Cyber Crimes

D. Bala Krishna NALSAR

Crime
Mala in se & Mala in prohibita Definition Mens rea + Actus reaus = Crime

Computer Crime
Computer crime encompass a broad range of potentially illegal activities. It may be divided into two categories 1. Crimes that target computer networks or devices directly 2. Crimes facilitated by computer networks or devices, the primary target of which is independent of the computer network or device

Computer Crime
E.g. of crimes that primarily target computer networks or devices Malware (malicious code) Denial-of-service attacks Computer viruses

Computer Crime
Examples of crimes that merely use computer networks or devices Cyber stalking Fraud and identity theft Phishing scams Information warfare

Cyber Crimes
Credit card frauds Cyber pornography Sale of illegal articles-narcotics, weapons, wildlife Online gambling Intellectual Property Crimes- software piracy, copyright infringement, trademarks violations, theft of computer source code Email spoofing Forgery Defamation Cyber stalking Phishing Cyber terrorism

Cyber & bad Purposes

Vandalism Vigilantism Fraud Terrorism Warfare

Law & cyber crimes

I.T Act I.P.C Cr.P.C I.E.A

Computer Related Crimes under IPC and Special Laws

Sending threatening messages by email
Sec 503 IPC

Sending defamatory messages by email

Forgery of electronic records Bogus websites, cyber frauds Email spoofing Online sale of Drugs

Sec 499, 500 IPC

Sec 463, 470, 471 IPC Sec 420 IPC Sec 416, 417, 463 IPC NDPS Act

Web-Jacking
Online sale of Arms

Sec. 383 IPC

Arms Act
9

Power of Police to Investigate

Sec.165 of Cr.P.C. : Search by police officer. Sec.93 of Cr.P.C : General provision as to search warrants. Sec.47 of Cr.P.C. : Search to arrest the accused. Sec.78 of IT Act,2008 : Power to investigate offences-not below rank of Inspector. Sec. 80 of IT Act, 2000 : Power of police officer to enter any public place and search & arrest.

Power of Police to Investigate

Sec.156 Cr.P.C. : Power to investigate cognizable offences. Sec.155.Cr.P.C. :Power to investigate noncognizable offences. Sec.91. Cr.P.C. : Summon to produce documents Sec.160. Cr.P.C. :Summon to require attendance of witnesses.

Information Technology Act

History of the Act Specifics of the Act Essence of the Act The Information Technology (Amendment) Act, 2008 Criticism Notification Of IT Act 2008

Contd.
History of the Act Information Technology Act -2000 Information Technology Act -2008 Evolved over a period of time between 1998 to 2009

Specifics of the Act

Information technology Act 2000 Consisted of 94 sections Segregated into 13 chapters. Four schedules form part of the Act.

Contd.
In the Act,2008 there are 124 sections (excluding) 5 sections that have been omitted from the earlier version) and 14 chapters. Schedule I and II have been replaced Schedules III and IV are deleted.

IT Act,2000
Essence of the Act Information Technology Act 2000 addressed the following issues: Legal Recognition of Electronic Documents Legal Recognition of Digital Signatures Offenses and Contraventions Justice Dispensation System for Cyber crimes

Contd.
ITA 2008 as the new version of Information Technology Act 2000 Provided additional focus on Information Security. It has added several new sections on offences including Cyber Terrorism and Data Protection.

Contd.
The Information Technology (Amendment) Act, 2008 The Government of India has brought major amendments to ITA-2000 in form of the Information Technology Amendment Act, 2008

Criticism
The amendment was passed in an eventful Parliamentary session on 23rd of December 2008 with no discussion in the House. Lack of legal and procedural safeguards to prevent violation of civil liberties of Indians

Appreciation
It addresses the issue of Cyber Security. Sec 69: empowers the Central Government /State Government / its authorized agency intercept, monitor or decrypt any information generated, transmitted, received or stored in any computer resource if it is necessary or expedient so to do in the interest of the sovereignty or integrity of India, defence of India, security of the State, friendly relations with foreign States or public order or for preventing incitement to the commission of any cognizable offence or for investigation of any offence.

Contd.
Notification Of IT Act 2008 The Information Technology Amendment Act, 2008 (IT Act 2008) has been passed on 23rd December 2008 and received the assent of President of India on 5th February, 2009. The IT Act 2008 has been notified on Oct 27 2009 Notification under IT (Amendment) Act, 2008 Enforcement of IT (Amendment) Act 2008 Notification of Rules under Section 52, 54, 69, 69A, 69B.

Mo Communication & I.T

Is an Indian government ministry. It contains three departments: Department of Telecommunications Department of Information Technology Department of Posts

Department of Information Technology

Department of Information Technology The newest department, the Department of Information Technology (DIT) regulates the various aspects of Indian information technology. The following are comprehensive functions of the DIT: Policy matters relating to Information Technology; Electronics; and Internet (all matters other than licensing of Internet Service Providers) Promotion of Internet, IT and IT-enabled services Assistance to other departments in the promotion of e-governance, e-commerce, e-medicine, e-infrastructure, etc. Promotion of I T education and Information Technology-based education

 Matters relating to Cyber Laws, administration of the Information Technology Act 2000 (21 of 2000) and other IT-related laws Matters relating to promotion and manufacturing of semiconductor devices in the country excluding all matters relating to Semiconductor Complex Limited Mohali; the Semiconductor Integrated Circuits Layout Design Act, 2000 (37 of 2000) Interaction in IT-related matters with international agencies and bodies, e. g., Internet for Business Limited, Institute for Education in Information Society and International Code Council-on line Initiative on bridging the Digital Divide: matters relating to Media Lab Asia Promotion of standardization, testing and quality in IT and standardization of procedures for IT applications and tasks Electronics Export and Computer Software Promotion Council National Informatics Centre

Contd.

CERT
The purpose of the CERT for responding to computer security incidents as and when they occur; the CERT-In will also assist members of the Indian Community in implementing proactive measures to reduce the risks of computer security incidents."

Contd.
Artifact analysis Incident tracing Proactive Issue security guidelines, advisories and timely advise. Vulnerability analysis and response Risk Analysis Security Product evaluation Collaboration with vendors National Repository of, and a referral agency for, cyber-intrusions. Profiling attackers. Conduct training, research and development. Interact with vendors and others at large to investigate and provide solutions for incidents.

CERT
AUTHORITY The Indian Computer Emergency Response Team Operates under the auspices of, and with authority delegated by, the Department of Information Technology, Ministry of Communications & Information Technology, Government of India. Vide notification published in Part II, Section 3, Sub-section (ii) of the Gazette of India, Extraordinary, and Dated 27th October, 2009

Contd.
Network Security " Network Security : An Introduction Networks Vulnerabilities Type of Threats/Attacks Assessing software and Network device vulnerabilities Network configuration Flaws Host Based Security Secure installation of hosts Patching up the latest vulnerabilities Server Services security Authentication, authorization and Access control Firewall Secure Configuration Replacing the default configurations with custom configurations Confidentiality

Cyber Crime Brief Description

Cyber Stalking internet chats. Stealthily Following a person, tracking his 43, 65, 66 Source Code Tampering etc. 65

Intellectual Property Crime Pornography Child Pornography involving children

Publishing Obscene in Electronic Form 67 Publishing Obscene in Electronic Form 67, 67 (2) under proposal

Video Voyeurism Transmitting Private / Personal Videos On internet and mobiles Proposed 72(3) Salami Attack Deducting small amounts from an account without coming in to notice, to make big amount 43, 65, 66

Contd.
E-Mail BombinFlooding an E-mail box with innumerable number of E-mails, to disable to notice important message at times.66 Phishing Bank Financial Frauds in Electronic Banking Proposed data Protection Provisions under 43, 65, 66, 419 A Personal Data Theft (2) Stealing personal data 43

Identity Theft Stealing cyberspace identity information of individual66, 43

Spoofing Stealing credentials using ,Friendly and familiar GUI s Provisions Under 43, 65, 66 and 66

International Cooperation in Combating Cyber-Crime

International Nature
Access/mobility of data fundamental to economic systems Borders by-passed Exploitation by criminals & terrorists
data hidden abroad hackers and viruses abroad economic criminals abroad illegal content abroad communicate to plan

Contd

International Nature
Minimal risk of detection and apprehension Different national laws Crime is borderless but enforcement is constrained by borders International cooperation is essential

Harmonization of National Laws

Common framework required But , no universal consensus of:
types of computer crime set of procedural powers specifics of definition or scope

Contd

Harmonization of National Laws

No truly international fora Problems regarding international cooperation inter-related with harmonization of substantive & procedural law

Inter-relation with procedural law

International investigative powers are coextensive with domestic powers:
search or production of data preservation of stored data collection of traffic data interception of communications

Obtain evidence and trace communications

Legal Framework for International Cooperation

Mutual legal assistance
scope of cooperation mechanics of cooperation general obligations specific investigative powers

Extradition
dual criminality nationality

Computer security
Passwords Firewalls Data Encryption Employees Web assurance services Computer contingency planning Disaster recovery planning

Combating cyber crimes

Technological measures-Public key cryptography, Digital signatures ,Firewalls, honey pots Cyber investigation- Computer forensics is the process of identifying, preserving, analyzing and presenting digital evidence in a manner that is legally acceptable in courts of law. Legal framework-laws & enforcement

Conclusions
The threats are real
They are not necessarily Internet threats But the Internet changes the game

The threats are serious

They may not be terrorism as we know it But they are worth caring about

Criminal infrastructure is an ongoing threat

Some states are playing the privateer game We cannot rely on international cooperation