|
|






| 



 








|

 
||'.
| 


 ||'.
 ! "##$

- Karnika Seth, Partner & Cyber Lawyer

- SETH ASSOCIATES
ADVOCATES & LEGAL CONSULTANTS
Copyright© Seth Associates 2008
   | 



ß

|

, 
|

|

,
|

,, %
|

%
|

or

 |

is where
a computer is the target of
a crime or is the means
adopted to commit a crime.
ß -ost of these crimes are
not new. Criminals simply
devise different ways to
undertake standard criminal
activities such as fraud
fraud,,
theft,, blackmail
theft blackmail,, forgery
forgery,,
and embezzlement using
the new medium, often
involving the Internet
|

&

ß |

   


  
 

ß Ease of access
ß Complexity of technology
ß Human error
ß One of the key elements that keeps most members of any society
honest is fear of being caught Ɯ the deterrence factor. Cyberspace
changes two of those rules. First, it offers the criminal an opportunity
of attacking his victims from the remoteness of a different continent
and secondly, the results of the crime are not immediately apparent.
ß Need new laws and upgraded technology to combat cyber crimes
 
 | 



ß Credit card frauds
ß Cyber pornography
ß Sale of illegal articles-
articles-narcotics, |

   
weapons, wildlife
ß Online gambling
ß Intellectual Property crimes-
crimes-
software piracy, copyright
infringement, trademarks
violations, theft of computer |

 

 
source code
ß Email spoofing
ß Forgery
ß Defamation
ß Cyber stalking (section 509 |

 
 
IPC)
ß Phising
ß Cyber terrorism
|

'

ß '

ß A computer virus is a
computer program that (

can infect other
computer programs by
modifying them in such
a way as to include a
(possibly evolved) copy
of it. Note that a
program does not have  
to perform outright 
    


damage (such as
  
  


deleting or corrupting
files) in order to be
called a "virus".
 | 


! 




 
 
 
   

 

 
    
 
|
 



ß Technological measures-
measures-
Public key cryptography,
Digital signatures ,Firewalls,
honey pots
ß Cyber investigation-
investigation-
Computer forensics is the
process of identifying,
preserving, analyzing and
presenting digital evidence in
a manner that is legally
acceptable in courts of law.
ß These rules of evidence
include admissibility (in
courts), authenticity (relation
to incident), completeness,
reliability and believability.
ß Legal framework-
framework-laws &
enforcement

 &

ß representatives from the 26 ß -ain objectives-
objectives-
Council of Europe members, the
United States,
States, Canada
Canada,, Japan and ß Create effective cyber crime
South Africa in 2001 signed a laws
convention on cybercrime in efforts
to enhance international ß Handle jurisdiction issues
cooperation in combating
computer--based crimes.
computer ß Cooperate in international
investigations
The Convention on Cybercrime,
Cybercrime,
drawn up by experts of the Council ß Develop acceptable
of Europe, is designed to practices for search and
coordinate these countries' policies
and laws on penalties on crimes in seizure
cyberspace, define the formula
guaranteeing the efficient ß Establish effective
operation of the criminal and public/private sector
judicial authorities, and establish interaction
an efficient mechanism for
international cooperation.
ß In 1997, The G-8 -inisters agreed
to ten "Principles to Combat High-
High-
Tech Crime" and an "Action Plan to
High-Tech Crime."
Combat High-
Frequency of incidents of Cyber crimes in India



" 


%&
(
"
"''(%&
 #  
" )''
*+## "
%&

# ")',(
-..(/  0|

  "''('-

 "  #|$

1
No. of Indian web-sites defaced
8000
7039
7000
6000
5000
4000
3000 2219
2000
1002
1000 441
0
1998 1999 2000 2001

Ö.
Number of Indian sites hacked

Site of BARC-panic all around

ÖÖ
 r
r  

  4tate versus Amit Pasari and Kapil Juneja

  Delhi Police
M/s 4oftweb 4olutions
Website www.go2nextjob.com hosted
Complaint of hacking by web hosting service
  4tate versus Joseph Jose
Delhi Police
  Hoax Email - Purported planting of 6 bombs in Connaught Place
  4tate versus Aneesh Chopra
Delhi Police
  Three company websites hacked
  Accused: An ex -employee
  4tate versus K R Vijayakumar
Bangalore Cyber Crime Police 4tation, 2001
  Criminal intimidation of employers and crashing the company¶s
server
  Phoenix Global solutions

Ö

 2001 C4I/FBI Computer Crime and 4ecurity 4urvey

Of the organizations suffering security compromises in the last

year± 95% had Firewalls and 61%had ID4s

1998 1999 2000 2001

4ECURITY TECHNOLOGIE4
U4ED % % % %
Intrusion Detection 4ystems 35 42 50 61
Firewalls 81 91 78 95
Encrypted Files 50 61 62 64
Anti-virus software 96 98 100 98
Access Control 89 93 92 90

 
 







Ö&
È ( 


)
ß Cyber crime is now a bigger threat to India Inc than
physical crime. In a recent survey by IB-, a greater
number of companies (44%) listed cyber crime as a
bigger threat to their profitability than physical
crime (31%).

The cost of cyber crime stems primarily from loss of

revenue, loss of market capitalisation, damage to
the brand, and loss of customers, in that order.

About 67% local Chief Information Officers (CIOs)

who took part in the survey perceived cyber crime
as more costly, compared to the global benchmark
of 50%.
|
| 




| 






 *
ß Information Technology Act, 2000-
2000-came into force on 17
October 2000
ß Extends to whole of India and also applies to any offence or
contravention there under committed outside India by any
person {section 1 (2)}
ß read with Section 75-
75- Act applies to offence or contravention
committed outside India by any person irrespective of his
nationality, if such act involves a computer, computer system
or network located in India
ß Section 2 (1) (a) ƛơAccessơ means gaining entry into
,instructing or communicating with the logical, arithmetic or
memory function resources of a computer, computer
resource or network
ß IT Act confers legal recognition to electronic records and
digital signatures (section 4,5 of the IT Act,2000)
|&È  
+
ß Chapter IX of IT Act, Section 43
ß Whoever without permission of owner of the
computer
ƛ Secures access (mere U/A access)
ß Not necessarily through a network
ƛ Downloads, copies, extracts any data
ƛ Introduces or causes to be introduced any viruses or
contaminant
ƛ Damages or causes to be damaged any computer resource
ß Destroy, alter, delete, add, modify or rearrange
ß Change the format of a file
ƛ Disrupts or causes disruption of any computer resource
ß Preventing normal continuance of
ƛ Denies or causes denial of access by any means
ß Denial of service attacks
ƛ Assists any person to do any thing above
ß rogue Websites, Search Engines, Insiders providing
vulnerabilities
ƛ Charges the services availed by a person to the
account of another person by tampering or
manipulating any computer resource
ß Credit card frauds, Internet time thefts
ƛ Liable to pay damages not exceeding rs. One
crore to the affected party
ƛ Investigation by
ƛ ADJUDICATING OFFICEr
ƛ Powers of a civil court
4
 ,-+
ß 4ection 46 of the IT Act states that an adjudicating
officer shall be adjudging whether a person has committed a
contravention of any of the provisions of the said Act, by
holding an inquiry. Principles of audi alterum partum and
natural justice are enshrined in the said section which
stipulates that a reasonable opportunity of making a
representation shall be granted to the concerned person
who is alleged to have violated the provisions of the IT
Act. The said Act stipulates that the inquiry will be carried out
in the manner as prescribed by the Central Government
ß All proceedings before him are deemed to be judicial
proceedings, every Adjudicating Officer has all powers
conferred on civil courts
ß Appeal to cyber Appellate Tribunal-
Tribunal- from decision of
Controller, Adjudicating Officer {section 57 IT act}
4
 ,. +
ß 4ection 47 of the Act lays down that while
adjudging the quantum of compensation
under this Act, the adjudicating officer
shall have due regard to the following
factors, namely-
namely-
ß (a) the amount of gain of unfair advantage,
wherever quantifiable, made as a result of
the default;
ß (b) the amount of loss caused to any
person as a result of the default;
ß (c) the repetitive nature of the default
4
 -!/4 
| 

ß -ost important asset of software companies

ß ƠComputer Source Code" means the listing
of programmes, computer commands,
design and layout
ß Ingredients
ƛ Knowledge or intention
ƛ Concealment, destruction, alteration
ƛ computer source code required to be kept or
maintained by law
ß Punishment
ƛ imprisonment up to three years and / or
ƛ fine up to rs. 2 lakh
 4ection 66: Hacking
  Ingredients
Intention or Knowledge to cause wrongful loss
or damage to the public or any person
Destruction, deletion, alteration, diminishing
value or utility or injuriously affecting
information residing in a computer resource
  Punishment
imprisonment up to three years, and / or
fine up to Rs. 2 lakh
  Cognizable, Non Bailable,

''     2   


Ö
4
0-.01  
ß Ingredients
ƛ Publishing or transmitting or causing to be published
ƛ in the electronic form,
ƛ Obscene material
ß Punishment
ƛ On first conviction
ß imprisonment of either description up to five years and
ß fine up to rs. 1 lakh
ƛ On subsequent conviction
ß imprisonment of either description up to ten years and
ß fine up to rs. 2 lakh

ß Section covers
ƛ Internet Service Providers,
ƛ Search engines,
ƛ Pornographic websites
ß Cognizable, Non-
Non-Bailable, J-IC/ Court of Sessions
4
-2/
   
 
 
ß Ingredients
ƛ Controller issues order to Government agency to
intercept any information transmitted through any
computer resource.
ƛ Order is issued in the interest of the
ß sovereignty or integrity of India,
ß the security of the State,
ß friendly relations with foreign States,
ß public order or
ß preventing incitement for commission of a cognizable
offence
ƛ Person in charge of the computer resource fails to
extend all facilities and technical assistance to
decrypt the information-
information-punishment upto 7 years.
4
.#1 

4 


ß Ingredients
ƛ Securing unauthorised access or attempting to
secure unauthorised access
ƛ to Ɲprotected systemƞ
ß Acts covered by this section:
ƛ Switching computer on / off
ƛ Using installed software / hardware
ƛ Installing software / hardware
ƛ Port scanning
ß Punishment
ƛ Imprisonment up to 10 years and fine
ß Cognizable, Non-
Non-Bailable, Court of Sessions
| 


 


&  
ß Sending pornographic or obscene emails are punishable under Section 67 of the IT Act.

ß An offence under this section is punishable on first conviction with imprisonment for a
term, which may extend to five years and with fine, which may extend to One lakh
rupees.

ß In the event of a second or subsequent conviction the recommended punishment is

imprisonment for a term, which may extend to ten years and also with fine which may
extend to Two lakh rupees.

ß Emails that are defamatory in nature are punishable under Section 500 of the Indian
Penal Code (IPC), which recommends an imprisonment of upto two years or a fine or
both.

ß Threatening emails are punishable under the provisions of the IPC pertaining to criminal
intimidation, insult and annoyance (Chapter XXII), extortion (Chapter XVII)

ß 
  
Email spoofing is covered under provisions of the IPC relating to
fraud, cheating by personation (Chapter XVII), forgery (Chapter XVIII)
 Computer Related Crimes under IPC
and 4pecial Laws
4ending threatening messages by email 4ec 503 IPC

4ending defamatory messages by email 4ec 499, 500 IPC

Forgery of electronic records 4ec 463, 470, 471 IPC

Bogus websites, cyber frauds 4ec 420 IPC

Email spoofing 4ec 416, 417, 463 IPC

Online sale of Drugs NDP4 Act

Web-Jacking 4ec. 383 IPC

Online sale of Arms Arms Act

'
 Cognizability and Bailability
  Not mentioned in the Act
Rely on Part II of 4chedule I of CrPC
  If punishable with death, imprisonment for life or
imprisonment for more than 7 years: Cognizable,
Non-Bailable, Court of 4ession
  If punishable with imprisonment for 3 years and
upwards but not more than 7 years: Cognizable, Non -
Bailable, Magistrate of First Class
  If punishable with imprisonment of less than 3 years:
Non-Cognizable, Bailable, Any Magistrate (or
Controller of CAs)

,
1 
 1 
 
&


a Section 156 Cr Cr..P.C. : Power to

investigate cognizable offences
offences..
a Section 155 Cr Cr..P.C. : Power to
investigate non cognizable offences
offences..
a Section 91 Cr Cr..P.C. : Summon to
produce documents
documents..
a Section 160 Cr Cr..P.C. : Summon to
require attendance of witnesses.
witnesses.
1 
 1 
 &


3 04

a Section 165 Cr Cr..P.C. : Search by police

officer..
officer
a Section 93 CrCr..P.C : General provision as
to search warrants.
warrants.
a Section 47 Cr
Cr..P.C. : Search to arrest the
accused..
accused
a Section 78 of IT Act, 2000 : Power to
investigate offences-
offences-not below rank of
DSP..
DSP
a Section 80 of IT Act, 2000 : Power of
police officer to enter any public place
and search & arrest.
arrest.
|
4
|
4  516


ß The recently reported case of a Bank
Fraud in Pune in which some ex
employees of BPO arm of -Phasis Ltd
-sourcE, defrauded US Customers of
Citi Bank to the tune of rS 1.5 crores
has raised concerns of many kinds
including the role of "Data Protection".
|
4 3 04
ß The crime was obviously committed using "Unauthorized Access" to
the "Electronic Account Space" of the customers. It is therefore
firmly within the domain of "Cyber Crimes".
ß ITA--2000 is versatile enough to accommodate the aspects of crime
ITA
not covered by ITA-
ITA-2000 but covered by other statutes since any IPC
offence committed with the use of "Electronic Documents" can be
considered as a crime with the use of a "Written Documents".
"Cheating", "Conspiracy", "Breach of Trust" etc are therefore
applicable in the above case in addition to section in ITA-
ITA-2000.
ß Under ITA-
ITA-2000 the offence is recognized both under Section 66 and
Section 43. Accordingly, the persons involved are liable for
imprisonment and fine as well as a liability to pay damage to the
victims to the maximum extent of rs 1 crore per victim for which the
"Adjudication Process" can be invoked.
|
4 3 04
ß The BPO is liable for lack of security that enabled the commission of the fraud
as well as because of the vicarious responsibility for the ex-
ex-employee's
involvement. The process of getting the PIN number was during the tenure of
the persons as "Employees" and hence the organization is responsible for the
crime.
ß Some of the persons who have assisted others in the commission of the crime
even though they may not be directly involved as beneficiaries will also be
liable under Section 43 of ITA-
ITA-2000.
ß Under Section 79 and Section 85 of ITA-
ITA-2000, vicarious responsibilities are
indicated both for the BPO and the Bank on the grounds of "Lack of Due
Diligence".
ß At the same time, if the crime is investigated in India under ITA-
ITA-2000, then
the fact that the Bank was not using digital signatures for authenticating the
customer instructions is a matter which would amount to gross negligence on
the part of the Bank. (However, in this particular case since the victims
appear to be US Citizens and the Bank itself is US based, the crime may come
under the jurisdiction of the US courts and not Indian Courts).
 |
4 
|
4  |
 7   
8 
 



l The complainant has received a

threatening email demanding protection
from unknown person claiming to be the
member of Halala Gang, Dubai Dubai.. Police
registered a case u/s.
u/s. 384
384//506/
506/511 IPC.
IPC.
l The sender of the email used the email ID
xyz@yahoo..com & abc@yahoo.
xyz@yahoo abc@yahoo.com and
signed as Chengez Babar
Babar..
|
4 3 04

l Both the email accounts were tracked,

detail collected from ISPƞs & locations
were identified.
identified.
l The Cyber cafes from which the emails
has been made were monitored and
the accused person was nabbed red
handed..
handed
 FIr NO 76/02 PS
PArLIA-ENT STrEET

ß 8 0469+:+9%|'%+9:
8 0469+:+9%|'%+9:
8+4
ß  8+;68
ƛ
 
&

$,<* 0

ƛ
  
&

$,< 
0

ß %|+4È+4;
ß +||=4146964%41+94=9:
>2$,64

&-
+4=4&
 

8"##?

 
8"##?
| 



ß Non reporting-
reporting-causes
*3#*/4
ß 60% feared negative
#||Ö15 publicity
ß 23% did not know
6#$#*
Ö5
police equipped to
handle cyber crimes
ß 9% feared further
cyber attacks
##&&5
ß 8% had no awareness
of cyber laws
ß False arrest concerns
5

 



&

ß -umbai Cyber lab is a joint initiative of -umbai police and
NASSCO- ƛmore exchange and coordination of this kind
ß Suggested amendments to the IT Act,2000-
Act,2000-new provisions for
child pornography, etc
ß -ore Public awareness campaigns
ß Training of police officers to effectively combat cyber crimes
ß -ore Cyber crime police cells set up across the country
ß Effective E-
E-surveillance
ß Websites aid in creating awareness and encouraging reporting
of cyber crime cases.
ß Specialised Training of forensic investigators and experts
ß Active coordination between police and other law enforcement
agencies and authorities is required.
ß In case you have any queries Ʀplease feel free to write in at
Karnika@sethassociates.com

4%+446|+4
ADVOCATES AND LEGAL CONSULTANTS


6
:: C-


6
C-1/16, Daryaganj, New Delhi-
Delhi-110002,
India
Tel:+91 (11) 55352272, +91 9868119137

6
: B-
|  
6
: B-10, Sector 40, NOIDA-
NOIDA-201301, N.C.r,
India
Tel: +91 (120) 4352846, +91 9810155766
Fax: +91 (120) 4331304
E-mail: mail@sethassociates.com www.sethassociates.com