| VIRTUAL CRIMINOLOGY REPORT - CYBER CRIME: THE NEXT WAVE This is a post from McAfee website :Cyber crime is a grim reality that's growing at an alarming rate, and no one is immune to the mounting threat. It is costing consumers, businesses, and nations billions of dollars annually, and there's no end in sight. For an in-depth analysis of this global trend, read the annual McAfee
Get more details and answers by downloading your copy of the |
Monday, December 14, 2009
Cyber Crime: A 24/7 Global Battle
Wednesday, October 28, 2009
Email Fraud
Courtesy wikipedia
Fraud has existed perhaps as long or longer than money. Any new sociological change can engender new forms of fraud, or other crime. Almost as soon as e-mail became widely used, it began to be used to defraud people via e-mail fraud. E-mail fraud can take the form of a "con game" or scam. Confidence tricks tend to exploit the inherent greed and dishonesty of their victims: the prospect of a 'bargain' or 'something for nothing' can be very tempting. E-mail fraud, as with other 'bunco schemes' relies on naive individuals who put their confidence in get-rich-quick schemes such as 'too good to be true' investments or offers to sell popular items at 'impossibly low' prices. Many people have lost their life savings due to fraud.
Forms of e-mail fraud
Spoofing
E-mail sent from someone pretending to be someone else is known as spoofing. Spoofing may take place in a number of ways. Common to all of them is that the actual sender's name and the origin of the message are concealed or masked from the recipient. Many, if not most, instances of e-mail fraud use at least minimal spoofing, as most frauds are clearly criminal acts. Criminals typically try to avoid easy traceability.
Phishing for data
Some spoof messages purport to be from an existing company, perhaps one with which the intended victim already has a business relationship. The 'bait' in this instance may appear to be a message from 'the fraud department' of, for example, the victim's bank, which asks the customer to: "confirm their information"; "log in to their account"; "create a new password", or similar requests. If the 'fish' takes the 'bait', they are 'hooked' -- their account information is now in the hands of the con man, to do with as they wish. See Phishing.
Bogus offers
E-mail solicitations to purchase goods or services may be instances of attempted fraud. The fraudulent offer typically features a popular item or service, at a drastically reduced price.
Items may be offered in advance of their actual availability, for instance, the latest video game may be offered prior to its release, but at a similar price to a normal sale. In this case, the "greed factor" is the desire to get something that nobody else has, and before everyone else can get it, rather than a reduction in price. Of course, the item is never delivered, as it was not a legitimate offer in the first place.
Such an offer may even be no more than a phishing attempt to obtain the victim's credit card information, with the intent of using the information to fraudulently obtain goods or services, paid for by the hapless victim, who may not know they were scammed until their credit card has been "used up".
Items may be offered in advance of their actual availability, for instance, the latest video game may be offered prior to its release, but at a similar price to a normal sale. In this case, the "greed factor" is the desire to get something that nobody else has, and before everyone else can get it, rather than a reduction in price. Of course, the item is never delivered, as it was not a legitimate offer in the first place.
Such an offer may even be no more than a phishing attempt to obtain the victim's credit card information, with the intent of using the information to fraudulently obtain goods or services, paid for by the hapless victim, who may not know they were scammed until their credit card has been "used up".
Requests for help
The "request for help" type of e-mail fraud takes this form. An e-mail is sent requesting help in some way, but including a reward for this help as a "hook," such as a large amount of money, a treasure, or some artifact of supposedly great value.
This type of scam has existed at least since the Renaissance, known as the "Spanish Prisoner" or "Turkish Prisoner" scam. In its original form, this scheme has the con man purport to be in correspondence with a wealthy person who has been imprisoned under a false identity, and is relying on the confidence artist to raise money to secure his release. The con man tells the "mark" (victim) that he is "allowed" to supply money, for which he should expect a generous reward when the prisoner returns. The confidence artist claims to have chosen the victim for their reputation for honesty.
Other form of fraudulent help requests is represented by romance scam. Under this, fraudsters (pretended males or females) build online relationships, and after some time, they ask for money from the victims, claiming the money is needed due to the fact they have lost their money (or their luggage was stolen), they have been beaten or otherwise harmed and they need to get out of the country to fly to the victim's country.
This confidence trick is similar to the face-to-face con, known as the "Stranger With a Kind Face," which is the likely origin of at least the title of the vaudevillian routine known by the same name, as "Niagara Falls," or as "Slowly I turned..."
The modern e-mail version of this scam, known variously as the "Nigerian scam", "Nigerian All-Stars," etc., because it is typically based in Nigeria, is an advance fee fraud. The lottery scam is a contemporary twist on this scam.
This type of scam has existed at least since the Renaissance, known as the "Spanish Prisoner" or "Turkish Prisoner" scam. In its original form, this scheme has the con man purport to be in correspondence with a wealthy person who has been imprisoned under a false identity, and is relying on the confidence artist to raise money to secure his release. The con man tells the "mark" (victim) that he is "allowed" to supply money, for which he should expect a generous reward when the prisoner returns. The confidence artist claims to have chosen the victim for their reputation for honesty.
Other form of fraudulent help requests is represented by romance scam. Under this, fraudsters (pretended males or females) build online relationships, and after some time, they ask for money from the victims, claiming the money is needed due to the fact they have lost their money (or their luggage was stolen), they have been beaten or otherwise harmed and they need to get out of the country to fly to the victim's country.
This confidence trick is similar to the face-to-face con, known as the "Stranger With a Kind Face," which is the likely origin of at least the title of the vaudevillian routine known by the same name, as "Niagara Falls," or as "Slowly I turned..."
The modern e-mail version of this scam, known variously as the "Nigerian scam", "Nigerian All-Stars," etc., because it is typically based in Nigeria, is an advance fee fraud. The lottery scam is a contemporary twist on this scam.
Avoiding e-mail fraud
Due to the widespread use of web bugs in email, simply opening an email can potentially alert the sender that the address to which the email is sent is a valid address. This can also happen when the mail is 'reported' as spam, in some cases: if the email is forwarded for inspection, and opened, the sender will be notified in the same way as if the addressee opened it.
E-mail fraud may be avoided by:
Keeping one's e-mail address as secret as possible.
Using a spam filter.
Ignoring unsolicited e-mails of all types, simply deleting them.
Not giving in to greed, since greed is often the element that allows one to be "hooked".
Many frauds go unreported to authorities, due to shame, guilty feelings or embarrassment.
above image is from techshout.com
Wednesday, September 30, 2009
Cyber Crime Investigations Targets Electronic Thieves
NEWPORT BEACH, Calif.--(BUSINESS WIRE)--Cyber Crime Investigations (CCI), the corporate theft analysis experts,
announced the launch of its electronic theft investigation services.
Established by industry veteran James Box, an ex-law enforcement
investigator, and Scott Sloan, an electronic forensics specialist, CCI
offers the ideal combination of skills, experience and expertise
required to effectively investigate and resolve electronic related
crimes.
“It is difficult to imagine in today’s world of high technology, mobile
communication, digital information and trend toward ‘paperless offices’
that a commercial and/or corporate theft can be committed without the
use of an electronic device,” stated James Box, private investigator.
“We live in an age where electronic computing and communication devices
have proliferated the work place. Add to the equation the internet and
the workplace has become vulnerable to a plethora of new types of
employee theft, corporate espionage and electronic crimes. We
established CCI to address the increasing rate of electronic thefts in
the workplace and to assist the unfortunate victims in quickly
establishing the theft and protect them against any further or future
loss.”
“For the past several years, Jim and I have worked together on civil and
criminal cases involving computer and electronic thefts and have enjoyed
an impressive track record of delivering successful conclusions for our
clients,” stated Scott Sloan, electronic forensics and network security
specialist. “Establishing CCI enabled us to continue to leverage our
complementary skills and experience and to provide a much needed
service. We are very experienced in collecting digital evidence and
preserving the data’s integrity for forensic investigation, and know how
best to protect metadata and maintain the data’s chain of custody. And
CCI is uniquely positioned to provide clients with a wealth of
experience and expertise in the appropriate collection and preparation
of evidence should the victim wish to pursue the matter in a civil
and/or criminal court action.”
CCI is an investigative firm specializing in electronic related thefts
through a combination of Electronic Forensic Investigation and
Traditional Criminal Investigation with a strong commitment to providing
clients with the highest level of professionalism and customer service.
CCI assists clients in discretely resolving the suspected electronic
theft, crime or intrusion in the most efficient and expeditious manner
with as little disruption and loss to the client as possible.
CCI focuses on Corporate Theft, Trade Secret Protection and Employment
Pre-Termination Investigations and offers a range of investigative
services to:
Establish the electronic theft or crime
Properly acquire, process, authenticate and secure evidence – ensuring
proper chain of evidence
Identify and confirm the perpetrator through a combination of
electronic forensic investigation and traditional investigative and
interviewing techniques
Properly interview suspected employee and other employees to dispel
any possible discrimination and avoid wrongful dismissal suits
Assist in the recovery of stolen assets where possible
Prepare the evidence and case to present to law enforcement and/or
courts if the action is requested or required
In addition to these services, CCI provides a comprehensive range of
traditional and electronic investigative services as well as network
security services to large and small business, law firms, insurance
companies, government agencies and private citizens.
About CCI
Cyber Crime Investigations (CCI) is an investigative firm established by
James Box and Scott Sloan to assist individual and corporate clients in
the detection and analysis of electronic related intrusions, thefts and
crimes, and to protect them against further and/or future losses.
Mr Box is a well respected and established Private Investigator with
significant experience in the criminal justice system. Having spent 21
years in law enforcement, Mr Box left the Orange County District
Attorney’s office and established a very successful private
investigation business serving the greater Southern California area.
Mr. Sloan is an established IT Professional with over 20 years
experience in the Computer Sciences field. Mr Sloan currently works in
several areas of forensics and uses many different tools to obtain
critical key evidence for his clients.
With CCI you can be assured of expert handling of suspected perpetrators
and evidence in a professional and confidential manner. For more
information, visit www.cciforensics.com.
Saturday, September 26, 2009
Information on Cyber Crimes
Hacking in simple terms means an illegal intrusion into a computer system and/or network. There is an equivalent term to hacking i.e. cracking, but from Indian Laws perspective there is no difference between the term hacking and cracking. Every act committed towards breaking into a computer and/or network is hacking. Hackers write or use ready-made computer programs to attack the target computer. They possess the desire to destruct and they get the kick out of such destruction. Some hackers hack for personal monetary gains, such as to stealing the credit card information, transferring money from various bank accounts to their own account followed by withdrawal of money. They extort money from some corporate giant threatening him to publish the stolen information which is critical in nature.
Read more...
Child Pornography
The Internet is being highly used by its abusers to reach and abuse children sexually, worldwide. The internet is very fast becoming a household commodity in India . It’s explosion has made the children a viable victim to the cyber crime. As more homes have access to internet, more children would be using the internet and more are the chances of falling victim to the aggression of pedophiles.
Read more...
Cyber Stalking
Cyber Stalking can be defined as the repeated acts harassment or threatening behavior of the cyber criminal towards the victim by using internet services. Stalking in General terms can be referred to as the repeated acts of harassment targeting the victim such as following the victim, making harassing phone calls, killing the victims pet, vandalizing victims property, leaving written messages or objects. Stalking may be followed by serious violent acts such as physical harm to the victim and the same has to be treated and viewed seriously. It all depends on the course of conduct of the stalker.Read more...
Denial of service Attack
This is an act by the criminal, who floods the bandwidth of the victim’s network or fills his e-mail box with spam mail depriving him of the services he is entitled to access or provide
Read more...
Virus Dissemination
Malicious software that attaches itself to other software. (virus, worms, Trojan Horse, Time bomb, Logic Bomb, Rabbit and Bacterium are the malicious
Read more...
Software Piracy
Theft of software through the illegal copying of genuine programs or the counterfeiting and distribution of products intended to pass for the original.Read more...
IRC Crime
Internet Relay Chat (IRC) servers have chat rooms in which people from anywhere the world can come together and chat with each other.Read more...
Credit Card Fraud
The unauthorized and illegal use of a credit card to purchase property.
Read more...
Net Extortion
Copying the company’s confidential data in order to extort said company for huge amount
Read more...
Phishing
The act of sending an e-mail to a user falsely claiming to be an established legitimate enterprise in an attempt to scam the user into surrendering private information that will be used for identity theft. The e-mail directs the user to visit a Web site where they are asked to update personal information, such as passwords and credit card, social security, and bank account numbers, that the legitimate organization already has.
Read more...
Computer Forensics In Criminal Defence
There is a lot of coverage within the media about how digital forensics have been used within a court case to prosecute. However, within the British judicial system, someone is innocent until proven otherwise.
With this in mind, there are many ways in which criminal defence law firms can use digital forensics to defending a client. Digital forensics covers the use of mobile phones, computers
and even satellite navigation units – in short, any digital device. . All of these can help the accused prove their innocence if looked in to correctly.
Computer forensics has helped many cases, primarily for prosecution, but it can be used to help people prove they have not committed the crime they have been accused of.
With the help of digital and computer forensics specialists, there are many ways a case can be helped if digital evidence has been presented against the accused. There are many strict rules and regulations that must be followed to extract evidence properly. If these rules have not been followed the evidence can be deemed invalid.
Any extracted evidence should have been done so by an approved analyst to be deemed an admissible source. If this is proven not to be the case, then the evidence is worthless and other sources will need to be found to support the case.
Alongside these points there are other factors that decide whether evidence extracted is usable. By choosing a reputable computer forensics company, they will be able to provide answers to such questions and know whether the evidence provided has been found legitimately or not.
The digital finger-prints we leave in today’s society means anything and everything can potentially be traced back. With this in mind it is important to remember that although we can extract data vital to proving conviction – or innocence, there are still procedures that need to be followed.
If the guidelines are not followed, extracted data is invalid, so ensure where any case is presented the facts are checked, and the only people to do this are the digital forensic professionals.
With this in mind, there are many ways in which criminal defence law firms can use digital forensics to defending a client. Digital forensics covers the use of mobile phones, computers
and even satellite navigation units – in short, any digital device. . All of these can help the accused prove their innocence if looked in to correctly.
Computer forensics has helped many cases, primarily for prosecution, but it can be used to help people prove they have not committed the crime they have been accused of.
With the help of digital and computer forensics specialists, there are many ways a case can be helped if digital evidence has been presented against the accused. There are many strict rules and regulations that must be followed to extract evidence properly. If these rules have not been followed the evidence can be deemed invalid.
Any extracted evidence should have been done so by an approved analyst to be deemed an admissible source. If this is proven not to be the case, then the evidence is worthless and other sources will need to be found to support the case.
Alongside these points there are other factors that decide whether evidence extracted is usable. By choosing a reputable computer forensics company, they will be able to provide answers to such questions and know whether the evidence provided has been found legitimately or not.
The digital finger-prints we leave in today’s society means anything and everything can potentially be traced back. With this in mind it is important to remember that although we can extract data vital to proving conviction – or innocence, there are still procedures that need to be followed.
If the guidelines are not followed, extracted data is invalid, so ensure where any case is presented the facts are checked, and the only people to do this are the digital forensic professionals.
Written by Jenny Pilley
Cyber Crimes Center
The Cyber Crimes Center (C3) Child Exploitation Section (CES) investigates the trans-border dimension of large-scale producers and distributors of images of child abuse, as well as individuals who travel in foreign commerce for the purpose of engaging in sex with minors. The CES employs the latest technology to collect evidence and track the activities of individuals and organized groups who sexually exploit children through the use of websites, chat rooms, newsgroups, and peer-to-peer trading. These investigative activities are organized under Operation Predator, a program managed by the CES. The CES also conducts clandestine operations throughout the world to identify and apprehend violators. The CES assists the field offices and routinely coordinates major investigations. The CES works closely with law enforcement agencies from around the world because the exploitation of children is a matter of global importance.
C3 brings the full range of ICE computer and forensic assets together in a single location to combat such Internet-related crimes as:
- Possession, manufacture and distribution of images of child abuse.
- International money laundering and illegal cyber-banking.
- Illegal arms trafficking and illegal export of strategic/controlled commodities.
- Drug trafficking (including prohibited pharmaceuticals).
- General Smuggling (including the trafficking in stolen art and antiquities; violations of the Endangered Species Act etc.)
- Intellectual property rights violations (including music and software).
- Immigration violations; identity and benefit fraud
C3 consists of four sections, three of which provide cyber technical and investigative services, the Cyber Crimes Section (CCS), the Child Exploitation Section (CES), and the Digital Forensic Section (DFS). The fourth section, the Information Technology and Administrative Section (ITAS), provides the technical and operational infrastructure services necessary to support the other three C3 sections. The center is a co-location of special agents, intelligence research specialists, administrative support, and contractors, all of which are instrumental in operational and technical continuity. Within each section, there are various program managers assigned to certain programmatic areas. These program managers are responsible for supporting ICE Internet investigations through the generation and the dissemination of viable leads. Program managers are available to provide guidance and training to field agents as well as to other law enforcement (foreign and domestic) upon request.
Child Exploitation
The C3 CES investigates large-scale producers and distributors of images of child abuse as well as individuals who travel in foreign commerce for the purpose of engaging in sex with minors. The CES employs the latest technology to collect evidence and track the activities of individuals and organized groups who sexually exploit children through the use of websites, chat rooms, newsgroups and peer-to-peer trading. The CES also conducts clandestine operations throughout the world to identify and apprehend violators. The CES assists the field offices and routinely coordinates major investigations. The CES works closely with law enforcement agencies from around the world because the exploitation of children is a matter of global importance.
- Operation Falcon — A joint international images of child abuse investigation initiated by ICE that identified 39 websites distributing child pornography. Further investigation led to the arrest of 1,200 international downloader’s and more than 300 U.S. customers. Nine individuals from the United States and Belarus were identified and charged as the principals in this investigation. All principals were convicted on various charges related to money laundering, structuring and the production and distribution of images of child abuse.
- Operation Mango — An extensive investigation that closed down an American-owned beachside resort in Acapulco, Mexico, which offered children to sexual predators. The resort was a haven for pedophiles that traveled to the facility for the sole purpose of engaging in sex with minors. The proprietor of the business was convicted. As a result of this investigation and others, the government of Mexico recently created a Federal task force to address crimes against children in its country.
- Internet Crimes Against Children (ICAC) Task Force — The Department of Justice (DOJ) Office of Juvenile Justice Programs, ICAC Task Force comprises 45 task forces. The task forces were created in cooperation with the DOJ ICAC to provide reporting, a means to provide a virtual pointer system for Child Exploitation and images of child abuse cases and secure collaboration for various Federal, State, and Local law enforcement organizations, task forces, and affiliated groups around the world. DHS/ICE strongly supports the efforts of the ICAC task forces as demonstrated by ICE special agents being active members of the ICACs throughout the United States. The Northern Virginia/Metro DC ICAC is housed at the DHS/ICE C3.
Cyber Crimes Section
The Cyber Crimes Section (CCS) is responsible for developing and coordinating investigations of Immigration and Customs violations where the Internet is used to facilitate the criminal act. The CCS investigative responsibilities include fraud, theft of intellectual property rights, money laundering, identity and benefit fraud, the sale and distribution of narcotics and other controlled substances, illegal arms trafficking and the illegal export of strategic/controlled commodities and the smuggling and sale of other prohibited items such as art and cultural property.
The CCS is involved in the development of Internet undercover law enforcement investigative methodology, and new laws and regulations to strengthen U.S. Cyber-Border Security. C3 supports the ICE Office of Investigation’s (OI) domestic field offices, along with ICE foreign attachés offices with cyber technical, and covert online investigative support.
- Operations Apothecary – The CCS, the ICE Commercial Fraud Office and the National Intellectual Property Rights (IPR) Coordination Center have partnered together and launched a comprehensive Internet pharmaceutical initiative designed to target, arrest and prosecute individuals and organizations that are involved in the smuggling of counterfeit pharmaceuticals of a controlled and non-controlled nature as well as scheduled narcotics via the Internet. The focus is also on the affiliates of the rogue pharmacies that are typically operated by criminal enterprises whose sole purpose is to generate large sums of money, with no regard to the health and welfare of the public.
- Intellectual Property Rights - The CCS has encountered thousands of web sites based in the United States, as well as foreign that are engaged in the sale of counterfeit merchandise (including music and software) via the Internet. The CCS continues to work closely with the National IPR Coordination Center, the Computer Crimes and Intellectual Property Section (CCIPS) at the DOJ, and industry representatives to identify web sites responsible for the sale of the counterfeit items.
- Arms and Strategic Technology - The CCS supports ICE’s mission to prevent proliferate countries, terrorists, trans-national criminals from obtaining strategic materials, funds and support and to protect the American public from the introduction weapons of mass destruction and other instruments of terror from entering the United States.
- Identify Fraud Initiative - The availability and use of fraudulent identification documents has always been a concern to the law enforcement community. While traditionally available from street sources, fraudulent identification and travel documents, of all types, are also readily available for sale via the Internet. In the post 9-11 world, fraudulent identity and travel documents are of an even greater concern to ICE because of the alarming threat they pose to ICE's primary mission of protecting the United States, and its citizens, from threats arising from the movement of people and goods into and out of the country. With addressing these documents and their threat in mind, the CCS has sought to identify sources for fraudulent identity and immigration documents on the Internet. Those sources identified are pursued for criminal violations either locally or referred to other ICE field offices."
Digital Forensics Section
Digital evidence has become prevalent in every ICE investigative case category. Digital evidence is quickly replacing documentary evidence as the “smoking gun” in investigations. As a result, ICE investigations increasing demand that vital evidence be identified, seized, and recovered from a variety of electronic devices. ICE special agents need access to information stored on personal computers, complex business networks, personal digital assistants (PDA), cellular telephones, and multifunction communications devices.
Under legacy US Customs and US Immigration, ICE began training special agents to address this problem. The merger of the two agencies’ legacy computer forensic programs now provides ICE with more than one hundred and twenty-five special agents trained to process digital evidence.
The C3, Digital Forensic Section (DFS) provides programmatic oversight to the ICE Digital Forensics Program, operates the ICE National Digital Forensics Lab, and participates jointly with the US Secret Service and the Internal Revenue Service in the legacy Treasury Computer Investigative Specialist Training Program.
DFS Digital Forensic Agents (DFA) serve as the primary source for ICE field DFAs for technical forensic support issues, conduct research and development on new and emerging technologies, and develop and deliver training to field DFAs.
The DFS operates a state of the art Digital Forensics Lab that processes “strange and large” digital evidence seized by ICE field offices. Digital evidence resident on “non-standard” hardware or too voluminous for field office to process may be forwarded to the DFS for examination.
The DFS also provides ICE with advanced data exploitation capabilities. Digital evidence submitted by ICE field offices can be imported onto the DFS Lab network, indexed, and searched using advanced data exploitation tools. Large volumes of unrelated data can quickly and efficiently be mined for evidence of criminal activity.
Monday, September 21, 2009
Cyber Security
Security whether it is physical or virtual , is the primary concern of any organization. The proliferation of computer systems and network has created new situation where organizations, be it government or private, are becoming more and more relying on computers and network for day to day operations. This has resulted in a deep concern regarding the safety of information and infrastructure. Critical Infrastructure such as electricity, water supply , nuclear plants, financial institutions , etc. play an important role in economy and safety of the country. Any type of intrusions into such systems can jeopardize the safety of the country.The wide spread use of computers and internet provides intruders an opportunity to sneak in and create havoc. There is a strong need to provide sufficient security to all computer systems and information residing in it.
Computer Security Institute (CSI) most of the computer security breaches are not reported. People keep quiet not to expose the vulnerability further. The CSI/FBI report Computer Crime and Security Survey 2006 shows alarming increase in cyber crimes. The key finding of the survey is
* Virus attacks are the major threat causing financial loss ( 74%)
* Percentage of organizations reporting intrusions have increased from 20 to 25 %
* Over 80% organizations conduct security audit.
It is a fact that most of the organizations don’t report the intrusions to avoid negative publicity it gets. One of the objective of this programme is to provide information and guidelines to protect computer systems against intrusions, data theft, etc. www.cyberkeralam.in
True Confession of Hackers
Watch the Hackers confession.!!
Do you think hackers are criminals of cyber world or those good people who help poor and dummy people at the cyber world by providing cracks to the internet world?
Saturday, August 29, 2009
Money Lost from Internet Crimes Rises
When you look at the list of uses, advantages and opportunities that the Internet provides, it’s seemingly never-ending, yet there are some “dark” sides to it as well. One of those dark sides is that the Internet provides criminals with lots of opportunities to scam good people. The IC3 just released their 2007 report on Internet Crime and what they found is that the money lost in Internet-related crimes hit a new high last year. In all, around $240 million dollars were reported in losses which is a $40 million increase from the prior year.When you think of Internet-related crimes, what do you think of? Maybe spam email, phishing attempts, and eBay scams? Those all contribute to the reported crimes, but add to the list online dating scams, crimes involving pets, check-cashing schemes, and people asking for “charity” donations. The three main types of crimes that were committed include:
Fraud – where consumers didn’t get the right merchandise they paid for
Non-delivery – consumers didn’t receive a purchased good
Confidence fraud – where scammers ask consumers to rely on them
The IC3 (Internet Crime Complaint Center) reported that men actually lost more on average, than women. Each male that made a complaint lost on average $765 compared to $522 for women. Age also made a difference as well. The “younger” crowd, those in their 20’s lost $385 on average while the “older” crowd, those over 60 lost $760 on average per scam. In the end, about 1/2 of reports involved an amount less than $1,000 while 1/3 of complaints involved amounts between $1,000-$5,000.
While we have sympathy for those who have lost money due to Internet crimes, it’s still hard to believe that it happens as often as it does and people lose as much money as they do. By now, you’d think more people would be educated about the major dangers of the Internet thanks to news agencies covering it, and thus would be able to easily spot a scam. Do you know anybody who has been a victim of Internet Crime?
Note: If you’d like to view the complete report, click here and then click on the 2007 IC3 Annual Report to download it.
Source: NY Times
Sunday, August 16, 2009
Cyber Crime
INTRODUCTION:
The term ‘cyber crime’ is a misnomer. This term has nowhere been defined in any statute /Act passed or enacted by the Indian Parliament. The concept of cyber crime is not radically different from the concept of conventional crime. Both include conduct whether act or omission, which cause breach of rules of law and counterbalanced by the sanction of the state.
Before evaluating the concept of cyber crime it is obvious that the concept of conventional crime be discussed and the points of similarity and deviance between both these forms may be discussed.
CONVENTIONAL CRIME-
Crime is a social and economic phenomenon and is as old as the human society. Crime is a legal concept and has the sanction of the law. Crime or an offence is “a legal wrong that can be followed by criminal proceedings which may result into punishment.”(1) The hallmark of criminality is that, it is breach of the criminal law. Per Lord Atkin “the criminal quality of an act cannot be discovered by reference to any standard but one: is the act prohibited with penal consequences”. (2)
A crime may be said to be any conduct accompanied by act or omission prohibited by law and consequential breach of which is visited by penal consequences.
CYBER CRIME
Cyber crime is the latest and perhaps the most complicated problem in the cyber world. “Cyber crime may be said to be those species, of which, genus is the conventional crime, and where either the computer is an object or subject of the conduct constituting crime” (13). “Any criminal activity that uses a computer either as an instrumentality, target or a means for perpetuating further crimes comes within the ambit of cyber crime”(12)
A generalized definition of cyber crime may be “ unlawful acts wherein the computer is either a tool or target or both”(3) The computer may be used as a tool in the following kinds of activity- financial crimes, sale of illegal articles, pornography, online gambling, intellectual property crime, e-mail spoofing, forgery, cyber defamation, cyber stalking. The computer may however be target for unlawful acts in the following cases- unauthorized access to computer/ computer system/ computer networks, theft of information contained in the electronic form, e-mail bombing, data didling, salami attacks, logic bombs, Trojan attacks, internet time thefts, web jacking, theft of computer system, physically damaging the computer system.
DISTINCTION BETWEEN CONVENTIONAL AND CYBER CRIME-
There is apparently no distinction between cyber and conventional crime. However on a deep introspection we may say that there exists a fine line of demarcation between the conventional and cyber crime, which is appreciable. The demarcation lies in the involvement of the medium in cases of cyber crime. The sine qua non for cyber crime is that there should be an involvement, at any stage, of the virtual cyber medium.
REASONS FOR CYBER CRIME:
Hart in his work “ The Concept of Law” has said ‘human beings are vulnerable so rule of law is required to protect them’. Applying this to the cyberspace we may say that computers are vulnerable so rule of law is required to protect and safeguard them against cyber crime. The reasons for the vulnerability of computers may be said to be:
Capacity to store data in comparatively small space-
The computer has unique characteristic of storing data in a very small space. This affords to remove or derive information either through physical or virtual medium makes it much more easier.
Easy to access-
The problem encountered in guarding a computer system from unauthorised access is that there is every possibility of breach not due to human error but due to the complex technology. By secretly implanted logic bomb, key loggers that can steal access codes, advanced voice recorders; retina imagers etc. that can fool biometric systems and bypass firewalls can be utilized to get past many a security system.
3.Complex-
The computers work on operating systems and these operating systems in turn are composed of millions of codes. Human mind is fallible and it is not possible that there might not be a lapse at any stage. The cyber criminals take advantage of these lacunas and penetrate into the computer system.
4.Negligence-
Negligence is very closely connected with human conduct. It is therefore very probable that while protecting the computer system there might be any negligence, which in turn provides a cyber criminal to gain access and control over the computer system.
5. Loss of evidence-
Loss of evidence is a very common & obvious problem as all the data are routinely destroyed. Further collection of data outside the territorial extent also paralyses this system of crime investigation.
CYBER CRIMINALS:
The cyber criminals constitute of various groups/ category. This division may be justified on the basis of the object that they have in their mind. The following are the category of cyber criminals-
1. Children and adolescents between the age group of 6 – 18 years –
The simple reason for this type of delinquent behaviour pattern in children is seen mostly due to the inquisitiveness to know and explore the things. Other cognate reason may be to prove themselves to be outstanding amongst other children in their group. Further the reasons may be psychological even. E.g. the Bal Bharati (Delhi) case was the outcome of harassment of the delinquent by his friends.
2. Organised hackers-
These kinds of hackers are mostly organised together to fulfil certain objective. The reason may be to fulfil their political bias, fundamentalism, etc. The Pakistanis are said to be one of the best quality hackers in the world. They mainly target the Indian government sites with the purpose to fulfil their political objectives. Further the NASA as well as the Microsoft sites is always under attack by the hackers.
3. Professional hackers / crackers –
Their work is motivated by the colour of money. These kinds of hackers are mostly employed to hack the site of the rivals and get credible, reliable and valuable information. Further they are ven employed to crack the system of the employer basically as a measure to make it safer by detecting the loopholes.
4. Discontented employees-
This group include those people who have been either sacked by their employer or are dissatisfied with their employer. To avenge they normally hack the system of their employee.
MODE AND MANNER OF COMMITING CYBER CRIME:
Unauthorized access to computer systems or networks / Hacking-
This kind of offence is normally referred as hacking in the generic sense. However the framers of the information technology act 2000 have no where used this term so to avoid any confusion we would not interchangeably use the word hacking for ‘unauthorized access’ as the latter has wide connotation.
Theft of information contained in electronic form-
This includes information stored in computer hard disks, removable storage media etc. Theft may be either by appropriating the data physically or by tampering them through the virtual medium.
Email bombing-
This kind of activity refers to sending large numbers of mail to the victim, which may be an individual or a company or even mail servers there by ultimately resulting into crashing.
Data diddling-
This kind of an attack involves altering raw data just before a computer processes it and then changing it back after the processing is completed. The electricity board faced similar problem of data diddling while the department was being computerised.
Salami attacks-
This kind of crime is normally prevalent in the financial institutions or for the purpose of committing financial crimes. An important feature of this type of offence is that the alteration is so small that it would normally go unnoticed. E.g. the Ziegler case wherein a logic bomb was introduced in the bank’s system, which deducted 10 cents from every account and deposited it in a particular account.
Denial of Service attack-
The computer of the victim is flooded with more requests than it can handle which cause it to crash. Distributed Denial of Service (DDoS) attack is also a type of denial of service attack, in which the offenders are wide in number and widespread. E.g. Amazon, Yahoo.
7. Virus / worm attacks-
Viruses are programs that attach themselves to a computer or a file and then circulate themselves to other files and to other computers on a network. They usually affect the data on a computer, either by altering or deleting it. Worms, unlike viruses do not need the host to attach themselves to. They merely make functional copies of themselves and do this repeatedly till they eat up all the available space on a computer's memory. E.g. love bug virus, which affected at least 5 % of the computers of the globe. The losses were accounted to be $ 10 million. The world's most famous worm was the Internet worm let loose on the Internet by Robert Morris sometime in 1988. Almost brought development of Internet to a complete halt.
8. Logic bombs-
These are event dependent programs. This implies that these programs are created to do something only when a certain event (known as a trigger event) occurs. E.g. even some viruses may be termed logic bombs because they lie dormant all through the year and become active only on a particular date (like the Chernobyl virus).
Trojan attacks-
This term has its origin in the word ‘Trojan horse’. In software field this means an unauthorized programme, which passively gains control over another’s system by representing itself as an authorised programme. The most common form of installing a Trojan is through e-mail. E.g. a Trojan was installed in the computer of a lady film director in the U.S. while chatting. The cyber criminal through the web cam installed in the computer obtained her nude photographs. He further harassed this lady.
Internet time thefts-
Normally in these kinds of thefts the Internet surfing hours of the victim are used up by another person. This is done by gaining access to the login ID and the password. E.g. Colonel Bajwa’s case- the Internet hours were used up by any other person. This was perhaps one of the first reported cases related to cyber crime in India. However this case made the police infamous as to their lack of understanding of the nature of cyber crime.
11. Web jacking-
This term is derived from the term hi jacking. In these kinds of offences the hacker gains access and control over the web site of another. He may even mutilate or change the information on the site. This may be done for fulfilling political objectives or for money. E.g. recently the site of MIT (Ministry of Information Technology) was hacked by the Pakistani hackers and some obscene matter was placed therein. Further the site of Bombay crime branch was also web jacked. Another case of web jacking is that of the ‘gold fish’ case. In this case the site was hacked and the information pertaining to gold fish was changed. Further a ransom of US $ 1 million was demanded as ransom. Thus web jacking is a process where by control over the site of another is made backed by some consideration for it.
CLASSIFICATION:
The subject of cyber crime may be broadly classified under the following three groups. They are-1. Against Individuals
a. their person &b. their property of an individual
2. Against Organization
a. Governmentc. Firm, Company, Group of Individuals.3. Against Society at large
The following are the crimes, which can be committed against the followings group Against Individuals: –
i. Harassment via e-mails.ii. Cyber-stalking.iii. Dissemination of obscene material.iv. Defamation.v. Unauthorized control/access over computer system.vi. Indecent exposurevii. Email spoofing viii. Cheating & Fraud
Against Individual Property: -
i. Computer vandalism.ii. Transmitting virus.iii. Netrespassiv. Unauthorized control/access over computer system.v. Intellectual Property crimesvi. Internet time thefts
Against Organization: -
i. Unauthorized control/access over computer systemii. Possession of unauthorized information.iii. Cyber terrorism against the government organization.iv. Distribution of pirated software etc.
Against Society at large: -
i. Pornography (basically child pornography).ii. Polluting the youth through indecent exposure.iii. Traffickingiv. Financial crimesv.Sale of illegal articlesvi.Online gamblingvii. Forgery
The above mentioned offences may discussed in brief as follows:
1. Harassment via e-mails-
Harassment through e-mails is not a new concept. It is very similar to harassing through letters. Recently I had received a mail from a lady wherein she complained about the same. Her former boy friend was sending her mails constantly sometimes emotionally blackmailing her and also threatening her. This is a very common type of harassment via e-mails.
2. Cyber-stalking-
The Oxford dictionary defines stalking as "pursuing stealthily". Cyber stalking involves following a person's movements across the Internet by posting messages (sometimes threatening) on the bulletin boards frequented by the victim, entering the chat-rooms frequented by the victim, constantly bombarding the victim with emails etc.
3. Dissemination of obscene material/ Indecent exposure/ Pornography (basically child pornography) / Polluting through indecent exposure-
Pornography on the net may take various forms. It may include the hosting of web site containing these prohibited materials. Use of computers for producing these obscene materials. Downloading through the Internet, obscene materials. These obscene matters may cause harm to the mind of the adolescent and tend to deprave or corrupt their mind. Two known cases of pornography are the Delhi Bal Bharati case and the Bombay case wherein two Swiss couple used to force the slum children for obscene photographs. The Mumbai police later arrested them.
4. Defamation
It is an act of imputing any person with intent to lower the person in the estimation of the right-thinking members of society generally or to cause him to be shunned or avoided or to expose him to hatred, contempt or ridicule. Cyber defamation is not different from conventional defamation except the involvement of a virtual medium. E.g. the mail account of Rohit was hacked and some mails were sent from his account to some of his batch mates regarding his affair with a girl with intent to defame him.
4. Unauthorized control/access over computer system-
This activity is commonly referred to as hacking. The Indian law has however given a different connotation to the term hacking, so we will not use the term "unauthorized access" interchangeably with the term "hacking" to prevent confusion as the term used in the Act of 2000 is much wider than hacking.
5. E mail spoofing-
A spoofed e-mail may be said to be one, which misrepresents its origin. It shows it's origin to be different from which actually it originates. Recently spoofed mails were sent on the name of Mr. Na.Vijayashankar (naavi.org), which contained virus.
Rajesh Manyar, a graduate student at Purdue University in Indiana, was arrested for threatening to detonate a nuclear device in the college campus. The alleged e- mail was sent from the account of another student to the vice president for student services. However the mail was traced to be sent from the account of Rajesh Manyar.(15)
6. Computer vandalism-
Vandalism means deliberately destroying or damaging property of another. Thus computer vandalism may include within its purview any kind of physical harm done to the computer of any person. These acts may take the form of the theft of a computer, some part of a computer or a peripheral attached to the computer or by physically damaging a computer or its peripherals.
7. Transmitting virus/worms-
This topic has been adequately dealt herein above.
8. Intellectual Property crimes / Distribution of pirated software-
Intellectual property consists of a bundle of rights. Any unlawful act by which the owner is deprived completely or partially of his rights is an offence. The common form of IPR violation may be said to be software piracy, copyright infringement, trademark and service mark violation, theft of computer source code, etc.
The Hyderabad Court has in a land mark judgement has convicted three people and sentenced them to six months imprisonment and fine of 50,000 each for unauthorized copying and sell of pirated software. (16)
9. Cyber terrorism against the government organization
At this juncture a necessity may be felt that what is the need to distinguish between cyber terrorism and cyber crime. Both are criminal acts. However there is a compelling need to distinguish between both these crimes. A cyber crime is generally a domestic issue, which may have international consequences, however cyber terrorism is a global concern, which has domestic as well as international consequences. The common form of these terrorist attacks on the Internet is by distributed denial of service attacks, hate websites and hate emails, attacks on sensitive computer networks, etc. Technology savvy terrorists are using 512-bit encryption, which is next to impossible to decrypt. The recent example may be cited of – Osama Bin Laden, the LTTE, attack on America’s army deployment system during Iraq war.
Cyber terrorism may be defined to be “ the premeditated use of disruptive activities, or the threat thereof, in cyber space, with the intention to further social, ideological, religious, political or similar objectives, or to intimidate any person in furtherance of such objectives” (4)
Another definition may be attempted to cover within its ambit every act of cyber terrorism.
A terrorist means a person who indulges in wanton killing of persons or in violence or in disruption of services or means of communications essential to the community or in damaging property with the view to –
(1) putting the public or any section of the public in fear; or
(2) affecting adversely the harmony between different religious, racial, language or regional groups or castes or communities; or
(3) coercing or overawing the government established by law; or
(4) endangering the sovereignty and integrity of the nation
and a cyber terrorist is the person who uses the computer system as a means or ends to achieve the above objectives. Every act done in pursuance thereof is an act of cyber terrorism.
10.Trafficking
Trafficking may assume different forms. It may be trafficking in drugs, human beings, arms weapons etc. These forms of trafficking are going unchecked because they are carried on under pseudonyms. A racket was busted in Chennai where drugs were being sold under the pseudonym of honey.
Fraud & Cheating
Online fraud and cheating is one of the most lucrative businesses that are growing today in the cyber space. It may assume different forms. Some of the cases of online fraud and cheating that have come to light are those pertaining to credit card crimes, contractual crimes, offering jobs, etc.
Recently the Court of Metropolitan Magistrate Delhi (17) found guilty a 24-year-old engineer working in a call centre, of fraudulently gaining the details of Campa's credit card and bought a television and a cordless phone from Sony website. Metropolitan magistrate Gulshan Kumar convicted Azim for cheating under IPC, but did not send him to jail. Instead, Azim was asked to furnish a personal bond of Rs 20,000, and was released on a year's probation.
STATUTORY PROVISONS:
The Indian parliament considered it necessary to give effect to the resolution by which the General Assembly adopted Model Law on Electronic Commerce adopted by the United Nations Commission on Trade Law. As a consequence of which the Information Technology Act 2000 was passed and enforced on 17th May 2000.the preamble of this Act states its objective to legalise e-commerce and further amend the Indian Penal Code 1860, the Indian Evidence Act 1872, the Banker’s Book Evidence Act1891 and the Reserve Bank of India Act 1934. The basic purpose to incorporate the changes in these Acts is to make them compatible with the Act of 2000. So that they may regulate and control the affairs of the cyber world in an effective manner.
The Information Technology Act deals with the various cyber crimes in chapters IX & XI. The important sections are Ss. 43,65,66,67. Section 43 in particular deals with the unauthorised access, unauthorised downloading, virus attacks or any contaminant, causes damage, disruption, denial of access, interference with the service availed by a person. This section provide for a fine up to Rs. 1 Crore by way of remedy. Section 65 deals with ‘tampering with computer source documents’ and provides for imprisonment up to 3 years or fine, which may extend up to 2 years or both. Section 66 deals with ‘hacking with computer system’ and provides for imprisonment up to 3 years or fine, which may extend up to 2 years or both. Further section 67 deals with publication of obscene material and provides for imprisonment up to a term of 10 years and also with fine up to Rs. 2 lakhs. (14)
ANALYSIS OF THE STATUTORY PROVISONS:
The Information Technology Act 2000 was undoubtedly a welcome step at a time when there was no legislation on this specialised field. The Act has however during its application has proved to be inadequate to a certain extent. The various loopholes in the Act are-
1. The hurry in which the legislation was passed, without sufficient public debate, did not really serve the desired purpose (6)-
Experts are of the opinion that one of the reasons for the inadequacy of the legislation has been the hurry in which it was passed by the parliament and it is also a fact that sufficient time was not given for public debate. 2. “Cyberlaws, in their very preamble and aim, state that they are targeted at aiding e-commerce, and are not meant to regulate cybercrime”(6) –
Mr. Pavan Duggal holds the opinion that the main intention of the legislators has been to provide for a law to regulate the e-commerce and with that aim the I.T.Act 2000 was passed, which also is one of the reasons for its inadequacy to deal with cases of cyber crime.
At this point I would like to express my respectful dissent with Mr. Duggal. I feel that the above statement by Mr. Duggal is not fundamentally correct. The reason being that the preamble does state that the Act aims at legalising e-commerce. However it does not stop here. It further amends the I.P.C., Evidence Act, Banker’s Book Evidence and RBI Act also. The Act also aims to deal with all matters connected therewith or incidental thereto. It is a cardinal rule of interpretation that “text should be read as a whole to gather the meaning”. It seems that the above statement has been made in total disregard of this rule of interpretation. The preamble, if read as a whole, makes it very clear that the Act equally aims at legalising e-commerce and to curb any offences arising there from.3.Cyber torts-
The recent cases including Cyber stalking cyber harassment, cyber nuisance, and cyber defamation have shown that the I.T.Act 2000 has not dealt with those offences. Further it is also contended that in future new forms of cyber crime will emerge which even need to be taken care of. Therefore India should sign the cyber crime convention. However the I.T.Act 2000 read with the Penal Code is capable of dealing with these felonies. 4.Cyber crime in the Act is neither comprehensive nor exhaustive-
Mr. Duggal believes that we need dedicated legislation on cyber crime that can supplement the Indian Penal Code. The contemporary view is held by Mr. Prathamesh Popat who has stated- "The IT Act, 2000 is not comprehensive enough and doesn't even define the term 'cyber crime". (8) Mr. Duggal has further commented, “India, as a nation, has to cope with an urgent need to regulate and punish those committing cyber crimes, but with no specific provisions to do so. Supporters of the Indian Penal Code School vehemently argue that IPC has stood the test of time and that it is not necessary to incorporate any special laws on cyber crime. This is because it is debated by them that the IPC alone is sufficient for all kinds of crime. However, in practical terms, the argument does not have appropriate backing. It has to be distinctly understood that cyber crime and cyberspace are completely new whelms, where numerous new possibilities and opportunities emerge by the day in the form of new kinds of crimes.”(6)
I feel that a new legislation on cyber crime is totally unwarranted. The reason is that the new legislation not come alone but will bring with it the same confusion, the same dissatisfaction and the same desire to supplant it by further new legislation. Mr. Duggal has stated above the need to supplement IPC by a new legislation. If that is the issue then the present legislation along with the Penal Code when read harmoniously and co- jointly is sufficient to deal with the present problems of cyber crime. Further there are other legislations to deal with the intellectual property crimes on the cyber space such as the Patents Act, Copy Right Act, Trade Marks Act. 5.Ambiguity in the definitions-
The definition of hacking provided in section 66 of the Act is very wide and capable of misapplication. There is every possibility of this section being misapplied and in fact the Delhi court has misapplied it. The infamous go2nextjob has made it very clear that what may be the fate of a person who is booked under section 66 or the constant threat under which the netizens are till s. 66 exists in its present form.
Further section 67 is also vague to certain extent. It is difficult to define the term lascivious information or obscene pornographic information. Further our inability to deal with the cases of cyber pornography has been proved by the Bal Bharati case. 6. Uniform law-
Mr. Vinod Kumar (9) holds the opinion that the need of the hour is a worldwide uniform cyber law to combat cyber crime. Cyber crime is a global phenomenon and therefore the initiative to fight it should come from the same level. E.g. the author of the love bug virus was appreciated by his countrymen.7.Lack of awareness-
One important reason that the Act of 2000 is not achieving complete success is the lack of awareness among the s about their rights. Further most of the cases are going unreported. If the people are vigilant about their rights the law definitely protects their right. E.g. the Delhi high court in October 2002 prevented a person from selling Microsoft pirated software over an auction site. Achievement was also made in the case before the court of metropolitan magistrate Delhi wherein a person was convicted for online cheating by buying Sony products using a stolen credit card. (17)8. Jurisdiction issues-
Jurisdiction is also one of the debatable issues in the cases of cyber crime due to the very universal nature of cyber space. With the ever-growing arms of cyber space the territorial concept seems to vanish. New methods of dispute resolution should give way to the conventional methods. The Act of 2000 is very silent on these issues.9. Extra territorial application-
Though S.75 provides for extra-territorial operations of this law, but they could be meaningful only when backed with provisions recognizing orders and warrants for Information issued by competent authorities outside their jurisdiction and measure for cooperation for exchange of material and evidence of computer crimes between law enforcement agencies.10. Raising a cyber army-
By using the word ‘cyber army’ by no means I want to convey the idea of virtual army, rather I am laying emphasis on the need for a well equipped task force to deal with the new trends of hi tech crime. The government has taken a leap in this direction by constituting cyber crime cells in all metropolitan and other important cities. Further the establishment of the Cyber Crime Investigation Cell (CCIC) of the Central Bureau of Investigation (CBI) 11) is definitely a welcome step in this direction. There are man cases in which the C.B.I has achieved success. The present position of cases of cyber crime (17) is –
Case 1: When a woman at an MNC started receiving obscene calls, CBI found her colleague had posted her personal details on Mumbaidating.com.
Status: Probe on
Case 2: CBI arrested a man from UP, Mohammed Feroz, who placed ads offering jobs in Germany. He talked to applicants via e-mail and asked them to deposit money in his bank account in Delhi.
Status: Chargesheet not filed
Case 3: The official web-site of the Central Board of Direct Taxes was hacked last year. As Pakistan-based hackers were responsible, authorities there were informed through Interpol.
Status: Pak not cooperating.11. Cyber savvy bench-
Cyber savvy judges are the need of the day. Judiciary plays a vital role in shaping the enactment according to the order of the day. One such stage, which needs appreciation, is the P.I.L., which the Kerela High Court has accepted through an email. The role of the judges in today’s word may be gathered by the statement- judges carve ‘law is’ to ‘law ought to be’. Mr T.K.Vishwanathan, member secretary, Law Commission , has highlighted the requirements for introducing e-courts in India. In his article published in The Hindu he has stated “if there is one area of Governance where IT can make a huge difference to Indian public is in the Judicial System”.12. Dynamic form of cyber crime-
Speaking on the dynamic nature of cyber crime FBI Director Louis Freeh has said, "In short, even though we have markedly improved our capabilities to fight cyber intrusions the problem is growing even faster and we are falling further behind.” The (de)creativity of human mind cannot be checked by any law. Thus the only way out is the liberal construction while applying the statutory provisions to cyber crime cases. 13. Hesitation to report offences-
As stated above one of the fatal drawbacks of the Act has been the cases going unreported. One obvious reason is the non-cooperative police force. This was proved by the Delhi time theft case. "The police are a powerful force today which can play an instrumental role in preventing cybercrime. At the same time, it can also end up wielding the rod and harassing innocent s, preventing them from going about their normal cyber business."(10) This attitude of the administration is also revelled by incident that took place at Merrut and Belgam. (for the facts of these incidents refer to naavi.com). For complete realisation of the provisions of this Act a cooperative police force is require.
PREVENTION OF CYBER CRIME:
Prevention is always better than cure. It is always better to take certain precaution while operating the net. A should make them his part of cyber life. Saileshkumar Zarkar, technical advisor and network security consultant to the Mumbai Police Cyber crime Cell, advocates the 5P mantra for online security: Precaution, Prevention, Protection, Preservation and Perseverance. A netizen should keep in mind the following things-
1.to prevent cyber stalking avoid disclosing any information pertaining to oneself. This is as good as disclosing your identity to strangers in public place.
2.always avoid sending any photograph online particularly to strangers and chat friends as there have been incidents of misuse of the photographs.
3.always use latest and up date anti virus software to guard against virus attacks.
4.always keep back up volumes so that one may not suffer data loss in case of virus contamination
5.never send your credit card number to any site that is not secured, to guard against frauds.
6.always keep a watch on the sites that your children are accessing to prevent any kind of harassment or depravation in children.
7.it is better to use a security programme that gives control over the cookies and send information back to the site as leaving the cookies unguarded might prove fatal.
8.web site owners should watch traffic and check any irregularity on the site. Putting host-based intrusion detection devices on servers may do this.
9.use of firewalls may be beneficial.
10. web servers running public sites must be physically separate protected from internal corporate network.
Adjudication of a Cyber Crime - On the directions of the Bombay High Court the Central Government has by a notification dated 25.03.03 has decided that the Secretary to the Information Technology Department in each state by designation would be appointed as the AO for each state.
CONCLUSION:
Capacity of human mind is unfathomable. It is not possible to eliminate cyber crime from the cyber space. It is quite possible to check them. History is the witness that no legislation has succeeded in totally eliminating crime from the globe. The only possible step is to make people aware of their rights and duties (to report crime as a collective duty towards the society) and further making the application of the laws more stringent to check crime. Undoubtedly the Act is a historical step in the cyber world. Further I all together do not deny that there is a need to bring changes in the Information Technology Act to make it more effective to combat cyber crime. I would conclude with a word of caution for the pro-legislation school that it should be kept in mind that the provisions of the cyber law are not made so stringent that it may retard the growth of the industry and prove to be counter-productive.
REFERENCES:
1. Granville Williams
2. Proprietary Articles Trade Association v. A.G.for Canada (1932)
3. Nagpal R. – What is Cyber Crime?
4. Nagpal R- Defining Cyber Terrorism
5. Duggal Pawan – The Internet: Legal Dimensions
6. Duggal Pawan - Is this Treaty a Treat?
7. Duggal Pawan - Cybercrime
8. Kapoor G.V. - Byte by Byte
9. Kumar Vinod – Winning the Battle against Cyber Crime
10. Mehta Dewang- Role of Police In Tackling Internet Crimes
11. Postal address-
Superintendent of Police, Cyber Crime Investigation Cell, 5th Floor, Block No.3, CGO Complex, Lodhi Road, New Delhi – 110 003Phone: 4362203, 4392424
e-mail- cbiccic@bol.net.in
12. Duggal Pawan
13. by the Author
14. For the sake of convenience the readers are requested to read sections 43, 65, 66,67 of the Information Technology Act.
15. Sify News 14.03.03
16. Deccan Herald 16.03.03
17. Hindustan Times 03.03.03
The term ‘cyber crime’ is a misnomer. This term has nowhere been defined in any statute /Act passed or enacted by the Indian Parliament. The concept of cyber crime is not radically different from the concept of conventional crime. Both include conduct whether act or omission, which cause breach of rules of law and counterbalanced by the sanction of the state.
Before evaluating the concept of cyber crime it is obvious that the concept of conventional crime be discussed and the points of similarity and deviance between both these forms may be discussed.
CONVENTIONAL CRIME-
Crime is a social and economic phenomenon and is as old as the human society. Crime is a legal concept and has the sanction of the law. Crime or an offence is “a legal wrong that can be followed by criminal proceedings which may result into punishment.”(1) The hallmark of criminality is that, it is breach of the criminal law. Per Lord Atkin “the criminal quality of an act cannot be discovered by reference to any standard but one: is the act prohibited with penal consequences”. (2)
A crime may be said to be any conduct accompanied by act or omission prohibited by law and consequential breach of which is visited by penal consequences.
CYBER CRIME
Cyber crime is the latest and perhaps the most complicated problem in the cyber world. “Cyber crime may be said to be those species, of which, genus is the conventional crime, and where either the computer is an object or subject of the conduct constituting crime” (13). “Any criminal activity that uses a computer either as an instrumentality, target or a means for perpetuating further crimes comes within the ambit of cyber crime”(12)
A generalized definition of cyber crime may be “ unlawful acts wherein the computer is either a tool or target or both”(3) The computer may be used as a tool in the following kinds of activity- financial crimes, sale of illegal articles, pornography, online gambling, intellectual property crime, e-mail spoofing, forgery, cyber defamation, cyber stalking. The computer may however be target for unlawful acts in the following cases- unauthorized access to computer/ computer system/ computer networks, theft of information contained in the electronic form, e-mail bombing, data didling, salami attacks, logic bombs, Trojan attacks, internet time thefts, web jacking, theft of computer system, physically damaging the computer system.
DISTINCTION BETWEEN CONVENTIONAL AND CYBER CRIME-
There is apparently no distinction between cyber and conventional crime. However on a deep introspection we may say that there exists a fine line of demarcation between the conventional and cyber crime, which is appreciable. The demarcation lies in the involvement of the medium in cases of cyber crime. The sine qua non for cyber crime is that there should be an involvement, at any stage, of the virtual cyber medium.
REASONS FOR CYBER CRIME:
Hart in his work “ The Concept of Law” has said ‘human beings are vulnerable so rule of law is required to protect them’. Applying this to the cyberspace we may say that computers are vulnerable so rule of law is required to protect and safeguard them against cyber crime. The reasons for the vulnerability of computers may be said to be:
Capacity to store data in comparatively small space-
The computer has unique characteristic of storing data in a very small space. This affords to remove or derive information either through physical or virtual medium makes it much more easier.
Easy to access-
The problem encountered in guarding a computer system from unauthorised access is that there is every possibility of breach not due to human error but due to the complex technology. By secretly implanted logic bomb, key loggers that can steal access codes, advanced voice recorders; retina imagers etc. that can fool biometric systems and bypass firewalls can be utilized to get past many a security system.
3.Complex-
The computers work on operating systems and these operating systems in turn are composed of millions of codes. Human mind is fallible and it is not possible that there might not be a lapse at any stage. The cyber criminals take advantage of these lacunas and penetrate into the computer system.
4.Negligence-
Negligence is very closely connected with human conduct. It is therefore very probable that while protecting the computer system there might be any negligence, which in turn provides a cyber criminal to gain access and control over the computer system.
5. Loss of evidence-
Loss of evidence is a very common & obvious problem as all the data are routinely destroyed. Further collection of data outside the territorial extent also paralyses this system of crime investigation.
CYBER CRIMINALS:
The cyber criminals constitute of various groups/ category. This division may be justified on the basis of the object that they have in their mind. The following are the category of cyber criminals-
1. Children and adolescents between the age group of 6 – 18 years –
The simple reason for this type of delinquent behaviour pattern in children is seen mostly due to the inquisitiveness to know and explore the things. Other cognate reason may be to prove themselves to be outstanding amongst other children in their group. Further the reasons may be psychological even. E.g. the Bal Bharati (Delhi) case was the outcome of harassment of the delinquent by his friends.
2. Organised hackers-
These kinds of hackers are mostly organised together to fulfil certain objective. The reason may be to fulfil their political bias, fundamentalism, etc. The Pakistanis are said to be one of the best quality hackers in the world. They mainly target the Indian government sites with the purpose to fulfil their political objectives. Further the NASA as well as the Microsoft sites is always under attack by the hackers.
3. Professional hackers / crackers –
Their work is motivated by the colour of money. These kinds of hackers are mostly employed to hack the site of the rivals and get credible, reliable and valuable information. Further they are ven employed to crack the system of the employer basically as a measure to make it safer by detecting the loopholes.
4. Discontented employees-
This group include those people who have been either sacked by their employer or are dissatisfied with their employer. To avenge they normally hack the system of their employee.
MODE AND MANNER OF COMMITING CYBER CRIME:
Unauthorized access to computer systems or networks / Hacking-
This kind of offence is normally referred as hacking in the generic sense. However the framers of the information technology act 2000 have no where used this term so to avoid any confusion we would not interchangeably use the word hacking for ‘unauthorized access’ as the latter has wide connotation.
Theft of information contained in electronic form-
This includes information stored in computer hard disks, removable storage media etc. Theft may be either by appropriating the data physically or by tampering them through the virtual medium.
Email bombing-
This kind of activity refers to sending large numbers of mail to the victim, which may be an individual or a company or even mail servers there by ultimately resulting into crashing.
Data diddling-
This kind of an attack involves altering raw data just before a computer processes it and then changing it back after the processing is completed. The electricity board faced similar problem of data diddling while the department was being computerised.
Salami attacks-
This kind of crime is normally prevalent in the financial institutions or for the purpose of committing financial crimes. An important feature of this type of offence is that the alteration is so small that it would normally go unnoticed. E.g. the Ziegler case wherein a logic bomb was introduced in the bank’s system, which deducted 10 cents from every account and deposited it in a particular account.
Denial of Service attack-
The computer of the victim is flooded with more requests than it can handle which cause it to crash. Distributed Denial of Service (DDoS) attack is also a type of denial of service attack, in which the offenders are wide in number and widespread. E.g. Amazon, Yahoo.
7. Virus / worm attacks-
Viruses are programs that attach themselves to a computer or a file and then circulate themselves to other files and to other computers on a network. They usually affect the data on a computer, either by altering or deleting it. Worms, unlike viruses do not need the host to attach themselves to. They merely make functional copies of themselves and do this repeatedly till they eat up all the available space on a computer's memory. E.g. love bug virus, which affected at least 5 % of the computers of the globe. The losses were accounted to be $ 10 million. The world's most famous worm was the Internet worm let loose on the Internet by Robert Morris sometime in 1988. Almost brought development of Internet to a complete halt.
8. Logic bombs-
These are event dependent programs. This implies that these programs are created to do something only when a certain event (known as a trigger event) occurs. E.g. even some viruses may be termed logic bombs because they lie dormant all through the year and become active only on a particular date (like the Chernobyl virus).
Trojan attacks-
This term has its origin in the word ‘Trojan horse’. In software field this means an unauthorized programme, which passively gains control over another’s system by representing itself as an authorised programme. The most common form of installing a Trojan is through e-mail. E.g. a Trojan was installed in the computer of a lady film director in the U.S. while chatting. The cyber criminal through the web cam installed in the computer obtained her nude photographs. He further harassed this lady.
Internet time thefts-
Normally in these kinds of thefts the Internet surfing hours of the victim are used up by another person. This is done by gaining access to the login ID and the password. E.g. Colonel Bajwa’s case- the Internet hours were used up by any other person. This was perhaps one of the first reported cases related to cyber crime in India. However this case made the police infamous as to their lack of understanding of the nature of cyber crime.
11. Web jacking-
This term is derived from the term hi jacking. In these kinds of offences the hacker gains access and control over the web site of another. He may even mutilate or change the information on the site. This may be done for fulfilling political objectives or for money. E.g. recently the site of MIT (Ministry of Information Technology) was hacked by the Pakistani hackers and some obscene matter was placed therein. Further the site of Bombay crime branch was also web jacked. Another case of web jacking is that of the ‘gold fish’ case. In this case the site was hacked and the information pertaining to gold fish was changed. Further a ransom of US $ 1 million was demanded as ransom. Thus web jacking is a process where by control over the site of another is made backed by some consideration for it.
CLASSIFICATION:
The subject of cyber crime may be broadly classified under the following three groups. They are-1. Against Individuals
a. their person &b. their property of an individual
2. Against Organization
a. Governmentc. Firm, Company, Group of Individuals.3. Against Society at large
The following are the crimes, which can be committed against the followings group Against Individuals: –
i. Harassment via e-mails.ii. Cyber-stalking.iii. Dissemination of obscene material.iv. Defamation.v. Unauthorized control/access over computer system.vi. Indecent exposurevii. Email spoofing viii. Cheating & Fraud
Against Individual Property: -
i. Computer vandalism.ii. Transmitting virus.iii. Netrespassiv. Unauthorized control/access over computer system.v. Intellectual Property crimesvi. Internet time thefts
Against Organization: -
i. Unauthorized control/access over computer systemii. Possession of unauthorized information.iii. Cyber terrorism against the government organization.iv. Distribution of pirated software etc.
Against Society at large: -
i. Pornography (basically child pornography).ii. Polluting the youth through indecent exposure.iii. Traffickingiv. Financial crimesv.Sale of illegal articlesvi.Online gamblingvii. Forgery
The above mentioned offences may discussed in brief as follows:
1. Harassment via e-mails-
Harassment through e-mails is not a new concept. It is very similar to harassing through letters. Recently I had received a mail from a lady wherein she complained about the same. Her former boy friend was sending her mails constantly sometimes emotionally blackmailing her and also threatening her. This is a very common type of harassment via e-mails.
2. Cyber-stalking-
The Oxford dictionary defines stalking as "pursuing stealthily". Cyber stalking involves following a person's movements across the Internet by posting messages (sometimes threatening) on the bulletin boards frequented by the victim, entering the chat-rooms frequented by the victim, constantly bombarding the victim with emails etc.
3. Dissemination of obscene material/ Indecent exposure/ Pornography (basically child pornography) / Polluting through indecent exposure-
Pornography on the net may take various forms. It may include the hosting of web site containing these prohibited materials. Use of computers for producing these obscene materials. Downloading through the Internet, obscene materials. These obscene matters may cause harm to the mind of the adolescent and tend to deprave or corrupt their mind. Two known cases of pornography are the Delhi Bal Bharati case and the Bombay case wherein two Swiss couple used to force the slum children for obscene photographs. The Mumbai police later arrested them.
4. Defamation
It is an act of imputing any person with intent to lower the person in the estimation of the right-thinking members of society generally or to cause him to be shunned or avoided or to expose him to hatred, contempt or ridicule. Cyber defamation is not different from conventional defamation except the involvement of a virtual medium. E.g. the mail account of Rohit was hacked and some mails were sent from his account to some of his batch mates regarding his affair with a girl with intent to defame him.
4. Unauthorized control/access over computer system-
This activity is commonly referred to as hacking. The Indian law has however given a different connotation to the term hacking, so we will not use the term "unauthorized access" interchangeably with the term "hacking" to prevent confusion as the term used in the Act of 2000 is much wider than hacking.
5. E mail spoofing-
A spoofed e-mail may be said to be one, which misrepresents its origin. It shows it's origin to be different from which actually it originates. Recently spoofed mails were sent on the name of Mr. Na.Vijayashankar (naavi.org), which contained virus.
Rajesh Manyar, a graduate student at Purdue University in Indiana, was arrested for threatening to detonate a nuclear device in the college campus. The alleged e- mail was sent from the account of another student to the vice president for student services. However the mail was traced to be sent from the account of Rajesh Manyar.(15)
6. Computer vandalism-
Vandalism means deliberately destroying or damaging property of another. Thus computer vandalism may include within its purview any kind of physical harm done to the computer of any person. These acts may take the form of the theft of a computer, some part of a computer or a peripheral attached to the computer or by physically damaging a computer or its peripherals.
7. Transmitting virus/worms-
This topic has been adequately dealt herein above.
8. Intellectual Property crimes / Distribution of pirated software-
Intellectual property consists of a bundle of rights. Any unlawful act by which the owner is deprived completely or partially of his rights is an offence. The common form of IPR violation may be said to be software piracy, copyright infringement, trademark and service mark violation, theft of computer source code, etc.
The Hyderabad Court has in a land mark judgement has convicted three people and sentenced them to six months imprisonment and fine of 50,000 each for unauthorized copying and sell of pirated software. (16)
9. Cyber terrorism against the government organization
At this juncture a necessity may be felt that what is the need to distinguish between cyber terrorism and cyber crime. Both are criminal acts. However there is a compelling need to distinguish between both these crimes. A cyber crime is generally a domestic issue, which may have international consequences, however cyber terrorism is a global concern, which has domestic as well as international consequences. The common form of these terrorist attacks on the Internet is by distributed denial of service attacks, hate websites and hate emails, attacks on sensitive computer networks, etc. Technology savvy terrorists are using 512-bit encryption, which is next to impossible to decrypt. The recent example may be cited of – Osama Bin Laden, the LTTE, attack on America’s army deployment system during Iraq war.
Cyber terrorism may be defined to be “ the premeditated use of disruptive activities, or the threat thereof, in cyber space, with the intention to further social, ideological, religious, political or similar objectives, or to intimidate any person in furtherance of such objectives” (4)
Another definition may be attempted to cover within its ambit every act of cyber terrorism.
A terrorist means a person who indulges in wanton killing of persons or in violence or in disruption of services or means of communications essential to the community or in damaging property with the view to –
(1) putting the public or any section of the public in fear; or
(2) affecting adversely the harmony between different religious, racial, language or regional groups or castes or communities; or
(3) coercing or overawing the government established by law; or
(4) endangering the sovereignty and integrity of the nation
and a cyber terrorist is the person who uses the computer system as a means or ends to achieve the above objectives. Every act done in pursuance thereof is an act of cyber terrorism.
10.Trafficking
Trafficking may assume different forms. It may be trafficking in drugs, human beings, arms weapons etc. These forms of trafficking are going unchecked because they are carried on under pseudonyms. A racket was busted in Chennai where drugs were being sold under the pseudonym of honey.
Fraud & Cheating
Online fraud and cheating is one of the most lucrative businesses that are growing today in the cyber space. It may assume different forms. Some of the cases of online fraud and cheating that have come to light are those pertaining to credit card crimes, contractual crimes, offering jobs, etc.
Recently the Court of Metropolitan Magistrate Delhi (17) found guilty a 24-year-old engineer working in a call centre, of fraudulently gaining the details of Campa's credit card and bought a television and a cordless phone from Sony website. Metropolitan magistrate Gulshan Kumar convicted Azim for cheating under IPC, but did not send him to jail. Instead, Azim was asked to furnish a personal bond of Rs 20,000, and was released on a year's probation.
STATUTORY PROVISONS:
The Indian parliament considered it necessary to give effect to the resolution by which the General Assembly adopted Model Law on Electronic Commerce adopted by the United Nations Commission on Trade Law. As a consequence of which the Information Technology Act 2000 was passed and enforced on 17th May 2000.the preamble of this Act states its objective to legalise e-commerce and further amend the Indian Penal Code 1860, the Indian Evidence Act 1872, the Banker’s Book Evidence Act1891 and the Reserve Bank of India Act 1934. The basic purpose to incorporate the changes in these Acts is to make them compatible with the Act of 2000. So that they may regulate and control the affairs of the cyber world in an effective manner.
The Information Technology Act deals with the various cyber crimes in chapters IX & XI. The important sections are Ss. 43,65,66,67. Section 43 in particular deals with the unauthorised access, unauthorised downloading, virus attacks or any contaminant, causes damage, disruption, denial of access, interference with the service availed by a person. This section provide for a fine up to Rs. 1 Crore by way of remedy. Section 65 deals with ‘tampering with computer source documents’ and provides for imprisonment up to 3 years or fine, which may extend up to 2 years or both. Section 66 deals with ‘hacking with computer system’ and provides for imprisonment up to 3 years or fine, which may extend up to 2 years or both. Further section 67 deals with publication of obscene material and provides for imprisonment up to a term of 10 years and also with fine up to Rs. 2 lakhs. (14)
ANALYSIS OF THE STATUTORY PROVISONS:
The Information Technology Act 2000 was undoubtedly a welcome step at a time when there was no legislation on this specialised field. The Act has however during its application has proved to be inadequate to a certain extent. The various loopholes in the Act are-
1. The hurry in which the legislation was passed, without sufficient public debate, did not really serve the desired purpose (6)-
Experts are of the opinion that one of the reasons for the inadequacy of the legislation has been the hurry in which it was passed by the parliament and it is also a fact that sufficient time was not given for public debate. 2. “Cyberlaws, in their very preamble and aim, state that they are targeted at aiding e-commerce, and are not meant to regulate cybercrime”(6) –
Mr. Pavan Duggal holds the opinion that the main intention of the legislators has been to provide for a law to regulate the e-commerce and with that aim the I.T.Act 2000 was passed, which also is one of the reasons for its inadequacy to deal with cases of cyber crime.
At this point I would like to express my respectful dissent with Mr. Duggal. I feel that the above statement by Mr. Duggal is not fundamentally correct. The reason being that the preamble does state that the Act aims at legalising e-commerce. However it does not stop here. It further amends the I.P.C., Evidence Act, Banker’s Book Evidence and RBI Act also. The Act also aims to deal with all matters connected therewith or incidental thereto. It is a cardinal rule of interpretation that “text should be read as a whole to gather the meaning”. It seems that the above statement has been made in total disregard of this rule of interpretation. The preamble, if read as a whole, makes it very clear that the Act equally aims at legalising e-commerce and to curb any offences arising there from.3.Cyber torts-
The recent cases including Cyber stalking cyber harassment, cyber nuisance, and cyber defamation have shown that the I.T.Act 2000 has not dealt with those offences. Further it is also contended that in future new forms of cyber crime will emerge which even need to be taken care of. Therefore India should sign the cyber crime convention. However the I.T.Act 2000 read with the Penal Code is capable of dealing with these felonies. 4.Cyber crime in the Act is neither comprehensive nor exhaustive-
Mr. Duggal believes that we need dedicated legislation on cyber crime that can supplement the Indian Penal Code. The contemporary view is held by Mr. Prathamesh Popat who has stated- "The IT Act, 2000 is not comprehensive enough and doesn't even define the term 'cyber crime". (8) Mr. Duggal has further commented, “India, as a nation, has to cope with an urgent need to regulate and punish those committing cyber crimes, but with no specific provisions to do so. Supporters of the Indian Penal Code School vehemently argue that IPC has stood the test of time and that it is not necessary to incorporate any special laws on cyber crime. This is because it is debated by them that the IPC alone is sufficient for all kinds of crime. However, in practical terms, the argument does not have appropriate backing. It has to be distinctly understood that cyber crime and cyberspace are completely new whelms, where numerous new possibilities and opportunities emerge by the day in the form of new kinds of crimes.”(6)
I feel that a new legislation on cyber crime is totally unwarranted. The reason is that the new legislation not come alone but will bring with it the same confusion, the same dissatisfaction and the same desire to supplant it by further new legislation. Mr. Duggal has stated above the need to supplement IPC by a new legislation. If that is the issue then the present legislation along with the Penal Code when read harmoniously and co- jointly is sufficient to deal with the present problems of cyber crime. Further there are other legislations to deal with the intellectual property crimes on the cyber space such as the Patents Act, Copy Right Act, Trade Marks Act. 5.Ambiguity in the definitions-
The definition of hacking provided in section 66 of the Act is very wide and capable of misapplication. There is every possibility of this section being misapplied and in fact the Delhi court has misapplied it. The infamous go2nextjob has made it very clear that what may be the fate of a person who is booked under section 66 or the constant threat under which the netizens are till s. 66 exists in its present form.
Further section 67 is also vague to certain extent. It is difficult to define the term lascivious information or obscene pornographic information. Further our inability to deal with the cases of cyber pornography has been proved by the Bal Bharati case. 6. Uniform law-
Mr. Vinod Kumar (9) holds the opinion that the need of the hour is a worldwide uniform cyber law to combat cyber crime. Cyber crime is a global phenomenon and therefore the initiative to fight it should come from the same level. E.g. the author of the love bug virus was appreciated by his countrymen.7.Lack of awareness-
One important reason that the Act of 2000 is not achieving complete success is the lack of awareness among the s about their rights. Further most of the cases are going unreported. If the people are vigilant about their rights the law definitely protects their right. E.g. the Delhi high court in October 2002 prevented a person from selling Microsoft pirated software over an auction site. Achievement was also made in the case before the court of metropolitan magistrate Delhi wherein a person was convicted for online cheating by buying Sony products using a stolen credit card. (17)8. Jurisdiction issues-
Jurisdiction is also one of the debatable issues in the cases of cyber crime due to the very universal nature of cyber space. With the ever-growing arms of cyber space the territorial concept seems to vanish. New methods of dispute resolution should give way to the conventional methods. The Act of 2000 is very silent on these issues.9. Extra territorial application-
Though S.75 provides for extra-territorial operations of this law, but they could be meaningful only when backed with provisions recognizing orders and warrants for Information issued by competent authorities outside their jurisdiction and measure for cooperation for exchange of material and evidence of computer crimes between law enforcement agencies.10. Raising a cyber army-
By using the word ‘cyber army’ by no means I want to convey the idea of virtual army, rather I am laying emphasis on the need for a well equipped task force to deal with the new trends of hi tech crime. The government has taken a leap in this direction by constituting cyber crime cells in all metropolitan and other important cities. Further the establishment of the Cyber Crime Investigation Cell (CCIC) of the Central Bureau of Investigation (CBI) 11) is definitely a welcome step in this direction. There are man cases in which the C.B.I has achieved success. The present position of cases of cyber crime (17) is –
Case 1: When a woman at an MNC started receiving obscene calls, CBI found her colleague had posted her personal details on Mumbaidating.com.
Status: Probe on
Case 2: CBI arrested a man from UP, Mohammed Feroz, who placed ads offering jobs in Germany. He talked to applicants via e-mail and asked them to deposit money in his bank account in Delhi.
Status: Chargesheet not filed
Case 3: The official web-site of the Central Board of Direct Taxes was hacked last year. As Pakistan-based hackers were responsible, authorities there were informed through Interpol.
Status: Pak not cooperating.11. Cyber savvy bench-
Cyber savvy judges are the need of the day. Judiciary plays a vital role in shaping the enactment according to the order of the day. One such stage, which needs appreciation, is the P.I.L., which the Kerela High Court has accepted through an email. The role of the judges in today’s word may be gathered by the statement- judges carve ‘law is’ to ‘law ought to be’. Mr T.K.Vishwanathan, member secretary, Law Commission , has highlighted the requirements for introducing e-courts in India. In his article published in The Hindu he has stated “if there is one area of Governance where IT can make a huge difference to Indian public is in the Judicial System”.12. Dynamic form of cyber crime-
Speaking on the dynamic nature of cyber crime FBI Director Louis Freeh has said, "In short, even though we have markedly improved our capabilities to fight cyber intrusions the problem is growing even faster and we are falling further behind.” The (de)creativity of human mind cannot be checked by any law. Thus the only way out is the liberal construction while applying the statutory provisions to cyber crime cases. 13. Hesitation to report offences-
As stated above one of the fatal drawbacks of the Act has been the cases going unreported. One obvious reason is the non-cooperative police force. This was proved by the Delhi time theft case. "The police are a powerful force today which can play an instrumental role in preventing cybercrime. At the same time, it can also end up wielding the rod and harassing innocent s, preventing them from going about their normal cyber business."(10) This attitude of the administration is also revelled by incident that took place at Merrut and Belgam. (for the facts of these incidents refer to naavi.com). For complete realisation of the provisions of this Act a cooperative police force is require.
PREVENTION OF CYBER CRIME:
Prevention is always better than cure. It is always better to take certain precaution while operating the net. A should make them his part of cyber life. Saileshkumar Zarkar, technical advisor and network security consultant to the Mumbai Police Cyber crime Cell, advocates the 5P mantra for online security: Precaution, Prevention, Protection, Preservation and Perseverance. A netizen should keep in mind the following things-
1.to prevent cyber stalking avoid disclosing any information pertaining to oneself. This is as good as disclosing your identity to strangers in public place.
2.always avoid sending any photograph online particularly to strangers and chat friends as there have been incidents of misuse of the photographs.
3.always use latest and up date anti virus software to guard against virus attacks.
4.always keep back up volumes so that one may not suffer data loss in case of virus contamination
5.never send your credit card number to any site that is not secured, to guard against frauds.
6.always keep a watch on the sites that your children are accessing to prevent any kind of harassment or depravation in children.
7.it is better to use a security programme that gives control over the cookies and send information back to the site as leaving the cookies unguarded might prove fatal.
8.web site owners should watch traffic and check any irregularity on the site. Putting host-based intrusion detection devices on servers may do this.
9.use of firewalls may be beneficial.
10. web servers running public sites must be physically separate protected from internal corporate network.
Adjudication of a Cyber Crime - On the directions of the Bombay High Court the Central Government has by a notification dated 25.03.03 has decided that the Secretary to the Information Technology Department in each state by designation would be appointed as the AO for each state.
CONCLUSION:
Capacity of human mind is unfathomable. It is not possible to eliminate cyber crime from the cyber space. It is quite possible to check them. History is the witness that no legislation has succeeded in totally eliminating crime from the globe. The only possible step is to make people aware of their rights and duties (to report crime as a collective duty towards the society) and further making the application of the laws more stringent to check crime. Undoubtedly the Act is a historical step in the cyber world. Further I all together do not deny that there is a need to bring changes in the Information Technology Act to make it more effective to combat cyber crime. I would conclude with a word of caution for the pro-legislation school that it should be kept in mind that the provisions of the cyber law are not made so stringent that it may retard the growth of the industry and prove to be counter-productive.
REFERENCES:
1. Granville Williams
2. Proprietary Articles Trade Association v. A.G.for Canada (1932)
3. Nagpal R. – What is Cyber Crime?
4. Nagpal R- Defining Cyber Terrorism
5. Duggal Pawan – The Internet: Legal Dimensions
6. Duggal Pawan - Is this Treaty a Treat?
7. Duggal Pawan - Cybercrime
8. Kapoor G.V. - Byte by Byte
9. Kumar Vinod – Winning the Battle against Cyber Crime
10. Mehta Dewang- Role of Police In Tackling Internet Crimes
11. Postal address-
Superintendent of Police, Cyber Crime Investigation Cell, 5th Floor, Block No.3, CGO Complex, Lodhi Road, New Delhi – 110 003Phone: 4362203, 4392424
e-mail- cbiccic@bol.net.in
12. Duggal Pawan
13. by the Author
14. For the sake of convenience the readers are requested to read sections 43, 65, 66,67 of the Information Technology Act.
15. Sify News 14.03.03
16. Deccan Herald 16.03.03
17. Hindustan Times 03.03.03
Reporting Computer Hacking, Fraud and Other Internet-Related Crime
The primary federal law enforcement agencies that investigate domestic crime on the Internet include: the Federal Bureau of Investigation (FBI), the United States Secret Service, the United States Immigration and Customs Enforcement (ICE) , the United States Postal Inspection Service, and the Bureau of Alcohol, Tobacco and Firearms (ATF) . Each of these agencies has offices conveniently located in every state to which crimes may be reported. Contact information regarding these local offices may be found in local telephone directories. In general, federal crime may be reported to the local office of an appropriate law enforcement agency by a telephone call and by requesting the "Duty Complaint Agent."
Each law enforcement agency also has a headquarters (HQ) in Washington, D.C., which has agents who specialize in particular areas. For example, the FBI and the U.S. Secret Service both have headquarters-based specialists in computer intrusion (i.e., computer hacker) cases.
Each law enforcement agency also has a headquarters (HQ) in Washington, D.C., which has agents who specialize in particular areas. For example, the FBI and the U.S. Secret Service both have headquarters-based specialists in computer intrusion (i.e., computer hacker) cases.
For more on this article please click here
Sunday, August 2, 2009
Internet Security: How Criminals Hack Other Peoples Computers
For those of you that work in Information Technology and started in the last 20 years or so, chances are you were inspired by movies such as War Games, Sneakers or even Hackers. Remember that 80’s T.V. show Whiz Kids? That was cool too. I so wanted to be one of those kids.Of course, those movies were exaggerating the power of computers or how they worked, but it was fascinating! The idea of taking control of something or figuring out how it worked by poking around and analyzing it. It was this endless world of possibilities that got us pursuing some of the most thankless jobs in the world.So how do criminals do things like hack other people’s computers? It really doesn’t take a lot of skill at all.Let’s assume I’m the criminal for the sake of this story. Disclaimer: I have never been charged with any crime. I do not do the things I’ll talk about here. You shouldn’t either! Do not try this at home – do it somewhere else.
The easiest way to hack someone’s computer is to get your grubby little hands on it. If I got your computer AND found that your Windows XP accounts were password protected, I would simply use a bootable password reset disk to change or remove the passwords. Then I’m in. I’m not going to tell you where to get these utilities, however, I’m sure you can use Google.If you had Windows Vista on the disk, with it’s BitLocker technology, it would be harder to get around the protection for certain. But it can be done. I’m sure this isn’t the only method out there.
“Okay smarty-pants! You’ve gotten into my account but I have passwords on all the documents that have my important information!”
Really? First, I don’t believe you since very few people even know that they can password protect documents. Second, there’s a good chance you use the same password for all the documents. Chances are you figure that having a strong password on the Windows account is good enough, that you’ve used a pretty weak one on your documents. Any sort of password cracker using a rainbow table or dictionary attack will get through those in a matter of seconds to minutes.
What if you had set a BIOS password, so that I couldn’t even get to the operating system without knowing it? Well, that’s another step in the right direction, but, yet again, it can be done. The thing is, now I have to do a lot of work. Steal the computer, crack the BIOS password, crack your Windows protection, and crack the document protection. Since most people who steal, steal from people they know, I’ll probably know that you do these things. I’ll look for an easier target. Lazy criminal laggards!
“But Guy!” you say, “what if I do all of that but you want to get at me over the Internet?”
First off, why do you keep calling me Butt Guy? (Seriously, I NEVER get tired of that joke!) Second, um, yeah, I could do that. However, I’m less likely to try to actually hack your computer. What I’m likely to do is hack websites that you use to gather the information I need to steal your information or money. Even with some creative web searching I can get an awful lot of information on you. Seriously. Try searching on your name and aliases you use on the web. You’ll be amazed by the social profile one could build on you, to steal your identity. So, be careful about what you put out there. It’s out there, pretty much forever.
If you would like to trace someone online MakeUseOf lists a numbers of really good free tools in the post about 15 Websites to Find People On The Internet.
Let’s say that I’m going to hack right into your computer remotely. The easiest way to do this is to trick you into downloading software that will allow me to take control of your computer. This kind of software is known as a Trojan Horse. I may send you an attachment, or link, in an e-mail that, once you open it, installs the Trojan program without you knowing it. Or, I may set up a web page on a popular topic, that will attack your computer and drop the Trojan Horse onto it. Here’s a story on exactly that.Once that Trojan is on there, I can use it to take information from you, or I might use it to set up a proxy for me to get to other computers. The nasty part of that is that it is possible for you to then be implicated in whatever crime I committed. Sure, a good lawyer would get you exonerated, but how many lawyers are good enough with computers to understand what just happened? By the time you pay for the lawyer, and dealt with the embarrassment of being charged, you’re already done in. Then I’m long gone.
So what do you do? Well, you keep your operating system updated, you keep your software updated, you keep your antivirus and firewall on and updated. You should also disconnect your computer from the Internet when you are not using. But really, who does all that?
Every computer is like a house – locks on the door, but a glass window right beside it. Just as my dad often said, “Locks only keep out honest people.”
post from; makeuseof.com
Wednesday, February 4, 2009
posts from crime-research.org
The internet in India is growing rapidly. It has given rise to new opportunities in every field we can think of – be it entertainment, business, sports or education. There are two sides to a coin. Internet also has its own disadvantages. One of the major disadvantages is Cybercrime – illegal activitiy committed on the internet. The internet, along with its advantages, has also exposed us to security risks that come with connecting to a large network. Computers today are being misused for illegal activities like e-mail espionage, credit card fraud, spams, software piracy and so on, which invade our privacy and offend our senses. Criminal activities in the cyberspace are on the rise. Here we publish an article by Nandini Ramprasad in series for the benefit of our netizens. –Ed.
"The modern thief can steal more with a computer than with a gun. Tomorrow's terrorist may be able to do more damage with a keyboard than with a bomb".
– National Research Council, "Computers at Risk", 1991.
What is this Cyber crime? We read about it in newspapers very often. Let's look at the dictionary definition of Cybercrime: "It is a criminal activity committed on the internet. This is a broad term that describes everything from electronic cracking to denial of service attacks that cause electronic commerce sites to lose money".
Mr. Pavan Duggal, who is the President of cyberlaws.net and consultant, in a report has clearly defined the various categories and types of cybercrimes.
Cybercrimes can be basically divided into 3 major categories:
1. Cybercrimes against persons.
2. Cybercrimes against property.
3. Cybercrimes against government.
Cybercrimes committed against persons include various crimes like transmission of child-pornography, harassment of any one with the use of a computer such as e-mail. The trafficking, distribution, posting, and dissemination of obscene material including pornography and indecent exposure, constitutes one of the most important Cybercrimes known today. The potential harm of such a crime to humanity can hardly be amplified. This is one Cybercrime which threatens to undermine the growth of the younger generation as also leave irreparable scars and injury on the younger generation, if not controlled.
A minor girl in Ahmedabad was lured to a private place through cyberchat by a man, who, along with his friends, attempted to gangrape her. As some passersby heard her cry, she was rescued.
Another example wherein the damage was not done to a person but to the masses is the case of the Melissa virus. The Melissa virus first appeared on the internet in March of 1999. It spread rapidly throughout computer systems in the United States and Europe. It is estimated that the virus caused 80 million dollars in damages to computers worldwide.
In the United States alone, the virus made its way through 1.2 million computers in one-fifth of the country's largest businesses. David Smith pleaded guilty on Dec. 9, 1999 to state and federal charges associated with his creation of the Melissa virus. There are numerous examples of such computer viruses few of them being "Melissa" and "love bug".
Cyberharassment is a distinct Cybercrime. Various kinds of harassment can and do occur in cyberspace, or through the use of cyberspace. Harassment can be sexual, racial, religious, or other. Persons perpetuating such harassment are also guilty of cybercrimes.
Cyberharassment as a crime also brings us to another related area of violation of privacy of citizens. Violation of privacy of online citizens is a Cybercrime of a grave nature. No one likes any other person invading the invaluable and extremely touchy area of his or her own privacy which the medium of internet grants to the citizen.
The second category of Cyber-crimes is that of Cybercrimes against all forms of property. These crimes include computer vandalism (destruction of others' property), transmission of harmful programmes.
A Mumbai-based upstart engineering company lost a say and much money in the business when the rival company, an industry major, stole the technical database from their computers with the help of a corporate cyberspy.
The third category of Cyber-crimes relate to Cybercrimes against Government. Cyberterrorism is one distinct kind of crime in this category. The growth of internet has shown that the medium of Cyberspace is being used by individuals and groups to threaten the international governments as also to terrorise the citizens of a country. This crime manifests itself into terrorism when an individual "cracks" into a government or military maintained website.
In a report of expressindia. com, it was said that internet was becoming a boon for the terrorist organisations. According to Mr. A.K. Gupta, Deputy Director (Co-ordination), CBI, terrorist outfits are increasingly using internet to communicate and move funds. "Lashker-e-Toiba is collecting contributions online from its sympathisers all over the world. During the investigation of the Red Fort shootout in Dec. 2000, the accused Ashfaq Ahmed of this terrorist group revealed that the militants are making extensive use of the internet to communicate with the operatives and the sympathisers and also using the medium for intra-bank transfer of funds".
Cracking is amongst the gravest Cyber-crimes known till date. It is a dreadful feeling to know that a stranger has broken into your computer systems without your knowledge and consent and has tampered with precious confidential data and information.
Coupled with this the actuality is that no computer system in the world is cracking proof. It is unanimously agreed that any and every system in the world can be cracked. The recent denial of service attacks seen over the popular commercial sites like E-bay, Yahoo, Amazon and others are a new category of Cyber-crimes which are slowly emerging as being extremely dangerous.
Unauthorised access
Using one's own programming abilities as also various progra-mmes with malicious intent to gain unauthorised access to a computer or network are very serious crimes. Similarly, the creation and dissemination of harmful computer programmes which do irreparable damage to computer systems is another kind of Cybercrime. Software piracy is also another distinct kind of Cybercrime which is perpetuated by many people online who distribute illegal and unauthorised pirated copies of software.
Professionals who involve in these cybercrimes are called crackers and it is found that many of such professionals are still in their teens. A report written near the start of the Information Age warned that America's computers were at risk from crackers. It said that computers that "control (our) power delivery, communications, aviation and financial services (and) store vital information, from medical re-cords to business plans, to criminal records", were vulnerable from many sources, including deliberate attack.
"Script-kiddies"
Crackers do more than just spoiling websites. Novices, who are called "script-kiddies" in their circles, gain "root" access to a computer system, giving them the same power over a system as an administrator – such as the power to modify features. They cause damage by planting viruses.
The Parliament of India passed its first Cyberlaw, the Information Technology Act in 2000. It not only provides the legal infrastructure for E-commerce in India but also at the same time, gives draconian powers to the Police to enter and search, without any warrant, any public place for the purpose of nabbing cybercriminals and preventing cybercrime. Also, the Indian Cyberlaw talks of the arrest of any person who is about to commit a cybercrime.
The Act defines five cyber-crimes – damage to computer source code, hacking, publishing electronic information whi-ch is lascivious or prurient, br-each of confidentiality and pu-blishing false digital signatu-res. The Act also specifies that cybercrimes can only be investigated by an official holding no less a rank than that of Dy. Superintendent of Police (Dy.SP).
The Act simply says "Notwi-thstanding anything contained in any other law for the time being in force, any Police Officer not below the rank of Dy.SP may enter, search and arrest any person without search warrant in any public place who he thinks is committing or about to commit a cybercrime".
It is common that many systems operators do not share information when they are victimis-ed by crackers. They don't contact law enforcement officers when their computer systems are invaded, preferring instead to fix the damage and take action to keep crackers from gaining access again with as little public attention as possible.
According to Sundari Nanda, SP, CBI, "most of the times the victims do not complain, may be because they are aware of the extent of the crime committed against them, or as in the case of business houses, they don't want to confess their system is not secure".
As the research shows, computer crime poses a real threat. Those who believe otherwise simply have not been awakened by the massive losses and setbacks experienced by companies worldwide. Money and intellectual property have been stolen, corporate operations impeded, and jobs lost as a result of computer crime.
Similarly, information systems in government and business alike have been compromised. The economic impact of computer crime is staggering.
Cyberspace
As the cases of cybercrime grows, there is a growing need to prevent them. Cyberspace belongs to everyone. There should be electronic surveillance which means investigators tracking down hackers often want to monitor a cracker as he breaks into a victim's computer system. The two basic laws governing real-time electronic surveillance in other criminal investigations also apply in this context, search warrants which means that search warrants may be obtained to gain access to the premises where the cracker is believed to have evidence of the crime. Such evidence would include the computer used to commit the crime, as well as the software used to gain unauthorised access and other evidence of the crime.
There should also be analysing evidence from a cracker's computer by the officials investigating the crime. A seized computer may be examined by a forensic computer examiner to determine what evidence of the crime exists on the computer.
Researchers must explore the problems in greater detail to learn the origins, methods, and motivations of this growing criminal group. Decision-makers in business, government, and law enforcement must react to this emerging body of knowledge. They must develop policies, methods, and regulations to detect incursions, investigate and prosecute the perpetrators, and prevent future crimes. In addition, Police Departments should immediately take steps to protect their own information systems from intrusions.
Internet provides anonymity: This is one of the reasons why criminals try to get away easily when caught and also give them a chance to commit the crime again. Therefore, we users should be careful. We should not disclose any personal information on the internet or use credit cards and if we find anything suspicious in e-mails or if the system is hacked, it should be immediately reported to the Police officials who investigate cyber-crimes rather than trying to fix the problem by ourselves.
Computer crime is a multi-billion dollar problem. Law enforcement must seek ways to keep the drawbacks from overshadowing the great promise of the computer age. Cybercrime is a menace that has to be tackled effectively not only by the official but also by the users by co-operating with the law. The founding fathers of internet wanted it to be a boon to the whole world and it is upon us to keep this tool of modernisation as a boon and not make it a bane to the society.
Subscribe to:
Posts (Atom)