logging in or signing up An Overview of Cyber Crimes tabrezahmad Download Post to : URL : Related Presentations : Share Add to Flag Embed Email Send to Blogs and Networks Add to Channel Uploaded from authorPOINT lite Insert YouTube videos in PowerPont slides with aS Desktop Copy embed code: (To copy code, click on the text box) Embed: URL: Thumbnail: WordPress Embed Customize Embed The presentation is successfully added In Your Favorites. Views: 1582 Category: Science & Tech.. License: All Rights Reserved Like it (1) Dislike it (0) Added: June 26, 2010 This Presentation is Public Favorites: 0 Presentation Description Lectures Delivered By Dr. Tabrez Ahmad in Biju Pattnaik State Police Academy Bhubaneswar to Train DSPs to control Cybercrimes Comments Posting comment... By: nsscollegepandalam (8 month(s) ago) Pleasend me a copy of this presentation deviusha45@gmail.com Saving..... Post Reply Close Saving..... Edit Comment Close By: nagaravi (14 month(s) ago) hi am ravi i like this ppt please send me at... sriramforchange@gmail.com...... Saving..... Post Reply Close Saving..... Edit Comment Close By: agritaverma (18 month(s) ago) i like the ppt cn u send me...at agritaverma@gmail.com its urgent Saving..... Post Reply Close Saving..... Edit Comment Close By: ajay.ajay (20 month(s) ago) hi i am ajay i like this presentation wil u plz send this to my id plz my id ajay.alexander143@gmail.com thanq...... Saving..... Post Reply Close Saving..... Edit Comment Close By: jiten_nigam (20 month(s) ago) hi i m karan ...i like this presentation ..it's very helpful for me ..plz send it to my id karannigam482@gmail.com thanks... Saving..... Post Reply Close Saving..... Edit Comment Close loading.... See all Premium member Presentation Transcript Session I An Overview of Cyber Crimes : Biju Pattnaik State Police Academy Bhubaneswar By Dr. Tabrez Ahmad Associate Professor of Law www.site.technolexindia.com tabrezahmad7@gmail.com http://technolexindia.blogspot.com Session I An Overview of Cyber Crimes Slide 2: Saturday, June 26, 2010 Dr. Tabrez ahmad, www.site.technolexindia.com, http://technolexindia.blogspot.com 2 Agenda : Agenda Saturday, June 26, 2010 3 Background of Cybercrime The categories of cybercrimes Analysis of the cybercrime & Indian legal position Vicarious Liability of ISPs and Govt. Future course of action Slide 4: Digital Revolution Internet Infra in INDIA 4 IT / ITES BPO Targetted Broadband connection = 10 Mil. (2010) 4 Real-world & Virtual- world : Real-world & Virtual- world Saturday, June 26, 2010 Dr. Tabrez ahmad, www.site.technolexindia.com, http://technolexindia.blogspot.com 5 Current approaches evolved to deal with real-world crime Cybercrime occurs in a virtual-world and therefore presents different issues Example : Theft : Example : Theft Saturday, June 26, 2010 Dr. Tabrez ahmad, www.site.technolexindia.com, http://technolexindia.blogspot.com 6 Real-world theft: Possession of property shifts completely from A to B, i.e., A had it now B has it Theft in Virtual-world (Cyber-theft): Property is copied, so A “has” it and so does B Development of Cyberlaw and need of regulation : Development of Cyberlaw and need of regulation Saturday, June 26, 2010 Dr. Tabrez ahmad, www.site.technolexindia.com, http://technolexindia.blogspot.com 7 Internet for Security USA ARPANET Internet for Research Internet for e-commerce UNCITRAL Model Law 1996 I.T Act 2000 Internet for e-governance Internet regulation – serious matter after 9/11 attack on World Trade Centre US Patriot Act I.T Amendment Act 2008 What is India inc’s biggest threat? : What is India inc’s biggest threat? Saturday, June 26, 2010 Dr. Tabrez ahmad, www.site.technolexindia.com, http://technolexindia.blogspot.com 8 Cyber crime is now a bigger threat to India Inc than physical crime. In a recent survey by IBM, a greater number of companies (44%) listed cyber crime as a bigger threat to their profitability than physical crime (31%). The cost of cyber crime stems primarily from loss of revenue, loss of market capitalisation, damage to the brand, and loss of customers, in that order. About 67% local Chief Information Officers (CIOs) who took part in the survey perceived cyber crime as more costly, compared to the global benchmark of 50%. Types of Cyber crimes : Types of Cyber crimes 9 Saturday, June 26, 2010 Dr. Tabrez ahmad, www.site.technolexindia.com, http://technolexindia.blogspot.com Slide 10: Saturday, June 26, 2010 Dr. Tabrez ahmad, www.site.technolexindia.com, http://technolexindia.blogspot.com 10 Slide 11: Unauthorized access: This occurs when a user/hacker deliberately gets access into someone else’s network either to monitor or data destruction purposes For e.g. In February hackers hacked the password of CU VC Prof. Surabhi Banerjee and send the mails to different Govt. officials. Denial of service attack: It involves sending of disproportionate demands or data to the victims server beyond the limit that the server is capable to handle and hence causes the server to crash Saturday, June 26, 2010 Dr. Tabrez ahmad, www.site.technolexindia.com, http://technolexindia.blogspot.com 11 Slide 12: Saturday, June 26, 2010 Dr. Tabrez ahmad, www.site.technolexindia.com, http://technolexindia.blogspot.com 12 Virus, Worms and Trojan attacks: Viruses are basically programs that are attached to a file which then gets circulated to other files and gradually to other computers in the network. Worms unlike Viruses do not need a host for attachments they make copies of themselves and do this repeatedly hence eating up all the memory of the computer. Trojans are unauthorized programs which functions from inside what seems to be an authorized program, thereby concealing what it is actually doing. Computer Viruses : Computer Viruses Viruses A computer virus is a computer program that can infect other computer programs by modifying them in such a way as to include a (possibly evolved) copy of it. Note that a program does not have to perform outright damage (such as deleting or corrupting files) in order to be called a "virus". 13 Saturday, June 26, 2010 Dr. Tabrez ahmad, www.site.technolexindia.com, http://technolexindia.blogspot.com Slide 14: Email Bombing It refers to sending a large number of emails to the victim resulting in the victim's email account (in case of an individual) or mail servers (in case of a company or an email service provider) crashing Internet Time Thefts This connotes the usage by an unauthorized person of the Internet hours paid for by another. Saturday, June 26, 2010 Dr. Tabrez ahmad, www.site.technolexindia.com, http://technolexindia.blogspot.com 14 Slide 15: Saturday, June 26, 2010 Dr. Tabrez ahmad, www.site.technolexindia.com, http://technolexindia.blogspot.com 15 Web Jacking This occurs when someone forcefully takes control of a website (by cracking the password and later changing it). The actual owner of the website does not have any more control over what appears on that website Theft and Physical damage of computer or its peripherals This type of offence involves the theft of a computer, some parts of a computer or a peripheral attached to the computer. and physically damaging a computer or its peripherals. Attack on PM Office by Chinese hackers in December 2009 Combating cyber crimes : Combating cyber crimes Technological measures-Public key cryptography, Electronic signatures ,Firewalls, honey pots Cyber investigation- Computer forensics is the process of identifying, preserving, analyzing and presenting digital evidence in a manner that is legally acceptable in courts of law. These rules of evidence include admissibility (in courts), authenticity (relation to incident), completeness, reliability and believability. Legal framework-laws & enforcement 16 Saturday, June 26, 2010 Dr. Tabrez ahmad, www.site.technolexindia.com, http://technolexindia.blogspot.com I.T. ACT, 2000: OBJECTIVES : I.T. ACT, 2000: OBJECTIVES Saturday, June 26, 2010 Dr. Tabrez ahmad, www.site.technolexindia.com, http://technolexindia.blogspot.com 17 Different approaches for controlling, regulating and facilitating electronic communication and commerce. Aim to provide legal infrastructure for e-commerce in India. To provide legal recognition for e-transactions OBJECTIVES (Contd.) : OBJECTIVES (Contd.) Saturday, June 26, 2010 Dr. Tabrez ahmad, www.site.technolexindia.com, http://technolexindia.blogspot.com 18 Carried out by means of electronic data interchange, and Other means of electronic communication, commonly referred to as "electronic commerce", involving the use of alternatives to paper-based methods of communication and storage of information. To facilitate electronic filing of documents with the Government agencies To amend the Indian Penal Code, the Indian Evidence Act, 1872, the Banker's Book Evidence Act, 1891 and the Reserve Bank of India Act, 1934 GOVERNMENT –NSP?? : GOVERNMENT –NSP?? Saturday, June 26, 2010 Dr. Tabrez ahmad, www.site.technolexindia.com, http://technolexindia.blogspot.com 19 Governments Providing Services On The Network Governments Are Intermediaries. Sec 79 IT Act. Under The It Act, 2000, All Governments, Central And State, All Governmental Bodies Are “Network Service Providers” Section 79 : Section 79 Saturday, June 26, 2010 Dr. Tabrez ahmad, www.site.technolexindia.com, http://technolexindia.blogspot.com 20 For the removal of doubts, it is hereby declared that no person providing any service as a network service provider shall be liable under this Act, rules or regulations made thereunder for any third party information or data made available by him if he proves that the offence or contravention was committed without his knowledge or that he had exercised all due diligence to prevent the commission of such offence or contravention. Network Service Providers:When Not Liable : Network Service Providers:When Not Liable Saturday, June 26, 2010 Dr. Tabrez ahmad, www.site.technolexindia.com, http://technolexindia.blogspot.com 21 Explanation.—For the purposes of this section, — (a) "network service provider" means an intermediary; (b) "third party information" means any information dealt with by a network service provider in his capacity as an intermediary. TRANSPARENCY : TRANSPARENCY Saturday, June 26, 2010 Dr. Tabrez ahmad, www.site.technolexindia.com, http://technolexindia.blogspot.com 22 Need For Transparent E-governance Right To Information Act Government Would Now Not Be Able To Hide Records Concerning E-governance AUTHENTICATION OF ELECTRONIC RECORDS : AUTHENTICATION OF ELECTRONIC RECORDS Saturday, June 26, 2010 Dr. Tabrez ahmad, www.site.technolexindia.com, http://technolexindia.blogspot.com 23 Any subscriber may authenticate an electronic record Authentication by affixing his digital signature. Any person by the use of a public key of the subscriber can verify the electronic record LEGALITY OF ELECTRONIC SIGNATURES : LEGALITY OF ELECTRONIC SIGNATURES Saturday, June 26, 2010 Dr. Tabrez ahmad, www.site.technolexindia.com, http://technolexindia.blogspot.com 24 Legal recognition of digital signatures. Certifying Authorities for Digital Signatures. Scheme for Regulation of Certifying Authorities for Digital Signatures CONTROLLER OF CERTIFYINGAUTHORITIES : CONTROLLER OF CERTIFYINGAUTHORITIES Saturday, June 26, 2010 Dr. Tabrez ahmad, www.site.technolexindia.com, http://technolexindia.blogspot.com 25 Shall exercise supervision over the activities of Certifying Authorities Lay down standards and conditions governing Certifying Authorities Specify various forms and content of Digital Signature Certificates DIGITAL SIGNATURES & ELECTRONIC RECORDS : DIGITAL SIGNATURES & ELECTRONIC RECORDS Saturday, June 26, 2010 Dr. Tabrez ahmad, www.site.technolexindia.com, http://technolexindia.blogspot.com 26 Use of Electronic Records and Electronic Signatures in Government Agencies. Publications of rules and regulations in the Electronic Gazette. International initiatives : International initiatives Saturday, June 26, 2010 Dr. Tabrez ahmad, www.site.technolexindia.com, http://technolexindia.blogspot.com 27 Representatives from the 26 Council of Europe members, the United States, Canada, Japan and South Africa in 2001 signed a convention on cybercrime in efforts to enhance international cooperation in combating computer-based crimes. The Convention on Cybercrime, drawn up by experts of the Council of Europe, is designed to coordinate these countries' policies and laws on penalties on crimes in cyberspace, define the formula guaranteeing the efficient operation of the criminal and judicial authorities, and establish an efficient mechanism for international cooperation. In 1997, The G-8 Ministers agreed to ten "Principles to Combat High-Tech Crime" and an "Action Plan to Combat High-Tech Crime." Main objectives- Create effective cyber crime laws Handle jurisdiction issues Cooperate in international investigations Develop acceptable practices for search and seizure Establish effective public/private sector interaction Combating Cyber crime-Indian legal framework : Combating Cyber crime-Indian legal framework Saturday, June 26, 2010 Dr. Tabrez ahmad, www.site.technolexindia.com, http://technolexindia.blogspot.com 28 Information Technology Act, 2000-came into force on 17 October 2000 Extends to whole of India and also applies to any offence or contravention there under committed outside India by any person {section 1 (2)} read with Section 75- Act applies to offence or contravention committed outside India by any person irrespective of his nationality, if such act involves a computer, computer system or network located in India Section 2 (1) (a) –”Access” means gaining entry into ,instructing or communicating with the logical, arithmetic or memory function resources of a computer, computer resource or network IT Act confers legal recognition to electronic records and digital signatures (section 4,5 of the IT Act,2000) Cybercrime vs Cyber contravention : Cybercrime vs Cyber contravention The IT Act prescribes provisions for contraventions in ch IX of the Act, particularly s 43 of the Act, which covers unauthorised access, downloading, introduction of virus, denial of access and Internet time theft committed by any person. It prescribes punishment by way of damages not exceeding Rs 1 crore to the affected party. Chapter XI of the IT Act 2000 discusses the cyber crimes and offences inter alia, tampering with computer source documents (s 65), hacking (s 66), publishing of obscene information (s 67), unauthorised access to protected system (s 70), breach of confidentiality (s 72), publishing false digital signature certificate (s 73). Whereas cyber contraventions are ‘civil wrongs’ for which compensation is payable by the defaulting party, ‘cyber offences’ constitute cyber frauds and crimes which are criminal wrongs for which punishment of imprisonment and/or fine is prescribed by the Information Technology Act 2000. Saturday, June 26, 2010 29 Dr. Tabrez ahmad, www.site.technolexindia.com, http://technolexindia.blogspot.com Special and General statutes applicable to cybercrimes : Special and General statutes applicable to cybercrimes While the IT Act 2000, provides for the specific offences it has to be read with the Indian Penal Code 1860 (IPC) and the Code of Criminal Procedure 1973 (Cr PC) IT Act is a special law, most IT experts are of common consensus that it does not cover or deal specifically with every kind of cyber crime for instance, for defamatory emails reliance is placed on s 500 of IPC, for threatening e-mails, provisions of IPC applicable thereto are criminal intimidation (ch XXII), extortion (ch XVII), for e-mail spoofing, provisions of IPC relating to frauds, cheating by personation (ch XVII) and forgery (ch XVIII) are attracted. Likewise, criminal breach of trust and fraud (ss 405, 406, 408, 409) of the IPC are applicable and for false electronic evidence, s 193 of IPC applies. For cognisability and bailability, reliance is placed on Code of Criminal Procedure which also lays down the specific provisions relating to powers of police to investigate. Saturday, June 26, 2010 30 Dr. Tabrez ahmad, www.site.technolexindia.com, http://technolexindia.blogspot.com Tampering of source code : Tampering of source code According to s 65 of the IT Act- a person who intentionally conceals or destroys or alters or intentionally or knowingly causes another to conceal, destroy or alter any computer source code used for a computer, computer program, computer system or network when the computer source code is required to be maintained by law is punishable with imprisonment upto 3 years or with fine that may extend upto 2 lakh rupees or with both. Saturday, June 26, 2010 31 Dr. Tabrez ahmad, www.site.technolexindia.com, http://technolexindia.blogspot.com Hacking : Hacking Section 66 of the IT Act 2000 deals with the offence of computer hacking. In simple words, hacking is accessing of a computer system without the express or implied permission of the owner of that computer system. Examples of hacking may include unauthorised input or alteration of input, destruction or misappropriation of output, misuse of programs or alteration of computer data. Punishment for hacking is imprisonment upto 3years or fine which may extend to 2 lakh rupees or both Saturday, June 26, 2010 32 Dr. Tabrez ahmad, www.site.technolexindia.com, http://technolexindia.blogspot.com Publishing obscene information : Publishing obscene information Section 67 of the IT Act lays down punishment for the offence of publishing of obscene information in electronic form Recently, the Supreme Court in Ajay Goswami v Union of India considered the issue of obscenity on Internet and held that restriction on freedom of speech on ground of curtailing obscenity amounts to reasonable restriction under art 19(2) of the Constitution. The court observed that the test of community mores and standards has become obsolete in the Internet age. punishment on first conviction with imprisonment for a term which may extend to 5 years and with fine which may extend to 1 lakh rupees. In the event of second conviction or subsequent conviction imprisonment of description for a term which may extend to 10 years and fine which may extend to2 lakh rupees. Saturday, June 26, 2010 33 Dr. Tabrez ahmad, www.site.technolexindia.com, http://technolexindia.blogspot.com New offences defined under IT Amendment Act 2008 with effect from 27th October 2009 : New offences defined under IT Amendment Act 2008 with effect from 27th October 2009 Many cybercrimes for which no express provisions existed in the IT Act 2000 now stand included by the IT Amendment Act 2008. Sending of offensive or false messages (s 66A), receiving stolen computer resource (s 66C), identity theft (s 66C), (s 66D) cheating by personation, violation of privacy (s 66E). Barring the offence of cyber terrorism (s 66F ) punishment prescribed is generally upto three years and fine of one/two lakhs rupees has been prescribed and these offences are cognisable and bailable. This will not prove to play a deterrent factor for the cyber criminals. Further, as per new s 84B,abetment to commit an offence is made punishable with the punishment provided for the offence under the Act and the new s 84C makes attempt to commit an offence also a punishable offence with imprisonment for a term which may extend to one-half of the longest term of imprisonment provided for that offence Saturday, June 26, 2010 34 Dr. Tabrez ahmad, www.site.technolexindia.com, http://technolexindia.blogspot.com The IT Amendment Act 2008 : The IT Amendment Act 2008 In certain offences, such as hacking (s 66) punishment is enhanced from 3 years of imprisonment and fine of 2 lakhs to fine of 5 lakhs rupees. In s 67, for publishing of obscene information imprisonment term has been reduced from five years to three years (and five years for subsequent offence instead of earlier ten years) and fine has been increased from one lakh to five lakhs rupees (ten lakhs on subsequent conviction). Section 67A adds an offence of publishing material containing sexually explicit conduct punishable with imprisonment for a term that may extend to 5 years with fine upto ten lakhs rupees. Saturday, June 26, 2010 35 Dr. Tabrez ahmad, www.site.technolexindia.com, http://technolexindia.blogspot.com The IT Amendment Act 2008 : The IT Amendment Act 2008 Section 67B punishes offence of child pornography, child’s sexually explicit act or conduct with imprisonment on first conviction for a term upto 5 years and fine upto 10 lakhs rupees. Saturday, June 26, 2010 36 Dr. Tabrez ahmad, www.site.technolexindia.com, http://technolexindia.blogspot.com Section 46 IT Act : Section 46 IT Act Saturday, June 26, 2010 Dr. Tabrez ahmad, www.site.technolexindia.com, http://technolexindia.blogspot.com 37 Section 46 of the IT Act states that an adjudicating officer shall be adjudging whether a person has committed a contravention of any of the provisions of the said Act, by holding an inquiry. Principles of audi alterum partum and natural justice are enshrined in the said section which stipulates that a reasonable opportunity of making a representation shall be granted to the concerned person who is alleged to have violated the provisions of the IT Act. The said Act stipulates that the inquiry will be carried out in the manner as prescribed by the Central Government All proceedings before him are deemed to be judicial proceedings, every Adjudicating Officer has all powers conferred on civil courts Appeal to cyber Appellate Tribunal- from decision of Controller, Adjudicating Officer {section 57 IT act} Section 47, IT Act : Section 47, IT Act Saturday, June 26, 2010 Dr. Tabrez ahmad, www.site.technolexindia.com, http://technolexindia.blogspot.com 38 Section 47 of the Act lays down that while adjudging the quantum of compensation under this Act, the adjudicating officer shall have due regard to the following factors, namely- (a) the amount of gain of unfair advantage, wherever quantifiable, made as a result of the default; (b) the amount of loss caused to any person as a result of the default; (c) the repetitive nature of the default Section 65: Source Code : Section 65: Source Code Saturday, June 26, 2010 Dr. Tabrez ahmad, www.site.technolexindia.com, http://technolexindia.blogspot.com 39 Most important asset of software companies “Computer Source Code" means the listing of programmes, computer commands, design and layout Ingredients Knowledge or intention Concealment, destruction, alteration computer source code required to be kept or maintained by law Punishment imprisonment up to three years and / or fine up to Rs. 2 lakh Slide 40: Section 66: Hacking • Ingredients – Intention or Knowledge to cause wrongful loss or damage to the public or any person – Destruction, deletion, alteration, diminishing value or utility or injuriously affecting information residing in a computer resource • Punishment – imprisonment up to three years, and / or – fine up to Rs. 2 lakh • Cognizable, Non Bailable, 40 Section 66 covers data theft aswell as data alteration Saturday, June 26, 2010 Dr. Tabrez ahmad, www.site.technolexindia.com, http://technolexindia.blogspot.com 40 Slide 41: Computer Related Crimes under IPC and Special Laws 41 Saturday, June 26, 2010 Dr. Tabrez ahmad, www.site.technolexindia.com, http://technolexindia.blogspot.com 41 Case Study- BPO Data Theft : Case Study- BPO Data Theft Saturday, June 26, 2010 Dr. Tabrez ahmad, www.site.technolexindia.com, http://technolexindia.blogspot.com 42 The recently reported case of a Bank Fraud in Pune in which some ex employees of BPO arm of MPhasis Ltd MsourcE, defrauded US Customers of Citi Bank to the tune of RS 1.5 crores has raised concerns of many kinds including the role of "Data Protection". Case Study (contd.) : Case Study (contd.) Saturday, June 26, 2010 Dr. Tabrez ahmad, www.site.technolexindia.com, http://technolexindia.blogspot.com 43 The crime was obviously committed using "Unauthorized Access" to the "Electronic Account Space" of the customers. It is therefore firmly within the domain of "Cyber Crimes". ITA-2000 is versatile enough to accommodate the aspects of crime not covered by ITA-2000 but covered by other statutes since any IPC offence committed with the use of "Electronic Documents" can be considered as a crime with the use of a "Written Documents". "Cheating", "Conspiracy", "Breach of Trust" etc are therefore applicable in the above case in addition to section in ITA-2000. Under ITA-2000 the offence is recognized both under Section 66 and Section 43. Accordingly, the persons involved are liable for imprisonment and fine as well as a liability to pay damage to the victims to the maximum extent of Rs 1 crore per victim for which the "Adjudication Process" can be invoked. Case Study (contd.) : Case Study (contd.) Saturday, June 26, 2010 Dr. Tabrez ahmad, www.site.technolexindia.com, http://technolexindia.blogspot.com 44 The BPO is liable for lack of security that enabled the commission of the fraud as well as because of the vicarious responsibility for the ex-employee's involvement. The process of getting the PIN number was during the tenure of the persons as "Employees" and hence the organization is responsible for the crime. Some of the persons who have assisted others in the commission of the crime even though they may not be directly involved as beneficiaries will also be liable under Section 43 of ITA-2000. Under Section 79 and Section 85 of ITA-2000, vicarious responsibilities are indicated both for the BPO and the Bank on the grounds of "Lack of Due Diligence". At the same time, if the crime is investigated in India under ITA-2000, then the fact that the Bank was not using digital signatures for authenticating the customer instructions is a matter which would amount to gross negligence on the part of the Bank. (However, in this particular case since the victims appear to be US Citizens and the Bank itself is US based, the crime may come under the jurisdiction of the US courts and not Indian Courts). Cyber Pornography : Cyber Pornography Section 67 of IT Act Publishing, transmitting, causing to be published Porn in the electronic form Strict punishment 5 years jail (SI or RI) + 1 lakh fine 10 years jail (SI or RI) + 2 lakh fine Saturday, June 26, 2010 45 Dr. Tabrez ahmad, www.site.technolexindia.com, http://technolexindia.blogspot.com Baazee case : Baazee case 46 Baazee case : Baazee case Obscene MMS clipping listed for sale on 27th November, 2004 - “DPS Girl having fun". Some copies sold through Baazee.com Avnish Bajaj (CEO) arrested and his bail application was rejected by the trial court. Saturday, June 26, 2010 47 Dr. Tabrez ahmad, www.site.technolexindia.com, http://technolexindia.blogspot.com Points of the prosecution : Points of the prosecution The accused did not stop payment through banking channels after learning of the illegal nature of the transaction. The item description "DPS Girl having fun" should have raised an alarm. Saturday, June 26, 2010 48 Dr. Tabrez ahmad, www.site.technolexindia.com, http://technolexindia.blogspot.com Points of the defence : Points of the defence Section 67 relates to publication of obscene material and not transmission. Remedial steps were taken within 38 hours, since the intervening period was a weekend. Saturday, June 26, 2010 49 Dr. Tabrez ahmad, www.site.technolexindia.com, http://technolexindia.blogspot.com Findings of the Court : Findings of the Court It has not been established from the evidence that any publication took place by the accused, directly or indirectly. The actual obscene recording/clip could not be viewed on the portal of Baazee.com. The sale consideration was not routed through the accused. Saturday, June 26, 2010 50 Dr. Tabrez ahmad, www.site.technolexindia.com, http://technolexindia.blogspot.com Findings of the Court : Findings of the Court Prima facie Baazee.com had endeavored to plug the loophole. The accused had actively participated in the investigations. The nature of the alleged offence is such that the evidence has already crystallized and may even be tamper proof. Saturday, June 26, 2010 51 Dr. Tabrez ahmad, www.site.technolexindia.com, http://technolexindia.blogspot.com Findings of the Court : Findings of the Court Even though the accused is a foreign citizen, he is of Indian origin with family roots in India. The evidence indicates only that the obscene material may have been unwittingly offered for sale on the website. the heinous nature of the alleged crime may be attributable to some other person. Saturday, June 26, 2010 52 Dr. Tabrez ahmad, www.site.technolexindia.com, http://technolexindia.blogspot.com Court order : Court order The court granted bail to Mr. Bajaj subject to furnishing two sureties of Rs. 1 lakh each. The court ordered Mr. Bajaj to surrender his passport not to leave India without Court permission to participate and assist in the investigation. Saturday, June 26, 2010 53 Dr. Tabrez ahmad, www.site.technolexindia.com, http://technolexindia.blogspot.com State of Tamil Nadu Vs Suhas Katti : State of Tamil Nadu Vs Suhas Katti This Case is notable for the fact that the conviction was achieved successfully within a relatively quick time of 7 months from the filing of the FIR . The case related to posting of obscene, defamatory and annoying message about a divorcee woman in the yahoo message group. Additional Chief Metropolitan Magistrate, delivered the judgment on 5-11-04 as follows: “The accused is found guilty of offences under section 469, 509 IPC and 67 of IT Act 2000 and the accused is convicted and is sentenced for the offence to undergo RI for 2 years under 469 IPC and to pay fine of Rs.500/- and for the offence u/s 509 IPC sentenced to undergo 1 year Simple imprisonment and to pay fine of Rs.500/- and for the offence u/s 67 of IT Act 2000 to undergo RI for 2 years and to pay fine of Rs.4000/- All sentences to run concurrently.” This is considered the first case convicted under section 67 of Information Technology Act 2000 in India Saturday, June 26, 2010 54 Dr. Tabrez ahmad, www.site.technolexindia.com, http://technolexindia.blogspot.com Slide 55: Saturday, June 26, 2010 Dr. Tabrez ahmad, www.site.technolexindia.com, http://technolexindia.blogspot.com 55 Recently, the Supreme Court in Ajay Goswami v Union of India considered the issue of obscenity on Internet and held that restriction on freedom of speech on ground of curtailing obscenity amounts to reasonable restriction under art 19(2) of the Constitution. The court observed that the test of community mores and standards has become obsolete in the Internet age. Punishment on first conviction with imprisonment for a term which may extend to 5 years and with fine which may extend to 1 lakh rupees. In the event of second conviction or subsequent conviction imprisonment of description for a term which may extend to 10 years and fine which may extend to2 lakh rupees. Protected Systems : Protected Systems Saturday, June 26, 2010 56 Dr. Tabrez ahmad, www.site.technolexindia.com, http://technolexindia.blogspot.com Protected Systems : Protected Systems Gazette notification for declaring protected system. Government order authorizing persons to access protected systems. 10 years jail for accessing or attempting to access protected systems. Saturday, June 26, 2010 57 Dr. Tabrez ahmad, www.site.technolexindia.com, http://technolexindia.blogspot.com Firos vs. State of Kerala : Firos vs. State of Kerala Govt of Kerala declared the FRIENDS application software as a protected system. The author of the application software challenged the notification and the constitutional validity of section 70. The Court upheld the validity of both Saturday, June 26, 2010 58 Dr. Tabrez ahmad, www.site.technolexindia.com, http://technolexindia.blogspot.com Tampering with source code : Tampering with source code Saturday, June 26, 2010 59 Dr. Tabrez ahmad, www.site.technolexindia.com, http://technolexindia.blogspot.com Tampering with source code : Tampering with source code Computer source code need not only be in the electronic form. It can be printed on paper (e.g. printouts of flowcharts for designing a software application). Saturday, June 26, 2010 60 Dr. Tabrez ahmad, www.site.technolexindia.com, http://technolexindia.blogspot.com Tampering with source code : Tampering with source code Following are punishable with 3 years jail and / or 2 lakh fine: Concealing Altering Destroying Saturday, June 26, 2010 61 Dr. Tabrez ahmad, www.site.technolexindia.com, http://technolexindia.blogspot.com Syed Asifuddin case : Syed Asifuddin case Tata Indicom employees were arrested for manipulation of the electronic 32-bit number (ESN) programmed into cell phones that were exclusively franchised to Reliance Infocomm. The court held that such manipulation amounted to tampering with computer source code as envisaged by section 65. Saturday, June 26, 2010 62 Dr. Tabrez ahmad, www.site.technolexindia.com, http://technolexindia.blogspot.com Parliament attack case : Parliament attack case Several terrorists attacked Parliament House on 13-Dec-01 Digital evidence played an important role during their prosecution. The accused had argued that computers and digital evidence can easily be tampered and hence should not be relied upon. Saturday, June 26, 2010 63 Dr. Tabrez ahmad, www.site.technolexindia.com, http://technolexindia.blogspot.com Parliament attack case : Parliament attack case A laptop, several smart media storage disks and devices were recovered from a truck intercepted at Srinagar pursuant to information given by two of the suspects. These articles were deposited in the police “malkhana” on 16-Dec-01 but some files were written onto the laptop on 21-Dec-01. Saturday, June 26, 2010 64 Dr. Tabrez ahmad, www.site.technolexindia.com, http://technolexindia.blogspot.com Parliament attack case : Parliament attack case Evidence found on the laptop included: fake identity cards, video files containing clippings of political leaders with Parliament in background shot from TV news channels, scanned images of front and rear of a genuine identity card, Saturday, June 26, 2010 65 Dr. Tabrez ahmad, www.site.technolexindia.com, http://technolexindia.blogspot.com Parliament attack case : Parliament attack case image file of design of Ministry of Home Affairs car sticker, the game 'wolf pack' with the user name 'Ashiq'. Ashiq was the name in one of the fake identity cards used by the terrorists. Saturday, June 26, 2010 66 Dr. Tabrez ahmad, www.site.technolexindia.com, http://technolexindia.blogspot.com The Information Technology (Amendment) Act, 2008 has come into force on 27th October, 2009. : The Information Technology (Amendment) Act, 2008 has come into force on 27th October, 2009. Saturday, June 26, 2010 Dr. Tabrez ahmad, www.site.technolexindia.com, http://technolexindia.blogspot.com 67 Almost Nine years and 10 days after the birth of cyber laws in India, the new improved cyber law regime in India has become a reality. The Information Technology Act initially came into force on 17th October 2000 on the model UNCITRAL of UNO 1996. Major changes to the IT Act 2000 have now come into force with effect from 27th October 2009. There are around 17 changes and out of that most of the changes relate to cyber crimes. The last decade has seen a spurt in crimes like cyber stalking and voyeurism, cyber pornography, email frauds, phishing and crimes through social networking. All these and more are severely dealt with under the new laws. Some of the major modifications are: : Some of the major modifications are: Saturday, June 26, 2010 Dr. Tabrez ahmad, www.site.technolexindia.com, http://technolexindia.blogspot.com 68 1. A special liability has been imposed on call centers, BPOs, banks and others who hold or handle sensitive personal data. If they are negligent in "implementing and maintaining reasonable security practices and procedures", they will be liable to pay compensation. It may be recalled that India's first major BPO related scam was the multi crore MphasiS-Citibank funds siphoning case in 2005. Under the new law, in such cases, the BPOs and call centers could also be made liable if they have not implemented proper security measures. 2. Compensation on cyber crimes like spreading viruses, copying data, unauthorised access, denial of service etc is not restricted to Rs 1 crore anymore. The Adjudicating Officers will have jurisdiction for cases where the claim is upto Rs. 5 crore. Above that the case will need to be filed before the civil courts. Slide 69: Saturday, June 26, 2010 Dr. Tabrez ahmad, www.site.technolexindia.com, http://technolexindia.blogspot.com 69 3.The offence of cyber terrorism has been specially included in the law. A cyber terrorist can be punished with life imprisonment. 4. Sending threatening emails and sms are punishable with jail upto 3 years. 5. Publishing sexually explicit acts in the electronic form is punishable with jail upto 3 years. This would apply to cases like the Delhi MMS scandal where a video of a young couple having sex was spread through cell phones around the country. Slide 70: Saturday, June 26, 2010 Dr. Tabrez ahmad, www.site.technolexindia.com, http://technolexindia.blogspot.com 70 6.Voyeurism is now specifically covered. Acts like hiding cameras in changing rooms, hotel rooms etc is punishable with jail upto 3 years. This would apply to cases like the infamous Pune spycam incident where a 58-year old man was arrested for installing spy cameras in his house to 'snoop' on his young lady tenants. 7. Cyber crime cases can now be investigated by Inspector rank police officers. Earlier such offences could not be investigated by an officer below the rank of a deputy superintendent of police. 8. Collecting, browsing, downloading etc of child pornography is punishable with jail upto 5 years for the first conviction. For a subsequent conviction, the jail term can extend to 7 years. A fine of upto Rs 10 lakh can also be levied. Slide 71: Saturday, June 26, 2010 Dr. Tabrez ahmad, www.site.technolexindia.com, http://technolexindia.blogspot.com 71 9. The punishment for spreading obscene material by email, websites, sms has been reduced from 5 years jail to 3 years jail. This covers acts like sending 'dirty' jokes and pictures by email or sms. 10. Refusing to hand over passwords to an authorized official could land a person in prison for upto 7 years. 11. Hacking into a Government computer or website, or even trying to do so in punishable with imprisonment upto 10 years. 12. Rules pertaining to section 52 (Salary, Allowances and Other Terms and Conditions of Service of Chairperson and Members), Slide 72: Saturday, June 26, 2010 Dr. Tabrez ahmad, www.site.technolexindia.com, http://technolexindia.blogspot.com 72 13. Rules pertaining to section 69 (Procedure and Safeguards for Interception, Monitoring and Decryption of Information), 14. Rules pertaining to section 69A (Procedure and Safeguards for Blocking for Access of Information by Public), 15. Rules pertaining to section 69B (Procedure and safeguard for Monitoring and Collecting Traffic Data or Information) and 16. Notification under section 70B for appointment of the Indian Computer Emergency Response Team. 17. Rules Rules pertaining to section 54 (Procedure for Investigation of Misbehaviour or Incapacity of Chairperson and Members), Do you have any question? : Do you have any question? Slide 74: Saturday, June 26, 2010 Dr. Tabrez ahmad, www.site.technolexindia.com, http://technolexindia.blogspot.com 74 Thanks You do not have the permission to view this presentation. In order to view it, please contact the author of the presentation.
An Overview of Cyber Crimes tabrezahmad Download Post to : URL : Related Presentations : Share Add to Flag Embed Email Send to Blogs and Networks Add to Channel Uploaded from authorPOINT lite Insert YouTube videos in PowerPont slides with aS Desktop Copy embed code: (To copy code, click on the text box) Embed: URL: Thumbnail: WordPress Embed Customize Embed The presentation is successfully added In Your Favorites. Views: 1582 Category: Science & Tech.. License: All Rights Reserved Like it (1) Dislike it (0) Added: June 26, 2010 This Presentation is Public Favorites: 0 Presentation Description Lectures Delivered By Dr. Tabrez Ahmad in Biju Pattnaik State Police Academy Bhubaneswar to Train DSPs to control Cybercrimes Comments Posting comment... By: nsscollegepandalam (8 month(s) ago) Pleasend me a copy of this presentation deviusha45@gmail.com Saving..... Post Reply Close Saving..... Edit Comment Close By: nagaravi (14 month(s) ago) hi am ravi i like this ppt please send me at... sriramforchange@gmail.com...... Saving..... Post Reply Close Saving..... Edit Comment Close By: agritaverma (18 month(s) ago) i like the ppt cn u send me...at agritaverma@gmail.com its urgent Saving..... Post Reply Close Saving..... Edit Comment Close By: ajay.ajay (20 month(s) ago) hi i am ajay i like this presentation wil u plz send this to my id plz my id ajay.alexander143@gmail.com thanq...... Saving..... Post Reply Close Saving..... Edit Comment Close By: jiten_nigam (20 month(s) ago) hi i m karan ...i like this presentation ..it's very helpful for me ..plz send it to my id karannigam482@gmail.com thanks... Saving..... Post Reply Close Saving..... Edit Comment Close loading.... See all Premium member Presentation Transcript Session I An Overview of Cyber Crimes : Biju Pattnaik State Police Academy Bhubaneswar By Dr. Tabrez Ahmad Associate Professor of Law www.site.technolexindia.com tabrezahmad7@gmail.com http://technolexindia.blogspot.com Session I An Overview of Cyber Crimes Slide 2: Saturday, June 26, 2010 Dr. Tabrez ahmad, www.site.technolexindia.com, http://technolexindia.blogspot.com 2 Agenda : Agenda Saturday, June 26, 2010 3 Background of Cybercrime The categories of cybercrimes Analysis of the cybercrime & Indian legal position Vicarious Liability of ISPs and Govt. Future course of action Slide 4: Digital Revolution Internet Infra in INDIA 4 IT / ITES BPO Targetted Broadband connection = 10 Mil. (2010) 4 Real-world & Virtual- world : Real-world & Virtual- world Saturday, June 26, 2010 Dr. Tabrez ahmad, www.site.technolexindia.com, http://technolexindia.blogspot.com 5 Current approaches evolved to deal with real-world crime Cybercrime occurs in a virtual-world and therefore presents different issues Example : Theft : Example : Theft Saturday, June 26, 2010 Dr. Tabrez ahmad, www.site.technolexindia.com, http://technolexindia.blogspot.com 6 Real-world theft: Possession of property shifts completely from A to B, i.e., A had it now B has it Theft in Virtual-world (Cyber-theft): Property is copied, so A “has” it and so does B Development of Cyberlaw and need of regulation : Development of Cyberlaw and need of regulation Saturday, June 26, 2010 Dr. Tabrez ahmad, www.site.technolexindia.com, http://technolexindia.blogspot.com 7 Internet for Security USA ARPANET Internet for Research Internet for e-commerce UNCITRAL Model Law 1996 I.T Act 2000 Internet for e-governance Internet regulation – serious matter after 9/11 attack on World Trade Centre US Patriot Act I.T Amendment Act 2008 What is India inc’s biggest threat? : What is India inc’s biggest threat? Saturday, June 26, 2010 Dr. Tabrez ahmad, www.site.technolexindia.com, http://technolexindia.blogspot.com 8 Cyber crime is now a bigger threat to India Inc than physical crime. In a recent survey by IBM, a greater number of companies (44%) listed cyber crime as a bigger threat to their profitability than physical crime (31%). The cost of cyber crime stems primarily from loss of revenue, loss of market capitalisation, damage to the brand, and loss of customers, in that order. About 67% local Chief Information Officers (CIOs) who took part in the survey perceived cyber crime as more costly, compared to the global benchmark of 50%. Types of Cyber crimes : Types of Cyber crimes 9 Saturday, June 26, 2010 Dr. Tabrez ahmad, www.site.technolexindia.com, http://technolexindia.blogspot.com Slide 10: Saturday, June 26, 2010 Dr. Tabrez ahmad, www.site.technolexindia.com, http://technolexindia.blogspot.com 10 Slide 11: Unauthorized access: This occurs when a user/hacker deliberately gets access into someone else’s network either to monitor or data destruction purposes For e.g. In February hackers hacked the password of CU VC Prof. Surabhi Banerjee and send the mails to different Govt. officials. Denial of service attack: It involves sending of disproportionate demands or data to the victims server beyond the limit that the server is capable to handle and hence causes the server to crash Saturday, June 26, 2010 Dr. Tabrez ahmad, www.site.technolexindia.com, http://technolexindia.blogspot.com 11 Slide 12: Saturday, June 26, 2010 Dr. Tabrez ahmad, www.site.technolexindia.com, http://technolexindia.blogspot.com 12 Virus, Worms and Trojan attacks: Viruses are basically programs that are attached to a file which then gets circulated to other files and gradually to other computers in the network. Worms unlike Viruses do not need a host for attachments they make copies of themselves and do this repeatedly hence eating up all the memory of the computer. Trojans are unauthorized programs which functions from inside what seems to be an authorized program, thereby concealing what it is actually doing. Computer Viruses : Computer Viruses Viruses A computer virus is a computer program that can infect other computer programs by modifying them in such a way as to include a (possibly evolved) copy of it. Note that a program does not have to perform outright damage (such as deleting or corrupting files) in order to be called a "virus". 13 Saturday, June 26, 2010 Dr. Tabrez ahmad, www.site.technolexindia.com, http://technolexindia.blogspot.com Slide 14: Email Bombing It refers to sending a large number of emails to the victim resulting in the victim's email account (in case of an individual) or mail servers (in case of a company or an email service provider) crashing Internet Time Thefts This connotes the usage by an unauthorized person of the Internet hours paid for by another. Saturday, June 26, 2010 Dr. Tabrez ahmad, www.site.technolexindia.com, http://technolexindia.blogspot.com 14 Slide 15: Saturday, June 26, 2010 Dr. Tabrez ahmad, www.site.technolexindia.com, http://technolexindia.blogspot.com 15 Web Jacking This occurs when someone forcefully takes control of a website (by cracking the password and later changing it). The actual owner of the website does not have any more control over what appears on that website Theft and Physical damage of computer or its peripherals This type of offence involves the theft of a computer, some parts of a computer or a peripheral attached to the computer. and physically damaging a computer or its peripherals. Attack on PM Office by Chinese hackers in December 2009 Combating cyber crimes : Combating cyber crimes Technological measures-Public key cryptography, Electronic signatures ,Firewalls, honey pots Cyber investigation- Computer forensics is the process of identifying, preserving, analyzing and presenting digital evidence in a manner that is legally acceptable in courts of law. These rules of evidence include admissibility (in courts), authenticity (relation to incident), completeness, reliability and believability. Legal framework-laws & enforcement 16 Saturday, June 26, 2010 Dr. Tabrez ahmad, www.site.technolexindia.com, http://technolexindia.blogspot.com I.T. ACT, 2000: OBJECTIVES : I.T. ACT, 2000: OBJECTIVES Saturday, June 26, 2010 Dr. Tabrez ahmad, www.site.technolexindia.com, http://technolexindia.blogspot.com 17 Different approaches for controlling, regulating and facilitating electronic communication and commerce. Aim to provide legal infrastructure for e-commerce in India. To provide legal recognition for e-transactions OBJECTIVES (Contd.) : OBJECTIVES (Contd.) Saturday, June 26, 2010 Dr. Tabrez ahmad, www.site.technolexindia.com, http://technolexindia.blogspot.com 18 Carried out by means of electronic data interchange, and Other means of electronic communication, commonly referred to as "electronic commerce", involving the use of alternatives to paper-based methods of communication and storage of information. To facilitate electronic filing of documents with the Government agencies To amend the Indian Penal Code, the Indian Evidence Act, 1872, the Banker's Book Evidence Act, 1891 and the Reserve Bank of India Act, 1934 GOVERNMENT –NSP?? : GOVERNMENT –NSP?? Saturday, June 26, 2010 Dr. Tabrez ahmad, www.site.technolexindia.com, http://technolexindia.blogspot.com 19 Governments Providing Services On The Network Governments Are Intermediaries. Sec 79 IT Act. Under The It Act, 2000, All Governments, Central And State, All Governmental Bodies Are “Network Service Providers” Section 79 : Section 79 Saturday, June 26, 2010 Dr. Tabrez ahmad, www.site.technolexindia.com, http://technolexindia.blogspot.com 20 For the removal of doubts, it is hereby declared that no person providing any service as a network service provider shall be liable under this Act, rules or regulations made thereunder for any third party information or data made available by him if he proves that the offence or contravention was committed without his knowledge or that he had exercised all due diligence to prevent the commission of such offence or contravention. Network Service Providers:When Not Liable : Network Service Providers:When Not Liable Saturday, June 26, 2010 Dr. Tabrez ahmad, www.site.technolexindia.com, http://technolexindia.blogspot.com 21 Explanation.—For the purposes of this section, — (a) "network service provider" means an intermediary; (b) "third party information" means any information dealt with by a network service provider in his capacity as an intermediary. TRANSPARENCY : TRANSPARENCY Saturday, June 26, 2010 Dr. Tabrez ahmad, www.site.technolexindia.com, http://technolexindia.blogspot.com 22 Need For Transparent E-governance Right To Information Act Government Would Now Not Be Able To Hide Records Concerning E-governance AUTHENTICATION OF ELECTRONIC RECORDS : AUTHENTICATION OF ELECTRONIC RECORDS Saturday, June 26, 2010 Dr. Tabrez ahmad, www.site.technolexindia.com, http://technolexindia.blogspot.com 23 Any subscriber may authenticate an electronic record Authentication by affixing his digital signature. Any person by the use of a public key of the subscriber can verify the electronic record LEGALITY OF ELECTRONIC SIGNATURES : LEGALITY OF ELECTRONIC SIGNATURES Saturday, June 26, 2010 Dr. Tabrez ahmad, www.site.technolexindia.com, http://technolexindia.blogspot.com 24 Legal recognition of digital signatures. Certifying Authorities for Digital Signatures. Scheme for Regulation of Certifying Authorities for Digital Signatures CONTROLLER OF CERTIFYINGAUTHORITIES : CONTROLLER OF CERTIFYINGAUTHORITIES Saturday, June 26, 2010 Dr. Tabrez ahmad, www.site.technolexindia.com, http://technolexindia.blogspot.com 25 Shall exercise supervision over the activities of Certifying Authorities Lay down standards and conditions governing Certifying Authorities Specify various forms and content of Digital Signature Certificates DIGITAL SIGNATURES & ELECTRONIC RECORDS : DIGITAL SIGNATURES & ELECTRONIC RECORDS Saturday, June 26, 2010 Dr. Tabrez ahmad, www.site.technolexindia.com, http://technolexindia.blogspot.com 26 Use of Electronic Records and Electronic Signatures in Government Agencies. Publications of rules and regulations in the Electronic Gazette. International initiatives : International initiatives Saturday, June 26, 2010 Dr. Tabrez ahmad, www.site.technolexindia.com, http://technolexindia.blogspot.com 27 Representatives from the 26 Council of Europe members, the United States, Canada, Japan and South Africa in 2001 signed a convention on cybercrime in efforts to enhance international cooperation in combating computer-based crimes. The Convention on Cybercrime, drawn up by experts of the Council of Europe, is designed to coordinate these countries' policies and laws on penalties on crimes in cyberspace, define the formula guaranteeing the efficient operation of the criminal and judicial authorities, and establish an efficient mechanism for international cooperation. In 1997, The G-8 Ministers agreed to ten "Principles to Combat High-Tech Crime" and an "Action Plan to Combat High-Tech Crime." Main objectives- Create effective cyber crime laws Handle jurisdiction issues Cooperate in international investigations Develop acceptable practices for search and seizure Establish effective public/private sector interaction Combating Cyber crime-Indian legal framework : Combating Cyber crime-Indian legal framework Saturday, June 26, 2010 Dr. Tabrez ahmad, www.site.technolexindia.com, http://technolexindia.blogspot.com 28 Information Technology Act, 2000-came into force on 17 October 2000 Extends to whole of India and also applies to any offence or contravention there under committed outside India by any person {section 1 (2)} read with Section 75- Act applies to offence or contravention committed outside India by any person irrespective of his nationality, if such act involves a computer, computer system or network located in India Section 2 (1) (a) –”Access” means gaining entry into ,instructing or communicating with the logical, arithmetic or memory function resources of a computer, computer resource or network IT Act confers legal recognition to electronic records and digital signatures (section 4,5 of the IT Act,2000) Cybercrime vs Cyber contravention : Cybercrime vs Cyber contravention The IT Act prescribes provisions for contraventions in ch IX of the Act, particularly s 43 of the Act, which covers unauthorised access, downloading, introduction of virus, denial of access and Internet time theft committed by any person. It prescribes punishment by way of damages not exceeding Rs 1 crore to the affected party. Chapter XI of the IT Act 2000 discusses the cyber crimes and offences inter alia, tampering with computer source documents (s 65), hacking (s 66), publishing of obscene information (s 67), unauthorised access to protected system (s 70), breach of confidentiality (s 72), publishing false digital signature certificate (s 73). Whereas cyber contraventions are ‘civil wrongs’ for which compensation is payable by the defaulting party, ‘cyber offences’ constitute cyber frauds and crimes which are criminal wrongs for which punishment of imprisonment and/or fine is prescribed by the Information Technology Act 2000. Saturday, June 26, 2010 29 Dr. Tabrez ahmad, www.site.technolexindia.com, http://technolexindia.blogspot.com Special and General statutes applicable to cybercrimes : Special and General statutes applicable to cybercrimes While the IT Act 2000, provides for the specific offences it has to be read with the Indian Penal Code 1860 (IPC) and the Code of Criminal Procedure 1973 (Cr PC) IT Act is a special law, most IT experts are of common consensus that it does not cover or deal specifically with every kind of cyber crime for instance, for defamatory emails reliance is placed on s 500 of IPC, for threatening e-mails, provisions of IPC applicable thereto are criminal intimidation (ch XXII), extortion (ch XVII), for e-mail spoofing, provisions of IPC relating to frauds, cheating by personation (ch XVII) and forgery (ch XVIII) are attracted. Likewise, criminal breach of trust and fraud (ss 405, 406, 408, 409) of the IPC are applicable and for false electronic evidence, s 193 of IPC applies. For cognisability and bailability, reliance is placed on Code of Criminal Procedure which also lays down the specific provisions relating to powers of police to investigate. Saturday, June 26, 2010 30 Dr. Tabrez ahmad, www.site.technolexindia.com, http://technolexindia.blogspot.com Tampering of source code : Tampering of source code According to s 65 of the IT Act- a person who intentionally conceals or destroys or alters or intentionally or knowingly causes another to conceal, destroy or alter any computer source code used for a computer, computer program, computer system or network when the computer source code is required to be maintained by law is punishable with imprisonment upto 3 years or with fine that may extend upto 2 lakh rupees or with both. Saturday, June 26, 2010 31 Dr. Tabrez ahmad, www.site.technolexindia.com, http://technolexindia.blogspot.com Hacking : Hacking Section 66 of the IT Act 2000 deals with the offence of computer hacking. In simple words, hacking is accessing of a computer system without the express or implied permission of the owner of that computer system. Examples of hacking may include unauthorised input or alteration of input, destruction or misappropriation of output, misuse of programs or alteration of computer data. Punishment for hacking is imprisonment upto 3years or fine which may extend to 2 lakh rupees or both Saturday, June 26, 2010 32 Dr. Tabrez ahmad, www.site.technolexindia.com, http://technolexindia.blogspot.com Publishing obscene information : Publishing obscene information Section 67 of the IT Act lays down punishment for the offence of publishing of obscene information in electronic form Recently, the Supreme Court in Ajay Goswami v Union of India considered the issue of obscenity on Internet and held that restriction on freedom of speech on ground of curtailing obscenity amounts to reasonable restriction under art 19(2) of the Constitution. The court observed that the test of community mores and standards has become obsolete in the Internet age. punishment on first conviction with imprisonment for a term which may extend to 5 years and with fine which may extend to 1 lakh rupees. In the event of second conviction or subsequent conviction imprisonment of description for a term which may extend to 10 years and fine which may extend to2 lakh rupees. Saturday, June 26, 2010 33 Dr. Tabrez ahmad, www.site.technolexindia.com, http://technolexindia.blogspot.com New offences defined under IT Amendment Act 2008 with effect from 27th October 2009 : New offences defined under IT Amendment Act 2008 with effect from 27th October 2009 Many cybercrimes for which no express provisions existed in the IT Act 2000 now stand included by the IT Amendment Act 2008. Sending of offensive or false messages (s 66A), receiving stolen computer resource (s 66C), identity theft (s 66C), (s 66D) cheating by personation, violation of privacy (s 66E). Barring the offence of cyber terrorism (s 66F ) punishment prescribed is generally upto three years and fine of one/two lakhs rupees has been prescribed and these offences are cognisable and bailable. This will not prove to play a deterrent factor for the cyber criminals. Further, as per new s 84B,abetment to commit an offence is made punishable with the punishment provided for the offence under the Act and the new s 84C makes attempt to commit an offence also a punishable offence with imprisonment for a term which may extend to one-half of the longest term of imprisonment provided for that offence Saturday, June 26, 2010 34 Dr. Tabrez ahmad, www.site.technolexindia.com, http://technolexindia.blogspot.com The IT Amendment Act 2008 : The IT Amendment Act 2008 In certain offences, such as hacking (s 66) punishment is enhanced from 3 years of imprisonment and fine of 2 lakhs to fine of 5 lakhs rupees. In s 67, for publishing of obscene information imprisonment term has been reduced from five years to three years (and five years for subsequent offence instead of earlier ten years) and fine has been increased from one lakh to five lakhs rupees (ten lakhs on subsequent conviction). Section 67A adds an offence of publishing material containing sexually explicit conduct punishable with imprisonment for a term that may extend to 5 years with fine upto ten lakhs rupees. Saturday, June 26, 2010 35 Dr. Tabrez ahmad, www.site.technolexindia.com, http://technolexindia.blogspot.com The IT Amendment Act 2008 : The IT Amendment Act 2008 Section 67B punishes offence of child pornography, child’s sexually explicit act or conduct with imprisonment on first conviction for a term upto 5 years and fine upto 10 lakhs rupees. Saturday, June 26, 2010 36 Dr. Tabrez ahmad, www.site.technolexindia.com, http://technolexindia.blogspot.com Section 46 IT Act : Section 46 IT Act Saturday, June 26, 2010 Dr. Tabrez ahmad, www.site.technolexindia.com, http://technolexindia.blogspot.com 37 Section 46 of the IT Act states that an adjudicating officer shall be adjudging whether a person has committed a contravention of any of the provisions of the said Act, by holding an inquiry. Principles of audi alterum partum and natural justice are enshrined in the said section which stipulates that a reasonable opportunity of making a representation shall be granted to the concerned person who is alleged to have violated the provisions of the IT Act. The said Act stipulates that the inquiry will be carried out in the manner as prescribed by the Central Government All proceedings before him are deemed to be judicial proceedings, every Adjudicating Officer has all powers conferred on civil courts Appeal to cyber Appellate Tribunal- from decision of Controller, Adjudicating Officer {section 57 IT act} Section 47, IT Act : Section 47, IT Act Saturday, June 26, 2010 Dr. Tabrez ahmad, www.site.technolexindia.com, http://technolexindia.blogspot.com 38 Section 47 of the Act lays down that while adjudging the quantum of compensation under this Act, the adjudicating officer shall have due regard to the following factors, namely- (a) the amount of gain of unfair advantage, wherever quantifiable, made as a result of the default; (b) the amount of loss caused to any person as a result of the default; (c) the repetitive nature of the default Section 65: Source Code : Section 65: Source Code Saturday, June 26, 2010 Dr. Tabrez ahmad, www.site.technolexindia.com, http://technolexindia.blogspot.com 39 Most important asset of software companies “Computer Source Code" means the listing of programmes, computer commands, design and layout Ingredients Knowledge or intention Concealment, destruction, alteration computer source code required to be kept or maintained by law Punishment imprisonment up to three years and / or fine up to Rs. 2 lakh Slide 40: Section 66: Hacking • Ingredients – Intention or Knowledge to cause wrongful loss or damage to the public or any person – Destruction, deletion, alteration, diminishing value or utility or injuriously affecting information residing in a computer resource • Punishment – imprisonment up to three years, and / or – fine up to Rs. 2 lakh • Cognizable, Non Bailable, 40 Section 66 covers data theft aswell as data alteration Saturday, June 26, 2010 Dr. Tabrez ahmad, www.site.technolexindia.com, http://technolexindia.blogspot.com 40 Slide 41: Computer Related Crimes under IPC and Special Laws 41 Saturday, June 26, 2010 Dr. Tabrez ahmad, www.site.technolexindia.com, http://technolexindia.blogspot.com 41 Case Study- BPO Data Theft : Case Study- BPO Data Theft Saturday, June 26, 2010 Dr. Tabrez ahmad, www.site.technolexindia.com, http://technolexindia.blogspot.com 42 The recently reported case of a Bank Fraud in Pune in which some ex employees of BPO arm of MPhasis Ltd MsourcE, defrauded US Customers of Citi Bank to the tune of RS 1.5 crores has raised concerns of many kinds including the role of "Data Protection". Case Study (contd.) : Case Study (contd.) Saturday, June 26, 2010 Dr. Tabrez ahmad, www.site.technolexindia.com, http://technolexindia.blogspot.com 43 The crime was obviously committed using "Unauthorized Access" to the "Electronic Account Space" of the customers. It is therefore firmly within the domain of "Cyber Crimes". ITA-2000 is versatile enough to accommodate the aspects of crime not covered by ITA-2000 but covered by other statutes since any IPC offence committed with the use of "Electronic Documents" can be considered as a crime with the use of a "Written Documents". "Cheating", "Conspiracy", "Breach of Trust" etc are therefore applicable in the above case in addition to section in ITA-2000. Under ITA-2000 the offence is recognized both under Section 66 and Section 43. Accordingly, the persons involved are liable for imprisonment and fine as well as a liability to pay damage to the victims to the maximum extent of Rs 1 crore per victim for which the "Adjudication Process" can be invoked. Case Study (contd.) : Case Study (contd.) Saturday, June 26, 2010 Dr. Tabrez ahmad, www.site.technolexindia.com, http://technolexindia.blogspot.com 44 The BPO is liable for lack of security that enabled the commission of the fraud as well as because of the vicarious responsibility for the ex-employee's involvement. The process of getting the PIN number was during the tenure of the persons as "Employees" and hence the organization is responsible for the crime. Some of the persons who have assisted others in the commission of the crime even though they may not be directly involved as beneficiaries will also be liable under Section 43 of ITA-2000. Under Section 79 and Section 85 of ITA-2000, vicarious responsibilities are indicated both for the BPO and the Bank on the grounds of "Lack of Due Diligence". At the same time, if the crime is investigated in India under ITA-2000, then the fact that the Bank was not using digital signatures for authenticating the customer instructions is a matter which would amount to gross negligence on the part of the Bank. (However, in this particular case since the victims appear to be US Citizens and the Bank itself is US based, the crime may come under the jurisdiction of the US courts and not Indian Courts). Cyber Pornography : Cyber Pornography Section 67 of IT Act Publishing, transmitting, causing to be published Porn in the electronic form Strict punishment 5 years jail (SI or RI) + 1 lakh fine 10 years jail (SI or RI) + 2 lakh fine Saturday, June 26, 2010 45 Dr. Tabrez ahmad, www.site.technolexindia.com, http://technolexindia.blogspot.com Baazee case : Baazee case 46 Baazee case : Baazee case Obscene MMS clipping listed for sale on 27th November, 2004 - “DPS Girl having fun". Some copies sold through Baazee.com Avnish Bajaj (CEO) arrested and his bail application was rejected by the trial court. Saturday, June 26, 2010 47 Dr. Tabrez ahmad, www.site.technolexindia.com, http://technolexindia.blogspot.com Points of the prosecution : Points of the prosecution The accused did not stop payment through banking channels after learning of the illegal nature of the transaction. The item description "DPS Girl having fun" should have raised an alarm. Saturday, June 26, 2010 48 Dr. Tabrez ahmad, www.site.technolexindia.com, http://technolexindia.blogspot.com Points of the defence : Points of the defence Section 67 relates to publication of obscene material and not transmission. Remedial steps were taken within 38 hours, since the intervening period was a weekend. Saturday, June 26, 2010 49 Dr. Tabrez ahmad, www.site.technolexindia.com, http://technolexindia.blogspot.com Findings of the Court : Findings of the Court It has not been established from the evidence that any publication took place by the accused, directly or indirectly. The actual obscene recording/clip could not be viewed on the portal of Baazee.com. The sale consideration was not routed through the accused. Saturday, June 26, 2010 50 Dr. Tabrez ahmad, www.site.technolexindia.com, http://technolexindia.blogspot.com Findings of the Court : Findings of the Court Prima facie Baazee.com had endeavored to plug the loophole. The accused had actively participated in the investigations. The nature of the alleged offence is such that the evidence has already crystallized and may even be tamper proof. Saturday, June 26, 2010 51 Dr. Tabrez ahmad, www.site.technolexindia.com, http://technolexindia.blogspot.com Findings of the Court : Findings of the Court Even though the accused is a foreign citizen, he is of Indian origin with family roots in India. The evidence indicates only that the obscene material may have been unwittingly offered for sale on the website. the heinous nature of the alleged crime may be attributable to some other person. Saturday, June 26, 2010 52 Dr. Tabrez ahmad, www.site.technolexindia.com, http://technolexindia.blogspot.com Court order : Court order The court granted bail to Mr. Bajaj subject to furnishing two sureties of Rs. 1 lakh each. The court ordered Mr. Bajaj to surrender his passport not to leave India without Court permission to participate and assist in the investigation. Saturday, June 26, 2010 53 Dr. Tabrez ahmad, www.site.technolexindia.com, http://technolexindia.blogspot.com State of Tamil Nadu Vs Suhas Katti : State of Tamil Nadu Vs Suhas Katti This Case is notable for the fact that the conviction was achieved successfully within a relatively quick time of 7 months from the filing of the FIR . The case related to posting of obscene, defamatory and annoying message about a divorcee woman in the yahoo message group. Additional Chief Metropolitan Magistrate, delivered the judgment on 5-11-04 as follows: “The accused is found guilty of offences under section 469, 509 IPC and 67 of IT Act 2000 and the accused is convicted and is sentenced for the offence to undergo RI for 2 years under 469 IPC and to pay fine of Rs.500/- and for the offence u/s 509 IPC sentenced to undergo 1 year Simple imprisonment and to pay fine of Rs.500/- and for the offence u/s 67 of IT Act 2000 to undergo RI for 2 years and to pay fine of Rs.4000/- All sentences to run concurrently.” This is considered the first case convicted under section 67 of Information Technology Act 2000 in India Saturday, June 26, 2010 54 Dr. Tabrez ahmad, www.site.technolexindia.com, http://technolexindia.blogspot.com Slide 55: Saturday, June 26, 2010 Dr. Tabrez ahmad, www.site.technolexindia.com, http://technolexindia.blogspot.com 55 Recently, the Supreme Court in Ajay Goswami v Union of India considered the issue of obscenity on Internet and held that restriction on freedom of speech on ground of curtailing obscenity amounts to reasonable restriction under art 19(2) of the Constitution. The court observed that the test of community mores and standards has become obsolete in the Internet age. Punishment on first conviction with imprisonment for a term which may extend to 5 years and with fine which may extend to 1 lakh rupees. In the event of second conviction or subsequent conviction imprisonment of description for a term which may extend to 10 years and fine which may extend to2 lakh rupees. Protected Systems : Protected Systems Saturday, June 26, 2010 56 Dr. Tabrez ahmad, www.site.technolexindia.com, http://technolexindia.blogspot.com Protected Systems : Protected Systems Gazette notification for declaring protected system. Government order authorizing persons to access protected systems. 10 years jail for accessing or attempting to access protected systems. Saturday, June 26, 2010 57 Dr. Tabrez ahmad, www.site.technolexindia.com, http://technolexindia.blogspot.com Firos vs. State of Kerala : Firos vs. State of Kerala Govt of Kerala declared the FRIENDS application software as a protected system. The author of the application software challenged the notification and the constitutional validity of section 70. The Court upheld the validity of both Saturday, June 26, 2010 58 Dr. Tabrez ahmad, www.site.technolexindia.com, http://technolexindia.blogspot.com Tampering with source code : Tampering with source code Saturday, June 26, 2010 59 Dr. Tabrez ahmad, www.site.technolexindia.com, http://technolexindia.blogspot.com Tampering with source code : Tampering with source code Computer source code need not only be in the electronic form. It can be printed on paper (e.g. printouts of flowcharts for designing a software application). Saturday, June 26, 2010 60 Dr. Tabrez ahmad, www.site.technolexindia.com, http://technolexindia.blogspot.com Tampering with source code : Tampering with source code Following are punishable with 3 years jail and / or 2 lakh fine: Concealing Altering Destroying Saturday, June 26, 2010 61 Dr. Tabrez ahmad, www.site.technolexindia.com, http://technolexindia.blogspot.com Syed Asifuddin case : Syed Asifuddin case Tata Indicom employees were arrested for manipulation of the electronic 32-bit number (ESN) programmed into cell phones that were exclusively franchised to Reliance Infocomm. The court held that such manipulation amounted to tampering with computer source code as envisaged by section 65. Saturday, June 26, 2010 62 Dr. Tabrez ahmad, www.site.technolexindia.com, http://technolexindia.blogspot.com Parliament attack case : Parliament attack case Several terrorists attacked Parliament House on 13-Dec-01 Digital evidence played an important role during their prosecution. The accused had argued that computers and digital evidence can easily be tampered and hence should not be relied upon. Saturday, June 26, 2010 63 Dr. Tabrez ahmad, www.site.technolexindia.com, http://technolexindia.blogspot.com Parliament attack case : Parliament attack case A laptop, several smart media storage disks and devices were recovered from a truck intercepted at Srinagar pursuant to information given by two of the suspects. These articles were deposited in the police “malkhana” on 16-Dec-01 but some files were written onto the laptop on 21-Dec-01. Saturday, June 26, 2010 64 Dr. Tabrez ahmad, www.site.technolexindia.com, http://technolexindia.blogspot.com Parliament attack case : Parliament attack case Evidence found on the laptop included: fake identity cards, video files containing clippings of political leaders with Parliament in background shot from TV news channels, scanned images of front and rear of a genuine identity card, Saturday, June 26, 2010 65 Dr. Tabrez ahmad, www.site.technolexindia.com, http://technolexindia.blogspot.com Parliament attack case : Parliament attack case image file of design of Ministry of Home Affairs car sticker, the game 'wolf pack' with the user name 'Ashiq'. Ashiq was the name in one of the fake identity cards used by the terrorists. Saturday, June 26, 2010 66 Dr. Tabrez ahmad, www.site.technolexindia.com, http://technolexindia.blogspot.com The Information Technology (Amendment) Act, 2008 has come into force on 27th October, 2009. : The Information Technology (Amendment) Act, 2008 has come into force on 27th October, 2009. Saturday, June 26, 2010 Dr. Tabrez ahmad, www.site.technolexindia.com, http://technolexindia.blogspot.com 67 Almost Nine years and 10 days after the birth of cyber laws in India, the new improved cyber law regime in India has become a reality. The Information Technology Act initially came into force on 17th October 2000 on the model UNCITRAL of UNO 1996. Major changes to the IT Act 2000 have now come into force with effect from 27th October 2009. There are around 17 changes and out of that most of the changes relate to cyber crimes. The last decade has seen a spurt in crimes like cyber stalking and voyeurism, cyber pornography, email frauds, phishing and crimes through social networking. All these and more are severely dealt with under the new laws. Some of the major modifications are: : Some of the major modifications are: Saturday, June 26, 2010 Dr. Tabrez ahmad, www.site.technolexindia.com, http://technolexindia.blogspot.com 68 1. A special liability has been imposed on call centers, BPOs, banks and others who hold or handle sensitive personal data. If they are negligent in "implementing and maintaining reasonable security practices and procedures", they will be liable to pay compensation. It may be recalled that India's first major BPO related scam was the multi crore MphasiS-Citibank funds siphoning case in 2005. Under the new law, in such cases, the BPOs and call centers could also be made liable if they have not implemented proper security measures. 2. Compensation on cyber crimes like spreading viruses, copying data, unauthorised access, denial of service etc is not restricted to Rs 1 crore anymore. The Adjudicating Officers will have jurisdiction for cases where the claim is upto Rs. 5 crore. Above that the case will need to be filed before the civil courts. Slide 69: Saturday, June 26, 2010 Dr. Tabrez ahmad, www.site.technolexindia.com, http://technolexindia.blogspot.com 69 3.The offence of cyber terrorism has been specially included in the law. A cyber terrorist can be punished with life imprisonment. 4. Sending threatening emails and sms are punishable with jail upto 3 years. 5. Publishing sexually explicit acts in the electronic form is punishable with jail upto 3 years. This would apply to cases like the Delhi MMS scandal where a video of a young couple having sex was spread through cell phones around the country. Slide 70: Saturday, June 26, 2010 Dr. Tabrez ahmad, www.site.technolexindia.com, http://technolexindia.blogspot.com 70 6.Voyeurism is now specifically covered. Acts like hiding cameras in changing rooms, hotel rooms etc is punishable with jail upto 3 years. This would apply to cases like the infamous Pune spycam incident where a 58-year old man was arrested for installing spy cameras in his house to 'snoop' on his young lady tenants. 7. Cyber crime cases can now be investigated by Inspector rank police officers. Earlier such offences could not be investigated by an officer below the rank of a deputy superintendent of police. 8. Collecting, browsing, downloading etc of child pornography is punishable with jail upto 5 years for the first conviction. For a subsequent conviction, the jail term can extend to 7 years. A fine of upto Rs 10 lakh can also be levied. Slide 71: Saturday, June 26, 2010 Dr. Tabrez ahmad, www.site.technolexindia.com, http://technolexindia.blogspot.com 71 9. The punishment for spreading obscene material by email, websites, sms has been reduced from 5 years jail to 3 years jail. This covers acts like sending 'dirty' jokes and pictures by email or sms. 10. Refusing to hand over passwords to an authorized official could land a person in prison for upto 7 years. 11. Hacking into a Government computer or website, or even trying to do so in punishable with imprisonment upto 10 years. 12. Rules pertaining to section 52 (Salary, Allowances and Other Terms and Conditions of Service of Chairperson and Members), Slide 72: Saturday, June 26, 2010 Dr. Tabrez ahmad, www.site.technolexindia.com, http://technolexindia.blogspot.com 72 13. Rules pertaining to section 69 (Procedure and Safeguards for Interception, Monitoring and Decryption of Information), 14. Rules pertaining to section 69A (Procedure and Safeguards for Blocking for Access of Information by Public), 15. Rules pertaining to section 69B (Procedure and safeguard for Monitoring and Collecting Traffic Data or Information) and 16. Notification under section 70B for appointment of the Indian Computer Emergency Response Team. 17. Rules Rules pertaining to section 54 (Procedure for Investigation of Misbehaviour or Incapacity of Chairperson and Members), Do you have any question? : Do you have any question? Slide 74: Saturday, June 26, 2010 Dr. Tabrez ahmad, www.site.technolexindia.com, http://technolexindia.blogspot.com 74 Thanks