Académique Documents
Professionnel Documents
Culture Documents
Cyber Crime
Mankind as a race has progressed through a series of stages. We have
had the stage of the Stone Age, the Medieval Period, and the stage of
the
Industrial
Revolution.
One
interesting
thing
is
that
every
CYBER CRIME
Crimes, as traditionally conceived, are committed in the so-called real
world, in our shared physical reality. The conduct used to commit such
crimes, the circumstances involved in their commission, and the harms
that result from their commission all occur in corporeal venues such as
public streets or private residences. Consequently, our extant law of
crimes is concerned with imposing liability and sanctions (death,
incarceration, fines, and so forth) for conduct that results in the
infliction of corporeal harms, such as injury to persons or property or
the unauthorized taking of another persons property. The modern
criminal law insists, as a fundamental premise, that liability be
predicated upon some conductaction or inaction in the face of a duty
to acttaken in the external, physical world; it rejects the notion that
liability can be imposed for incorporeal behaviors such as improper
thoughts.
Cyberspace is a domain that exists along with but apart from the
physical world. It is a shared conceptual reality, a virtual world, not a
shared physical reality.
It may represent
Criminal Law, Cases and Materials,, Gaur, K.D (New Delhi: Butterworths India, 1999), 23
Criminal Law, Cases and Materials,, Gaur, K.D (New Delhi: Butterworths India, 1999), 23
crimes. If, on the other hand, the principles we use for crimes can be
used to impose liability for cyber crimes, they cannot be discrete
entities: cyber crimes would be simply a subset of crimes.
As a previous paragraph explained, we define crimes as consisting of
four elements: prohibited conduct, culpable mental state, specified
attendant circumstances and a forbidden result or harm. These
elements are the method we use to impose liability for the commission
of crimes. To convict someone of a crime, the prosecution must prove
all of these elements beyond a reasonable doubt.4
These elements, and the related principles we use to operationalize
them, were developed to deal with prohibited conduct occurring in the
physical world. The premise that cyber crimes represent a new legal
phenomenon derives from the empirically undeniable fact that they
involve conduct that is committed wholly or partially in a different
venue: the virtual world of cyberspace. And depending on the offense
at issue, cyber crimes may also involve attendant circumstances or
harms that are located in cyberspace.
Meaning
Criminal Law, Cases and Materials,, Gaur, K.D (New Delhi: Butterworths India, 1999), 39
ii.
Elements
iii.
iv.
Types
Definition
A cyber offence may be defined as an offence involving the use of a
computer system. It may either be used as a tool for committing the
offence or be made the target of such an offence or both.
Elements
The elements of a cyber offence are as follows:
Jurisdictional complexities
Lack
of
appropriate
investigative
infrastructure
designed
Types
Cyber offences may be categorized into the following two types:
10
Landmark law
The two men have been charged under a landmark law - the
Information Technology Act - which was approved by parliament last
year. It allows police to enter and search public places, such as cyber
cafes, without a warrant and to arrest suspects when they believe a
cyber crime is being committed.5
There is another case about a student of Air Force Bal Bharati School in
Delhi, which is generally considered the second land mark case of
cyber crime in India. This is a case which did not reach the High Court
or Supreme Court, therefore the citation is not known. However the
facts of this case from newspapers etc. have been given below.
Recent Indian incidents revolving around cyber pornography include
the Air Force Bal Bharati School case. A student of the Air Force Bal
Bharati School, Delhi, was teased by all his classmates for having a
pockmarked face. Tired of the cruel jokes, he decided to get back at his
tormentors. He scanned photographs of his classmates and teachers,
morphed them with nude photographs and put them up on a website
that he uploaded on to a free web hosting service. It was only after the
father of one of the class girls featured on the website objected and
lodged a complaint with the police that any action was taken.6
The Amendments made by the Information Technology Act 200, to the
Indian Penal Code are given in Appendix 2. On the next page is a table
5
11
of all the penal sections of the IT Act, along with the respective
punishments.
S.
Punishment
No.
1.
(Sec.
65);
Hacking
to
comply
with
the
Imprisonment
up
to
68)
two Breach
of
confidentiality
or
purposes.
(Sec.
74)
Misrepresentation or suppression
3.
to
4.
Imprisonment
up
to
5.
years
Imprisonment
up
to
two
lakhs
(second
conviction)
12
6.
Imprisonment
up
to
6 Failure
to
surrender
license
13
14
may be the target of the offense. In these cases, the criminal's goal is
to steal information from, or cause damage to, a computer, computer
system, or computer network. Second, the computer may be a tool of
the offense. This occurs when an individual uses a computer to
facilitate some traditional offense such as fraud (e.g., a bank teller who
once stole money from a cash drawer may now use a computer
program to skim money directly from depositors' accounts). Last,
computers are sometimes incidental to the offense, but significant to
law enforcement because they contain evidence of a crime. Narcotics
dealers, for example, may use a personal computer to store records
pertaining to drug trafficking instead of relying on old-fashioned
ledgers.
The different ways in which criminals can use computers have created
a philosophical debate among law enforcement experts. Some argue
that computer crime is nothing more than traditional crime committed
with new, high-tech devices. Others contend that computer crime
cannot be analogized to traditional crime and that combating it
requires both innovative law enforcement techniques and new laws
designed to address abuses of emerging technologies. In 1984,
Congress adopted the latter view and enacted discrete legislation to
address crime in electronic environments. Although certain computer
crimes appear simply to be old crimes committed in new ways (e.g.,
the bank teller who uses a computer program to steal money is still
committing bank fraud), some computer offenses find their genesis in
our new technologies and must be specifically addressed by statute.
For example, the widespread damage caused by inserting a virus into a
global computer network cannot be prosecuted adequately by relying
upon common law criminal mischief statutes. Indeed, it is questionable
whether Robert Morris, the individual responsible for launching the
Morris worm and crippling 6,000 computers around the world, could
15
have been prosecuted had Congress not had the foresight to enact the
Computer Fraud and Abuse Act.8
Whether classified as "old" or "new," computer crime creates unique
problems for law enforcement and a concomitant threat to the public
welfare.
The
most
significant
legislative
problems
stem
from
Id.
16
Sec. 2314. - Transportation of stolen goods, securities, moneys, fraudulent State tax stamps, or
17
by
the
implementation
of
new
computer
and
government. This section also shall not apply to any falsely made, forged, altered, counterfeited,
or spurious representation of any bank note or bill issued by a bank or corporation of any foreign
country which is intended by the laws or usage of such country to circulate as money.
http://www4.law.cornell.edu/uscode/18/2314.html Last Visited 13th September, 2003
10
United States v. Brown, 925 F.2d 1301, 1308 (10th Cir. 1991). www.westlaw.com, Last visited
11
(a) Whoever in any way or degree obstructs, delays, or affects commerce or the movement of
any article or commodity in commerce, by robbery or extortion or attempts or conspires so to do,
or commits or threatens physical violence to any person or property in furtherance of a plan or
purpose to do anything in violation of this section shall be fined under this title or imprisoned not
more than twenty years, or both.
http://www4.law.cornell.edu/cgi-bin/htm_hl?
DB=uscode18&STEMMER=en&WORDS=18+1951+&COLOUR=Red&STYLE=s&URL=/uscode/1
8/1951.html#muscat_highlighter_first_match Last visited 13th September, 2003.
18
(1) The United States, in a single statute, continues to address the core
issues driving computer and information security at both domestic and
international levels; that is, protecting the confidentiality, integrity, and
availability of data and systems. Indeed, these three themes provide
the foundation for the Organization for Economic Cooperation and
Development's (OECD) Guidelines for the Security of Information
Systems. They also serve as the linchpin for emerging domestic works
on information privacy.. By patterning the amended Computer Fraud
and Abuse Act on the OECD guidelines, the U.S. is at the forefront of
rethinking how information technology crimes must be addressed-simultaneously protecting the confidentiality, integrity, and availability
of data and systems.
(2) In most cases, a single point of reference--The Computer Fraud and
Abuse Act, 18 U.S.C. 1030--is provided for investigators, prosecutors,
and legislators as they attempt to determine whether a particular
abuse of new technology is covered under federal criminal law.
(3) As new technologies are introduced and the criminal law requires
reconsideration, fine-tuning 1030 may well be adequate, and it will
not be necessary to continually parse through the entire United States
Code.
(4) This statutory scheme will give a better understanding of the scope
of the computer crime problem by enabling more reliable statistics to
be generated regarding computer abuse. Under current law, computer
crimes can be charged under a host of criminal statutes, and this
situation will continue if the U.S. chooses a patchwork approach and
amends the various provisions of Title 18 to address new computer
crimes. Indeed, a June 1996 study by the United States Sentencing
19
Commission concluded that there were only 174 cases in which the
statute of conviction included 18 U.S.C. 1030, but conceded that
. .pertinent questions remain unanswered. For example, how
much criminal behavior that could have been successfully prosecuted
under
18
U.S.C.
1030
was
prosecuted
under
other
fraud
statutes. . . ?12
12
20
Chapter 5
Landmark US Cyber Cases Studied
The landmark US cases on cyber law are studied below. I have tried to
incorporate a wide variety of cases on different subjects to give a
comprehensive picture on the evolution of cyber law in the United
States of America. The complete text of the cases is not included for
reasons of brevity; however, they are available with the author if the
reader wishes to read any or all of them.
UNAUTHORISED ACCESS
Briggs v. State of Maryland
348 Md. 470 (1998) [USA]
The Court held that the statute of the state of Maryland that
criminalizes unauthorized access to computers "was intended to
prohibit use of computers by those not authorized to do so in the first
place, and may not be used to criminalize the activities of employees
who use employers' computer systems beyond the scope of their
authority to do so".
Scott Moulton and Network Installation Computer Services, Inc. v. VC3
Civ. Act. No. 1:00-CV-434-TWT (N.D. Ga. November 6, 2000) [USA]
The Court held that the plaintiff's act of conducting an unauthorized
port scan and throughput test of defendant's servers does not
constitute a violation of either the Georgia Computer Systems
Protection Act or the Computer Fraud and Abuse Act.
21
EMAIL RELATED
United States v. Kammersell
1998 U.S. Dist. LEXIS 8719 (D. Utah 1998) [USA]
The Court found that federal interstate jurisdiction was proper where
defendant sent a threatening email via AOL, an interstate service, even
though the message was sent from and received in the same state.
The Court held that federal laws prohibiting transmission in interstate
commerce of communications containing threats applied, because the
e-mail was sent via a commercial online service and routed outside the
state before reaching its final destination within the state. The 10th
Circuit Court of Appeals affirmed this decision (See 196 F.3d 1137 (10th
Cir. Utah 1999) [USA]).
United States v. Machado
C.D. Cal. 2/10/98 [USA]
The accused was convicted in violation of federal hate-crime law for
sending threatening email to Asian students at University of California
at Irvine based on race/ethnicity. The accused stated that the emails
were sent idly and without intention to act on the threats.
State of Washington v. Townsend
No. 19304-7-III (Wash. Ct. App. 2001) [USA]
A Washington Appellate Court affirmed a conviction for second-degree
rape of a child. The defendant appealed the lower court's decision to
22
23
by defendant.
This
equipment
Amendment,
made
applicable
to
the
states
through
the
Fourteenth Amendment"
25
industry
revolution.
High
technology
has
markedly
26
entities,
and
hence
damage
to
an
ISP-victim
was
28
29
PORNOGRAPHY
Davis v. Gracey
111 F.3d 1472 (10th Cir. 1997) [USA]
After the accused, Davis, sold obscene CD-ROMs to an undercover
officer, a warrant was obtained to search his business premises; police
officers determined pornographic CD-ROM files could be accessed
through the bulletin board and seized the computer equipment used to
operate it.
Following his criminal conviction and civil forfeiture of the computer
equipment in state court proceedings, Davis, his related businesses,
and several users of email on his bulletin board brought action against
the officers who executed the search, alleging that the seizure of the
computer equipment and email and software stored on the system
violated constitutional and statutory provisions.
Affirming, the 10th Circuit held that the original warrant was not
unconstitutionally overbroad, and that the incidental temporary seizure
of bulletin board email users' files did not invalidate the seizure of the
computer within which they were stored. "The computer equipment
was more than merely a 'container' for the files; it was an
instrumentality of the crime."
United States v. Thomas
74 F.3d 701 (6th Cir. 1996) [USA]
A Bulletin Board Service (BBS) operator in California was arrested and
convicted
when
pornographic
materials
from
their
site
were
30
materials
ordered
from
them
were
delivered,
violating
federal
However,
263.10,
prohibiting
"promoting
an
obscene
sexual
The Court also held that the Due Process Clause was not violated
because the information to be posted is considered "non private" and
therefore there is no cognizable injury to the plaintiff's reputation. The
defendant, the Utah Department of Corrections, stipulated it would
administer the statute in accordance with the court's decision, and
therefore no order was issued.
The court found that the state law against knowingly transmitting
sexually explicit communications to minors with intent to lure them
into sexual activity was constitutional and did not violate the
Commerce Clause. The court noted that the statute is no broader than
necessary to achieve the purpose of preventing the sexual abuse of
children.
State of New York v. BuffNet
NY Appellate Division, Fourth Judicial Department (2001) [USA]
An Internet Service Provider (ISP) pled guilty to the misdemeanor
charge of knowingly providing access to child pornography. A two-year
investigation found that ISP, BuffNet, knowingly hosted a child
pornography newsgroup called "Pedo University". The police notified
BuffNet that they were hosting illegal content, yet BuffNet failed to
remove the newsgroup from its servers. Police then seized the ISP's
servers. BuffNet was levied a $5000 fine, and removed the obscene
content.
ONLINE GAMBLING
State of New York v. World Interactive Gaming Corp
1999 N.Y. Misc. LEXIS 425 (N.Y. App. Div. 1999) [USA]
Court
granted
injunction
barring
Antigua-based
online
gaming
company from doing business with New York residents. The court held
that regardless of whether gambling is legal where the company is
based, "The act of entering the bet and transmitting the information
from New York via the Internet is adequate to constitute gambling
activity within New York State".
36
37
38
The Judge held that posting was covered because it was initiated by
means of a telephonic communication with the network community.
State of Utah v. Amoroso
364 Utah Adv. Rep. 3 (Utah Ct. App. 1999) [USA]
The state of Utah may criminally prosecute an Illinois corporation for
liquor sales to Utah residents over the Internet, through the use of a
telephone "800" number, and by mail. Although the Utah appellate
court held that it was improper to apply the civil "minimum contacts"
analysis, the court held that there was criminal personal jurisdiction in
Utah over the defendants based upon the theory that the conduct
committed in Illinois caused an unlawful result in Utah.
The court also held that the prosecution was valid under the TwentyFirst Amendment and did not violate the Commerce Clause.
United States v. Baker
(890 F. Supp. 1375 (E.D. Mich. 1995) [USA])
aff'd sub nom U.S. v. Alkahabaz
(104 F.3d 1492 (6th Cir. Mich. 1997) [USA])
In this case, a college student who wrote a sado-masochistic fantasy
story about one of his classmates and transmitted it to an Internet
correspondent could not be prosecuted for interstate transmission of
threats to injure or kidnap as there was no showing that the thoughts
expressed in the story were "true threats" on which the student
intended to act.
On January 29, 1997, on appeal in U.S. v. Alkhabaz, dismissal was
affirmed. The Court held that the elements of the charge of threat were
39
41
The Court dismissed the claims advanced by the plaintiff under the
Electronic Communications Privacy Act, the Computer Fraud and Abuse
Act, and the Wiretap Act arising out of Doubleclick's use and placement
of "cookies" on plaintiffs' computers.
Doubleclick uses such "cookies" to gather information about the users'
use of Doubleclick client web sites. Since Doubleclick's clients
consented to such information being gathered, the court held that
Doubleclick's activities did not run afoul of either the Electronic
Communications Privacy Act or the Wiretap Act.
The court also dismissed the claims, which the plaintiffs advanced
under the Computer Fraud and Abuse Act because any damages
caused by Doubleclick's activities did not meet the threshold required
by the Computer Fraud and Abuse Act. Finally, the court, having
dismissed all of the plaintiffs' federal claims, declined to retain
jurisdiction over plaintiffs' state law claims, and dismissed the action.
United States Of America V. Robert Tappan Morris
928 F.2d 504; 1991 U.S. App. LEXIS 3682 United States Court Of
Appeals For The Second Circuit[USA]
In 1988, Morris was a first-year graduate student in Cornell University's
computer science Ph.D. program. Through undergraduate work at
Harvard and in various jobs he had acquired significant computer
experience and expertise.
When Morris entered Cornell, he was given an account on the
computer at the Computer Science Division. This account gave him
explicit authorization to use computers at Cornell. Morris engaged in
42
program
of
password
guessing,
whereby
various
combinations of letters are tried out in rapid sequence in the hope that
one will be an authorized user's password, which is entered to permit
whatever level of activity that user is authorized to perform.
44
accesses
Federal
interest
computer
without
45
46
Chapter 6
Conclusion
At the end of this project, several inferences can be drawn from the
work done in this project. These are:
1. Cyber Crime cannot be clubbed together with ordinary crime.
Though there are similarities at the present moment, and they
are taken together, it is my feeling that within the next 5 years, a
trend of separating crime into two categories shall begin. The
categories will be virtual crime and physical crime. This is
already happening to a limited extent in some countries where it
is being realized that the standard rules of penal law or penology
cannot be applied in their traditional manner to cyber offences.
The laws of evidence have to be looked at very carefully indeed.
It is an interesting fact that the book in which the term
cyberspace was first coined, Neuromancer, by William Gibson,
spoke of a future in which the world is one vast connected entity.
Society had moved into the cyber world. Crime had become
totally cyber. This book was written in 1984, and the future it
visualized seems eerily real today.
2. Human Society as a whole is changing. On reading all the cases
studied, and various other materials, a pattern begins to emerge.
Human beings are progressing, if one can call it that, from the
material world, where physical harm is the highest form of
punishment, to the digital era. In fact in a recent Harvard
Business Review article, a journalist spoke of the feeling of utter
helplessness she experienced when her PDA (Personal Digital
Assistant) crashed. I felt like I had died. More than data, it was
my life in there. These kinds of sentiments are becoming more
47
and more common today. People often feel closer to their virtual
friends, or e-friends, living thousands of miles away, than to their
neighbours living next door.
3. In this Virtual World there are no, or at least insufficient laws.
This virtual world can be compared to a Frontier town of the Old
West. The Wild West as it was known had no real laws or rules. It
was every man for himself. The people recognized this. Laws
were written down as incidents which required them happened.
This is echoed in todays digital frontier. Laws are scrambling to
keep pace with the rate of change in technology. Todays laws
may be obsolete tomorrow. A smart person can get away with a
lot of things that would be impossible in the real world.
4. This shadowy world is not very well understood. This is the main
reason that legislations are unable to address the real problems.
One more reason for this is that the Digital Citizens, are only
now entering their late forties. In many countries, like India, this
is too young to actively influence the Legislative process.
However, as these people reach the decision making positions in
society, possibly the picture will change.
The Cyber Laws in India, while a good start, are not necessarily very
comprehensive. The Indian Cyber Law needs to be updated, or to use a
term from computerese, upgraded. The protections that it envisages
have changed from the time of its passing. In fact, the IT Act should be
one of the most dynamic legislations in the country, if not the most.
Only this will keep law enforcement, if not one step ahead, at least not
too many steps behind cyber criminals. The august Legislature of our
country must realize this and institute a special task for on IT and
Cyber Law, whose role it should be to keep track of the changes in the
Digital Ecosystem, and to formulate changes in the IT Act, so that it
remains relevant.
48
Bibliography
Books
1. Computer Contracts and Information Technology Law, Rao, S.
Joga (Nagpur : Wadhwa and Co., 2003)
2. Computer law 3rd Ed, Edited by Chris Reed,(New Delhi: Universal
Law Publishers, 2000)
3. Computer Law 4th Ed., Edited by Chris Reed and John Angel,(New
Delhi: Universal Publishers, 2002)
4. Criminal Law, Cases and Materials,, Gaur, K.D (New Delhi:
Butterworths India, 1999)
5. Guide to Cyber Laws, Ryder, Rodney D. (Nagpur : Wadhwa
Publications, 2001)
6. Information technology Law, Rowland Diane and Elizabeth
Macdonald, (London: Cavendish Publishing Ltd, 1997)
7. Law of Information Technology (Cyber Law), Mittal, D.P (New
Delhi: Taxmann, 2000)
8. Rules of the Road for the Information Superhighway : Electronic
Communications
and
the
Law,
Benkler,
Yochai
(St.
Paul
49
[USA]
11.
Free Speech Coalition v. Reno 198 F.3d 1083 (9th Cir. 1999)
[USA]
12.
13.
00 Civ. 0641
[USA]
15.
052574 [USA]
16.
17.
People v. Foley No. 17 (N.Y. Ct. App., Apr. 11, 2000) [USA]
18.
24.
[USA]
26.
504; 1991 U.S. App. LEXIS 3682 United States Court Of Appeals
For The Second Circuit[USA]
27.
1995) [USA])
28.
1991).
29.
30.
United States v. Gilboe 684 F.2d 235 (2d Cir. 1982) [USA]
31.
[USA]
32.
[USA]
33.
4/14/99) [USA]
34.
[USA]
36.
37.
[USA]
38.
1999) [USA]
39.
United States v. Pirello 255 F.3d 728 (9th Cir. 2001) [USA]
40.
51
41.
[USA]
42.
43.
United States v. Whiting 165 F.3d 631 (8th Cir. 1999) [USA]
44.
Websites
1. http://news.bbc.co.uk/1/hi/world/south_asia/1162245.stm
2. http://www.cybercrime.gov
3. http://www.dqindia.com
4. http://www.hindustantimes.com
5. http://www.manupatra.com
6. http://www.westlaw.com
7. http://www4.law.cornell.edu
52
Appendix 1
Cyber Cops and Robbers
Hyderabad's pioneering 'cyber crime police station' is all set to file the
first of its charge sheets. 13
The cyber crime police station functions within the Crime Investigation
Department of Andhra Pradesh Police. So far it has investigated 11
cases and arrested four accused.
"Charge sheets in two cyber crimes are likely to be filed within a couple
of weeks in the 9th Metropolitan Magistrate's Court that deals with CID
cases," says Ravi Kiran, a police official at the cyber crime police
station.
Though the state government had issued orders for setting up the
cyber crime unit in May 2002, the special police station began work
only in December. Late last month it moved into the newly constructed
CID office complex here.
"The cyber crime police station has jurisdiction over all of Andhra
Pradesh and deals with cyber offences under the Information
Technology Act, 2000," Kiran explains.
He points out that this large jurisdiction over the entire state is unique
to his police station. Three other cyber crime police stations that were
founded later in New Delhi, Mumbai and Bangalore have powers within
their cities only.
"Right now, we are dealing with offences committed under the IT Act;
particularly sections 65, 66 and 67. These pertain to tampering of
computer source documents, hacking of computer systems and
publication of obscene information in electronic form. We also add
relevant sections of the Indian Penal Code, depending on the nature of
the offence," Kiran says.
The cyber crime police station has registered eight cases since
December 2002. Besides, three cases of cyber crime, registered by the
Hyderabad City Police, have also been transferred to the cyber crime
police station for investigation.
13
53
Eight of these cases pertain to Section 67, where the accused have
been charged with sending obscene emails to the complainants. Two
cases relate to Section 65, which is about theft of source code. And one
case falls under Section 66, which covers hacking.
The cyber crime police arrested a person who has been accused of
using fake IDs, sending obscene emails to BJP MP Denzil B Atkinson and
threatening to kidnap his daughters.
In another case, the cyber crime police arrested a food and beverages
manager of a luxury hotel in Chennai, for sending obscene emails to a
lady IPS officer, who is working as an inspector-general of police in
Hyderabad.
One person was nabbed for stealing source code and another was
arrested for sending obscene emails to the executives of a US
company.
"The accused in all the cases detected so far are highly educated
people who are well-versed with computers. One is a doctor, a child
specialist, and another is a systems engineer with a BTech degree.
Then there is a government officer with a postgraduate degree," Kiran
says.
In six cases, the investigation is stuck either because the incriminating
emails were sent through cyber cafes or a foreign Internet service
provider has refused to cooperate in furnishing user details. Indian
ISPs, however, have been extending all the help they can.
"We are facing problems in investigating some cases because the
cyber criminals are using Internet cafes for sending malicious mails.
These cafes do not maintain any users logs. In other instances, the
suspects live abroad and this makes it difficult to pursue the case,"
Kiran explains.
At present, the cyber crime police station is accepting complaints in
writing, lodged personally by the affected people. There is no online
registration of complaints right now. Even if people send complaints
through email, they will have to follow it up with a validation by visiting
the police station.
Additional Superintendent of Police, M Sivananda Reddy, heads the
cyber crime police station as station house officer. He is assisted by
Deputy Superintendent of Police C Jayaram Reddy, a sub-inspector and
four constables. A private consultant has also been hired.
54
55
Appendix 2
Amendments to the Indian Penal Code, 1860, by the Information
Technology Act 2000
THE FIRST SCHEDULE
(AMENDMENTS TO THE INDIAN PENAL CODE)
1. After section 29, the following section shall be inserted, namely 29A.The words "electronic record" shall have the meaning assigned to
it in clause (s) of sub-section (7) of section 2 of the Information
Technology Act, 1999.
2In section 167, for the words "such public servant, charged with the
preparation or translation of any document, frames or translates that
document",
the words "such public servant, charged with the
preparation or translation of any document or electronic record,
frames, prepares or translates that document or electronic record"
shall be substituted
3. In section 172, for the words "produce a document in a Court of
Justice", the words "produce a document or an electronic record in a
Court of Justice" shall be substituted.
4 In section 173, for the words "to produce a document in a Court of
Justice",
the words "to produce a document or electronic record in a Court of
Justice"
shall be substituted.
5. In section 175, for the word "document" at both the places where it
occurs,
the words "document or electronic record" shall be substituted.
6. In section 192, for the words "makes any false entry in any book or
record, or makes any document containing a false statement", the
words "makes any false entry in any book or record, or electronic
record or makes any document or electronic record containing a false
statement" shall be substituted.
7. In section 204, for the word "document" at both the places where it
occurs,
the words "document or electronic record"
shall be
substituted.
56
8.In section 463, for the words "Whoever makes any false documents
or part of a document with intent to cause damage or injury", the
words "Whoever makes any false; documents or false electronic record
or part of a document or electronic record, with intent to cause
damage or injury" shall be substituted.
9.In section 464 (a)or the portion beginning with the words "A person
is said to make a false
document" and ending with the words "by
reason of deception practised upon
him, he .does not know the
contents of the document or the nature of me
alteration", file
following shall be substituted, namely: A person is said to make a false document or false electronic record First Who dishonestly or fraudulently (a)makes, signs, seals or executes a document or part of a document;
(b)makes or transmits any electronic record or part of any electronic
record;
(c)affixes any digital signature on any electronic record;
(d)makes any mark denoting the execution of a document or the
authenticity of the digital signature, with the intention of causing it to
be believed that such document or a part of document, electronic
record or digital signature was made, signed, sealed
executed,
transmitted or affixed by or by the authority of a person by whom or
by whose authority he knows that it was not made, signed, sealed,
executed or affixed; or
Secondly Who, without lawful authority, dishonestly of fraudulently, by
cancellation or otherwise, alters a document or an electronic record in
any material part thereof, after it has been made, executed or affixed
with
digital signature either by himself or by any other person,
whether such person be living or dead at tile time of such alteration;
or
Thirdly Who dishonestly or fraudulently causes any person to sign, seal,
execute or alter a document or an electronic record or to affix his
digital signature on any electronic record knowing that such person
by reason of unsoundness of mind or intoxication cannot, or that by
reason of deception practised upon him, he does not know the
contents of the document or electronic record or the nature of the
alteration."
(b)
after Explanation 2,
the following Explanation shall be inserted at the end, namely Explanation 3 - For the purposes of this section, the expression
"affixing digital signature" shall have the meaning assigned to it in.
57
clause (d) of
sub- 50 section (1) of section 2 of the Information
Technology Act, 1999.'
10.In section 466 (a)for the words "Whoever forges a document",
the words "Whoever forges a document or an electronic record" shall
be substituted;
(b)the following Explanation shall be inserted at the end, namely Explanation - For the purposes of this section, "register" includes any
list, data or record of any entries maintained in the electronic form as
defined in clause (r) of sub-section (1) of section 2 of the Information
Technology Act, 1999.
11.In section 468, for the words "document forged", the words
"document or electronic record forged" shall be substituted.
12.In section 469, for the words "intending that the document forged",
the words "intending that the document or electronic record forged"
shall be substituted.
13.In section 470, for the word "document" in both the places where it
occurs,
the words "document or electronic record"
shall be
substituted.
14.In section 471, for the word "document" wherever it occurs, the
words "document or electronic record" shall be substituted.
15. In section 474, for the portion beginning with the words "Whoever
has in his possession any document" and ending with the words "if the
document is one of the description mentioned in section 466 of this
Code", the following shall be substituted, namely: " Whoever has in his possession any document or electronic record,
knowing the same to be forged and intending that the same shall
fraudulently or
dishonestly be used as a genuine, shall, if the
document or electronic record is one of the description mentioned in
section 466 of this Code.".
16.In section 476, for the words "any document", the words "any
document or electronic record" shall be substituted.
17.in section 477A, for the words "book, paper, writing" at both the
places where they occur, the words "book, electronic record, paper,
writing" shall be substituted.
58
Appendix 3
The Rise of Cyber Crimes
Cyber Attacks: Its Time to Act
Cybercrime is all around us, and on the rise. And not only are top
enterprises at risk, youin your personal, individual capacitymay
also be under watch...
Neetu Katyal
Thursday, November 21, 200214
Hugh Jackman plays a hacker named Stanley Jose in Swordfish, and
has the expertise to break in to government computers and alter
records. Skeet Ulrich plays the most wanted computer hacker on the
FBI list, Kevin Mitnick, in Takedown. And recently, Abhishek Bachchan
played Jagdish, a computer whiz-kid who puts his knowledge to good
use and saves a site in Om Jai Jagdish. The common factorhacking.
How the lure of money can transform an intellectual into a fraudster
came to fore when a software engineering graduate from IIT Kharagpur
was caught red-handed trying to sell the source code of a sophisticated
software package recently. The arrest followed a complaint from the
Federal Bureau of Investigation, which informed its Indian counterpartthe Central Bureau of Investigationof the attempt to sell the source
code of Solid Works 2001 Plus, developed by American firm Solid
Works. This company had outsourced debugging of the package to a
Mumbai-based company, where this engineer workedafter finishing
work on the project, the engineer resigned.
Before leaving, however, he took the entire source code of the software
with him. He then approached other software companies in the US
through e-mail, announcing that he had the source code and
expressing his keenness to sell it. A company named Solid Concepts in
the US responded to his mail, and informed Solid Works and the FBI
about the offer. After negotiation, the exchange was finalized for a sum
of $200,000 and an initial payment of $20,000 wired to the engineers
bank account in Mumbai. An FBI agent posing as a representative of
the company met the engineer at Delhis Ashok Hotel, where the latter
was apprehended while handing over the source code on two CDs. Hes
14
http://www.dqindia.com/content/special/202112102.asp
59
since been booked under Sections 379 and 406 of the Indian Penal
Code and Section 66 of the IT Act.
From the CBI files...
The Central Bureau of Investigation registered its first case on hacking
when the Department of Customs and Central Excise complained that
its site had been hacked into. Identified as the Anti-India Crew, the
culprits had hacked into more than 120 Indian sites. Fortunately, they
managed only to deface the homepage before the hack was detected.
The case gained importance, as it was for the first time that a
government department had lodged a complaint about hacking of its
Website.
In another case of cyber harassment, the cyber crime cell of CBI
cracked a case where personal details and telephone number of a
young lady executive were posted on a dating site, with the statement
that she was "available". When her family started getting calls from
around the world, they lodged a complaint with CBIs cyber crime cell.
It was found that the website contained obscene material and had links
to other pornographic sites. The IP addresses of the sites were traced
to one Dewang Badyani of Mumbai. The CBI and local police conducted
searches at the locations of Direct Information, a Web hosting
company, the premises of Badyani, VSNL location and Indosofta
private company that developed the program for the accused. From
the VSNL premises, the team seized a server containing material for
the Websites and other pornographic sites belonging to Badyani from
the rack of Direct Information. Further investigation is on.
Most Offenders are Family or Friends, Who Youd Never Suspect
The Cybercrime Cell in Bangalore celebrated its first birthday on 22
October 2002. Mr Alok Mohan, DIG of police (economic offences),
under the Corps of Detectives, Bangalore, spoke to DQ about the cells
activities in its first year. Excerpts:
l What has been the nature of work at and efficacy of the Cybercrime
Police Station?
The Bangalore CCPS is the first of its kind in the country and has
jurisdiction over the entire state of Karnataka. So far we have solved
more than 90% of the 61 cases that have been lodged.
l Why is it that enterprises are wary of reporting a cyber attack?
Enterprises across the country hesitate to lodge complaints due to
fear of negative publicity. However, I urge them to approach the
legal authority because by not doing so, theyre encouraging the
person to continue.
l What is your team made up of?
60
During search operations, one of the computers loaded with the e-mail
bombing program used to send Spam was seized.
Germany calling!
A new and innovative way of cheating people is gaining groundthe
lure of getting them handsome jobs overseas. CBI cracked this
interesting case on the basis of two separate e-mail complaints. The
complainants received e-mails from one Mohd Firoz, informing them
that they had been selected for the posts of network administrator
and programmer, respectively, without any formal interview. A
German firm called DIS-AG Personalvermittlung, manufacturing and
exporting cosmetics; drugs and toiletries, had hired them. They were
asked to cough up Rs 10,000 and Rs 40,000, respectively, to a
specified ICICI bank account number for visa and other paper work.
Further, they were asked to come to Delhi for their visa inter views at
the German embassy and to collect other contract papers. On
contacting the German embassy, the two were told that no person or
company by the given name was known to the embassy.
CBIs investigation traced the ICICI account to a residence in Hari
Nagar in New Delhi. The statement of account collected from the bank
revealed deposit of cash in the account from different parts of the
country and even abroad. The investigations also revealed that Mohd
Firoz had changed residence a year back and had cheated on people
by payment of heavy amounts on the pretext of getting them lucrative
jobs. Firoz used to withdraw money through ICICI ATMs in Delhi, but he
was ultimately traced to Asansol in West Bengala 23-year-old
unemployed graduate from Aligarh Muslim University.
All said and done
Worldwide, cybercrime has increasedas it has in the Indian
geography. With the number of Internet users shooting up, the threat is
becoming even worse. We can choose to be proactive and report the
incidents to help bring the guilty to book; or downplay the threat at our
own riskwhich is what most of Indian enterprises and home
computer-users do. The choice is oursto live or be outlived
When faced with a cyber attack, report it
Whats the cybercrime scene in India? Whats the CBI doing to check
the menace? How effective is the IT Act in tackling such cases?
Archana Ramasundaram, joint director (economic offences), CBI spoke
on these issues. Excerpts:
How grave is the situation in India when it comes to cybercrime?
62
The incidents of cyber crime are constantly on the rise. And each case
reported is quite different from the other. One has to be cautious of the
threat.
What do statistics across India indicate?
We wouldnt have the statistics of cyber crimes across the country. The
National Crime records Bureau deals with that. Also, CBI deals only
with special cases. So as far as CBI is concerned, we had 7 cases in the
year 2000 that was also the year when Cyber Crime Investigation Cell,
Delhi was set up. In 2001, the number of complaints rose to 19 and so
far in 2002 we have 16 complaints registered with us.
Is there set criteria that the CBI looks into a certain type of case and
the local police into other kinds?
No, theres no hard and fast rule to classify the cases. Its just that CBI
takes up matters considered critical or the ones with urgency or sheer
complexity.
How equipped are you to handle these cases?
Our investigating officers have the technical expertise to put together
the pieces of info to tackle the cases. Were improving our skills by way
of training. We also take support from the industry when need arises.
Also, weve requested the Government of India to provide for more
manpower and resources in terms of software etc.
Do you seek help and assistance from international agencies like
Interpol and FBI?
The CCIC of the CBI was recognized as the International Contact Point
for tackling cyber crimes in India at the International Conference on
Information Technology Crime organized by Interpol in Lyons (France)
recently. The CBI is also a member of the Interpol Working party on
Information Technology Crime for South-East Asia and Australasia.
63
Appendix 4
18 U.S.C. 1030.
64
Government of the United States and such conduct affects that use by
or for the Government of the United States;
(4) knowingly and with intent to defraud, accesses a protected
computer without authorization, or exceeds authorized access, and by
means of such conduct furthers the intended fraud and obtains
anything of value, unless the object of the fraud and the thing obtained
consists only of the use of the computer and the value of such use is
not more than $ 5,000 in any one-year period;
(5)
(A)
(i) knowingly causes the transmission of a program, information, code,
or command, and as a result of such conduct, intentionally causes
damage without authorization, to a protected computer;
(ii) intentionally accesses a protected computer without authorization,
and as a result of such conduct, recklessly causes damage; or
(iii) intentionally accesses a protected computer without authorization,
and as a result of such conduct, causes damage; and
(B) by conduct described in clause (i), (ii), or (iii) of subparagraph (A),
caused (or, in the case of an attempted offense, would, if completed,
have caused)-(i) loss to 1 or more persons during any 1-year period (and, for
purposes of an investigation, prosecution, or other proceeding brought
by the United States only, loss resulting from a related course of
conduct affecting 1 or more other protected computers) aggregating at
least $5,000 in value;
(ii) the modification or impairment, or potential modification or
impairment, of the medical examination, diagnosis, treatment, or care
of 1 or more individuals;
(iii) physical injury to any person;
(iv) a threat to public health or safety; or
65
66
68
(C) a credit union with accounts insured by the National Credit Union
Administration;
(D) a member of the Federal home loan bank system and any home
loan bank;
(E) any institution of the Farm Credit System under the Farm Credit Act
of 1971;
(F) a brokerdealer registered with the Securities and Exchange
Commission pursuant to section 15 of the Securities Exchange Act of
1934;
(G) the Securities Investor Protection Corporation;
(H) a branch or agency of a foreign bank (as such terms are defined in
paragraphs (1) and (3) of section 1(b) of the International Banking Act
of 1978); and
(I) an organization operating under section 25 or section 25(a) of the
Federal Reserve Act.
(5) the term "financial record" means information derived from any
record held by a financial institution pertaining to a customer's
relationship with the financial institution;
(6) the term "exceeds authorized access" means to access a computer
with authorization and to use such access to obtain or alter information
in the computer that the accesser is not entitled so to obtain or alter;
(7) the term "department of the United States" means the legislative or
judicial branch of the Government or one of the executive departments
enumerated in section 101 of title 5;
(8) the term 'damage' means any impairment to the integrity or
availability of data, a program, a system, or information;
69
70
71