Professional Documents
Culture Documents
Fcproject PDF
Fcproject PDF
Roll No - 58
Semester - 3
Class - SYBCOM A
SR NO. Topic
1 Introduction
2 Classification
3 Who are Cyber Criminals
4 Advantages of Cyber Laws
5 Conclusion
6 References
Introduction
The invention of Computer has made the life of humans easier, it has been using
for various purposes starting from the individual to large organizations across
the globe. In simple term we can define computer as the machine that
can stores and manipulate/process information or instruction that are instructed
by the user. Most computer users are utilizing the computer for the erroneous
purposes either for their personal benefit or for other’s benefit for decades. This
gave birth to “Cyber Crime”.This had led to engagement in activities which are
illegal to the society. We can define Cyber Crime as the crimes committed using
computers or computer network and are usually take place over the cyber space
especially the Internet. Now comes the term “Cyber Law”. It doesn’t have a
fixed definition, but in a simple term we can defined it as the law that governs
the cyberspace. Cyber laws are the laws that govern cyber area. Cyber Crimes,
digital and electronic signatures, data protections and privacies etc are
comprehended by the Cyber Law. The UN’s General Assembly recommended
the first IT Act of India which was based on the “United Nations Model Law on
Electronic Commerce” (UNCITRAL) Model.
Other forms of fraud may be facilitated using computer systems, including bank
fraud, carding, identity theft, extortion, and theft of classified information.
These types of crime often result in the loss of private information or monetary
information.
Cyberterrorism
Government officials and information technology security specialists have
documented a significant increase in Internet problems and server scams since
early 2001. There is a growing concern among government agencies such as the
Federal Bureau of Investigation (FBI) and the Central Intelligence Agency
(CIA) that such intrusions are part of an organized effort by cyberterrorist
foreign intelligence services or other groups to map potential security holes in
critical systems.A cyberterrorist is someone who intimidates or coerces a
government or an organization by launching a computer-based attack against
computers, networks, or the information stored on them in order to advance
their political or social objectives.
Cyberterrorism, in general, can be defined as an act of terrorism committed
through the use of cyberspace or computer resources (Parker 1983). As such, a
simple propaganda piece on the Internet that there will be bomb attacks during
the holidays can be considered cyberterrorism. There are also hacking activities
directed towards individuals, families, organized by groups within networks,
tending to cause fear among people, demonstrate power, collecting information
relevant for ruining peoples' lives, robberies, blackmailing, etc.
Cyberextortion
Cyberextortion occurs when a website, e-mail server, or computer system is
subjected to or threatened with repeated denial of service or other attacks by
malicious hackers. These hackers demand money in return for promising to stop
the attacks and to offer "protection". According to the Federal Bureau of
Investigation, cybercrime extortionists are increasingly attacking corporate
websites and networks, crippling their ability to operate, and demanding
payments to restore their service. More than 20 cases are reported each month to
the FBI and many go unreported in order to keep the victim's name out of the
public domain. Perpetrators typically use a distributed denial-of-service attack.
However, other cyberextortion techniques exist, such as doxing, extortion, and
bug poaching.
Computer as a target
These crimes are committed by a selected group of criminals. Unlike crimes
using the computer as a tool, these crimes require the technical knowledge of
the perpetrators. As such, as technology evolves, so too does the nature of the
crime. These crimes are relatively new, having been in existence for only as
long as computers have—which explains how unprepared society and the world,
in general, is towards combating these crimes. There are numerous crimes of
this nature committed daily on the internet. They are seldom committed by
loners, instead usually involving large syndicate groups.
Drug Trafficking
Drug traffickers contribute a major part of cyber crime to sell narcotics using
the latest technologies for encrypting mails. They arrange where and how to
make the exchange, mostly using couriers. Since there is no personal
communication between the buyer and dealer, these exchanges are more
comfortable for intimidated people to buy illegal drugs and even other items
Dissemination of Offensive Materials
These are the materials that are thought to be objectionable and exist in the
cyberspace.It includes materials which are of sexually explicit in nature, racist
propaganda, explosive objects and devices, and codes for fabrication of the
incendiary devices. Telecommunication services are also commonly used to
harass, threaten and intrude the communications from phone calls to
contemporary manifestation of cyber stalking. Computer networks can also
prove to be of use in furtherance-of extortion. The type of materials used, the
location of the criminal who is disseminating the materials, and the victim’s
location all define the amount of fines and penalties to be paid.
Identity fraud aims to impersonate real users and inflate audience numbers.
Several ad-fraud techniques relate to this category and include traffic from bots
(coming from a hosting company or a data center, or from compromised
devices); cookie stuffing; falsifying user characteristics, such as location and
browser type; fake social traffic (misleading users on social networks into
visiting the advertised website); and the creation of fake social signals to make a
bot look more legitimate, for instance by opening a Twitter or Facebook
account.
Ad fraud services are related to all online infrastructure and hosting services
that might be needed to undertake identity or attribution fraud. Services can
involve the creation of spam websites (fake networks of websites created to
provide artificial backlinks); link building services; hosting services; creation of
fake and scam pages impersonating a famous brand and used as part of an ad
fraud campaign.
There are instances where committing a crime using a computer can lead to an
enhanced sentence. For example, in the case of United States v. Neil Scott
Kramer, the defendant was given an enhanced sentence according to the U.S.
Sentencing Guidelines Manual §2G1.3(b)(3) for his use of a cell phone to
"persuade, induce, entice, coerce, or facilitate the travel of, the minor to engage
in prohibited sexual conduct." Kramer appealed the sentence on the grounds that
there was insufficient evidence to convict him under this statute because his
charge included persuading through a computer device and his cellular phone
technically is not a computer. Although Kramer tried to argue this point, the
U.S. Sentencing Guidelines Manual states that the term 'computer' means "an
electronic, magnetic, optical, electrochemical, or other high-speed data
processing device performing logical, arithmetic, or storage functions, and
includes any data storage facility or communications facility directly related to
or operating in conjunction with such device."
In the United States, over 41 states have passed laws and regulations that regard
extreme online harassment as a criminal act. These acts can be punished on a
federal scale, such as US Code 18 Section 2261A, which states that using
computers to threaten or harass can lead to a sentence of up to 20 years,
depending on the action taken.
CRIMES ON THE INTERNET
Crimes committed on the Internet by using the Internet and by means of the
same, are mainly called Internet crimes. According to David Wall [2], the term
Cybercrime symbolizes to the occurrence of the harmful activities done with the
digital devices mainly over the Internet. The Cyber crime practically doesn’t
refer to the law and it is the concept that is created by the media to a greater
extend. In general term computer crime is a crime that encompasses crimes such
as phishing, bank robbery, credit card frauds, child pornography, kidnapping of
children by means of chat rooms, creation or the distribution of viruses and so
on. All these are facilitated crimes related to computers. Some crimes which are
committed on the Internet are exposed to the world and some are hidden until
they are perpetrated against someone or some company.
E-mail Spoofing
It is found in that an e-mail that appears to originate from one source while it is
actually being sent from another source is called e-mail spoofing. E-mail
spoofing is usually committed by falsifying the e-mail address of the sender
and/or the name. to send an e-mail, one usually has to enter the following
information:
i. The e-mail address of the receiver.
ii. The e-mail addresses of the receivers (referred to as C for carbon copy).
iii. The e-mail addresses of the persons who will receive a copy (referred as CC
for carbon copy).
iv. A subject for the message, which is a short title or a short description of the
message.
2) E-mail Defamation: Cyber defamation or cyber slander often proves to be
very dangerous and even fatal for anyone with even a little knowledge of
computers to become blackmailers often by threatening their victims
through e-mails.
E-mail Bombing
E-mails account (in case of an individual) or servers (in case of a company)
crashing due to a large amount of e- mails received by a victim is called e-mail
bombing. This can easily be done by subscribing the victim’s e-mail address to
a large number of mailing lists which are the special interests group created to
share and exchange data and information on a common topic of with one
another through the help of e-mails. Mailing lists can generate a sufficient
amount of e-mail traffics daily depending on the list.
Investigation
A computer can be a source of evidence (see digital forensics). Even where a
computer is not directly used for criminal purposes, it may contain records of
value to criminal investigators in the form of a logfile. In most countries Internet
Service Providers are required, by law, to keep their logfiles for a predetermined
amount of time. For example, the EU-wide Data Retention Directive
(previously applied to all EU member states) stated that all e-mail traffic should
be retained for a minimum of 12 months.
There are many ways for cybercrime to take place, and investigations tend to
start with an IP Address trace; however, that is not necessarily a factual basis
upon which detectives can solve a case. Different types of high-tech crime may
also include elements of low-tech crime, and vice versa, making cybercrime
investigators an indispensable part of modern law enforcement. Methods of
cybercrime detective work are dynamic and constantly improving, whether in
closed police units or in international cooperation framework.
In the United States, the Federal Bureau of Investigation (FBI) and the
Department of Homeland Security (DHS) are government agencies that combat
cybercrime. The FBI has trained agents and analysts in cybercrime placed in
their field offices and headquarters. Under the DHS, the Secret Service has a
Cyber Intelligence Section that works to target financial cyber crimes. They use
their intelligence to protect against international cybercrime. Their efforts work
to protect institutions, such as banks, from intrusions and information breaches.
Based in Alabama, the Secret Service and the Alabama Office of Prosecution
Services work together to train professionals in law enforcement through the
creation of The National Computer Forensic Institute.
This institute works to provide "state and local members of the law enforcement
community with training in cyber incident response, investigation, and forensic
examination in cyber incident response, investigation, and forensic examination.
Due to the common use of encryption and other techniques to hide their identity
and location by cybercriminals, it can be difficult to trace a perpetrator after the
crime is committed, so prevention measures are crucial.
Prevention
The Department of Homeland Security also instituted the Continuous
Diagnostics and Mitigation (CDM) Program.The CDM Program monitors and
secures government networks by tracking and prioritizing network risks, and
informing system personnel so that they can take action. In an attempt to catch
intrusions before the damage is done, the DHS created the Enhanced
Cybersecurity Services (ECS) to protect public and private sectors in the United
States.The Cyber Security and Infrastructure Security Agency approves private
partners that provide intrusion detection and prevention services through the
ECS. An example of one of these services offered is DNS sinkholing.
It is not only the US and the European Union who are introducing new
measures against cybercrime. On 31 May 2017, China announced that its new
cybersecurity law takes effect on this date.
Penalties
Penalties for computer-related crimes in New York State can range from a fine
and a short period of jail time for a Class A misdemeanor such as unauthorized
use of a computer up to computer tampering in the first degree which is a Class
C felony and can carry 3 to 15 years in prison.
Awareness
As technology advances and more people rely on the internet to store sensitive
information such as banking or credit card information, criminals increasingly
attempt to steal that information. Cybercrime is becoming more of a threat to
people across the world. Raising awareness about how information is being
protected and the tactics criminals use to steal that information continues to
grow in importance. According to the FBI's Internet Crime Complaint Center in
2014, there were 269,422 complaints filed. With all the claims combined there
was a reported total loss of $800,492,073.But cybercrime does yet seem to be
on the average person's radar. There are 1.5 million cyber-attacks annually, that
means that there are over 4,000 attacks a day, 170 attacks every hour, or nearly
three attacks every minute, with studies showing us that only 16% of victims
had asked the people who were carrying out the attacks to stop. Anybody who
uses the internet for any reason can be a victim, which is why it is important to
be aware of how one is being protected while online.
Intelligence
As cybercrime has proliferated, a professional ecosystem has evolved to support
individuals and groups seeking to profit from cybercriminal activities. The
ecosystem has become quite specialized, including malware developers, botnet
operators, professional cybercrime groups, groups specializing in the sale of
stolen content, and so forth. A few of the leading cybersecurity companies have
the skills, resources and visibility to follow the activities of these individuals
and group.A wide variety of information is available from these sources which
can be used for defensive purposes, including technical indicators such as
hashes of infected files] or malicious IPs/URLs,as well as strategic information
profiling the goals, techniques and campaigns of the profiled groups. Some of it
is freely published, but consistent, on-going access typically requires
subscribing to an adversary intelligence subscription service. At the level of an
individual threat actor, threat intelligence is often referred to that actor's "TTP"
or "tactics, techniques, and procedures", as the infrastructure, tools, and other
technical indicators are often trivial for attackers to change. Corporate sectors
are considering crucial role of artificial intelligence cybersecurity.
Furthermore, hacking is cheaper than ever: before the cloud computing era, in
order to spam or scam one needed a dedicated server, skills in server
lmanagement, network configuration, and maintenance, knowledge of Internet
service provider standards, etc. By comparison, a mail software-as-a-service is a
scalable, inexpensive, bulk, and transactional e-mail-sending service for
marketing purposes and could be easily set up for spam. Cloud computing could
be helpful for a cybercriminal as a way to leverage his or her attack, in terms of
brute-forcing a password, improving the reach of a botnet, or facilitating a
spamming campaign.
Advantages of Cyber Laws
The IT Act 2000 attempts to change outdated laws and provides ways to deal
with cyber crimes. We need such laws so that people can perform purchase
transactions over the Net through credit cards without fear of misuse. The Act
offers the much-needed legal framework so that information is not denied
legal effect, validity or enforceability, solely on the ground that it is in the form
of electronic records.In view of the growth in transactions and
communications carried out through electronic records, the Act seeks to
empower government departments to accept filing, creating and retention of
official documents in the digital format. The Act has also proposed a legal
framework for the authentication and origin of electronic records /
communications through digital signature. From the perspective of
e-commerce in India, the IT Act 2000 and its provisions contain many positive
aspects. Firstly, the implications of these provisions for the e-businesses would
be that email would now be a valid and legal form of communication in our
country that can be duly produced and approved in a court of law. Companies
shall now be able to carry out electronic commerce using the legal infrastructure
provided by the Act. Digital signatures have been given legal validity and
sanction in the Act. The Act throws open the doors for the entry of corporate
companies in the business of being Certifying Authorities for issuing
Digital Signatures Certificates. The Act now allows Government to issue
notification on the web thus heralding e-governance. The Act enables the
companies to file any form, application or any other document with any office,
authority, body or agency owned or controlled by the appropriate Government
in electronic form by means of such electronic form as may be prescribed
by the appropriate Government. The IT Act also addresses the important
issues of security, which are so critical to the success of electronic transactions.
The Act has given a legal definition to the concept of secure digital signatures
that would be required to have been passed through a system of a
security procedure, as stipulated by the Government at a later date. Under the
IT Act, 2000, it shall now be possible for corporates to have a statutory remedy
in case if anyone breaks into their computer systems or network and causes
damages or copies data. The remedy provided by the Act is in the form of
monetary damages, not exceeding Rs. 1 crore.
Proposed Changes in IT Act 2000
It is found that there should be the provision for the following – a. Trap and
Trace orders. The new IT Act should make such legislation that it is easier for
cyber investigators to obtain “trap and trace” orders. “Trap and trace
devices are used to capture incoming IP packets to identify the packet‟s
origins. Due to the ease with which hackers are able to “spoof” their
true origin, the most effective way to reconstruct the path of a virus, DoS
or hacking assault is to follow a chain of trapping devices that logged the
original malicious packets as they arrived at each individual router or server. In
a case of single telephone company, it has been relatively easy for investigators
to obtain trap and trace orders but today one communication is being carried by
86 several different {ISPs}, by one or more telephone company or one or more
cell company and very soon by one or more satellite company. Once the
segment of the route goes beyond the court‟s jurisdiction, investigators must
then go the next jurisdiction and file a request for a trap and trace order for the
next segment. The new legislation would authorize the issuance of a single
order to completely trace an on-line communication from start to finish. b. We
proposed new legislation such that makes young perpetrators fifteen years of
age and older eligible for offences in serious computer crime. c. The Cyber
Cafes, Computer Training Centre, and other Institute where computer is the
mode of training should be incorporated under some act.
CONCLUSION
From this study made, it has been found that there are many ways and means
through which an individual can commit crimes on cyber space. Cyber
crimes are an offense and are punishable by law. In section 2, we have seen a
brief discussion of the enlarging areas of cyber crimes. In section 3, we
have seen the common types and areas where cyber crime occurs very
frequently. We have also discussed the consequences of cyber crime that are
causing tremendous financial losses in many countries, especially in the areas
of sales and investments. Different fines and penalties have been laid down for
this category of crime.mails. These crimes involve spoofing of mail, e-mail
bombing and spreading malicious codes via e-mails. Furthermore, we have seen
the different cyber criminals, ranging from the most amateur teenage
hackers to the professional hackers that are often hired by rival
organizations for hacking the into other company’s system. It is therefore
very important for every individual to be aware of these crimes and
remain alert to avoid any loss. To ensure justice to the victims and punish
the criminals, the judiciary has come up with some laws known as Cyber
Laws.
● Cyber crime a new challenge for CBI www.rediff.com, March 12, 2003 12:27 IST
● Richard Raysman & Peter Brown (1999), Viruses Worms, and other Destructive
Forces N. Y. L. J.
● wikipedia.org/wiki/Crime
● searchsoa.techtarget.com/definition/cyber
● http://en.wikipedia.org/wiki/Computer_crime