You are on page 1of 34

A Presentation on


Presented to:
Mr. Bhavesh Mathur

Presented By :
Manila Mathur


Cyber Crimes are defined as: "Offences that are committed against individuals or groups of individuals with a criminal motive to intentionally harm the reputation of the victim or cause physical or mental harm to the victim directly or indirectly, using modern telecommunication networks such as Internet (Chat rooms, emails, notice boards and groups) and mobile phones (SMS/MMS)".

Internet crime is crime committed on the Internet, using the Internet and by means of the Internet. Computer crime is a general term that embraces such crimes as phishing, credit card frauds, bank robbery, illegal downloading, industrial espionage, child pornography, kidnapping children via chat rooms, scams, cyber terrorism, creation and/or distribution of viruses, Spam and so on. All such crimes are computer related and facilitated crimes.

Internet crimes can be separated into two different categories. There are crimes that are only committed while being on the Internet and are created exclusively because of the World Wide Web. The typical crimes in criminal history are now being brought to a whole different level of innovation and ingenuity. Such new crimes devoted to the Internet are email phishing , hijacking domain names, virus imitation, and cyber vandalism. A couple of these crimes are activities that have been exposed and introduced into the world. People have been trying to solve virus problems by installing virus protection software and other software that can protect their computers.

Other crimes such as email phishing are not as known to the public until an individual receives one of these fraudulent emails. These emails are cover faced by the illusion that the email is from your bank or another bank. When a person reads the email he/she is informed of a problem with he/she personal account or another individual wants to send the person some of their money and deposit it directly into their account. The email asks for your personal account information and when a person gives this information away, they are financing the work of a criminal

Terms Related to Cyber Crime

Hackers: enjoy intellectual challenges of overcoming software limitations and how to increase capabilities of systems. Crackers: illegally break into other people s secure systems and networks. Cyber Terrorists: threaten and attack other people s computers to further a social or political agenda.

Malware Writers: responsible for the creation of malicious software. Samurai: hackers hired to legally enter secure computer/network environments. Phreakers: Focus on defeating telephone systems and associated communication technologies.

Phishing: sending out scam e-mails with the criminal intent of deceit and extortion. Spam: unsolicited and/or undesired bulk e-mail messages, often selling a product.

Cyber Attacks In India

Even as Internet population in India has crossed 100 million, cyber crimes are on the rise. There are many kinds of cyber crimes Phishing attacks, Identity Theft, Website hacking, creating Trojans / viruses (among others) all amount to cyber crimes. The reasons for cyber-crimes are vary as well. Some do it out of hate, some out of greed while some do it just for kicks! At same time some cyber attacks (if it can be called so..) are for constructive security feedback as well! One of the main targets of attacks are government websites They not only provide big coverage to attacker, but also provide with very sensitive & secretive government data. Govt. of India published the number of cyber attacks it witnessed over last 3 years. Here are the details:

A total number of 90, 119, 252 and 219 Government websites tracked by the Indian Computer Emergency Response Team (CERT-In) were hacked / defaced by various hacker groups in the year 2008, 2009, 2010 and Jan Oct 2011 respectively.

According to the report in The Hacker News, BSNL website has been purportedly hacked by Pakistan Cyber Army.

Its not only the Government websites that are getting hacked. According to a blog post published by Zsecure A serious vulnerability was discovered in HDFC Bank s online platform, that potentially allowed hackers to gain private information of HDFC Bank s customers.


Phishing is a technique used by strangers to "fish" for information about you, information that you would not normally disclose to a stranger, such as your bank account number, PIN, and other personal identifiers such as your National Insurance number. These messages often contain company/bank logos that look legitimate and use flowery or legalistic language about improving security by confirming your identity details.

Example of PHISHING

Case Study on

ATM Card Fraud

ATM card fraud is a wide-ranging term for theft and fraud committed using a credit card or any similar payment mechanism as a fraudulent source of funds in a transaction. The purpose may be to obtain goods without paying, or to obtain unauthorized funds from an account. Credit card fraud is also an adjunct to identity theft. According to the Federal Trade Commission, while identity theft had been holding steady for the last few years, it saw a 21 percent increase in 2008. However, credit card fraud, that crime which most people associate with ID theft, decreased as a percentage of all ID theft complaints for the sixth year in a row.

India s First ATM Card Fraud

The Chennai City Police have busted an international gang involved in cyber crime, with the arrest of Deepak Prem Manwani (22), who was caught red-handed while breaking into an ATM in the city in June last, it is reliably learnt. The dimensions of the city cops' achievement can be gauged from the fact that they have netted a man who is on the wanted list of the formidable FBI of the United States. At the time of his detention, he had with him Rs 7.5 lakh knocked off from two ATMs in T Nagar and Abiramipuram in the city. Prior to that, he had walked away with Rs 50,000 from an ATM in Mumbai.

While investigating Manwani's case, the police stumbled upon a cyber crime involving scores of persons across the globe. Manwani is an MBA drop-out from a Pune college and served as a marketing executive in a Chennai-based firm for some time. Interestingly, his audacious crime career started in an Internet cafe. While browsing the Net one day, he got attracted to a site which offered him assistance in breaking into the ATMs. His contacts, sitting somewhere in Europe, were ready to give him credit card numbers of a few American banks for $5 per card. The site also offered the magnetic codes of those cards, but charged $200 per code.

The operators of the site had devised a fascinating idea to get the personal identification number (PIN) of the card users. They floated a new site which resembled that of a reputed telecom company's. That company has millions of subscribers. The fake site offered the visitors to return $11.75 per head which, the site promoters said, had been collected in excess by mistake from them. Believing that it was a genuine offer from the telecom company in question, several lakh subscribers logged on to the site to get back that little money, but in the process parted with their PINs.

Armed with all requisite data to hack the bank ATMs, the gang started its systematic looting. Apparently, Manwani and many others of his ilk entered into a deal with the gang behind the site and could purchase any amount of data, of course on certain terms, or simply enter into a deal on a booty-sharing basis. Meanwhile, Manwani also managed to generate 30 plastic cards that contained necessary data to enable him to break into ATMS. He was so enterprising that he was able to sell away a few such cards to his contacts in Mumbai. The police are on the lookout for those persons too.

On receipt of large-scale complaints from the billed credit card users and banks in the United States, the FBI started an investigation into the affair and also alerted the CBI in New Delhi that the international gang had developed some links in India too. Manwani has since been enlarged on bail after interrogation by the CBI. But the city police believe that this is the beginning of the end of a major cyber crime.

Online Credit Card Offence and Indian Law

So far as Indian legal position is concerned, any offence pertaining to online payment through credit cads will come within the purview of Information Technology Act, 2000 read with relevant provisions of Indian Penal Code, 1860. Section 378 of the Code defines the term "theft" as follows: "Whoever intends to take dishonestly, any property, out of the possession of any person without the consent of that person moves the property in order to such taking, is said to commit theft."

In order to commit theft following elements are required to be satisfied: The intention must be dishonest. Such property must be movable in nature. Such property must be taken out of the possession of its owner. Such property must be taken without the consent of the owner. Such property must be removed from its original place to another.

Now we have to examine whether online credit card theft satisfies the above mentioned requirements in order to book the offender to justice. This definition, if interpreted in strict sense, does not include the online theft of credit card information. But, if a merchant dishonestly obtains the blank purchase slip and forges the signature of the cardholder's signatures on it and thereafter obtains the payment from bank, he can be booked under the offence of forgery. Hacking has become an important tool in the hand of cyber criminals to take away the confidential information relating to credit cards and use it illegally for their personal advantage i.e. purchasing goods or online transaction of money etc.

To deal with this menace, our Parliament has been enacted the Information Technology in the year 2000. Following penal provisions of this statute are relevant to mention here: Section 66- This section provides the following penalties for hacking with computer systems: 1. Whoever with the intent to cause or knowing that he is likely to cause wrongful loss or damage to the public or any person destroys or deletes or alters any information residing in a computer resource or diminishes its value or utility or affects it injuriously by any means, commits hack. 2. Whoever commits hacking shall be punished with imprisonment up to three years, or with fine which may extend up to two lakh rupees, or with both. The offence under this Section is cognizable and non-bailable.

Section 43- Clauses (a), (b) and (g) of Section 43 state that if a person has unauthorized access or secures access to computer, computer system, computer network or downloads copies or extracts any data from such computer, computer system, computer network or even assists another person to facilitate access in the aforesaid manner respectively, he shall be liable to pay damages by way of compensation not exceeding one crore rupees to the person so affected. It is quite apparent from the above that besides legal protection it is necessary to carefully examine the technological and contractual protection existing within the system because law is not an alternative to other security measures required to be taken by the cardholder while making online payment.