Cyber Crime

-
Article / Case

Prepared by : Shabbir Shaikh

MBA 1st Year
Roll no. 135
Index

❖Introduction
❖Cyber Crime
❖Cyber Law
❖Information Technology Act, 2000
❖Amendments in Information Technology Act
❖Case Study : Credit Card Fraud
❖Case Study : Phishing
❖Conclusion
 Computer Crime
Cyber crime encompasses any criminal act dealing
with computers and networks (called hacking).
Additionally, cyber crime also includes traditional crimes
conducted through the internet. For example; hate crimes,
telemarketing and Internet fraud, identity theft, and credit card
account thefts are considered to be cyber crimes when the
illegal activities are committed through the use of a computer
on Internet.
 Cyber Law
Cyber Law is the law governing cyber space. Cyber space is a
wide term and includes computers, networks, software, data
storage devices (such as hard disks, USB disks), the Internet,
websites, emails and even electronic devices such as cell
phones, ATM machines etc.
Law encompasses the rules of conduct:
■ 1. that have been approved by the government, and

■
2. which are in force over a certain territory, and
3.
■
which must be obeyed by all persons on
that territory.

Violation of these rules could lead to government action

 Cyber Law (Cont.)
Violation of these rules could lead to government action such
as imprisonment or fine or an order to pay compensation.

Cyber law encompasses laws relating to:

■ 1. Cyber Crimes
■
2. Electronic and Digital Signatures
■
3. Intellectual Property
■ 4. Data Protection and Privacy
Jurisprudence of Indian
Cyber Law
 Cyber Law In India
• Primary source is Information Technology Act, 2000 (IT
Act), which came into force on Oct 17th, 2000.
• Purpose: To provide legal recognition to electric commerce and to
facilitate filing of electronic records.
• Provides Strict punishments (imprisonment up to 10yrs
and compensation up to Rs 1 crore ).

• Information Technology (Certifying Authorities) Rules,

2000 also came into force that day.
• Prescribe the eligibility, appointment and working of Certifying
Authorities (CA).
 Amendments in IT
Act
• Indian Penal Code penalizes forgery of electronic
records, cyber frauds, destroying electronic evidence etc.
Digital Evidence is to be collected and proven in court as per
• the provisions of the Indian Evidence Act.

• Order relating to blocking of websites was passed on

27th February, 2003.
• Bankers’ Book Evidence Act was introduced to attain
bank frauds.
• The Reserve Bank of India Act was also amended by the
IT Act.
Some Important study cases of
cyber crime
 1. Credit Car Fraud
• Credit card fraud is a wide-ranging term for theft and fraud committed
using a credit card or any similar payment mechanism as a fraudulent
source of funds in a transaction. The purpose may be to obtain goods
without paying, or to obtain unauthorized funds from an account.
Credit card fraud is also an adjunct to identity theft.
• The cost of card fraud in 2006 were 7 cents per 100 dollars worth of
• transactions
 The Scenarios
The assistant manager (the complainant) with the fraud control unit of a
large business process outsourcing (BPO) organization filed a complaint
alleging that two of its employees had conspired with a credit card holder
to manipulate the credit limit and as a result cheated the company of INR
0.72 million.

The BPO facility had about 350 employees. Their primary function was
to issue the bank's credit cards as well as attend to customer and
merchant queries. Each employee was assigned to a specific task and
was only allowed to access the computer system for that specific task.
The employees were not allowed to make any changes in the credit-card
holder's account unless they received specific approvals.
 Investigation
The investigating team visited the premises of the BPO and conducted
detailed examination of various persons to understand the computer
system used. They learnt that in certain situations the system allowed the
user to increase the financial limits placed on a credit card. The system
also allowed the user to change the customer's address, blocking and
unblocking of the address, authorisations for cash transactions etc.

The team analysed the attendance register which showed that the
accused was present at all the times when the fraudulent entries had
been entered in the system. They also analysed the system logs that
showed that the accuser's ID had been used to make the changes in the
system.
 The Law

• Section of Law: 66 of Information Technology Act 2000 &

120(B), 420,467, 468, 471 IPC.

• Depending upon the case, provisions of the Information Act

and Prevention of Money Laundering Act will apply.
 Current Status & Result
The BPO was informed of the security lapse in the software
utilized. Armed with this evidence the investigating team
arrested all the accused and recovered, on their confession,
six mobile phones, costly imported wrist watches, Jewells,
electronic items, leather accessories, credit cards, all worth
INR 0. 3 million and cash INR 25000.
The investigating team informed the company of the
security lapses in their software so that instances like this
could be avoided in the future
 2. Phishing
•With the tremendous increase in the use of online banking,
online share trading and ecommerce, there has been a
corresponding growth in the incidents of phishing being used
to carryout financial frauds.
•Phishing involves fraudulently acquiring sensitive information
(e.g. passwords, credit card details etc.) by masquerading as a
trusted entity.
 The Scenarios

The complainant approached the police stating that she had been
receiving obscene and pornographic material at her e-mail address and
mobile phone. She stated that this person appeared to know a lot about
her and her family and believed that her e-mail account had been hacked.
 Investigation
The investigating team using a different e-mail ID tried to chat with the
accused using the complainant’s e-mail ID. Subsequently the
investigating team was able to identify the ISP address of the computer
system being used and it was tracked to an organization in Delhi.

The investigating team visited the company and through its server logs
was able to identify the system from which the obscene material was
sent. Using forensic disk imaging and analysis tools the e-mails were
retrieved from the system. The residence of the accused was located
and the hard disk of his personal computer was seized. On the basis of
the evidence gathered the accused was arrested.
 The Law

Sections 43 and 66 of Information Technology Act and

sections 419, 420 and 468 of Indian Penal Code.
 Current Status & Result

The case has been finalized and is currently pending

administrative approval.
 Conclusion
• Every minute, 232 computers are infected by malware.
• The lightning speed at which cybercriminals develop attacks and new
malware code is making it harder for global organizations to manage
fraud risk. One of the most important lines of defense is intelligence and
awareness of the potential risks.
• As we move into 2012,. the combined efforts by law enforcement and industry to
improve information sharing and collaboration along with the move
towards intelligence-driven security will help drive response to cyber
threats in near real-time and further narrow the window of opportunity
for cybercriminals
Thank you
.