CYBER CRIMES AND LAW

Definition - What does Cybercrime mean?

Cybercrime is defined as a crime in which a computer

is the object of the crime (hacking, phishing,
spamming) or is used as a tool to commit an offense
(child pornography, hate crimes). Cybercriminals may
use computer technology to access personal
information, business trade secrets, or use the
internet for exploitive or malicious purposes. Criminals
can also use computers for communication and
document or data storage. Criminals who perform
these illegal activities are often referred to as hackers.
Types of Cyber Crimes:
There are 12 types of Cyber Crimes:

1. Hacking: In simple words, hacking is an act committed by an intruder by

accessing your computer system without your permission. Hackers (the people
doing the ‘hacking’) are basically computer programmers, who have an
advanced understanding of computers and commonly misuse this knowledge
for devious reasons.

2. Virus dissemination: Viruses are computer programs that attach themselves

to or infect a system or files, and have a tendency to circulate to other computers
on a network. They disrupt the computer operation and affect the data stored –
either by modifying it or by deleting it altogether.

3. Logic bombs: A logic bomb, also known as “slag code”, is a malicious piece
of code which is intentionally inserted into software to execute a malicious task
when triggered by a specific event. It’s not a virus, although it usually behaves in a
similar manner
4. Denial-of-Service attack: A Denial-of-Service (DoS) attack is an explicit
attempt by attackers to deny service to intended users of that service. It involves
flooding a computer resource with more requests than it can handle consuming its
available bandwidth which results in server overload. This causes the resource (e.g. a
web server) to crash or slow down significantly so that no one can access it.

5. Phishing: This a technique of extracting confidential information such as credit

card numbers and username password combos by masquerading as a legitimate
enterprise.

6. Email bombing and spamming: Email bombing is characterised by an abuser

sending huge volumes of email to a target address resulting in victim’s email account
or mail servers crashing.
7. Web jacking: Web jacking derives its name from “hijacking”. Here, the hacker
takes control of a web site fraudulently. He may change the content of the original site
or even redirect the user to another fake similar looking page controlled by him

8. Cyber stalking: Cyber stalking is a new form of internet crime in our society
when a person is pursued or followed online. A cyber stalker doesn’t physically follow
his victim; he does it virtually by following his online activity to harvest information
about the stalkee and harass him or her and make threats using verbal intimidation.
It’s an invasion of one’s online privacy.

9. Data diddling: Data Diddling is unauthorised altering of data before or during

entry into a computer system, and then changing it back after processing is done.
Using this technique, the attacker may modify the expected output and is difficult to
track.
10. Identity Theft and Credit Card Fraud: Identity theft occurs when someone
steals your identity and pretends to be you to access resources such as credit cards,
bank accounts and other benefits in your name. The imposter may also use your
identity to commit other crimes.

11. Salami slicing attack: A “salami slicing attack” or “salami fraud” is a technique
by which cyber-criminals steal money or resources a bit at a time so that there’s no
noticeable difference in overall size. The perpetrator gets away with these little pieces
from a large number of resources and thus accumulates a considerable amount over
a period of time.

12. Software Piracy: Thanks to the internet and torrents, you can find almost any
movie, software or song from any origin for free. Internet piracy is an integral part of
our lives which knowingly or unknowingly we all contribute to. This way, the profits of
the resource developers are being cut down. It’s not just about using someone else’s
intellectual property illegally but also passing it on to your friends further reducing the
revenue they deserve.
INTRODUCTION TO CYBER CRIME
INVESTIGATION:

Data retrieval:

Internet based:

If the case is internet based, finding the internet protocol (IP) addresses is
your first step in the investigation. An IP address consists of numbers and
letter, and that series is attached to any data moving through the internet. In
order to retrieve an IP address from some Internet Service Providers (ISP)
you will need to subpoena, warrant, or court order the company for
information.
What an IP address contains:
•who owns and operates the network address,
•associated domain name/ computer name,
•geolocation,
•email addresses, and
•local service provider identifier.
Device based:

A copy of the original data is needed prior to investigating its contents. Having a
copy of the original data prevents the contamination of the evidence. Cell phone and
other wireless devices should be examined in an isolated environment where it
cannot connect to networks, internet, or other systems.

Data Investigation:

In order to begin investigating the data you will need to install a lock on the copy
made of the data. This lock will allow you to manipulate the data and view it without
making permanent changes. Once you have identified the make and model of the
device in hand, select an extraction software that will be best suited to analyze the
data or permit the investigator to view as much data as possible.
The software system will also assist your investigation in
providing information such as: Time stamps, Images, Text documents, GPS
locations, and Other encrypted data.
TIPS TO PROTECT YOURSELF FROM CYBER CRIME:

Use anti-virus software:

Your net-savvy friend may tell you that he doesn't have anti-virus on his computer
because it slows things down. But look at it this way, one wrong click and he may
have to make the entire college project from scratch.

If in doubt, block:

Just say no to social media invitations (such as Facebook-friend or LinkedIn

connection requests) from people you don't know. It's the cyber equivalent of inviting
home the guy with an eye-patch who stares at you at the bus stop.

More than one e-mail accounts:

A hacker who has cracked your main email password has the keys to your [virtual]
kingdom. Passwords from the other sites you visit can be reset via your main email
account. A criminal can trawl through your emails and find a treasure trove of
personal data: from banking to passport details etc. A separate account for your bank
and other financial accounts and one for social networks is a good idea. If one
account is hacked, you won't find everything compromised.
Ignore pop-ups:

Pop-ups can contain malicious software which can trick a user into verifying
something. "[But if and when you do], a download will be performed in the
background, which will install malware. This is known as a drive-by download.
Always ignore pop-ups offering things like site surveys on ecommerce sites, as they
are sometimes where the malcode is.

Macs are as vulnerable as PCs:

Make no mistake, your shiny new Mac-Book Air can be attacked too. It's true that
Macs used to be less of a target, simply because criminals used to go after the
largest number of users - hat is Windows - but this is changing. Determined
attackers are able to find new ways to exploit users on almost any platform.

Two-step verification:

If your email or cloud service offers it - Gmail, Dropbox, Apple and Facebook do -
take the trouble to set this up. In addition to entering your password, you are also
asked to enter a verification code sent via SMS to your phone. So a hacker might
crack your password, but without the unique and temporary verification code should
not be able to access your account. Keying in a password or code 40-plus times a
day might seem like a hassle but it is your first line of defence
Only shop online on secure sites:

Before entering your card details, always ensure that the locked padlock or unbroken
key symbol is showing in your browser. Additionally, the beginning of the online
retailer's internet address will change from "http" to "https" to indicate a connection is
secure. Be wary of sites that change back to http once you've logged on.

Didn't expect, don't click:

The golden rule: Hackers infect PCs with malware by luring users to click on a link or
open an attachment. Social media has helped criminals profile individuals. They can
see what you're interested in or what you [post] about and send you crafted
messages, inviting you to click on something. Don't.

Different site, different passwords:

Keeping a common password for all online accounts is a lot like having the same key
for all locks. Only difference being that it is a lot easier to get hold of the online key.
Also never reuse your main email password. But most online users own accounts in
over a dozen sites. So either try and use clever variations or start doing some really
heavy memory-enhancement exercise.
Don't store your card details on websites:

Err on the side of caution when asked if you want to store your credit card details for
future use. Mass data security breaches (where credit card details are stolen en
masse) aren't common, but why take the risk? The extra 90 seconds it takes to key
in your details each time is a small price to pay.

Lock down your FB account:

Keeping a common password for all online accounts is a lot like having the same key
for all locks. Only difference being that it is a lot easier to get hold of the online key.
Also never reuse your main email password. But most online users own accounts in
over a dozen sites. So either try and use clever variations or start doing some really
heavy memory-enhancement exercise.

Don't store your card details on websites:

Err on the side of caution when asked if you want to store your credit card details for
future use. Mass data security breaches (where credit card details are stolen en
masse) aren't common, but why take the risk? The extra 90 seconds it takes to key
in your details each time is a small price to pay.
 Information Technology Act, 2000

Salient Features of I.T Act

The salient features of the I.T Act are as follows −

•Digital signature has been replaced with electronic signature to make it a more
technology neutral act.
•It elaborates on offenses, penalties, and breaches.
•It outlines the Justice Dispensation Systems for cyber-crimes.
•It defines in a new section that cyber café is any facility from where the access to
the internet is offered by any person in the ordinary course of business to the
members of the public.
•It provides for the constitution of the Cyber Regulations Advisory Committee.
•It is based on The Indian Penal Code, 1860, The Indian Evidence Act, 1872, The
Bankers' Books Evidence Act, 1891, The Reserve Bank of India Act, 1934, etc.
•It adds a provision to Section 81, which states that the provisions of the Act shall
have overriding effect. The provision states that nothing contained in the Act shall
restrict any person from exercising any right conferred under the Copyright Act,
1957.
Scheme of I.T Act

The following points define the scheme of the I.T. Act −

•The I.T. Act contains 13 chapters and 90 sections.

•The last four sections namely sections 91 to 94 in the I.T. Act 2000 deals with the
amendments to the Indian Penal Code 1860, The Indian Evidence Act 1872, The
Bankers’ Books Evidence Act 1891 and the Reserve Bank of India Act 1934 were
deleted.
•It commences with Preliminary aspect in Chapter 1, which deals with the short, title,
extent, commencement and application of the Act in Section 1. Section 2 provides
Definition.
•Chapter 2 deals with the authentication of electronic records, digital signatures,
electronic signatures, etc.
•Chapter 11 deals with offences and penalties. A series of offences have been
provided along with punishment in this part of The Act.
•Thereafter the provisions about due diligence, role of intermediaries and some
miscellaneous provisions are been stated.
•The Act is embedded with two schedules. The First Schedule deals with Documents
or Transactions to which the Act shall not apply. The Second Schedule deals with
electronic signature or electronic authentication technique and procedure. The Third
and Fourth Schedule are omitted.
Application of the I.T Act

As per the sub clause (4) of Section 1, nothing in this Act shall apply to documents
or transactions specified in First Schedule. Following are the documents or
transactions to which the Act shall not apply −

•Negotiable Instrument (Other than a cheque) as defined in section 13 of the

Negotiable Instruments Act, 1881;
•A power-of-attorney as defined in section 1A of the Powers-of-Attorney Act, 1882;
•A trust as defined in section 3 of the Indian Trusts Act, 1882;
•A will as defined in clause (h) of section 2 of the Indian Succession Act, 1925
including any other testamentary disposition;
•Any contract for the sale or conveyance of immovable property or any interest in
such property;
•Any such class of documents or transactions as may be notified by the Central
Government.
Amendments Brought in the I.T Act

The I.T. Act has brought amendment in four statutes vide section 91-94. These
changes have been provided in schedule 1-4.

•The first schedule contains the amendments in the Penal Code. It has widened the
scope of the term "document" to bring within its ambit electronic documents.
•The second schedule deals with amendments to the India Evidence Act. It pertains
to the inclusion of electronic document in the definition of evidence.
•The third schedule amends the Banker's Books Evidence Act. This amendment
brings about change in the definition of "Banker's-book". It includes printouts of
data stored in a floppy, disc, tape or any other form of electromagnetic data storage
device. Similar change has been brought about in the expression "Certified-copy"
to include such printouts within its purview.
•The fourth schedule amends the Reserve Bank of India Act. It pertains to the
regulation of fund transfer through electronic means between the banks or between
the banks and other financial institution.
Intermediary Liability

Intermediary, dealing with any specific electronic records, is a person who on behalf
of another person accepts, stores or transmits that record or provides any service
with respect to that record.

According to the above mentioned definition, it includes the following −

•Telecom service providers

•Network service providers
•Internet service providers
•Web-hosting service providers
•Search engines
•Online payment sites
•Online auction sites
•Online market places and cyber cafes
Highlights of the Amended Act

The newly amended act came with following highlights −

•It stresses on privacy issues and highlights information security.

•It elaborates Digital Signature.
•It clarifies rational security practices for corporate.
•It focuses on the role of Intermediaries.
•New faces of Cyber Crime were added.
BY:
Abhishek Mishra
Aman Kumar
Meraj Ali
Shubham Shandilya
Yashashvi Gupta
THANK YOU