Professional Documents
Culture Documents
Cyber Law
Cyber Law
Anik Saha 💗
—-----------------------------------------------------------------------------------------------------------------
● Cybercrime that targets computers often involves viruses and other types of
malware.
● Cybercriminals may infect computers with viruses and malware to damage
devices or stop them working.
● They may also use malware to delete or steal data.
● Cybercrime that stops users using a machine or network, or prevents a business
providing a software service
● to its customers, is called a Denial-of-Service (DoS) attack.
● Cybercrime that uses computers to commit other crimes may involve using
computers or networks to spread
● malware, illegal information or illegal images.
Nature – Cyber crime is Transnational in nature. These crimes are committed without
being physically present
at the crime location. These crimes are committed in the im-palpable world of computer
networks.
To commit such crimes the only thing a person needs is a computer which is connected
with the internet. With
the advent of lightening fast internet, the time needed for committing the cybercrime is
decreasing.
Types of cybercrime
i.>Email and internet fraud - Email fraud (or email scam) is intentional
deception for either persona lgain or to damage another individual by means of
email.
ii.>Identity fraud (where personal information is stolen and used) - is the use
by one person of another person's personal information, without authorization, to
commit a crime or to deceive or defraud that other person or a third person.
iv.>Theft and sale of corporate data - Data theft is the act of stealing
information stored on corporate databases, devices, and servers.
Virus – They have the ability to replicate themselves by hooking them to the
program on the host computer like songs, videos etc and then they travel all over
the Internet. Ther Creeper Virus was first detected on ARPANET. Examples
include File Virus, Macro Virus, Boot Sector Virus, Stealth Virus etc.
Trojan
– The Concept of Trojan is completely different from the viruses and worms. The
name Trojan derived from the ‘Trojan Horse’ tale in Greek mythology, which
explains how the Greeks were able to enter the fortified city of Troy by hiding their
soldiers in a big wooden horse given to the Trojans as a gift. The Trojans were
very fond of horses and trusted the gift blindly. In the night, the soldiers emerged
and attacked the city from the inside.Their purpose is to conceal themselves
inside the software that seem legitimate and when that software is executed they
will do their task of either stealing information or any other purpose for which
they are.
Bots –: it can be seen as advanced form of worms. They are automated
processes that are designed to interact over the internet without the need of
human interaction. They can be good or bad. Malicious bot can infect one host
and after infecting will create connection to the central server which will
provide commands to all infected hosts attached to that network called Botnet.
● The information is then used to access important accounts and can result in
identity theft and financial loss.
Types of phishing
● Voice phishing - uses fake caller-ID data to give the appearance that calls
come from a trusted organization.
● SMS phishing - or smishing uses cell phone text messages to deliver the bait
to induce people to divulge their personal information.
password sniffing
Password sniffing is an attack on the Internet that is used to steal user names and
passwords from the network. Today, it is mostly of historical interest, as most
protocols nowadays use strong encryption for passwords. However, it used to be the
worst security problem on the Internet in the 1990s, when news of major password
sniffing attacks were almost weekly.
Method 2: Contact your Internet Service provider - If you find your company is
under attack, you should notify your Internet Service Provider as soon as possible to
determine if your traffic can be
Rerouted.
Method 3: Investigate black hole routing - Internet service providers can use “black
hole routing.” It directs excessive traffic into a null route, sometimes referred to as a
black hole. This can help prevent the targeted website or network from crashing.
DDOS Attack
● From a high level, a DDoS attack is like an unexpected traffic jam clogging
up the highway, preventing regular traffic from arriving at its destination.
DNS hijacking
● Domain Name Server (DNS) hijacking, also named DNS redirection, is a type of DNS attack
in which DNS queries are incorrectly resolved in order to unexpectedly redirect users to
malicious sites. To perform the attack, perpetrators either install malware on user computers,
take over routers, or intercept or hack DNS communication.
●
● DNS hijacking can be used for pharming (in this context, attackers typically display unwanted
ads to generate revenue) or for phishing (displaying fake versions of sites users access and
stealing data or credentials).
●
● Many Internet Service Providers (ISPs) also use a type of DNS hijacking, to take over a
user’s DNS requests, collect statistics and return ads when users access an unknown
domain. Some governments use DNS hijacking for censorship, redirecting users to
government-authorized sites.
●
DNS hijacking attack types
Local DNS hijack — attackers install Trojan malware on a user’s computer, and change the local
DNS settings to redirect the user to malicious sites.
Router DNS hijack — many routers have default passwords or firmware vulnerabilities. Attackers
can take over a router and overwrite DNS settings, affecting all users connected to that router.
Man in the middle DNS attacks — attackers intercept communication between a user and a DNS
server, and provide different destination IP addresses pointing to malicious sites.
Rogue DNS Server — attackers can hack a DNS server, and change DNS records to redirect DNS
requests to malicious sites.
key loggers
● Keyloggers are a serious threat to users and the users' data, as they track the
keystrokes to intercept passwords and other sensitive information typed in through
the keyboard. This gives hackers the benefit of access to PIN codes and account
numbers, passwords to online shopping sites, email ids, email logins, and other
confidential information, etc.
● When the hackers get access to the users' private and sensitive information, they
can take advantage of the extracted data to perform online money transaction the
user's account. Keyloggers can sometimes be used as a spying tool to compromise
business and state-owned company's data.
● The main objective of keyloggers is to interfere in the chain of events that happen
when a key is pressedand when the data is displayed on the monitor as a result of a
keystroke.
types:-
● Keyboard hardware keyloggers
● Hidden camera keyloggers
● USB disk-loaded keyloggers
ITA 2000
The Information Technology Act, 2000 also Known as an IT Act is an act proposed by the Indian
Parliament reported on 17th October 2000. This Information Technology Act is based on the
United Nations Model law on Electronic Commerce 1996 (UNCITRAL Model) which was
suggested by the General Assembly of United Nations by a resolution dated on 30th January,
1997. It is the most important law in India dealing with
Cybercrime and E-Commerce.
The main objective of this act is to carry lawful and trustworthy electronic, digital and online
transactions and alleviate or reduce cybercrimes. The IT Act has 13 chapters and 90 sections..
Section 43 This section of IT Act, 2000 states that any act of destroying, altering or stealing
computer
system/network or deleting data with malicious intentions without authorization from
owner of the computer is liable for the payment to be made to owner as compensation for
damages.
Section 43A
This section of IT Act, 2000 states that any corporate body dealing with sensitive
information that fails to implement reasonable security practices causing loss of other
person will also liable as convict for compensation to the affected party.
Section 66
Hacking of a Computer System with malicious intentions like fraud will be punished with
3 years imprisonment or the fine of Rs.5,00,000 or both.
Section 66 B, C,D
Section 66 E
This Section is for Violation of privacy by transmitting image or private area is punishable
with 3 years imprisonment or 2,00,000 fine or both.
Section 66 F
This Section is on Cyber Terrorism affecting unity, integrity, security, sovereignty of India through
digital medium is liable for life imprisonment.
Section 67
This section states publishing obscene information or pornography or transmission of
obscene content in public is liable for imprisonment up to 5 years or fine or Rs. 10,00,000
or both.
An Act to provide legal recognition for the transactions carried our by means of electronic data
interchange and other means of electronic communication, commonly referred to as "Electronic
Commerce", which involve the use of alternatives to paper based methods of communication
and storage of information , to facilitate electronic filings of documents with the Government
agencies and further to amend the Indian Penal Code
The CAN-SPAM Act established a set of rules for commercial electronic emails and messages.
It gives recipients the right to easily request that a business stop sending them emails and
outlines penalties for violations. Some of the other elements of this Act help identify marketers
clearly and requires clear identification of advertisements or offers.
CAN-SPAM Legislation is focused on marketing emails, but the FTC (Federal Trade
Commission) also provides guidance on transactional messaging and when CAN-SPAM
requirements apply to those messages.