Cyber Crime

Cyber Crimes D. Bala Krishna NALSAR

Crime • Mala in se & Mala in prohibita • Definition • Mens rea + Actus reaus = Crime

Computer Crime •

Computer crime encompass a broad range of   potentially illegal activities. activities. • It may be divided into two categories 1. Crimes that target computer networks or  devices directly 2. Crimes facilitated by computer networks computer networks or  devices, the primary target of which is independent of the computer network or  network or  device

Computer Crime E.g. of crimes that primarily that primarily target computer  networks or devices • Malware (malicious code) • Denial-of-service attacks • Computer viruses

Computer Crime Examples of crimes that merely use computer  networks or devices • Cyber stalking • Fraud and identity theft • Phishing scams • Information warfare

Cyber Crimes • • • • • • • • • • •

Credit card frauds Cyber pornography Sale of illegal articles-narcotics, weapons, wildlife Online gambling Intellectual Property Crimes- software piracy, copyright infringement, trademarks violations, theft of computer source code Email spoofing Forgery Defamation Cyber stalking Phishing Cyber terrorism

Cyber & bad Purposes • Vandalism • Vigilantism • Fraud • Terrorism • Warfare

Law & cyber crimes • I.T Act • I.P.C • Cr.P.C • I.E.A

Computer Related Crimes under IPC and Special Laws Sending threatening messages by email

Sec 503 IPC

Sending defamatory messages by email

Sec 499, 500 IPC

Forgery of electronic records

Sec 463, 470, 471 IPC

Bogus websites, cyber frauds

Sec 420 IPC

Email spoofing

Sec 416, 417, 463 IPC

Online sale of Drugs

NDPS Act

Web-Jacking

Sec. 383 IPC

Online sale of Arms

Arms Act

Power of Police to Investigate  

 



Sec.165 of Cr.P.C. : Search by police officer. Sec.93 of Cr.P.C : General provision as to search warrants. Sec.47 of Cr.P.C. : Search to arrest the accused. Sec.78 of IT Act,2008 : Power to investigate offences-not below rank  of Inspector. Sec. 80 of IT Act, 2000 : Power of police officer  to enter any public place and search & arrest.

Power of Police to Investigate 



 

Sec.156 Cr.P.C. : Power to investigate cognizable offences. Sec.155.Cr.P.C. :Power to investigate noncognizable offences. Sec.91. Cr.P.C. : Summon to produce documents Sec.160. Cr.P.C. :Summon to require attendance of witnesses.

Information Technology Act • History of the Act • Specifics of the Act • Essence of the Act • The Information Technology (Amendment) Act, 2008 • Criticism •  Notification Of IT Act 2008

Contd. • History of the Act • Information Technology Act -2000 • Information Technology Act -2008 • Evolved over a period of time between 1998 to 2009

Specifics of the Act • Information technology Act 2000 • Consisted of 94 sections • Segregated into 13 chapters. • Four schedules form part of the Act.

Contd. • In the Act,2008 • there are 124 sections • (excluding) 5 sections that have been omitted from the earlier version) and • 14 chapters. • Schedule I and II have been replaced • Schedules III and IV are deleted.

IT Act,2000 • Essence of the Act • Information Technology Act 2000 addressed the following issues: • Legal Recognition of Electronic Documents • Legal Recognition of Digital Signatures • Offenses and Contraventions • Justice Dispensation System for Cyber crimes

Contd. • ITA 2008 as the new version of Information Technology Act 2000 • Provided additional focus on Information Security. • It has added several new sections on offences including • Cyber Terrorism and • Data Protection.

Contd. • The Information Technology (Amendment) Act, 2008 • The Government of India has brought major  amendments to ITA-2000 in form of the Information Technology Amendment Act, 2008

Criticism • The amendment was passed in an eventful Parliamentary session on 23rd of December  2008 with no discussion in the House. • Lack of legal and procedural safeguards to  prevent violation of civil liberties of Indians

Appreciation • It addresses the issue of Cyber Security. • Sec 69: empowers the Central Government /State Government / its authorized agency • intercept, monitor or decrypt any information generated, transmitted, received or stored in any computer resource if it is necessary or expedient so to do in the interest of the sovereignty or integrity of  India, defence of India, security of the State, friendly relations with foreign States or public order or for   preventing incitement to the commission of any cognizable offence or for investigation of any offence.

Contd. • Notification Of IT Act 2008 • The Information Technology Amendment Act, 2008 (IT Act 2008) has been passed on 23rd December  2008 and received the assent of President of India on 5th February, 2009. The IT Act 2008 has been notified on Oct 27 2009 •  Notification under IT (Amendment) Act, 2008 • Enforcement of IT (Amendment) Act 2008 •  Notification of Rules under Section 52, 54, 69, 69A, 69B.

Mo Communication & I.T • Is an Indian government ministry. • It contains three departments: • Department of Telecommunications • Department of Information Technology • Department of Posts

Department of Information Technology • Department of Information Technology • The newest department, the Department of Information Technology (DIT) regulates the various aspects of Indian information technology. The following are comprehensive functions of the DIT: • Policy matters relating to Information Technology; Electronics; and Internet (all matters other than licensing of  Internet Service Providers) • Promotion of Internet, IT and IT-enabled services • Assistance to other departments in the promotion of  e-governance, e-commerce, e-medicine, e-infrastructure, etc. • Promotion of I T education and Information Technology-based education

Contd.

• Matters relating to Cyber Laws, administration of the Information Technology Act 2000 (21 of 2000) and other  IT-related laws • Matters relating to promotion and manufacturing of  semiconductor devices in the country excluding all matters relating to Semiconductor Complex Limited Mohali; the Semiconductor Integrated Circuits Layout Design Act, 2000 (37 of 2000) • Interaction in IT-related matters with international agencies and bodies, e. g., Internet for Business Limited, Institute for  Education in Information Society and International Code Council-on line • Initiative on bridging the Digital Divide: matters relating to Media Lab Asia • Promotion of standardization, testing and quality in IT and standardization of procedures for IT applications and tasks • Electronics Export and Computer Software Promotion Council

CERT The purpose of the CERT• for responding to computer security incidents as and when they occur; • the CERT-In will also assist members of the Indian Community in implementing proactive measures to reduce the risks of computer  security incidents."

Contd. • Artifact analysis • Incident tracing • Proactive • Issue security guidelines, advisories and timely advise. • Vulnerability analysis and response • Risk Analysis • Security Product evaluation • Collaboration with vendors •  National Repository of, and a referral agency for, cyber-intrusions. • Profiling attackers. • Conduct training, research and development. • Interact with vendors and others at large to investigate and provide solutions for incidents.

CERT • AUTHORITY • The Indian Computer Emergency Response Team • Operates under the auspices of, and with authority delegated by, the Department of Information Technology, • Ministry of Communications & Information Technology, Government of India. Vide notification  published in Part II, Section 3, Sub-section (ii) of the Gazette of India, Extraordinary, and Dated 27th October, 2009

Contd. • • • • • • • • • • • •

 Network Security "  Network Security : An Introduction  Networks Vulnerabilities Type of Threats/Attacks Assessing software and Network device vulnerabilities  Network configuration Flaws Host Based Security Secure installation of hosts Patching up the latest vulnerabilities Server Services security Authentication, authorization and Access control Firewall Secure Configuration – Replacing the default configurations with custom configurations • Confidentiality

Cyber Crime Brief Description •

Cyber Stalking internet chats.

Stealthily Following a person, tracking his 43, 65, 66

•

Intellectual Property Crime

•

Pornography

Publishing Obscene in Electronic Form 67

•

Child Pornography involving children

Publishing Obscene in Electronic Form 67, 67 (2) under proposal

•

Video Voyeurism Transmitting Private / Personal Video’s On internet and mobiles Proposed 72(3)

•

Salami Attack Deducting small amounts from an account without coming in to notice, to make big amount 43, 65, 66

Source Code Tampering etc.

65

Contd. • E-Mail BombinFlooding an E-mail box with innumerable number of E-mails, to disable to notice important message at times.66 • Phishing Bank Financial Frauds in Electronic Banking Proposed data Protection Provisions under 43, 65, 66, 419 A • Personal Data Theft (2)

Stealing personal data

43

• Identity Theft Stealing cyberspace identity information of  • individual66, 43 • Spoofing Stealing credentials using ,Friendly and familiar  GUI’ s Provisions Under 43, 65, 66 and 66

International Cooperation in Combating Cyber-Crime

International Nature • Access/mobility of data fundamental to economic systems • Borders by-passed • Exploitation by criminals & terrorists  – data hidden abroad  – hackers and viruses abroad  – economic criminals abroad  – illegal content abroad  – communicate to plan

Cont’d 

International Nature • Minimal risk of detection and apprehension • Different national laws • Crime is borderless but enforcement is constrained by borders • International cooperation is essential

Harmonization of National Laws • Common framework required • But , no universal consensus of:  –  types of “computer crime”  – set of procedural powers  – specifics of definition or scope

Cont’d 

Harmonization of National Laws •  No truly international fora • Problems regarding international cooperation inter-related with harmonization of substantive & procedural law

Inter-relation with procedural law • International investigative powers are coextensive with domestic powers:  – search or production of data  –  preservation of stored data  – collection of traffic data  – interception of communications

• Obtain evidence and trace communications

Legal Framework for International Cooperation • Mutual legal assistance  – scope of cooperation  – mechanics of cooperation  – general obligations  – specific investigative powers

• Extradition  – dual criminality  – nationality

Computer security • • • • • • •

Passwords Firewalls Data Encryption Employees Web assurance services Computer contingency planning Disaster recovery planning

Combating cyber crimes • Technological measures-Public key cryptography, Digital signatures ,Firewalls, honey pots • Cyber investigation- Computer forensics is the  process of identifying, preserving, analyzing and presenting digital evidence in a manner  that is legally acceptable in courts of law. • Legal framework -laws & enforcement