this section “computer source code” means the listing of
programs, computer commands, design and layout and program analysis of computer resource
in any form.
Object − The object of the section is to protect the “intellectual property” invested in the
computer. It is an attempt to protect the computer source documents (codes) beyond what is
This section extends towards the Copyright Act and helps the companies to protect their
offence.
Table 2.1the offence and penalties against all the mentioned sections of the I.T. Act
Bailability and
Section Offence Punishment
Congizability
Offence is
Tampering with
Imprisonment up to 3 Bailable, Cognizable
65 Computer Source
years or fine up to Rs 2 lakhs and triable by Court of
Code
JMFC.
Offence is
Computer Related Imprisonment up to 3
66 Bailable, Cognizable
Offences years or fine up to Rs 5 lakhs
and
Dishonestly Offence is
Imprisonment up to 3
receiving stolen Bailable, Cognizable
66-B years and/or fine up to Rs. 1
computer resource or and triable by Court of
lakh
communication device JMFC
Offence is
Imprisonment of either
Bailable, Cognizable
66-C Identity Theft description up to 3 years
and triable by Court of
and/or fine up to Rs. 1 lakh
JMFC
Offence is
Cheating by Imprisonment of either
Bailable, Cognizable
66-D Personation by using description up to 3 years and
and triable by Court of
computer resource /or fine up to Rs. 1 lakh
JMFC
Offence is
Imprisonment up to 3
Violation of Bailable, Cognizable
66-E years and /or fine up to Rs. 2
Privacy and triable by Court of
lakh
JMFC
Offence is Non-
Sessions
On first Conviction,
On first Conviction
knowingly
contravening the
directions about
Preservation and
retention of
information
Failure to assist
decryption of any
information through
Failure of the
intermediary to
Imprisonment up to 7 Offence is Non-
69-A comply with the
years and fine Bailable, Cognizable.
direction issued for
access of any
information through
Intermediary who
intentionally or
knowingly
contravenes the
provisions of sub-
Imprisonment up to 3 Offence is
69-B section (2) in regard
years and fine Bailable, Cognizable.
monitor and collect
traffic data or
information through
for cybersecurity
secures access or
contravention of
provision of Sec. 70
Indian Computer
Emergency Response
Team to serve as
incident response.
to prove the
ICERT.
Disclosure of Imprisonment up to 3
Offence is
72-A information in breach years and/or fine up to Rs. 5
Cognizable, Bailable
of lawful contract lakh.
Publishing
Imprisonment up to 2 Offence is
electronic Signature
73 years and/or fine up to Rs. 1 Bailable, Non-
Certificate false in
lakh Cognizable.
certain particulars
Imprisonment up to 2 Offence is
Publication for
74 years and/or fine up to Rs. 1 Bailable, Non-
fraudulent purpose
lakh Cognizable.
As per Section 77-A of the I. T. Act, any Court of competent jurisdiction may compound
offences, other than offences for which the punishment for life or imprisonment for a term
The accused is, by reason of his previous conviction, is liable to either enhanced
Offence has been committed against a child below the age of 18 years; OR
The person alleged of an offence under this Act may file an application for compounding
in the Court. The offence will then be pending for trial and the provisions of Sections 265-B
Criminals use many methods and tools to locate the vulnerabilities of their target. The target
can be an individual and/or an organization. Criminals plan passive and active attacks. Active
attacks are usually used to alter the system, whereas passive attacks attempt to gain information
about the target. Active attacks may affect the availability, integrity and authenticity of data
In addition to the active and passive categories, attacks can be categorized as either inside
organization is an inside attack. it is usually attempted by an "insider" who gains access to more
resources. than expected. An outside attack is attempted by a source outside the security
perimeter, maybe attempted by an insider and/or an outsider, who is indirectly associated with
attacks.
Scanning and scrutinizing the gathered information for the validity of the
2.3.1 Reconnaissance
the goal of finding something or somebody (especially to gain information about an enemy or
potential enemy).
In the world of "hacking," reconnaissance phase begins with "Footprinting" - this is the
preparation toward preattack phase, and involves accumulating data about the target's
environment and computer architecture to find ways to intrude into that environment.
Footprinting gives an overview about system vulnerabilities and provides a judgment about
understand the system, its networking ports and services, and any other aspects of its security
Thus, an attacker attempts to gather information in two phases: passive and active attacks.
A passive attack involves gathering information about a target without his/her (individual's
employees enter the building's premises. However, it is usually done using Internet searches or
by Googling (i,e., searching the required information with the help of search engine Google)
Surfing online community groups like Orkut/Facebook will prove useful to gain the
employees, for example, contact details, E-Mail address, etc. These can be used in a social
Blogs, newsgroups, press releases, etc. are generally used as the mediums to gain
Going through the job postings in particular job profiles for technical persons can provide
information about type of technology, that is, servers or infrastructure devices a company
An active attack involves probing the network to discover individual hosts to confirm the
information (IP addresses, operating system type and version, and services on the network)
gathered in the passive attack, phase. It involves the risk of detection and is also called "Rattling
place,, but the process can also increase the chance of being caught or raise suspicion.
Scanning is a key step to examine intelligently while gathering information about the target.
The scrutinizing phase is always called "enumeration" in the hacking world. The objective
After the scanning and enumeration, the attack is launched using the following steps:
Exploit he password
Cover the tracks - delete the access logs, so that there is no trail illicit activity.
3. Cyber stalking:
Cyberstalking is a technologically-based "attack" on one person who has been targeted
specifically for that attack for reasons of anger, revenge or control. Cyberstalking can take
emptying bank accounts or other economic control such as ruining the victim's credit
score
that actions that can be perceived to be harmless as a one-off can be considered to be trolling,
Cyber- Cyber-
1 Playtime In the moment and quickly regret
bantering trolling
False accusations: Many cyberstalkers try to damage the reputation of their victim and
turn other people against them. They post false information about them on websites.
They may set up their own websites, blogs or user pages for this purpose. They post
allegations about the victim to newsgroups, chat rooms, or other sites that allow public
Attempts to gather information about the victim: Cyberstalkers may approach their
victim's friends, family and work colleagues to obtain personal information. They may
Monitoring their target's online activities and attempting to trace their IP address in an
Encouraging others to harass the victim: Many cyberstalkers try to involve third parties
in the harassment. They may claim the victim has harmed the stalker or his/her family
in some way, or may post the victim's name and telephone number in order to encourage
False victimization: The cyberstalker will claim that the victim is harassing him or her.
Bocij writes that this phenomenon has been noted in a number of well-known cases.
Attacks on data and equipment: They may try to damage the victim's computer by
sending viruses.
Ordering goods and services: They order items or subscribe to magazines in the victim's
name. These often involve subscriptions to pornography or ordering sex toys then
Arranging to meet: Young people face a particularly high risk of having cyberstalkers
The posting of defamatory or derogatory statements: Using web pages and message
cyberattacks. The term “botnet” is formed from the word’s “robot” and “network.” Assembly
of a botnet is usually the infiltration stage of a multi-layer scheme. The bots serve as a tool to
automate mass attacks, such as data theft, server crashing, and malware distribution. Botnets
use your devices to scam other people or cause disruptions — all without your consent.
Infect — user devices are infected with malware that can take control of their device.
Botnet creators always have something to gain, whether for money or personal satisfaction.
web traffic to crash it. Zombie computers are tasked with swarming websites and other
online services, resulting in them being taken down for some time.
Phishing schemes imitate trusted people and organizations for tricking them out of their
Brute force attacks run programs designed to breach web accounts by force. Dictionary
attacks and credential stuffing are used to exploit weak user passwords and access their
data.
5. Attack Vector:
computer in an attempt to exploit system vulnerabilities. Hackers use numerous attack vectors
to launch attacks that take advantage of system weaknesses, cause a data breach, or steal login
credentials. Such methods include sharing malware and viruses, malicious email attachments
and web links, pop-up windows, and instant messages that involve the attacker duping an
An attack vector, or threat vector, is a way for attackers to enter a network or system.
Common attack vectors include social engineering attacks, credential theft, vulnerability
exploits, and insufficient protection against insider threats. A major part of information security
Compromised Credentials
Open ports
Malware
Phishing
Insider Threats
6. References:-
1. Sunit Belapure and Nina Godbole, “Cyber Security: Understanding Cyber Crimes,
Computer Forensics And Legal Perspectives”, Wiley India Pvt Ltd, ISBN: 978-81-
2. Basta, Basta, Brown, Kumar, Cyber Security and Cyber Laws, 1st edition , Cengage
Learning publication
9789351194736, 2015.
4. Cyber Security and Date Privacy by Krishan Kumar Goyal , Amit Garg , Saurabh
6. Investigating Intrusions”, Copyright © 2014 by John Wiley & Sons, Inc, ISBN: 978 -
7. James Graham, Ryan Olson, Rick Howard, “Cyber Security Essentials”, CRC Press,
15-Dec 2010.
8. Anti- Hacker Tool Kit (Indian Edition) by Mike Shema, McGraw-Hill Publication.
9. https://blog.ipleaders.in/cyber-crime-types-consequences-laws-protection-and-
prevention/
10. https://www.newcomme.com/what-is-cyber-security-and-cyber-crimes/
11. https://www.cloudwards.net/cybercrime/
12. https://www.avast.com/c-cybercrime
13. https://www.appknox.com/blog/cybersecurity-laws-in-india
14. https://okcredit.in/blog/growth-of-cyber-crime-in-india/
15. https://www.myadvo.in/blog/cyber-crime-in-india/
16. https://www.business-standard.com/article/current-affairs/in-pics-here-s-all-you-need-
to-know-about-reporting-a-cybercrime-in-india-120071300525_1.html
17. https://www.michalsons.com/focus-areas/cybercrime-law
18. https://www.tutorialsmate.com/2020/09/what-is-cybercrime.html
19. https://www.hdi.global/infocenter/insights/2019/cyber-law-china/
20. https://probono-india.in/blog-detail.php?id=218
21. https://www.techtarget.com/searchsecurity/definition/cybercrime
22. https://usa.kaspersky.com/resource-center/threats/botnet-attacks
23. https://www.cloudflare.com/en-gb/learning/security/glossary/attack-vector/