Our Beloved Cyber World / Cyber Crime and Acts

In Simple way we can say that cyber crime is unlawful acts wherein the computer is either a tool or a target or both . Cyber crimes can involve criminal activities that are traditional in nature, such as theft, fraud, forgery, defamation and mischief, all of which are subject to the Indian Penal Code. The abuse of computers has also given birth to a gamut of new age crimes that are addressed by the Information Technology Act, 2000.

We can categorize Cyber crimes in two ways:

1.The Computer as a Target :-using a computer to attack other computers , e.g. Hacking, Virus/Worm attacks, DOS attack etc. 2.The computer as a weapon :-using a computer to commit real world crimes , e.g. Cyber Terrorism, IPR violations, Credit card frauds, EFT frauds, Pornography etc.
Cyber Crime regulated by Cyber Laws or Internet Laws.

Technical Aspects:
Technological advancements have created new possibilities for criminal activity, in particular the criminal misuse of information technologies such as a. Unauthorized access & Hacking:Access means gaining entry into, instructing or communicating with the logical, arithmetical, or memory function resources of a computer, computer system or computer network. Unauthorized access would therefore mean any kind of access without the permission of either the rightful owner or the person in charge of a computer, computer system or computer network. Every act committed towards breaking into a computer and/or network is hacking. Hackers write or use ready-made computer programs to attack the target computer. They possess the desire to destruct and they get the kick out of such destruction. Some hackers hack for personal monetary gains, such as to stealing the credit card information,

Transferring money from various bank accounts to their own account followed by withdrawal of money. By hacking web server taking control on another persons website called as web hijacking b. Trojan Attack:The program that act like something useful but do the things that are quiet damping. The programs of this kind are called as Trojans. The name Trojan Horse is popular. Trojans come in two parts, a Client part and a Server part. When the victim (unknowingly) runs the server on its machine, the attacker will then use the Client to connect to the Server and start using the trojan. TCP/IP protocol is the usual protocol type used for communications, but some functions of the trojans use the UDP protocol as well. c. Virus and Worm attack:A program that has capability to infect other programs and make copies of itself and spread into other programs is called virus. Programs that multiply like viruses but spread from computer to computer are called as worms. d. E-mail & IRC related crimes:1. Email spoofing Email spoofing refers to email that appears to have been originated from one source when it was actually sent from another source. Please Read 2. Email Spamming Email "spamming" refers to sending email to thousands and thousands of users - similar to a chain letter. 3 Sending malicious codes through email E-mails are used to send viruses, Trojans etc through emails as an attachment or by sending a link of website which on visiting downloads malicious code.

4. Email bombing E-mail "bombing" is characterized by abusers repeatedly sending an identical email message to a particular address. 5. Sending threatening emails 6. Defamatory emails 7. Email frauds 8. IRC related : Three main ways to attack IRC are: "verbal8218;?#8220; attacks, clone attacks, and flood attacks and 9. Denial of Service attacks:- (DOS) Flooding a computer resource with more requests than it can handle. This causes the resource to crash thereby denying access of service to authorized users. Our support will keep you aware of types of Cyber crimes while companies such as www.Lifelock.com can give you the right protection against them. Examples include attempts to "flood" a network, thereby preventing legitimate network traffic attempts to disrupt connections between two machines, thereby preventing access to a service attempts to prevent a particular individual from accessing a service attempts to disrupt service to a specific system or person. Distributed DOS A distributed denial of service (DOS) attack is accomplished by using the Internet to break into computers and using them to attack a network. Hundreds or thousands of computer systems across the Internet can be turned into zombies and used to attack another system or website. Types of DOS There are three basic types of attack:

a. Consumption of scarce, limited, or non-renewable resources like NW bandwith, RAM, CPU time. Even power, cool air, or water can affect. b. Destruction or Alteration of Configuration Information c. Physical Destruction or Alteration of Network Components

e. Pornography:The literal mining of the term 'Pornography' is describing or showing sexual acts in order to cause sexual excitement through books, films, etc. This would include pornographic websites; pornographic material produced using computers and use of internet to download and transmit pornographic videos, pictures, photos, writings etc. Adult entertainment is largest industry on internet. There are more than 420 million individual pornographic webpages today. Research shows that 50% of the web-sites containing potentially illegal contents relating to child abuse were Pay-Per-View. This indicates that abusive images of children over Internet have been highly commercialized. Pornography delivered over mobile phones is now a burgeoning business, driven by the increase in sophisticated services that deliver video clips and streaming video, in addition to text and images. Effects of Pornography Research has shown that pornography and its messages are involved in shaping attitudes and encouraging behavior that can harm individual users and their families. Pornography is often viewed in secret, which creates deception within marriages that can lead to divorce in some cases. In addition, pornography promotes the allure of adultery, prostitution and unreal expectations that can result in dangerous promiscuous behavior. Some of the common, but false messages sent by sexualized culture.

Sex with anyone, under any circumstances, any way it is desired, is beneficial and does not have negative consequences. Women have one value - to meet the sexual demands of men. Marriage and children are obstacles to sexual fulfillment. Everyone is involved in promiscuous sexual activity, infidelity and premarital sex. Pornography Addiction: Dr. Victor Cline, an expert on Sexual Addiction, found that there is a four-step progression among many who consume pornography. 1.Addiction: Pornography provides a powerful sexual stimulant or aphrodisiac effect, followed by sexual release, most often through masturbation. 2.Escalation: Over time addicts require more explicit and deviant material to meet their sexual "needs." 3.Desensitization: What was first perceived as gross, shocking and disturbing, in time becomes common and acceptable. 4.Acting out sexually: There is an increasing tendency to act out behaviors viewed in pornography. f. Forgery:Counterfeit currency notes, postage and revenue stamps, mark sheets etc can be forged using sophisticated computers, printers and scanners. Also impersonate another person is considered forgery. g. IPR Violations:These include software piracy, copyright infringement, trademarks violations, theft of computer source code, patent violations. etc. Cyber Squatting- Domain names are also trademarks and protected by ICANNs domain dispute resolution policy and also under trademark laws.

Cyber Squatters registers domain name identical to popular service providers domain so as to attract their users and get benefit from it. h. Cyber Terrorism:Targeted attacks on military installations, power plants, air traffic control, banks, trail traffic control, telecommunication networks are the most likely targets. Others like police, medical, fire and rescue systems etc. Cyberterrorism is an attractive option for modern terrorists for several reasons. 1.It is cheaper than traditional terrorist methods. 2.Cyberterrorism is more anonymous than traditional terrorist methods. 3.The variety and number of targets are enormous. 4.Cyberterrorism can be conducted remotely, a feature that isespecially appealing to terrorists. 5.Cyberterrorism has the potential to affect directly a larger number of people. i. Banking/Credit card Related crimes:In the corporate world, Internet hackers are continually looking for opportunities to compromise a companys security in order to gain access to confidential banking and financial information. Use of stolen card information or fake credit/debit cards are common. Bank employee can grab money using programs to deduce small amount of money from all customer accounts and adding it to own account also called as salami. j. E-commerce/ Investment Frauds:Sales and Investment frauds. An offering that uses false or fraudulent claims to solicit investments or loans, or that provides for the purchase, use, or trade of forged or counterfeit securities. Merchandise or services that were purchased or contracted by individuals online are never delivered.

The fraud attributable to the misrepresentation of a product advertised for sale through an Internet auction site or the non-delivery of products purchased through an Internet auction site. Investors are enticed to invest in this fraudulent scheme by the promises of abnormally high profits. k. Sale of illegal articles:This would include trade of narcotics, weapons and wildlife etc., by posting information on websites, auction websites, and bulletin boards or simply by using email communication. Research shows that number of people employed in this criminal area. Daily peoples receiving so many emails with offer of banned or illegal products for sale. l. Online gambling:There are millions of websites hosted on servers abroad, that offer online gambling. In fact, it is believed that many of these websites are actually fronts for money laundering. m. Defamation: Defamation can be understood as the intentional infringement of another person's right to his good name. Cyber Defamation occurs when defamation takes place with the help of computers and / or the Internet. E.g. someone publishes defamatory matter about someone on a website or sends e-mails containing defamatory information to all of that person's friends. Information posted to a bulletin board can be accessed by anyone. This means that anyone can place Cyber defamation is also called as Cyber smearing. Cyber Stacking:Cyber stalking involves following a persons movements across the Internet by posting messages (sometimes threatening) on the bulletin boards frequented by the victim, entering the chat-rooms frequented by the victim, constantly bombarding the victim with emails etc.

In general, the harasser intends to cause emotional distress and has no legitimate purpose to his communications. n. Pedophiles:Also there are persons who intentionally prey upon children. Specially with a teen they will let the teen know that fully understand the feelings towards adult and in particular teen parents. They earns teens trust and gradually seduce them into sexual or indecent acts. Pedophiles lure the children by distributing pornographic material, then they try to meet them for sex or to take their nude photographs including their engagement in sexual positions. o. Identity Theft :Identity theft is the fastest growing crime in countries like America. Identity theft occurs when someone appropriates another's personal information without their knowledge to commit theft or fraud. Identity theft is a vehicle for perpetrating other types of fraud schemes. p. Data diddling:Data diddling involves changing data prior or during input into a computer. In other words, information is changed from the way it should be entered by a person typing in the data, a virus that changes data, the programmer of the database or application, or anyone else involved in the process of having information stored in a computer file. It also include automatic changing the financial information for some time before processing and then restoring original information. q. Theft of Internet Hours:Unauthorized use of Internet hours paid for by another person. By gaining access to an organisation's telephone switchboard (PBX) individuals or criminal organizations can obtain access to dial-in/dial-out circuits and then make their own calls or sell call time to third parties.

Additional forms of service theft include capturing 'calling card' details and on-selling calls charged to the calling card account, and counterfeiting or illicit reprogramming of stored value telephone cards. r. Theft of computer system (Hardware):This type of offence involves the theft of a computer, some part(s) of a computer or a peripheral attached to the computer. s. Physically damaging a computer system:Physically damaging a computer or its peripheralseither by shock, fire or excess electric supply etc. t. Breach of Privacy and Confidentiality Privacy Privacy refers to the right of an individual/s to determine when, how and to what extent his or her personal data will be shared with others. Breach of privacy means unauthorized use or distribution or disclosure of personal information like medical records, sexual preferences, financial status etc. Confidentiality It means non disclosure of information to unauthorized or unwanted persons. In addition to Personal information some other type of information which useful for business and leakage of such information to other persons may cause damage to business or person, such information should be protected. Generally for protecting secrecy of such information, parties while sharing information forms an agreement about he procedure of handling of information and to not to disclose such information to third parties or use it in such a way that it will be disclosed to third parties. Many times party or their employees leak such valuable information for monitory gains and causes breach of contract of confidentiality. Special techniques such as Social Engineering are commonly used to obtain confidential information.

How Cyber Criminals Works

Cyber crime has become a profession and the demographic of your typical cyber criminal is changing rapidly, from bedroom-bound geek to the type of organized gangster more traditionally associated with drugtrafficking, extortion and money laundering. It has become possible for people with comparatively low technical skills to steal thousands of pounds a day without leaving their homes. In fact, to make more money than can be made selling heroin (and with far less risk), the only time the criminal need leave his PC is to collect his cash. Sometimes they don't even need to do that. In all industries, efficient business models depend upon horizontal separation of production processes, professional services, sales channels etc. (each requiring specialized skills and resources), as well as a good deal of trade at prices set by the market forces of supply and demand. Cyber crime is no different: it boasts a buoyant international market for skills, tools and finished product. It even has its own currency. The rise of cyber crime is inextricably linked to the ubiquity of credit card transactions and online bank accounts. Get hold of this financial data and not only can you steal silently, but also through a process of virusdriven automation with ruthlessly efficient and hypothetically infinite frequency. The question of how to obtain credit card/bank account data can be answered by a selection of methods each involving their own relative combinations of risk, expense and skill. The most straightforward is to buy the finished product. In this case well use the example of an online bank account. The product takes the form of information necessary to gain authorized control over a bank account with a six-figure balance. The cost to obtain this information is $400 (cyber criminals always deal in dollars). It seems like a small figure, but for the work involved and the risk incurred its very easy money for the criminal who can provide it. Also remember that this is an international trade; many cyber-criminals of this ilk are from poor countries in Eastern Europe, South America or South-East Asia.

The probable marketplace for this transaction will be a hidden IRC (Internet Relay Chat) chartroom. The $400 fee will most likely be exchanged in some form of virtual currency such as e-gold. Not all cyber-criminals operate at the coalface, and certainly dont work exclusively of one another; different protagonists in the crime community perform a range of important, specialized functions. These broadly encompass: Coders comparative veterans of the hacking community. With a few years' experience at the art and a list of established contacts, coders produce ready-to-use tools (i.e. Trojans, mailers, custom bots) or services (such as making a binary code undetectable to AV engines) to the cyber crime labour force the kids. Coders can make a few hundred dollars for every criminal activity they engage in. Kids so-called because of their tender age: most are under 18. They buy, trade and resell the elementary building blocks of effective cyberscams such as spam lists, php mailers, proxies, credit card numbers, hacked hosts, scam pages etc. Kids will make less than $100 a month, largely because of the frequency of being ripped off by one another. Drops the individuals who convert the virtual money obtained in cyber crime into real cash. Usually located in countries with lax e-crime laws (Bolivia, Indonesia and Malaysia are currently very popular), they represent safe addresses for goods purchased with stolen financial details to be sent, or else safe legitimate bank accounts for money to be transferred into illegally, and paid out of legitimately. Mobs professionally operating criminal organizations combining or utilizing all of the functions covered by the above. Organized crime makes particularly good use of safe drops, as well as recruiting accomplished coders onto their payrolls. Gaining control of a bank account is increasingly accomplished through phishing. There are other cyber crime techniques, but space does not allow their full explanation. All of the following phishing tools can be acquired very cheaply: a scam letter and scam page in your chosen language, a fresh spam list, a selection of php mailers to spam-out 100,000 mails for six hours, a hacked website for hosting the scam page for a few days, and finally a stolen but valid credit card with which to register a domain name. With all this taken care of, the total costs for sending out 100,000 phishing

emails can be as little as $60. This kind of phishing trip will uncover at least 20 bank accounts of varying cash balances, giving a market value of $200 $2,000 in e-gold if the details were simply sold to another cybercriminal. The worst-case scenario is a 300% return on the investment, but it could be ten times that. Better returns can be accomplished by using drops to cash the money. The risks are high, though: drops may take as much as 50% of the value of the account as commission, and instances of ripping off or grassing up to the police are not uncommon. Cautious phishers often separate themselves from the physical cashing of their spoils via a series of drops that do not know one another. However, even taking into account the 50% commission, and a 50% rip-off rate, if we assume a single stolen balance of $10,000 $100,000, then the phisher is still looking at a return of between 40 and 400 times the meagre outlay of his/her phishing trip. In large operations, offshore accounts are invariably used to accumulate the criminal spoils. This is more complicated and far more expensive, but ultimately safer. The alarming efficiency of cybercrime can be illustrated starkly by comparing it to the illegal narcotics business. One is faster, less detectable, more profitable (generating a return around 400 times higher than the outlay) and primarily non-violent. The other takes months or years to set-up or realise an investment, is cracked down upon by all almost all governments internationally, fraught with expensive overheads, and extremely dangerous. Add phishing to the other cyber-criminal activities driven by hacking and virus technologies such as carding, adware/spyware planting, online extortion, industrial spying and mobile phone diallers and youll find a healthy community of cottage industries and international organizations working together productively and trading for impressive profits. Of course these people are threatening businesses and individuals with devastating loss, financial hardship and troubling uncertainty and must be stopped. On top of viruses, worms, bots and Trojan attacks, organizations in particular are contending with social engineering deception and traffic masquerading as legitimate applications on the network. In a reactive approach to this onslaught, companies have been layering their networks with stand alone firewalls, intrusion prevention devices, antivirus and anti-spyware solutions in a desperate attempt to plug holes in

the armoury. They're beginning to recognize it's a failed strategy. After all, billions of pounds are being spent on security technology, and yet security breaches continue to rise. To fight cyber crime there needs to be a tightening of international digital legislation and of cross-border law enforcement co-ordination. But there also needs to be a more creative and inventive response from the organisations under threat. Piecemeal, reactive security solutions are giving way to strategically deployed multi-threat security systems. Instead of having to install, manage and maintain disparate devices, organizations can consolidate their security capabilities into a commonly managed appliance. These measures combined, in addition to greater user education are the best safeguard against the deviousness and pure innovation of cyber-criminal activities.

SOME IMPORTANT CASES:

Official Website Of Maharastra Govt. Hacked MUMBAI, 20 September 2007 IT experts were trying yesterday to restore the official website of the government of Maharashtra, which was hacked in the early hours of Tuesday. Rakesh Maria, joint commissioner of police, said that the states IT officials lodged a formal complaint with the Cyber Crime Branch police on Tuesday. He added that the hackers would be tracked down. Yesterday the website, http://www.maharashtragovernment.in, remained blocked. Deputy Chief Minister and Home Minister R.R. Patil confirmed that the Maharashtra government website had been hacked. He added that the state government would seek the help of IT and the Cyber Crime Branch to investigate the hacking. We have taken a serious view of this hacking, and if need be the government would even go further and seek the help of private IT experts. Discussions are in progress between the officials of the IT Department and experts, Patil added. The state government website contains detailed information about government departments, circulars, reports, and several other topics. IT experts working on restoring the website told Arab News that they fear that the hackers may have destroyed all of the websites contents.

According to sources, the hackers may be from Washington. IT experts said that the hackers had identified themselves as Hackers Cool AlJazeera and claimed they were based in Saudi Arabia. They added that this might be a red herring to throw investigators off their trail. According to a senior official from the state governments IT department, the official website has been affected by viruses on several occasions in the past, but was never hacked. The official added that the website had no firewall. Three people held guilty in on line credit card scam Customers credit card details were misused through online means for booking air-tickets. These culprits were caught by the city Cyber Crime Investigation Cell in pune. It is found that details misused were belonging to 100 people. Mr. Parvesh Chauhan, ICICI Prudential Life Insurance officer had complained on behalf of one of his customer. In this regard Mr. Sanjeet Mahavir Singh Lukkad, Dharmendra Bhika Kale and Ahmead Sikandar Shaikh were arrested. Lukkad being employeed at a private institution, Kale was his friend. Shaiklh was employed in one of the branches of State Bank of India . According to the information provided by the police, one of the customer received a SMS based alert for purchasing of the ticket even when the credit card was being held by him. Customer was alert and came to know something was fishy; he enquired and came to know about the misuse. He contacted the Bank in this regards. Police observed involvement of many Bank's in this reference. The tickets were book through online means. Police requested for the log details and got the information of the Private Institution. Investigation revealed that the details were obtained from State Bank of India . Shaikh was working in the credit card department; due to this he had access to credit card details of some customers. He gave that information to Kale. Kale in return passed this information to his friend Lukkad. Using the information obtained from Kale Lukkad booked tickets. He used to sell these tickets to customers and get money for the same. He had given few tickets to various other institutions. Cyber Cell head DCP Sunil Pulhari and PI Mohan Mohadikar A.P.I Kate were involved in eight days of investigation and finally caught the culprits.

In this regards various Banks have been contacted; also four air-line industries were contacted. DCP Sunil Pulhari has requested customers who have fallen in to this trap to inform police authorities on 2612-4452 or 2612-3346 if they have any problems.

ACCUSESD IN RS 400 MILLION SMS SCAM ARRESTED IN MUMBAI MUMBAI: The alleged mastermind behind a Rs 400 million SMS fraud that duped at least 50,000 people has been arrested along with an associate more than two months after the scam was unearthed. Jayanand Nadar, 30, and Ramesh Gala, 26, were arrested late on Monday from a hotel in Mira Road in the western suburbs. Nadar, a first year college dropout, along with his brother Jayaraj had allegedly duped at least 50,000 people of Rs.400 million, said officials in the city police's Economic Offences Wing (EOW). The two brothers along with Gala allegedly took help of SMS technology and launched the first-of-its- kind SMS fraud in India. According to EOW sources, in August 2006 the duo launched an aggressive and catchy advertisement campaign in the print media that read: "Nothing is impossible. The word itself is: I M Possible." As part of the attractive scheme, the Nadar brothers messaged random numbers, asking people interested in 'earning Rs.10,000 per month' to contact them. "The modus operandi adopted by the brothers was alluring," an EOW official said Tuesday. "Interested 'subscribers' were asked to deposit Rs.500 each. The conmen duo claimed to be working with a US-based company named Aropis Advertising Company, which wanted to market its client's products through SMS'," senior inspector A Thakur said. "The brothers even put up a website (www.getpaid4sms. com) to promote their scheme. Subscribers who registered with them received about 10 SMS' every day about various products and were promised handsome commissions if they managed to rope in more subscribers by forwarding

the messages," Thakur said. In return, the Nadars promised to pay Rs.10,000 over 16 months to the investors. The amount was to be paid in instalments of Rs.1,000 every few months. The brothers are said to have told the subscribers that their American clients wanted to conduct a study about local response to their advertisement and were using SMS as it was the latest medium of communication. The duo invited people to become agents and get more members for the scheme. Gala reportedly looked after the accounts. Initially, the brothers paid up small amounts. But when cheques and pay orders of larger sums issued by the duo were not honoured, the agents got worried. The SMSes too suddenly stopped. On November 30, one of the duped agents approached the DN Road police station and lodged a complaint after a bank failed to honour a pay order amounting Rs.2.17 million issued by the Nadar brothers. Then suddenly, the Nadars and Gala disappeared, leaving their agents and investors in the lurch. By December, the police were flooded with similar complaints. The DN Road police station registered a case against the brothers and Gala and later transferred it to the EOW. "By December 2006 the scheme had an over 50,000 membership in Mumbai alone. And we suspect that hundreds of thousands from across the country were also hooked to the scheme, thanks to a massive agent network and a door-to-door campaign carried out by the firm's now duped agents," Thakur said. "We suspect that the fraud amount may be over Rs.1 billion. With the extent of the scam spread across the country, we are still trying to get the details." During investigations, the EOW came to know that the Nadars, residents of the upmarket Juhu-Tara Road, owned a fleet of imported sport utility vehicles and sedans. "The brothers led an extravagant life. They would stay in top five star hotels, throw massive parties for investors and were also known faces in the city's Page-3 circuit," Thakur revealed. "We are now looking for Jayaraj, who has eluded arrest. Gala, who is believed to have looked after the accounts, and Jayanand have been

remanded to police custody till March 5." Mumbai City Principal Seeks Police Help To Stop Cyber Crime Principals across the city seem to be taking a cue from principal of Bombay Scottish School, Mahim. After students began posting insults against him on Orkut, instead of punishing them he decided to call in cyber cell cops to talk to students. Now, other school principals have decided to bring in the cyber cell police to speak at their schools. They feel students and parents need to be educated against the legal and moral consequences of cyber crime. Admitting to the existence of some mischievous students who misuse the internet and also stray into restricted sites due to lack of supervision, principals feel the cyber cell can play a huge role in educating students and warning them. Principal Rekha Vijaykar, GHK School, Santacruz, said that with more and more exposure to the internet, students had started misusing the freedom and hence needed to be monitored. "Monitoring and educating students against the pitfalls of visiting restricted sites is the responsibility of parents. However, the school too has to play an active role," she said. Principal Alka Lokre of J M Bajaj School, Nagothane concurred. "Students need to be oriented with soul searching and conscience questioning which will help restrain them from misusing modern amenities," she said. As a solution, Principal Fr Dr Francis Swamy of Holy Family School, Andheri, said that apart from educating students, parents and teachers also needed to be roped in for the success of any initiative against internet abuse. "Without the support of parents, no awareness programme can succeed. Parents need to be sensitised to the problem on hand and should be active in stopping their children from maligning anyone," he said. Principal Paul Machado of Campion School went a step further, highlighting the longterm effect of such uncontrolled freedom to students. "Parents must understand that today their children are misusing the internet to abuse others. Tomorrow, they may become victims of it too. Hence, parents need to be taken into confidence too to stem this rot." Apart from the above, all principals lauded the move by Dr D P N Prasad, Bombay Scottish principal, to invite the cyber cell to

speak on cyber crime and said that they would also be inviting the cell officials to speak on the subject in their schools. UTI BANK HOOKED UP IN A PISHING ATTACK Fraudsters of cyberspace have reared its ugly head, the first of its kind this year, by launching a phishing attack on the website of Ahmedabadbased UTI Bank, a leading private bank promoted by India' s largest financial institution, Unit Trust of India (UTI). A URL on Geocities that is almost a facsimile version of the UTI Bank's home page is reported to be circulating amongst email users. The web page not only asks for the account holder's information such as user and transaction login and passwords, it has also beguilingly put up disclaimer and security hazard statements. " In case you have received any e-mail from an address appearing to be sent by UTIBANK, advising you of any changes made in your personal information, account details or information on your user id and password of your net banking facility, please do not respond. It is UTI Bank's policy not to seek or send such information through email. If you have already disclosed your password please change it immediately, " the warning says. The tricky link is available on http://br.geocities If any unsuspecting account holder enters his login id, password, transaction id and password in order to change his details as 'advised' by the bank, the same info is sent vide mailform.cz (the phisher's database). After investigation, we found that Mailform is a service of PC Svet, which is a part of the Czech company PES Consulting. The Webmaster of the site is a person named Petr Stastny whose e-mail can be found on the web page. Top officials at UTI Bank said that they have reported the case to the Economic Office Wing, Delhi Police. The bank has also engaged the services of Melbourne-based FraudWatch International, a leading antiphishing company that offers phishing monitoring and take-down solutions. "We are now in the process of closing the site. Some of these initiatives take time, but customers have been kept in the loop about these initiatives, " said V K Ramani, President - IT, UTI Bank. As per the findings of UTI Bank's security department, the phishers have

sent more that 1,00,000 emails to account holders of UTI Bank as well as other banks. Though the company has kicked off damage control initiatives, none of the initiatives are cent percent foolproof. " Now there is no way for banks to know if the person logging-in with accurate user information is a fraud," said Ramani. However, reliable sources within the bank and security agencies confirmed that the losses due to this particular attack were zilch. The bank has sent alerts to all its customers informing about such malicious websites, besides beefing up their alert and fraud response system. "Engaging professional companies like FraudWatch help in reducing time to respond to attacks," said Sanjay Haswar, Assistant Vice President, Network and Security, UTI Bank. ONLINE CREDIT CARD FRAUD ON E-BAY Bhubaneswar: Rourkela police busted a racket involving an online fraud worth Rs 12.5 lakh. The modus operandi of the accused was to hack into the eBay India website and make purchases in the names of credit cardholders. Two persons, including alleged mastermind Debasis Pandit, a BCA student, were arrested and forwarded to the court of the subdivisional judicial magistrate, Rourkela. The other arrested person is Rabi Narayan Sahu. Superintendent of police D.S. Kutty said the duo was later remanded in judicial custody but four other persons allegedly involved in the racket were untraceable. A case has been registered against the accused under Sections 420 and 34 of the Indian Penal Code and Section 66 of the IT Act and further investigation is on, he said. While Pandit, son of a retired employee of Rourkela Steel Plant, was arrested from his Sector VII residence last night, Sahu, his associate and a constable, was nabbed at his house in Uditnagar. Pandit allegedly hacked into the eBay India site and gathered the details of around 700 credit cardholders. He then made purchases by using their passwords.

The fraud came to the notice of eBay officials when it was detected that several purchases were made from Rourkela while the customers were based in cities such as Bangalore, Baroda and Jaipur and even London, said V. Naini, deputy manager of eBay.The company brought the matter to the notice of Rourkela police after some customers lodged complaints.Pandit used the address of Sahu for delivery of the purchased goods, said police. The gang was involved in train, flight and hotel reservations. The hand of one Satya Samal, recently arrested in Bangalore, is suspected in the crime. Samal had booked a room in a Bangalore hotel for three months. The hotel and transport bills rose to Rs 5 lakh, which he did not pay. Samal was arrested for non-payment of bills, following which Pandit rushed to Bangalore and stood guarantor for his release on bail, police sources said. INDIAN WEBSITES ARE NEW TARGET OF HACKERS Some computer experts managed to break into the high security computer network of Bhabha Atomic Research Center but were luckily detected. ''GForce,'' a group of anonymous hackers whose members write slogans critical of India and its claim over Kashmir, have owned up to several instances of hacking of Indian sites run by the Indian government, private companies or scientific organizations. The NAASCOM chief said Indian companies on an average spent only 0.8 percent of their technology budgets on security, against a global average of 5.5 percent. A number of cases of hacking of Indian internet sites have been traced to Pakistan but it would be difficult to nail them, CBI Director, R K Ragavan said. As the hackers who broke into computer systems in India were not conniving with the Pakistani law enforcers, ''One wonders what kind of cooperation we will get'' Mr. Ragavan said at a seminar on Internet security. Hackers using knowledge of software to break in and

steal information from computer systems broke into at least 635 Indian internet sites last year. Mr. Raghavan said the rise of literacy in India could bring down conventional crimes but the vulnerability of computers and the Internet could make crimes over the medium more rampant. ''We at the CBI are convinced that cyber crime is the crime of the future,'' he said. ''It is now much more easily committed and less easily identified.''President of India's National Association of Software and Service Companies(NASSCOM), Dewang Mehta said the lack of uniform laws against cyber crimes involving abuse of computer systems made prosecution of cross-border hackers difficult. ''Hacking is not a universal offence, and there is a problem,'' Mr. Mehta said. Last year, India passed a landmark digital law that makes hacking, spreading of viruses and illegal financial transactions over the Internet punishable. It became the 12th member in a small club of nations with digital laws. It was reported that Pakistan was making use of the computer system to promote terrorism in India.These are just some of the instances which were cited by Bhure Lal, secretary in the Central Vigilance Commission, to make a strong case for implementation of cyber laws. He was addressing the national seminar on Computer-related Crimes organized by the Central Bureau of Investigation (CBI) in the Capital today. Underlining the need for a comprehensive cyber law, he added that computer abuse can also be resorted to for cyber-terrorism. In order to evolve effective safeguards against the menace of computer crimes, other experts various investigative agencies, including the Federal Bureau of Investigation (FBI) and Interpol, today sought specific and comprehensive cyber laws to cover all acts of computer criminals and proactive mechanisms for tackling such offences. ``It is not only difficult to detect computer crimes but also to book criminals since the laws have not kept pace with technology,'' Reserve Bank of India Deputy Governor S.P. Talwar said. Stressing the need for effective security features while undertaking computerization, he said ``It is often difficult to attribute guilt using the existing statutes since the act of trespassing into a system and tampering with virtual data may not necessarily be specifically provided for in law.'' In his address, CBI Director R.K. Raghavan said the government is

aware of the need for legislation in this new area of information technology and accordingly, the Department of Electronics (DoE) in consultation with other expert agencies has already drafted laws relating to this area. Realizing the threat from computer crimes, the CBI has taken a ``proactive'' lead in preparing itself to face the challenge by setting up a special Cyber Crime Unit, he said. The RBI was also associated with the efforts of the ministries of Finance, Commerce and Law in the enactment of laws such as the Information Technology Act and the Cyber Law, Talwar said. At the same time, he added that unless development of security features were also atteneded to at the same level of efficiency and equal speed, banks would be left with ``beautiful software systems for public glare and access, but totally unguarded and gullible against waiting information poachers''. Offensive SMS can lead to 2 years in jail With mobile phones and prepaid cell phones virtually taking over the role of a personal computer, the proposed amendments to the Information Technology Act, 2006, have made it clear that transmission of any text, audio or video that is offensive or has a menacing character can land a cell phone user in jail for two years. The punishment will also be attracted if the content is false and has been transmitted for the purpose of causing annoyance, inconvenience, danger or insult. And if the cell phone is used to cheat someone through personation, the miscreant can be punished with an imprisonment for five years. The need to define communication device under the proposed amendments became imperative as the current law is quiet on what kind of devices can be included under this category. The amended IT Act has clarified that a cellphone or a personal digital assistance can be termed as a communication device and action can be initiated accordingly. Accentuated by various scandals that hit the country during the past two years, including the arrest of the CEO of a well-known portal, the government has also introduced new cyber crimes under the proposed law. The amended Act, which was placed before the Lok Sabha during the recently concluded winter session, has excluded the liability of a network service provider with regard to a third partys action. However, it has made cyber stalking, cyber defamation and cyber nuisance an

offence. Anybody found indulging in all these offences can be imprisoned for two years. The proposed changes have also sought amendments in the form of insertions in the Indian Penal Code, thereby declaring identity theft an offence. If a person cheats by using electronic signature, password or any other unique identification feature of any other person, he shall be punished with imprisonment for two years and also liable to fine. Asking for an insertion in the Indian Penal Code as Section 502A of the law, the proposed amendments have said that whoever intentionally or knowingly captures, publishes or transmits the image of a private area of any person without his or her consent, shall be punished with two years of imprisonment and fine of Rs 2 lakh. The private parts can be either naked or undergarment clad public areas. Making the law more technologically neutral, the amended provisions have included authentication of electronic record by any electronic technique. At the moment, electronic records can be authenticated by just digital signatures, the public key infrastructure technology (PKI). With the new provisions, however, biometric factors like thumb impression or retina of an eye shall be included as techniques for authentication. Even as the law makers have tried to cover up for the lapses of the current IT Act, they seem to have made it liberal by way of reducing the punishment from three years to two years. With these changes, a cyber criminal will now be entitled to bail as a matter of right, as and when he gets arrested. Source: http://www.indianexpress.com/ ONLINE CREDIT CARD FRAUD ON E-BAY Bhubaneswar: Rourkela police busted a racket involving an online fraud worth Rs 12.5 lakh. The modus operandi of the accused was to hack into the eBay India website and make purchases in the names of credit cardholders. Two persons, including alleged mastermind Debasis Pandit, a BCA student, were arrested and forwarded to the court of the subdivisional judicial magistrate, Rourkela. The other arrested person is Rabi Narayan

Sahu. Superintendent of police D.S. Kutty said the duo was later remanded in judicial custody but four other persons allegedly involved in the racket were untraceable. A case has been registered against the accused under Sections 420 and 34 of the Indian Penal Code and Section 66 of the IT Act and further investigation is on, he said. While Pandit, son of a retired employee of Rourkela Steel Plant, was arrested from his Sector VII residence last night, Sahu, his associate and a constable, was nabbed at his house in Uditnagar. Pandit allegedly hacked into the eBay India site and gathered the details of around 700 credit cardholders. He then made purchases by using their passwords. The fraud came to the notice of eBay officials when it was detected that several purchases were made from Rourkela while the customers were based in cities such as Bangalore, Baroda and Jaipur and even London, said V. Naini, deputy manager of eBay.The company brought the matter to the notice of Rourkela police after some customers lodged complaints.Pandit used the address of Sahu for delivery of the purchased goods, said police. The gang was involved in train, flight and hotel reservations. The hand of one Satya Samal, recently arrested in Bangalore, is suspected in the crime. Samal had booked a room in a Bangalore hotel for three months. The hotel and transport bills rose to Rs 5 lakh, which he did not pay. Samal was arrested for non-payment of bills, following which Pandit rushed to Bangalore and stood guarantor for his release on bail, police sources said. TAMIL TIGER CREDIT CARD SCAM SPREADS TO CHENNAI, INDIA The Sri Ramachandra Medical College police at Porur, Chennai, arrested G. Elango, a Tamil Tiger agent carrying a British passport, on Friday and seized 28 ATM cards in his possession. The police said Elango illegally withdrew over Rs. 30 lakh from the ATM centres of a few nationalized banks and a private bank. The amount was then sent to the United Kingdom through unauthorized channels. It is learnt that the Chennai Police was alerted by a civilian who had seen Elango using several ATM cards to withdraw money from an ATM centre of a private bank on Mount-Poonamallee Road, Porur. A police team led by the Assistant Commissioner Police

Balasubramaniam caught Elango red-handed while he was withdrawing money from the ATM machine. TWO BANKS WEBSITE HACKED Security firm Sunbelt, which recently discovered that the Bank of India's hacked website was serving dangerous malware, has said the infamous Russian Business Network an ISP linked to child pornography and phishing is behind the attack.The service provider in question has developed a notorious reputation, with VeriSign classifying it as "the baddest of the bad" in the ISP world in June 2006. According to a VeriSign spokesperson, the Russian Business Network (RBN) is different to other service providers because "unlike many ISPs that host predominately legitimate items, RBN is entirely illegal". "A scan of RBN and affiliated ISPs' net space conducted by VeriSign iDefense analysts failed to locate any legitimate activity. Instead, [our] research identified phishing, malicious code, botnet command-andcontrol, denial-of-service attacks and child pornography on every single server owned and operated by RBN," the spokesperson said. RBN almost exclusively attacks non-Russian financial institutions and its leaders' family ties with a "a powerful St Petersburg politician" effectively offer it immunity from prosecution, the spokesperson added. Patrik Runald, senior security specialist at F-Secure, said: "No one knows who the RBN is. They are a secret group based out of St Petersburg that appears to have political connections. The company doesn't legitimately exist. It's not registered and provides hosting for everything that's bad.""Their network infrastructure is behind a lot of the bad stuff we're seeing and it has connections to the MPack Group [a well-known group of cybercriminals which used MPack software to steal confidential data]," said Runald.Runald said that, in the case of the Bank of India's hacked website, RBN used an Iframe to launch another window which then pushed victims to a webpage containing malicious code. "That page contained links to three other pages on other servers," said Runald. "At the time we started looking into it, two out of three URLs had been taken down. The one remaining was trying to use an exploit from 2006 to affect systems with a Trojan downloader. Once infected, that downloader would go out and download another piece of malware, including other downloaders," said Runald.

The Trojans used in this case were designed to steal passwords from PCs and upload Trojan proxies in aide of developing a botnet. Orkut: The new danger Orkut, the online portal, owned by Google finds itself at the centre of debate. A nineteen-year-old student has been accused of making a fake account of a girl. Can we prevent the misuse of this technology by not posting our numbers and pictures? Abhisek never imagined hat the prank he played on his classmate would land him in jail. Abhishek, a management student and still in his teens, was arrested by the Thane police following a girls complaint about tarnishing her image in the public forum - Orkut. The report after being published in Mumbai Mirror has created a stir among the Orkutians and opened up a whole new box of debate. The incident Abhishek had created a fake account in the name of the girl with her mobile number posted on the profile. The profile has been sketched in such a way that it draws lewd comments from many who visit her profile. The Thane Cyber Cell tracked down Abhishek from the false e-mail id that he made to open up the account. The question In this case, the girl has not posted her picture or mobile number in the fake profile. A brief search in the Orkut profile will reveal many such profiles with pictures of beautiful girls. My guess is that many of these girls are not even aware of the fact that their profile exists. These are created by some other people. I will term this as rape of the image. Now the question is Can we really prevent this rape? The debate The Mumbai Mirrors report on the issue came with tips to the Orkut users. Police Sub-Inspector Ravindra Chauhan has been quoted as saying, Orkut users should not put up their photographs on the site. They should not reveal personal information in their profile. Also no cellphone numbers or identity should be mentioned in the scrap book, as it is open to all. But whether this really can be a way out, is debatable. What about the hundreds of CVs I send to the unknown agencies everyday? They even contain my mobile number, says Aditi, a DU

student and a hardcore Orkut addict. She does have a point. The truth is that in todays world mobile numbers are far from being personal information. The proof lies in the numerous sales calls that we receive from credit card agents. On the issue of the photograph, Aditi says, When Orkut gives an opportunity to show your face to the whole world, then why not? When asked about the risks involved, she replied, Who cares? But everyone is not as carefree as Aditi. A brief search in Orkut once more will reveal profiles that have pictures of film stars, flowers, animals, sceneries and not the face of the owner. I will never put my picture on Orkut profile, says Mansi, whose profile in Orkut carries the picture of Aishwarya Rai. Its not safe, anybody and everybody can save it on their computer and can misuse it. But here again the question lies - can we really prevent it? What happens to the hundreds of passport photographs we send with the application forms all our life? Any of them can be scanned and put up without our notice. Are we sure that all copies of the digital pictures taken at our local photography shop are deleted after we leave? I dont know, but there is no harm in being careful, says Mansi. So perhaps even in this age of globalisation and technical advancements we will hold ourselves from showing our face to the entire world for we never know who is misusing it in what way. And as the lawmakers say We cannot do anything, until a complaint is lodged. TRICKS ON EVADING SCAMS The beginning of the new year is the ideal time to make resolutions which should also include your Internet habits. Listed below are a number of suggestions that can help prevent your email address from becoming a target to spammers. Never respond to spam. If you reply, even to request removing your email address from the mailing list, you are confirming that your e-mail address is valid and the spam has been successfully delivered to your inbox. Lists of confirmed e-mail addresses are more valuable to spammers than unconfirmed lists, and are frequently bought and sold by spammers. Check to see if your e-mail address is visible to spammers by typing it into a Web search engine. If your e-mail address is posted to any Web sites or newsgroups, remove it if possible to help reduce how much spam you receive. Disable in-line images, or do not open spam messages. Frequently spam messages include "Web beacons" enabling the spammer to determine how many, or which e-mail addresses have

received and opened the message. Most current e-mail programs disable in-line images by default to prevent this from occurring. Do not click on the links in spam messages, including unsubscribe links. These frequently contain a code that identifies the e-mail address of the recipient, and can confirm the spam has been delivered and that you responded. When unsubscribing from e-mail, the main rule to follow is: if you didn't originally opt-in to receive it, or if you don't recognise the sender / company sending the e-mail, then don't unsubscribe. Trying to unsubscribe from one e-mail can start a flood of mail from other sources, so if you are unsure, it is best not to unsubscribe and block the mail another way. When unsubscribe from mail always check that the links in the e-mail go to the correct company Web site and not a Phishing site. When filling in Web forms, check the site's privacy policy to ensure it will not be sold or passed on to other companies. There may be a checkbox to opt out of third party mailings. Do not respond to e-mail requests to validate or confirm any of your account details. Your bank, credit card company etc. already have your account details, and would not need you to validate them. If you are unsure if a request for personal information from a company is legitimate, contact the company directly or type the Web site URL directly into your browser. .Do not click on the links in the e-mail, as they may be fake links to phishing Web sites. If you have an e-mail address that receives a large amount of spam, consider replacing it with a new address and informing your contacts of the new address. Once you are on lots of spammers' mailing lists, it is likely that the address will receive more and more spam. PHISHING IN PEOPLE'S ACCOUNT Today, 10 times more Indians use the internet for their banking needs than five years ago. And not surprisingly, the number of fraudsters eyeing your account have also multiplied. Globally, $6 billion is stolen from consumer accounts by attacks called phising and the scale of such fraud in India is fast catching up. Sukhwinder Singh can never forget the day he checked his account online in late october last year. His account showed a deduction of Rs 41,000 and he had no clue where the money had gone. Investigation

revealed the money had been transferred to one Harpreet Chohan in Delhi. It was later revealed that Sukhwinder had been a victim of a phishing attack on ICICI Bank. He had given his password and name online by replying to an email sent by the hackers. The hackers then logged into Sukhwinder's account and put in their mobile number instead of his. So that, when they did make the transfer, the message alerting Sukhwinder of the transfer would go out to their mobile and not his. This very move proved to be the hacker's nemesis. The alleged phisher, Harpreet Chohan told CNBC-TV18, "I dont know how the money got into my account. I dont know how to operate a computer, so how can I be a hacker. Cyber security expert, Vijay Mukhi says, "Phishing normally begins by you getting an innocuous e-mail - let's say from the bank - saying that someone is trying to hack into you account so you need to re-give us your password. So, you click on the link. That website is a fake or the spoofed website. Here you actually key in your personal details - you key in you name, your password when you click on ok, you don't realize that your user name and password has gone to the phisher." Once the password and user name are with the phisher, it's only a matter of a few minutes before your money is transferred from your account to the phishers. What's even more threatening is that a phishing attack can be launched sitting in any part of the world. Mukhi says, "The problem with the internet is that it doesn't recognize geographical boundaries. So, today most of the phishing attacks to a bank will never occur from the country itself. I would launch a phishing attack on an Indian bank sitting in America and the spoofed page might be in Taiwan." Finally, when the authorities do catch on, often the money trail leads to empty bank accounts with the cash long vanished. What's more, the attacks have just begun - October has seen over 26,000 phishing attacks worldwide, as compared to 15,000 last year. But industry experts say banks and customers both are catching on at a fast pace. Head of Operations, ICICI Bank, Madhabi Puri Buch explains, "The interesting trend we are seeing in the case of phishing is that, while the number of attempts being made is increasing, the impact of each of these attempts is sharply declining. Aand the reason is very simple, just as the fraudsters are trying many things - both the banks and the customers come together to find ways to react to these attempts very rapidly. And in today's environment, in just a matter of four hours, these malicious sites are clamped down and they have no impact whatsoever on the customer."

Banks across the country have put up alerts against phishing e-mails on their websites and many have even launched campaigns to alert investors against it, so is this a sign of the increasing vulnerability of the industry? Buch says, "When you see the tip of the iceberg is when you have to take action - not when you crash into the iceberg. Since, we believe that customers have such a vital role to play in prevention of fraud - not only in the case of phishing but in all types of financial fraud - we believe that it is part of our duty as a very large player in the financial system to create that awareness amongst a larger and larger set of people."So, just how does a phisher launches an attack? Well, you can't see them..or even hear them but sitting behind computer screens, they are plotting their next move to get to your money. Launching a phishing attack often takes just a few hours and just about anyone can do it. But experts say the sheer ease with which phishing can be executed is threatening as the knowledge on how to launch a phishing attack is often just a click away. Head-S-E Asia & India, Websense Inc, Surinder Singh says, 'Its getting more and more organised by the day. There is a whole set of an organised economy - where there are websites which sell these phishing kits. With these phishing kits, even a layman like me and you without any technical background, can launch these phishing attacks. In one or two days, there are hacking tools which are sold over these websites. It's very well organised and getting bigger by the day. Experts say phishers often meet in online secret chat rooms and trade knowledge on different security systems and new ways of launching attacks across countries. Mukhi explains, 'Once I was at a chat show on the internet and there were some phishers who were sharing ideas and they were all very unanimous - that most of the banks in India do not have an emergency response team for phishers and they don't respond as fast as an American or European bank would. So, phishers are now going to target Indian banks because they get more user names and passwords than any other banks. Buch says, 'We have created a special place where an alert can be given and we have found that the speed of response is extremely high. Within half an hour or a couple of hours of the mail first reaching us, we get an alert. The authorities have been extremely helpful. Through the authorities, we are able to bring down the site and there is no damage done to our customers. We are available to our customers 24x7 on so

many channels. The people who are mapped to that e-mail ID that I mentioned - in addition to the executive director, it goes to a host of people who are on duty and on call 24x7.' Sounds far fetched? Not really. Just a few days ago, UTI Bank was the victim of a phishing attack. The Delhi police has arrested four Nigerian nationals and an Indian in the case. According to the police, Oxabe and his accomplices allegedly sent e-mails that included a hyper-link within the e-mail itself. A click on that link took the recipients to a web page which was identical to UTI Bank's site. After the customers had logged in with their passwords and names, the information was sent to the alleged fraudsters who then used the information to transfer large sums of money to various accounts, all over the world, using the internet banking facility. The police believe its an international racket involving even more people, sitting in various parts of the world. Additional Commissioner of Police, Delhi police, KK Vyas says, 'They had organised this racket in which they actually sent phishing mails using UTI Bank's details. They had copied the UTI logo etc and on that basis, they prepared letters as if they had originated from the bank. But phishing attacks are continuing unabated. Last month, UTI Bank filed an FIR with the Delhi police after it received complaints from customers that cash had been debited from their accounts without their knowledge. Customers from Thane, Delhi, Vishakapatnam, Nasik and Ahmedabad - all had one thing in commonthey had replied to an e-mail from the bank. The damage: 30 customers who lost Rs 20 lakhs and this amount was reported by the ones who caught on early. KK Vyas explains, 'We had been receiving more and more complaints and that means this scam could run into a very high proportion. It is quite possible that other branches of UTI Bank in various parts of the country might also be affected. So, the process of verification is going on and we are in the process of identifying where all the money has gone.'Data from the Computer Emergency Response Team India shows phishing attacks are on the rise. The year 2005 saw 86 incidents of phishing reports. In 2006, this number more than doubled to 200 incidents. Not only were attacks being launched in India but 2006 saw the maximum phishing attacks being launched from India on other countries as well. Security expert, Surinder Singh says, 'As per Web-sense Security Lab, we find that at any given point in time in 2006, there were 2 to 300 websites being hosted. There was a spurt in October where we identified 790 websites which were hosted in India and being used to carry out attacks.

Buch adds, 'Over the last six months, we have done three specific initiatives. We introduced true factor verification on the website, which means in addition to the user ID and password, the customer now has a challenge mechanism, where we ask them things only they know and only if the answer is correct, do we allow him to do a transaction. ' But Singh admits, 'No system is perfect because all these criminals also study what protection techniques are being used and they will come up with something new. Its kind of a guerilla war. You can limit the phishing incident, so you can reduce the exposure but theres no way of totally eliminating it. Phishing and phishers may be keeping banks on high alert but the law is lagging far behind. Cyber Law expert, Pawan Duggal explains, 'Phishing is not an offence that is specifically defined under the IT Act, 2000. The law enforcement authorities are keen if at all to report and register a case under the typical generic provisions of cheating and criminal breach of trust under the Indian Penal Code, IPC.' One of the bigest problems when you encounter phishing is that of cyber jurisdiction. Since these attacks are launched from any part of the world with the victim in a separate country, prosecutions of such cases becomes even more difficult. Duggal says, 'One of the biggest problems in phishing is how do you go ahead and arrest these kind of offenders. If you look at the law book, it gives you an academic answer. The IT Act, 2000 has extra-territorial jurisdiction and it applies to any person of any nationality anywhere in the world - so long as the impacted computer is physically located in India. But having said that, the reality is that the Indian law is still not applicable to people outside the territorial boundaries. Therefore, the law enforcement agencies reach a dead end.' With the loopholes in the law, the best way to keep your money safe is to protect yourself from such attacks. Here's how to do that: * Be on the alert when a banking e-mail uses dramatic information to get you to react immediately. * Beware of e-mails from shopping websites offering free goods. It might be a scam to get your banking details. * Phishing e-mails are not personalized. Your bank will generally use your name when they contact you. * Finally, clicking on phishing sites may install a spying device on your

computer. Downloading an anti-spyware programme will help. Buch adds, 'We believe that working together with an alert set of customers and with banks who take very rapid action is the perfect antidote. With the authorities coming in and catching and penalizing the offenders, this combination is very rapidly going to make it not worthwhile for a fraudster to even attempt it.' India is at tenth place when it comes to hosting phishing sites with the US and China biting the phishing bait more often. The United States remains at the top with 28.78% of all phishing sites located out of the United States and 11.96% out of China. Korea, Germany, Australia, Canada, Japan, United Kingdom, Italy and India are the other countries where phishing attacks are prevalent. As of now, 2.11% of the phishing sites are located in India. Singh says, 'India on the threshold of having more and more people getting into online banking or taking online peronal loans. So, it won't be a surprise if someday someone tells me that out of the total size of frauds happening - India would be at 1% or 2% - but even that would be Rs 200 crore. Though Buch says, If you look internationally at any of the large 3-4 banks in the world, they would be experiencing one phishing attempt a day. We are nowhere near that number.'But even as banks are gearing up to tackle phishing, there is another kind of threat emerging - phishers are trying to get account details over the phone and this is called wishing. Singh explains, 'Instead of phishing, it's something called 'wishing', where they are using VoIP. Banks are telling people not to click on links. Now emails are coming saying that call us on this number for some particular reason and when people dial that number, actually it's not going to the interactive voice response or IVR of the bank, it's going to some other IVR, which mimicks the IVR of the bank and you are asked your credit card details or some other details. So, new ways will keep coming up.

Cyber Law in INDIA

Why Cyberlaw in India ? When Internet was developed, the founding fathers of Internet hardly had any inclination that Internet could transform itself into an all pervading revolution which could be misused for criminal activities and which required regulation. Today, there are many disturbing things

happening in cyberspace. Due to the anonymous nature of the Internet, it is possible to engage into a variety of criminal activities with impunity and people with intelligence, have been grossly misusing this aspect of the Internet to perpetuate criminal activities in cyberspace. Hence the need for Cyberlaws in India. What is the importance of Cyberlaw ? Cyberlaw is important because it touches almost all aspects of transactions and activities on and concerning the Internet, the World Wide Web and Cyberspace. Initially it may seem that Cyberlaws is a very technical field and that it does not have any bearing to most activities in Cyberspace. But the actual truth is that nothing could be further than the truth. Whether we realize it or not, every action and every reaction in Cyberspace has some legal and Cyber legal perspectives.

Does Cyberlaw concern me ? Yes, Cyberlaw does concern you. As the nature of Internet is changing and this new medium is being seen as the ultimate medium ever evolved in human history, every activity of yours in Cyberspace can and will have a Cyberlegal perspective. From the time you register your Domain Name, to the time you set up your web site, to the time you promote your website, to the time when you send and receive emails , to the time you conduct electronic commerce transactions on the said site, at every point of time, there are various Cyberlaw issues involved. You may not be bothered about these issues today because you may feel that they are very distant from you and that they do not have an impact on your Cyber activities. But sooner or later, you will have to tighten your belts and take note of Cyberlaw for your own benefit. Cyberlaw Awareness program Are your electronic transactions legally binding and authentic? Are you verifying your customers' identities to prevent identity theft? Does your online terms and conditions have binding effect? Are you providing appropriate information and clear steps for forming and concluding your

online transactions? How are you ensuring data protection and information security on your web site? Are you recognising the rights of your data subjects? Transacting on the Internet has wide legal implications as it alters the conventional methods of doing business. To build enduring relationships with your online customers the legal issues of e-transactions need to be addressed from the onset. This Awareness program will cover The basics of Internet Security Basic information on Indian Cyber Law Impact of technology aided crime Indian IT Act on covering the legal aspects of all Online Activities Types of Internet policies required for an Organization. Minium hardware and software, security measures required in an organization to protect data Advantages of Cyber Laws

The IT Act 2000 attempts to change outdated laws and provides ways to deal with cyber crimes. We need such laws so that people can perform purchase transactions over the Net through credit cards without fear of misuse. The Act offers the much-needed legal framework so that information is not denied legal effect, validity or enforceability, solely on the ground that it is in the form of electronic records. In view of the growth in transactions and communications carried out through electronic records, the Act seeks to empower government departments to accept filing, creating and retention of official documents in the digital format. The Act has also proposed a legal framework for the authentication and origin of electronic records / communications through digital signature. * From the perspective of e-commerce in India, the IT Act 2000 and its provisions contain many positive aspects. Firstly, the implications of these provisions for the e-businesses would be that email would now be a valid and legal form of communication in our country that can be duly produced and approved in a court of law. * Companies shall now be able to carry out electronic commerce using the legal infrastructure provided by the Act. * Digital signatures have been given legal validity and sanction in the

Act. * The Act throws open the doors for the entry of corporate companies in the business of being Certifying Authorities for issuing Digital Signatures Certificates. * The Act now allows Government to issue notification on the web thus heralding e-governance. * The Act enables the companies to file any form, application or any other document with any office, authority, body or agency owned or controlled by the appropriate Government in electronic form by means of such electronic form as may be prescribed by the appropriate Government. * The IT Act also addresses the important issues of security, which are so critical to the success of electronic transactions. The Act has given a legal definition to the concept of secure digital signatures that would be required to have been passed through a system of a security procedure, as stipulated by the Government at a later date. * Under the IT Act, 2000, it shall now be possible for corporates to have a statutory remedy in case if anyone breaks into their computer systems or network and cause loss. ses damages or copies data. The remedy provided by the Act is in the form of monetary damages, not exceeding Rs. 1 crore. 2 Sides of INDIAN Cyber Law or IT Act of INDIA Cyber laws are meant to set the definite pattern, some rules and guidelines that defined certain business activities going on through internet legal and certain illegal and hence punishable . The IT Act 2000, the cyber law of India , gives the legal framework so that information is not denied legal effect, validity or enforceability, solely on the ground that it is in the form of electronic records. One cannot regard government as complete failure in shielding numerous e-commerce activities on the firm basis of which this industry has got to its skies, but then the law cannot be regarded as free from ambiguities. MMS porn case in which the CEO of bazee.com(an Ebay Company) was arrested for allegedly selling the MMS clips involving school children on its website is the most apt example in this reference. Other cases where the law becomes hazy in its stand includes the case where the newspaper Mid-Daily published the pictures of the Indian actor kissing

her boyfriend at the Bombay nightspot and the arrest of Krishan Kumar for illegally using the internet account of Col. (Retd.) J.S. Bajwa. The IT Act 2000 attempts to change outdated laws and provides ways to deal with cyber crimes. Lets have an overview of the law where it takes a firm stand and has got successful in the reason for which it was framed. 1. The E-commerce industry carries out its business via transactions and communications done through electronic records . It thus becomes essential that such transactions be made legal . Keeping this point in the consideration, the IT Act 2000 empowers the government departments to accept filing, creating and retention of official documents in the digital format. The Act also puts forward the proposal for setting up the legal framework essential for the authentication and origin of electronic records / communications through digital signature. 2. The Act legalizes the e-mail and gives it the status of being valid form of carrying out communication in India . This implies that e-mails can be duly produced and approved in a court of law , thus can be a regarded as substantial document to carry out legal proceedings. 3. The act also talks about digital signatures and digital records . These have been also awarded the status of being legal and valid means that can form strong basis for launching litigation in a court of law. It invites the corporate companies in the business of being Certifying Authorities for issuing secure Digital Signatures Certificates. 4. The Act now allows Government to issue notification on the web thus heralding e-governance. 5. It eases the task of companies of the filing any form, application or document by laying down the guidelines to be submitted at any appropriate office, authority, body or agency owned or controlled by the government. This will help in saving costs, time and manpower for the corporates. 6. The act also provides statutory remedy to the coporates in case the crime against the accused for breaking into their computer systems or network and damaging and copying the data is proven. The remedy provided by the Act is in the form of monetary damages, not exceeding Rs. 1 crore($200,000).

7. Also the law sets up the Territorial Jurisdiction of the Adjudicating Officers for cyber crimes and the Cyber Regulations Appellate Tribunal. 8. The law has also laid guidelines for providing Internet Services on a license on a non-exclusive basis. The IT Law 2000, though appears to be self sufficient, it takes mixed stand when it comes to many practical situations. It looses its certainty at many places like: 1. The law misses out completely the issue of Intellectual Property Rights, and makes no provisions whatsoever for copyrighting, trade marking or patenting of electronic information and data. The law even doesnt talk of the rights and liabilities of domain name holders , the first step of entering into the e-commerce. 2. 2. The law even stays silent over the regulation of electronic payments gateway and segregates the negotiable instruments from the applicability of the IT Act , which may have major effect on the growth of e-commerce in India . It leads to make the banking and financial sectors irresolute in their stands . 3. The act empowers the Deputy Superintendent of Police to look up into the investigations and filling of charge sheet when any case related to cyber law is called. This approach is likely to result in misuse in the context of Corporate India as companies have public offices which would come within the ambit of "public place" under the Act. As a result, companies will not be able to escape potential harassment at the hands of the DSP. 4. Internet is a borderless medium ; it spreads to every corner of the world where life is possible and hence is the cyber criminal. Then how come is it possible to feel relaxed and secured once this law is enforced in the nation?? The Act initially was supposed to apply to crimes committed all over the world, but nobody knows how can this be achieved in practice , how to enforce it all over the world at the same time??? * The IT Act is silent on filming anyones personal actions in public and then distributing it electronically. It holds ISPs (Internet Service Providers) responsible for third party data and information, unless contravention is committed without their knowledge or unless the ISP has undertaken due diligence to prevent the contravention .

* For example, many Delhi based newspapers advertise the massage parlors; and in few cases even show the therapeutic masseurs hidden behind the mask, who actually are prostitutes. Delhi Police has been successful in busting out a few such rackets but then it is not sure of the action it can takeshould it arrest the owners and editors of newspapers or wait for some new clauses in the Act to be added up?? Even the much hyped case of the arrest of Bajaj, the CEO of Bazee.com, was a consequence of this particular ambiguity of the law. One cannot expect an ISP to monitor what information their subscribers are sending out, all 24 hours a day. Cyber law is a generic term, which denotes all aspects, issues and the legal consequences on the Internet, the World Wide Web and cyber space. India is the 12th nation in the world that has cyber legislation apart from countries like the US, Singapore, France, Malaysia and Japan . But can the cyber laws of the country be regarded as sufficient and secure enough to provide a strong platform to the countrys e-commerce industry for which they were meant?? India has failed to keep in pace with the world in this respect, and the consequence is not far enough from our sight; most of the big customers of India s outsourcing company have started to re-think of carrying out their business in India .Bajajs case has given the strongest blow in this respect and have broken India s share in outsourcing market as a leader. If India doesnt want to loose its position and wishes to stay as the worlds leader forever in outsourcing market, it needs to take fast but intelligent steps to cover the glaring loopholes of the Act, or else the day is not far when the scenario of India ruling the worlds outsourcing market will stay alive in the dreams only as it will be overtaken by its competitors. About Cyber Law The cyber law, in any country of the World, cannot be effective unless the concerned legal system has the following three pre requisites: (1) A sound Cyber Law regime, (2) A sound enforcement machinery, and (3) A sound judicial system.

Let us analyse the Indian Cyber law on the above parameters. (1) Sound Cyber Law regime: The Cyber law in India can be found in the form of IT Act, 2000.[1] Now the IT Act, as originally enacted, was suffering from various loopholes and lacunas. These grey areas were excusable since India introduced the law recently and every law needs some time to mature and grow. It was understood that over a period of time it will grow and further amendments will be introduced to make it compatible with the International standards. It is important to realise that we need qualitative law and not quantitative laws. In other words, one single Act can fulfil the need of the hour provided we give it a dedicated and futuristic treatment. The dedicated law essentially requires a consideration of public interest as against interest of few influential segments. Further, the futuristic aspect requires an additional exercise and pain of deciding the trend that may be faced in future. This exercise is not needed while legislating for traditional laws but the nature of cyber space is such that we have to take additional precautions. Since the Internet is boundary less, any person sitting in an alien territory can do havoc with the computer system of India. For instance, the Information Technology is much more advanced in other countries. If India does not shed its traditional core that it will be vulnerable to numerous cyber threats in the future. The need of the hour is not only to consider the contemporary standards of the countries having developed Information Technology standards but to anticipate future threats as well in advance. Thus, a futuristic aspect of the current law has to be considered.Now the big question is whether India is following this approach? Unfortunately, the answer is in NEGATIVE. Firstly, the IT Act was deficient in certain aspects, though that was bound to happen. However, instead of bringing the suitable amendments, the Proposed IT Act, 2000 amendments have further diluted the criminal provisions of the Act. The national interest was ignored for the sake of commercial expediencies. The proposed amendments have made the IT Act a tiger without teeth and a remedy worst than malady. (2) A sound enforcement machinery: A law might have been properly enacted and may be theoretically effective too but it is useless unless enforced in its true letter and spirit. The law enforcement machinery in India is not well equipped to deal with cyber law offences and contraventions. They must be trained

appropriately and should be provided with suitable technological support. (3) A sound judicial system: A sound judicial system is the backbone for preserving the law and order in a society. It is commonly misunderstood that it is the sole responsibility of the Bench alone to maintain law and order. That is a misleading notion and the Bar is equally responsible for maintaining it. This essentially means a rigorous training of the members of both the Bar and the Bench. The fact is that the cyber law is in its infancy stage in India hence not much Judges and Lawyers are aware of it. Thus, a sound cyber law training of the Judges and Lawyers is the need of the hour.In short, the dream for an Ideal Cyber Law in India requires a considerable amount of time, money and resources. In the present state of things, it may take five more years to appreciate its application. The good news is that Government has sanctioned a considerable amount as a grant to bring e-governance within the judicial functioning. The need of the hour is to appreciate the difference between mere computerisation and cyber law literacy.[2] The judges and lawyers must be trained in the contemporary legal issues like cyber law so that their enforcement in India is effective. With all the challenges that India is facing in education and training, e-learning has a lot of answers and needs to be addressed seriously by the countries planners and private industry alike. E-learning can provide education to a large population not having access to it.[3] II. Critical evaluation of the proposed IT Act, 2000 amendments The proposed IT Act, 2000 amendments are neither desirable nor conducive for the growth of ICT in India. They are suffering from numerous drawbacks and grey areas and they must not be transformed into the law of the land.[4] These amendments must be seen in the light of contemporary standards and requirements.[5] Some of the more pressing and genuine requirements in this regard are: (a) There are no security concerns for e-governance in India[6] (b) The concept of due diligence for companies and its officers is not clear to the concerned segments[7] (c) The use of ICT for justice administration must be enhanced and improved[8] (d) The offence of cyber extortions must be added to the IT Act, 2000 along with Cyber Terrorism and other contemporary cyber crimes[9] (e) The increasing nuisance of e-mail hijacking and hacking must also

be addressed[10] (f) The use of ICT for day to day procedural matters must be considered[11] (g) The legal risks of e-commerce in India must be kept in mind[12] (h) The concepts of private defence and aggressive defence are missing from the IT Act, 2000[13] (i) Internet banking and its legal challenges in India must be considered[14] (j) Adequate and reasonable provisions must me made in the IT Act, 2000 regarding Internet censorship[15] (k) The use of private defence for cyber terrorism must be introduced in the IT Act, 2000[16] (l) The legality of sting operations (like Channel 4) must be adjudged[17] (m) The deficiencies of Indian ICT strategies must be removed as soon as possible[18] (n) A sound BPO platform must be established in India, etc[19]. The concerns are too many to be discussed in this short article. The Government must seriously take the genuine concerns and should avoid the cosmetic changes that may shake the base of already weak cyber law in India. III. Conclusion The Government has mistakenly relied too much upon self governance by private sectors and in that zeal kept aside the welfare State role. The concept of self governance may be appropriate for matters having civil consequences but a catastrophic blunder for matter pertaining to crimes, offences, contraventions and cyber crimes. Further, the Government must also draw a line between privatisation and abdication of duties as imposed by the Supreme Constitution of India. The concepts of Public-Private Partnerships must be reformulated keeping in mind the welfare State role of India.[20] The collective expertise must be used rather than choosing a segment that is not representing the silent majority.[21] It would be appropriate if the Government puts the approved draft by the Cabinet before the public for their inputs before finally placing them before the Parliament COMPUTER CRIME: Computer crime, cyber crime, e-crime, hi-tech crime or electronic crime generally refers to criminal activity where a computer or network is the

source, tool, target, or place of a crime. These categories are not exclusive and many activities can be characterized as falling in one or more category. Additionally, although the terms computer crime or cybercrime are more properly restricted to describing criminal activity in which the computer or network is a necessary part of the crime, these terms are also sometimes used to include traditional crimes, such as fraud, theft, blackmail, forgery, and embezzlement, in which computers or networks are used to facilitate the illicit activity. Computer crime or cyber crime can broadly be defined as criminal activity involving an information technology infrastructure, including illegal access (unauthorized access), illegal interception (by technical means of non-public transmissions of computer data to, from or within a computer system), data interference (unauthorized damaging, deletion, deterioration, alteration or suppression of computer data), systems interference (interfering with the functioning of a computer system by inputting, transmitting, damaging, deleting, deteriorating, altering or suppressing computer data), misuse of devices, forgery (ID theft), and electronic fraud. Discussion A common example would be when a person intends to steal information from, or cause damage to, a computer or computer network. This can be entirely virtual in that the information only exists in digital form, and the damage, while real, has no physical consequence other than the machine ceases to function. In some legal systems, intangible property cannot be stolen and the damage must be visible, e.g. as resulting from a blow from a hammer. Yet denial of service attacks for the purposes of extortion may result in significant damage both to the system and the profitability of the site targeted. A further problem is that many definitions have not kept pace with the technology. For example, where the offense requires proof of a trick or deception as the operative cause of the theft, this may require the mind of a human being to change and so do or refrain from doing something that causes the loss. Increasingly, computer systems control access to goods and services. If a criminal manipulates the system into releasing the goods or authorizing the services, has there been a "trick", has there been a "deception", does the machine act because it "believes" payment to have been made, does the machine have "knowledge", does the machine "do" or "refrain from doing" something it has been programmed to do (or not). Where humancentric terminology is used for crimes relying on natural language skills and innate gullibility, definitions have to be modified to ensure that

fraudulent behavior remains criminal no matter how it is committed (consider the definition of wire fraud). Issues surrounding hacking, copyright infringement through warez, child pornography, and paedophilia (see child grooming), have become highprofile. But this emphasis fails to consider the equally real but less spectacular issues of obscene graffiti appearing on websites and "cyberstalking" or harassment that can affect everyday life. There are also problems of privacy when confidential information is lost, say, when an e-mail is intercepted whether through illegal hacking, legitimate monitoring (increasingly common in the workplace) or when it is simply read by an unauthorized or unintended person. E-mail and Short Message Service (SMS) messages are seen as casual communication including many things that would never be put in a letter. But unlike spoken communication, there is no intonation and accenting, so the message can be more easily distorted or interpreted as offensive. In England and Wales, s43 Telecommunications Act 1984 makes it an offense to use a public telecommunications network to send 'grossly offensive, threatening or obscene' material, and a 'public telecommunications network' is widely enough defined to cover Internet traffic which goes through telephone lines or other cables. Secondly, a computer can be the tool, used, for example, to plan or commit an offense such as larceny or the distribution of child pornography. The growth of international data communications and in particular the Internet has made these crimes both more common and more difficult to police. And using encryption techniques, criminals may conspire or exchange data with fewer opportunities for the police to monitor and intercept. This requires modification to the standard warrants for search, telephone tapping, etc. Thirdly, a computer can be a source of evidence. Even though the computer is not directly used for criminal purposes, it is an excellent device for record keeping, particularly given the power to encrypt the data. If this evidence can be obtained and decrypted, it can be of great value to criminal investigators. Thus, specialized government agencies and units have been set up to develop the necessary expertise. See below for a link to the U.S. Department of Justice's website about ecrime and its computer forensics services.

Computer Fraud Computer fraud is any dishonest misrepresentation of fact intended to induce another to do or refrain from doing something which causes loss. In this context, the fraud will result in obtaining a benefit by: * altering computer input in an unauthorized way. This requires little technical expertise and is not an uncommon form of theft by employees altering the data before entry or entering false data, or by entering unauthorized instructions or using unauthorized processes; * altering, destroying, suppressing, or stealing output, usually to conceal unauthorized transactions: this is difficult to detect; * altering or deleting stored data; or * altering or misusing existing system tools or software packages, or altering or writing code for fraudulent purposes. This requires real programming skills and is not common. Manipulating banking systems to make unauthorized identity theft with reference to ATM fraud. Offensive Content The content of websites and other electronic communications may be harmful, distasteful or offensive for a variety of reasons. Most countries have enacted law that place some limits on the freedom of speech and ban racist, blasphemous, politically subversive, seditious or inflammatory material that tends to incite hate crimes. This is a sensitive area in which the courts can become involved in arbitrating between groups with entrenched beliefs, each convinced that their point of view has been unreasonably attacked. In England, s28 Crime and Disorder Act 1998 defines a racial group, following Mandla v Dowell-Lee (1983) 2 AC 548 (in which a requirement to wear a cap as part of a school uniform had the effect of excluding Sikh boys whose religion required them to wear a turban), as a group of persons defined by reference to race, color, nationality (including citizenship) or ethnic or national origin; and a religious group as a group of persons defined by reference to religious belief or lack of religious belief. Therefore, it is equally an offense to show hostility to a person who practices a particular faith as to a person who has no religious belief or faith. Harassment Whereas content may be offensive in a non-specific way, harassment directs obscenities and derogatory comments at specific individuals

focusing for example on gender, race, religion, nationality, sexual orientation. This often occurs in chat rooms, through newsgroups, and by sending hate e-mail to interested parties (see cyber bullying, harassment by computer, stalking, and cyberstalking). In England, in a broader form than s43 Telecommunications Act 1984, s1 Malicious Communications Act 1988 makes it an offense to send an indecent, offensive or threatening letter, electronic communication or other article to another person. Now, s2 Protection from Harassment Act 1997 criminalizes a course of conduct amounting to harassment which the defendant knows, or ought to know, amounts to harassment of another. If a reasonable person in possession of the same information would think the course of conduct amounted to harassment of the other, the knowledge will be imputed to the defendant. Although harassment is not defined, s7 states that it includes causing alarm or distress, and conduct is defined as including speech in all its forms. In DPP v Collins (2006) 1 WLR 308 the defendant repeatedly telephoned the offices of his MP on a wide range of political matters. In conversations with employees at the office and on messages left on the telephone answering machine, he used racist terms to show the frustration he felt at the way in which his affairs were being handled. No-one was personally offended, but the staff became depressed. Charged under s127(1) Communications Act 2003, the magistrates found that the terms were offensive but that a reasonable person would not find them grossly offensive. To determine whether any message content is merely offensive or grossly offensive depended on their particular circumstances and context, i.e. in the wider society which is an open and just multi-racial society, the test of offensiveness was objective. More problematic are deliberate attacks which amount to defamation although, in March 2006, Michael Keith-Smith became the first person to win damages from an individual internet user after she accused him of being a 'sex offender' and 'racist blogger' on a Yahoo! discussion site. She also claimed that his wife was a prostitute. The High Court judge decided that Tracy Williams, of Oldham, was "particularly abusive" and "her statements demonstrated that ... she had no intention of stopping her libellous and defamatory behavior". She was ordered to pay 10,000 in damages, plus 7,200 costs. In general, libel is not treated as a criminal matter except when it may provoke the person defamed into retaliatory violence (All forms of unsolicited e-mail and advertisements can also be considered to be forms of Internet harassment where the content is offensive or of an explicit sexual nature. Now termed spam, it has been criminalized in various countries.

Drug Trafficking Drug traffickers are increasingly taking advantage of the Internet to sell their illegal substances through encrypted e-mail and other Internet Technology. Some drug traffickers arrange deals at internet cafes, use courier Web sites to track illegal packages of pills, and swap recipes for amphetamines in restricted-access chat rooms. The Internet's easy-to-learn, fast-paced character, global impact, and fairly reliable privacy features facilitate the marketing of illicit drugs. Detecting money laundering of cash earned by drug traffickers is very difficult, because dealers are now able to use electronic commerce and Internet banking facilities. Also, traffickers have been using online package tracking services offered by courier companies to keep tabs on the progress of their shipments. If there happened to be some sort of undue delay, this could signal authority interception of the drugs, which would still allow the dealers time to cover their tracks. Law enforcement is also more deficient because illicit drug deals are arranged instantaneously, over short distances, making interception by authorities much more difficult. The rise in Internet drug trades could also be attributed to the lack of face-to-face communication. These virtual exchanges allow more intimidated individuals to more comfortably purchase illegal drugs. The sketchy effects that are often associated with drug trades are severely minimized and the filtering process that comes with physical interaction fades away. Furthermore, traditional drug recipes were carefully kept secrets. But with modern computer technology, this information is now being made available to anyone with computer access. Crimes such as these are not as easily thwarted with the installation of traditional security systems which could include wired or wireless security cameras or the like, and generally require the implementation of other security measures. To understand the techniques for securing a computer system, it is important to first understand the various types of "attacks" that can be made against it. It should be noted, there are numerous third party vendors which not only produce software capable of monitoring these computer systems internally, but there are security products capable of monitoring external activity, whether observed or hidden monitoring, such as via security cameras or other similar security system types.

Cyber crimes can ruin your online presence also known as online reputation. There are people like Michael Fertik, CEO of Reputation.com that can help you fix your online reputation if needed. Internet Crime Internet crime is crime committed on the Internet, using the Internet and by means of the Internet. Computer crime is a general term that embraces such crimes as phishing, credit card frauds, bank robbery, illegal downloading, industrial espionage, child pornography, kidnapping children via chat rooms, scams, cyber terrorism, creation and/or distribution of viruses, Spam and so on. All such crimes are computer related and facilitated crimes. With the evolution of the Internet, along came another revolution of crime where the perpetrators commit acts of crime and wrongdoing on the World Wide Web. Internet crime takes many faces and is committed in diverse fashions. The number of users and their diversity in their makeup has exposed the Internet to everyone. Some criminals in the Internet have grown up understanding this superhighway of information, unlike the older generation of users. This is why Internet crime has now become a growing problem in the United States. Some crimes committed on the Internet have been exposed to the world and some remain a mystery up until they are perpetrated against someone or some company. The different types of Internet crime vary in their design and how easily they are able to be committed. Internet crimes can be separated into two different categories. There are crimes that are only committed while being on the Internet and are created exclusively because of the World Wide Web. The typical crimes in criminal history are now being brought to a whole different level of innovation and ingenuity. Such new crimes devoted to the Internet are email phishing, hijacking domain names, virus immistion, and cyber vandalism. A couple of these crimes are activities that have been exposed and introduced into the world. People have been trying to solve virus problems by installing virus protection software and other software that can protect their computers. Other crimes such as email phishing are not as known to the public until an individual receives one of these fraudulent emails. These emails are cover faced by the illusion that the email is from your bank or another bank. When a person reads the email he/she is informed of a problem with he/she personal account or another individual wants to send the

person some of their money and deposit it directly into their account. The email asks for your personal account information and when a person gives this information away, they are financing the work of a criminal Statistics The statistics that have been obtained and reported about demonstrate the seriousness Internet crimes in the world. Just the "phishing" emails mentioned in a previous paragraph produce one billion dollars for their perpetrators (Dalton 1). In a FBI survey in early 2004, 90 percent of the 500 companies surveyed reported a security breach and 80 percent of those suffered a financial loss (Fisher 22). A national statistic in 2003 stated that four billion dollars in credit card fraud are lost each year. Only two percent of credit card transactions take place over the Internet but fifty percent of the four billion, mentioned before, are from the transaction online (Burden and Palmer 5). All these finding are just an illustration of the misuse of the Internet and a reason why Internet crime has to be slowed down. Stopping the problem The question about how to police these crimes has already been constructed, but this task is turning out to be an uphill battle. Since the first computer crime law, the Counterfeit Access Device and Computer Fraud and Abuse Act of 1984, the government has been trying to track down and stop online criminals. The FBI has tried many programs and investigations in order to deter Internet crime, like creating an online crime registry for employers (Metchik 29). The reality is that Internet criminals are rarely caught. One reason is that hackers will use one computer in one country to hack another computer in another country. Another eluding technique used is the changing of the emails, which are involved in virus attacks and phishing emails so that a pattern cannot be recognized. An individual can do their best to protect themselves simply by being cautious and careful. Internet users need to watch suspicious emails, use unique passwords, and run anti-virus and antispyware software. Do not open any email or run programs from unknown sources.

Internet Fraud
Overview

Internet fraud is committed in several ways. The FBI and police agencies worldwide have people assigned to combat this type of fraud; according to figures from the FBI, U.S. companies' losses due to Internet fraud in 2003 surpassed US$500 million. In some cases, fictitious merchants advertise goods for very low prices and never deliver. However, that type of fraud is minuscule compared to criminals using stolen credit card information to buy goods and services. The Internet serves as an excellent tool for investors, allowing them to easily and inexpensively research investment opportunities. But the Internet is also an excellent tool for fraudsters. Geographic Origin In some cases Internet Fraud schemes originate in the US and European countries, but a significant proportion seems to come from Africa, particularly Nigeria and Ghana, and sometimes from Egypt. Some originate in Eastern Europe, Southwest Asia and China. For some reason, many fraudulent orders seem to originate from Belgium, from Amsterdam in the Netherlands, from Norway, and from Malm in Sweden. Geographic targets Europe, US, and some Asia Pacific countries like Singapore and Australia are the leading targets of this type of fraud. Popular products Fraudsters seem to prefer small and valuable products, such as: watches, jewelry, laptops, ink cartridges, digital cameras, and camcorders. These items are usually commodities that are easily sellable and have a broad range of appeal. However, fraud in hosted marketplaces such as Ebay covers a broad range of products from cellular phones to desktop computers. The craft has continually evolved in sophistication. In some instances, a picture of the product is sent in place of the actual product. Other times, products are outright never sent after the bill is charged to credit card accounts. Victims are left to deal with credit card companies for chargebacks.

Some Fraudsters market intangibles such as software downloads or documentation. Pricing on such items is low in order to encourage a purchase perceived by the consumer as low risk (in accordance with low cost.) Software download scams are frequently targeted at highpopulation buying communities such as online gaming worlds. Wow stat hack is an example of one such scam. Identity theft schemes Stolen credit cards Most Internet fraud is done through the use of stolen credit card information which is obtained in many ways, the simplest being copying information from retailers, either online or offline. There have been many cases of crackers obtaining huge quantities of credit card information from companies' databases. There have been cases of employees of companies that deal with millions of customers in which they were selling the credit card information to criminals. Despite the claims of the credit card industry and various merchants, using credit cards for online purchases can be insecure and carry a certain risk. Even so called "secure transactions" are not fully secure, since the information needs to be decrypted to plain text in order to process it. This is one of the points where credit card information is typically stolen. Get wire transfer info Some fraudsters approach merchants asking them for large quotes. After they quickly accept the merchant's quote, they ask for wire transfer information to send payment. Immediately, they use online check issuing systems as Qchex that require nothing but a working email, to produce checks that they use to pay other merchants or simply send associates to cash them. Purchase scams Direct solicitations The most straightforward type of purchase scam is a buyer in another country approaching many merchants through spamming them and directly asking them if they can ship to them using credit cards to pay. An example of such email is as follows:

From: XXXXXX XXXXXX [XXXXXXX@hotmail.com] Sent: Saturday, October 01, 2005 11:35 AM Subject: International order enquiry Goodday Sales, This is XXXXXX XXXXXXX and I will like to place an order for some products in your store, But before I proceed with listing my requirements, I will like to know if you accept credit card and can ship internationally to Lagos, Nigeria. Could you get back to me with your website so as to forward you the list of my requirements as soon as possible. Regards, XXXXXX XXXXXX, XXXXXXXX Inc. 9999 XXXXX street, Mushin, Lagos 23401, Nigeria Telephone: 234-1-99999999, Fax: 234-1-9999999, Email: XXXXXXXXX@hotmail.com Most likely, a few weeks or months after the merchant ships and charges the Nigerian credit card, he/she will be hit with a chargeback from the credit card processor and lose all the money. Counterfeit Postal Money Orders According to the FBI and postal inspectors, there has been a significant surge in the use of Counterfeit Postal Money Orders since October 2004. More than 3,700 counterfeit postal money orders (CPMOs) were intercepted by authorities from October to December of 2004, and according to the USPS, the "quality" of the counterfeits is so good that ordinary consumers can easily be fooled. On March 9, 2005, the FDIC issued an alert [1] stating that it had learned that counterfeit U.S. Postal Money Orders had been presented for payment at financial institutions. On April 26, 2005, Tom Zeller Jr. wrote an article in The New York Times[2] regarding a surge in the quantity and quality of the forging of U.S. Postal Money Orders, and its use to commit online fraud. The article shows a picture of a man that had been corresponding with a woman in Nigeria through a dating site, and received several fake postal money orders after the woman asked him to buy a computer and mail it to her. Who has received Counterfeit Postal Money Orders (CPMOs): Small Internet retailers. Classified advertisers. Individuals that have been contacted through email or chat rooms by fraudsters posing as prospective social interests or business partners, and convinced to help the fraudsters unknowingly. Geographical origin:

Mostly from Nigeria / Ghana / Eastern Europe . The penalty for making or using counterfeit postal money orders is up to ten years in jail and a US$25,000 fine. Online automotive fraud There are two basic schemes in online automotive fraud: A fraudster posts a vehicle for sale on an online site, generally for luxury or sports cars advertised for thousands less than market value. The details of the vehicle, including photos and description, are typically lifted from sites such as eBay Motors and re-posted elsewhere. An interested buyer, hopeful for a bargain, emails the seller, who responds saying the car is still available but is located overseas. He then instructs the buyer to send a deposit via wire transfer to initiate the "shipping" process. The unwitting buyer wires the funds, and doesn't discover until days or weeks later that they were scammed. A fraudster feigns interest in an actual vehicle for sale on the Internet. The "buyer" explains that a client of his is interested in the car, but due to an earlier sale that fell through has a certified check for thousands more than the asking price and requests the seller to send the balance via wire transfer. If the seller agrees to the transaction, the buyer sends the certified check via express courier (typically from Nigeria). The seller takes the check to their bank, which makes the funds available immediately. Thinking the bank has cleared the check, the seller follows through on the transaction by wiring the balance to the buyer. Days later, the check bounces and the seller realizes they have been scammed. But the money has long since been picked up and is not recoverable. In another type of fraud, a fraudster contacts the seller of an automobile, asking for the vehicle identification number, putatively to check the accident record of the vehicle. However, the supposed buyer actually uses the VIN to make fake papers for a stolen car that is then sold. Cash the check system In some cases, fraudsters approach merchants and ask for large orders: $50,000 to $200,000, and agree to pay via wire transfer in advance. After brief negotiation, the buyers gives an excuse about the impossibility of sending a bank wire transfer. The buyer then offers to send a check, stating that the merchant can wait for the check to clear before shipping any goods. The check received, however, is a

counterfeit of a check from a medium to large U.S. company. If asked, the buyer will claim that the check is money owed from the large company. The merchant deposits the check and it clears, so the goods are sent. Only later, when the larger company notices the check, will the merchant's account be debited. In some cases, the fraudsters agree to the wire but ask the merchant for their bank's address. The fraudsters send the counterfeited check directly to the merchant's bank with a note asking to deposit it to the merchant's account. Unsuspecting bank officers deposit the check, and then the fraudster contacts the merchant stating that they made a direct deposit into the merchant's account. Re-shippers Re-shipping scams trick individuals or small businesses into shipping goods to countries with weak legal systems. The goods are generally paid for with stolen or fake credit cards. Nigerian version In the Nigerian version, the fraudsters have armies of people actively recruiting single women from western countries through chat & matchmaking sites. At some point, the criminal promises to marry the lady and come to their home country in the near future. Using some excuse the criminal asks permission of his "future wife" to ship some goods he is going to buy before he comes. As soon as the woman accepts the fraudster uses several credit cards to buy at different Internet sites simultaneously. In many cases the correct billing address of the cardholder is used, but the shipping address is the home of the unsuspecting "future wife". Around the time when the packages arrive, the criminal invents an excuse for not coming and tells his "bride" that he urgently needs to pick up most or all the packages. Since the woman has not spent any money, she sees nothing wrong and agrees. Soon after, she receives a package delivery company package with preprinted labels that she has agreed to apply to the boxes that she already has at home. The next day, all boxes are picked up by the package delivery company and shipped to the criminal's real address (in Nigeria or elsewhere). After that day the unsuspecting victim stops receiving communications from the "future husband" because her usefulness is over. To make matters worse, in most cases the criminals were able to create accounts with the package deliverer, based on the woman's

name and address. So, a week or two later, the woman receives a huge freight bill from the shipping company which she is supposed to pay because the goods were shipped from her home. Unwittingly, the woman became the criminal re-shipper and helped him with his criminal actions. East European version This is a variant of the Nigerian Version, in which criminals recruit people through classified advertising. The criminals present themselves as a growing European company trying to establish a presence in the U.S. and agree to pay whatever the job applicant is looking to make, and more. The fraudsters explain to the unsuspecting victim that they will buy certain goods in the U.S. which need to be re-shipped to a final destination in Europe. When everything is agreed they start shipping goods to the re-shipper's house. The rest is similar to the Nigerian Version. Sometimes, when the criminals send the labels to be applied to the boxes, they also include a fake cheque, as payment for the reshipper's services. By the time the cheque bounces unpaid, the boxes have been picked up already and all communication between fraudster and re-shipper has stopped. Chinese version This is a variant of the East European Version, in which criminals recruit people through spam. The criminals present themselves as a growing Chinese company trying to establish a presence in the U.S. or Europe and agree to pay an agent whatever the unsuspecting victim is looking to make, and more. Here is an example of a recruiting email: Dear Sir/Madam, I am Mr. XXX XXX, managing XXXXXXXXXXX Corp. We are a company who deal on mechanical equipment, hardware and minerals, electrical products, Medical & Chemicals, light industrial products and office equipment, and export into the Canada/America and Europe. We are searching for representatives who can help us establish a medium of getting to our costumers in the Canada/America and Europe as well as making payments through you to us. Please if you are interested in transacting business with us we will be glad. Please contact us for more information. Subject to your satisfaction you will be given the opportunity to negotiate your mode of which we will pay for your services as our representative in Canada/America and Europe. Please if you are

interested forward to us your phone number/fax and your full contact addresses. Thanks in advance. Mr. XXX XXX. Managing Director" Call tag scam The Merchant Risk Council reported that the "call tag" scam re-emerged over the 2005 holidays and several large merchants suffered losses. Under the scheme, criminals use stolen credit card information to purchase goods online for shipment to the legitimate cardholder. When the item is shipped and the criminal receives tracking information via email, he/she calls the cardholder and falsely identifies himself as the merchant that shipped the goods, saying that the product was mistakenly shipped and asking permission to pick it up upon receipt. The criminal then arranges the pickup issuing a "call tag" with a shipping company different from the one the original merchant used. The cardholder normally doesn't notice that there is a second shipping company picking up the product, which in turn has no knowledge it is participating in a fraud scheme. The cardholder then notices a charge in his card and generates a chargeback to the unsuspecting merchant. Business opportunity/"Work-at-Home" schemes Fraudulent schemes often use the Internet to advertise purported business opportunities that will allow individuals to earn thousands of dollars a month in "work-at-home" ventures. These schemes typically require the individuals to pay anywhere from $35 to several hundred dollars or more, but fail to deliver the materials or information that would be needed to make the work-at-home opportunity a potentially viable business. Often, after paying a registration fee, the applicant will be sent advice on how to place ads similar to the one that recruited him in order to recruit others, which is effectively a pyramid scheme. Other types of work at home scams include home assembly kits. The applicant pays a fee for the kit, but after assembling and returning the item, its rejected as sub-standard, meaning the applicant is out of pocket for the materials. Similar scams include home-working directories, medical billing, data entry (data entry scam) at home or reading books for money.

Website scams Click fraud The latest scam to hit the headlines is the multi-million dollar Clickfraud which occurs when advertising network affiliates force paid views or clicks to ads on their own websites via spyware, the affiliate is then paid a commission on the cost-per-click that was artificially generated. Affiliate programs such as Google's Adsense capability pay high commissions that drive the generation of bogus clicks. With paid clicks costing as much as US$100[verification needed] and an online advertising industry worth more than US$10 billion, this form of Internet fraud is on the increase. International modem dialing Many consumers connect to the Internet using a modem calling a local telephone number. Some web sites, normally containing adult content, use international dialing to trick consumers into paying to view content on their web site. Often these sites purport to be free and advertise that no credit card is needed. They then prompt the user to download a "viewer" or "dialer" to allow them to view the content. Once the program is downloaded it disconnects the computer from the Internet and proceeds to dial an international long distance or premium rate number, charging anything up to US$7-8 per minute. An international block is recommended to prevent this, but in the U.S. and Canada, calls to the Caribbean (except Haiti) can be dialed with a "1" and a three-digit area code, so such numbers, as well as "10-10 dial-round" phone company prefixes, can circumvent an international block. Another type of Click Fraud This type of fraud involves a supposed internet marketing specialist presenting a prospective client with detailed graphs and charts that indicate that his web site receives (x) thousands of hits per month, emphasizing that if you pay for his services you will succeed in getting a number clicks converted to customers or clients. When you receive no request for more information and no clients, the fraudster responds that it must be something you web site is not doing right.

Phishing "Phishing" is the act of attempting to fraudulently acquire sensitive information, such as passwords and credit card details, by masquerading as a trustworthy person or business with a real need for such information in a seemingly official electronic notification or message (most often an email, or an instant message). It is a form of social engineering attack. The term was coined in the mid 1990s by crackers attempting to steal AOL accounts. An attacker would pose as an AOL staff member and send an instant message to a potential victim. The message would ask the victim to reveal his or her password, for instance to "verify your account" or to "confirm billing information". Once the victim gave over the password, the attacker could access the victim's account and use it for criminal purposes, such as spamming. Phishing has been widely used by fraudsters using spam messages masquerading as large banks (Citibank, Bank of America) or PayPal. These fraudsters can copy the code and graphics from legitimate websites and use them on their own sites to create a legitimate-looking scam web pages. They can also link to the graphics on the legitimate sites to use on their own scam site. These pages are so well done that most people cannot tell that they have navigated to a scam site. Fraudsters will also put the text of a link to a legitimate site in an e-mail but use the source code to links to own fake site. This can be revealed by using the "view source" feature in the e-mail application to look at the destination of the link or putting the cursor over the link and looking at the code in the status bar of the browser. Although many people don't fall for it, the small percentage of people that do fall for it, multiplied by the sheer numbers of spam messages sent, presents the fraudster with a substantial incentive to keep doing it. Anti-phishing technologies are now available. Pharming Pharming is the exploitation of a vulnerability in the DNS server software that allows a hacker to acquire the domain name for a site, and to redirect that website's traffic to another web site. DNS servers are the machines responsible for resolving internet names into their real addresses - the "signposts" of the internet.

If the web site receiving the traffic is a fake web site, such as a copy of a bank's website, it can be used to "phish" or steal a computer user's passwords, PIN or account number. Note that this is only possible when the original site was not SSL protected, or when the user is ignoring warnings about invalid server certificates. For example, in January 2005, the domain name for a large New York ISP, Panix, was hijacked to a site in Australia. In 2004 a German teenager hijacked the eBay.de domain name. Secure e-mail provider Hushmail was also caught by this attack on 24th of April 2005 when the attacker rang up the domain registrar and gained enough information to redirect users to a defaced webpage. Anti-pharming technologies are now available.

Auction and retail schemes online Fraudsters launch auctions on eBay or TradeMe with very low prices and no reservations especially for high priced items like watches, computers or high value collectibles. They received payment but never deliver, or deliver an item that is less valuable than the one offered, such as counterfeit, refurbished or used. Some fraudsters also create complete webstores that appear to be legitimate, but they never deliver the goods. An example of such a fraudulent site is marselle.com. They take payment but never shipped the order. In some cases, some stores or auctioneers are legitimate but eventually they stopped shipping after cashing the customers' payments. Sometimes fraudsters will combine phishing to hijacking legitimate member accounts on eBay, typically with very high numbers of positive feedback, and then set up a phony online store. They received payment usually via check, money-order, cash or wire transfer but never deliver the goods; then they leave the poor, unknowing eBay member to sort out the mess. In this case the fraudster collects the money while ruining the reputation of the conned eBay member and leaving a large number of people without the goods they thought they purchased. Stock market manipulation schemes

These are also called investment schemes online. Criminals use these to try to manipulate securities prices on the market, for their personal profit. According to enforcement officials of the Securities and Exchange Commission, the 2 main methods used by these criminals are: Pump-and-dump schemes False and/or fraudulent information is disseminated in chat rooms, forums, internet boards and via email (spamming), with the purpose of causing a dramatic price increase in thinly traded stocks or stocks of shell companies (the "pump"). As soon as the price reaches a certain level, criminals immediately sell off their holdings of those stocks (the "dump"), realizing substantial profits before the stock price falls back to its usual low level. Any buyers of the stock who are unaware of the fraud become victims once the price falls. When they realize the fraud, it is too late to sell. They lost a high percentage of their money. Even if the stock value does increase, the stocks may be hard to sell because of lack of interested buyers, leaving the shareholder with the shares for a far longer term than desired. Short-selling or "scalping" schemes This scheme takes a similar approach to the "pump-and-dump" scheme, by disseminating false or fraudulent information through chat rooms, forums, internet boards and via email (spamming), but this time with the purpose of causing dramatic price decreases in a specific company's stock. Once the stock reaches a certain low level, criminals buy the stock or options on the stock, and then reverse the false information or just wait for it to wear off with time or to be disproved by the company or the media. Once the stock goes back to its normal level, the criminal sells the stock or option and reaps the huge gain. Avoiding Internet investment scams The US Security Exchange Commission have enumerated guideline on how to avoid internet investment scams. The summary are as follows: The Internet allows individuals or companies to communicate with a large audience without spending a lot of time, effort, or money. Anyone can reach tens of thousands of people by building an Internet web site,

posting a message on an online bulletin board, entering a discussion in a live "chat" room, or sending mass e-mails. If you want to invest wisely and steer clear of frauds, you must get the facts. The types of investment fraud seen online mirror the frauds perpetrated over the phone or through the mail. Consider all offers with skepticism.

Salient features of the Information Technology (Amendment) Act,2008

The Information Technology (Amendment) Act, 2008 has been signed by the President of India on February 5, 2009. A review of the amendments indicates that there are several provisions relating to data protection and privacy as well as provisions to curb terrorism using the electronic and digital medium that have been introduced into the new Act. Some of the salient features of the Act are as follows: The term digital signature has been replaced with electronic signature to make the Act more technology neutral. A new section has been inserted to define communication device to mean cell phones, personal digital assistance or combination of both or any other device used to communicate, send or transmit any text video, audio or image. A new section has been added to define cyber caf as any facility from where the access to the internet is offered by any person in the ordinary course of business to the members of the public. A new definition has been inserted for intermediary. Intermediary with respect to any particular electronic records, means any person who on behalf of another person receives, stores or transmits that record or provides any service with respect to that record and includes telecom service providers, network service providers, internet service providers, web-hosting service providers, search engines, online payment sites, online-auction sites, online market places and cyber cafes, but does not include a body corporate referred to in Section 43A. A new section 10A has been inserted to the effect that contracts concluded electronically shall not be deemed to be unenforceable solely on the ground that electronic form or means was used. The damages of

Rs. One Crore (approximately USD 200,000) prescribed under section 43 of the earlier Act for damage to computer, computer system etc has been deleted and the relevant parts of the section have been substituted by the words, he shall be liable to pay damages by way of ompensation to the person so affected. A new section 43A has been inserted to protect sensitive personal data or information possessed, dealt or handled by a body corporate in a computer resource which such body corporate owns, controls or operates. If such body corporate is negligent in implementing and maintaining reasonable security practices and procedures and thereby causes wrongful loss or wrongful gain to any person, it shall be liable to pay damages by way of compensation to the person so affected. A host of new sections have been added to section 66 as sections 66A to 66F prescribing punishment for offenses such as obscene electronic message transmissions, identity theft, cheating by impersonation using computer resource, violation of privacy and cyber terrorism. Section 67 of the old Act is amended to reduce the term of imprisonment for publishing or transmitting obscene material in electronic form to three years from five years and increase the fine thereof from Indian Rupees 100,000 (approximately USD 2000) to Indian Rupees 500,000 (approximately USD 10,000). A host of new sections have been inserted as Sections 67 A to 67C. While Sections 67 A and B insert penal provisions in respect of offenses of publishing or transmitting of material containing sexually explicit act and child pornography in electronic form, section 67C deals with the obligation of an intermediary to preserve and retain such information as may be specified for such duration and in such manner and format as the central government may prescribe. In view of the increasing threat of terrorism in the country, the new amendments include an amended section 69 giving power to the state to issue directions for interception or monitoring of decryption of any information through any computer resource. Further, sections 69 A and B, two new sections, grant power to the state to issue directions for blocking for public access of any information through any computer

resource and to authorize to monitor and collect traffic data or information through any computer resource for cyber security. Section 79 of the old Act which exempted intermediaries has been modified to the effect that an intermediary shall not be liable for any third party information data or communication link made available or hosted by him if; (a) the function of the intermediary is limited to providing access to a communication system over which information made available by third parties is transmitted or temporarily stored or hosted; (b) the intermediary does not initiate the transmission or select the receiver of the transmission and select or modify the information contained in the transmission; (c) the intermediary observes due diligence while discharging his duties. However, section 79 will not apply to an intermediary if the intermediary has conspired or abetted or aided or induced whether by threats or promise or otherwise in the commission of the unlawful act or upon receiving actual knowledge or on being notified that any information, data or communication link residing in or connected to a computer resource controlled by it is being used to commit an unlawful act, the intermediary fails to expeditiously remove or disable access to that material on that resource without vitiating the evidence in any manner. A proviso has been added to Section 81 which states that the provisions of the Act shall have overriding effect. The provision states that nothing contained in the Act shall restrict any person from exercising any right conferred under the Copyright Act, 1957.