Chapter: 4 Introduction to Cyber Crime and law

I. Cyber Crimes, Types of Cybercrime, Hacking

At the Tenth United Nations Congress on the Prevention of Crime and Treatment
of Offenders, in a workshop devoted to the issues of crimes related to computer
networks, cybercrime was broken into two categories and defined thus:
a. Cybercrime in a narrow sense (computer crime): Any illegal behavior
directed by means of electronic operations that targets the security of
computer systems and the data processed by them.
b. Cybercrime in a broader sense (computer-related crime): Any illegal
behavior committed by means of, or in relation to, a computer system or
network, including such crimes as illegal possession [and] offering or
distributing information by means of a computer system or network.

"Cyber" is a prefix used to describe a person, thing, or idea as part of the

computer and information age. Taken from kybernetes, Greek word for
"steersman" or "governor," it was first used in cybernetics, a word coined by
Norbert Wiener and his colleagues. The virtual world of internet is known as
cyberspace and the laws governing this area are known as Cyber laws and all
the netizens of this space come under the ambit of these laws as it carries a kind
of universal jurisdiction. Cyber law can also be described as that branch of law
that deals with legal issues related to use of inter-networked information
technology. In short, cyber law is the law governing computers and the internet.

The growth of Electronic Commerce has propelled the need for vibrant and
effective regulatory mechanisms which would further strengthen the legal
infrastructure, so crucial to the success of Electronic Commerce. All these
regulatory mechanisms and legal infrastructures come within the domain of Cyber
law.

Cyber law is important because it touches almost all aspects of transactions and
activities on and involving the internet, World Wide Web and cyberspace. Every
action and reaction in cyberspace has some legal and cyber legal perspectives.

Cyber law encompasses laws relating to –

• Cyber crimes

• Electronic and digital signatures

 • Intellectual property

• Data protection and privacy

➢ Types of Cyber Crime

I. Cyber pornography
This would include pornographic websites; pornographic magazines
produced using computers (to publish and print the material) and the
Internet (to download and transmit pornographic pictures, photos, writings
etc). (Delhi Public School case)

II. Sale of illegal articles:

This would include sale of narcotics, weapons and wildlife etc., by posting
information on websites, auction websites, and bulletin boards or simply by
using email communication. E.g. many of the auction sites even in India
are believed to be selling cocaine in the name of ‘honey’.

III. Online gambling

There are millions of websites; all hosted on servers abroad, that offer
online gambling. In fact, it is believed that many of these websites are
actually fronts for money laundering. Cases of hawala transactions and
money laundering over the Internet have been reported.

IV. Intellectual Property crimes

These include software piracy, copyright infringement, trademarks
violations, theft of computer source code etc. In other words this is also
referred to as cyber squatting. Satyam Vs. Siffy is the most widely known
case. Bharti Cellular Ltd. filed a case in the Delhi High Court that some
cyber squatters had registered domain names such as barticellular.com
and bhartimobile.com with Network solutions under different fictitious
names.
 V. Email spoofing
A spoofed email is one that appears to originate from one source but
actually has been sent from another source. E.g. Gauri has an e-mail
address [email protected]. Her enemy, Prasad spoofs her e-mail
and sends obscene messages to all her acquaintances. Since the e-mails
appear to have originated from Gauri, her friends could take offence and
relationships could be spoiled for life.

VI. Forgery
Counterfeit currency notes, postage and revenue stamps, mark sheets
etc can be forged using sophisticated computers, printers and scanners.
Outside many colleges across India, one finds touts soliciting the sale of
fake mark sheets or even certificates.

VII. Cyber Defamation:

This occurs when defamation takes place with the help of computers and
/ or the Internet. E.g. someone publishes defamatory matter about
someone on a website or sends e-mails containing defamatory information
to all of that person’s friends.
India’s first case of cyber defamation was reported when a company’s
employee started sending derogatory, defamatory and obscene e-mails
about its Managing Director. The e-mails were anonymous and frequent,
and were sent to many of their business associates to tarnish the image
and goodwill of the company.

VIII. Cyber stalking

The Oxford dictionary defines stalking as “pursuing stealthily”. Cyber
stalking involves following a person’s movements across the Internet by
posting messages (sometimes threatening) on the bulletin boards
frequented by the victim, entering the chat-rooms frequented by the victim,
constantly bombarding the victim with emails etc.
 IX. Unauthorized access to computer systems or networks
This activity is commonly referred to as hacking. The Indian law has,
however, given a different connotation to the term hacking, so we will not
use the term “unauthorized access” interchangeably with the term
“hacking”. However, as per Indian law, unauthorized access does occur, if
hacking has taken place. An active hackers’ group, led by one “Dr. Nuker”,
who claims to be the founder of Pakistan Hackerz Club, reportedly hacked
the websites of the Indian Parliament, Ahmedabad Telephone Exchange,
Engineering Export Promotion Council, and United Nations (India).

X. Theft of information contained in electronic form

This includes information stored in computer hard disks, removable storage
media etc.

XI. Email bombing

Email bombing refers to sending a large number of emails to the victim
resulting in the victim’s email account (in case of an individual) or mail
servers (in case of a company or an email service provider) crashing. In
one case, a foreigner who had been residing in Simla, India for almost thirty
years wanted to avail of a scheme introduced by the Simla Housing Board
to buy land at lower rates. When he made an application it was rejected on
the grounds that the scheme was available only for citizens of India. He
decided to take his revenge. Consequently he sent thousands of mails to
the Simla Housing Board and repeatedly kept sending e-mails till their
servers crashed.

XII. Data diddling

This kind of an attack involves altering raw data just before it is processed
by a computer and then changing it back after the processing is completed.
Electricity Boards in India have been victims to data diddling programs
inserted when private parties were computerizing their systems. The
NDMC Electricity Billing Fraud Case that took place in 1996 is a typical
example. The computer network was used for receipt and accounting of
electricity bills by the NDMC, Delhi. Collection of money, computerized
accounting, record maintenance and remittance in his bank were
exclusively left to a private contractor who was a computer professional.
XIII. Salami attacks
 These attacks are used for the commission of financial crimes. The key
here is to make the alteration so insignificant that in a single case it would
go completely unnoticed. E.g. a bank employee inserts a program, into the
bank’s servers, that deducts a small amount of money (say Rs. 5 a month)
from the account of every customer. No account holder will probably notice
this unauthorized debit, but the bank employee will make a sizeable
amount of money every month.

XIV. Denial of Service attack

This involves flooding a computer resource with more requests than it can
handle. This causes the resource (e.g. a web server) to crash thereby
denying authorized users the service offered by the resource. Another
variation to a typical denial of service attack is known as a Distributed
Denial of Service (DDoS) attack wherein the perpetrators are many and are
geographically widespread.

XV. Virus / worm attacks

Viruses are programs that attach themselves to a computer or a file and
then circulate themselves to other files and to other computers on a
network. They usually affect the data on a computer, either by altering or
deleting it. Worms, unlike viruses do not need the host to attach themselves
to. They merely make functional copies of themselves and do this
repeatedly till they eat up all the available space on a computer’s memory.

XVI. Logic bombs

These are event dependent programs. This implies that these programs
are created to do something only when a certain event (known as a trigger
event) occurs. E.g. even some viruses may be termed logic bombs
because they lie dormant all through the year and become active only on
a particular date (like the Chernobyl virus).

XVII. Trojan attacks

A Trojan as this program is aptly called is an unauthorized program which
functions from inside what seems to be an authorized program, thereby
concealing what it is actually doing.
 There are many simple ways of installing a Trojan in someone’s
computer. To cite an example, two friends Rahul and Mukesh (names
changed), had a heated argument over one girl, Radha (name changed)
whom they both liked. When the girl, asked to choose, chose Mukesh
over Rahul, Rahul decided to get even. On the 14th of February, he sent
Mukesh a spoofed e-card, which appeared to have come from Radha’s
mail account. The e-card actually contained a Trojan. As soon as
Mukesh opened the card, the Trojan was installed on his computer.
Rahul now had complete control over Mukesh’s computer and
proceeded to harass him thoroughly.

XVIII. Internet time theft

This connotes the usage by an unauthorized person of the Internet
hours paid for by another person. In May 2000, the economic offences
wing, IPR section crime branch of Delhi police registered its first case
involving theft of Internet hours. In this case, the accused, Mukesh
Gupta an engineer with Nicom System (p) Ltd. was sent to the residence
of the complainant to activate his Internet connection. However, the
accused used Col. Bajwa’s login name and password from various
places causing wrongful loss of 100 hours to Col. Bajwa. Delhi police
arrested the accused for theft of Internet time. On further inquiry in the
case, it was found that Krishan Kumar, son of an ex army officer,
working as senior executive in M/s Highpoint Tours & Travels had used
Col Bajwa’s login and passwords as many as 207 times from his
residence and twice from his office.

XIX. Web jacking

This occurs when someone forcefully takes control of a website (by
cracking the password and later changing it). The actual owner of the
website does not have any more control over what appears on that
website. In a recent incident reported in the USA the owner of a
hobby website for children received an e-mail informing her that a
group of hackers had gained control over her website. They
demanded a ransom of 1 million dollars from her. The owner, a
schoolteacher, did not take the threat seriously. She felt that it was
just a scare tactic and ignored the e-mail.
XX. Theft of computer system
This type of offence involves the theft of a computer, some part(s) of a
computer or a peripheral attached to the computer.

XXI. Physically damaging a computer system

This crime is committed by physically damaging a computer or its
peripherals. This is just a list of the known crimes in the cyber world.
The unknown crimes might be far ahead of these, since the lawbreakers
are always one-step ahead of lawmakers.

➢ Hacking

Hacking refers to activities that seek to compromise digital devices, such as computers,
smart phones, tablets, and even entire networks. And while hacking might not always be
for malicious purposes, nowadays most references to hacking, and hackers, characterize
it/them as unlawful activity by cybercriminals—motivated by financial gain, protest,
information gathering (spying), and even just for the “fun” of the challenge.

Many think that “hacker” refers to some self-taught whiz kid or rogue programmer skilled
at modifying computer hardware or software so it can be used in ways outside the original
developers' intent. But this is a narrow view that doesn't begin to encompass the wide
range of reasons why someone turns to hacking. (For an in-depth look at hackers, read
“Under the hoodie: why money, power, and ego drive hackers to cybercrime” by Wendy
Zamora.)

Hacking is typically technical in nature (like creating malvertising that deposits malware
in a drive-by attack requiring no user interaction). But hackers can also use psychology
to trick the user into clicking on a malicious attachment or providing personal data. These
tactics are referred to as “social engineering.”

II. Attack vectors, Cyberspace and Criminal Behavior, Clarification of Terms

➢ Attack vectors
In cyber security, an attack vector is a method or pathway used by a hacker to access or
penetrate the target system. Hackers steal information, data and money from people and
organizations by investigating known attack vectors and attempting to exploit
vulnerabilities to gain access to the desired system. Once a hacker gains access to an
organization's IT infrastructure, they can install a malicious code that allows them to
remotely control IT infrastructure, spy on the organization or steal data or other resources.

Attack vectors may be exploited by a variety of groups, from a disgruntled former

employee of your organization that wants to disrupt your business to the intelligence
service of a foreign government that wants to steal your technology. There are also many
different known attack vectors that these groups can effectively exploit to gain
unauthorized access to your IT infrastructure. IT organizations can mitigate against cyber
attacks through a number of different methods, including real-time event detection and
response capabilities that neutralize cyber attacks before they can lead to data loss.

➢ Cyberspace

Cyberspace is a domain characterized by the use of electronics and the electromagnetic

spectrum to store, modify, and exchange data via networked systems and associated
physical infrastructures. In effect, cyberspace can be thought of as the interconnection
of human beings through computers and telecommunication, without regard to physical
geography.
The word became popular in the 1990s when the uses of the Internet, networking, and
digital communication were all growing dramatically and the term "cyberspace" was able
to represent the many new ideas and phenomena that were emerging.

➢ Criminal behavior in three ways:

1. Mass Communication Technology has transformed media and popular culture into a
powerful influence on offender behavior.
2. Computer Technology has created new avenues and different opportunities for
criminal behavior.
3. Investigative Technology has altered methods used by offenders and the types of
crimes they engage in

III. Traditional Problems Associated with Computer Crime, Introduction to

Incident Response
 ➢ Traditional Problems Associated with Computer Crime
Any offence against morality, social order or any unjust or shameful act
“Offence" -in the Code of Criminal Procedure to mean as an act or omission made
punishable by any law for the time being in force.
Cyber Crime is emerging as a serious threat. World wide governments, police
departments and intelligence units have started to react.

➢ Cyber Crime Variants

I. Hacking
Hacking is a crime, which entails cracking systems and gaining unauthorized access to
the data stored in them. Hacking had witnessed a 37 per cent increase this year.
II. Cyber Squatting
Cyber Squatting is the act of registering a famous Domain Name and then selling it for a
fortune.

III. Phishing
Phishing is just one of the many frauds on the Internet, trying to fool people into parting
with their money.
Phishing refers to the receipt of unsolicited emails by customers of Financial Institutions,
requesting them to enter their Username, Password or other personal information to
access their Account for some reason.
The fraudster then has access to the customer's online bank account and to the
funds contained in that account.

IV. Cyber stalking

Cyber Stalking is use of the Internet or other electronic means to stalk someone.
This term is used interchangeably with online harassment and online abuse.
Stalking generally involves harassing or threatening behavior that an individual engages
in repeatedly, such as following a person, appearing at a person's home or place of
business, making harassing phone calls, leaving written messages or objects, or
vandalizing a person's property.

V. Vishing
Vishing is the criminal practice of using social engineering and Voice over IP (VoIP) to
gain access to private personal and financial information from the public for the purpose
of financial reward.
The term is a combination of “Voice" and phishing.
Vishing exploits the public's trust in landline telephone services.
Vishing is typically used to steal credit card numbers or other information used in identity

theft schemes from individuals .

Fig-4-1- Traditional Problems Associated with Computer Crime

➢ Incident Response
Incident response is an organized approach to addressing and managing the aftermath
of a security breach or cyberattack, also known as an IT incident,
computer incident or security incident. The goal is to handle the situation in a way that
limits damage and reduces recovery time and costs.
IV. Digital Forensics ,Computer Language, Network Language
➢ Digital Forensics

People who work with digital forensics in cyber security are on the front lines in the fight
against cybercrime. They're the people who collect, process, preserve, and analyze
computer-related evidence.

They help identify network vulnerabilities and then develop ways to mitigate them. They
go deep inside networks, computers, and smartphones in search of evidence of criminal
activity. And they run counterintelligence against hackers, criminals, and others with
nefarious intensions.And they use scientific investigatory techniques to do it.

➢ Where Digital Forensics in Cyber Security is Used

These days, anyone who uses the internet benefits from digital forensics in cyber security.
That's because any company that collects data from internet users employs people who
fight and investigate cybercrime.

Agencies and organizations have to be hyper-vigilant with the data they collect and
protect, so they are constantly testing their systems, looking for vulnerabilities and
aggressively pursuing the people who hack into networks in order to commit crimes.

Facebook, Twitter, Instagram, Homeland Security, the FBI, Target Corp., the military,
local and state law enforcement, and nearly every bank uses digital forensics in cyber
security to protect people using the internet.

➢ Computer Language

C and C++ C and C++ are critical low-level programming languages that you need to
know as a cyber security professional. These languages provide access to low-level IT
infrastructure such as RAM and system processes, which if not well protected, hackers
can easily exploit

V. Realms of the Cyber world, A Brief History of the Internet, Recognizing and
Defining Computer Crime
➢ Realms of the Cyber world
In the spring of 2007, Estonia became the first nation state in the world to fall victim to
a massive, targeted cyberattack. An enormous distributed denial of service (DDoS) attack
paralysed government and other critical websites, as well as systems such as banking
infrastructure across what was at the time one of the world’s most connected countries –
forcing the country to disconnect itself from the Internet to allow services to recover.

Since then, large-scale attacks against national interests aimed at damaging critical
infrastructure and destabilising countries have only increased. Consider, for example, the
infamous Stuxnet worm, which was detected in June 2010, targeting ‘high value’
infrastructure in Iran and was almost certainly state-sponsored. Or the US and UK issuing
a joint statement in April 2018 on malicious cyber activity, supposedly perpetrated by the
Russian government.

There are many potential consequences of large-scale, nation-state targeted

cyberattacks, ranging from disruptive to deadly. For example, what if the electricity or
water supplies to a city were cut off, even just for 36 hours? Businesses would not be
able to function; hospital patients and vulnerable people could die. A large-scale attack
on the banking system could paralyse the financial markets and cause businesses – even
economies – to fail. And attacks that disrupt transportation systems such as air-traffic
control could have obvious consequences.

Cyber warfare by one nation-state against another has become a real and present
danger. The question is – what can national Governments do to protect their citizens and
infrastructure?

➢ A Brief History of the Internet

The Internet is a global system of interconnected computer networks that use
the standardized Internet Protocol Suite (TCP/IP). It is a network of networks
that consists of millions of private and public, academic, business, and
government networks of local to global scope that are linked by copper wires,
fiber-optic cables, wireless connections, and other technologies. The Internet
carries a vast array of information resources and services, most notably the
inter-linked hypertext documents of the World Wide Web (WWW) and the
infrastructure to support electronic mail, in addition to popular services such
as online chat, file transfer and file sharing, online gaming, and Voice over
Internet Protocol (VoIP) person-to-person communication via voice and video.
The origins of the Internet dates back to the 1960s when the United States
funded research projects of its military agencies to build robust, fault-tolerant
 and distributed computer networks. This research and a period of civilian
funding of a new U.S. backbone by the National Science Foundation spawned
worldwide participation in the development of new networking technologies
and led to the commercialization of an international network in the mid 1990s,
and resulted in the following popularization of countless applications in virtually
every aspect of modern human life.

The terms Internet and World Wide Web are often used in everyday speech
without much distinction. However, the Internet and the World Wide Web are
not one and the same. The Internet is a global data communications system.
It is a hardware and software infrastructure that provides connectivity between
computers. In contrast, the Web is one of the services communicated via the
Internet. It is a collection of interconnected documents and other resources,
linked by hyperlinks and Uniform Resource Locator [URLs].The World Wide
Web was invented in 1989 by the English physicist Tim Berners-Lee, now the
Director of the World Wide Web Consortium, and later assisted by Robert
Cailliau, a Belgian computer scientist, while both were working at CERN in
Geneva, Switzerland. In 1990, they proposed building a "web of nodes" storing
"hypertext pages" viewed by "browsers" on a network and released that web
in December.

Overall Internet usage has seen tremendous growth. From 2000 to 2009,
the number of Internet users globally rose from 394 million to 1.858 billion.
By 2010, 22 percent of the world's population had access to computers
with 1 billion Google searches every day, 300 million Internet users reading
blogs, and 2 billion videos viewed daily on YouTube.

VI. Contemporary Crimes, Computers as Targets, Contaminants and

Destruction of Data, Indian ITACT 2000.
 ➢ Contemporary Crime

Crime, security and criminal justice are highly debated in contemporary societies, attracting
much political and media attention.
This module will help you discover the changing nature of crime and the workings of the
criminal justice system, by exploring up to date crime concerns through a criminological
lens. The module explores the different ways in which crime is responded to, and, as such,
you will develop a foundational knowledge of the main perspectives in criminology and how
they have been applied to certain areas. You will study issues such as cybercrime,
surveillance, punishment and prisons, rioting, the impact of the media, social control and
societal reaction to crime.

➢ Contaminants and Destruction of Data

When most people hear “data destruction,” their face registers a look of fear. The last
thing in the world that most people want is for the data on their computer or mobile device
to be destroyed. But the reality is whether you are the owner of a large, medium or small
business, there will come a day when you need to remove or replace older media, and
you need to make sure that any data
What Is Data Destruction?
When you destroy data, the goal is to make it totally unreadable regardless of the form of
electronic media on which it was originally stored. The process of data destruction also
includes ensuring that this data cannot be recovered and used for unauthorized purposes.

Destroying data means it can no longer be read by an operating system or application.

Merely deleting a file is insufficient. When you delete a file on an electronic device, you
may not be able to see it any longer, but the information is still stored on the device’s hard
drive or memory chip. Data destruction entails overwriting the current data with random
data until the current data can no longer be retrieved, or actually destroying the electronic
medium.

➢ Why Data Destruction Matters

In a day and age when companies of all sizes depend upon electronic media for their
most important business operations, all the data created by this equipment needs to be
securely protected. But at the end of its lifecycle, it also needs to be securely
destroyed. You may have important information that you are not interested in sharing with
anyone. Your company has legal requirements for data destruction, particularly if you
operate on a global scale where different countries and different regions can have
different legal requirements concerning destroying data.

It’s important for any organization to consider several important factors before they
choose how to destroy the old data.

I. Time: Is this something the company regularly does or has it stockpiled old data
storage equipment to do a large amount at once? Each of the different methods
explored below operates on a different timescale. Knowing how much time you
want to spend on data destruction can influence the choice of method.
II. Cost: Can your company afford to get rid of old equipment? Or is it interested in
reusing older electronic media for new purposes? Again, the answer to this
question will determine the type of destruction method you want to use.
III. Validation and certification: If you are destroying data because it’s a legal
requirement or a regulatory issue within your industry, make sure the method you
choose allows you to show that you have met any standards or requirements for
data destruction

➢ Indian ITACT 2000

In India, cyber laws are contained in the Information Technology Act, 2000 ("IT Act") which
came into force on October 17, 2000. The main purpose of the Act is to provide legal
recognition to electronic commerce and to facilitate filing of electronic records with the
Government.
The following Act, Rules and Regulations are covered under cyber laws:
1. Information Technology Act, 2000
2. Information Technology (Certifying Authorities) Rules, 2000
3. Information Technology (Security Procedure) Rules, 2004
4. Information Technology (Certifying Authority) Regulations, 2001