Académique Documents
Professionnel Documents
Culture Documents
Crime
Mala in se & Mala in prohibita Definition Mens rea + Actus reaus = Crime
Computer Crime
Computer crime encompass a broad range of potentially illegal activities. It may be divided into two categories 1. Crimes that target computer networks or devices directly 2. Crimes facilitated by computer networks or devices, the primary target of which is independent of the computer network or device
Computer Crime
E.g. of crimes that primarily target computer networks or devices Malware (malicious code) Denial-of-service attacks Computer viruses
Computer Crime
Examples of crimes that merely use computer networks or devices Cyber stalking Fraud and identity theft Phishing scams Information warfare
Cyber Crimes
Credit card frauds Cyber pornography Sale of illegal articles-narcotics, weapons, wildlife Online gambling Intellectual Property Crimes- software piracy, copyright infringement, trademarks violations, theft of computer source code Email spoofing Forgery Defamation Cyber stalking Phishing Cyber terrorism
Web-Jacking
Online sale of Arms
Arms Act
9
Contd.
History of the Act Information Technology Act -2000 Information Technology Act -2008 Evolved over a period of time between 1998 to 2009
Contd.
In the Act,2008 there are 124 sections (excluding) 5 sections that have been omitted from the earlier version) and 14 chapters. Schedule I and II have been replaced Schedules III and IV are deleted.
IT Act,2000
Essence of the Act Information Technology Act 2000 addressed the following issues: Legal Recognition of Electronic Documents Legal Recognition of Digital Signatures Offenses and Contraventions Justice Dispensation System for Cyber crimes
Contd.
ITA 2008 as the new version of Information Technology Act 2000 Provided additional focus on Information Security. It has added several new sections on offences including Cyber Terrorism and Data Protection.
Contd.
The Information Technology (Amendment) Act, 2008 The Government of India has brought major amendments to ITA-2000 in form of the Information Technology Amendment Act, 2008
Criticism
The amendment was passed in an eventful Parliamentary session on 23rd of December 2008 with no discussion in the House. Lack of legal and procedural safeguards to prevent violation of civil liberties of Indians
Appreciation
It addresses the issue of Cyber Security. Sec 69: empowers the Central Government /State Government / its authorized agency intercept, monitor or decrypt any information generated, transmitted, received or stored in any computer resource if it is necessary or expedient so to do in the interest of the sovereignty or integrity of India, defence of India, security of the State, friendly relations with foreign States or public order or for preventing incitement to the commission of any cognizable offence or for investigation of any offence.
Contd.
Notification Of IT Act 2008 The Information Technology Amendment Act, 2008 (IT Act 2008) has been passed on 23rd December 2008 and received the assent of President of India on 5th February, 2009. The IT Act 2008 has been notified on Oct 27 2009 Notification under IT (Amendment) Act, 2008 Enforcement of IT (Amendment) Act 2008 Notification of Rules under Section 52, 54, 69, 69A, 69B.
Matters relating to Cyber Laws, administration of the Information Technology Act 2000 (21 of 2000) and other IT-related laws Matters relating to promotion and manufacturing of semiconductor devices in the country excluding all matters relating to Semiconductor Complex Limited Mohali; the Semiconductor Integrated Circuits Layout Design Act, 2000 (37 of 2000) Interaction in IT-related matters with international agencies and bodies, e. g., Internet for Business Limited, Institute for Education in Information Society and International Code Council-on line Initiative on bridging the Digital Divide: matters relating to Media Lab Asia Promotion of standardization, testing and quality in IT and standardization of procedures for IT applications and tasks Electronics Export and Computer Software Promotion Council National Informatics Centre
Contd.
CERT
The purpose of the CERT for responding to computer security incidents as and when they occur; the CERT-In will also assist members of the Indian Community in implementing proactive measures to reduce the risks of computer security incidents."
Contd.
Artifact analysis Incident tracing Proactive Issue security guidelines, advisories and timely advise. Vulnerability analysis and response Risk Analysis Security Product evaluation Collaboration with vendors National Repository of, and a referral agency for, cyber-intrusions. Profiling attackers. Conduct training, research and development. Interact with vendors and others at large to investigate and provide solutions for incidents.
CERT
AUTHORITY The Indian Computer Emergency Response Team Operates under the auspices of, and with authority delegated by, the Department of Information Technology, Ministry of Communications & Information Technology, Government of India. Vide notification published in Part II, Section 3, Sub-section (ii) of the Gazette of India, Extraordinary, and Dated 27th October, 2009
Contd.
Network Security " Network Security : An Introduction Networks Vulnerabilities Type of Threats/Attacks Assessing software and Network device vulnerabilities Network configuration Flaws Host Based Security Secure installation of hosts Patching up the latest vulnerabilities Server Services security Authentication, authorization and Access control Firewall Secure Configuration Replacing the default configurations with custom configurations Confidentiality
Publishing Obscene in Electronic Form 67 Publishing Obscene in Electronic Form 67, 67 (2) under proposal
Video Voyeurism Transmitting Private / Personal Videos On internet and mobiles Proposed 72(3) Salami Attack Deducting small amounts from an account without coming in to notice, to make big amount 43, 65, 66
Contd.
E-Mail BombinFlooding an E-mail box with innumerable number of E-mails, to disable to notice important message at times.66 Phishing Bank Financial Frauds in Electronic Banking Proposed data Protection Provisions under 43, 65, 66, 419 A Personal Data Theft (2) Stealing personal data 43
International Nature
Access/mobility of data fundamental to economic systems Borders by-passed Exploitation by criminals & terrorists
data hidden abroad hackers and viruses abroad economic criminals abroad illegal content abroad communicate to plan
Contd
International Nature
Minimal risk of detection and apprehension Different national laws Crime is borderless but enforcement is constrained by borders International cooperation is essential
Contd
Extradition
dual criminality nationality
Computer security
Passwords Firewalls Data Encryption Employees Web assurance services Computer contingency planning Disaster recovery planning
Conclusions
The threats are real
They are not necessarily Internet threats But the Internet changes the game