BY: DR.

RUHEE MITTAL

WHAT IS CYBER
CRIME?
Cyber crime refers to any crime
that involves a computer/mobile
and a network. The computer may
have been used in the
commission of a crime, or it may
be the target.

INTRODUCTION
The internet in India is growing rapidly.
It has given rise to new opportunities in
every field we can think of be it
entertainment, business, sports or
education.
There are two sides to a coin. Internet
also has its own disadvantages. One of the
major disadvantages is Cyber crime
illegal activity committed on the internet.

HISTORY OF CYBER CRIME

In 1820, Joseph-Marie Jacquard, a textile
manufacturer in France, produced the loom.
This device allowed the repetition of a series of
steps in the weaving of special fabrics.
This resulted in a fear amongst Jacquard's
employees that their traditional employment
and livelihood were being threatened.
They committed acts of sabotage to
discourage Jacquard from further use of the
new technology. This is the first recorded cyber
crime.

INDIA STANDS 11TH IN THE RANKING FOR CYBER CRIME IN THE WORLD,
CONSTITUTING 3% OF THE GLOBAL CYBER CRIME.

WHY INDIA ?

A rapidly growing online user base

121 Million Internet Users
65 Million Active Internet Users, up by
28% from 51 million in 2010
50 Million users shop online on
Ecommerce and Online Shopping Sites
46+ Million Social Network Users
346 million mobile users had
subscribed to Data Packages. (Source:
IAMAI; Juxt; we are social 2011)

Cost Of Cyber Crime In India (2010)

29.9 million people fell victim to
cybercrime,
$4 billion in direct financial losses,
$3.6 billion in time spent resolving the
crime,
4 in 5 online adults (80%) have been a
victim of Cybercrime,
17% of adults online have experienced
cybercrime on their mobile phone.
Source: Norton Cybercrime Report 2011

The police have recorded 3,038 cases but made only 2,700
arrests in 3 years (between 2007 and 2010)
India registered only 1,350 cases under the IT Act and IPC in 2010
50% of cybercrimes are not even reported

 A total number of 90, 119, 252 and 219 Government

websites tracked by the Indian Computer Emergency
Response Team (CERT-In) were hacked / defaced by
various hacker groups in the year 2008, 2009, 2010
and JanOct 2011 respectively

HOW IT DIFFERS FROM

TERRESTRIAL CRIME?

Easy to learn how to commit

Require few resources relative
to the potential damage caused
Can be committed in a
jurisdiction without being
physically present in it
Are often not clearly illegal

TYPES
Cyber Crime refers to all activities done
with criminal intent in cyberspace. These
fall into three slots.
Cyberspace is the electronic medium of
computer networks in which online
communication takes place.
1. Those against persons.
2. Against Business and Non-business
organizations.
3. Crime targeting the government.

 Computer as a tool
Computer as a target
Computer as an
instrumentality
Crime associated with
prevalence of
computers

COMPUTER AS A
TOOL
When the individual is the main
target of the crime the computer
can be considered as a tool rather
than target.
These crimes are not done by
technical experts.
Eg: Spam, cyber stalking , cyber
theft etc

COMPUTER AS A
TARGET
These crimes are committed by
a selected group of people with
technical knowledge.
Destruction of information in
the computer by spreading
virus.
Eg : Defacement, cyber terrorism
etc.

COMPUTER AS AN
INSTRUMENTALITY

The crime is committed by

manipulating the contents of
computer systems.
With the advent of computer the
criminal have started using the
technology as an aid for its
perpetuation.
Eg: Drug trafficking, money
laundering etc

CRIME ASSOCIATED WITH

PREVALENCE OF COMPUTERS

Copyright violation
Material copied from sources
that are not public domain or
compatibly licensed without
the permission of copyright
holder.
Copyright violation causes
legal issues.

CYBER CRIME VARIANTS

Hacking
"Hacking" is a crime, which entails
cracking systems and gaining unauthorized
access to the data stored in them.
Cyber Squatting
Cyber Squatting is the act of registering a
famous Domain Name and then selling it for
a fortune.

Phishing
Acquiring information such as usernames,
password and credit card details by
disguising as a trustworthy entity.
India is among the top 15 countries hosting
"phishing" sites which aims at stealing
confidential information such as passwords
and credit card details.

 Sale of illegal articles includes selling of

narcotic drugs, weapons, wildlife etc to
terrorists.
Email bombing refers to sending a large amount
of e-mails to the victim resulting in crashing of
victims e-mail account or mail servers.
Data diddling is a kind of an attack which
involves altering of raw data just before it is
processed by a computer and then changing it
back after the processing is completed.

Intellectual Property Crimes includes

software piracy, copyright infringement,
trademarks violations etc.
Theft of information contained in electronic
form-This includes information stored in
computer hard disks, removable storage
media etc.
Web defacement is usually the substitution
of the original home page of a website with
another page (usually pornographic or
defamatory in nature) by a hacker.

Cyber Defamation occurs when

defamation takes place with the help
of computers and or the Internet e.g.
e-mail containing defamatory
information about that person.
What is defamation?
Defamation is the act of
harming the reputation of person by
making a false statement to another.

Cyber Stalking refers to the use of the

Internet, e-mail, or other electronic
communications devices to stalk another
person.
Stalking generally involves harassing or
threatening behaviour that an individual
engages in repeatedly, such as following a
person, appearing at a person's home or
place of business, making harassing phone
calls, leaving written messages or objects, or
vandalizing a person's property.

Trojan Horse-A Trojan as this program is aptly

called, is an unauthorized program which
functions from inside what seems to be an
authorized program, thereby concealing what it
is actually doing.
Internet Time Theft -This connotes the usage by
unauthorized persons of the Internet hours paid
for by another person.
Web jacking -This occurs when someone
forcefully takes control of a website (by cracking
the password ). The actual owner of the website
does not have any more control over what
appears on that website.

Logic bombs are dependent programs.

This implies that these programs are
created to do something only when a
certain event occurs, e.g. some viruses
may be termed logic bombs because
they lie dormant all through the year and
become active only on a particular date.
E-Mail spoofing -A spoofed email is one
that appears to originate from one
source but actually has been sent from
another source. This can also be termed
as E-Mail forging

Salami attacks are used for the commission of

financial crimes. The key here is to make the
alteration so insignificant that in a single case
it would go completely unnoticed e.g. A bank
employee inserts a program into banks
servers, that deducts a small amount from the
account of every customer.
Click jacking is a form of cyber attack where
the hacker uses an invisible layer over the
embedded web content (this could be an
image, video or button) to intercept and hijack
you to a mirror website and mine information
from you.

Cyber terrorism is the premeditated use of

disruptive activities, or the threat thereof, in
cyber space, with the intention to further
social, ideological, religious, political or similar
objectives, or to intimidate any person in
furtherance of such objectives.
Eg: A simple propaganda in the Internet/SMS,
that there will be bomb attacks during the
holidays
Mobile pickpocketing (SMS/call fraud), or the
ability to charge a phone bill via SMS billing
and phone calls. Malware uses these
mechanisms to steal directly from user
accounts.

Keyloggers are regularly used in

computers to log all the strokes a
victim makes on the keyboard.
Eg: If a key logger is installed on a
computer which is regularly used
for online banking and other
financial transactions then their
passwords can be taken without the
knowledge of the user

CYBER LAW
Cyber law is a generic term which refers to
all the legal and regulatory aspects of
Internet and the World Wide Web. Anything
concerned with or related to or emanating
from any legal aspects or issues
concerning any activity of citizens in and
concerning Cyberspace comes within the
ambit of Cyber law.

Stored Communications Act which is passed in

1986 is focused on protecting the confidentiality,
integrity and availability of electronic
communications that are currently in some form
of electronic storage
Digital Millennium Copyright Act which is passed in
1998 is a United States copyright law that
criminalizes the production and dissemination
of technology, devices
Electronic Communications Privacy Act of 1986
extends the government restrictions on wiretaps
from telephones.

Internet Spyware Prevention Act (I-SPY)

prohibits the implementation and use of
spyware.
Gramm-Leach-Bliley Act (GLBA) requires
financial institutions and credit
agencies increase the security of
systems that contain their customers
personal information.
Identity Theft and Aggravated Identity
Theft defines the conditions under
which an individual has violated
identity theft laws.

Under The Information

Technology Act, 2000
CHAPTER XI OFFENCES 66. Hacking with
computer system.
Whoever with the Intent to cause or knowing
that he is likely to cause Wrongful Loss or
Damage to the public or any person Destroys or
Deletes or Alters any Information Residing in a
Computer Resource or diminishes its value or
utility or affects it injuriously by any means,
commits hack.
(2) Whoever commits hacking shall be punished with
imprisonment up to three years, or with fine which may
extend up to two lakh rupees, or with both.

Information Technology Amendment Act, 2008

Section 43,
Destroys, Deletes or Alters any Information residing
in a computer resource or diminishes its value or
utility or affects it injuriously by any means;
Steals, conceals, destroys or alters or causes any
person to steal, conceal, destroy or alter any
computer source code used for a computer
resource with an intention to cause damage;
If any person, dishonestly, or fraudulently, does
any act referred to in section 43, he shall be
punishable with imprisonment for a term which may
extend to two three years or with fine which may
extend to five lakh rupees or with both. [S.66]

S.66A - Punishment for sending offensive messages through

communication service, etc
Any person who sends, by means of a computer resource or a
communication device;
Any information that is grossly offensive or has menacing
character; or
Any information which he knows to be false, but for the purpose
of causing annoyance, inconvenience, danger, obstruction, insult,
injury, criminal intimidation, enmity, hatred, or ill will, persistently
makes by making use of such computer resource or a
communication device;
Any electronic mail or electronic mail message for the purpose of
causing annoyance or inconvenience or to deceive or to mislead
the addressee or recipient about the origin of such messages;
Shall be punishable with imprisonment for a term which may
extend to three years and with fine.

S. 66C - Punishment for identity theft

Whoever, fraudulently or dishonestly make use of the
electronic signature, password or any other unique
identification feature of any other person, shall be
punished with imprisonment of either description for a
term which may extend to three years and shall also
be liable to fine which may extend to rupees one lakh
S. 66D - Punishment for cheating by personation by
using computer resource
Whoever, by means of any communication device or
computer resource cheats by personation, shall be
punished with imprisonment of either description for a
term which may extend to three years and shall also
be liable to fine which may extend to one lakh rupees.

S. 66E - Punishment for violation of privacy.

Whoever, intentionally or knowingly captures, publishes
or transmits the image of a private area of any person
without his or her consent, under circumstances violating
the privacy of that person, shall be punished with
imprisonment which may extend to three years or with
fine not exceeding two lakh rupees, or with both
S. 67 A - Punishment for publishing or transmitting of
material containing sexually explicit act, etc. in electronic
form
Whoever publishes or transmits or causes to be
published or transmitted in the electronic form any
material which contains sexually explicit act or conduct
shall be punished on first conviction with imprisonment
of either description for a term which may extend to five
years and with fine which may extend to ten lakh rupees

S. 67 C - Preservation and Retention of

information by intermediaries.
(1) Intermediary shall preserve and retain such
information as may be specified for such
duration and in such manner and format as the
Central Government may prescribe.
(2) Any intermediary who intentionally or
knowingly contravenes the provisions of sub
section (1) shall be punished with an
imprisonment for a term which may extend to
three years and shall also be liable to fine.

ARRESTS & REPORTS

UNDER IT ACT

Under the IT Act, 966 cybercrime cases were filed in 2010

420 in 2009)
Geographic breakdown of cases reported:
153 from Karnataka,
148 from Kerala
142 from Maharashtra
105 Andhra Pradesh
52 Rajasthan
52 Punjab
233 persons were arrested in 2010
33% of the cases registered were related to hacking
Source: National Crime Records Bureau

ARRESTS & REPORTS

UNDER IPC
Under the IPC,
356 cybercrime cases were registered in 2010 (276
cases in 2009)

Geographic breakdown of cases reported -104 from Maharashtra

66 Andhra Pradesh
46 Chhattisgarh
The majority of these crimes were either forgery or
fraud cases.
Source: National Crime Records Bureau

SAFETY TIPS TO AVOID

CYBERCRIME
Use anti-virus software and firewalls - keep
them up to date
Keep your operating system up to date with
critical security updates and patches
Don't open emails or attachments from
unknown sources
Use hard-to-guess passwords. Dont use
words found in a dictionary. Remember that
password cracking tools exist
Back-up your computer data on disks or
CDs often

 Don't share access to your computers

with strangers
If you have a Wi-Fi network, password
protect it
Disconnect from the Internet when not
in use
Re evaluate your security on a regular
basis
Make sure your employees and family
members know this info too!

FORENSICS
The use of science and technology to
investigate and establish facts in
criminal or civil courts of law.
Goal of computer forensics is to
examine digital media in a forensically
sound manner with the aim of
identifying, preserving, recovering,
analyzing and presenting facts and
opinions about the information.

HISTORY
Michael Anderson
Father of computer forensics
special agent with IRS
Meeting in 1988 (Portland, Oregon)
creation of IACIS, the International
Association of Computer Investigative
Specialists
the first Seized Computer Evidence
Recovery Specialists (SCERS) classes
held

WHY?
The main task or the advantage from the computer
forensic is to catch the culprit or the criminal who is
involved in the crime related to the computers.
Computer forensics has emerged as important part
in the disaster recovery management
Ability to search through a massive amount of dataQuickly, Thoroughly and In any language
The importance lies mainly in handling criminal
actions such as fraud, phishing, identity theft or
many other criminal activities

WHAT CYBER FORENSICS AIMS AT?

Identify root cause of an event to ensure it wont

happen again
Must understand the problem before you
can be sure it wont be exploited again.
Who was responsible for the event?
Most computer crime cases are not prosecuted
Consider acceptability in court of
law as our standard for investigative practice.
Ultimate goal is to conduct
investigation in a manner that will stand up to
legal scrutiny.
Treat every case like a court case!

STEPS FOR COMPUTER FORENSICS

Acquisition
Identification
Evaluation
Presentation

DISADVANTAGES
It may happen in some cases that the privacy of the
client is compromised.
There are also the chances of introduction of some
malicious programs in the computer system that may
corrupt the data at a later stage of time.
It is also possible that the data is in dispute and neither
of the disputing parties can use the data. Due to this
reason the business operations may also be affected.
Producing electronic records & preserving them is
extremely costly
Legal practitioners must have extensive computer
knowledge and vice versa

EDWARD JOSEPH SNOWDEN

(BORN JUNE 21, 1983) IS AN
AMERICAN COMPUTER
SPECIALIST AND FORMER CIA
EMPLOYEE AND NSA
CONTRACTOR WHO
DISCLOSED CLASSIFIED
DETAILS OF SEVERAL TOP
SECRET UNITED STATES,
ISRAELI, AND BRITISH
GOVERNMENT MASS
SURVEILLANCE PROGRAMS
TO THE PRESS. HE IS LIVING
IN RUSSIA UNDER
TEMPORARY POLITICAL
ASYLUM AND IS CONSIDERED
A FUGITIVE FROM JUSTICE
BY AMERICAN AUTHORITIES,
WHO HAVE CHARGED HIM
WITH ESPIONAGE AND THEFT
OF GOVERNMENT PROPERTY.

A FINAL WORD

Treat your password like

you treat your tooth
brush. Never give to any
one else to use, and
change it every few
months

THANK - YOU